http://armadeus.org/wiki/api.php?action=feedcontributions&feedformat=atom&user=JeremieSArmadeusWiki - User contributions [en]2026-04-04T01:59:14ZUser contributionsMediaWiki 1.26.3http://armadeus.org/wiki/index.php?title=Qt/Embedded&diff=11734Qt/Embedded2013-03-18T16:09:10Z<p>JeremieS: /* Touchscreen handling */</p>
<hr />
<div>Instructions to install and use QtEmbedded & Qt virtual frame buffer for Armadeus<br />
<br />
== Introduction ==<br />
<br />
This page will summarize the process to build, install and use Qt Embedded (previously known as Qtopia).<br />
<br />
You will also find instructions to setup a Host development environment for simulating applications before deploying them on the target (Qt virtual frame buffer). The Builroot tree must be installed before the installation of Qt.<br />
<br />
{{Note| We recommand at least 32 MBytes of RAM if you plan to design and run Qt based GUIs.}}<br />
<br />
==Installation==<br />
<br />
<br />
{{Note| If you are using '''Armadeus BSP 5.2''' version or less, you must modify Qt FTP URL in ''buildroot/package/qt/qt.mk'':<br />
<pre><br />
# Replace line16:<br />
QT_SITE = http://get.qt.nokia.com/qt/source<br />
# By:<br />
QT_SITE = ftp://ftp.qt-project.org/qt/source/<br />
</pre><br />
}}<br />
<br />
From November 20th 2007, Qt Embedded is now fully integrated in Armadeus Buildroot (old procedure is kept [[QtEmbedded Installation|here]]). So to install it you have to:<br />
<pre class="host"><br />
[armadeus]$ make menuconfig<br />
</pre><br />
<pre class="config"><br />
[*] Package Selection for the target ---><br />
[*] Graphic libraries and applications (graphic/text) ---><br />
*** other GUIs ***<br />
[*] Qt ---><br />
--- Qt<br />
[ ] Compile with debug support<br />
Library type (Shared library) ---><br />
[*] Approve free license<br />
[ ] Compatibility with Qt3<br />
[*] Gui Module<br />
Pixel depths ---><br />
Fonts ---><br />
freetype2 support (no freetype2 support) ---><br />
[*] Enable GIF support<br />
[ ] Enable libmng support<br />
JPEG support (System libjpeg) ---><br />
PNG support (No PNG support) ---><br />
TIFF support (No TIFF support) ---><br />
zlib support (Qt zlib) ---><br />
(arm) The embedded platform we are making Qt for<br />
[ ] SQL Module ---> <br />
Graphics drivers ---><br />
Mouse drivers ---><br />
Keyboard drivers ---><br />
[ ] Phonon Module<br />
[*] XML Module <br />
[ ] XML Patterns Module<br />
[ ] SVG Module<br />
-*- Network Module<br />
[ ] WebKit Module<br />
[ ] STL support<br />
[ ] Enable OpenSSL support<br />
[*] Script Module<br />
[ ] Script Tools Module<br />
</pre><br />
<br />
'''(don't forget Pixel depths submenu options (at least 8 and 16))'''<br />
<br />
*If you want touchscreen support:<br />
<pre class="config"><br />
Mouse drivers ---><br />
...<br />
[*] tslib<br />
</pre><br />
then:<br />
<pre class="host"><br />
[armadeus]$ make<br />
</pre><br />
<br />
1 hour and ~1 GBytes later (depending on your system and the configuration you choosed) your will have the beast. You can then reflash your rootfs.<br />
<br />
==Compilation for QVFB (Embedded x86/64)==<br />
* Get an Qt source archive from [ftp://ftp.qt.nokia.com/ Nokia FTP]<br />
* Untar the archive into a compilation directory.<br />
* Go into the source directory.<br />
* Use following command to configure Qt:<br />
** Other configuration options can be used, but the following are essential:<br />
<pre class="host"><br />
$ ./configure -depths 16,18 -embedded x86 -prefix /usr/local/Trolltech/QtEmbedded-4.7.2 -fast<br />
</pre><br />
<br />
* Then compile and install Qt:<br />
<pre class="host"><br />
$ make<br />
$ sudo make install<br />
</pre><br />
<br />
==Touchscreen handling==<br />
<br />
===Qt configuration===<br />
<br />
*If you manually build Qt, you have to add the USB keyboard driver option in the configuration:<br />
<pre class="host"><br />
$ configure -qt-kbd-linuxinput<br />
</pre><br />
<br />
*If you let Buildroot build Qt, select the USB keyboard option in the configuration menu:<br />
<pre class="config"><br />
[*] Graphic libraries and applications (graphic/text) ---><br />
*** other GUIs ***<br />
[*] Qt ---><br />
--- Qt<br />
...<br />
Mouse drivers ---><br />
[*] tslib<br />
...<br />
</pre><br />
<br />
===Linux configuration===<br />
<br />
To use a touchscreen, there are some drivers to install in Linux.<br />
<br />
*First open the Linux configuration menu:<br />
<pre class="host"><br />
[armadeus]$ make linux26-menuconfig<br />
</pre><br />
<br />
*Select the driver corresponding to your touchscreen in the menu:<br />
<pre class="config"><br />
Device drivers ---><br />
...<br />
Input device support ---><br />
...<br />
*** Input Device Drivers ***<br />
[*] Touchscreens ---><br />
--- Touchscreens<br />
< > ADS7846/TSC2046/AD7873 and AD(S)7843 based touchscreens<br />
< > AD7877 based touchscreens<br />
< > AD7879 based touchscreens: AD7879-1 I2C Interface<br />
...<br />
...<br />
...<br />
</pre><br />
<br />
*Then clean your Linux installation and rebuild it:<br />
<pre class="host"><br />
[armadeus]$ make linux26-clean<br />
[armadeus]$ make linux26<br />
[armadeus]$ make<br />
</pre><br />
<br />
===Embedded system configuration===<br />
* Configure your touchscreen by loading the corresponding driver (depends on your APF) and calibrating it (at first use)<br />
* Then, before launching Qt app, do<br />
<pre class="apf"><br />
# export QWS_MOUSE_PROTO="Tslib:/dev/input/eventXX (replace XX with the right number)<br />
</pre><br />
<br />
==Keyboard handling==<br />
<br />
===USB Keyboard===<br />
<br />
====Qt configuration====<br />
<br />
*If you manually build Qt, you have to add the USB keyboard driver option in the configuration:<br />
<pre class="host"><br />
$ configure -qt-kbd-linuxinput<br />
</pre><br />
<br />
*If you let Buildroot build Qt, select the USB keyboard option in the configuration menu:<br />
<pre class="config"><br />
[*] Graphic libraries and applications (graphic/text) ---><br />
*** other GUIs ***<br />
[*] Qt ---><br />
--- Qt<br />
...<br />
Mouse drivers ---><br />
Keyboard drivers ---><br />
[ ] tty<br />
[*] linux input<br />
[ ] qvfb<br />
...<br />
</pre><br />
<br />
====Linux configuration====<br />
<br />
To use USB keyboard, there are some drivers to install in Linux.<br />
<br />
*First open the Linux configuration menu:<br />
<pre class="host"><br />
[armadeus]$ make linux26-menuconfig<br />
</pre><br />
<br />
*Select the keyboard drivers in the menu:<br />
<pre class="config"><br />
Device drivers ---><br />
...<br />
Input device support ---><br />
...<br />
*** Input Device Drivers ***<br />
[*] Keyboards ---><br />
--- Keyboards<br />
<*> AT keyboard<br />
< > Sun Type 4 and Type 5 keyboard<br />
< > DECstation/VAXstation LK201/LK401 keyboard<br />
< > XT keyboard<br />
<M> Freescale MXC/IMX keypad support<br />
< > Newton keyboard<br />
< > Stowaway keyboard <br />
< > GPIO Button<br />
[*] Mice ---> <br />
...<br />
...<br />
</pre><br />
<br />
*Then clean your Linux installation and rebuild it:<br />
<pre class="host"><br />
[armadeus]$ make linux26-clean<br />
[armadeus]$ make linux26<br />
[armadeus]$ make<br />
</pre><br />
<br />
====Embedded system configuration====<br />
<br />
* First flash your new kernel and rootfs and boot the system.<br />
* When you connect the USB keyboard to the system, a device is created in '''/dev/input/eventX'''.<br />
* Then you can tell Qt which driver to connect to the device to make it work:<br />
<pre class="apf"><br />
# export QWS_KEYBOARD="LinuxInput:/dev/input/eventX"<br />
</pre><br />
<br />
* Then you can launch an application and use your USB keyboard with it.<br />
<br />
More infos are provided here: [http://doc.qt.nokia.com/4.7-snapshot/qt-embedded-charinput.html]<br />
<br />
==Mouse handling==<br />
<br />
===USB Mouse===<br />
<br />
====Qt configuration====<br />
<br />
*If you manually build Qt, you have to add the USB mouse driver option in the configuration:<br />
<pre class="host"><br />
$ configure -qt-mouse-pc .......<br />
</pre><br />
<br />
*If you let Buildroot build Qt, select the USB mouse option in the configuration menu:<br />
<pre class="config"><br />
[*] Graphic libraries and applications (graphic/text) ---><br />
*** other GUIs ***<br />
[*] Qt ---><br />
--- Qt<br />
...<br />
Graphics drivers ---><br />
Mouse drivers ---><br />
[*] pc<br />
[ ] bus<br />
[ ] linuxtp<br />
[ ] yopy<br />
[ ] vr41xx<br />
[ ] tslib<br />
[ ] qvfb<br />
Keyboard drivers ---><br />
...<br />
</pre><br />
<br />
*Then build & install Qt or let Buildroot build.<br />
<br />
====Linux configuration====<br />
<br />
To use USB mouse, there are some drivers to install in Linux.<br />
<br />
*First open the Linux configuration menu:<br />
<pre class="host"><br />
[armadeus]$ make linux26-menuconfig<br />
</pre><br />
<br />
*Select the Mouse interface and PS/2 Mouse drivers in the menu:<br />
<pre class="config"><br />
Device drivers ---><br />
...<br />
Input device support ---><br />
...<br />
*** Userland interfaces ***<br />
<*> Mouse interface <br />
[*] Provide legacy /dev/psaux device<br />
(1024) Horizontal screen resolution<br />
(768) Vertical screen resolution<br />
...<br />
*** Input Device Drivers ***<br />
[ ] Keyboards ---> <br />
[*] Mice ---> <br />
--- Mice<br />
<M> PS/2 mouse<br />
[*] ALPS PS/2 mouse protocol extension<br />
[*] Logitech PS/2++ mouse protocol extension<br />
[*] Synaptics PS/2 mouse protocol extension<br />
[*] IBM Trackpoint PS/2 mouse protocol extension<br />
[ ] Elantech PS/2 protocol extension<br />
[ ] eGalax TouchKit PS/2 protocol extension <br />
...<br />
</pre><br />
<br />
*Then clean your Linux installation and rebuild it:<br />
<pre class="host"><br />
[armadeus]$ make linux26-clean<br />
[armadeus]$ make linux26<br />
[armadeus]$ make<br />
</pre><br />
<br />
====Embedded system configuration====<br />
<br />
* First flash your new kernel and rootfs and boot the system.<br />
* When you connect the USB mouse to the system, a device is created in '''/dev/input/mouseXX'''. The touchscreen devices are also created as '''/dev/input/eventXX'''.<br />
* To know which device is the USB mouse one, you have to check in:<br />
<pre class="apf"><br />
# cat /sys/class/input/mouseXX/device/name<br />
</pre><br />
* Then you can tell Qt which driver to connect to the device to make it work:<br />
**If you want the USB mouse only:<br />
<pre class="apf"><br />
# export QWS_MOUSE_PROTO="MouseMan:/dev/input/mouseXX"<br />
</pre><br />
** For multiple pointer inputs, for example if you want to use an USB mouse along with a touchscreen, list all the possible pointers as follow:<br />
<pre class="apf"><br />
# export QWS_MOUSE_PROTO="MouseMan:/dev/input/mouseXX Tslib:/dev/input/eventXX"<br />
</pre><br />
<br />
{{Note| For a dynamic detection of an USB mouse, you can use the automatic driver like this:<br />
<pre class="apf"><br />
# export QWS_MOUSE_PROTO="Tslib:/dev/input/eventXX Auto"<br />
</pre><br />
}}<br />
<br />
* Then you can launch an application and use your USB mouse with it.<br />
<br />
More infos are provided here: [http://doc.qt.nokia.com/4.6/qt-embedded-pointer.html]<br />
<br />
==Screen rotation==<br />
* activate it with : ''-qt-gfx-transformed'' (from buildroot menuconfig),<br />
* to use it on the command line (for example 270°) : ''-display transformed:rot270''<br />
* or export the variable (for example 270°) : ''export QWS_DISPLAY=Transformed:Rot270.0<br />
''<br />
<br />
==Test==<br />
If you want to test it, compile and put some examples in your TFTP directory:<br />
<pre class="host"><br />
$ make shell_env<br />
$ source armadeus_env.sh<br />
$ cd $ARMADEUS_QT_DIR/examples/widgets/<br />
$ $ARMADEUS_QT_DIR/bin/qmake widgets.pro<br />
$ make<br />
...<br />
$ cp digitalclock/digitalclock /tftpboot<br />
$ cp calculator/calculator /tftpboot<br />
</pre><br />
<br />
and then launch it on your APF (supposed you have a running & calibrated touchscreen):<br />
<pre class="apf"><br />
# cd /usr/bin/<br />
# tftp -g -r calculator 192.168.0.xx (Host IP)<br />
# chmod a+x calculator<br />
# export QWS_MOUSE_PROTO="Tslib:/dev/input/event0"<br />
# <br />
# ./calculator -qws<br />
</pre><br />
<br />
==Demo==<br />
A client/server (with GUI) demo is available under: ''software/demos/ApfDacClientServer/''. It could be a good starting point to show you how to create standalone Qt applications (will probably require some modifications in ''src/build.sh'' depending on your Host Qt installation).<br />
<br />
[[Image:qtdemo.png|center|frame|GUI with widgets taken from http://www.qt-apps.org]]<br />
<br />
== Usage ==<br />
<br />
By default Qt libraries are installed in /usr/lib/ directory of your target rootfs.<br />
<br />
== How to cross-compile an application using Qt Embedded ==<br />
<br />
The first thing you need to do is to define a specific "'''qmake''' specs directory" for armadeus. Here for example:<br />
<br />
$ mkdir $APPLICATION_ROOT_DIR/mkspecs/linux-arm-g++<br />
<br />
and install the two following files into this new directory: [http://www.armadeus.com/assos_downloads/qt/qmake.conf qmake.conf] & [http://www.armadeus.com/assos_downloads/qt/qplatformdefs.h qplatformdefs.h]. '''qmake.conf''' may be customized if necessary. <br />
<br />
<br />
Then, you must define two typical environment variables : <br />
'''QTDIR''' which defines the Qt installation path <br />
& '''QMAKESPEC''' which defines the path to the configuration files of the '''qmake''' tool <br />
<br />
Here two typical lines of a Qtopia application building script<br />
<br />
$ export QTDIR=/usr/local/Trolltech/QtEmbedded-4.5.3<br />
$ export QMAKESPEC= $APPLICATION_ROOT_DIR/mkspecs/linux-arm-g++<br />
<br />
Adapt the '''QTDIR''' path to your own installation path and compile your code now, using theses commands:<br />
<br />
# build the makefile with the '''qmake''' command (See Trolltech documentation for details about '''qmake'''):<br />
$QTDIR/bin/qmake -spec my.pro<br />
# and now compile the beast... :<br />
$ make<br />
<br />
Good luck....<br />
<br />
== Phonon installation with Qt Embedded ==<br />
<br />
=== Prerequisites ===<br />
In order to use Phonon with Qt, first you need to install some other libraries.<br />
You may even need to cross-compile them, depending on the platform you want to run Qt on.<br />
<br />
==== For x86 platform ====<br />
*You only have to install GStreamer and some plugins with the following command :<br />
<pre class="host"><br />
$ sudo apt-get install libgstreamer0.10-0<br />
$ sudo apt-get install libgstreamer0.10-dev<br />
$ sudo apt-get install libgstreamer-plugins-base0.10-0<br />
$ sudo apt-get install libgstreamer-plugins-base0.10-dev<br />
</pre><br />
{{Note | These packages are available for Linux Ubuntu ; but for other distributions, the names may vary.}}<br />
<br />
*To use some audio, image or video format like mp3, mpeg2, png or ogg:<br />
**First you must install on your system the needed libraries for the particular format you want (like libmpeg2, libpng, libmad...)<br />
**Then you can install these gstreamer plugins:<br />
<pre class="host"><br />
$ sudo apt-get install gstreamer0.10-plugins-good<br />
$ sudo apt-get install gstreamer0.10-plugins-ugly<br />
</pre><br />
There also are other plugin packages which you can find the list at :<br />
[http://gstreamer.freedesktop.org/documentation/ GStreamer]<br />
<br />
==== For embedded platform ====<br />
If you want to build Qt with Phonon for embedded platform, you'll need to cross-compile the following libraries for the same platform:<br />
*libxml2 >= 2.7.7<br />
*libcheck >= 0.9.8<br />
*liboil >= 0.3.2<br />
*gstreamer >= 0.10.0<br />
*gst-plugins-base >= 0.10.0<br />
<br />
There are some required libraries that you can compile and install with Buildroot:<br />
*glib >= 2.16<br />
*Optional:<br />
**libpng<br />
**tiff<br />
**jpeg<br />
**...<br />
<br />
For additional audio and video formats, you have to cross-compile the corresponding libraries and then the following gstreamer's plugins :<br />
*gst-plugins-good >= 0.10.0<br />
*gst-plugins-ugly >= 0.10.0<br />
<br />
=== Cross-compiling libraries ===<br />
*First thing to do is to set the PKG_CONFIG_PATH environment variable to the directories containing your embedded libraries' pkgconfig files.<br />
<br />
*To see what environment variable you can modify to impact the library cross-compiling, enter the command :<br />
<pre class="host"><br />
$ ./configure --help<br />
</pre><br />
Then create a file to define all required environment variables for the cross-compiling. <br />
For instance for glib2:<br />
<pre class="config"><br />
$ export CC=arm-linux-gcc<br />
$ export CXX=arm-linux-g++<br />
$ export CFLAGS="-I/usr/local/libxml2/include/libxml2"<br />
$ export LDFLAGS=-L/usr/local/libxml2/lib<br />
</pre><br />
And then, to create your environment, type :<br />
<pre class="host"><br />
$ source ENVIRONMENT_FILE<br />
</pre><br />
<br />
*Finally you can configure your library like this:<br />
<pre class="host"><br />
$ ./configure --build=x86-linux --host=YOUR_EMBEDDED_PLATFORM --prefix==YOUR_INSTALLATION_PATH<br />
</pre><br />
Then build and install the library.<br />
<br />
=== Build Qt ===<br />
<br />
==== For x86 platform ====<br />
The PKG_CONFIG_PATH and pkgconfig files must be correctly set to point toward gstreamer's and glib's x86 libraries and headers.<br />
<br />
All you need to do then is to configure Qt with the phonon option and its backend :<br />
<pre class="host"><br />
$ ./configure -embedded x86 -debug -no-cups -no-nis -depths 16,18,24 -no-qt3support -qvfb -phonon -phonon-backend -prefix YOUR_INSTALLATION_PATH -confirm-license<br />
</pre><br />
<br />
Then build and install Qt and you will be able to use Phonon on your x86 platform.<br />
<br />
==== For embedded platform ====<br />
The PKG_CONFIG_PATH and pkgconfig files must be correctly set to point toward gstreamer's and glib's embedded libraries and headers.<br />
<br />
Then you can configure Qt with glib, phonon and its backend and by adding the pkgconfig option :<br />
<pre class="host"><br />
$ ./configure -embedded YOUR_EMBEDDED_PLATFORM -xplatform YOUR_PLATFORM_MKSPECS -depths 16,18 -no-cups -no-nis -no-qt3support -phonon -phonon-backend -glib -prefix YOUR_INSTALLATION_PATH -force-pkg-config<br />
</pre><br />
<br />
{{Note | You may need to give the cross-compiler the paths toward gstreamer's and glib's libraries and headers as configuration options.}}<br />
<br />
=== Possible problems encountered ===<br />
During Qt Embedded or prerequisited cross-compiling, you may get the following errors :<br />
<br />
*''Impossible constraint in 'asm''':<br />
It means you include the wrong headers needed by the library you compile in CFLAGS or CXXFLAGS. Do not include -I/usr/include or non-cross-compiled headers.<br />
<br />
*''Cannot run test program'':<br />
Your best shot is to look in configure.ac (or configure.in) and see if<br />
there's a "cache variable" for that test. If so, you can set that<br />
variable in your environment, to the expected answer for your target,<br />
before running configure, and it should bypass the actual test.<br />
If there's no cache variable, you'll need to modify configure.ac (or<br />
configure.in) to set the variable manually, and rebuild configure.<br />
<br />
*Do not forget to set your PKG_CONFIG_PATH variable to point toward the directory containing your embedded library pkgconfig files. By default, the x86 pkgconfig files are checked and so, errors occur.<br />
<br />
*When installing libraries : ''arm-linux-g++: command not found''<br />
You have to directly export the PATH toward your cross-compiler in the file libtool to get through this error.<br />
<br />
*In gst-plugins-base, delete manually the compilation of ''icles'' in the file tests/Makefile. The lines to delete are l.377 and l.382.<br />
<br />
== VNC ==<br />
<br />
* You can have a VNC server linked to a Qt application.<br />
<br />
=== Qt configuration ===<br />
<br />
*If you manually build Qt, you have to add the VNC server option in the configuration:<br />
<pre class="host"><br />
$ configure -qt-gfx-vnc<br />
</pre><br />
<br />
*If you let Buildroot build Qt, select the VNC server option in the configuration menu:<br />
<pre class="config"><br />
[*] Graphic libraries and applications (graphic/text) ---><br />
*** other GUIs ***<br />
[*] Qt ---><br />
--- Qt<br />
...<br />
Graphics drivers ---><br />
...<br />
[ ] Qt Virtual Framebuffer<br />
[*] VNC<br />
[ ] multiscreen<br />
...<br />
</pre><br />
<br />
=== Run a VNC server on embedded system ===<br />
<br />
* When you execute a Qt application, run it with the following options:<br />
<pre class="apf"><br />
# ./application -qws -display VNC:0<br />
</pre><br />
<br />
* You can replace 0 in the command by any number, that will correspond to the VNC server ID, that you have to use in a VNC client to connect.<br />
<br />
* Now you can launch a VNC client and connect.<br />
<br />
== Work in progress / to do list ==<br />
<br />
* Customization of the Qt libs to have a custom Qt/E library well designed for Armadeus usage.<br />
<br />
==Licenses==<br />
Since Qt 4.5.2 new licensing schemes are available: http://www.qtsoftware.com/products/licensing/licensing#qt-gnu-lgpl-v<br />
<br />
== Links ==<br />
* [[PyQt]]<br />
* http://www.trolltech.com<br />
* [http://lists.trolltech.com/qt-embedded-interest/2003-11/msg00007.html 16 colors framebuffer with Qt]<br />
* [http://doc.trolltech.com/4.2/qtopiacore-envvars.html Qtopia Core Environment Variables]<br />
* [http://thelins.se/learnqt/category/embedded-linux/ Tutorial on Qt setup for embedded devt]<br />
* [http://qt-project.org/doc/qt-4.8/qt-embedded-vnc.html Qt's VNC server]<br />
<br />
[[Category: Qt]]<br />
[[Category: Software]]<br />
[[Category: Graphical User Interface]]</div>JeremieShttp://armadeus.org/wiki/index.php?title=Qt/Embedded&diff=11584Qt/Embedded2013-01-30T13:49:04Z<p>JeremieS: Qt's VNC server</p>
<hr />
<div>Instructions to install and use QtEmbedded & Qt virtual frame buffer for Armadeus<br />
<br />
== Introduction ==<br />
<br />
This page will summarize the process to build, install and use Qt Embedded (previously known as Qtopia).<br />
<br />
You will also find instructions to setup a Host development environment for simulating applications before deploying them on the target (Qt virtual frame buffer). The Builroot tree must be installed before the installation of Qt.<br />
<br />
{{Note| We recommand at least 32 MBytes of RAM if you plan to design and run Qt based GUIs.}}<br />
<br />
==Installation==<br />
<br />
<br />
{{Note| If you are using '''Armadeus BSP 5.2''' version or less, you must modify Qt FTP URL in ''buildroot/package/qt/qt.mk'':<br />
<pre><br />
# Replace line16:<br />
QT_SITE = http://get.qt.nokia.com/qt/source<br />
# By:<br />
QT_SITE = ftp://ftp.qt-project.org/qt/source/<br />
</pre><br />
}}<br />
<br />
From November 20th 2007, Qt Embedded is now fully integrated in Armadeus Buildroot (old procedure is kept [[QtEmbedded Installation|here]]). So to install it you have to:<br />
<pre class="host"><br />
[armadeus]$ make menuconfig<br />
</pre><br />
<pre class="config"><br />
[*] Package Selection for the target ---><br />
[*] Graphic libraries and applications (graphic/text) ---><br />
*** other GUIs ***<br />
[*] Qt ---><br />
--- Qt<br />
[ ] Compile with debug support<br />
Library type (Shared library) ---><br />
[*] Approve free license<br />
[ ] Compatibility with Qt3<br />
[*] Gui Module<br />
Pixel depths ---><br />
Fonts ---><br />
freetype2 support (no freetype2 support) ---><br />
[*] Enable GIF support<br />
[ ] Enable libmng support<br />
JPEG support (System libjpeg) ---><br />
PNG support (No PNG support) ---><br />
TIFF support (No TIFF support) ---><br />
zlib support (Qt zlib) ---><br />
(arm) The embedded platform we are making Qt for<br />
[ ] SQL Module ---> <br />
Graphics drivers ---><br />
Mouse drivers ---><br />
Keyboard drivers ---><br />
[ ] Phonon Module<br />
[*] XML Module <br />
[ ] XML Patterns Module<br />
[ ] SVG Module<br />
-*- Network Module<br />
[ ] WebKit Module<br />
[ ] STL support<br />
[ ] Enable OpenSSL support<br />
[*] Script Module<br />
[ ] Script Tools Module<br />
</pre><br />
<br />
'''(don't forget Pixel depths submenu options (at least 8 and 16))'''<br />
<br />
*If you want touchscreen support:<br />
<pre class="config"><br />
Mouse drivers ---><br />
...<br />
[*] tslib<br />
</pre><br />
then:<br />
<pre class="host"><br />
[armadeus]$ make<br />
</pre><br />
<br />
1 hour and ~1 GBytes later (depending on your system and the configuration you choosed) your will have the beast. You can then reflash your rootfs.<br />
<br />
==Compilation for QVFB (Embedded x86/64)==<br />
* Get an Qt source archive from [ftp://ftp.qt.nokia.com/ Nokia FTP]<br />
* Untar the archive into a compilation directory.<br />
* Go into the source directory.<br />
* Use following command to configure Qt:<br />
** Other configuration options can be used, but the following are essential:<br />
<pre class="host"><br />
$ ./configure -depths 16,18 -embedded x86 -prefix /usr/local/Trolltech/QtEmbedded-4.7.2 -fast<br />
</pre><br />
<br />
* Then compile and install Qt:<br />
<pre class="host"><br />
$ make<br />
$ sudo make install<br />
</pre><br />
<br />
==Touchscreen handling==<br />
* Configure your touchscreen by loading the corresponding driver (depends on your APF) and calibrating it (at first use)<br />
* Then, before launching Qt app, do<br />
<pre class="apf"><br />
# export QWS_MOUSE_PROTO="Tslib:/dev/input/eventXX (replace XX with the right number)<br />
</pre><br />
<br />
==Keyboard handling==<br />
<br />
===USB Keyboard===<br />
<br />
====Qt configuration====<br />
<br />
*If you manually build Qt, you have to add the USB keyboard driver option in the configuration:<br />
<pre class="host"><br />
$ configure -qt-kbd-linuxinput<br />
</pre><br />
<br />
*If you let Buildroot build Qt, select the USB keyboard option in the configuration menu:<br />
<pre class="config"><br />
[*] Graphic libraries and applications (graphic/text) ---><br />
*** other GUIs ***<br />
[*] Qt ---><br />
--- Qt<br />
...<br />
Mouse drivers ---><br />
Keyboard drivers ---><br />
[ ] tty<br />
[*] linux input<br />
[ ] qvfb<br />
...<br />
</pre><br />
<br />
====Linux configuration====<br />
<br />
To use USB keyboard, there are some drivers to install in Linux.<br />
<br />
*First open the Linux configuration menu:<br />
<pre class="host"><br />
[armadeus]$ make linux26-menuconfig<br />
</pre><br />
<br />
*Select the keyboard drivers in the menu:<br />
<pre class="config"><br />
Device drivers ---><br />
...<br />
Input device support ---><br />
...<br />
*** Input Device Drivers ***<br />
[*] Keyboards ---><br />
--- Keyboards<br />
<*> AT keyboard<br />
< > Sun Type 4 and Type 5 keyboard<br />
< > DECstation/VAXstation LK201/LK401 keyboard<br />
< > XT keyboard<br />
<M> Freescale MXC/IMX keypad support<br />
< > Newton keyboard<br />
< > Stowaway keyboard <br />
< > GPIO Button<br />
[*] Mice ---> <br />
...<br />
...<br />
</pre><br />
<br />
*Then clean your Linux installation and rebuild it:<br />
<pre class="host"><br />
[armadeus]$ make linux26-clean<br />
[armadeus]$ make linux26<br />
[armadeus]$ make<br />
</pre><br />
<br />
====Embedded system configuration====<br />
<br />
* First flash your new kernel and rootfs and boot the system.<br />
* When you connect the USB keyboard to the system, a device is created in '''/dev/input/eventX'''.<br />
* Then you can tell Qt which driver to connect to the device to make it work:<br />
<pre class="apf"><br />
# export QWS_KEYBOARD="LinuxInput:/dev/input/eventX"<br />
</pre><br />
<br />
* Then you can launch an application and use your USB keyboard with it.<br />
<br />
More infos are provided here: [http://doc.qt.nokia.com/4.7-snapshot/qt-embedded-charinput.html]<br />
<br />
==Mouse handling==<br />
<br />
===USB Mouse===<br />
<br />
====Qt configuration====<br />
<br />
*If you manually build Qt, you have to add the USB mouse driver option in the configuration:<br />
<pre class="host"><br />
$ configure -qt-mouse-pc .......<br />
</pre><br />
<br />
*If you let Buildroot build Qt, select the USB mouse option in the configuration menu:<br />
<pre class="config"><br />
[*] Graphic libraries and applications (graphic/text) ---><br />
*** other GUIs ***<br />
[*] Qt ---><br />
--- Qt<br />
...<br />
Graphics drivers ---><br />
Mouse drivers ---><br />
[*] pc<br />
[ ] bus<br />
[ ] linuxtp<br />
[ ] yopy<br />
[ ] vr41xx<br />
[ ] tslib<br />
[ ] qvfb<br />
Keyboard drivers ---><br />
...<br />
</pre><br />
<br />
*Then build & install Qt or let Buildroot build.<br />
<br />
====Linux configuration====<br />
<br />
To use USB mouse, there are some drivers to install in Linux.<br />
<br />
*First open the Linux configuration menu:<br />
<pre class="host"><br />
[armadeus]$ make linux26-menuconfig<br />
</pre><br />
<br />
*Select the Mouse interface and PS/2 Mouse drivers in the menu:<br />
<pre class="config"><br />
Device drivers ---><br />
...<br />
Input device support ---><br />
...<br />
*** Userland interfaces ***<br />
<*> Mouse interface <br />
[*] Provide legacy /dev/psaux device<br />
(1024) Horizontal screen resolution<br />
(768) Vertical screen resolution<br />
...<br />
*** Input Device Drivers ***<br />
[ ] Keyboards ---> <br />
[*] Mice ---> <br />
--- Mice<br />
<M> PS/2 mouse<br />
[*] ALPS PS/2 mouse protocol extension<br />
[*] Logitech PS/2++ mouse protocol extension<br />
[*] Synaptics PS/2 mouse protocol extension<br />
[*] IBM Trackpoint PS/2 mouse protocol extension<br />
[ ] Elantech PS/2 protocol extension<br />
[ ] eGalax TouchKit PS/2 protocol extension <br />
...<br />
</pre><br />
<br />
*Then clean your Linux installation and rebuild it:<br />
<pre class="host"><br />
[armadeus]$ make linux26-clean<br />
[armadeus]$ make linux26<br />
[armadeus]$ make<br />
</pre><br />
<br />
====Embedded system configuration====<br />
<br />
* First flash your new kernel and rootfs and boot the system.<br />
* When you connect the USB mouse to the system, a device is created in '''/dev/input/mouseXX'''. The touchscreen devices are also created as '''/dev/input/eventXX'''.<br />
* To know which device is the USB mouse one, you have to check in:<br />
<pre class="apf"><br />
# cat /sys/class/input/mouseXX/device/name<br />
</pre><br />
* Then you can tell Qt which driver to connect to the device to make it work:<br />
**If you want the USB mouse only:<br />
<pre class="apf"><br />
# export QWS_MOUSE_PROTO="MouseMan:/dev/input/mouseXX"<br />
</pre><br />
** For multiple pointer inputs, for example if you want to use an USB mouse along with a touchscreen, list all the possible pointers as follow:<br />
<pre class="apf"><br />
# export QWS_MOUSE_PROTO="MouseMan:/dev/input/mouseXX Tslib:/dev/input/eventXX"<br />
</pre><br />
<br />
{{Note| For a dynamic detection of an USB mouse, you can use the automatic driver like this:<br />
<pre class="apf"><br />
# export QWS_MOUSE_PROTO="Tslib:/dev/input/eventXX Auto"<br />
</pre><br />
}}<br />
<br />
* Then you can launch an application and use your USB mouse with it.<br />
<br />
More infos are provided here: [http://doc.qt.nokia.com/4.6/qt-embedded-pointer.html]<br />
<br />
==Screen rotation==<br />
* activate it with : ''-qt-gfx-transformed'' (from buildroot menuconfig),<br />
* to use it on the command line (for example 270°) : ''-display transformed:rot270''<br />
* or export the variable (for example 270°) : ''export QWS_DISPLAY=Transformed:Rot270.0<br />
''<br />
<br />
==Test==<br />
If you want to test it, compile and put some examples in your TFTP directory:<br />
<pre class="host"><br />
$ make shell_env<br />
$ source armadeus_env.sh<br />
$ cd $ARMADEUS_QT_DIR/examples/widgets/<br />
$ $ARMADEUS_QT_DIR/bin/qmake widgets.pro<br />
$ make<br />
...<br />
$ cp digitalclock/digitalclock /tftpboot<br />
$ cp calculator/calculator /tftpboot<br />
</pre><br />
<br />
and then launch it on your APF (supposed you have a running & calibrated touchscreen):<br />
<pre class="apf"><br />
# cd /usr/bin/<br />
# tftp -g -r calculator 192.168.0.xx (Host IP)<br />
# chmod a+x calculator<br />
# export QWS_MOUSE_PROTO="Tslib:/dev/input/event0"<br />
# <br />
# ./calculator -qws<br />
</pre><br />
<br />
==Demo==<br />
A client/server (with GUI) demo is available under: ''software/demos/ApfDacClientServer/''. It could be a good starting point to show you how to create standalone Qt applications (will probably require some modifications in ''src/build.sh'' depending on your Host Qt installation).<br />
<br />
[[Image:qtdemo.png|center|frame|GUI with widgets taken from http://www.qt-apps.org]]<br />
<br />
== Usage ==<br />
<br />
By default Qt libraries are installed in /usr/lib/ directory of your target rootfs.<br />
<br />
== How to cross-compile an application using Qt Embedded ==<br />
<br />
The first thing you need to do is to define a specific "'''qmake''' specs directory" for armadeus. Here for example:<br />
<br />
$ mkdir $APPLICATION_ROOT_DIR/mkspecs/linux-arm-g++<br />
<br />
and install the two following files into this new directory: [http://www.armadeus.com/assos_downloads/qt/qmake.conf qmake.conf] & [http://www.armadeus.com/assos_downloads/qt/qplatformdefs.h qplatformdefs.h]. '''qmake.conf''' may be customized if necessary. <br />
<br />
<br />
Then, you must define two typical environment variables : <br />
'''QTDIR''' which defines the Qt installation path <br />
& '''QMAKESPEC''' which defines the path to the configuration files of the '''qmake''' tool <br />
<br />
Here two typical lines of a Qtopia application building script<br />
<br />
$ export QTDIR=/usr/local/Trolltech/QtEmbedded-4.5.3<br />
$ export QMAKESPEC= $APPLICATION_ROOT_DIR/mkspecs/linux-arm-g++<br />
<br />
Adapt the '''QTDIR''' path to your own installation path and compile your code now, using theses commands:<br />
<br />
# build the makefile with the '''qmake''' command (See Trolltech documentation for details about '''qmake'''):<br />
$QTDIR/bin/qmake -spec my.pro<br />
# and now compile the beast... :<br />
$ make<br />
<br />
Good luck....<br />
<br />
== Phonon installation with Qt Embedded ==<br />
<br />
=== Prerequisites ===<br />
In order to use Phonon with Qt, first you need to install some other libraries.<br />
You may even need to cross-compile them, depending on the platform you want to run Qt on.<br />
<br />
==== For x86 platform ====<br />
*You only have to install GStreamer and some plugins with the following command :<br />
<pre class="host"><br />
$ sudo apt-get install libgstreamer0.10-0<br />
$ sudo apt-get install libgstreamer0.10-dev<br />
$ sudo apt-get install libgstreamer-plugins-base0.10-0<br />
$ sudo apt-get install libgstreamer-plugins-base0.10-dev<br />
</pre><br />
{{Note | These packages are available for Linux Ubuntu ; but for other distributions, the names may vary.}}<br />
<br />
*To use some audio, image or video format like mp3, mpeg2, png or ogg:<br />
**First you must install on your system the needed libraries for the particular format you want (like libmpeg2, libpng, libmad...)<br />
**Then you can install these gstreamer plugins:<br />
<pre class="host"><br />
$ sudo apt-get install gstreamer0.10-plugins-good<br />
$ sudo apt-get install gstreamer0.10-plugins-ugly<br />
</pre><br />
There also are other plugin packages which you can find the list at :<br />
[http://gstreamer.freedesktop.org/documentation/ GStreamer]<br />
<br />
==== For embedded platform ====<br />
If you want to build Qt with Phonon for embedded platform, you'll need to cross-compile the following libraries for the same platform:<br />
*libxml2 >= 2.7.7<br />
*libcheck >= 0.9.8<br />
*liboil >= 0.3.2<br />
*gstreamer >= 0.10.0<br />
*gst-plugins-base >= 0.10.0<br />
<br />
There are some required libraries that you can compile and install with Buildroot:<br />
*glib >= 2.16<br />
*Optional:<br />
**libpng<br />
**tiff<br />
**jpeg<br />
**...<br />
<br />
For additional audio and video formats, you have to cross-compile the corresponding libraries and then the following gstreamer's plugins :<br />
*gst-plugins-good >= 0.10.0<br />
*gst-plugins-ugly >= 0.10.0<br />
<br />
=== Cross-compiling libraries ===<br />
*First thing to do is to set the PKG_CONFIG_PATH environment variable to the directories containing your embedded libraries' pkgconfig files.<br />
<br />
*To see what environment variable you can modify to impact the library cross-compiling, enter the command :<br />
<pre class="host"><br />
$ ./configure --help<br />
</pre><br />
Then create a file to define all required environment variables for the cross-compiling. <br />
For instance for glib2:<br />
<pre class="config"><br />
$ export CC=arm-linux-gcc<br />
$ export CXX=arm-linux-g++<br />
$ export CFLAGS="-I/usr/local/libxml2/include/libxml2"<br />
$ export LDFLAGS=-L/usr/local/libxml2/lib<br />
</pre><br />
And then, to create your environment, type :<br />
<pre class="host"><br />
$ source ENVIRONMENT_FILE<br />
</pre><br />
<br />
*Finally you can configure your library like this:<br />
<pre class="host"><br />
$ ./configure --build=x86-linux --host=YOUR_EMBEDDED_PLATFORM --prefix==YOUR_INSTALLATION_PATH<br />
</pre><br />
Then build and install the library.<br />
<br />
=== Build Qt ===<br />
<br />
==== For x86 platform ====<br />
The PKG_CONFIG_PATH and pkgconfig files must be correctly set to point toward gstreamer's and glib's x86 libraries and headers.<br />
<br />
All you need to do then is to configure Qt with the phonon option and its backend :<br />
<pre class="host"><br />
$ ./configure -embedded x86 -debug -no-cups -no-nis -depths 16,18,24 -no-qt3support -qvfb -phonon -phonon-backend -prefix YOUR_INSTALLATION_PATH -confirm-license<br />
</pre><br />
<br />
Then build and install Qt and you will be able to use Phonon on your x86 platform.<br />
<br />
==== For embedded platform ====<br />
The PKG_CONFIG_PATH and pkgconfig files must be correctly set to point toward gstreamer's and glib's embedded libraries and headers.<br />
<br />
Then you can configure Qt with glib, phonon and its backend and by adding the pkgconfig option :<br />
<pre class="host"><br />
$ ./configure -embedded YOUR_EMBEDDED_PLATFORM -xplatform YOUR_PLATFORM_MKSPECS -depths 16,18 -no-cups -no-nis -no-qt3support -phonon -phonon-backend -glib -prefix YOUR_INSTALLATION_PATH -force-pkg-config<br />
</pre><br />
<br />
{{Note | You may need to give the cross-compiler the paths toward gstreamer's and glib's libraries and headers as configuration options.}}<br />
<br />
=== Possible problems encountered ===<br />
During Qt Embedded or prerequisited cross-compiling, you may get the following errors :<br />
<br />
*''Impossible constraint in 'asm''':<br />
It means you include the wrong headers needed by the library you compile in CFLAGS or CXXFLAGS. Do not include -I/usr/include or non-cross-compiled headers.<br />
<br />
*''Cannot run test program'':<br />
Your best shot is to look in configure.ac (or configure.in) and see if<br />
there's a "cache variable" for that test. If so, you can set that<br />
variable in your environment, to the expected answer for your target,<br />
before running configure, and it should bypass the actual test.<br />
If there's no cache variable, you'll need to modify configure.ac (or<br />
configure.in) to set the variable manually, and rebuild configure.<br />
<br />
*Do not forget to set your PKG_CONFIG_PATH variable to point toward the directory containing your embedded library pkgconfig files. By default, the x86 pkgconfig files are checked and so, errors occur.<br />
<br />
*When installing libraries : ''arm-linux-g++: command not found''<br />
You have to directly export the PATH toward your cross-compiler in the file libtool to get through this error.<br />
<br />
*In gst-plugins-base, delete manually the compilation of ''icles'' in the file tests/Makefile. The lines to delete are l.377 and l.382.<br />
<br />
== VNC ==<br />
<br />
* You can have a VNC server linked to a Qt application.<br />
<br />
=== Qt configuration ===<br />
<br />
*If you manually build Qt, you have to add the VNC server option in the configuration:<br />
<pre class="host"><br />
$ configure -qt-gfx-vnc<br />
</pre><br />
<br />
*If you let Buildroot build Qt, select the VNC server option in the configuration menu:<br />
<pre class="config"><br />
[*] Graphic libraries and applications (graphic/text) ---><br />
*** other GUIs ***<br />
[*] Qt ---><br />
--- Qt<br />
...<br />
Graphics drivers ---><br />
...<br />
[ ] Qt Virtual Framebuffer<br />
[*] VNC<br />
[ ] multiscreen<br />
...<br />
</pre><br />
<br />
=== Run a VNC server on embedded system ===<br />
<br />
* When you execute a Qt application, run it with the following options:<br />
<pre class="apf"><br />
# ./application -qws -display VNC:0<br />
</pre><br />
<br />
* You can replace 0 in the command by any number, that will correspond to the VNC server ID, that you have to use in a VNC client to connect.<br />
<br />
* Now you can launch a VNC client and connect.<br />
<br />
== Work in progress / to do list ==<br />
<br />
* Customization of the Qt libs to have a custom Qt/E library well designed for Armadeus usage.<br />
<br />
==Licenses==<br />
Since Qt 4.5.2 new licensing schemes are available: http://www.qtsoftware.com/products/licensing/licensing#qt-gnu-lgpl-v<br />
<br />
== Links ==<br />
* [[PyQt]]<br />
* http://www.trolltech.com<br />
* [http://lists.trolltech.com/qt-embedded-interest/2003-11/msg00007.html 16 colors framebuffer with Qt]<br />
* [http://doc.trolltech.com/4.2/qtopiacore-envvars.html Qtopia Core Environment Variables]<br />
* [http://thelins.se/learnqt/category/embedded-linux/ Tutorial on Qt setup for embedded devt]<br />
* [http://qt-project.org/doc/qt-4.8/qt-embedded-vnc.html Qt's VNC server]<br />
<br />
[[Category: Qt]]<br />
[[Category: Software]]<br />
[[Category: Graphical User Interface]]</div>JeremieShttp://armadeus.org/wiki/index.php?title=Qt/Embedded&diff=11564Qt/Embedded2013-01-25T16:11:30Z<p>JeremieS: /* Installation */</p>
<hr />
<div>Instructions to install and use QtEmbedded & Qt virtual frame buffer for Armadeus<br />
<br />
== Introduction ==<br />
<br />
This page will summarize the process to build, install and use Qt Embedded (previously known as Qtopia).<br />
<br />
You will also find instructions to setup a Host development environment for simulating applications before deploying them on the target (Qt virtual frame buffer). The Builroot tree must be installed before the installation of Qt.<br />
<br />
{{Note| We recommand at least 32 MBytes of RAM if you plan to design and run Qt based GUIs.}}<br />
<br />
==Installation==<br />
<br />
<br />
{{Note| If you are using '''Armadeus BSP 5.2''' version or less, you must modify Qt FTP URL in ''buildroot/package/qt/qt.mk'':<br />
<pre><br />
# Replace line16:<br />
QT_SITE = http://get.qt.nokia.com/qt/source<br />
# By:<br />
QT_SITE = ftp://ftp.qt-project.org/qt/source/<br />
</pre><br />
}}<br />
<br />
From November 20th 2007, Qt Embedded is now fully integrated in Armadeus Buildroot (old procedure is kept [[QtEmbedded Installation|here]]). So to install it you have to:<br />
<pre class="host"><br />
[armadeus]$ make menuconfig<br />
</pre><br />
<pre class="config"><br />
[*] Package Selection for the target ---><br />
[*] Graphic libraries and applications (graphic/text) ---><br />
*** other GUIs ***<br />
[*] Qt ---><br />
--- Qt<br />
[ ] Compile with debug support<br />
Library type (Shared library) ---><br />
[*] Approve free license<br />
[ ] Compatibility with Qt3<br />
[*] Gui Module<br />
Pixel depths ---><br />
Fonts ---><br />
freetype2 support (no freetype2 support) ---><br />
[*] Enable GIF support<br />
[ ] Enable libmng support<br />
JPEG support (System libjpeg) ---><br />
PNG support (No PNG support) ---><br />
TIFF support (No TIFF support) ---><br />
zlib support (Qt zlib) ---><br />
(arm) The embedded platform we are making Qt for<br />
[ ] SQL Module ---> <br />
Graphics drivers ---><br />
Mouse drivers ---><br />
Keyboard drivers ---><br />
[ ] Phonon Module<br />
[*] XML Module <br />
[ ] XML Patterns Module<br />
[ ] SVG Module<br />
-*- Network Module<br />
[ ] WebKit Module<br />
[ ] STL support<br />
[ ] Enable OpenSSL support<br />
[*] Script Module<br />
[ ] Script Tools Module<br />
</pre><br />
<br />
'''(don't forget Pixel depths submenu options (at least 8 and 16))'''<br />
<br />
*If you want touchscreen support:<br />
<pre class="config"><br />
Mouse drivers ---><br />
...<br />
[*] tslib<br />
</pre><br />
then:<br />
<pre class="host"><br />
[armadeus]$ make<br />
</pre><br />
<br />
1 hour and ~1 GBytes later (depending on your system and the configuration you choosed) your will have the beast. You can then reflash your rootfs.<br />
<br />
==Compilation for QVFB (Embedded x86/64)==<br />
* Get an Qt source archive from [ftp://ftp.qt.nokia.com/ Nokia FTP]<br />
* Untar the archive into a compilation directory.<br />
* Go into the source directory.<br />
* Use following command to configure Qt:<br />
** Other configuration options can be used, but the following are essential:<br />
<pre class="host"><br />
$ ./configure -depths 16,18 -embedded x86 -prefix /usr/local/Trolltech/QtEmbedded-4.7.2 -fast<br />
</pre><br />
<br />
* Then compile and install Qt:<br />
<pre class="host"><br />
$ make<br />
$ sudo make install<br />
</pre><br />
<br />
==Touchscreen handling==<br />
* Configure your touchscreen by loading the corresponding driver (depends on your APF) and calibrating it (at first use)<br />
* Then, before launching Qt app, do<br />
<pre class="apf"><br />
# export QWS_MOUSE_PROTO="Tslib:/dev/input/eventXX (replace XX with the right number)<br />
</pre><br />
<br />
==Keyboard handling==<br />
<br />
===USB Keyboard===<br />
<br />
====Qt configuration====<br />
<br />
*If you manually build Qt, you have to add the USB keyboard driver option in the configuration:<br />
<pre class="host"><br />
$ configure -qt-kbd-linuxinput<br />
</pre><br />
<br />
*If you let Buildroot build Qt, select the USB keyboard option in the configuration menu:<br />
<pre class="config"><br />
[*] Graphic libraries and applications (graphic/text) ---><br />
*** other GUIs ***<br />
[*] Qt ---><br />
--- Qt<br />
...<br />
Mouse drivers ---><br />
Keyboard drivers ---><br />
[ ] tty<br />
[*] linux input<br />
[ ] qvfb<br />
...<br />
</pre><br />
<br />
====Linux configuration====<br />
<br />
To use USB keyboard, there are some drivers to install in Linux.<br />
<br />
*First open the Linux configuration menu:<br />
<pre class="host"><br />
[armadeus]$ make linux26-menuconfig<br />
</pre><br />
<br />
*Select the keyboard drivers in the menu:<br />
<pre class="config"><br />
Device drivers ---><br />
...<br />
Input device support ---><br />
...<br />
*** Input Device Drivers ***<br />
[*] Keyboards ---><br />
--- Keyboards<br />
<*> AT keyboard<br />
< > Sun Type 4 and Type 5 keyboard<br />
< > DECstation/VAXstation LK201/LK401 keyboard<br />
< > XT keyboard<br />
<M> Freescale MXC/IMX keypad support<br />
< > Newton keyboard<br />
< > Stowaway keyboard <br />
< > GPIO Button<br />
[*] Mice ---> <br />
...<br />
...<br />
</pre><br />
<br />
*Then clean your Linux installation and rebuild it:<br />
<pre class="host"><br />
[armadeus]$ make linux26-clean<br />
[armadeus]$ make linux26<br />
[armadeus]$ make<br />
</pre><br />
<br />
====Embedded system configuration====<br />
<br />
* First flash your new kernel and rootfs and boot the system.<br />
* When you connect the USB keyboard to the system, a device is created in '''/dev/input/eventX'''.<br />
* Then you can tell Qt which driver to connect to the device to make it work:<br />
<pre class="apf"><br />
# export QWS_KEYBOARD="LinuxInput:/dev/input/eventX"<br />
</pre><br />
<br />
* Then you can launch an application and use your USB keyboard with it.<br />
<br />
More infos are provided here: [http://doc.qt.nokia.com/4.7-snapshot/qt-embedded-charinput.html]<br />
<br />
==Mouse handling==<br />
<br />
===USB Mouse===<br />
<br />
====Qt configuration====<br />
<br />
*If you manually build Qt, you have to add the USB mouse driver option in the configuration:<br />
<pre class="host"><br />
$ configure -qt-mouse-pc .......<br />
</pre><br />
<br />
*If you let Buildroot build Qt, select the USB mouse option in the configuration menu:<br />
<pre class="config"><br />
[*] Graphic libraries and applications (graphic/text) ---><br />
*** other GUIs ***<br />
[*] Qt ---><br />
--- Qt<br />
...<br />
Graphics drivers ---><br />
Mouse drivers ---><br />
[*] pc<br />
[ ] bus<br />
[ ] linuxtp<br />
[ ] yopy<br />
[ ] vr41xx<br />
[ ] tslib<br />
[ ] qvfb<br />
Keyboard drivers ---><br />
...<br />
</pre><br />
<br />
*Then build & install Qt or let Buildroot build.<br />
<br />
====Linux configuration====<br />
<br />
To use USB mouse, there are some drivers to install in Linux.<br />
<br />
*First open the Linux configuration menu:<br />
<pre class="host"><br />
[armadeus]$ make linux26-menuconfig<br />
</pre><br />
<br />
*Select the Mouse interface and PS/2 Mouse drivers in the menu:<br />
<pre class="config"><br />
Device drivers ---><br />
...<br />
Input device support ---><br />
...<br />
*** Userland interfaces ***<br />
<*> Mouse interface <br />
[*] Provide legacy /dev/psaux device<br />
(1024) Horizontal screen resolution<br />
(768) Vertical screen resolution<br />
...<br />
*** Input Device Drivers ***<br />
[ ] Keyboards ---> <br />
[*] Mice ---> <br />
--- Mice<br />
<M> PS/2 mouse<br />
[*] ALPS PS/2 mouse protocol extension<br />
[*] Logitech PS/2++ mouse protocol extension<br />
[*] Synaptics PS/2 mouse protocol extension<br />
[*] IBM Trackpoint PS/2 mouse protocol extension<br />
[ ] Elantech PS/2 protocol extension<br />
[ ] eGalax TouchKit PS/2 protocol extension <br />
...<br />
</pre><br />
<br />
*Then clean your Linux installation and rebuild it:<br />
<pre class="host"><br />
[armadeus]$ make linux26-clean<br />
[armadeus]$ make linux26<br />
[armadeus]$ make<br />
</pre><br />
<br />
====Embedded system configuration====<br />
<br />
* First flash your new kernel and rootfs and boot the system.<br />
* When you connect the USB mouse to the system, a device is created in '''/dev/input/mouseXX'''. The touchscreen devices are also created as '''/dev/input/eventXX'''.<br />
* To know which device is the USB mouse one, you have to check in:<br />
<pre class="apf"><br />
# cat /sys/class/input/mouseXX/device/name<br />
</pre><br />
* Then you can tell Qt which driver to connect to the device to make it work:<br />
**If you want the USB mouse only:<br />
<pre class="apf"><br />
# export QWS_MOUSE_PROTO="MouseMan:/dev/input/mouseXX"<br />
</pre><br />
** For multiple pointer inputs, for example if you want to use an USB mouse along with a touchscreen, list all the possible pointers as follow:<br />
<pre class="apf"><br />
# export QWS_MOUSE_PROTO="MouseMan:/dev/input/mouseXX Tslib:/dev/input/eventXX"<br />
</pre><br />
<br />
{{Note| For a dynamic detection of an USB mouse, you can use the automatic driver like this:<br />
<pre class="apf"><br />
# export QWS_MOUSE_PROTO="Tslib:/dev/input/eventXX Auto"<br />
</pre><br />
}}<br />
<br />
* Then you can launch an application and use your USB mouse with it.<br />
<br />
More infos are provided here: [http://doc.qt.nokia.com/4.6/qt-embedded-pointer.html]<br />
<br />
==Screen rotation==<br />
* activate it with : ''-qt-gfx-transformed'' (from buildroot menuconfig),<br />
* to use it on the command line (for example 270°) : ''-display transformed:rot270''<br />
* or export the variable (for example 270°) : ''export QWS_DISPLAY=Transformed:Rot270.0<br />
''<br />
<br />
==Test==<br />
If you want to test it, compile and put some examples in your TFTP directory:<br />
<pre class="host"><br />
$ make shell_env<br />
$ source armadeus_env.sh<br />
$ cd $ARMADEUS_QT_DIR/examples/widgets/<br />
$ $ARMADEUS_QT_DIR/bin/qmake widgets.pro<br />
$ make<br />
...<br />
$ cp digitalclock/digitalclock /tftpboot<br />
$ cp calculator/calculator /tftpboot<br />
</pre><br />
<br />
and then launch it on your APF (supposed you have a running & calibrated touchscreen):<br />
<pre class="apf"><br />
# cd /usr/bin/<br />
# tftp -g -r calculator 192.168.0.xx (Host IP)<br />
# chmod a+x calculator<br />
# export QWS_MOUSE_PROTO="Tslib:/dev/input/event0"<br />
# <br />
# ./calculator -qws<br />
</pre><br />
<br />
==Demo==<br />
A client/server (with GUI) demo is available under: ''software/demos/ApfDacClientServer/''. It could be a good starting point to show you how to create standalone Qt applications (will probably require some modifications in ''src/build.sh'' depending on your Host Qt installation).<br />
<br />
[[Image:qtdemo.png|center|frame|GUI with widgets taken from http://www.qt-apps.org]]<br />
<br />
== Usage ==<br />
<br />
By default Qt libraries are installed in /usr/lib/ directory of your target rootfs.<br />
<br />
== How to cross-compile an application using Qt Embedded ==<br />
<br />
The first thing you need to do is to define a specific "'''qmake''' specs directory" for armadeus. Here for example:<br />
<br />
$ mkdir $APPLICATION_ROOT_DIR/mkspecs/linux-arm-g++<br />
<br />
and install the two following files into this new directory: [http://www.armadeus.com/assos_downloads/qt/qmake.conf qmake.conf] & [http://www.armadeus.com/assos_downloads/qt/qplatformdefs.h qplatformdefs.h]. '''qmake.conf''' may be customized if necessary. <br />
<br />
<br />
Then, you must define two typical environment variables : <br />
'''QTDIR''' which defines the Qt installation path <br />
& '''QMAKESPEC''' which defines the path to the configuration files of the '''qmake''' tool <br />
<br />
Here two typical lines of a Qtopia application building script<br />
<br />
$ export QTDIR=/usr/local/Trolltech/QtEmbedded-4.5.3<br />
$ export QMAKESPEC= $APPLICATION_ROOT_DIR/mkspecs/linux-arm-g++<br />
<br />
Adapt the '''QTDIR''' path to your own installation path and compile your code now, using theses commands:<br />
<br />
# build the makefile with the '''qmake''' command (See Trolltech documentation for details about '''qmake'''):<br />
$QTDIR/bin/qmake -spec my.pro<br />
# and now compile the beast... :<br />
$ make<br />
<br />
Good luck....<br />
<br />
== Phonon installation with Qt Embedded ==<br />
<br />
=== Prerequisites ===<br />
In order to use Phonon with Qt, first you need to install some other libraries.<br />
You may even need to cross-compile them, depending on the platform you want to run Qt on.<br />
<br />
==== For x86 platform ====<br />
*You only have to install GStreamer and some plugins with the following command :<br />
<pre class="host"><br />
$ sudo apt-get install libgstreamer0.10-0<br />
$ sudo apt-get install libgstreamer0.10-dev<br />
$ sudo apt-get install libgstreamer-plugins-base0.10-0<br />
$ sudo apt-get install libgstreamer-plugins-base0.10-dev<br />
</pre><br />
{{Note | These packages are available for Linux Ubuntu ; but for other distributions, the names may vary.}}<br />
<br />
*To use some audio, image or video format like mp3, mpeg2, png or ogg:<br />
**First you must install on your system the needed libraries for the particular format you want (like libmpeg2, libpng, libmad...)<br />
**Then you can install these gstreamer plugins:<br />
<pre class="host"><br />
$ sudo apt-get install gstreamer0.10-plugins-good<br />
$ sudo apt-get install gstreamer0.10-plugins-ugly<br />
</pre><br />
There also are other plugin packages which you can find the list at :<br />
[http://gstreamer.freedesktop.org/documentation/ GStreamer]<br />
<br />
==== For embedded platform ====<br />
If you want to build Qt with Phonon for embedded platform, you'll need to cross-compile the following libraries for the same platform:<br />
*libxml2 >= 2.7.7<br />
*libcheck >= 0.9.8<br />
*liboil >= 0.3.2<br />
*gstreamer >= 0.10.0<br />
*gst-plugins-base >= 0.10.0<br />
<br />
There are some required libraries that you can compile and install with Buildroot:<br />
*glib >= 2.16<br />
*Optional:<br />
**libpng<br />
**tiff<br />
**jpeg<br />
**...<br />
<br />
For additional audio and video formats, you have to cross-compile the corresponding libraries and then the following gstreamer's plugins :<br />
*gst-plugins-good >= 0.10.0<br />
*gst-plugins-ugly >= 0.10.0<br />
<br />
=== Cross-compiling libraries ===<br />
*First thing to do is to set the PKG_CONFIG_PATH environment variable to the directories containing your embedded libraries' pkgconfig files.<br />
<br />
*To see what environment variable you can modify to impact the library cross-compiling, enter the command :<br />
<pre class="host"><br />
$ ./configure --help<br />
</pre><br />
Then create a file to define all required environment variables for the cross-compiling. <br />
For instance for glib2:<br />
<pre class="config"><br />
$ export CC=arm-linux-gcc<br />
$ export CXX=arm-linux-g++<br />
$ export CFLAGS="-I/usr/local/libxml2/include/libxml2"<br />
$ export LDFLAGS=-L/usr/local/libxml2/lib<br />
</pre><br />
And then, to create your environment, type :<br />
<pre class="host"><br />
$ source ENVIRONMENT_FILE<br />
</pre><br />
<br />
*Finally you can configure your library like this:<br />
<pre class="host"><br />
$ ./configure --build=x86-linux --host=YOUR_EMBEDDED_PLATFORM --prefix==YOUR_INSTALLATION_PATH<br />
</pre><br />
Then build and install the library.<br />
<br />
=== Build Qt ===<br />
<br />
==== For x86 platform ====<br />
The PKG_CONFIG_PATH and pkgconfig files must be correctly set to point toward gstreamer's and glib's x86 libraries and headers.<br />
<br />
All you need to do then is to configure Qt with the phonon option and its backend :<br />
<pre class="host"><br />
$ ./configure -embedded x86 -debug -no-cups -no-nis -depths 16,18,24 -no-qt3support -qvfb -phonon -phonon-backend -prefix YOUR_INSTALLATION_PATH -confirm-license<br />
</pre><br />
<br />
Then build and install Qt and you will be able to use Phonon on your x86 platform.<br />
<br />
==== For embedded platform ====<br />
The PKG_CONFIG_PATH and pkgconfig files must be correctly set to point toward gstreamer's and glib's embedded libraries and headers.<br />
<br />
Then you can configure Qt with glib, phonon and its backend and by adding the pkgconfig option :<br />
<pre class="host"><br />
$ ./configure -embedded YOUR_EMBEDDED_PLATFORM -xplatform YOUR_PLATFORM_MKSPECS -depths 16,18 -no-cups -no-nis -no-qt3support -phonon -phonon-backend -glib -prefix YOUR_INSTALLATION_PATH -force-pkg-config<br />
</pre><br />
<br />
{{Note | You may need to give the cross-compiler the paths toward gstreamer's and glib's libraries and headers as configuration options.}}<br />
<br />
=== Possible problems encountered ===<br />
During Qt Embedded or prerequisited cross-compiling, you may get the following errors :<br />
<br />
*''Impossible constraint in 'asm''':<br />
It means you include the wrong headers needed by the library you compile in CFLAGS or CXXFLAGS. Do not include -I/usr/include or non-cross-compiled headers.<br />
<br />
*''Cannot run test program'':<br />
Your best shot is to look in configure.ac (or configure.in) and see if<br />
there's a "cache variable" for that test. If so, you can set that<br />
variable in your environment, to the expected answer for your target,<br />
before running configure, and it should bypass the actual test.<br />
If there's no cache variable, you'll need to modify configure.ac (or<br />
configure.in) to set the variable manually, and rebuild configure.<br />
<br />
*Do not forget to set your PKG_CONFIG_PATH variable to point toward the directory containing your embedded library pkgconfig files. By default, the x86 pkgconfig files are checked and so, errors occur.<br />
<br />
*When installing libraries : ''arm-linux-g++: command not found''<br />
You have to directly export the PATH toward your cross-compiler in the file libtool to get through this error.<br />
<br />
*In gst-plugins-base, delete manually the compilation of ''icles'' in the file tests/Makefile. The lines to delete are l.377 and l.382.<br />
<br />
== Work in progress / to do list ==<br />
<br />
* Customization of the Qt libs to have a custom Qt/E library well designed for Armadeus usage.<br />
<br />
==Licenses==<br />
Since Qt 4.5.2 new licensing schemes are available: http://www.qtsoftware.com/products/licensing/licensing#qt-gnu-lgpl-v<br />
<br />
== Links ==<br />
* [[PyQt]]<br />
* http://www.trolltech.com<br />
* [http://lists.trolltech.com/qt-embedded-interest/2003-11/msg00007.html 16 colors framebuffer with Qt]<br />
* [http://doc.trolltech.com/4.2/qtopiacore-envvars.html Qtopia Core Environment Variables]<br />
* [http://thelins.se/learnqt/category/embedded-linux/ Tutorial on Qt setup for embedded devt]<br />
<br />
[[Category: Qt]]<br />
[[Category: Software]]<br />
[[Category: Graphical User Interface]]</div>JeremieShttp://armadeus.org/wiki/index.php?title=Qt/Embedded&diff=11556Qt/Embedded2013-01-22T11:00:26Z<p>JeremieS: /* Embedded system configuration */</p>
<hr />
<div>Instructions to install and use QtEmbedded & Qt virtual frame buffer for Armadeus<br />
<br />
== Introduction ==<br />
<br />
This page will summarize the process to build, install and use Qt Embedded (previously known as Qtopia).<br />
<br />
You will also find instructions to setup a Host development environment for simulating applications before deploying them on the target (Qt virtual frame buffer). The Builroot tree must be installed before the installation of Qt.<br />
<br />
{{Note| We recommand at least 32 MBytes of RAM if you plan to design and run Qt based GUIs.}}<br />
<br />
==Installation==<br />
<br />
From November 20th 2007, Qt Embedded is now fully integrated in Armadeus Buildroot (old procedure is kept [[QtEmbedded Installation|here]]). So to install it you have to:<br />
<pre class="host"><br />
[armadeus]$ make menuconfig<br />
</pre><br />
<pre class="config"><br />
[*] Package Selection for the target ---><br />
[*] Graphic libraries and applications (graphic/text) ---><br />
*** other GUIs ***<br />
[*] Qt ---><br />
--- Qt<br />
[ ] Compile with debug support<br />
Library type (Shared library) ---><br />
[*] Approve free license<br />
[ ] Compatibility with Qt3<br />
[*] Gui Module<br />
Pixel depths ---><br />
Fonts ---><br />
freetype2 support (no freetype2 support) ---><br />
[*] Enable GIF support<br />
[ ] Enable libmng support<br />
JPEG support (System libjpeg) ---><br />
PNG support (No PNG support) ---><br />
TIFF support (No TIFF support) ---><br />
zlib support (Qt zlib) ---><br />
(arm) The embedded platform we are making Qt for<br />
[ ] SQL Module ---> <br />
Graphics drivers ---><br />
Mouse drivers ---><br />
Keyboard drivers ---><br />
[ ] Phonon Module<br />
[*] XML Module <br />
[ ] XML Patterns Module<br />
[ ] SVG Module<br />
-*- Network Module<br />
[ ] WebKit Module<br />
[ ] STL support<br />
[ ] Enable OpenSSL support<br />
[*] Script Module<br />
[ ] Script Tools Module<br />
</pre><br />
<br />
'''(don't forget Pixel depths submenu options (at least 8 and 16))'''<br />
<br />
*If you want touchscreen support:<br />
<pre class="config"><br />
Mouse drivers ---><br />
...<br />
[*] tslib<br />
</pre><br />
then:<br />
<pre class="host"><br />
[armadeus]$ make<br />
</pre><br />
<br />
1 hour and ~1 GBytes later (depending on your system and the configuration you choosed) your will have the beast. You can then reflash your rootfs.<br />
<br />
==Compilation for QVFB (Embedded x86/64)==<br />
* Get an Qt source archive from [ftp://ftp.qt.nokia.com/ Nokia FTP]<br />
* Untar the archive into a compilation directory.<br />
* Go into the source directory.<br />
* Use following command to configure Qt:<br />
** Other configuration options can be used, but the following are essential:<br />
<pre class="host"><br />
$ ./configure -depths 16,18 -embedded x86 -prefix /usr/local/Trolltech/QtEmbedded-4.7.2 -fast<br />
</pre><br />
<br />
* Then compile and install Qt:<br />
<pre class="host"><br />
$ make<br />
$ sudo make install<br />
</pre><br />
<br />
==Touchscreen handling==<br />
* Configure your touchscreen by loading the corresponding driver (depends on your APF) and calibrating it (at first use)<br />
* Then, before launching Qt app, do<br />
<pre class="apf"><br />
# export QWS_MOUSE_PROTO="Tslib:/dev/input/eventXX (replace XX with the right number)<br />
</pre><br />
<br />
==Keyboard handling==<br />
<br />
===USB Keyboard===<br />
<br />
====Qt configuration====<br />
<br />
*If you manually build Qt, you have to add the USB keyboard driver option in the configuration:<br />
<pre class="host"><br />
$ configure -qt-kbd-linuxinput<br />
</pre><br />
<br />
*If you let Buildroot build Qt, select the USB keyboard option in the configuration menu:<br />
<pre class="config"><br />
[*] Graphic libraries and applications (graphic/text) ---><br />
*** other GUIs ***<br />
[*] Qt ---><br />
--- Qt<br />
...<br />
Mouse drivers ---><br />
Keyboard drivers ---><br />
[ ] tty<br />
[*] linux input<br />
[ ] qvfb<br />
...<br />
</pre><br />
<br />
====Linux configuration====<br />
<br />
To use USB keyboard, there are some drivers to install in Linux.<br />
<br />
*First open the Linux configuration menu:<br />
<pre class="host"><br />
[armadeus]$ make linux26-menuconfig<br />
</pre><br />
<br />
*Select the keyboard drivers in the menu:<br />
<pre class="config"><br />
Device drivers ---><br />
...<br />
Input device support ---><br />
...<br />
*** Input Device Drivers ***<br />
[*] Keyboards ---><br />
--- Keyboards<br />
<*> AT keyboard<br />
< > Sun Type 4 and Type 5 keyboard<br />
< > DECstation/VAXstation LK201/LK401 keyboard<br />
< > XT keyboard<br />
<M> Freescale MXC/IMX keypad support<br />
< > Newton keyboard<br />
< > Stowaway keyboard <br />
< > GPIO Button<br />
[*] Mice ---> <br />
...<br />
...<br />
</pre><br />
<br />
*Then clean your Linux installation and rebuild it:<br />
<pre class="host"><br />
[armadeus]$ make linux26-clean<br />
[armadeus]$ make linux26<br />
[armadeus]$ make<br />
</pre><br />
<br />
====Embedded system configuration====<br />
<br />
* First flash your new kernel and rootfs and boot the system.<br />
* When you connect the USB keyboard to the system, a device is created in '''/dev/input/eventX'''.<br />
* Then you can tell Qt which driver to connect to the device to make it work:<br />
<pre class="apf"><br />
# export QWS_KEYBOARD="LinuxInput:/dev/input/eventX"<br />
</pre><br />
<br />
* Then you can launch an application and use your USB keyboard with it.<br />
<br />
More infos are provided here: [http://doc.qt.nokia.com/4.7-snapshot/qt-embedded-charinput.html]<br />
<br />
==Mouse handling==<br />
<br />
===USB Mouse===<br />
<br />
====Qt configuration====<br />
<br />
*If you manually build Qt, you have to add the USB mouse driver option in the configuration:<br />
<pre class="host"><br />
$ configure -qt-mouse-pc .......<br />
</pre><br />
<br />
*If you let Buildroot build Qt, select the USB mouse option in the configuration menu:<br />
<pre class="config"><br />
[*] Graphic libraries and applications (graphic/text) ---><br />
*** other GUIs ***<br />
[*] Qt ---><br />
--- Qt<br />
...<br />
Graphics drivers ---><br />
Mouse drivers ---><br />
[*] pc<br />
[ ] bus<br />
[ ] linuxtp<br />
[ ] yopy<br />
[ ] vr41xx<br />
[ ] tslib<br />
[ ] qvfb<br />
Keyboard drivers ---><br />
...<br />
</pre><br />
<br />
*Then build & install Qt or let Buildroot build.<br />
<br />
====Linux configuration====<br />
<br />
To use USB mouse, there are some drivers to install in Linux.<br />
<br />
*First open the Linux configuration menu:<br />
<pre class="host"><br />
[armadeus]$ make linux26-menuconfig<br />
</pre><br />
<br />
*Select the Mouse interface and PS/2 Mouse drivers in the menu:<br />
<pre class="config"><br />
Device drivers ---><br />
...<br />
Input device support ---><br />
...<br />
*** Userland interfaces ***<br />
<*> Mouse interface <br />
[*] Provide legacy /dev/psaux device<br />
(1024) Horizontal screen resolution<br />
(768) Vertical screen resolution<br />
...<br />
*** Input Device Drivers ***<br />
[ ] Keyboards ---> <br />
[*] Mice ---> <br />
--- Mice<br />
<M> PS/2 mouse<br />
[*] ALPS PS/2 mouse protocol extension<br />
[*] Logitech PS/2++ mouse protocol extension<br />
[*] Synaptics PS/2 mouse protocol extension<br />
[*] IBM Trackpoint PS/2 mouse protocol extension<br />
[ ] Elantech PS/2 protocol extension<br />
[ ] eGalax TouchKit PS/2 protocol extension <br />
...<br />
</pre><br />
<br />
*Then clean your Linux installation and rebuild it:<br />
<pre class="host"><br />
[armadeus]$ make linux26-clean<br />
[armadeus]$ make linux26<br />
[armadeus]$ make<br />
</pre><br />
<br />
====Embedded system configuration====<br />
<br />
* First flash your new kernel and rootfs and boot the system.<br />
* When you connect the USB mouse to the system, a device is created in '''/dev/input/mouseXX'''. The touchscreen devices are also created as '''/dev/input/eventXX'''.<br />
* To know which device is the USB mouse one, you have to check in:<br />
<pre class="apf"><br />
# cat /sys/class/input/mouseXX/device/name<br />
</pre><br />
* Then you can tell Qt which driver to connect to the device to make it work:<br />
**If you want the USB mouse only:<br />
<pre class="apf"><br />
# export QWS_MOUSE_PROTO="MouseMan:/dev/input/mouseXX"<br />
</pre><br />
** For multiple pointer inputs, for example if you want to use an USB mouse along with a touchscreen, list all the possible pointers as follow:<br />
<pre class="apf"><br />
# export QWS_MOUSE_PROTO="MouseMan:/dev/input/mouseXX Tslib:/dev/input/eventXX"<br />
</pre><br />
<br />
{{Note| For a dynamic detection of an USB mouse, you can use the automatic driver like this:<br />
<pre class="apf"><br />
# export QWS_MOUSE_PROTO="Tslib:/dev/input/eventXX Auto"<br />
</pre><br />
}}<br />
<br />
* Then you can launch an application and use your USB mouse with it.<br />
<br />
More infos are provided here: [http://doc.qt.nokia.com/4.6/qt-embedded-pointer.html]<br />
<br />
==Screen rotation==<br />
* activate it with : ''-qt-gfx-transformed'' (from buildroot menuconfig),<br />
* to use it on the command line (for example 270°) : ''-display transformed:rot270''<br />
* or export the variable (for example 270°) : ''export QWS_DISPLAY=Transformed:Rot270.0<br />
''<br />
<br />
==Test==<br />
If you want to test it, compile and put some examples in your TFTP directory:<br />
<pre class="host"><br />
$ make shell_env<br />
$ source armadeus_env.sh<br />
$ cd $ARMADEUS_QT_DIR/examples/widgets/<br />
$ $ARMADEUS_QT_DIR/bin/qmake widgets.pro<br />
$ make<br />
...<br />
$ cp digitalclock/digitalclock /tftpboot<br />
$ cp calculator/calculator /tftpboot<br />
</pre><br />
<br />
and then launch it on your APF (supposed you have a running & calibrated touchscreen):<br />
<pre class="apf"><br />
# cd /usr/bin/<br />
# tftp -g -r calculator 192.168.0.xx (Host IP)<br />
# chmod a+x calculator<br />
# export QWS_MOUSE_PROTO="Tslib:/dev/input/event0"<br />
# <br />
# ./calculator -qws<br />
</pre><br />
<br />
==Demo==<br />
A client/server (with GUI) demo is available under: ''software/demos/ApfDacClientServer/''. It could be a good starting point to show you how to create standalone Qt applications (will probably require some modifications in ''src/build.sh'' depending on your Host Qt installation).<br />
<br />
[[Image:qtdemo.png|center|frame|GUI with widgets taken from http://www.qt-apps.org]]<br />
<br />
== Usage ==<br />
<br />
By default Qt libraries are installed in /usr/lib/ directory of your target rootfs.<br />
<br />
== How to cross-compile an application using Qt Embedded ==<br />
<br />
The first thing you need to do is to define a specific "'''qmake''' specs directory" for armadeus. Here for example:<br />
<br />
$ mkdir $APPLICATION_ROOT_DIR/mkspecs/linux-arm-g++<br />
<br />
and install the two following files into this new directory: [http://www.armadeus.com/assos_downloads/qt/qmake.conf qmake.conf] & [http://www.armadeus.com/assos_downloads/qt/qplatformdefs.h qplatformdefs.h]. '''qmake.conf''' may be customized if necessary. <br />
<br />
<br />
Then, you must define two typical environment variables : <br />
'''QTDIR''' which defines the Qt installation path <br />
& '''QMAKESPEC''' which defines the path to the configuration files of the '''qmake''' tool <br />
<br />
Here two typical lines of a Qtopia application building script<br />
<br />
$ export QTDIR=/usr/local/Trolltech/QtEmbedded-4.5.3<br />
$ export QMAKESPEC= $APPLICATION_ROOT_DIR/mkspecs/linux-arm-g++<br />
<br />
Adapt the '''QTDIR''' path to your own installation path and compile your code now, using theses commands:<br />
<br />
# build the makefile with the '''qmake''' command (See Trolltech documentation for details about '''qmake'''):<br />
$QTDIR/bin/qmake -spec my.pro<br />
# and now compile the beast... :<br />
$ make<br />
<br />
Good luck....<br />
<br />
== Phonon installation with Qt Embedded ==<br />
<br />
=== Prerequisites ===<br />
In order to use Phonon with Qt, first you need to install some other libraries.<br />
You may even need to cross-compile them, depending on the platform you want to run Qt on.<br />
<br />
==== For x86 platform ====<br />
*You only have to install GStreamer and some plugins with the following command :<br />
<pre class="host"><br />
$ sudo apt-get install libgstreamer0.10-0<br />
$ sudo apt-get install libgstreamer0.10-dev<br />
$ sudo apt-get install libgstreamer-plugins-base0.10-0<br />
$ sudo apt-get install libgstreamer-plugins-base0.10-dev<br />
</pre><br />
{{Note | These packages are available for Linux Ubuntu ; but for other distributions, the names may vary.}}<br />
<br />
*To use some audio, image or video format like mp3, mpeg2, png or ogg:<br />
**First you must install on your system the needed libraries for the particular format you want (like libmpeg2, libpng, libmad...)<br />
**Then you can install these gstreamer plugins:<br />
<pre class="host"><br />
$ sudo apt-get install gstreamer0.10-plugins-good<br />
$ sudo apt-get install gstreamer0.10-plugins-ugly<br />
</pre><br />
There also are other plugin packages which you can find the list at :<br />
[http://gstreamer.freedesktop.org/documentation/ GStreamer]<br />
<br />
==== For embedded platform ====<br />
If you want to build Qt with Phonon for embedded platform, you'll need to cross-compile the following libraries for the same platform:<br />
*libxml2 >= 2.7.7<br />
*libcheck >= 0.9.8<br />
*liboil >= 0.3.2<br />
*gstreamer >= 0.10.0<br />
*gst-plugins-base >= 0.10.0<br />
<br />
There are some required libraries that you can compile and install with Buildroot:<br />
*glib >= 2.16<br />
*Optional:<br />
**libpng<br />
**tiff<br />
**jpeg<br />
**...<br />
<br />
For additional audio and video formats, you have to cross-compile the corresponding libraries and then the following gstreamer's plugins :<br />
*gst-plugins-good >= 0.10.0<br />
*gst-plugins-ugly >= 0.10.0<br />
<br />
=== Cross-compiling libraries ===<br />
*First thing to do is to set the PKG_CONFIG_PATH environment variable to the directories containing your embedded libraries' pkgconfig files.<br />
<br />
*To see what environment variable you can modify to impact the library cross-compiling, enter the command :<br />
<pre class="host"><br />
$ ./configure --help<br />
</pre><br />
Then create a file to define all required environment variables for the cross-compiling. <br />
For instance for glib2:<br />
<pre class="config"><br />
$ export CC=arm-linux-gcc<br />
$ export CXX=arm-linux-g++<br />
$ export CFLAGS="-I/usr/local/libxml2/include/libxml2"<br />
$ export LDFLAGS=-L/usr/local/libxml2/lib<br />
</pre><br />
And then, to create your environment, type :<br />
<pre class="host"><br />
$ source ENVIRONMENT_FILE<br />
</pre><br />
<br />
*Finally you can configure your library like this:<br />
<pre class="host"><br />
$ ./configure --build=x86-linux --host=YOUR_EMBEDDED_PLATFORM --prefix==YOUR_INSTALLATION_PATH<br />
</pre><br />
Then build and install the library.<br />
<br />
=== Build Qt ===<br />
<br />
==== For x86 platform ====<br />
The PKG_CONFIG_PATH and pkgconfig files must be correctly set to point toward gstreamer's and glib's x86 libraries and headers.<br />
<br />
All you need to do then is to configure Qt with the phonon option and its backend :<br />
<pre class="host"><br />
$ ./configure -embedded x86 -debug -no-cups -no-nis -depths 16,18,24 -no-qt3support -qvfb -phonon -phonon-backend -prefix YOUR_INSTALLATION_PATH -confirm-license<br />
</pre><br />
<br />
Then build and install Qt and you will be able to use Phonon on your x86 platform.<br />
<br />
==== For embedded platform ====<br />
The PKG_CONFIG_PATH and pkgconfig files must be correctly set to point toward gstreamer's and glib's embedded libraries and headers.<br />
<br />
Then you can configure Qt with glib, phonon and its backend and by adding the pkgconfig option :<br />
<pre class="host"><br />
$ ./configure -embedded YOUR_EMBEDDED_PLATFORM -xplatform YOUR_PLATFORM_MKSPECS -depths 16,18 -no-cups -no-nis -no-qt3support -phonon -phonon-backend -glib -prefix YOUR_INSTALLATION_PATH -force-pkg-config<br />
</pre><br />
<br />
{{Note | You may need to give the cross-compiler the paths toward gstreamer's and glib's libraries and headers as configuration options.}}<br />
<br />
=== Possible problems encountered ===<br />
During Qt Embedded or prerequisited cross-compiling, you may get the following errors :<br />
<br />
*''Impossible constraint in 'asm''':<br />
It means you include the wrong headers needed by the library you compile in CFLAGS or CXXFLAGS. Do not include -I/usr/include or non-cross-compiled headers.<br />
<br />
*''Cannot run test program'':<br />
Your best shot is to look in configure.ac (or configure.in) and see if<br />
there's a "cache variable" for that test. If so, you can set that<br />
variable in your environment, to the expected answer for your target,<br />
before running configure, and it should bypass the actual test.<br />
If there's no cache variable, you'll need to modify configure.ac (or<br />
configure.in) to set the variable manually, and rebuild configure.<br />
<br />
*Do not forget to set your PKG_CONFIG_PATH variable to point toward the directory containing your embedded library pkgconfig files. By default, the x86 pkgconfig files are checked and so, errors occur.<br />
<br />
*When installing libraries : ''arm-linux-g++: command not found''<br />
You have to directly export the PATH toward your cross-compiler in the file libtool to get through this error.<br />
<br />
*In gst-plugins-base, delete manually the compilation of ''icles'' in the file tests/Makefile. The lines to delete are l.377 and l.382.<br />
<br />
== Work in progress / to do list ==<br />
<br />
* Customization of the Qt libs to have a custom Qt/E library well designed for Armadeus usage.<br />
<br />
==Licenses==<br />
Since Qt 4.5.2 new licensing schemes are available: http://www.qtsoftware.com/products/licensing/licensing#qt-gnu-lgpl-v<br />
<br />
== Links ==<br />
* [[PyQt]]<br />
* http://www.trolltech.com<br />
* [http://lists.trolltech.com/qt-embedded-interest/2003-11/msg00007.html 16 colors framebuffer with Qt]<br />
* [http://doc.trolltech.com/4.2/qtopiacore-envvars.html Qtopia Core Environment Variables]<br />
* [http://thelins.se/learnqt/category/embedded-linux/ Tutorial on Qt setup for embedded devt]<br />
<br />
[[Category: Qt]]<br />
[[Category: Software]]<br />
[[Category: Graphical User Interface]]</div>JeremieShttp://armadeus.org/wiki/index.php?title=AsDevices&diff=11301AsDevices2012-10-09T08:31:58Z<p>JeremieS: /* Generate doxygen documentation */</p>
<hr />
<div>{{Under_Construction}}<br />
<br />
AsDevices is an ARMadeus specific library that simplify APF-board devices usage for developers. This library is written to be used with C, C++, Python, (Java?) languages.<br />
The core is written in C and other languages support is done with "wrappers".<br />
<br />
{{Note| This library is under development, see the [[AsDevices#Development_planning | Development planning.]] to know which functionality is finished.}}<br />
<br />
== Install AsDevices on target ==<br />
<br />
The library is included in Buildroot menu, to use it just select it:<br />
<pre class="host"><br />
$ make menuconfig<br />
</pre><br />
<br />
<pre class="config"><br />
Package Selection for the target ---><br />
*** Armadeus specific packages ***<br />
Armadeus specific tools/utilities ---> <br />
[*] as_devices <br />
</pre><br />
<br />
The base library is in C, to use it with C++ or Python, select the wrapper you need. (For Python you will need to select Python interpreter before as_devices wrapper).<br />
<br />
== Generate doxygen documentation ==<br />
* If '''doxygen''' isn't installed on your Linux distribution, you have to install the correct package:<br />
<pre><br />
$ sudo apt-get install doxygen<br />
</pre><br />
<br />
* Then go in '''As Devices''' root directory.<br />
* Generate the documentation with Doxygen:<br />
<pre><br />
$ doxygen Doxyfile<br />
</pre><br />
* Documentation has been generated in ''documentation''.<br />
** Open documentation with:<br />
<pre><br />
$ firefox documentation/index.html<br />
</pre><br />
<br />
== Using library in C ==<br />
<br />
All functions in AsDevices library are constructed on the same way. An as_*_open() function return a device structure or an int that represent the device used. All function take this device structure in first parameter, and a function as_*_close() close the device :<br />
<br />
<source lang="C"><br />
struct as_devicename_dev * as_devicename_open(<some parameters>);<br />
<br />
as_devicename_do-something-with-device(struct as_devicename_dev *aDev, <some parameters>);<br />
<br />
int as_devicename_close(struct as_devicename_dev *aDev);<br />
</source><br />
<br />
For each library, full documentation can be found in C header in directory ''target/packages/as_devices/c''.<br />
<br />
=== I²C ===<br />
<br />
as_i2c_* functions are used to access devices on i²c bus that doesn't have/need a Linux driver. If you want to access an i²c device, please find out if a driver is not already existing before using this method.<br />
<br />
To open the bus, you have to know its number. On [[APF9328]] and [[APF27]] only two busses are present: number 0 and number 1. The ''open()'' function returns an int (file descriptor of the opened ''/dec/i2c-x''), that have to be passed to all other as_i2c_* functions :<br />
<br />
<source lang="C"><br />
int as_i2c_open(unsigned int i2c_id);<br />
</source><br />
<br />
Then depending on the complexity of the I2C device communication protocol, you can either use read()/write() (simple frames) or ioctl() with complex "read then write"/"write then read" messages.<br />
<br />
* Example (simple write()):<br />
<br />
<source lang="C"><br />
#include <stdlib.h><br />
#include <stdio.h><br />
<br />
#include <as_devices/as_i2c.h><br />
<br />
<br />
int my_device = 0;<br />
#define MY_DEV_ADDR 0x23<br />
#define MY_I2C_BUS 1<br />
unsigned char buf[10];<br />
int ret;<br />
<br />
...<br />
<br />
my_device = as_i2c_open(MY_I2C_BUS);<br />
if (my_device < 0) {<br />
printf("Can't init I2C port %d!!\n", MY_I2C_BUS);<br />
return -1;<br />
}<br />
as_i2c_set_slave(my_device, MY_DEV_ADDR);<br />
<br />
...<br />
<br />
buf[0] = (unsigned char) my_val;<br />
ret = write(my_device, buf, 1);<br />
if (ret < 0)<br />
printf("Error while sending data to device !!\n");<br />
<br />
...<br />
</source><br />
<br />
=== SPI ===<br />
<br />
==== Usage ====<br />
To use as_spi_* function, the ''spidev'' kernel module/interface is required. See [[SPI]]<br />
page to know how to configure it.<br />
<br />
Once the device file ''/dev/spidevx.x'' is available from the kernel, as_spi library can be used by including the ''as_spi.h'' header in your C source code:<br />
<br />
<source lang="C"><br />
#include <as_devices/as_spi.h><br />
</source><br />
<br />
Full description of the API can be found in this header, available on<br />
[http://armadeus.git.sourceforge.net/git/gitweb.cgi?p=armadeus/armadeus;a=blob_plain;f=target/packages/as_devices/c/as_spi.h;hb=HEAD sourceforge repository].<br />
<br />
==== Example ====<br />
<br />
The three mains useful functions used to communicate with a slave SPI device<br />
are :<br />
<br />
<source lang="C"><br />
int as_spi_open(const unsigned char *aSpidev_name);<br />
</source><br />
<br />
To open the ''/dev/spidevx.x'' special spi file. This function return a file<br />
handler that will be used for all othes as_spi_* function.<br />
<br />
<source lang="C"><br />
void as_spi_close(int aFd);<br />
</source><br />
<br />
As its name said, to close the device.<br />
<br />
<source lang="C"><br />
uint32_t as_spi_msg(int aFd, <br />
uint32_t aMsg, <br />
size_t aLen,<br />
uint32_t aSpeed);<br />
</source><br />
<br />
This function forge spi messages on MOSI pin and return MISO message.<br />
<br />
=== GPIO ===<br />
<br />
==== Usage ====<br />
<br />
To use as_gpio_* functions, the ''gpio'' kernel module is required. See [[GPIO_Driver]] page to know how to configure it.<br />
<br />
Once the device files ''/dev/gpio/*'' are available , as_gpio library can be use by including ''as_gpio.h'' header in the C source code of your application.<br />
<br />
<source lang="C"><br />
#include <as_devices/as_gpio.h><br />
</source><br />
<br />
==== Example ====<br />
<br />
Two examples are given, one for lightening led D14 and one to use blocking read on switch S1. This two example are made for [[APF27Dev]] daughter card.<br />
<br />
* '''Lightening led'''<br />
With as_gpio, each pin port can be openned separately. The as_gpio_open() function returns a pointer on gpio pin structure declared like this:<br />
<br />
<source lang="C"><br />
int ret; /* for returning value */<br />
struct as_gpio_device *pf14;<br />
</source><br />
<br />
On APF27Dev, D14 is plugged on port F pin 14, then to open it :<br />
<br />
<source lang="C"><br />
pf14 = as_gpio_open('F', 14);<br />
</source><br />
<br />
GPIO must be configured in ouput mode :<br />
<br />
<source lang="C"><br />
ret = as_gpio_set_pin_direction(pf14, "out");<br />
</source><br />
<br />
Then to switch LED value, just use ''as_gpio_set_pin_value()'' function:<br />
<br />
<source lang="C"><br />
ret = as_gpio_set_pin_value(pf14, 1); /* led off */<br />
...<br />
ret = as_gpio_set_pin_value(pf14, 0); /* led on */<br />
</source><br />
<br />
Note that because off led wiring, led polarity is inverted (to light on set 0).<br />
<br />
Once gpio pin usage is terminated, it must be closed :<br />
<br />
<source lang="C"><br />
as_gpio_close(pf14);<br />
</source><br />
<br />
* '''Pressing button'''<br />
<br />
The button S1 can be used to test interrupt capability of gpio. The button is plugged on gpio port F pin 13.<br />
After declaring the ''as_gpio_device'' structure, the pin port can be opened :<br />
<br />
<source lang="C"><br />
struct as_gpio_device *pf13;<br />
[...]<br />
<br />
pf13 = as_gpio_open('F', 13);<br />
</source><br />
<br />
To stuff must be configured before using it as interruption source, direction and IRQ mode.<br />
<br />
'''direction'''<br />
<source lang="C"><br />
ret = as_gpio_set_pin_direction(pf13, "in"); /* set switch as input */<br />
</source><br />
<br />
'''IRQ mode'''<br />
There is four IRQ mode :<br />
* '''GPIO_IRQ_MODE_NOINT ''': No interrupt, the processor will ignore event on this gpio.<br />
* '''GPIO_IRQ_MODE_RISING ''': rising edge, the processor will generate an interruption on rising edge of gpio pin.<br />
* '''GPIO_IRQ_MODE_FALLING''': falling edge, the processor will generate an interruption on falling edge of gpio pin.<br />
* '''GPIO_IRQ_MODE_BOTH ''': both, the processor will generate an interruption on both rising or falling edge of gpio.<br />
<br />
<source lang="C"><br />
ret = as_gpio_set_irq_mode(pf13, GPIO_IRQ_MODE_FALLING); /* interrupt will be generated on pushed button */<br />
</source><br />
<br />
To capture interruption, the blocking read function can be used with a timeout. If no interruption is raised after the timeout time, read function end with error value -10.<br />
<br />
<source lang="C"><br />
ret = as_gpio_blocking_get_pin_value(pf13, 3, 0); /* wait for interruption for 3 seconds and 0 µs) */<br />
if(ret == -10)<br />
printf("Timeout\n");<br />
</source><br />
<br />
=== ADC ===<br />
==== MAX1027 ====<br />
==== AS1531 ====<br />
=== DAC ===<br />
==== MAX5821 ====<br />
==== MCP4912 ====<br />
=== 93LCXX ===<br />
=== PWM ===<br />
==== Usage ====<br />
<br />
To use as_pwm_* functions, the kernel module ''imx_pwm'' needs to be loaded. See [[PWM]] page to know how to configure it.<br />
<br />
Once the special files ''/sys/class/pwm/pwmX/*'' are available , as_pwm_* functions can be use by including ''as_pwm.h'' header in the C source code of your application.<br />
<br />
<source lang="C"><br />
#include <as_devices/as_pwm.h><br />
</source><br />
<br />
==== Example ====<br />
<br />
<source lang="C"><br />
#include <as_devices/as_pwm.h><br />
...<br />
<br />
int main(int argc, char *argv[])<br />
{<br />
struct as_pwm_device *my_pwm;<br />
...<br />
my_pwm = as_pwm_open(0);<br />
if (!my_pwm)<br />
printf("Can't init PWM !!\n");<br />
as_pwm_set_frequency(my_pwm, 150);<br />
as_pwm_set_duty(my_pwm, 500);<br />
...<br />
as_pwm_set_state(my_pwm, 1);<br />
}<br />
</source><br />
<br />
== Using library in Python ==<br />
<br />
To use AsDevices in Python, select the python wrapper in menuconfig as follow :<br />
<br />
<pre class="config"><br />
Package Selection for the target ---><br />
*** Armadeus specific packages ***<br />
Armadeus specific tools/utilities ---> <br />
[*] as_devices <br />
[*] wrapper Python<br />
</pre><br />
<br />
And keep all .py file on target :<br />
<pre class="config"><br />
Package Selection for the target ---><br />
Interpreter languages and scripting ---><br />
python module format to install (.py sources and .pyc compiled) ---><br />
(X) .py sources and .pyc compiled<br />
</pre><br />
then compile bsp and flash it on your board.<br />
<br />
Once done, just import the module AsDevices to use all function available in library:<br />
<br />
<source lang="python"><br />
import AsDevices<br />
from AsDevices import AsGpio<br />
<br />
gpio = AsGpio(3)<br />
gpio.setPinDirection('out')<br />
gpio.setPinValue(1)<br />
...<br />
</source><br />
<br />
== Using library in C++ ==<br />
<br />
'''TODO'''<br />
<br />
== Development planning ==<br />
<br />
AsDevices is not finished, following table indicates the remaining work:<br />
<br />
{| border="1" cellpadding="5" cellspacing="0" summary="Development planning of AsDevices"<br />
|- style="background:#efefef;" align="center"<br />
! Name !! Component !! C functions !! C++ wrapper !! Python wrapper !! Python class !! description <br />
|- align="center"<br />
| [[I2C | i2c]] || || bgcolor="green"| Ok || bgcolor="green"| Ok ||bgcolor=#FF0000| NOK ||bgcolor=#FF0000| NOK || Drive I2C<br />
|- align="center"<br />
| [[SPI | spi]] || || bgcolor="green" | Ok, but not fully tested || bgcolor="green"| Ok, but not fully tested ||bgcolor="green"| Ok, but not fully tested || bgcolor="green"| Ok, but not fully tested || Drive SPI<br />
|- align="center"<br />
| [[Gpio | gpio]] || || bgcolor="green"| Ok || bgcolor="green"| Ok ||bgcolor="green" | Ok ||bgcolor="green" | Ok || Drive GPIO<br />
|- align="center"<br />
| rowspan="2" | ADC<br />
| [[ADC_max1027 | max1027]] || bgcolor="green"| Ok for SLOW mode ||bgcolor="green"| Ok ||bgcolor=#FF0000| NOK ||bgcolor=#FF0000| NOK || <br />
|- align="center"<br />
| [[as1531 | as1531]] || bgcolor="green"| Ok for SLOW mode ||bgcolor="green"| Ok ||bgcolor=#FF0000| NOK ||bgcolor=#FF0000| NOK || <br />
|- align="center"<br />
| rowspan="2" | DAC<br />
| [[Max5821 | max5821]] || bgcolor="green"| OK ||bgcolor="green"| Ok, but not fully tested ||bgcolor=#FF0000| NOK ||bgcolor=#FF0000| NOK || <br />
|- align="center"<br />
| [[Mcp4912 | mcp4912]] || bgcolor="red"| NOK ||bgcolor="green"| Ok ||bgcolor=#FF0000| NOK ||bgcolor=#FF0000| NOK || <br />
|- align="center"<br />
| eeprom || 93LCxx ||bgcolor="green"| OK ||bgcolor="green"| OK ||bgcolor=#FF0000| NOK ||bgcolor=#FF0000| NOK || <br />
|- align="center"<br />
| [[PWM]] || ||bgcolor="green" | OK || bgcolor="green" | OK || bgcolor="red" | NOK || bgcolor="red" | NOK || Drive imx27 pwm |<br />
|- align="center"<br />
| [[Backlight]] || ||bgcolor="green" | OK || bgcolor="green" | OK || bgcolor="red" | NOK || bgcolor="red" | NOK ||<br />
|- align="center"<br />
|}</div>JeremieShttp://armadeus.org/wiki/index.php?title=AsDevices&diff=11283AsDevices2012-10-02T08:12:06Z<p>JeremieS: /* Development planning */</p>
<hr />
<div>{{Under_Construction}}<br />
<br />
AsDevices is an ARMadeus specific library that simplify APF-board devices usage for developers. This library is written to be used with C, C++, Python, (Java?) languages.<br />
The core is written in C and other languages support is done with "wrappers".<br />
<br />
{{Note| This library is under development, see the [[AsDevices#Development_planning | Development planning.]] to know which functionality is finished.}}<br />
<br />
== Install AsDevices on target ==<br />
<br />
The library is included in Buildroot menu, to use it just select it:<br />
<pre class="host"><br />
$ make menuconfig<br />
</pre><br />
<br />
<pre class="config"><br />
Package Selection for the target ---><br />
*** Armadeus specific packages ***<br />
Armadeus specific tools/utilities ---> <br />
[*] as_devices <br />
</pre><br />
<br />
The base library is in C, to use it with C++ or Python, select the wrapper you need. (For Python you will need to select Python interpreter before as_devices wrapper).<br />
<br />
== Using library in C ==<br />
<br />
All functions in AsDevices library are constructed on the same way. An as_*_open() function return a device structure or an int that represent the device used. All function take this device structure in first parameter, and a function as_*_close() close the device :<br />
<br />
<source lang="C"><br />
struct as_devicename_dev * as_devicename_open(<some parameters>);<br />
<br />
as_devicename_do-something-with-device(struct as_devicename_dev *aDev, <some parameters>);<br />
<br />
int as_devicename_close(struct as_devicename_dev *aDev);<br />
</source><br />
<br />
For each library, full documentation can be found in C header in directory ''target/packages/as_devices/c''.<br />
<br />
=== I²C ===<br />
<br />
as_i2c_* functions are used to access devices on i²c bus that doesn't have/need a Linux driver. If you want to access an i²c device, please find out if a driver is not already existing before using this method.<br />
<br />
To open the bus, you have to know its number. On [[APF9328]] and [[APF27]] only two busses are present: number 0 and number 1. The ''open()'' function returns an int (file descriptor of the opened ''/dec/i2c-x''), that have to be passed to all other as_i2c_* functions :<br />
<br />
<source lang="C"><br />
int as_i2c_open(unsigned int i2c_id);<br />
</source><br />
<br />
Then depending on the complexity of the I2C device communication protocol, you can either use read()/write() (simple frames) or ioctl() with complex "read then write"/"write then read" messages.<br />
<br />
* Example (simple write()):<br />
<br />
<source lang="C"><br />
#include <stdlib.h><br />
#include <stdio.h><br />
<br />
#include <as_devices/as_i2c.h><br />
<br />
<br />
int my_device = 0;<br />
#define MY_DEV_ADDR 0x23<br />
#define MY_I2C_BUS 1<br />
unsigned char buf[10];<br />
int ret;<br />
<br />
...<br />
<br />
my_device = as_i2c_open(MY_I2C_BUS);<br />
if (my_device < 0) {<br />
printf("Can't init I2C port %d!!\n", MY_I2C_BUS);<br />
return -1;<br />
}<br />
as_i2c_set_slave(my_device, MY_DEV_ADDR);<br />
<br />
...<br />
<br />
buf[0] = (unsigned char) my_val;<br />
ret = write(my_device, buf, 1);<br />
if (ret < 0)<br />
printf("Error while sending data to device !!\n");<br />
<br />
...<br />
</source><br />
<br />
=== SPI ===<br />
<br />
==== Usage ====<br />
To use as_spi_* function, the ''spidev'' kernel module/interface is required. See [[SPI]]<br />
page to know how to configure it.<br />
<br />
Once the device file ''/dev/spidevx.x'' is available from the kernel, as_spi library can be used by including the ''as_spi.h'' header in your C source code:<br />
<br />
<source lang="C"><br />
#include <as_devices/as_spi.h><br />
</source><br />
<br />
Full description of the API can be found in this header, available on<br />
[http://armadeus.git.sourceforge.net/git/gitweb.cgi?p=armadeus/armadeus;a=blob_plain;f=target/packages/as_devices/c/as_spi.h;hb=HEAD sourceforge repository].<br />
<br />
==== Example ====<br />
<br />
The three mains useful functions used to communicate with a slave SPI device<br />
are :<br />
<br />
<source lang="C"><br />
int as_spi_open(const unsigned char *aSpidev_name);<br />
</source><br />
<br />
To open the ''/dev/spidevx.x'' special spi file. This function return a file<br />
handler that will be used for all othes as_spi_* function.<br />
<br />
<source lang="C"><br />
void as_spi_close(int aFd);<br />
</source><br />
<br />
As its name said, to close the device.<br />
<br />
<source lang="C"><br />
uint32_t as_spi_msg(int aFd, <br />
uint32_t aMsg, <br />
size_t aLen,<br />
uint32_t aSpeed);<br />
</source><br />
<br />
This function forge spi messages on MOSI pin and return MISO message.<br />
<br />
=== GPIO ===<br />
<br />
==== Usage ====<br />
<br />
To use as_gpio_* functions, the ''gpio'' kernel module is required. See [[GPIO_Driver]] page to know how to configure it.<br />
<br />
Once the device files ''/dev/gpio/*'' are available , as_gpio library can be use by including ''as_gpio.h'' header in the C source code of your application.<br />
<br />
<source lang="C"><br />
#include <as_devices/as_gpio.h><br />
</source><br />
<br />
==== Example ====<br />
<br />
Two examples are given, one for lightening led D14 and one to use blocking read on switch S1. This two example are made for [[APF27Dev]] daughter card.<br />
<br />
* '''Lightening led'''<br />
With as_gpio, each pin port can be openned separately. The as_gpio_open() function returns a pointer on gpio pin structure declared like this:<br />
<br />
<source lang="C"><br />
int ret; /* for returning value */<br />
struct as_gpio_device *pf14;<br />
</source><br />
<br />
On APF27Dev, D14 is plugged on port F pin 14, then to open it :<br />
<br />
<source lang="C"><br />
pf14 = as_gpio_open('F', 14);<br />
</source><br />
<br />
GPIO must be configured in ouput mode :<br />
<br />
<source lang="C"><br />
ret = as_gpio_set_pin_direction(pf14, "out");<br />
</source><br />
<br />
Then to switch LED value, just use ''as_gpio_set_pin_value()'' function:<br />
<br />
<source lang="C"><br />
ret = as_gpio_set_pin_value(pf14, 1); /* led off */<br />
...<br />
ret = as_gpio_set_pin_value(pf14, 0); /* led on */<br />
</source><br />
<br />
Note that because off led wiring, led polarity is inverted (to light on set 0).<br />
<br />
Once gpio pin usage is terminated, it must be closed :<br />
<br />
<source lang="C"><br />
as_gpio_close(pf14);<br />
</source><br />
<br />
* '''Pressing button'''<br />
<br />
The button S1 can be used to test interrupt capability of gpio. The button is plugged on gpio port F pin 13.<br />
After declaring the ''as_gpio_device'' structure, the pin port can be opened :<br />
<br />
<source lang="C"><br />
struct as_gpio_device *pf13;<br />
[...]<br />
<br />
pf13 = as_gpio_open('F', 13);<br />
</source><br />
<br />
To stuff must be configured before using it as interruption source, direction and IRQ mode.<br />
<br />
'''direction'''<br />
<source lang="C"><br />
ret = as_gpio_set_pin_direction(pf13, "in"); /* set switch as input */<br />
</source><br />
<br />
'''IRQ mode'''<br />
There is four IRQ mode :<br />
* '''GPIO_IRQ_MODE_NOINT ''': No interrupt, the processor will ignore event on this gpio.<br />
* '''GPIO_IRQ_MODE_RISING ''': rising edge, the processor will generate an interruption on rising edge of gpio pin.<br />
* '''GPIO_IRQ_MODE_FALLING''': falling edge, the processor will generate an interruption on falling edge of gpio pin.<br />
* '''GPIO_IRQ_MODE_BOTH ''': both, the processor will generate an interruption on both rising or falling edge of gpio.<br />
<br />
<source lang="C"><br />
ret = as_gpio_set_irq_mode(pf13, GPIO_IRQ_MODE_FALLING); /* interrupt will be generated on pushed button */<br />
</source><br />
<br />
To capture interruption, the blocking read function can be used with a timeout. If no interruption is raised after the timeout time, read function end with error value -10.<br />
<br />
<source lang="C"><br />
ret = as_gpio_blocking_get_pin_value(pf13, 3, 0); /* wait for interruption for 3 seconds and 0 µs) */<br />
if(ret == -10)<br />
printf("Timeout\n");<br />
</source><br />
<br />
=== ADC ===<br />
==== MAX1027 ====<br />
==== AS1531 ====<br />
=== DAC ===<br />
==== MAX5821 ====<br />
==== MCP4912 ====<br />
=== 93LCXX ===<br />
=== PWM ===<br />
==== Usage ====<br />
<br />
To use as_pwm_* functions, the kernel module ''imx_pwm'' needs to be loaded. See [[PWM]] page to know how to configure it.<br />
<br />
Once the special files ''/sys/class/pwm/pwmX/*'' are available , as_pwm_* functions can be use by including ''as_pwm.h'' header in the C source code of your application.<br />
<br />
<source lang="C"><br />
#include <as_devices/as_pwm.h><br />
</source><br />
<br />
==== Example ====<br />
<br />
<source lang="C"><br />
#include <as_devices/as_pwm.h><br />
...<br />
<br />
int main(int argc, char *argv[])<br />
{<br />
struct as_pwm_device *my_pwm;<br />
...<br />
my_pwm = as_pwm_open(0);<br />
if (!my_pwm)<br />
printf("Can't init PWM !!\n");<br />
as_pwm_set_frequency(my_pwm, 150);<br />
as_pwm_set_duty(my_pwm, 500);<br />
...<br />
as_pwm_set_state(my_pwm, 1);<br />
}<br />
</source><br />
<br />
== Using library in Python ==<br />
<br />
To use AsDevices in Python, select the python wrapper in menuconfig as follow :<br />
<br />
<pre class="config"><br />
Package Selection for the target ---><br />
*** Armadeus specific packages ***<br />
Armadeus specific tools/utilities ---> <br />
[*] as_devices <br />
[*] wrapper Python<br />
</pre><br />
<br />
And keep all .py file on target :<br />
<pre class="config"><br />
Package Selection for the target ---><br />
Interpreter languages and scripting ---><br />
python module format to install (.py sources and .pyc compiled) ---><br />
(X) .py sources and .pyc compiled<br />
</pre><br />
then compile bsp and flash it on your board.<br />
<br />
Once done, just import the module AsDevices to use all function available in library:<br />
<br />
<source lang="python"><br />
import AsDevices<br />
from AsDevices import AsGpio<br />
<br />
gpio = AsGpio(3)<br />
gpio.setPinDirection('out')<br />
gpio.setPinValue(1)<br />
...<br />
</source><br />
<br />
== Using library in C++ ==<br />
<br />
'''TODO'''<br />
<br />
== Development planning ==<br />
<br />
AsDevices is not finished, following table indicates the remaining work:<br />
<br />
{| border="1" cellpadding="5" cellspacing="0" summary="Development planning of AsDevices"<br />
|- style="background:#efefef;" align="center"<br />
! Name !! Component !! C functions !! C++ wrapper !! Python wrapper !! Python class !! description <br />
|- align="center"<br />
| [[I2C | i2c]] || || bgcolor="green"| Ok || bgcolor="green"| Ok ||bgcolor=#FF0000| NOK ||bgcolor=#FF0000| NOK || Drive I2C<br />
|- align="center"<br />
| [[SPI | spi]] || || bgcolor="green" | Ok, but not fully tested || bgcolor="green"| Ok, but not fully tested ||bgcolor="green"| Ok, but not fully tested || bgcolor="green"| Ok, but not fully tested || Drive SPI<br />
|- align="center"<br />
| [[Gpio | gpio]] || || bgcolor="green"| Ok || bgcolor="green"| Ok ||bgcolor="green" | Ok ||bgcolor="green" | Ok || Drive GPIO<br />
|- align="center"<br />
| rowspan="2" | ADC<br />
| [[ADC_max1027 | max1027]] || bgcolor="green"| Ok for SLOW mode ||bgcolor="green"| Ok ||bgcolor=#FF0000| NOK ||bgcolor=#FF0000| NOK || <br />
|- align="center"<br />
| [[as1531 | as1531]] || bgcolor="green"| Ok for SLOW mode ||bgcolor="green"| Ok ||bgcolor=#FF0000| NOK ||bgcolor=#FF0000| NOK || <br />
|- align="center"<br />
| rowspan="2" | DAC<br />
| [[Max5821 | max5821]] || bgcolor="green"| OK ||bgcolor="green"| Ok, but not fully tested ||bgcolor=#FF0000| NOK ||bgcolor=#FF0000| NOK || <br />
|- align="center"<br />
| [[Mcp4912 | mcp4912]] || bgcolor="red"| NOK ||bgcolor="green"| Ok ||bgcolor=#FF0000| NOK ||bgcolor=#FF0000| NOK || <br />
|- align="center"<br />
| eeprom || 93LCxx ||bgcolor="green"| OK ||bgcolor="green"| OK ||bgcolor=#FF0000| NOK ||bgcolor=#FF0000| NOK || <br />
|- align="center"<br />
| [[PWM]] || ||bgcolor="green" | OK || bgcolor="green" | OK || bgcolor="red" | NOK || bgcolor="red" | NOK || Drive imx27 pwm |<br />
|- align="center"<br />
| [[Backlight]] || ||bgcolor="green" | OK || bgcolor="green" | OK || bgcolor="red" | NOK || bgcolor="red" | NOK ||<br />
|- align="center"<br />
|}</div>JeremieShttp://armadeus.org/wiki/index.php?title=Qt/Embedded&diff=11214Qt/Embedded2012-08-13T12:18:56Z<p>JeremieS: /* Compilation for QVFB (Embedded x86/64) */</p>
<hr />
<div>Instructions to install and use QtEmbedded & Qt virtual frame buffer for Armadeus<br />
<br />
== Introduction ==<br />
<br />
This page will summarize the process to build, install and use Qt Embedded (previously known as Qtopia).<br />
<br />
You will also find instructions to setup a Host development environment for simulating applications before deploying them on the target (Qt virtual frame buffer). The Builroot tree must be installed before the installation of Qt.<br />
<br />
{{Note| We recommand at least 32 MBytes of RAM if you plan to design and run Qt based GUIs.}}<br />
<br />
==Installation==<br />
<br />
From November 20th 2007, Qt Embedded is now fully integrated in Armadeus Buildroot (old procedure is kept [[QtEmbedded Installation|here]]). So to install it you have to:<br />
<pre class="host"><br />
[armadeus]$ make menuconfig<br />
</pre><br />
<pre class="config"><br />
[*] Package Selection for the target ---><br />
[*] Graphic libraries and applications (graphic/text) ---><br />
*** other GUIs ***<br />
[*] Qt ---><br />
--- Qt<br />
[ ] Compile with debug support<br />
Library type (Shared library) ---><br />
[*] Approve free license<br />
[ ] Compatibility with Qt3<br />
[*] Gui Module<br />
Pixel depths ---><br />
Fonts ---><br />
freetype2 support (no freetype2 support) ---><br />
[*] Enable GIF support<br />
[ ] Enable libmng support<br />
JPEG support (System libjpeg) ---><br />
PNG support (No PNG support) ---><br />
TIFF support (No TIFF support) ---><br />
zlib support (Qt zlib) ---><br />
(arm) The embedded platform we are making Qt for<br />
[ ] SQL Module ---> <br />
Graphics drivers ---><br />
Mouse drivers ---><br />
Keyboard drivers ---><br />
[ ] Phonon Module<br />
[*] XML Module <br />
[ ] XML Patterns Module<br />
[ ] SVG Module<br />
-*- Network Module<br />
[ ] WebKit Module<br />
[ ] STL support<br />
[ ] Enable OpenSSL support<br />
[*] Script Module<br />
[ ] Script Tools Module<br />
</pre><br />
<br />
'''(don't forget Pixel depths submenu options (at least 8 and 16))'''<br />
<br />
*If you want touchscreen support:<br />
<pre class="config"><br />
Mouse drivers ---><br />
...<br />
[*] tslib<br />
</pre><br />
then:<br />
<pre class="host"><br />
[armadeus]$ make<br />
</pre><br />
<br />
1 hour and ~1 GBytes later (depending on your system and the configuration you choosed) your will have the beast. You can then reflash your rootfs.<br />
<br />
==Compilation for QVFB (Embedded x86/64)==<br />
* Get an Qt source archive from [ftp://ftp.qt.nokia.com/ Nokia FTP]<br />
* Untar the archive into a compilation directory.<br />
* Go into the source directory.<br />
* Use following command to configure Qt:<br />
** Other configuration options can be used, but the following are essential:<br />
<pre class="host"><br />
$ ./configure -depths 16,18 -embedded x86 -prefix /usr/local/Trolltech/QtEmbedded-4.7.2 -fast<br />
</pre><br />
<br />
* Then compile and install Qt:<br />
<pre class="host"><br />
$ make<br />
$ sudo make install<br />
</pre><br />
<br />
==Touchscreen handling==<br />
* Configure your touchscreen by loading the corresponding driver (depends on your APF) and calibrating it (at first use)<br />
* Then, before launching Qt app, do<br />
<pre class="apf"><br />
# export QWS_MOUSE_PROTO="Tslib:/dev/input/eventXX (replace XX with the right number)<br />
</pre><br />
<br />
==Keyboard handling==<br />
<br />
===USB Keyboard===<br />
<br />
====Qt configuration====<br />
<br />
*If you manually build Qt, you have to add the USB keyboard driver option in the configuration:<br />
<pre class="host"><br />
$ configure -qt-kbd-linuxinput<br />
</pre><br />
<br />
*If you let Buildroot build Qt, select the USB keyboard option in the configuration menu:<br />
<pre class="config"><br />
[*] Graphic libraries and applications (graphic/text) ---><br />
*** other GUIs ***<br />
[*] Qt ---><br />
--- Qt<br />
...<br />
Mouse drivers ---><br />
Keyboard drivers ---><br />
[ ] tty<br />
[*] linux input<br />
[ ] qvfb<br />
...<br />
</pre><br />
<br />
====Linux configuration====<br />
<br />
To use USB keyboard, there are some drivers to install in Linux.<br />
<br />
*First open the Linux configuration menu:<br />
<pre class="host"><br />
[armadeus]$ make linux26-menuconfig<br />
</pre><br />
<br />
*Select the keyboard drivers in the menu:<br />
<pre class="config"><br />
Device drivers ---><br />
...<br />
Input device support ---><br />
...<br />
*** Input Device Drivers ***<br />
[*] Keyboards ---><br />
--- Keyboards<br />
<*> AT keyboard<br />
< > Sun Type 4 and Type 5 keyboard<br />
< > DECstation/VAXstation LK201/LK401 keyboard<br />
< > XT keyboard<br />
<M> Freescale MXC/IMX keypad support<br />
< > Newton keyboard<br />
< > Stowaway keyboard <br />
< > GPIO Button<br />
[*] Mice ---> <br />
...<br />
...<br />
</pre><br />
<br />
*Then clean your Linux installation and rebuild it:<br />
<pre class="host"><br />
[armadeus]$ make linux26-clean<br />
[armadeus]$ make linux26<br />
[armadeus]$ make<br />
</pre><br />
<br />
====Embedded system configuration====<br />
<br />
* First flash your new kernel and rootfs and boot the system.<br />
* When you connect the USB keyboard to the system, a device is created in '''/dev/ttyX'''.<br />
* Then you can tell Qt which driver to connect to the device to make it work:<br />
<pre class="apf"><br />
# export QWS_KEYBOARD="LinuxInput:/dev/ttyX"<br />
</pre><br />
<br />
* Then you can launch an application and use your USB keyboard with it.<br />
<br />
More infos are provided here: [http://doc.qt.nokia.com/4.7-snapshot/qt-embedded-charinput.html]<br />
<br />
==Mouse handling==<br />
<br />
===USB Mouse===<br />
<br />
====Qt configuration====<br />
<br />
*If you manually build Qt, you have to add the USB mouse driver option in the configuration:<br />
<pre class="host"><br />
$ configure -qt-mouse-pc .......<br />
</pre><br />
<br />
*If you let Buildroot build Qt, select the USB mouse option in the configuration menu:<br />
<pre class="config"><br />
[*] Graphic libraries and applications (graphic/text) ---><br />
*** other GUIs ***<br />
[*] Qt ---><br />
--- Qt<br />
...<br />
Graphics drivers ---><br />
Mouse drivers ---><br />
[*] pc<br />
[ ] bus<br />
[ ] linuxtp<br />
[ ] yopy<br />
[ ] vr41xx<br />
[ ] tslib<br />
[ ] qvfb<br />
Keyboard drivers ---><br />
...<br />
</pre><br />
<br />
*Then build & install Qt or let Buildroot build.<br />
<br />
====Linux configuration====<br />
<br />
To use USB mouse, there are some drivers to install in Linux.<br />
<br />
*First open the Linux configuration menu:<br />
<pre class="host"><br />
[armadeus]$ make linux26-menuconfig<br />
</pre><br />
<br />
*Select the Mouse interface and PS/2 Mouse drivers in the menu:<br />
<pre class="config"><br />
Device drivers ---><br />
...<br />
Input device support ---><br />
...<br />
*** Userland interfaces ***<br />
<*> Mouse interface <br />
[*] Provide legacy /dev/psaux device<br />
(1024) Horizontal screen resolution<br />
(768) Vertical screen resolution<br />
...<br />
*** Input Device Drivers ***<br />
[ ] Keyboards ---> <br />
[*] Mice ---> <br />
--- Mice<br />
<M> PS/2 mouse<br />
[*] ALPS PS/2 mouse protocol extension<br />
[*] Logitech PS/2++ mouse protocol extension<br />
[*] Synaptics PS/2 mouse protocol extension<br />
[*] IBM Trackpoint PS/2 mouse protocol extension<br />
[ ] Elantech PS/2 protocol extension<br />
[ ] eGalax TouchKit PS/2 protocol extension <br />
...<br />
</pre><br />
<br />
*Then clean your Linux installation and rebuild it:<br />
<pre class="host"><br />
[armadeus]$ make linux26-clean<br />
[armadeus]$ make linux26<br />
[armadeus]$ make<br />
</pre><br />
<br />
====Embedded system configuration====<br />
<br />
* First flash your new kernel and rootfs and boot the system.<br />
* When you connect the USB mouse to the system, a device is created in '''/dev/input/mouseXX'''. The touchscreen devices are also created as '''/dev/input/eventXX'''.<br />
* To know which device is the USB mouse one, you have to check in:<br />
<pre class="apf"><br />
# cat /sys/class/input/mouseXX/device/name<br />
</pre><br />
* Then you can tell Qt which driver to connect to the device to make it work:<br />
**If you want the USB mouse only:<br />
<pre class="apf"><br />
# export QWS_MOUSE_PROTO="MouseMan:/dev/input/mouseXX"<br />
</pre><br />
** For multiple pointer inputs, for example if you want to use an USB mouse along with a touchscreen, list all the possible pointers as follow:<br />
<pre class="apf"><br />
# export QWS_MOUSE_PROTO="MouseMan:/dev/input/mouseXX Tslib:/dev/input/eventXX"<br />
</pre><br />
<br />
{{Note| For a dynamic detection of an USB mouse, you can use the automatic driver like this:<br />
<pre class="apf"><br />
# export QWS_MOUSE_PROTO="Tslib:/dev/input/eventXX Auto"<br />
</pre><br />
}}<br />
<br />
* Then you can launch an application and use your USB mouse with it.<br />
<br />
More infos are provided here: [http://doc.qt.nokia.com/4.6/qt-embedded-pointer.html]<br />
<br />
==Screen rotation==<br />
* activate it with : ''-qt-gfx-transformed'' (from buildroot menuconfig),<br />
* to use it on the command line (for example 270°) : ''-display transformed:rot270''<br />
* or export the variable (for example 270°) : ''export QWS_DISPLAY=Transformed:Rot270.0<br />
''<br />
<br />
==Test==<br />
If you want to test it, compile and put some examples in your TFTP directory:<br />
<pre class="host"><br />
$ make shell_env<br />
$ source armadeus_env.sh<br />
$ cd $ARMADEUS_QT_DIR/examples/widgets/<br />
$ $ARMADEUS_QT_DIR/bin/qmake widgets.pro<br />
$ make<br />
...<br />
$ cp digitalclock/digitalclock /tftpboot<br />
$ cp calculator/calculator /tftpboot<br />
</pre><br />
<br />
and then launch it on your APF (supposed you have a running & calibrated touchscreen):<br />
<pre class="apf"><br />
# cd /usr/bin/<br />
# tftp -g -r calculator 192.168.0.xx (Host IP)<br />
# chmod a+x calculator<br />
# export QWS_MOUSE_PROTO="Tslib:/dev/input/event0"<br />
# <br />
# ./calculator -qws<br />
</pre><br />
<br />
==Demo==<br />
A client/server (with GUI) demo is available under: ''software/demos/ApfDacClientServer/''. It could be a good starting point to show you how to create standalone Qt applications (will probably require some modifications in ''src/build.sh'' depending on your Host Qt installation).<br />
<br />
[[Image:qtdemo.png|center|frame|GUI with widgets taken from http://www.qt-apps.org]]<br />
<br />
== Usage ==<br />
<br />
By default Qt libraries are installed in /usr/lib/ directory of your target rootfs.<br />
<br />
== How to cross-compile an application using Qt Embedded ==<br />
<br />
The first thing you need to do is to define a specific "'''qmake''' specs directory" for armadeus. Here for example:<br />
<br />
$ mkdir $APPLICATION_ROOT_DIR/mkspecs/linux-arm-g++<br />
<br />
and install the two following files into this new directory: [http://www.armadeus.com/assos_downloads/qt/qmake.conf qmake.conf] & [http://www.armadeus.com/assos_downloads/qt/qplatformdefs.h qplatformdefs.h]. '''qmake.conf''' may be customized if necessary. <br />
<br />
<br />
Then, you must define two typical environment variables : <br />
'''QTDIR''' which defines the Qt installation path <br />
& '''QMAKESPEC''' which defines the path to the configuration files of the '''qmake''' tool <br />
<br />
Here two typical lines of a Qtopia application building script<br />
<br />
$ export QTDIR=/usr/local/Trolltech/QtEmbedded-4.5.3<br />
$ export QMAKESPEC= $APPLICATION_ROOT_DIR/mkspecs/linux-arm-g++<br />
<br />
Adapt the '''QTDIR''' path to your own installation path and compile your code now, using theses commands:<br />
<br />
# build the makefile with the '''qmake''' command (See Trolltech documentation for details about '''qmake'''):<br />
$QTDIR/bin/qmake -spec my.pro<br />
# and now compile the beast... :<br />
$ make<br />
<br />
Good luck....<br />
<br />
== Phonon installation with Qt Embedded ==<br />
<br />
=== Prerequisites ===<br />
In order to use Phonon with Qt, first you need to install some other libraries.<br />
You may even need to cross-compile them, depending on the platform you want to run Qt on.<br />
<br />
==== For x86 platform ====<br />
*You only have to install GStreamer and some plugins with the following command :<br />
<pre class="host"><br />
$ sudo apt-get install libgstreamer0.10-0<br />
$ sudo apt-get install libgstreamer0.10-dev<br />
$ sudo apt-get install libgstreamer-plugins-base0.10-0<br />
$ sudo apt-get install libgstreamer-plugins-base0.10-dev<br />
</pre><br />
{{Note | These packages are available for Linux Ubuntu ; but for other distributions, the names may vary.}}<br />
<br />
*To use some audio, image or video format like mp3, mpeg2, png or ogg:<br />
**First you must install on your system the needed libraries for the particular format you want (like libmpeg2, libpng, libmad...)<br />
**Then you can install these gstreamer plugins:<br />
<pre class="host"><br />
$ sudo apt-get install gstreamer0.10-plugins-good<br />
$ sudo apt-get install gstreamer0.10-plugins-ugly<br />
</pre><br />
There also are other plugin packages which you can find the list at :<br />
[http://gstreamer.freedesktop.org/documentation/ GStreamer]<br />
<br />
==== For embedded platform ====<br />
If you want to build Qt with Phonon for embedded platform, you'll need to cross-compile the following libraries for the same platform:<br />
*libxml2 >= 2.7.7<br />
*libcheck >= 0.9.8<br />
*liboil >= 0.3.2<br />
*gstreamer >= 0.10.0<br />
*gst-plugins-base >= 0.10.0<br />
<br />
There are some required libraries that you can compile and install with Buildroot:<br />
*glib >= 2.16<br />
*Optional:<br />
**libpng<br />
**tiff<br />
**jpeg<br />
**...<br />
<br />
For additional audio and video formats, you have to cross-compile the corresponding libraries and then the following gstreamer's plugins :<br />
*gst-plugins-good >= 0.10.0<br />
*gst-plugins-ugly >= 0.10.0<br />
<br />
=== Cross-compiling libraries ===<br />
*First thing to do is to set the PKG_CONFIG_PATH environment variable to the directories containing your embedded libraries' pkgconfig files.<br />
<br />
*To see what environment variable you can modify to impact the library cross-compiling, enter the command :<br />
<pre class="host"><br />
$ ./configure --help<br />
</pre><br />
Then create a file to define all required environment variables for the cross-compiling. <br />
For instance for glib2:<br />
<pre class="config"><br />
$ export CC=arm-linux-gcc<br />
$ export CXX=arm-linux-g++<br />
$ export CFLAGS="-I/usr/local/libxml2/include/libxml2"<br />
$ export LDFLAGS=-L/usr/local/libxml2/lib<br />
</pre><br />
And then, to create your environment, type :<br />
<pre class="host"><br />
$ source ENVIRONMENT_FILE<br />
</pre><br />
<br />
*Finally you can configure your library like this:<br />
<pre class="host"><br />
$ ./configure --build=x86-linux --host=YOUR_EMBEDDED_PLATFORM --prefix==YOUR_INSTALLATION_PATH<br />
</pre><br />
Then build and install the library.<br />
<br />
=== Build Qt ===<br />
<br />
==== For x86 platform ====<br />
The PKG_CONFIG_PATH and pkgconfig files must be correctly set to point toward gstreamer's and glib's x86 libraries and headers.<br />
<br />
All you need to do then is to configure Qt with the phonon option and its backend :<br />
<pre class="host"><br />
$ ./configure -embedded x86 -debug -no-cups -no-nis -depths 16,18,24 -no-qt3support -qvfb -phonon -phonon-backend -prefix YOUR_INSTALLATION_PATH -confirm-license<br />
</pre><br />
<br />
Then build and install Qt and you will be able to use Phonon on your x86 platform.<br />
<br />
==== For embedded platform ====<br />
The PKG_CONFIG_PATH and pkgconfig files must be correctly set to point toward gstreamer's and glib's embedded libraries and headers.<br />
<br />
Then you can configure Qt with glib, phonon and its backend and by adding the pkgconfig option :<br />
<pre class="host"><br />
$ ./configure -embedded YOUR_EMBEDDED_PLATFORM -xplatform YOUR_PLATFORM_MKSPECS -depths 16,18 -no-cups -no-nis -no-qt3support -phonon -phonon-backend -glib -prefix YOUR_INSTALLATION_PATH -force-pkg-config<br />
</pre><br />
<br />
{{Note | You may need to give the cross-compiler the paths toward gstreamer's and glib's libraries and headers as configuration options.}}<br />
<br />
=== Possible problems encountered ===<br />
During Qt Embedded or prerequisited cross-compiling, you may get the following errors :<br />
<br />
*''Impossible constraint in 'asm''':<br />
It means you include the wrong headers needed by the library you compile in CFLAGS or CXXFLAGS. Do not include -I/usr/include or non-cross-compiled headers.<br />
<br />
*''Cannot run test program'':<br />
Your best shot is to look in configure.ac (or configure.in) and see if<br />
there's a "cache variable" for that test. If so, you can set that<br />
variable in your environment, to the expected answer for your target,<br />
before running configure, and it should bypass the actual test.<br />
If there's no cache variable, you'll need to modify configure.ac (or<br />
configure.in) to set the variable manually, and rebuild configure.<br />
<br />
*Do not forget to set your PKG_CONFIG_PATH variable to point toward the directory containing your embedded library pkgconfig files. By default, the x86 pkgconfig files are checked and so, errors occur.<br />
<br />
*When installing libraries : ''arm-linux-g++: command not found''<br />
You have to directly export the PATH toward your cross-compiler in the file libtool to get through this error.<br />
<br />
*In gst-plugins-base, delete manually the compilation of ''icles'' in the file tests/Makefile. The lines to delete are l.377 and l.382.<br />
<br />
== Work in progress / to do list ==<br />
<br />
* Customization of the Qt libs to have a custom Qt/E library well designed for Armadeus usage.<br />
<br />
==Licenses==<br />
Since Qt 4.5.2 new licensing schemes are available: http://www.qtsoftware.com/products/licensing/licensing#qt-gnu-lgpl-v<br />
<br />
== Links ==<br />
* [[PyQt]]<br />
* http://www.trolltech.com<br />
* [http://lists.trolltech.com/qt-embedded-interest/2003-11/msg00007.html 16 colors framebuffer with Qt]<br />
* [http://doc.trolltech.com/4.2/qtopiacore-envvars.html Qtopia Core Environment Variables]<br />
* [http://thelins.se/learnqt/category/embedded-linux/ Tutorial on Qt setup for embedded devt]<br />
<br />
[[Category: Qt]]<br />
[[Category: Software]]<br />
[[Category: Graphical User Interface]]</div>JeremieShttp://armadeus.org/wiki/index.php?title=Qt/Embedded&diff=11213Qt/Embedded2012-08-13T12:15:47Z<p>JeremieS: Qt QVFB compilation</p>
<hr />
<div>Instructions to install and use QtEmbedded & Qt virtual frame buffer for Armadeus<br />
<br />
== Introduction ==<br />
<br />
This page will summarize the process to build, install and use Qt Embedded (previously known as Qtopia).<br />
<br />
You will also find instructions to setup a Host development environment for simulating applications before deploying them on the target (Qt virtual frame buffer). The Builroot tree must be installed before the installation of Qt.<br />
<br />
{{Note| We recommand at least 32 MBytes of RAM if you plan to design and run Qt based GUIs.}}<br />
<br />
==Installation==<br />
<br />
From November 20th 2007, Qt Embedded is now fully integrated in Armadeus Buildroot (old procedure is kept [[QtEmbedded Installation|here]]). So to install it you have to:<br />
<pre class="host"><br />
[armadeus]$ make menuconfig<br />
</pre><br />
<pre class="config"><br />
[*] Package Selection for the target ---><br />
[*] Graphic libraries and applications (graphic/text) ---><br />
*** other GUIs ***<br />
[*] Qt ---><br />
--- Qt<br />
[ ] Compile with debug support<br />
Library type (Shared library) ---><br />
[*] Approve free license<br />
[ ] Compatibility with Qt3<br />
[*] Gui Module<br />
Pixel depths ---><br />
Fonts ---><br />
freetype2 support (no freetype2 support) ---><br />
[*] Enable GIF support<br />
[ ] Enable libmng support<br />
JPEG support (System libjpeg) ---><br />
PNG support (No PNG support) ---><br />
TIFF support (No TIFF support) ---><br />
zlib support (Qt zlib) ---><br />
(arm) The embedded platform we are making Qt for<br />
[ ] SQL Module ---> <br />
Graphics drivers ---><br />
Mouse drivers ---><br />
Keyboard drivers ---><br />
[ ] Phonon Module<br />
[*] XML Module <br />
[ ] XML Patterns Module<br />
[ ] SVG Module<br />
-*- Network Module<br />
[ ] WebKit Module<br />
[ ] STL support<br />
[ ] Enable OpenSSL support<br />
[*] Script Module<br />
[ ] Script Tools Module<br />
</pre><br />
<br />
'''(don't forget Pixel depths submenu options (at least 8 and 16))'''<br />
<br />
*If you want touchscreen support:<br />
<pre class="config"><br />
Mouse drivers ---><br />
...<br />
[*] tslib<br />
</pre><br />
then:<br />
<pre class="host"><br />
[armadeus]$ make<br />
</pre><br />
<br />
1 hour and ~1 GBytes later (depending on your system and the configuration you choosed) your will have the beast. You can then reflash your rootfs.<br />
<br />
==Compilation for QVFB (Embedded x86/64)==<br />
* Get an Qt source archive from [Nokia FTP|ftp://ftp.qt.nokia.com/]<br />
* Untar the archive into a compilation directory.<br />
* Go into the source directory.<br />
* Use following command to configure Qt:<br />
** Other configuration options can be used, but the following are essential:<br />
<pre class="host"><br />
$ ./configure -depths 16,18 -embedded x86 -prefix /usr/local/Trolltech/QtEmbedded-4.7.2 -fast<br />
</pre><br />
<br />
* Then compile and install Qt:<br />
<pre class="host"><br />
$ make<br />
$ sudo make install<br />
</pre><br />
<br />
==Touchscreen handling==<br />
* Configure your touchscreen by loading the corresponding driver (depends on your APF) and calibrating it (at first use)<br />
* Then, before launching Qt app, do<br />
<pre class="apf"><br />
# export QWS_MOUSE_PROTO="Tslib:/dev/input/eventXX (replace XX with the right number)<br />
</pre><br />
<br />
==Keyboard handling==<br />
<br />
===USB Keyboard===<br />
<br />
====Qt configuration====<br />
<br />
*If you manually build Qt, you have to add the USB keyboard driver option in the configuration:<br />
<pre class="host"><br />
$ configure -qt-kbd-linuxinput<br />
</pre><br />
<br />
*If you let Buildroot build Qt, select the USB keyboard option in the configuration menu:<br />
<pre class="config"><br />
[*] Graphic libraries and applications (graphic/text) ---><br />
*** other GUIs ***<br />
[*] Qt ---><br />
--- Qt<br />
...<br />
Mouse drivers ---><br />
Keyboard drivers ---><br />
[ ] tty<br />
[*] linux input<br />
[ ] qvfb<br />
...<br />
</pre><br />
<br />
====Linux configuration====<br />
<br />
To use USB keyboard, there are some drivers to install in Linux.<br />
<br />
*First open the Linux configuration menu:<br />
<pre class="host"><br />
[armadeus]$ make linux26-menuconfig<br />
</pre><br />
<br />
*Select the keyboard drivers in the menu:<br />
<pre class="config"><br />
Device drivers ---><br />
...<br />
Input device support ---><br />
...<br />
*** Input Device Drivers ***<br />
[*] Keyboards ---><br />
--- Keyboards<br />
<*> AT keyboard<br />
< > Sun Type 4 and Type 5 keyboard<br />
< > DECstation/VAXstation LK201/LK401 keyboard<br />
< > XT keyboard<br />
<M> Freescale MXC/IMX keypad support<br />
< > Newton keyboard<br />
< > Stowaway keyboard <br />
< > GPIO Button<br />
[*] Mice ---> <br />
...<br />
...<br />
</pre><br />
<br />
*Then clean your Linux installation and rebuild it:<br />
<pre class="host"><br />
[armadeus]$ make linux26-clean<br />
[armadeus]$ make linux26<br />
[armadeus]$ make<br />
</pre><br />
<br />
====Embedded system configuration====<br />
<br />
* First flash your new kernel and rootfs and boot the system.<br />
* When you connect the USB keyboard to the system, a device is created in '''/dev/ttyX'''.<br />
* Then you can tell Qt which driver to connect to the device to make it work:<br />
<pre class="apf"><br />
# export QWS_KEYBOARD="LinuxInput:/dev/ttyX"<br />
</pre><br />
<br />
* Then you can launch an application and use your USB keyboard with it.<br />
<br />
More infos are provided here: [http://doc.qt.nokia.com/4.7-snapshot/qt-embedded-charinput.html]<br />
<br />
==Mouse handling==<br />
<br />
===USB Mouse===<br />
<br />
====Qt configuration====<br />
<br />
*If you manually build Qt, you have to add the USB mouse driver option in the configuration:<br />
<pre class="host"><br />
$ configure -qt-mouse-pc .......<br />
</pre><br />
<br />
*If you let Buildroot build Qt, select the USB mouse option in the configuration menu:<br />
<pre class="config"><br />
[*] Graphic libraries and applications (graphic/text) ---><br />
*** other GUIs ***<br />
[*] Qt ---><br />
--- Qt<br />
...<br />
Graphics drivers ---><br />
Mouse drivers ---><br />
[*] pc<br />
[ ] bus<br />
[ ] linuxtp<br />
[ ] yopy<br />
[ ] vr41xx<br />
[ ] tslib<br />
[ ] qvfb<br />
Keyboard drivers ---><br />
...<br />
</pre><br />
<br />
*Then build & install Qt or let Buildroot build.<br />
<br />
====Linux configuration====<br />
<br />
To use USB mouse, there are some drivers to install in Linux.<br />
<br />
*First open the Linux configuration menu:<br />
<pre class="host"><br />
[armadeus]$ make linux26-menuconfig<br />
</pre><br />
<br />
*Select the Mouse interface and PS/2 Mouse drivers in the menu:<br />
<pre class="config"><br />
Device drivers ---><br />
...<br />
Input device support ---><br />
...<br />
*** Userland interfaces ***<br />
<*> Mouse interface <br />
[*] Provide legacy /dev/psaux device<br />
(1024) Horizontal screen resolution<br />
(768) Vertical screen resolution<br />
...<br />
*** Input Device Drivers ***<br />
[ ] Keyboards ---> <br />
[*] Mice ---> <br />
--- Mice<br />
<M> PS/2 mouse<br />
[*] ALPS PS/2 mouse protocol extension<br />
[*] Logitech PS/2++ mouse protocol extension<br />
[*] Synaptics PS/2 mouse protocol extension<br />
[*] IBM Trackpoint PS/2 mouse protocol extension<br />
[ ] Elantech PS/2 protocol extension<br />
[ ] eGalax TouchKit PS/2 protocol extension <br />
...<br />
</pre><br />
<br />
*Then clean your Linux installation and rebuild it:<br />
<pre class="host"><br />
[armadeus]$ make linux26-clean<br />
[armadeus]$ make linux26<br />
[armadeus]$ make<br />
</pre><br />
<br />
====Embedded system configuration====<br />
<br />
* First flash your new kernel and rootfs and boot the system.<br />
* When you connect the USB mouse to the system, a device is created in '''/dev/input/mouseXX'''. The touchscreen devices are also created as '''/dev/input/eventXX'''.<br />
* To know which device is the USB mouse one, you have to check in:<br />
<pre class="apf"><br />
# cat /sys/class/input/mouseXX/device/name<br />
</pre><br />
* Then you can tell Qt which driver to connect to the device to make it work:<br />
**If you want the USB mouse only:<br />
<pre class="apf"><br />
# export QWS_MOUSE_PROTO="MouseMan:/dev/input/mouseXX"<br />
</pre><br />
** For multiple pointer inputs, for example if you want to use an USB mouse along with a touchscreen, list all the possible pointers as follow:<br />
<pre class="apf"><br />
# export QWS_MOUSE_PROTO="MouseMan:/dev/input/mouseXX Tslib:/dev/input/eventXX"<br />
</pre><br />
<br />
{{Note| For a dynamic detection of an USB mouse, you can use the automatic driver like this:<br />
<pre class="apf"><br />
# export QWS_MOUSE_PROTO="Tslib:/dev/input/eventXX Auto"<br />
</pre><br />
}}<br />
<br />
* Then you can launch an application and use your USB mouse with it.<br />
<br />
More infos are provided here: [http://doc.qt.nokia.com/4.6/qt-embedded-pointer.html]<br />
<br />
==Screen rotation==<br />
* activate it with : ''-qt-gfx-transformed'' (from buildroot menuconfig),<br />
* to use it on the command line (for example 270°) : ''-display transformed:rot270''<br />
* or export the variable (for example 270°) : ''export QWS_DISPLAY=Transformed:Rot270.0<br />
''<br />
<br />
==Test==<br />
If you want to test it, compile and put some examples in your TFTP directory:<br />
<pre class="host"><br />
$ make shell_env<br />
$ source armadeus_env.sh<br />
$ cd $ARMADEUS_QT_DIR/examples/widgets/<br />
$ $ARMADEUS_QT_DIR/bin/qmake widgets.pro<br />
$ make<br />
...<br />
$ cp digitalclock/digitalclock /tftpboot<br />
$ cp calculator/calculator /tftpboot<br />
</pre><br />
<br />
and then launch it on your APF (supposed you have a running & calibrated touchscreen):<br />
<pre class="apf"><br />
# cd /usr/bin/<br />
# tftp -g -r calculator 192.168.0.xx (Host IP)<br />
# chmod a+x calculator<br />
# export QWS_MOUSE_PROTO="Tslib:/dev/input/event0"<br />
# <br />
# ./calculator -qws<br />
</pre><br />
<br />
==Demo==<br />
A client/server (with GUI) demo is available under: ''software/demos/ApfDacClientServer/''. It could be a good starting point to show you how to create standalone Qt applications (will probably require some modifications in ''src/build.sh'' depending on your Host Qt installation).<br />
<br />
[[Image:qtdemo.png|center|frame|GUI with widgets taken from http://www.qt-apps.org]]<br />
<br />
== Usage ==<br />
<br />
By default Qt libraries are installed in /usr/lib/ directory of your target rootfs.<br />
<br />
== How to cross-compile an application using Qt Embedded ==<br />
<br />
The first thing you need to do is to define a specific "'''qmake''' specs directory" for armadeus. Here for example:<br />
<br />
$ mkdir $APPLICATION_ROOT_DIR/mkspecs/linux-arm-g++<br />
<br />
and install the two following files into this new directory: [http://www.armadeus.com/assos_downloads/qt/qmake.conf qmake.conf] & [http://www.armadeus.com/assos_downloads/qt/qplatformdefs.h qplatformdefs.h]. '''qmake.conf''' may be customized if necessary. <br />
<br />
<br />
Then, you must define two typical environment variables : <br />
'''QTDIR''' which defines the Qt installation path <br />
& '''QMAKESPEC''' which defines the path to the configuration files of the '''qmake''' tool <br />
<br />
Here two typical lines of a Qtopia application building script<br />
<br />
$ export QTDIR=/usr/local/Trolltech/QtEmbedded-4.5.3<br />
$ export QMAKESPEC= $APPLICATION_ROOT_DIR/mkspecs/linux-arm-g++<br />
<br />
Adapt the '''QTDIR''' path to your own installation path and compile your code now, using theses commands:<br />
<br />
# build the makefile with the '''qmake''' command (See Trolltech documentation for details about '''qmake'''):<br />
$QTDIR/bin/qmake -spec my.pro<br />
# and now compile the beast... :<br />
$ make<br />
<br />
Good luck....<br />
<br />
== Phonon installation with Qt Embedded ==<br />
<br />
=== Prerequisites ===<br />
In order to use Phonon with Qt, first you need to install some other libraries.<br />
You may even need to cross-compile them, depending on the platform you want to run Qt on.<br />
<br />
==== For x86 platform ====<br />
*You only have to install GStreamer and some plugins with the following command :<br />
<pre class="host"><br />
$ sudo apt-get install libgstreamer0.10-0<br />
$ sudo apt-get install libgstreamer0.10-dev<br />
$ sudo apt-get install libgstreamer-plugins-base0.10-0<br />
$ sudo apt-get install libgstreamer-plugins-base0.10-dev<br />
</pre><br />
{{Note | These packages are available for Linux Ubuntu ; but for other distributions, the names may vary.}}<br />
<br />
*To use some audio, image or video format like mp3, mpeg2, png or ogg:<br />
**First you must install on your system the needed libraries for the particular format you want (like libmpeg2, libpng, libmad...)<br />
**Then you can install these gstreamer plugins:<br />
<pre class="host"><br />
$ sudo apt-get install gstreamer0.10-plugins-good<br />
$ sudo apt-get install gstreamer0.10-plugins-ugly<br />
</pre><br />
There also are other plugin packages which you can find the list at :<br />
[http://gstreamer.freedesktop.org/documentation/ GStreamer]<br />
<br />
==== For embedded platform ====<br />
If you want to build Qt with Phonon for embedded platform, you'll need to cross-compile the following libraries for the same platform:<br />
*libxml2 >= 2.7.7<br />
*libcheck >= 0.9.8<br />
*liboil >= 0.3.2<br />
*gstreamer >= 0.10.0<br />
*gst-plugins-base >= 0.10.0<br />
<br />
There are some required libraries that you can compile and install with Buildroot:<br />
*glib >= 2.16<br />
*Optional:<br />
**libpng<br />
**tiff<br />
**jpeg<br />
**...<br />
<br />
For additional audio and video formats, you have to cross-compile the corresponding libraries and then the following gstreamer's plugins :<br />
*gst-plugins-good >= 0.10.0<br />
*gst-plugins-ugly >= 0.10.0<br />
<br />
=== Cross-compiling libraries ===<br />
*First thing to do is to set the PKG_CONFIG_PATH environment variable to the directories containing your embedded libraries' pkgconfig files.<br />
<br />
*To see what environment variable you can modify to impact the library cross-compiling, enter the command :<br />
<pre class="host"><br />
$ ./configure --help<br />
</pre><br />
Then create a file to define all required environment variables for the cross-compiling. <br />
For instance for glib2:<br />
<pre class="config"><br />
$ export CC=arm-linux-gcc<br />
$ export CXX=arm-linux-g++<br />
$ export CFLAGS="-I/usr/local/libxml2/include/libxml2"<br />
$ export LDFLAGS=-L/usr/local/libxml2/lib<br />
</pre><br />
And then, to create your environment, type :<br />
<pre class="host"><br />
$ source ENVIRONMENT_FILE<br />
</pre><br />
<br />
*Finally you can configure your library like this:<br />
<pre class="host"><br />
$ ./configure --build=x86-linux --host=YOUR_EMBEDDED_PLATFORM --prefix==YOUR_INSTALLATION_PATH<br />
</pre><br />
Then build and install the library.<br />
<br />
=== Build Qt ===<br />
<br />
==== For x86 platform ====<br />
The PKG_CONFIG_PATH and pkgconfig files must be correctly set to point toward gstreamer's and glib's x86 libraries and headers.<br />
<br />
All you need to do then is to configure Qt with the phonon option and its backend :<br />
<pre class="host"><br />
$ ./configure -embedded x86 -debug -no-cups -no-nis -depths 16,18,24 -no-qt3support -qvfb -phonon -phonon-backend -prefix YOUR_INSTALLATION_PATH -confirm-license<br />
</pre><br />
<br />
Then build and install Qt and you will be able to use Phonon on your x86 platform.<br />
<br />
==== For embedded platform ====<br />
The PKG_CONFIG_PATH and pkgconfig files must be correctly set to point toward gstreamer's and glib's embedded libraries and headers.<br />
<br />
Then you can configure Qt with glib, phonon and its backend and by adding the pkgconfig option :<br />
<pre class="host"><br />
$ ./configure -embedded YOUR_EMBEDDED_PLATFORM -xplatform YOUR_PLATFORM_MKSPECS -depths 16,18 -no-cups -no-nis -no-qt3support -phonon -phonon-backend -glib -prefix YOUR_INSTALLATION_PATH -force-pkg-config<br />
</pre><br />
<br />
{{Note | You may need to give the cross-compiler the paths toward gstreamer's and glib's libraries and headers as configuration options.}}<br />
<br />
=== Possible problems encountered ===<br />
During Qt Embedded or prerequisited cross-compiling, you may get the following errors :<br />
<br />
*''Impossible constraint in 'asm''':<br />
It means you include the wrong headers needed by the library you compile in CFLAGS or CXXFLAGS. Do not include -I/usr/include or non-cross-compiled headers.<br />
<br />
*''Cannot run test program'':<br />
Your best shot is to look in configure.ac (or configure.in) and see if<br />
there's a "cache variable" for that test. If so, you can set that<br />
variable in your environment, to the expected answer for your target,<br />
before running configure, and it should bypass the actual test.<br />
If there's no cache variable, you'll need to modify configure.ac (or<br />
configure.in) to set the variable manually, and rebuild configure.<br />
<br />
*Do not forget to set your PKG_CONFIG_PATH variable to point toward the directory containing your embedded library pkgconfig files. By default, the x86 pkgconfig files are checked and so, errors occur.<br />
<br />
*When installing libraries : ''arm-linux-g++: command not found''<br />
You have to directly export the PATH toward your cross-compiler in the file libtool to get through this error.<br />
<br />
*In gst-plugins-base, delete manually the compilation of ''icles'' in the file tests/Makefile. The lines to delete are l.377 and l.382.<br />
<br />
== Work in progress / to do list ==<br />
<br />
* Customization of the Qt libs to have a custom Qt/E library well designed for Armadeus usage.<br />
<br />
==Licenses==<br />
Since Qt 4.5.2 new licensing schemes are available: http://www.qtsoftware.com/products/licensing/licensing#qt-gnu-lgpl-v<br />
<br />
== Links ==<br />
* [[PyQt]]<br />
* http://www.trolltech.com<br />
* [http://lists.trolltech.com/qt-embedded-interest/2003-11/msg00007.html 16 colors framebuffer with Qt]<br />
* [http://doc.trolltech.com/4.2/qtopiacore-envvars.html Qtopia Core Environment Variables]<br />
* [http://thelins.se/learnqt/category/embedded-linux/ Tutorial on Qt setup for embedded devt]<br />
<br />
[[Category: Qt]]<br />
[[Category: Software]]<br />
[[Category: Graphical User Interface]]</div>JeremieShttp://armadeus.org/wiki/index.php?title=APF9328_and_APF27_migration_to_Linux_2.6.38&diff=10939APF9328 and APF27 migration to Linux 2.6.382012-06-08T13:50:12Z<p>JeremieS: /* Things to know BEFORE booting */</p>
<hr />
<div> {{Need_Update}}<br />
==Instructions==<br />
* Patches to port: ''buildroot/target/device/armadeus/linux/kernel-patches/2.6.29/''<br />
* when working on a patch mark it with:<br />
** <nowiki> ** <span style="color:orange">'''In progress'''</span> ~~~~ </nowiki><br />
** '''-->''' <span style="color:orange">'''In progress'''</span> [[User:JulienB|JulienB]] 14:14, 9 November 2010 (UTC)<br />
* Strike the one that are no more needed:<br />
** <strike> 000-xxxxxxx.patch </strike><br />
* Write OK in bold green and your name (automatic with 4x'~') when corresponding patch has been ported:<br />
** <nowiki> ** <span style="color:green">'''OK'''</span> ~~~~ </nowiki><br />
** '''-->''' 000-xxxxxxx.patch: <span style="color:green">'''OK'''</span> [[User:JulienB|JulienB]] 07:06, 21 October 2010 (UTC)<br />
* How to:<br />
<pre class="host"><br />
$ cd armadeus-xx<br />
$ cp buildroot/target/device/armadeus/linux/kernel-patches/2.6.29/000-foo.patch buildroot/target/device/armadeus/linux/kernel-patches/2.6.38/<br />
$ cd buildroot/output/build/linux-2.6.38.1/<br />
$ patch -p1 --dry-run < ../../../../buildroot/target/device/armadeus/linux/kernel-patches/2.6.38/000-foo.patch<br />
<br />
... modify patch until it applies correctly ...<br />
<br />
$ patch -p1 < ../../../../buildroot/target/device/armadeus/linux/kernel-patches/2.6.38/000-foo.patch<br />
<br />
... go one ...<br />
</pre><br />
<br />
===How to compile kernel ?===<br />
* 1] Select 2.6.38.8 version in Buildroot menuconfig:<br />
<pre class="config"><br />
Kernel ---><br />
(2.6.38.8) Kernel version<br />
<br />
Toolchain ---><br />
Kernel Headers (Linux 2.6 (manually specified version)) ---><br />
(2.6.38.8) linux version<br />
</pre><br />
* 2] Change serial console :<br />
<pre class="config"><br />
System configuration ---><br />
(ttymxc0) Port to run a getty (login prompt) on<br />
</pre><br />
* 3] Compile whole Buildroot at least once<br />
* 4] For the one who knows ''quilt'', they can use ''scripts/quiltify.sh'' before starting (procedure in construction)<br />
<br />
===Things to know BEFORE booting===<br />
* on 2.6.38 i.MX serial port names have been unified to /dev/ttymxc[0-6]. So if you want to see something on your serial console please do the following before booting:<br />
** APF27<br />
<pre class="apf"><br />
BIOS> setenv consoledev ttymxc0<br />
BIOS> setenv baudrate 115200<br />
</pre><br />
* <strike><span style="color:red">for the same reason you must also modify ''buildroot/output/target/etc/inittab'' and then do a ''make'' after a successful build.</span></strike><br />
* Framebuffer can now support multiple LCDs and so LCD you want to use must be passed as bootparam (like serial port). So you can do (for example):<br />
<pre class="apf"><br />
BIOS> setenv consoledev ttymxc0<br />
BIOS> setenv baudrate 115200 video=imxfb:Chimei-LW700AT9003<br />
## Switch baudrate to 115200 bps andpress ENTER ...<br />
</pre><br />
<br />
===Things to do AFTER booting===<br />
* <strike>if you want to use touchscreen, please '''uncomment''' this line in ''/etc/ts.conf'' (line 2):</strike><br />
<pre class="apf"><br />
# module_raw input<br />
</pre><br />
<br />
==APF9328 patches==<br />
===015 -> 040===<br />
* 015-armadeus-logo-add_armadeus-project_tux.patch<br />
** <span style="color:green">'''OK'''</span> [[User:JulienB|JulienB]] 14:42, 21 October 2010 (UTC)<br />
* <strike>016-armadeus-imxfb-add_platform_specific_init_exit_functions.patch </strike><br />
* <strike>018-armadeus-i2c-imx-add_driver_to_linux_build_system.patch</strike><br />
** integrated in mainline - [[User:GwenhaelG|GwenhaelG]] 14:27, 27 November 2010 (UTC)<br />
* <strike>018-armadeus-i2c-imx.patch</strike><br />
** integrated in mainline - [[User:GwenhaelG|GwenhaelG]] 14:27, 27 November 2010 (UTC)<br />
* 021-armadeus-apf9328_defconfig.patch<br />
** <span style="color:green">'''OK'''</span> [[User:GwenhaelG|GwenhaelG]] 17:38, 6 November 2010 (UTC)<br />
* 021-armadeus-apf9328.patch<br />
** <span style="color:orange">'''In progress'''</span> [[User:GwenhaelG|GwenhaelG]] 18:40, 21 November 2010 (UTC)<br />
* 023-armadeus-fblcd-kconfig.patch<br />
** <span style="color:green">'''OK'''</span> - [[User:GwenhaelG|GwenhaelG]] 13:12, 16 December 2010 (UTC)<br />
* 024-armadeus-apf9328-add_board_to_linux_build_system.patch<br />
** <span style="color:green">'''OK'''</span> - [[User:GwenhaelG|GwenhaelG]] 13:12, 16 December 2010 (UTC)<br />
* <strike>028-armadeus-add_reg8_macro_to_hardware_h.patch</strike><br />
** obsolete - [[User:GwenhaelG|GwenhaelG]] 16:46, 4 December 2010 (UTC)<br />
* 029-armadeus-add_csi_and_spi_registers_to_imx-regs_h.patch<br />
** <span style="color:green">'''OK'''</span> - [[User:GwenhaelG|GwenhaelG]] 13:12, 16 December 2010 (UTC)<br />
** renamed to 029-armadeus-add_csi_and_spi_registers.patch<br />
* <strike>030-armadeus-fixes_typo_for_usbdrcv_in_imx-regs_h.patch </strike><br />
* 030-armadeus-imx-generic.patch<br />
** <span style="color:green">'''OK'''</span> - [[User:GwenhaelG|GwenhaelG]] 13:12, 16 December 2010 (UTC)<br />
** renamed to 030-armadeus-imx.patch<br />
* <strike>030-armadeus-imx_udc-add_clock.patch</strike><br />
** integrated in mainline - [[User:GwenhaelG|GwenhaelG]] 16:46, 4 December 2010 (UTC)<br />
* <strike>030-armadeus-imx_udc-change_source_sink_in_gadget_zero.to_fix</strike><br />
** obsolete - [[User:GwenhaelG|GwenhaelG]] 13:12, 16 December 2010 (UTC)<br />
* <strike>030-armadeus-imx_udc-deactivate_cdc_in_ether_c.to_fix</strike><br />
** obsolete - [[User:GwenhaelG|GwenhaelG]] 13:12, 16 December 2010 (UTC)<br />
* <strike>031-armadeus-imx_udc_add_usb_h_include_to_arch_arm_mach-imx_include_mach.patch</strike><br />
** integrated in mainline - [[User:GwenhaelG|GwenhaelG]] 16:46, 4 December 2010 (UTC)<br />
* <strike>032-armadeus-imx_udc_makes_kconfig_selectable_on_imx_arch.patch</strike><br />
** obsolete - [[User:GwenhaelG|GwenhaelG]] 16:46, 4 December 2010 (UTC)<br />
* <strike>033-darius-imx_udc-fix_imx_udc_gadget_bugs.patch </strike><br />
* <strike>034-darius-imx_udc-fix_imx_udc_gadget_code_style.patch </strike><br />
* <strike>035-darius-imx_udc-fix_imx_udc_gadget_ep0_irq_handling.patch </strike><br />
* <strike>036-darius-imx_udc-fix_imx_udc_gadget_general_irq_handling.patch </strike><br />
* 037-armadeus-imx_udc-add_printk_when_probed.patch<br />
** <span style="color:green">'''OK'''</span> - [[User:GwenhaelG|GwenhaelG]] 08:58, 18 December 2010 (UTC)<br />
* 038-armadeus-imx_udc-prevent_crash_after_soft_reboot.patch<br />
** <span style="color:green">'''OK'''</span> - [[User:GwenhaelG|GwenhaelG]] 08:58, 18 December 2010 (UTC)<br />
* 040-armadeus-imxmmc-add_controller_driven_card_detection.patch<br />
** <span style="color:orange">'''In progress'''</span> [[User:GwenhaelG|GwenhaelG]] 18:40, 21 November 2010 (UTC)<br />
* 040-armadeus-imxmmc-correct_some_freezes.patch<br />
** <span style="color:orange">'''In progress'''</span> [[User:GwenhaelG|GwenhaelG]] 18:40, 21 November 2010 (UTC)<br />
<br />
===041 -> 099===<br />
* <strike>041-armadeus-imx_irq.patch</strike><br />
** obsolete - [[User:GwenhaelG|GwenhaelG]] 08:06, 18 December 2010 (UTC)<br />
* 050-armadeus-add_custom_drivers_to_kconfig.patch<br />
** <span style="color:green">'''OK'''</span> - [[User:GwenhaelG|GwenhaelG]] 13:14, 16 December 2010 (UTC)<br />
* 063-armadeus-max1027-add_max1027_include.patch<br />
** <span style="color:green">'''OK'''</span> - [[User:GwenhaelG|GwenhaelG]] 09:01, 18 December 2010 (UTC)<br />
* 072-armadeus-add_backlight_machinfo_to_imxfb_h.patch<br />
** <span style="color:green">'''OK'''</span> - [[User:GwenhaelG|GwenhaelG]] 13:14, 16 December 2010 (UTC)<br />
* 073-armadeus-tsc2102_integrate_driver_to_linux_build_system.patch<br />
** <span style="color:green">'''OK'''</span> - [[User:GwenhaelG|GwenhaelG]] 09:01, 18 December 2010 (UTC)<br />
* 073-armadeus-tsc2102.patch<br />
** <span style="color:green">'''OK'''</span> - [[User:GwenhaelG|GwenhaelG]] 09:01, 18 December 2010 (UTC)<br />
* 074-armadeus-tsc2102-touchscreen-add_driver_to_linux_build_system.patch<br />
** <span style="color:green">'''OK'''</span> - [[User:GwenhaelG|GwenhaelG]] 09:01, 18 December 2010 (UTC)<br />
* 074-armadeus-tsc2102-touchscreen.patch<br />
** <span style="color:green">'''OK'''</span> - [[User:GwenhaelG|GwenhaelG]] 09:01, 18 December 2010 (UTC)<br />
* 075-armadeus-spi2-reg-irq-defines.patch<br />
** <span style="color:orange">'''In progress'''</span> - [[User:GwenhaelG|GwenhaelG]] 07:54, 17 December 2010 (UTC)<br />
* <strike>076-arm-vmlinux-ld_script_patch_for_new_binutils.patch</strike><br />
** obsolete -- [[User:GwenhaelG|GwenhaelG]] 09:01, 18 December 2010 (UTC)<br />
* <strike>077-arm-checksyscalls.patch</strike><br />
** obsolete -- [[User:GwenhaelG|GwenhaelG]] 09:01, 18 December 2010 (UTC)<br />
* <strike>080-apf9328-armadeus-makes_mach-imx_gpio_h_includable_more_than_once.patch</strike><br />
** obsolete -- [[User:GwenhaelG|GwenhaelG]] 07:54, 17 December 2010 (UTC)<br />
* 088-can-mcp2515.patch<br />
** <span style="color:orange">'''In progress'''</span> - [[User:GwenhaelG|GwenhaelG]] 07:54, 17 December 2010 (UTC)<br />
* 090-armadeus-alsa-create_imx-alsa_h.patch<br />
* 091-armadeus-alsa-add_imx_ssi_tsc2102_driver.patch<br />
* 092-armadeus-alsa-imx-ssi-tsc2102-integrate_driver_to_linux_build_system.patch<br />
* <strike>094-armadeus-rtc1374-legacy.patch</strike><br />
** obsolete -- [[User:JulienB|JulienB]] 21:42, 21 December 2010 (UTC)<br />
* <strike>095-armadeus-imx-ssi-add_driver.patch</strike><br />
** obsolete -- [[User:JulienB|JulienB]] 17:31, 7 February 2011 (UTC)<br />
* <strike>096-armadeus-clock-add_ssi_clk.patch</strike><br />
** obsolete -- [[User:JulienB|JulienB]] 17:31, 7 February 2011 (UTC)<br />
* 097-armadeus-imx-dma-improvements.patch<br />
* 098-armadeus-imx-dma-announce_imx_is_supporting_scatter_gather.patch<br />
** <span style="color:green">'''OK'''</span> - [[User:GwenhaelG|GwenhaelG]] 13:14, 16 December 2010 (UTC)<br />
* <strike>099-armadeus-imx_clock-adds_fake_clk_set_rate.patch </strike><br />
<br />
===100 -> 199===<br />
* 100-armadeus-imx-serial-dont_allocate_rts_interrupt_if_not_needed.patch<br />
** <span style="color:orange">'''In progress'''</span> [[User:GwenhaelG|GwenhaelG]] 15:08, 7 November 2010 (UTC)<br />
* 199-armadeus-hack_kernel_to_export_some_irq_handling_functions.patch<br />
<br />
==APF27 patches==<br />
===220 -> 240===<br />
* <strike> 220-apf27-pengu-fec-old.patch </strike><br />
** obsolete: fec_old has been replaced by fec in mainline - [[User:JulienB|JulienB]] 08:58, 26 November 2010 (UTC)<br />
* <strike> 221-apf27-armadeus-fec-old_fixes.patch </strike><br />
** obsolete: same comment as above - [[User:JulienB|JulienB]] 09:00, 26 November 2010 (UTC)<br />
* 226-apf27-pengu-mx27-Camera_support.patch<br />
* 227-apf27-pengu-mx27-Add_simple_CPU_frequency_scaling_support.patch<br />
* 230-apf27-pengu-mx2_devices_full.patch<br />
* <strike> 231-apf27-pengu-mxc_i2c_driver.patch </strike><br />
** integrated in mainline (merge with MX1 one) - [[User:JulienB|JulienB]] 15:06, 25 November 2010 (UTC)<br />
* 233-apf27-pengu-mx2_framebuffer_beta.patch<br />
** Freescale framebuffer. rename patch to show this better... [[User:JulienB|JulienB]] 15:25, 25 November 2010 (UTC)<br />
* 234-apf27-armadeus-mx2_framebuffer_beta_update_for_2_6_27.patch<br />
* 235-apf27-armadeus-mx2_framebuffer-makes_it_work_with_8bpp.patch<br />
* <strike> 235-apf27-pengu-make_pcm038_full_featured.patch </strike><br />
** integrated in mainline - [[User:JulienB|JulienB]] 15:28, 25 November 2010 (UTC)<br />
* 235-apf27-pengu-pcm038-add_BSP_part_of_the_CPU_frequency_scaler.patch<br />
* 237-apf27-pengu-pcm970-Extend_to_current_development_status.patch<br />
* <strike>238-apf27-pengu-mx27-Add_an_ALSA_driver_for_iMX27.patch</strike><br />
** integrated in mainline in a different form -- [[User:JulienB|JulienB]] 17:45, 7 February 2011 (UTC)<br />
* <strike>238-apf27-pengu-pcm038-Add_ALSA_audio_support.patch</strike><br />
** obsolete -- [[User:JulienB|JulienB]] 17:45, 7 February 2011 (UTC)<br />
* 239-apf27-armadeus-alsa-remove_mc13783_from_mx27_snd_driver_compilation.patch<br />
** depends on 238<br />
* 240-apf27-armadeus-fixe-bugs-drivers_mxc_nand.c.patch<br />
** <span style="color:green">'''OK'''</span> [[User:JulienB|JulienB]] 14:16, 9 November 2010 (UTC)<br />
*** Divided into 2 patches<br />
*** '''ecc_layout to be checked by Jorasse'''<br />
<br />
===252 -> 276===<br />
* 252-apf27-pengu-m27-we_can_do_DMA_chaining.patch<br />
* <strike>256-apf27-pengu-mx27-Add_USB_resources_and_platform_devices.patch</strike><br />
** integrated in mainline -- [[User:JulienB|JulienB]] 20:16, 24 November 2010 (UTC)<br />
* 257-apf27-pengu-mx27-Add_EHCI_support.patch<br />
** partially integrated, to check where ULPI part is gone...<br />
* <strike>270-apf27-armadeus-imxmmc-add_sdhc1_resources_to_arch_arm_mach-mx2_device.patch</strike><br />
** integrated in mainline -- [[User:JulienB|JulienB]] 20:16, 24 November 2010 (UTC)<br />
* <strike>271-apf27-armadeus-imxmmc-add_missing_definitions_in_dma-mx1-mx2_h.patch</strike><br />
** obsolete, imxmmc driver needs to be cleanup instead -- [[User:JulienB|JulienB]] 21:56, 21 December 2010 (UTC)<br />
* <strike>272-apf27-armadeus-mxcmmc-add_sdhc2_pins_in_iomux-mx1-mx2_h.patch</strike><br />
** obsolete -- [[User:JulienB|JulienB]] 20:16, 24 November 2010 (UTC)<br />
* <strike>273-apf27-armadeus-imxmmc-create_arch_arm_plat-mxc_include_mach_mmc_h.patch</strike><br />
** obsolete - imxmmc driver has to be cleanup instead -- [[User:JulienB|JulienB]] 22:13, 21 December 2010 (UTC)<br />
* 274-apf27-armadeus-mxcmmc-improve_support_of_sdio_cards.patch<br />
** partially integrated in mainline, rest is '''OK''' -- [[User:JulienB|JulienB]] 09:45, 16 February 2011 (UTC)<br />
<br />
===280 -> 299===<br />
* <strike> 280-apf27-armadeus-correct_bugs_in_clock_infrastructure.patch </strike><br />
** corrected in a better way by mainline - [[User:JulienB|JulienB]] 15:30, 9 November 2010 (UTC)<br />
* 281-apf27-armadeus-add_apf27.c.patch<br />
** <span style="color:orange">'''In progress'''</span> [[User:JulienB|JulienB]] 14:26, 8 November 2010 (UTC) <br />
** '''arch/arm/mach-mx2 has been renamed arch/arm/mach-imx'''<br />
* 282-apf27-armadeus-add_apf27_to_build_system.patch<br />
** <span style="color:orange">'''In progress'''</span> [[User:JulienB|JulienB]] 14:26, 8 November 2010 (UTC) <br />
** '''arch/arm/mach-mx2 has been renamed arch/arm/mach-imx'''<br />
* <strike>283-apf27-armadeus-add_dump_uart_registers_function_to_imx_serial_driver.patch</strike><br />
** no more useful - [[User:JulienB|JulienB]] 07:19, 25 November 2010 (UTC)<br />
* 285-apf27-armadeus-add_LQO43_to_mxcfb_modedb.patch<br />
* 286-apf27-armadeus-add_LQO57_to_mxcfb_modedb.patch<br />
* 286b-apf27-armadeus-add_LW700AT9003_to_mxcfb_modedb.patch<br />
* 286c-apf27-armadeus-add_Optrex-T51638D084_to_mxcfb_modedb.patch<br />
* 286d-apf27-armadeus-add_TX12D17VM1BDP_to_mxcfb_modedb.patch<br />
* 286z-apf27-armadeus-add_CUSTOM_LCD_template_to_mxcfb_modedb.patch<br />
* <strike>287-apf27-armadeus-fix_usb_otg_int.patch</strike><br />
** integrated in mainline - [[User:JulienB|JulienB]] 19:42, 24 November 2010 (UTC)<br />
* 288-apf27-set-ttySMX-ref-imx-uart.patch<br />
** To remove and inform users that now serial ports are ttymxc[0-6] -- [[User:JulienB|JulienB]] 18:13, 7 February 2011 (UTC)<br />
* 290-apf27-pengu-spi_addons.patch<br />
** '''OK''', renamed to 290-armadeus-mx2-iomux-add_correct_directions_to_SPI2_gpios.patch - [[User:JulienB|JulienB]] 08:26, 22 December 2010 (UTC)<br />
* <strike> 291-apf27-add_debug_support_with_UART1.patch </strike><br />
** no more needed - [[User:JulienB|JulienB]] 15:35, 9 November 2010 (UTC)<br />
* 291-apf27-armadeus-add_mach_board-apf27_h.patch<br />
** '''OK''' - [[User:JulienB|JulienB]] 09:55, 22 December 2010 (UTC)<br />
* 292-apf27-armadeus-i2c-fix.patch<br />
* 293-apf27-armadeus-spi_imx-add_gpio_init_and_iMX27_support.patch<br />
** probably obsolete, to check...- [[User:JulienB|JulienB]] 08:58, 22 December 2010 (UTC)<br />
** moved SPI bus selection outside of it -> 293-armadeus-spi_imx-add_config_options_to_individually_activate_spi_busses.patch -- [[User:JulienB|JulienB]] 15:10, 7 January 2011 (UTC)<br />
* 294-apf27-armadeus-imxfb-create_imx_fb_h.patch<br />
** needed by Freescale framebuffer<br />
* <strike>294b-apf27-armadeus-imxfb-create_imxfb_h.patch</strike><br />
** obsolete -- [[User:JulienB|JulienB]] 18:13, 7 February 2011 (UTC)<br />
* 295-apf27-armadeus-imxfb-modify_imxfb_device_name_for_freescale_driver.patch<br />
* <strike> 296-apf27-armadeus-imx27-usb-host1.patch </strike><br />
** integrated in mainline - [[User:JulienB|JulienB]] 15:30, 9 November 2010 (UTC)<br />
* 297-apf27-armadeus-add_backlight_machinfo_to_plat_mxc_imxfb_h.patch<br />
* 297-apf27-armadeus-add_ethernet_PHY.patch<br />
* <strike> 299-apf27-armadeus-reboot.patch </strike><br />
** no more needed - [[User:JulienB|JulienB]] 15:30, 9 November 2010 (UTC)<br />
<br />
===300 -> 320===<br />
* <strike> 300-apf27-armadeus-jffs2_debug.patch </strike><br />
** no more needed - [[User:JulienB|JulienB]] 07:28, 25 November 2010 (UTC)<br />
* 301-apf27-armadeus-ssi-SSI1_TXD_is_an_ouput_not_an_input.patch<br />
** '''OK''' - [[User:JulienB|JulienB]] 10:02, 25 November 2010 (UTC)<br />
** renamed to 301-armadeus-mx2_ssi-SSIn_TXD_are_ouputs_not_inputs.patch<br />
* 302-apf27-armadeus-add_imx-alsa_h_to_plat-mxc_include_mach.patch<br />
* 303-apf27-armadeus-improve_mx2-dam_driver.patch<br />
* 304-apf27-armadeus-improve_mx2-ssi_driver.patch<br />
* 305-apf27-armadeus-separates_imx_and_mx2_alsa_build.patch<br />
* <strike> 310-apf27-armadeus-nfc-makes_it_compile_with_CONFIG_PM.patch </strike><br />
** no more needed - [[User:JulienB|JulienB]] 15:29, 9 November 2010 (UTC)<br />
* 311-apf27-armadeus-mx27-add_pm_infra.patch<br />
* 312-apf27-armadeus-ulpi-add_function_control_register_address.patch<br />
* 314-apf27-armadeus-ad9889.patch<br />
** '''OK''' - [[User:JulienB|JulienB]] 10:12, 25 November 2010 (UTC)<br />
** renamed to 314-armadeus-ad9889-add_driver.patch<br />
* 315-apf27-darius-mxc-watchdog.patch<br />
** '''OK''' - [[User:JulienB|JulienB]] 10:45, 25 November 2010 (UTC)<br />
** now only used for MX1, as MX2+ driver has been committed in mainline<br />
** renamed to 315-darius-imx_wdt-add_watchdog_driver.patch<br />
* <strike>316-apf27-armadeus-watchdog-makes_darius_driver_work_on_mx27.patch</strike><br />
** obsolete - [[User:JulienB|JulienB]] 10:45, 25 November 2010 (UTC)<br />
* 317-apf27-armadeus-add_kconfig_option_to_use_imx_led_and_switch_for_powermanagement_test.patch<br />
* 318-apf27-pengu-mxc_add_vpu_driver.patch<br />
* 319-armadeus-soc_camera_add_ov96xx_sensors_driver.patch<br />
** OK, patch applies but driver needs to be ported (doesn't compile) - [[User:JulienB|JulienB]] 14:03, 22 December 2010 (UTC)<br />
* 320-apf27-armadeus-increase_max_dma_zone_size.patch<br />
<br />
===320 -> 339===<br />
* <strike> 321-apf27-armadeus-mx2_adds_pwm_ressources.patch </strike><br />
** integrated in mainline - [[User:JulienB|JulienB]] 19:14, 25 November 2010 (UTC)<br />
* 321-apf27-armadeus-mx2_pwm_fixes.patch<br />
** check if PE5_PF_PWM0 needs to be forced as GPIO_OUT - [[User:JulienB|JulienB]] 19:19, 25 November 2010 (UTC)<br />
* 322-apf27-armadeus-add_mach_fpga_h.patch<br />
** '''OK''' - [[User:JulienB|JulienB]] 19:25, 25 November 2010 (UTC)<br />
* 323-apf27-armadeus-increases_board_irq_number.patch<br />
** '''OK''' - [[User:JulienB|JulienB]] 19:38, 25 November 2010 (UTC)<br />
* <strike> 323-pengu-imxfb-add_platform_specific_init_exit_functions.patch </strike><br />
** integrated in mainline - [[User:JulienB|JulienB]] 19:43, 25 November 2010 (UTC)<br />
* 324-armadeus-declare_scatter_gather_support_in_linux_scatterlist_h.patch<br />
* <strike> 325-pengu-imxfb-add_mx27_support.patch </strike><br />
** integrated in mainline - [[User:JulienB|JulienB]] 16:29, 25 November 2010 (UTC)<br />
* <strike> 327-pengu-imxfb-fix_margin_settings.patch </strike><br />
** integrated in mainline - [[User:JulienB|JulienB]] 16:32, 25 November 2010 (UTC)<br />
* 328-pengu-imxfb-add_clock_support.patch<br />
** partly integrated, to check if pcr recalculation is still needed. [[User:JulienB|JulienB]] 16:43, 25 November 2010 (UTC)<br />
* <strike> 329-pengu-imxfb-fix_tft_mode_init.patch </strike><br />
** integrated in mainline - [[User:JulienB|JulienB]] 16:43, 25 November 2010 (UTC)<br />
* <strike> 330-armadeus-imxfb-makes_mainline_driver_selectable_for_mx2.patch </strike><br />
** integrated in mainline - [[User:JulienB|JulienB]] 16:59, 25 November 2010 (UTC)<br />
* 330-armadeus-imxfb-power_on_backlight_after_lcd_logic.patch<br />
** '''OK''' - [[User:JulienB|JulienB]] 16:55, 25 November 2010 (UTC)<br />
* 331-armadeus-imxfb-makes_setpalettereg_compatible_with_mx27.patch<br />
** '''OK''' - [[User:JulienB|JulienB]] 17:05, 25 November 2010 (UTC)<br />
* 332-armadeus-imxfb-improvements.patch<br />
** depends on 328 (pcr)<br />
* 333-armadeus-imxfb-makes_plat-mxc_imxfb_h_compatible_with_mx27.patch<br />
** '''OK''' - [[User:JulienB|JulienB]] 17:36, 25 November 2010 (UTC)<br />
** renamed to 333-armadeus-imxfb-makes_distinction_between_mx1_and_mx2_bit_per_pixel_selection_in_PCR_fields.patch<br />
* 334-armadeus-imxfb-supports_8bpp_in_tft_mode.patch<br />
** depends on 332<br />
* <strike> 336-armadeus-imxfb-makes_it_compatible_with_arch_imx.patch </strike><br />
** obsolete - [[User:JulienB|JulienB]] 17:44, 25 November 2010 (UTC)<br />
* <strike> 337-armadeus-imxfb-add_lcd_clock_def_for_imx_platform.patch </strike><br />
** obsolete - [[User:JulienB|JulienB]] 17:48, 25 November 2010 (UTC)<br />
* 337b-armadeus-mx2fb-add_backlight_power_switch_capability.patch<br />
* <strike> 338-denx-mxcgpio-emulates_interrupt_on_both_edges.patch </strike><br />
** integrated in mainline - [[User:JulienB|JulienB]] 19:33, 24 November 2010 (UTC)<br />
* 339-apf27-armadeus-add_platform_data_init_support_to_spidev.patch<br />
** '''OK''' - [[User:JulienB|JulienB]] 19:05, 25 November 2010 (UTC)<br />
<br />
===340 -> 349===<br />
* 340-apf27-martin-keypad-add_driver_for_mx2.patch<br />
** another driver seems to have been integrated in mainline... To check<br />
* 341-apf27-armadeus-serial-add_uart_modules_selection_in_kconfig.patch<br />
** '''OK''' - [[User:JulienB|JulienB]] 09:30, 26 November 2010 (UTC)<br />
* 342-apf27-armadeus-serial-some_uart_pins_are_not_available_on_apf27_based_designs.patch<br />
** '''OK''' - [[User:JulienB|JulienB]] 09:35, 26 November 2010 (UTC)<br />
* 343-apf27-amoled-hx5116.patch<br />
* 345-apf27-armadeus-iomux-display_gpio_number_when_reservation_fails.patch<br />
** '''OK''' - [[User:JulienB|JulienB]] 09:43, 26 November 2010 (UTC)<br />
* <strike> 346-smsc-lan95xx-activates_led_outputs.patch </strike><br />
** integrated in mainline - [[User:JulienB|JulienB]] 09:48, 26 November 2010 (UTC)<br />
* <strike> 347b-smsc-lan95xx-add_additionnal_USB_products_IDs.patch </strike><br />
** integrated in mainline - [[User:JulienB|JulienB]] 09:48, 26 November 2010 (UTC)<br />
* 347c-armadeus-lan95xx-activate_blinking_leds.patch<br />
** '''OK''' - [[User:JulienB|JulienB]] 09:58, 26 November 2010 (UTC)<br />
* <strike> 347-smsc-lan95xx-removes_eeprom_loaded_check.patch </strike><br />
** integrated in mainline - [[User:JulienB|JulienB]] 09:48, 26 November 2010 (UTC)<br />
* <strike>348-armadeus-plat-mxc-gpio.patch</strike><br />
** integrated in mainline - [[User:JulienB|JulienB]] 08:04, 7 February 2011 (UTC)<br />
* 349-armadeus-spi-backport_2.6.32.2.patch<br />
<br />
===350 -> ...===<br />
* 350-armadeus-spi-improve_spi_gpio_for_single_data_pin.patch<br />
* <strike>351-armadeus-spi_imx-update_for_2.6.32_compatibility.patch</strike><br />
** no more needed -- [[User:JulienB|JulienB]] 16:50, 7 February 2011 (UTC)<br />
* 352-armadeus-time-fix_timekeeping_resume.patch<br />
** to check<br />
* <strike>355a-denx-fsl_udc-Add_iMX3x_support_to_the_fsl_usb2_udc_driver.patch</strike><br />
** no more needed -- [[User:JulienB|JulienB]] 16:50, 7 February 2011 (UTC)<br />
* <strike>355b-montavista-fsl_udc_core-fix_kernel_oops_on_module_removal.patch</strike><br />
** no more needed -- [[User:JulienB|JulienB]] 16:50, 7 February 2011 (UTC)<br />
* <strike>355c-armadeus-mx2-devices-add_usb_device.patch</strike><br />
** no more needed -- [[User:JulienB|JulienB]] 16:50, 7 February 2011 (UTC)<br />
* <strike>355d-armadeus-fsl_udc-add_platform_init_support.patch</strike><br />
** no more needed -- [[User:JulienB|JulienB]] 16:50, 7 February 2011 (UTC)<br />
* 355e-armadeus-fsl_udc-reset_temporary_fix.patch<br />
** to check...<br />
* 356-armadeus-soc_camera-add_ov7670_sensor_driver.patch<br />
* <strike>357-armadeus-mx27camera-add_CSICR1_REDGE_handling.patch</strike><br />
** no more needed -- [[User:JulienB|JulienB]] 16:50, 7 February 2011 (UTC)<br />
* 358-armadeus-imx-adding_mangling_capability_on_i2c_imx_driver.patch<br />
** <span style="color:green">'''OK'''</span> [[User:FabienM|FabienM]] 11:17, 13 December 2010 (UTC)<br />
* <strike>359-armadeus-joystick-adding_as5011_joystick_driver.patch</strike><br />
** Under 2.6.38 kernel now.[[User:FabienM|FabienM]] 14:37, 28 January 2011 (UTC) <br />
* 361-armadeus-soc_camera-add_ov3640_sensor_driver.patch<br />
* 362-apf27-armadeus-fec-old_ifconfig_up_down_fix.patch<br />
** patch is obsolete as we now use fec and not fec_old, but problem seems still to be here on fec<br />
* 363-armadeus-ADC-Adding_AS1531_adc_driver.patch<br />
* <strike>364-armadeus-add_usb3315_registers_definition_in_ulpi_h.patch</strike><br />
** no more needed -- [[User:JulienB|JulienB]] 16:50, 7 February 2011 (UTC)<br />
* 365-pps-armadeus-add_pps_baseboard.patch</div>JeremieShttp://armadeus.org/wiki/index.php?title=APF9328_and_APF27_migration_to_Linux_2.6.38&diff=10938APF9328 and APF27 migration to Linux 2.6.382012-06-08T13:13:39Z<p>JeremieS: /* Things to know BEFORE booting */</p>
<hr />
<div> {{Need_Update}}<br />
==Instructions==<br />
* Patches to port: ''buildroot/target/device/armadeus/linux/kernel-patches/2.6.29/''<br />
* when working on a patch mark it with:<br />
** <nowiki> ** <span style="color:orange">'''In progress'''</span> ~~~~ </nowiki><br />
** '''-->''' <span style="color:orange">'''In progress'''</span> [[User:JulienB|JulienB]] 14:14, 9 November 2010 (UTC)<br />
* Strike the one that are no more needed:<br />
** <strike> 000-xxxxxxx.patch </strike><br />
* Write OK in bold green and your name (automatic with 4x'~') when corresponding patch has been ported:<br />
** <nowiki> ** <span style="color:green">'''OK'''</span> ~~~~ </nowiki><br />
** '''-->''' 000-xxxxxxx.patch: <span style="color:green">'''OK'''</span> [[User:JulienB|JulienB]] 07:06, 21 October 2010 (UTC)<br />
* How to:<br />
<pre class="host"><br />
$ cd armadeus-xx<br />
$ cp buildroot/target/device/armadeus/linux/kernel-patches/2.6.29/000-foo.patch buildroot/target/device/armadeus/linux/kernel-patches/2.6.38/<br />
$ cd buildroot/output/build/linux-2.6.38.1/<br />
$ patch -p1 --dry-run < ../../../../buildroot/target/device/armadeus/linux/kernel-patches/2.6.38/000-foo.patch<br />
<br />
... modify patch until it applies correctly ...<br />
<br />
$ patch -p1 < ../../../../buildroot/target/device/armadeus/linux/kernel-patches/2.6.38/000-foo.patch<br />
<br />
... go one ...<br />
</pre><br />
<br />
===How to compile kernel ?===<br />
* 1] Select 2.6.38.8 version in Buildroot menuconfig:<br />
<pre class="config"><br />
Kernel ---><br />
(2.6.38.8) Kernel version<br />
<br />
Toolchain ---><br />
Kernel Headers (Linux 2.6 (manually specified version)) ---><br />
(2.6.38.8) linux version<br />
</pre><br />
* 2] Change serial console :<br />
<pre class="config"><br />
System configuration ---><br />
(ttymxc0) Port to run a getty (login prompt) on<br />
</pre><br />
* 3] Compile whole Buildroot at least once<br />
* 4] For the one who knows ''quilt'', they can use ''scripts/quiltify.sh'' before starting (procedure in construction)<br />
<br />
===Things to know BEFORE booting===<br />
* on 2.6.38 i.MX serial port names have been unified to /dev/ttymxc[0-6]. So if you want to see something on your serial console please do the following before booting:<br />
** APF27<br />
<pre class="apf"><br />
BIOS> setenv consoledev=ttymxc0<br />
BIOS> setenv baudrate 115200<br />
</pre><br />
* <strike><span style="color:red">for the same reason you must also modify ''buildroot/output/target/etc/inittab'' and then do a ''make'' after a successful build.</span></strike><br />
* Framebuffer can now support multiple LCDs and so LCD you want to use must be passed as bootparam (like serial port). So you can do (for example):<br />
<pre class="apf"><br />
BIOS> setenv consoledev=ttymxc0<br />
BIOS> setenv baudrate 115200 video=imxfb:Chimei-LW700AT9003<br />
</pre><br />
<br />
===Things to do AFTER booting===<br />
* <strike>if you want to use touchscreen, please '''uncomment''' this line in ''/etc/ts.conf'' (line 2):</strike><br />
<pre class="apf"><br />
# module_raw input<br />
</pre><br />
<br />
==APF9328 patches==<br />
===015 -> 040===<br />
* 015-armadeus-logo-add_armadeus-project_tux.patch<br />
** <span style="color:green">'''OK'''</span> [[User:JulienB|JulienB]] 14:42, 21 October 2010 (UTC)<br />
* <strike>016-armadeus-imxfb-add_platform_specific_init_exit_functions.patch </strike><br />
* <strike>018-armadeus-i2c-imx-add_driver_to_linux_build_system.patch</strike><br />
** integrated in mainline - [[User:GwenhaelG|GwenhaelG]] 14:27, 27 November 2010 (UTC)<br />
* <strike>018-armadeus-i2c-imx.patch</strike><br />
** integrated in mainline - [[User:GwenhaelG|GwenhaelG]] 14:27, 27 November 2010 (UTC)<br />
* 021-armadeus-apf9328_defconfig.patch<br />
** <span style="color:green">'''OK'''</span> [[User:GwenhaelG|GwenhaelG]] 17:38, 6 November 2010 (UTC)<br />
* 021-armadeus-apf9328.patch<br />
** <span style="color:orange">'''In progress'''</span> [[User:GwenhaelG|GwenhaelG]] 18:40, 21 November 2010 (UTC)<br />
* 023-armadeus-fblcd-kconfig.patch<br />
** <span style="color:green">'''OK'''</span> - [[User:GwenhaelG|GwenhaelG]] 13:12, 16 December 2010 (UTC)<br />
* 024-armadeus-apf9328-add_board_to_linux_build_system.patch<br />
** <span style="color:green">'''OK'''</span> - [[User:GwenhaelG|GwenhaelG]] 13:12, 16 December 2010 (UTC)<br />
* <strike>028-armadeus-add_reg8_macro_to_hardware_h.patch</strike><br />
** obsolete - [[User:GwenhaelG|GwenhaelG]] 16:46, 4 December 2010 (UTC)<br />
* 029-armadeus-add_csi_and_spi_registers_to_imx-regs_h.patch<br />
** <span style="color:green">'''OK'''</span> - [[User:GwenhaelG|GwenhaelG]] 13:12, 16 December 2010 (UTC)<br />
** renamed to 029-armadeus-add_csi_and_spi_registers.patch<br />
* <strike>030-armadeus-fixes_typo_for_usbdrcv_in_imx-regs_h.patch </strike><br />
* 030-armadeus-imx-generic.patch<br />
** <span style="color:green">'''OK'''</span> - [[User:GwenhaelG|GwenhaelG]] 13:12, 16 December 2010 (UTC)<br />
** renamed to 030-armadeus-imx.patch<br />
* <strike>030-armadeus-imx_udc-add_clock.patch</strike><br />
** integrated in mainline - [[User:GwenhaelG|GwenhaelG]] 16:46, 4 December 2010 (UTC)<br />
* <strike>030-armadeus-imx_udc-change_source_sink_in_gadget_zero.to_fix</strike><br />
** obsolete - [[User:GwenhaelG|GwenhaelG]] 13:12, 16 December 2010 (UTC)<br />
* <strike>030-armadeus-imx_udc-deactivate_cdc_in_ether_c.to_fix</strike><br />
** obsolete - [[User:GwenhaelG|GwenhaelG]] 13:12, 16 December 2010 (UTC)<br />
* <strike>031-armadeus-imx_udc_add_usb_h_include_to_arch_arm_mach-imx_include_mach.patch</strike><br />
** integrated in mainline - [[User:GwenhaelG|GwenhaelG]] 16:46, 4 December 2010 (UTC)<br />
* <strike>032-armadeus-imx_udc_makes_kconfig_selectable_on_imx_arch.patch</strike><br />
** obsolete - [[User:GwenhaelG|GwenhaelG]] 16:46, 4 December 2010 (UTC)<br />
* <strike>033-darius-imx_udc-fix_imx_udc_gadget_bugs.patch </strike><br />
* <strike>034-darius-imx_udc-fix_imx_udc_gadget_code_style.patch </strike><br />
* <strike>035-darius-imx_udc-fix_imx_udc_gadget_ep0_irq_handling.patch </strike><br />
* <strike>036-darius-imx_udc-fix_imx_udc_gadget_general_irq_handling.patch </strike><br />
* 037-armadeus-imx_udc-add_printk_when_probed.patch<br />
** <span style="color:green">'''OK'''</span> - [[User:GwenhaelG|GwenhaelG]] 08:58, 18 December 2010 (UTC)<br />
* 038-armadeus-imx_udc-prevent_crash_after_soft_reboot.patch<br />
** <span style="color:green">'''OK'''</span> - [[User:GwenhaelG|GwenhaelG]] 08:58, 18 December 2010 (UTC)<br />
* 040-armadeus-imxmmc-add_controller_driven_card_detection.patch<br />
** <span style="color:orange">'''In progress'''</span> [[User:GwenhaelG|GwenhaelG]] 18:40, 21 November 2010 (UTC)<br />
* 040-armadeus-imxmmc-correct_some_freezes.patch<br />
** <span style="color:orange">'''In progress'''</span> [[User:GwenhaelG|GwenhaelG]] 18:40, 21 November 2010 (UTC)<br />
<br />
===041 -> 099===<br />
* <strike>041-armadeus-imx_irq.patch</strike><br />
** obsolete - [[User:GwenhaelG|GwenhaelG]] 08:06, 18 December 2010 (UTC)<br />
* 050-armadeus-add_custom_drivers_to_kconfig.patch<br />
** <span style="color:green">'''OK'''</span> - [[User:GwenhaelG|GwenhaelG]] 13:14, 16 December 2010 (UTC)<br />
* 063-armadeus-max1027-add_max1027_include.patch<br />
** <span style="color:green">'''OK'''</span> - [[User:GwenhaelG|GwenhaelG]] 09:01, 18 December 2010 (UTC)<br />
* 072-armadeus-add_backlight_machinfo_to_imxfb_h.patch<br />
** <span style="color:green">'''OK'''</span> - [[User:GwenhaelG|GwenhaelG]] 13:14, 16 December 2010 (UTC)<br />
* 073-armadeus-tsc2102_integrate_driver_to_linux_build_system.patch<br />
** <span style="color:green">'''OK'''</span> - [[User:GwenhaelG|GwenhaelG]] 09:01, 18 December 2010 (UTC)<br />
* 073-armadeus-tsc2102.patch<br />
** <span style="color:green">'''OK'''</span> - [[User:GwenhaelG|GwenhaelG]] 09:01, 18 December 2010 (UTC)<br />
* 074-armadeus-tsc2102-touchscreen-add_driver_to_linux_build_system.patch<br />
** <span style="color:green">'''OK'''</span> - [[User:GwenhaelG|GwenhaelG]] 09:01, 18 December 2010 (UTC)<br />
* 074-armadeus-tsc2102-touchscreen.patch<br />
** <span style="color:green">'''OK'''</span> - [[User:GwenhaelG|GwenhaelG]] 09:01, 18 December 2010 (UTC)<br />
* 075-armadeus-spi2-reg-irq-defines.patch<br />
** <span style="color:orange">'''In progress'''</span> - [[User:GwenhaelG|GwenhaelG]] 07:54, 17 December 2010 (UTC)<br />
* <strike>076-arm-vmlinux-ld_script_patch_for_new_binutils.patch</strike><br />
** obsolete -- [[User:GwenhaelG|GwenhaelG]] 09:01, 18 December 2010 (UTC)<br />
* <strike>077-arm-checksyscalls.patch</strike><br />
** obsolete -- [[User:GwenhaelG|GwenhaelG]] 09:01, 18 December 2010 (UTC)<br />
* <strike>080-apf9328-armadeus-makes_mach-imx_gpio_h_includable_more_than_once.patch</strike><br />
** obsolete -- [[User:GwenhaelG|GwenhaelG]] 07:54, 17 December 2010 (UTC)<br />
* 088-can-mcp2515.patch<br />
** <span style="color:orange">'''In progress'''</span> - [[User:GwenhaelG|GwenhaelG]] 07:54, 17 December 2010 (UTC)<br />
* 090-armadeus-alsa-create_imx-alsa_h.patch<br />
* 091-armadeus-alsa-add_imx_ssi_tsc2102_driver.patch<br />
* 092-armadeus-alsa-imx-ssi-tsc2102-integrate_driver_to_linux_build_system.patch<br />
* <strike>094-armadeus-rtc1374-legacy.patch</strike><br />
** obsolete -- [[User:JulienB|JulienB]] 21:42, 21 December 2010 (UTC)<br />
* <strike>095-armadeus-imx-ssi-add_driver.patch</strike><br />
** obsolete -- [[User:JulienB|JulienB]] 17:31, 7 February 2011 (UTC)<br />
* <strike>096-armadeus-clock-add_ssi_clk.patch</strike><br />
** obsolete -- [[User:JulienB|JulienB]] 17:31, 7 February 2011 (UTC)<br />
* 097-armadeus-imx-dma-improvements.patch<br />
* 098-armadeus-imx-dma-announce_imx_is_supporting_scatter_gather.patch<br />
** <span style="color:green">'''OK'''</span> - [[User:GwenhaelG|GwenhaelG]] 13:14, 16 December 2010 (UTC)<br />
* <strike>099-armadeus-imx_clock-adds_fake_clk_set_rate.patch </strike><br />
<br />
===100 -> 199===<br />
* 100-armadeus-imx-serial-dont_allocate_rts_interrupt_if_not_needed.patch<br />
** <span style="color:orange">'''In progress'''</span> [[User:GwenhaelG|GwenhaelG]] 15:08, 7 November 2010 (UTC)<br />
* 199-armadeus-hack_kernel_to_export_some_irq_handling_functions.patch<br />
<br />
==APF27 patches==<br />
===220 -> 240===<br />
* <strike> 220-apf27-pengu-fec-old.patch </strike><br />
** obsolete: fec_old has been replaced by fec in mainline - [[User:JulienB|JulienB]] 08:58, 26 November 2010 (UTC)<br />
* <strike> 221-apf27-armadeus-fec-old_fixes.patch </strike><br />
** obsolete: same comment as above - [[User:JulienB|JulienB]] 09:00, 26 November 2010 (UTC)<br />
* 226-apf27-pengu-mx27-Camera_support.patch<br />
* 227-apf27-pengu-mx27-Add_simple_CPU_frequency_scaling_support.patch<br />
* 230-apf27-pengu-mx2_devices_full.patch<br />
* <strike> 231-apf27-pengu-mxc_i2c_driver.patch </strike><br />
** integrated in mainline (merge with MX1 one) - [[User:JulienB|JulienB]] 15:06, 25 November 2010 (UTC)<br />
* 233-apf27-pengu-mx2_framebuffer_beta.patch<br />
** Freescale framebuffer. rename patch to show this better... [[User:JulienB|JulienB]] 15:25, 25 November 2010 (UTC)<br />
* 234-apf27-armadeus-mx2_framebuffer_beta_update_for_2_6_27.patch<br />
* 235-apf27-armadeus-mx2_framebuffer-makes_it_work_with_8bpp.patch<br />
* <strike> 235-apf27-pengu-make_pcm038_full_featured.patch </strike><br />
** integrated in mainline - [[User:JulienB|JulienB]] 15:28, 25 November 2010 (UTC)<br />
* 235-apf27-pengu-pcm038-add_BSP_part_of_the_CPU_frequency_scaler.patch<br />
* 237-apf27-pengu-pcm970-Extend_to_current_development_status.patch<br />
* <strike>238-apf27-pengu-mx27-Add_an_ALSA_driver_for_iMX27.patch</strike><br />
** integrated in mainline in a different form -- [[User:JulienB|JulienB]] 17:45, 7 February 2011 (UTC)<br />
* <strike>238-apf27-pengu-pcm038-Add_ALSA_audio_support.patch</strike><br />
** obsolete -- [[User:JulienB|JulienB]] 17:45, 7 February 2011 (UTC)<br />
* 239-apf27-armadeus-alsa-remove_mc13783_from_mx27_snd_driver_compilation.patch<br />
** depends on 238<br />
* 240-apf27-armadeus-fixe-bugs-drivers_mxc_nand.c.patch<br />
** <span style="color:green">'''OK'''</span> [[User:JulienB|JulienB]] 14:16, 9 November 2010 (UTC)<br />
*** Divided into 2 patches<br />
*** '''ecc_layout to be checked by Jorasse'''<br />
<br />
===252 -> 276===<br />
* 252-apf27-pengu-m27-we_can_do_DMA_chaining.patch<br />
* <strike>256-apf27-pengu-mx27-Add_USB_resources_and_platform_devices.patch</strike><br />
** integrated in mainline -- [[User:JulienB|JulienB]] 20:16, 24 November 2010 (UTC)<br />
* 257-apf27-pengu-mx27-Add_EHCI_support.patch<br />
** partially integrated, to check where ULPI part is gone...<br />
* <strike>270-apf27-armadeus-imxmmc-add_sdhc1_resources_to_arch_arm_mach-mx2_device.patch</strike><br />
** integrated in mainline -- [[User:JulienB|JulienB]] 20:16, 24 November 2010 (UTC)<br />
* <strike>271-apf27-armadeus-imxmmc-add_missing_definitions_in_dma-mx1-mx2_h.patch</strike><br />
** obsolete, imxmmc driver needs to be cleanup instead -- [[User:JulienB|JulienB]] 21:56, 21 December 2010 (UTC)<br />
* <strike>272-apf27-armadeus-mxcmmc-add_sdhc2_pins_in_iomux-mx1-mx2_h.patch</strike><br />
** obsolete -- [[User:JulienB|JulienB]] 20:16, 24 November 2010 (UTC)<br />
* <strike>273-apf27-armadeus-imxmmc-create_arch_arm_plat-mxc_include_mach_mmc_h.patch</strike><br />
** obsolete - imxmmc driver has to be cleanup instead -- [[User:JulienB|JulienB]] 22:13, 21 December 2010 (UTC)<br />
* 274-apf27-armadeus-mxcmmc-improve_support_of_sdio_cards.patch<br />
** partially integrated in mainline, rest is '''OK''' -- [[User:JulienB|JulienB]] 09:45, 16 February 2011 (UTC)<br />
<br />
===280 -> 299===<br />
* <strike> 280-apf27-armadeus-correct_bugs_in_clock_infrastructure.patch </strike><br />
** corrected in a better way by mainline - [[User:JulienB|JulienB]] 15:30, 9 November 2010 (UTC)<br />
* 281-apf27-armadeus-add_apf27.c.patch<br />
** <span style="color:orange">'''In progress'''</span> [[User:JulienB|JulienB]] 14:26, 8 November 2010 (UTC) <br />
** '''arch/arm/mach-mx2 has been renamed arch/arm/mach-imx'''<br />
* 282-apf27-armadeus-add_apf27_to_build_system.patch<br />
** <span style="color:orange">'''In progress'''</span> [[User:JulienB|JulienB]] 14:26, 8 November 2010 (UTC) <br />
** '''arch/arm/mach-mx2 has been renamed arch/arm/mach-imx'''<br />
* <strike>283-apf27-armadeus-add_dump_uart_registers_function_to_imx_serial_driver.patch</strike><br />
** no more useful - [[User:JulienB|JulienB]] 07:19, 25 November 2010 (UTC)<br />
* 285-apf27-armadeus-add_LQO43_to_mxcfb_modedb.patch<br />
* 286-apf27-armadeus-add_LQO57_to_mxcfb_modedb.patch<br />
* 286b-apf27-armadeus-add_LW700AT9003_to_mxcfb_modedb.patch<br />
* 286c-apf27-armadeus-add_Optrex-T51638D084_to_mxcfb_modedb.patch<br />
* 286d-apf27-armadeus-add_TX12D17VM1BDP_to_mxcfb_modedb.patch<br />
* 286z-apf27-armadeus-add_CUSTOM_LCD_template_to_mxcfb_modedb.patch<br />
* <strike>287-apf27-armadeus-fix_usb_otg_int.patch</strike><br />
** integrated in mainline - [[User:JulienB|JulienB]] 19:42, 24 November 2010 (UTC)<br />
* 288-apf27-set-ttySMX-ref-imx-uart.patch<br />
** To remove and inform users that now serial ports are ttymxc[0-6] -- [[User:JulienB|JulienB]] 18:13, 7 February 2011 (UTC)<br />
* 290-apf27-pengu-spi_addons.patch<br />
** '''OK''', renamed to 290-armadeus-mx2-iomux-add_correct_directions_to_SPI2_gpios.patch - [[User:JulienB|JulienB]] 08:26, 22 December 2010 (UTC)<br />
* <strike> 291-apf27-add_debug_support_with_UART1.patch </strike><br />
** no more needed - [[User:JulienB|JulienB]] 15:35, 9 November 2010 (UTC)<br />
* 291-apf27-armadeus-add_mach_board-apf27_h.patch<br />
** '''OK''' - [[User:JulienB|JulienB]] 09:55, 22 December 2010 (UTC)<br />
* 292-apf27-armadeus-i2c-fix.patch<br />
* 293-apf27-armadeus-spi_imx-add_gpio_init_and_iMX27_support.patch<br />
** probably obsolete, to check...- [[User:JulienB|JulienB]] 08:58, 22 December 2010 (UTC)<br />
** moved SPI bus selection outside of it -> 293-armadeus-spi_imx-add_config_options_to_individually_activate_spi_busses.patch -- [[User:JulienB|JulienB]] 15:10, 7 January 2011 (UTC)<br />
* 294-apf27-armadeus-imxfb-create_imx_fb_h.patch<br />
** needed by Freescale framebuffer<br />
* <strike>294b-apf27-armadeus-imxfb-create_imxfb_h.patch</strike><br />
** obsolete -- [[User:JulienB|JulienB]] 18:13, 7 February 2011 (UTC)<br />
* 295-apf27-armadeus-imxfb-modify_imxfb_device_name_for_freescale_driver.patch<br />
* <strike> 296-apf27-armadeus-imx27-usb-host1.patch </strike><br />
** integrated in mainline - [[User:JulienB|JulienB]] 15:30, 9 November 2010 (UTC)<br />
* 297-apf27-armadeus-add_backlight_machinfo_to_plat_mxc_imxfb_h.patch<br />
* 297-apf27-armadeus-add_ethernet_PHY.patch<br />
* <strike> 299-apf27-armadeus-reboot.patch </strike><br />
** no more needed - [[User:JulienB|JulienB]] 15:30, 9 November 2010 (UTC)<br />
<br />
===300 -> 320===<br />
* <strike> 300-apf27-armadeus-jffs2_debug.patch </strike><br />
** no more needed - [[User:JulienB|JulienB]] 07:28, 25 November 2010 (UTC)<br />
* 301-apf27-armadeus-ssi-SSI1_TXD_is_an_ouput_not_an_input.patch<br />
** '''OK''' - [[User:JulienB|JulienB]] 10:02, 25 November 2010 (UTC)<br />
** renamed to 301-armadeus-mx2_ssi-SSIn_TXD_are_ouputs_not_inputs.patch<br />
* 302-apf27-armadeus-add_imx-alsa_h_to_plat-mxc_include_mach.patch<br />
* 303-apf27-armadeus-improve_mx2-dam_driver.patch<br />
* 304-apf27-armadeus-improve_mx2-ssi_driver.patch<br />
* 305-apf27-armadeus-separates_imx_and_mx2_alsa_build.patch<br />
* <strike> 310-apf27-armadeus-nfc-makes_it_compile_with_CONFIG_PM.patch </strike><br />
** no more needed - [[User:JulienB|JulienB]] 15:29, 9 November 2010 (UTC)<br />
* 311-apf27-armadeus-mx27-add_pm_infra.patch<br />
* 312-apf27-armadeus-ulpi-add_function_control_register_address.patch<br />
* 314-apf27-armadeus-ad9889.patch<br />
** '''OK''' - [[User:JulienB|JulienB]] 10:12, 25 November 2010 (UTC)<br />
** renamed to 314-armadeus-ad9889-add_driver.patch<br />
* 315-apf27-darius-mxc-watchdog.patch<br />
** '''OK''' - [[User:JulienB|JulienB]] 10:45, 25 November 2010 (UTC)<br />
** now only used for MX1, as MX2+ driver has been committed in mainline<br />
** renamed to 315-darius-imx_wdt-add_watchdog_driver.patch<br />
* <strike>316-apf27-armadeus-watchdog-makes_darius_driver_work_on_mx27.patch</strike><br />
** obsolete - [[User:JulienB|JulienB]] 10:45, 25 November 2010 (UTC)<br />
* 317-apf27-armadeus-add_kconfig_option_to_use_imx_led_and_switch_for_powermanagement_test.patch<br />
* 318-apf27-pengu-mxc_add_vpu_driver.patch<br />
* 319-armadeus-soc_camera_add_ov96xx_sensors_driver.patch<br />
** OK, patch applies but driver needs to be ported (doesn't compile) - [[User:JulienB|JulienB]] 14:03, 22 December 2010 (UTC)<br />
* 320-apf27-armadeus-increase_max_dma_zone_size.patch<br />
<br />
===320 -> 339===<br />
* <strike> 321-apf27-armadeus-mx2_adds_pwm_ressources.patch </strike><br />
** integrated in mainline - [[User:JulienB|JulienB]] 19:14, 25 November 2010 (UTC)<br />
* 321-apf27-armadeus-mx2_pwm_fixes.patch<br />
** check if PE5_PF_PWM0 needs to be forced as GPIO_OUT - [[User:JulienB|JulienB]] 19:19, 25 November 2010 (UTC)<br />
* 322-apf27-armadeus-add_mach_fpga_h.patch<br />
** '''OK''' - [[User:JulienB|JulienB]] 19:25, 25 November 2010 (UTC)<br />
* 323-apf27-armadeus-increases_board_irq_number.patch<br />
** '''OK''' - [[User:JulienB|JulienB]] 19:38, 25 November 2010 (UTC)<br />
* <strike> 323-pengu-imxfb-add_platform_specific_init_exit_functions.patch </strike><br />
** integrated in mainline - [[User:JulienB|JulienB]] 19:43, 25 November 2010 (UTC)<br />
* 324-armadeus-declare_scatter_gather_support_in_linux_scatterlist_h.patch<br />
* <strike> 325-pengu-imxfb-add_mx27_support.patch </strike><br />
** integrated in mainline - [[User:JulienB|JulienB]] 16:29, 25 November 2010 (UTC)<br />
* <strike> 327-pengu-imxfb-fix_margin_settings.patch </strike><br />
** integrated in mainline - [[User:JulienB|JulienB]] 16:32, 25 November 2010 (UTC)<br />
* 328-pengu-imxfb-add_clock_support.patch<br />
** partly integrated, to check if pcr recalculation is still needed. [[User:JulienB|JulienB]] 16:43, 25 November 2010 (UTC)<br />
* <strike> 329-pengu-imxfb-fix_tft_mode_init.patch </strike><br />
** integrated in mainline - [[User:JulienB|JulienB]] 16:43, 25 November 2010 (UTC)<br />
* <strike> 330-armadeus-imxfb-makes_mainline_driver_selectable_for_mx2.patch </strike><br />
** integrated in mainline - [[User:JulienB|JulienB]] 16:59, 25 November 2010 (UTC)<br />
* 330-armadeus-imxfb-power_on_backlight_after_lcd_logic.patch<br />
** '''OK''' - [[User:JulienB|JulienB]] 16:55, 25 November 2010 (UTC)<br />
* 331-armadeus-imxfb-makes_setpalettereg_compatible_with_mx27.patch<br />
** '''OK''' - [[User:JulienB|JulienB]] 17:05, 25 November 2010 (UTC)<br />
* 332-armadeus-imxfb-improvements.patch<br />
** depends on 328 (pcr)<br />
* 333-armadeus-imxfb-makes_plat-mxc_imxfb_h_compatible_with_mx27.patch<br />
** '''OK''' - [[User:JulienB|JulienB]] 17:36, 25 November 2010 (UTC)<br />
** renamed to 333-armadeus-imxfb-makes_distinction_between_mx1_and_mx2_bit_per_pixel_selection_in_PCR_fields.patch<br />
* 334-armadeus-imxfb-supports_8bpp_in_tft_mode.patch<br />
** depends on 332<br />
* <strike> 336-armadeus-imxfb-makes_it_compatible_with_arch_imx.patch </strike><br />
** obsolete - [[User:JulienB|JulienB]] 17:44, 25 November 2010 (UTC)<br />
* <strike> 337-armadeus-imxfb-add_lcd_clock_def_for_imx_platform.patch </strike><br />
** obsolete - [[User:JulienB|JulienB]] 17:48, 25 November 2010 (UTC)<br />
* 337b-armadeus-mx2fb-add_backlight_power_switch_capability.patch<br />
* <strike> 338-denx-mxcgpio-emulates_interrupt_on_both_edges.patch </strike><br />
** integrated in mainline - [[User:JulienB|JulienB]] 19:33, 24 November 2010 (UTC)<br />
* 339-apf27-armadeus-add_platform_data_init_support_to_spidev.patch<br />
** '''OK''' - [[User:JulienB|JulienB]] 19:05, 25 November 2010 (UTC)<br />
<br />
===340 -> 349===<br />
* 340-apf27-martin-keypad-add_driver_for_mx2.patch<br />
** another driver seems to have been integrated in mainline... To check<br />
* 341-apf27-armadeus-serial-add_uart_modules_selection_in_kconfig.patch<br />
** '''OK''' - [[User:JulienB|JulienB]] 09:30, 26 November 2010 (UTC)<br />
* 342-apf27-armadeus-serial-some_uart_pins_are_not_available_on_apf27_based_designs.patch<br />
** '''OK''' - [[User:JulienB|JulienB]] 09:35, 26 November 2010 (UTC)<br />
* 343-apf27-amoled-hx5116.patch<br />
* 345-apf27-armadeus-iomux-display_gpio_number_when_reservation_fails.patch<br />
** '''OK''' - [[User:JulienB|JulienB]] 09:43, 26 November 2010 (UTC)<br />
* <strike> 346-smsc-lan95xx-activates_led_outputs.patch </strike><br />
** integrated in mainline - [[User:JulienB|JulienB]] 09:48, 26 November 2010 (UTC)<br />
* <strike> 347b-smsc-lan95xx-add_additionnal_USB_products_IDs.patch </strike><br />
** integrated in mainline - [[User:JulienB|JulienB]] 09:48, 26 November 2010 (UTC)<br />
* 347c-armadeus-lan95xx-activate_blinking_leds.patch<br />
** '''OK''' - [[User:JulienB|JulienB]] 09:58, 26 November 2010 (UTC)<br />
* <strike> 347-smsc-lan95xx-removes_eeprom_loaded_check.patch </strike><br />
** integrated in mainline - [[User:JulienB|JulienB]] 09:48, 26 November 2010 (UTC)<br />
* <strike>348-armadeus-plat-mxc-gpio.patch</strike><br />
** integrated in mainline - [[User:JulienB|JulienB]] 08:04, 7 February 2011 (UTC)<br />
* 349-armadeus-spi-backport_2.6.32.2.patch<br />
<br />
===350 -> ...===<br />
* 350-armadeus-spi-improve_spi_gpio_for_single_data_pin.patch<br />
* <strike>351-armadeus-spi_imx-update_for_2.6.32_compatibility.patch</strike><br />
** no more needed -- [[User:JulienB|JulienB]] 16:50, 7 February 2011 (UTC)<br />
* 352-armadeus-time-fix_timekeeping_resume.patch<br />
** to check<br />
* <strike>355a-denx-fsl_udc-Add_iMX3x_support_to_the_fsl_usb2_udc_driver.patch</strike><br />
** no more needed -- [[User:JulienB|JulienB]] 16:50, 7 February 2011 (UTC)<br />
* <strike>355b-montavista-fsl_udc_core-fix_kernel_oops_on_module_removal.patch</strike><br />
** no more needed -- [[User:JulienB|JulienB]] 16:50, 7 February 2011 (UTC)<br />
* <strike>355c-armadeus-mx2-devices-add_usb_device.patch</strike><br />
** no more needed -- [[User:JulienB|JulienB]] 16:50, 7 February 2011 (UTC)<br />
* <strike>355d-armadeus-fsl_udc-add_platform_init_support.patch</strike><br />
** no more needed -- [[User:JulienB|JulienB]] 16:50, 7 February 2011 (UTC)<br />
* 355e-armadeus-fsl_udc-reset_temporary_fix.patch<br />
** to check...<br />
* 356-armadeus-soc_camera-add_ov7670_sensor_driver.patch<br />
* <strike>357-armadeus-mx27camera-add_CSICR1_REDGE_handling.patch</strike><br />
** no more needed -- [[User:JulienB|JulienB]] 16:50, 7 February 2011 (UTC)<br />
* 358-armadeus-imx-adding_mangling_capability_on_i2c_imx_driver.patch<br />
** <span style="color:green">'''OK'''</span> [[User:FabienM|FabienM]] 11:17, 13 December 2010 (UTC)<br />
* <strike>359-armadeus-joystick-adding_as5011_joystick_driver.patch</strike><br />
** Under 2.6.38 kernel now.[[User:FabienM|FabienM]] 14:37, 28 January 2011 (UTC) <br />
* 361-armadeus-soc_camera-add_ov3640_sensor_driver.patch<br />
* 362-apf27-armadeus-fec-old_ifconfig_up_down_fix.patch<br />
** patch is obsolete as we now use fec and not fec_old, but problem seems still to be here on fec<br />
* 363-armadeus-ADC-Adding_AS1531_adc_driver.patch<br />
* <strike>364-armadeus-add_usb3315_registers_definition_in_ulpi_h.patch</strike><br />
** no more needed -- [[User:JulienB|JulienB]] 16:50, 7 February 2011 (UTC)<br />
* 365-pps-armadeus-add_pps_baseboard.patch</div>JeremieShttp://armadeus.org/wiki/index.php?title=Qt_Creator&diff=10783Qt Creator2012-03-26T13:28:35Z<p>JeremieS: /* SSH DSA keys */</p>
<hr />
<div>== Introduction ==<br />
<br />
This page will explain how to automatically install and configure Qt Creator for Armadeus boards.<br />
It will also describe the way to use GDB in Qt Creator for remote applications.<br />
<br />
== Installation ==<br />
<br />
=== Buildroot ===<br />
<br />
* Qt Creator is now fully integrated in Armadeus Buildroot. To install it, go in your project's BSP directory and use the command:<br />
<br />
<pre class="host"><br />
[armadeus]$ make menuconfig<br />
</pre><br />
<br />
<pre class="config"><br />
[*] Host utilities ---><br />
[*] host qtcreator ---><br />
--- host qtcreator<br />
[ ] GDB for QtCreator ---> <br />
</pre><br />
<br />
* If you want to use GDB in QtCreator for remote applications:<br />
<br />
<pre class="config"><br />
[*] Host utilities ---><br />
[*] host qtcreator ---><br />
--- host qtcreator<br />
[*] GDB for QtCreator ---><br />
--- GDB for QtCreator<br />
(192.168.0.208) GDB server IP address<br />
(5600) GDB server port<br />
(/srv/developpements/armadeus_4-1/processManager/bin/processManager) Local executable<br />
(/usr/bin/processManager) Remote executable path on system<br />
(-qws) Remote executable arguments<br />
</pre><br />
<br />
The ''GDB server IP address'', the ''GDB server port'', the ''Local executable'' and the ''Remote executable path on system'' must be filled.<br />
The ''Remote executable arguments'' are facultatives.<br />
<br />
* Then you can build Qt Creator:<br />
<pre class="host"><br />
[armadeus]$ make<br />
</pre><br />
<br />
=== Manual configuration ===<br />
<br />
* The QtCreator's configuration files are automatically generated in ''buildroot/output/host/etc/Nokia'': '''QtCreator.ini''' and '''toolChains.xml'''.<br />
** Qt Embedded and g++ toolchain for ARM are automatically entered in Qt Creator's configuration.<br />
<br />
* '''GDB server script''' can be manually modified. Is is located in ''buildroot/output/host/etc/Nokia/gdb_server_script''.<br />
This script transfers the executable to debug to the remote system and launch the remote '''GDB server'''.<br />
The following variables can be changed according to the user needs: ''IP_ADDR'', ''EXEC_ARGUMENTS'', ''PRIVATE_KEY_PATH'', ''LOCAL_EXEC_PATH'', ''REMOTE_EXEC_PATH''.<br />
<br />
== Usage ==<br />
<br />
* QtCreator's binary is located in ''buildroot/output/host/usr/bin/qtcreator''.<br />
<br />
* Qt and toolchains can be respectively configured in the menu ''Tools --> Options --> Qt4 / Tool Chains''.<br />
<br />
=== Remote debugger ===<br />
<br />
When in Qt Creator, go in the menu ''Debug --> Start Debugging --> Start and Attach to Remote Application''.<br />
<br />
[[Image:Remote_gdb_qtcreator.png|center|frame|Qt Creator remote GDB's configuration and start screen]]<br />
<br />
* You can manually configurate GDB by modifying values in configuration screen:<br />
** The '''Debugger''' path is automatically entered by Buildroot. It must be a GDB compiled to debug on ARM platforms.<br />
** The '''Local executable''' must be compiled against Qt Embedded for ARM and will be used by the host GDB and transfered to the remote system for GDB server.<br />
** The '''Sysroot''' is the remote system root path in host. GDB needs it to have access to all system headers and libraries.<br />
<br />
* When you click on '''OK''', the GDB server and host start and you can debug the remote application.<br />
<br />
=== SSH DSA keys ===<br />
* SSH is used to transfer the file to debug to the remote system and to launch the remote GDB server.<br />
* If you choose to use GDB with Qt Creator in Buildroot, DSA keys will be automatically generated for SSH on your host PC and installed in the remote system rootfs.<br />
* The host public and private keys are installed in ''buildroot/output/host/etc/ssh/''<br />
* You can also generate your own keys and use them to debug the remote application but then you have to:<br />
** Put the public key in the remote system rootfs' authorized-keys file: ''buildroot/output/target/root/.ssh/authorized_keys''.<br />
** Change the '''PRIVATE_KEY_PATH''' variable in '''gdb_server_script''': ''buildroot/output/host/etc/Nokia/gdb_server_script''.<br />
<br />
* The remote system must be registered as a '''known host''' in your host PC.<br />
** Try to connect to the system before debugging for the first time:<br />
<pre class="host"><br />
$ ssh root@REMOTE_IP<br />
<br />
The authenticity of host '192.168.0.208 (192.168.0.208)' can't be established.<br />
ECDSA key fingerprint is e0:20:a4:60:63:33:b8:4f:c2:9c:1a:1c:52:d2:4d:f7.<br />
Are you sure you want to continue connecting (yes/no)?<br />
<br />
$ yes<br />
<br />
Warning: Permanently added '192.168.0.208' (ECDSA) to the list of known hosts.<br />
</pre><br />
** If the system is already registered and you reflash the rootfs, you must reset the known hosts, then reconnect:<br />
<pre class="host"><br />
$ ssh-keygen -f "~/.ssh/known_hosts" -R REMOTE_IP<br />
<br />
Original contents retained as ~/.ssh/known_hosts.old<br />
</pre></div>JeremieShttp://armadeus.org/wiki/index.php?title=Qt_Creator&diff=10782Qt Creator2012-03-22T09:34:07Z<p>JeremieS: QtCreator Remote debugger and SSH keys</p>
<hr />
<div>== Introduction ==<br />
<br />
This page will explain how to automatically install and configure Qt Creator for Armadeus boards.<br />
It will also describe the way to use GDB in Qt Creator for remote applications.<br />
<br />
== Installation ==<br />
<br />
=== Buildroot ===<br />
<br />
* Qt Creator is now fully integrated in Armadeus Buildroot. To install it, go in your project's BSP directory and use the command:<br />
<br />
<pre class="host"><br />
[armadeus]$ make menuconfig<br />
</pre><br />
<br />
<pre class="config"><br />
[*] Host utilities ---><br />
[*] host qtcreator ---><br />
--- host qtcreator<br />
[ ] GDB for QtCreator ---> <br />
</pre><br />
<br />
* If you want to use GDB in QtCreator for remote applications:<br />
<br />
<pre class="config"><br />
[*] Host utilities ---><br />
[*] host qtcreator ---><br />
--- host qtcreator<br />
[*] GDB for QtCreator ---><br />
--- GDB for QtCreator<br />
(192.168.0.208) GDB server IP address<br />
(5600) GDB server port<br />
(/srv/developpements/armadeus_4-1/processManager/bin/processManager) Local executable<br />
(/usr/bin/processManager) Remote executable path on system<br />
(-qws) Remote executable arguments<br />
</pre><br />
<br />
The ''GDB server IP address'', the ''GDB server port'', the ''Local executable'' and the ''Remote executable path on system'' must be filled.<br />
The ''Remote executable arguments'' are facultatives.<br />
<br />
* Then you can build Qt Creator:<br />
<pre class="host"><br />
[armadeus]$ make<br />
</pre><br />
<br />
=== Manual configuration ===<br />
<br />
* The QtCreator's configuration files are automatically generated in ''buildroot/output/host/etc/Nokia'': '''QtCreator.ini''' and '''toolChains.xml'''.<br />
** Qt Embedded and g++ toolchain for ARM are automatically entered in Qt Creator's configuration.<br />
<br />
* '''GDB server script''' can be manually modified. Is is located in ''buildroot/output/host/etc/Nokia/gdb_server_script''.<br />
This script transfers the executable to debug to the remote system and launch the remote '''GDB server'''.<br />
The following variables can be changed according to the user needs: ''IP_ADDR'', ''EXEC_ARGUMENTS'', ''PRIVATE_KEY_PATH'', ''LOCAL_EXEC_PATH'', ''REMOTE_EXEC_PATH''.<br />
<br />
== Usage ==<br />
<br />
* QtCreator's binary is located in ''buildroot/output/host/usr/bin/qtcreator''.<br />
<br />
* Qt and toolchains can be respectively configured in the menu ''Tools --> Options --> Qt4 / Tool Chains''.<br />
<br />
=== Remote debugger ===<br />
<br />
When in Qt Creator, go in the menu ''Debug --> Start Debugging --> Start and Attach to Remote Application''.<br />
<br />
[[Image:Remote_gdb_qtcreator.png|center|frame|Qt Creator remote GDB's configuration and start screen]]<br />
<br />
* You can manually configurate GDB by modifying values in configuration screen:<br />
** The '''Debugger''' path is automatically entered by Buildroot. It must be a GDB compiled to debug on ARM platforms.<br />
** The '''Local executable''' must be compiled against Qt Embedded for ARM and will be used by the host GDB and transfered to the remote system for GDB server.<br />
** The '''Sysroot''' is the remote system root path in host. GDB needs it to have access to all system headers and libraries.<br />
<br />
* When you click on '''OK''', the GDB server and host start and you can debug the remote application.<br />
<br />
=== SSH DSA keys ===<br />
* SSH is used to transfer the file to debug to the remote system and to launch the remote GDB server.<br />
* If you choose to use GDB with Qt Creator in Buildroot, DSA keys will be automatically generated for SSH on your host PC and installed in the remote system rootfs.<br />
* The host public and private keys are installed in ''buildroot/output/host/etc/ssh/''<br />
* You can also generate your own keys and use them to debug the remote application but then you have to:<br />
** Put the public key in the remote system rootfs' authorized-keys file: ''buildroot/output/target/root/.ssh/authorized_keys''.<br />
** Change the '''PRIVATE_KEY_PATH''' variable in '''gdb_server_script''': ''buildroot/output/host/etc/Nokia/gdb_server_script''.</div>JeremieShttp://armadeus.org/wiki/index.php?title=File:Remote_gdb_qtcreator.png&diff=10781File:Remote gdb qtcreator.png2012-03-22T09:06:43Z<p>JeremieS: Qt Creator remote GDB's configuration and start screen.</p>
<hr />
<div>Qt Creator remote GDB's configuration and start screen.</div>JeremieShttp://armadeus.org/wiki/index.php?title=Qt_Creator&diff=10777Qt Creator2012-03-21T17:17:29Z<p>JeremieS: /* Manual configuration */</p>
<hr />
<div>== Introduction ==<br />
<br />
This page will explain how to automatically install and configure Qt Creator for Armadeus boards.<br />
It will also describe the way to use GDB in Qt Creator for remote applications.<br />
<br />
== Installation ==<br />
<br />
=== Buildroot ===<br />
<br />
* Qt Creator is now fully integrated in Armadeus Buildroot. To install it, go in your project's BSP directory and use the command:<br />
<br />
<pre class="host"><br />
[armadeus]$ make menuconfig<br />
</pre><br />
<br />
<pre class="config"><br />
[*] Host utilities ---><br />
[*] host qtcreator ---><br />
--- host qtcreator<br />
[ ] GDB for QtCreator ---> <br />
</pre><br />
<br />
* If you want to use GDB in QtCreator for remote applications:<br />
<br />
<pre class="config"><br />
[*] Host utilities ---><br />
[*] host qtcreator ---><br />
--- host qtcreator<br />
[*] GDB for QtCreator ---><br />
--- GDB for QtCreator<br />
(192.168.0.208) GDB server IP address<br />
(5600) GDB server port<br />
(/srv/developpements/armadeus_4-1/processManager/bin/processManager) Local executable<br />
(/usr/bin/processManager) Remote executable path on system<br />
(-qws) Remote executable arguments<br />
</pre><br />
<br />
The ''GDB server IP address'', the ''GDB server port'', the ''Local executable'' and the ''Remote executable path on system'' must be filled.<br />
The ''Remote executable arguments'' are facultatives.<br />
<br />
* Then you can build Qt Creator:<br />
<pre class="host"><br />
[armadeus]$ make<br />
</pre><br />
<br />
=== Manual configuration ===<br />
<br />
* The QtCreator's configuration files are automatically generated in ''buildroot/output/host/etc/Nokia'': '''QtCreator.ini''' and '''toolChains.xml'''.<br />
** Qt Embedded and g++ toolchain for ARM are automatically entered in Qt Creator's configuration.<br />
<br />
* '''GDB server script''' can be manually modified. Is is located in ''buildroot/output/host/etc/Nokia/gdb_server_script''.<br />
This script transfers the executable to debug to the remote system and launch the remote '''GDB server'''.<br />
The following variables can be changed according to the user needs: ''IP_ADDR'', ''EXEC_ARGUMENTS'', ''PRIVATE_KEY_PATH'', ''LOCAL_EXEC_PATH'', ''REMOTE_EXEC_PATH''.<br />
<br />
== Usage ==<br />
<br />
* QtCreator's binary is located in ''buildroot/output/host/usr/bin/qtcreator''.<br />
<br />
* Qt and toolchains can be respectively configured in the menu ''Tools --> Options --> Qt4 / Tool Chains''.<br />
<br />
=== Remote debugger ===<br />
<br />
When in Qt Creator, go in the menu ''Debug --> Start Debugging --> Start and Attach to Remote Application''.</div>JeremieShttp://armadeus.org/wiki/index.php?title=Qt_Creator&diff=10776Qt Creator2012-03-21T17:16:42Z<p>JeremieS: Qt Creator</p>
<hr />
<div>== Introduction ==<br />
<br />
This page will explain how to automatically install and configure Qt Creator for Armadeus boards.<br />
It will also describe the way to use GDB in Qt Creator for remote applications.<br />
<br />
== Installation ==<br />
<br />
=== Buildroot ===<br />
<br />
* Qt Creator is now fully integrated in Armadeus Buildroot. To install it, go in your project's BSP directory and use the command:<br />
<br />
<pre class="host"><br />
[armadeus]$ make menuconfig<br />
</pre><br />
<br />
<pre class="config"><br />
[*] Host utilities ---><br />
[*] host qtcreator ---><br />
--- host qtcreator<br />
[ ] GDB for QtCreator ---> <br />
</pre><br />
<br />
* If you want to use GDB in QtCreator for remote applications:<br />
<br />
<pre class="config"><br />
[*] Host utilities ---><br />
[*] host qtcreator ---><br />
--- host qtcreator<br />
[*] GDB for QtCreator ---><br />
--- GDB for QtCreator<br />
(192.168.0.208) GDB server IP address<br />
(5600) GDB server port<br />
(/srv/developpements/armadeus_4-1/processManager/bin/processManager) Local executable<br />
(/usr/bin/processManager) Remote executable path on system<br />
(-qws) Remote executable arguments<br />
</pre><br />
<br />
The ''GDB server IP address'', the ''GDB server port'', the ''Local executable'' and the ''Remote executable path on system'' must be filled.<br />
The ''Remote executable arguments'' are facultatives.<br />
<br />
* Then you can build Qt Creator:<br />
<pre class="host"><br />
[armadeus]$ make<br />
</pre><br />
<br />
=== Manual configuration ===<br />
<br />
* The QtCreator's configuration files are automatically generated in ''buildroot/output/host/etc/Nokia'': '''QtCreator.ini''' and '''toolChains.xml'''.<br />
** Qt Embedded and g++ toolchain for ARM are automatically entered in Qt Creator's configuration.<br />
<br />
* '''GDB server script''' can be manually modified. Is is located in ''buildroot/output/host/etc/Nokia/gdb_server_script''.<br />
This script transfers the executable to debug to the remote system and launch the remote '''GDB server'''.<br />
The following variables can be changed according to the user needs: '''IP_ADDR''', '''EXEC_ARGUMENTS''', '''PRIVATE_KEY_PATH''', '''LOCAL_EXEC_PATH''', '''REMOTE_EXEC_PATH'''.<br />
<br />
== Usage ==<br />
<br />
* QtCreator's binary is located in ''buildroot/output/host/usr/bin/qtcreator''.<br />
<br />
* Qt and toolchains can be respectively configured in the menu ''Tools --> Options --> Qt4 / Tool Chains''.<br />
<br />
=== Remote debugger ===<br />
<br />
When in Qt Creator, go in the menu ''Debug --> Start Debugging --> Start and Attach to Remote Application''.</div>JeremieShttp://armadeus.org/wiki/index.php?title=Qt/Embedded&diff=10593Qt/Embedded2012-02-01T16:49:10Z<p>JeremieS: Keyboard handling</p>
<hr />
<div>Instructions to install and use QtEmbedded & Qt virtual frame buffer for Armadeus<br />
<br />
== Introduction ==<br />
<br />
This page will summarize the process to build, install and use Qt Embedded (previously known as Qtopia).<br />
<br />
You will also find instructions to setup a Host development environment for simulating applications before deploying them on the target (Qt virtual frame buffer). The Builroot tree must be installed before the installation of Qt.<br />
<br />
{{Note| We recommand at least 32 MBytes of RAM if you plan to design and run Qt based GUIs.}}<br />
<br />
==Installation==<br />
<br />
From November 20th 2007, Qt Embedded is now fully integrated in Armadeus Buildroot (old procedure is kept [[QtEmbedded Installation|here]]). So to install it you have to:<br />
<pre class="host"><br />
[armadeus]$ make menuconfig<br />
</pre><br />
<pre class="config"><br />
[*] Package Selection for the target ---><br />
[*] Graphic libraries and applications (graphic/text) ---><br />
*** other GUIs ***<br />
[*] Qt ---><br />
--- Qt<br />
[ ] Compile with debug support<br />
Library type (Shared library) ---><br />
[*] Approve free license<br />
[ ] Compatibility with Qt3<br />
[*] Gui Module<br />
Pixel depths ---><br />
Fonts ---><br />
freetype2 support (no freetype2 support) ---><br />
[*] Enable GIF support<br />
[ ] Enable libmng support<br />
JPEG support (System libjpeg) ---><br />
PNG support (No PNG support) ---><br />
TIFF support (No TIFF support) ---><br />
zlib support (Qt zlib) ---><br />
(arm) The embedded platform we are making Qt for<br />
[ ] SQL Module ---> <br />
Graphics drivers ---><br />
Mouse drivers ---><br />
Keyboard drivers ---><br />
[ ] Phonon Module<br />
[*] XML Module <br />
[ ] XML Patterns Module<br />
[ ] SVG Module<br />
-*- Network Module<br />
[ ] WebKit Module<br />
[ ] STL support<br />
[ ] Enable OpenSSL support<br />
[*] Script Module<br />
[ ] Script Tools Module<br />
</pre><br />
<br />
'''(don't forget Pixel depths submenu options (at least 8 and 16))'''<br />
<br />
*If you want touchscreen support:<br />
<pre class="config"><br />
Mouse drivers ---><br />
...<br />
[*] tslib<br />
</pre><br />
then:<br />
<pre class="host"><br />
[armadeus]$ make<br />
</pre><br />
<br />
1 hour and ~1 GBytes later (depending on your system and the configuration you choosed) your will have the beast. You can then reflash your rootfs.<br />
<br />
==Touchscreen handling==<br />
* Configure your touchscreen by loading the corresponding driver (depends on your APF) and calibrating it (at first use)<br />
* Then, before launching Qt app, do<br />
<pre class="apf"><br />
# export QWS_MOUSE_PROTO="Tslib:/dev/input/eventXX (replace XX with the right number)<br />
</pre><br />
<br />
==Keyboard handling==<br />
<br />
===USB Keyboard===<br />
<br />
====Qt configuration====<br />
<br />
*If you manually build Qt, you have to add the USB keyboard driver option in the configuration:<br />
<pre class="host"><br />
$ configure -qt-kbd-linuxinput<br />
</pre><br />
<br />
*If you let Buildroot build Qt, select the USB keyboard option in the configuration menu:<br />
<pre class="config"><br />
[*] Graphic libraries and applications (graphic/text) ---><br />
*** other GUIs ***<br />
[*] Qt ---><br />
--- Qt<br />
...<br />
Mouse drivers ---><br />
Keyboard drivers ---><br />
[ ] tty<br />
[*] linux input<br />
[ ] qvfb<br />
...<br />
</pre><br />
<br />
====Linux configuration====<br />
<br />
To use USB keyboard, there are some drivers to install in Linux.<br />
<br />
*First open the Linux configuration menu:<br />
<pre class="host"><br />
[armadeus]$ make linux26-menuconfig<br />
</pre><br />
<br />
*Select the keyboard drivers in the menu:<br />
<pre class="config"><br />
Device drivers ---><br />
...<br />
Input device support ---><br />
...<br />
*** Input Device Drivers ***<br />
[*] Keyboards ---><br />
--- Keyboards<br />
<*> AT keyboard<br />
< > Sun Type 4 and Type 5 keyboard<br />
< > DECstation/VAXstation LK201/LK401 keyboard<br />
< > XT keyboard<br />
<M> Freescale MXC/IMX keypad support<br />
< > Newton keyboard<br />
< > Stowaway keyboard <br />
< > GPIO Button<br />
[*] Mice ---> <br />
...<br />
...<br />
</pre><br />
<br />
*Then clean your Linux installation and rebuild it:<br />
<pre class="host"><br />
[armadeus]$ make linux26-clean<br />
[armadeus]$ make linux26<br />
[armadeus]$ make<br />
</pre><br />
<br />
====Embedded system configuration====<br />
<br />
* First flash your new kernel and rootfs and boot the system.<br />
* When you connect the USB keyboard to the system, a device is created in '''/dev/ttyX'''.<br />
* Then you can tell Qt which driver to connect to the device to make it work:<br />
<pre class="apf"><br />
# export QWS_KEYBOARD="LinuxInput:/dev/ttyX"<br />
</pre><br />
<br />
* Then you can launch an application and use your USB keyboard with it.<br />
<br />
More infos are provided here: [http://doc.qt.nokia.com/4.7-snapshot/qt-embedded-charinput.html]<br />
<br />
==Mouse handling==<br />
<br />
===USB Mouse===<br />
<br />
====Qt configuration====<br />
<br />
*If you manually build Qt, you have to add the USB mouse driver option in the configuration:<br />
<pre class="host"><br />
$ configure -qt-mouse-pc .......<br />
</pre><br />
<br />
*If you let Buildroot build Qt, select the USB mouse option in the configuration menu:<br />
<pre class="config"><br />
[*] Graphic libraries and applications (graphic/text) ---><br />
*** other GUIs ***<br />
[*] Qt ---><br />
--- Qt<br />
...<br />
Graphics drivers ---><br />
Mouse drivers ---><br />
[*] pc<br />
[ ] bus<br />
[ ] linuxtp<br />
[ ] yopy<br />
[ ] vr41xx<br />
[ ] tslib<br />
[ ] qvfb<br />
Keyboard drivers ---><br />
...<br />
</pre><br />
<br />
*Then build & install Qt or let Buildroot build.<br />
<br />
====Linux configuration====<br />
<br />
To use USB mouse, there are some drivers to install in Linux.<br />
<br />
*First open the Linux configuration menu:<br />
<pre class="host"><br />
[armadeus]$ make linux26-menuconfig<br />
</pre><br />
<br />
*Select the Mouse interface and PS/2 Mouse drivers in the menu:<br />
<pre class="config"><br />
Device drivers ---><br />
...<br />
Input device support ---><br />
...<br />
*** Userland interfaces ***<br />
<*> Mouse interface <br />
[*] Provide legacy /dev/psaux device<br />
(1024) Horizontal screen resolution<br />
(768) Vertical screen resolution<br />
...<br />
*** Input Device Drivers ***<br />
[ ] Keyboards ---> <br />
[*] Mice ---> <br />
--- Mice<br />
<M> PS/2 mouse<br />
[*] ALPS PS/2 mouse protocol extension<br />
[*] Logitech PS/2++ mouse protocol extension<br />
[*] Synaptics PS/2 mouse protocol extension<br />
[*] IBM Trackpoint PS/2 mouse protocol extension<br />
[ ] Elantech PS/2 protocol extension<br />
[ ] eGalax TouchKit PS/2 protocol extension <br />
...<br />
</pre><br />
<br />
*Then clean your Linux installation and rebuild it:<br />
<pre class="host"><br />
[armadeus]$ make linux26-clean<br />
[armadeus]$ make linux26<br />
[armadeus]$ make<br />
</pre><br />
<br />
====Embedded system configuration====<br />
<br />
* First flash your new kernel and rootfs and boot the system.<br />
* When you connect the USB mouse to the system, a device is created in '''/dev/input/mouseXX'''. The touchscreen devices are also created as '''/dev/input/eventXX'''.<br />
* To know which device is the USB mouse one, you have to check in:<br />
<pre class="apf"><br />
# cat /sys/class/input/mouseXX/device/name<br />
</pre><br />
* Then you can tell Qt which driver to connect to the device to make it work:<br />
**If you want the USB mouse only:<br />
<pre class="apf"><br />
# export QWS_MOUSE_PROTO="MouseMan:/dev/input/mouseXX"<br />
</pre><br />
** For multiple pointer inputs, for example if you want to use an USB mouse along with a touchscreen, list all the possible pointers as follow:<br />
<pre class="apf"><br />
# export QWS_MOUSE_PROTO="MouseMan:/dev/input/mouseXX Tslib:/dev/input/eventXX"<br />
</pre><br />
<br />
{{Note| For a dynamic detection of an USB mouse, you can use the automatic driver like this:<br />
<pre class="apf"><br />
# export QWS_MOUSE_PROTO="Tslib:/dev/input/eventXX Auto"<br />
</pre><br />
}}<br />
<br />
* Then you can launch an application and use your USB mouse with it.<br />
<br />
More infos are provided here: [http://doc.qt.nokia.com/4.6/qt-embedded-pointer.html]<br />
<br />
==Test==<br />
If you want to test it, compile and put some examples in your TFTP directory:<br />
<pre class="host"><br />
$ make shell_env<br />
$ source armadeus_env.sh<br />
$ cd $ARMADEUS_QT_DIR/examples/widgets/<br />
$ $ARMADEUS_QT_DIR/bin/qmake widgets.pro<br />
$ make<br />
...<br />
$ cp digitalclock/digitalclock /tftpboot<br />
$ cp calculator/calculator /tftpboot<br />
</pre><br />
<br />
and then launch it on your APF (supposed you have a running & calibrated touchscreen):<br />
<pre class="apf"><br />
# cd /usr/bin/<br />
# tftp -g -r calculator 192.168.0.xx (Host IP)<br />
# chmod a+x calculator<br />
# export QWS_MOUSE_PROTO="Tslib:/dev/input/event0"<br />
# <br />
# ./calculator -qws<br />
</pre><br />
<br />
==Demo==<br />
A client/server (with GUI) demo is available under: ''software/demos/ApfDacClientServer/''. It could be a good starting point to show you how to create standalone Qt applications (will probably require some modifications in ''src/build.sh'' depending on your Host Qt installation).<br />
<br />
[[Image:qtdemo.png|center|frame|GUI with widgets taken from http://www.qt-apps.org]]<br />
<br />
== Usage ==<br />
<br />
By default Qt libraries are installed in /usr/lib/ directory of your target rootfs.<br />
<br />
== How to cross-compile an application using Qt Embedded ==<br />
<br />
The first thing you need to do is to define a specific "'''qmake''' specs directory" for armadeus. Here for example:<br />
<br />
$ mkdir $APPLICATION_ROOT_DIR/mkspecs/linux-arm-g++<br />
<br />
and install the two following files into this new directory: [http://www.armadeus.com/assos_downloads/qt/qmake.conf qmake.conf] & [http://www.armadeus.com/assos_downloads/qt/qplatformdefs.h qplatformdefs.h]. '''qmake.conf''' may be customized if necessary. <br />
<br />
<br />
Then, you must define two typical environment variables : <br />
'''QTDIR''' which defines the Qt installation path <br />
& '''QMAKESPEC''' which defines the path to the configuration files of the '''qmake''' tool <br />
<br />
Here two typical lines of a Qtopia application building script<br />
<br />
$ export QTDIR=/usr/local/Trolltech/QtEmbedded-4.5.3<br />
$ export QMAKESPEC= $APPLICATION_ROOT_DIR/mkspecs/linux-arm-g++<br />
<br />
Adapt the '''QTDIR''' path to your own installation path and compile your code now, using theses commands:<br />
<br />
# build the makefile with the '''qmake''' command (See Trolltech documentation for details about '''qmake'''):<br />
$QTDIR/bin/qmake -spec my.pro<br />
# and now compile the beast... :<br />
$ make<br />
<br />
Good luck....<br />
<br />
== Phonon installation with Qt Embedded ==<br />
<br />
=== Prerequisites ===<br />
In order to use Phonon with Qt, first you need to install some other libraries.<br />
You may even need to cross-compile them, depending on the platform you want to run Qt on.<br />
<br />
==== For x86 platform ====<br />
*You only have to install GStreamer and some plugins with the following command :<br />
<pre class="host"><br />
$ sudo apt-get install libgstreamer0.10-0<br />
$ sudo apt-get install libgstreamer0.10-dev<br />
$ sudo apt-get install libgstreamer-plugins-base0.10-0<br />
$ sudo apt-get install libgstreamer-plugins-base0.10-dev<br />
</pre><br />
{{Note | These packages are available for Linux Ubuntu ; but for other distributions, the names may vary.}}<br />
<br />
*To use some audio, image or video format like mp3, mpeg2, png or ogg:<br />
**First you must install on your system the needed libraries for the particular format you want (like libmpeg2, libpng, libmad...)<br />
**Then you can install these gstreamer plugins:<br />
<pre class="host"><br />
$ sudo apt-get install gstreamer0.10-plugins-good<br />
$ sudo apt-get install gstreamer0.10-plugins-ugly<br />
</pre><br />
There also are other plugin packages which you can find the list at :<br />
[http://gstreamer.freedesktop.org/documentation/ GStreamer]<br />
<br />
==== For embedded platform ====<br />
If you want to build Qt with Phonon for embedded platform, you'll need to cross-compile the following libraries for the same platform:<br />
*libxml2 >= 2.7.7<br />
*libcheck >= 0.9.8<br />
*liboil >= 0.3.2<br />
*gstreamer >= 0.10.0<br />
*gst-plugins-base >= 0.10.0<br />
<br />
There are some required libraries that you can compile and install with Buildroot:<br />
*glib >= 2.16<br />
*Optional:<br />
**libpng<br />
**tiff<br />
**jpeg<br />
**...<br />
<br />
For additional audio and video formats, you have to cross-compile the corresponding libraries and then the following gstreamer's plugins :<br />
*gst-plugins-good >= 0.10.0<br />
*gst-plugins-ugly >= 0.10.0<br />
<br />
=== Cross-compiling libraries ===<br />
*First thing to do is to set the PKG_CONFIG_PATH environment variable to the directories containing your embedded libraries' pkgconfig files.<br />
<br />
*To see what environment variable you can modify to impact the library cross-compiling, enter the command :<br />
<pre class="host"><br />
$ ./configure --help<br />
</pre><br />
Then create a file to define all required environment variables for the cross-compiling. <br />
For instance for glib2:<br />
<pre class="config"><br />
$ export CC=arm-linux-gcc<br />
$ export CXX=arm-linux-g++<br />
$ export CFLAGS="-I/usr/local/libxml2/include/libxml2"<br />
$ export LDFLAGS=-L/usr/local/libxml2/lib<br />
</pre><br />
And then, to create your environment, type :<br />
<pre class="host"><br />
$ source ENVIRONMENT_FILE<br />
</pre><br />
<br />
*Finally you can configure your library like this:<br />
<pre class="host"><br />
$ ./configure --build=x86-linux --host=YOUR_EMBEDDED_PLATFORM --prefix==YOUR_INSTALLATION_PATH<br />
</pre><br />
Then build and install the library.<br />
<br />
=== Build Qt ===<br />
<br />
==== For x86 platform ====<br />
The PKG_CONFIG_PATH and pkgconfig files must be correctly set to point toward gstreamer's and glib's x86 libraries and headers.<br />
<br />
All you need to do then is to configure Qt with the phonon option and its backend :<br />
<pre class="host"><br />
$ ./configure -embedded x86 -debug -no-cups -no-nis -depths 16,18,24 -no-qt3support -qvfb -phonon -phonon-backend -prefix YOUR_INSTALLATION_PATH -confirm-license<br />
</pre><br />
<br />
Then build and install Qt and you will be able to use Phonon on your x86 platform.<br />
<br />
==== For embedded platform ====<br />
The PKG_CONFIG_PATH and pkgconfig files must be correctly set to point toward gstreamer's and glib's embedded libraries and headers.<br />
<br />
Then you can configure Qt with glib, phonon and its backend and by adding the pkgconfig option :<br />
<pre class="host"><br />
$ ./configure -embedded YOUR_EMBEDDED_PLATFORM -xplatform YOUR_PLATFORM_MKSPECS -depths 16,18 -no-cups -no-nis -no-qt3support -phonon -phonon-backend -glib -prefix YOUR_INSTALLATION_PATH -force-pkg-config<br />
</pre><br />
<br />
{{Note | You may need to give the cross-compiler the paths toward gstreamer's and glib's libraries and headers as configuration options.}}<br />
<br />
=== Possible problems encountered ===<br />
During Qt Embedded or prerequisited cross-compiling, you may get the following errors :<br />
<br />
*''Impossible constraint in 'asm''':<br />
It means you include the wrong headers needed by the library you compile in CFLAGS or CXXFLAGS. Do not include -I/usr/include or non-cross-compiled headers.<br />
<br />
*''Cannot run test program'':<br />
Your best shot is to look in configure.ac (or configure.in) and see if<br />
there's a "cache variable" for that test. If so, you can set that<br />
variable in your environment, to the expected answer for your target,<br />
before running configure, and it should bypass the actual test.<br />
If there's no cache variable, you'll need to modify configure.ac (or<br />
configure.in) to set the variable manually, and rebuild configure.<br />
<br />
*Do not forget to set your PKG_CONFIG_PATH variable to point toward the directory containing your embedded library pkgconfig files. By default, the x86 pkgconfig files are checked and so, errors occur.<br />
<br />
*When installing libraries : ''arm-linux-g++: command not found''<br />
You have to directly export the PATH toward your cross-compiler in the file libtool to get through this error.<br />
<br />
*In gst-plugins-base, delete manually the compilation of ''icles'' in the file tests/Makefile. The lines to delete are l.377 and l.382.<br />
<br />
== Work in progress / to do list ==<br />
<br />
* Customization of the Qt libs to have a custom Qt/E library well designed for Armadeus usage.<br />
<br />
==Licenses==<br />
Since Qt 4.5.2 new licensing schemes are available: http://www.qtsoftware.com/products/licensing/licensing#qt-gnu-lgpl-v<br />
<br />
== Links ==<br />
* [[PyQt]]<br />
* http://www.trolltech.com<br />
* [http://lists.trolltech.com/qt-embedded-interest/2003-11/msg00007.html 16 colors framebuffer with Qt]<br />
* [http://doc.trolltech.com/4.2/qtopiacore-envvars.html Qtopia Core Environment Variables]<br />
* [http://thelins.se/learnqt/category/embedded-linux/ Tutorial on Qt setup for embedded devt]<br />
<br />
[[Category: Qt]]<br />
[[Category: Software]]<br />
[[Category: Graphical User Interface]]</div>JeremieShttp://armadeus.org/wiki/index.php?title=SSH&diff=10196SSH2011-10-18T09:46:28Z<p>JeremieS: /* Host PC (Ubuntu) */</p>
<hr />
<div>Secure Shell or SSH is a network protocol that allows data to be exchanged over a secure channel between two computers. Encryption provides confidentiality and integrity of data. SSH uses public-key cryptography to authenticate the remote computer and allow the remote computer to authenticate the user, if necessary.<br><br />
In short, SSH allows you to connect to your board from a remote PC using a secured/encrypted Ethernet connection.<br />
<br />
==Dropbear==<br />
<br />
===Setup===<br />
We use the lightweight Dropbear SSH server. To install it on your rootfs, launch Buildroot configuration:<br />
<pre class="host"><br />
$ make menuconfig<br />
</pre><br />
<pre class="config"><br />
Package Selection for the target ---><br />
[*] Networking ---><br />
[*] dropbear<br />
</pre><br />
<br />
Then rebuild your system and reflash your board.<br />
<pre class="host"><br />
$ make<br />
</pre><br />
<br />
===Usage===<br />
* If you have reflashed your rootfs with dropbear installed, then at first startup it should generates your private and public keys:<br />
<pre class="apf"><br />
Generating RSA Key...<br />
Will output 1024 bit rsa secret key to '/etc/dropbear/dropbear_rsa_host_key'<br />
Generating key, this may take a while...<br />
Public key portion is:<br />
ssh-rsa ........<br />
Fingerprint: md5 82:a2:a3:65:8c:e4:2b:ec:35:27:03:23:2c:f8:91:e9<br />
Generating DSS Key...<br />
Will output 1024 bit dss secret key to '/etc/dropbear/dropbear_dss_host_key'<br />
Generating key, this may take a while...<br />
Public key portion is:<br />
ssh-dss <br />
........<br />
Fingerprint: md5 43:4d:e6:52:df:6b:1f:c3:93:e9:49:e3:92:e7:a1:b2<br />
Starting dropbear sshd:<br />
</pre><br />
<br />
====Connection with password====<br />
* Be sure to have setup a root password on your board. '''If not then:'''<br />
<pre class="apf"><br />
# passwd<br />
Changing password for root<br />
Enter the new password (minimum of 5, maximum of 8 characters)<br />
Please use a combination of upper and lower case letters and numbers.<br />
Enter new password: *****<br />
Re-enter new password: ******<br />
Password changed.<br />
</pre><br />
<br />
* To test your SSH connection, then on your PC launch (replace 192.168.0.3 with your board IP):<br />
<pre class="host"><br />
[armadeus] $ ssh root@192.168.0.3<br />
The authenticity of host '192.168.0.3 (192.168.0.3)' can't be established.<br />
RSA key fingerprint is 82:a2:a3:65:8c:e4:2b:xx:xx:xx:xx:xx:2c:f8:91:e9.<br />
Are you sure you want to continue connecting (yes/no)? yes<br />
Warning: Permanently added '192.168.0.3' (RSA) to the list of known hosts.<br />
</pre><br />
<pre class="apf"><br />
root@192.168.0.3's password:<br />
<br />
BusyBox v1.2.2 (2007.06.25-15:53+0000) Built-in shell (ash)<br />
Enter 'help' for a list of built-in commands.<br />
#<br />
</pre><br />
<br />
====Connection with public/private key====<br />
You can also connect to your system without needing a password.<br />
You only have to let the system know your host's public SSH key.<br />
<br />
* First, in directory ''/root'', on your system, if you don't have a directory ''.ssh'', create it:<br />
<pre class="apf"><br />
# mkdir /root/.ssh<br />
</pre><br />
<br />
* Then you must give it the correct rights:<br />
<pre class="apf"><br />
# chmod 750 /root/.ssh<br />
</pre><br />
<br />
* Now, if not already existing, create the file ''authorized_keys'' in ''/root/.ssh'':<br />
<pre class="apf"><br />
# touch /root/.ssh/authorized_keys<br />
</pre><br />
<br />
* Edit the file ''authorized_keys'' (with '''nano''' for instance) and copy-paste in it your host computer's public key contained in the file ''~/.ssh/id_dsa.pub''.<br />
<br />
* You can test your SSH connection by running the following command on your host PC (replace 192.168.0.3 with your board IP):<br />
<pre class="host"><br />
$ ssh root@192.168.0.3<br />
The authenticity of host '192.168.0.10 (192.168.0.10)' can't be established.<br />
RSA key fingerprint is 7c:4b:e4:9c:6d:ea:6d:ca:ed:36:39:26:91:f9:82:30.<br />
Are you sure you want to continue connecting (yes/no)? yes<br />
Warning: Permanently added '192.168.0.10' (RSA) to the list of known hosts.<br />
</pre><br />
<br />
==OpenSSH==<br />
<br />
OpenSSH is a tool that allows securized communications between two computers. It can be used to create a securized tunnel between two ports of the connected computers. All datas that go through this tunnel are encrypted.<br />
<br />
===Setup===<br />
<br />
====Host PC (Ubuntu)====<br />
* First you have to install telnetd to accept telnet connection from target and Wireshark, a network scanning tool, to check the data encryption :<br />
<pre class="host"><br />
$ sudo apt-get install telnetd <br />
$ sudo apt-get install xinetd<br />
$ sudo /etc/init.d/xinetd restart<br />
$ sudo apt-get install wireshark <br />
</pre><br />
<br />
* Then install OpenSSH server if necessary :<br />
<pre class="host"><br />
$ sudo apt-get install openssh-server openssl<br />
</pre><br />
<br />
* You now have to configure your OpenSSH server to accept connections from the securized port you will use to mask the real host port over SSH connection.<br />
To do that, you have to add the port to the file ''/etc/ssh/sshd_config''.<br />
For instance, we choose the port 32490:<br />
<pre class="host"><br />
# Package generated configuration file<br />
# See the sshd(8) manpage for details<br />
<br />
# What ports, IPs and protocols we listen for<br />
Port 22<br />
Port 32490<br />
# Use these options to restrict which interfaces/protocols sshd will bind to<br />
#ListenAddress ::<br />
#ListenAddress 0.0.0.0<br />
Protocol 2<br />
# HostKeys for protocol version 2<br />
HostKey /etc/ssh/ssh_host_rsa_key<br />
HostKey /etc/ssh/ssh_host_dsa_key<br />
#Privilege Separation is turned on for security<br />
UsePrivilegeSeparation yes<br />
</pre><br />
<br />
====Target (APF27)====<br />
The OpenSSH and OpenSSL packages must be selected in Buildroot (if not done by default).<br />
<br />
* First launch the Buildroot menu configuration:<br />
<pre class="host"><br />
$ make menuconfig<br />
</pre><br />
<br />
* Then select the packages:<br />
<pre class="config"><br />
Package Selection for the target ---><br />
[*] Networking ---><br />
[*] openssh<br />
-*- openssl<br />
[*] openssl binary<br />
[ ] openssl additional engines<br />
</pre><br />
<br />
* And compile your Buildroot with the command:<br />
<pre class="host"><br />
$ make<br />
</pre><br />
<br />
===Create SSH tunnel===<br />
* On the target, run the following command to create the tunnel between the two machines:<br />
<pre class="apf"><br />
# ssh -fN -L $TARGET_PORT:localhost:$HOST_PORT -C $USERNAME@$HOSTNAME -p $VIRTUALPORT<br />
</pre><br />
Enter then the password to connect to your host.<br />
<br />
* For instance, if you want to securize the Telnet port 23 toward the address toto@192.168.0.210 with the virtual port 32490:<br />
<pre class="apf"><br />
# ssh -fN -L 23:localhost:23 -C toto@192.168.0.210 -p 32490<br />
jeremie@192.168.0.225's password: <br />
#<br />
</pre><br />
<br />
===Test the tunnel===<br />
* To check that datas are correctly encrypted through the tunnel, launch Wireshark on your host PC and put a capture filter on your host address:<br />
<pre class="host"><br />
$ sudo wireshark<br />
</pre><br />
<br />
* If you have securized a Telnet port, you can try to establish a connection between the system and your host with Telnet. <br />
Run the following command on your system:<br />
<pre class="apf"><br />
# telnet localhost<br />
<br />
Entering character mode<br />
Escape character is '^]'.<br />
<br />
Ubuntu 9.10<br />
laptop-jeremie-ubuntu login: <br />
<br />
Password: <br />
Last login: Tue Dec 21 15:01:50 CET 2010 from localhost on pts/6<br />
Linux laptop-jeremie-ubuntu 2.6.31-20-generic-pae #58-Ubuntu SMP Fri Mar 12 06:25:51 UTC 2010 i686<br />
<br />
To access official Ubuntu documentation, please visit:<br />
http://help.ubuntu.com/<br />
</pre><br />
You have to connect to localhost because SSH will automatically redirect it to the address you specified when creating the tunnel.<br />
<br />
* When you enter the password to connect to your host, check in Wireshark that you can't see the protocol name (Telnet in our example) nor the password in the datagrams. You must only see the TCP protocol and crypted datas.<br />
<br />
{{Note|If you use an [[APF27 PPS]] configured board, you can use the script ''test_ssh_tunnel.sh'' to test the OpenSSH tunnel.}}<br />
<br />
==Links==<br />
* http://en.wikipedia.org/wiki/Secure_shell<br />
* [http://matt.ucc.asn.au/dropbear/dropbear.html Dropbear Webpage]<br />
* [[Telnet | Unsecured remote access with Telnet protocol]]<br />
* [http://www.openssh.com/ OpenSSH Webpage]<br />
* [http://www.wireshark.org/ Wireshark Webpage]<br />
<br />
[[Category:Network]]<br />
[[Category:Security]]</div>JeremieShttp://armadeus.org/wiki/index.php?title=SSH&diff=10195SSH2011-10-18T08:42:51Z<p>JeremieS: /* Host PC (Ubuntu) */</p>
<hr />
<div>Secure Shell or SSH is a network protocol that allows data to be exchanged over a secure channel between two computers. Encryption provides confidentiality and integrity of data. SSH uses public-key cryptography to authenticate the remote computer and allow the remote computer to authenticate the user, if necessary.<br><br />
In short, SSH allows you to connect to your board from a remote PC using a secured/encrypted Ethernet connection.<br />
<br />
==Dropbear==<br />
<br />
===Setup===<br />
We use the lightweight Dropbear SSH server. To install it on your rootfs, launch Buildroot configuration:<br />
<pre class="host"><br />
$ make menuconfig<br />
</pre><br />
<pre class="config"><br />
Package Selection for the target ---><br />
[*] Networking ---><br />
[*] dropbear<br />
</pre><br />
<br />
Then rebuild your system and reflash your board.<br />
<pre class="host"><br />
$ make<br />
</pre><br />
<br />
===Usage===<br />
* If you have reflashed your rootfs with dropbear installed, then at first startup it should generates your private and public keys:<br />
<pre class="apf"><br />
Generating RSA Key...<br />
Will output 1024 bit rsa secret key to '/etc/dropbear/dropbear_rsa_host_key'<br />
Generating key, this may take a while...<br />
Public key portion is:<br />
ssh-rsa ........<br />
Fingerprint: md5 82:a2:a3:65:8c:e4:2b:ec:35:27:03:23:2c:f8:91:e9<br />
Generating DSS Key...<br />
Will output 1024 bit dss secret key to '/etc/dropbear/dropbear_dss_host_key'<br />
Generating key, this may take a while...<br />
Public key portion is:<br />
ssh-dss <br />
........<br />
Fingerprint: md5 43:4d:e6:52:df:6b:1f:c3:93:e9:49:e3:92:e7:a1:b2<br />
Starting dropbear sshd:<br />
</pre><br />
<br />
====Connection with password====<br />
* Be sure to have setup a root password on your board. '''If not then:'''<br />
<pre class="apf"><br />
# passwd<br />
Changing password for root<br />
Enter the new password (minimum of 5, maximum of 8 characters)<br />
Please use a combination of upper and lower case letters and numbers.<br />
Enter new password: *****<br />
Re-enter new password: ******<br />
Password changed.<br />
</pre><br />
<br />
* To test your SSH connection, then on your PC launch (replace 192.168.0.3 with your board IP):<br />
<pre class="host"><br />
[armadeus] $ ssh root@192.168.0.3<br />
The authenticity of host '192.168.0.3 (192.168.0.3)' can't be established.<br />
RSA key fingerprint is 82:a2:a3:65:8c:e4:2b:xx:xx:xx:xx:xx:2c:f8:91:e9.<br />
Are you sure you want to continue connecting (yes/no)? yes<br />
Warning: Permanently added '192.168.0.3' (RSA) to the list of known hosts.<br />
</pre><br />
<pre class="apf"><br />
root@192.168.0.3's password:<br />
<br />
BusyBox v1.2.2 (2007.06.25-15:53+0000) Built-in shell (ash)<br />
Enter 'help' for a list of built-in commands.<br />
#<br />
</pre><br />
<br />
====Connection with public/private key====<br />
You can also connect to your system without needing a password.<br />
You only have to let the system know your host's public SSH key.<br />
<br />
* First, in directory ''/root'', on your system, if you don't have a directory ''.ssh'', create it:<br />
<pre class="apf"><br />
# mkdir /root/.ssh<br />
</pre><br />
<br />
* Then you must give it the correct rights:<br />
<pre class="apf"><br />
# chmod 750 /root/.ssh<br />
</pre><br />
<br />
* Now, if not already existing, create the file ''authorized_keys'' in ''/root/.ssh'':<br />
<pre class="apf"><br />
# touch /root/.ssh/authorized_keys<br />
</pre><br />
<br />
* Edit the file ''authorized_keys'' (with '''nano''' for instance) and copy-paste in it your host computer's public key contained in the file ''~/.ssh/id_dsa.pub''.<br />
<br />
* You can test your SSH connection by running the following command on your host PC (replace 192.168.0.3 with your board IP):<br />
<pre class="host"><br />
$ ssh root@192.168.0.3<br />
The authenticity of host '192.168.0.10 (192.168.0.10)' can't be established.<br />
RSA key fingerprint is 7c:4b:e4:9c:6d:ea:6d:ca:ed:36:39:26:91:f9:82:30.<br />
Are you sure you want to continue connecting (yes/no)? yes<br />
Warning: Permanently added '192.168.0.10' (RSA) to the list of known hosts.<br />
</pre><br />
<br />
==OpenSSH==<br />
<br />
OpenSSH is a tool that allows securized communications between two computers. It can be used to create a securized tunnel between two ports of the connected computers. All datas that go through this tunnel are encrypted.<br />
<br />
===Setup===<br />
<br />
====Host PC (Ubuntu)====<br />
* First you have to install telnetd to accept telnet connection from target and Wireshark, a network scanning tool, to check the data encryption :<br />
<pre class="host"><br />
$ sudo apt-get install telnetd <br />
$ sudo /etc/init.d/xinetd restart<br />
$ sudo apt-get install wireshark <br />
</pre><br />
<br />
* Then install OpenSSH server if necessary :<br />
<pre class="host"><br />
$ sudo apt-get install openssh-server openssl<br />
</pre><br />
<br />
* You now have to configure your OpenSSH server to accept connections from the securized port you will use to mask the real host port over SSH connection.<br />
To do that, you have to add the port to the file ''/etc/ssh/sshd_config''.<br />
For instance, we choose the port 32490:<br />
<pre class="host"><br />
# Package generated configuration file<br />
# See the sshd(8) manpage for details<br />
<br />
# What ports, IPs and protocols we listen for<br />
Port 22<br />
Port 32490<br />
# Use these options to restrict which interfaces/protocols sshd will bind to<br />
#ListenAddress ::<br />
#ListenAddress 0.0.0.0<br />
Protocol 2<br />
# HostKeys for protocol version 2<br />
HostKey /etc/ssh/ssh_host_rsa_key<br />
HostKey /etc/ssh/ssh_host_dsa_key<br />
#Privilege Separation is turned on for security<br />
UsePrivilegeSeparation yes<br />
</pre><br />
<br />
====Target (APF27)====<br />
The OpenSSH and OpenSSL packages must be selected in Buildroot (if not done by default).<br />
<br />
* First launch the Buildroot menu configuration:<br />
<pre class="host"><br />
$ make menuconfig<br />
</pre><br />
<br />
* Then select the packages:<br />
<pre class="config"><br />
Package Selection for the target ---><br />
[*] Networking ---><br />
[*] openssh<br />
-*- openssl<br />
[*] openssl binary<br />
[ ] openssl additional engines<br />
</pre><br />
<br />
* And compile your Buildroot with the command:<br />
<pre class="host"><br />
$ make<br />
</pre><br />
<br />
===Create SSH tunnel===<br />
* On the target, run the following command to create the tunnel between the two machines:<br />
<pre class="apf"><br />
# ssh -fN -L $TARGET_PORT:localhost:$HOST_PORT -C $USERNAME@$HOSTNAME -p $VIRTUALPORT<br />
</pre><br />
Enter then the password to connect to your host.<br />
<br />
* For instance, if you want to securize the Telnet port 23 toward the address toto@192.168.0.210 with the virtual port 32490:<br />
<pre class="apf"><br />
# ssh -fN -L 23:localhost:23 -C toto@192.168.0.210 -p 32490<br />
jeremie@192.168.0.225's password: <br />
#<br />
</pre><br />
<br />
===Test the tunnel===<br />
* To check that datas are correctly encrypted through the tunnel, launch Wireshark on your host PC and put a capture filter on your host address:<br />
<pre class="host"><br />
$ sudo wireshark<br />
</pre><br />
<br />
* If you have securized a Telnet port, you can try to establish a connection between the system and your host with Telnet. <br />
Run the following command on your system:<br />
<pre class="apf"><br />
# telnet localhost<br />
<br />
Entering character mode<br />
Escape character is '^]'.<br />
<br />
Ubuntu 9.10<br />
laptop-jeremie-ubuntu login: <br />
<br />
Password: <br />
Last login: Tue Dec 21 15:01:50 CET 2010 from localhost on pts/6<br />
Linux laptop-jeremie-ubuntu 2.6.31-20-generic-pae #58-Ubuntu SMP Fri Mar 12 06:25:51 UTC 2010 i686<br />
<br />
To access official Ubuntu documentation, please visit:<br />
http://help.ubuntu.com/<br />
</pre><br />
You have to connect to localhost because SSH will automatically redirect it to the address you specified when creating the tunnel.<br />
<br />
* When you enter the password to connect to your host, check in Wireshark that you can't see the protocol name (Telnet in our example) nor the password in the datagrams. You must only see the TCP protocol and crypted datas.<br />
<br />
{{Note|If you use an [[APF27 PPS]] configured board, you can use the script ''test_ssh_tunnel.sh'' to test the OpenSSH tunnel.}}<br />
<br />
==Links==<br />
* http://en.wikipedia.org/wiki/Secure_shell<br />
* [http://matt.ucc.asn.au/dropbear/dropbear.html Dropbear Webpage]<br />
* [[Telnet | Unsecured remote access with Telnet protocol]]<br />
* [http://www.openssh.com/ OpenSSH Webpage]<br />
* [http://www.wireshark.org/ Wireshark Webpage]<br />
<br />
[[Category:Network]]<br />
[[Category:Security]]</div>JeremieShttp://armadeus.org/wiki/index.php?title=HMS_Demo&diff=9658HMS Demo2011-05-11T13:48:39Z<p>JeremieS: /* Software structure */</p>
<hr />
<div>HMS demo board is an electronic development board that demonstrates industrial capabilities of the APF27 ARMadeus board.<br />
<br />
This article will describe the structure of the board.<br />
<br />
= Introduction =<br />
<br />
== Hardware structure ==<br />
<br />
This board includes :<br />
<br />
* An Anybus<ref>Anybus is a registered trademark of HMS Industrial Networks AB, Sweden, USA, Germany and other countries.</ref> CompactCom adaptator from [http://www.anybus.com/products/abcc.shtml HMS].<br />
* 8 industrial inputs using SN65HVS882 chip<br />
* 8 industrial outputs with simple shift register<br />
* a LCD screen<br />
* Voltage needles<br />
* Light sensor<br />
* Potentiometer button<br />
* and all [[APF27Dev]] capabilities<br />
<br />
[[image:hmsdemohardstrct.png|center|600px|thumb|'''figure 1''' - ''Global hardware structure'']]<br />
<br />
== FPGA structure ==<br />
<br />
The structure of the FPGA is represented bellow. All modules are connected on i.MX wrapper with the wishbone bus (16 bits data), the intercon is used to decode addresses. <br />
<br />
[[image:fpga_struct.png|center|700px|thumb|'''figure 2''' - ''FPGA internal structure'']]<br />
<br />
Components are included in FPGA using [[POD]] to ease integration :<br />
<br />
* input : Read input value using a serial bus like SPI. This component can generate an interrupt on input change.<br />
* output: Write output value using a serial bus like SPI.<br />
* uart : Anybus CompactCom can be driven using a simple uart TTL bus.<br />
* hms_par: For more complex design, Anybus CompactCom can use a «parallel bus» like memory bus.<br />
* hms_io : Anybus has some IO for status and configuration, this component is used to configure it.<br />
<br />
== Software structure ==<br />
<br />
Demo kit software structure is composed of some layers as described in figure 3 :<br />
<br />
[[image:software_structure.png|center|500px|thumb|'''figure 3''' - ''Software<br />
structure'']]<br />
<br />
* Linux BSP : Linux distribution used in kit is the ARMadeus sourceforge tree. Some specific modules must be added :<br />
** ADC max1027 : driver for max1027 analog to digital converter.<br />
** DAC max5821 : driver for max5821 digital to analog converter.<br />
** input, output : driver for fpga specific input/output.<br />
** uart : driver for uart used to drive HMS module.<br />
* as_devices : low level library used to drive max1027 and max5821<br />
* as_hms : high level library used to drive all devices on board.<br />
* Qt application : graphical application for human interface.</div>JeremieShttp://armadeus.org/wiki/index.php?title=Gstreamer&diff=9657Gstreamer2011-05-11T13:09:57Z<p>JeremieS: /* MPEG 1/2 */</p>
<hr />
<div>{{Under_Construction}}<br />
<br />
==Installation==<br />
<pre class="host"><br />
$ make menuconfig<br />
</pre><br />
<br />
<pre class="config"><br />
Package Selection for the target ---><br />
Audio and video libraries and applications ---><br />
...<br />
[*] gstreamer<br />
[*] require libxml2 for registry and load/save<br />
-*- gst-plugins-base ---><br />
[*] gst-plugins-good ---><br />
[*] gst-plugins-bad ---><br />
[*] gst-plugins-ugly ---><br />
</pre><br />
<br />
Plugins worth to activate:<br />
*base: <br />
*good:<br />
*bad:<br />
*ugly:<br />
<br />
==Usage==<br />
===Check installed plugins===<br />
* To see all installed plugins:<br />
<pre class="apf"><br />
# gst-inspect<br />
videoscale: videoscale: Video scaler<br />
queue2: queue2: Queue <br />
ffmpegcolorspace: ffmpegcolorspace: FFMPEG Colorspace converter<br />
audiorate: audiorate: Audio rate adjuster <br />
audioconvert: audioconvert: Audio converter <br />
audioresample: audioresample: Audio resampler <br />
volume: volume: Volume<br />
...<br />
</pre><br />
* To have more details about one particular plugin (here alsasrc):<br />
<pre class="apf"><br />
# gst-inspect alsasrc<br />
Factory Details: <br />
Long name: Audio source (ALSA)<br />
Class: Source/Audio <br />
Description: Read from a sound card via ALSA<br />
Author(s): Wim Taymans <wim@fluendo.com> <br />
Rank: primary (256) <br />
<br />
Plugin Details:<br />
Name: alsa<br />
Description: ALSA plugin library<br />
Filename: /usr/lib/gstreamer-0.10/libgstalsa.so<br />
Version: 0.10.25 <br />
License: LGPL <br />
Source module: gst-plugins-base <br />
Binary package: GStreamer Base Plug-ins source release<br />
Origin URL: Unknown package origin <br />
...<br />
<cut><br />
</pre><br />
<br />
===Audio===<br />
* play a monotic tone to check your sound configuration is working (if not please configure [[ALSA]]):<br />
<pre class="apf"><br />
# gst-launch audiotestsrc ! audioconvert ! audioresample ! alsasink<br />
Setting pipeline to PAUSED ...<br />
Pipeline is PREROLLING ...<br />
Pipeline is PREROLLED ...<br />
Setting pipeline to PLAYING ...<br />
New clock: GstAudioSinkClock<br />
</pre><br />
* play a music file (here a .ogg, supposing the libgstogg plugin was installed):<br />
<pre class="apf"><br />
# gst-launch filesrc location=toto.ogg ! decodebin ! audioconvert ! audioresample ! alsasink<br />
</pre><br />
* record a sound from a mic (APF27 only) and store it as an uncompressed wav file:<br />
<pre class="apf"><br />
# gst-launch alsasrc ! audioconvert ! audioresample ! wavenc ! filesink location=mic.wav<br />
</pre><br />
* record a sound from a mic (APF27 only) and compress it (ogg/worbis):<br />
<pre class="apf"><br />
# gst-launch alsasrc ! audioconvert ! audioresample ! vorbisenc ! oggmux ! filesink location=mic.ogg<br />
</pre><br />
* record a sound from a mic (APF27 only) @ 8KHz (16KHz is too CPU consuming), compress it with [[Speex]] and send it to your Host (here 192.168.1.2) at port 6666:<br />
<pre class="apf"><br />
# gst-launch -v alsasrc ! audioconvert ! audioresample ! 'audio/x-raw-int,rate=8000,width=16,channels=1' ! speexenc ! rtpspeexpay ! udpsink host=192.168.1.2 port=6666<br />
</pre><br />
<pre class="host"><br />
$ gst-launch udpsrc port=6666 caps="application/x-rtp, media=(string)audio, clock-rate=(int)16000, encoding-name=(string)SPEEX, encoding-params=(string)1, payload=(int)110" ! gstrtpjitterbuffer ! rtpspeexdepay ! speexdec ! audioconvert ! audioresample ! autoaudiosink<br />
</pre><br />
<pre class="host"><br />
$ gst-launch udpsrc port=6666 caps="application/x-rtp, media=(string)audio, clock-rate=(int)16000, encoding-name=(string)SPEEX, encoding-params=(string)1, payload=(int)110" ! gstrtpjitterbuffer ! rtpspeexdepay ! speexdec ! audioconvert ! audioresample ! wavenc ! filesink location=toto.wav<br />
</pre><br />
<br />
===Video===<br />
====Plugins====<br />
* You'll need to activate a few plugins in Buildroot menuconfig to play videos with Gstreamer:<br />
<pre class="config"><br />
Package Selection for the target ---><br />
Audio and video libraries and applications ---><br />
...<br />
-*- gst-plugins-base ---><br />
[*] ffmpegcolorspace (mandatory for video playback)<br />
...<br />
[*] playback (mandatory)<br />
[*] gst-plugins-good ---><br />
[*] videobox<br />
[*] videocrop<br />
[*] gst-plugins-bad ---><br />
[*] fbdev<br />
</pre><br />
<br />
====Test installation====<br />
* To test your Gstreamer installation, you need to select a plugin in Buildroot menuconfig:<br />
<pre class="config"><br />
Package Selection for the target ---><br />
Audio and video libraries and applications ---><br />
...<br />
-*- gst-plugins-base ---><br />
[*] videotestsrc<br />
</pre><br />
<br />
* Then on your APF system, launch the following command:<br />
<pre class="apf"><br />
# gst-launch -v videotestsrc ! videocrop top=42 left=1 right=4 bottom=0 ! fbdevsink<br />
</pre><br />
You must see a pattern displayed on the screen if your Gstreamer installation is working well.<br />
<br />
====Play video====<br />
=====MPEG 1/2=====<br />
* If you want to play MPEG 1/2 video, you have to install some plugins in Buildroot menuconfig:<br />
<pre class="config"><br />
Package Selection for the target ---><br />
Audio and video libraries and applications ---><br />
...<br />
[*] gst-plugins-bad ---><br />
[*] mpegdemux<br />
[*] mpegtsmux<br />
[*] mpeg4videoparse<br />
[*] mpegvideoparse<br />
[*] gst-plugins-ugly ---><br />
[*] mpegaudioparse<br />
[*] mpegstream<br />
</pre><br />
<br />
======With FFmpeg decoder======<br />
* In Buildroot menuconfig, select:<br />
<pre class="config"><br />
Package Selection for the target ---><br />
Audio and video libraries and applications ---><br />
...<br />
-*- ffmpeg ---><br />
...<br />
[*] gst-ffmpeg<br />
</pre><br />
<br />
* On your APF system, play the video with the command:<br />
<pre class="apf"><br />
# gst-launch filesrc location=VIDEO_FILE_LOCATION ! mpegdemux ! ffdec_mpegvideo ! ffmpegcolorspace ! fbdevsink<br />
</pre><br />
<br />
======With mpeg2dec decoder======<br />
* In Buildroot menuconfig, select:<br />
<pre class="config"><br />
Package Selection for the target ---><br />
Audio and video libraries and applications ---><br />
...<br />
[*] gst-plugins-ugly ---><br />
[*] mpeg2dec<br />
</pre><br />
<br />
* On your APF system, play the video with the command:<br />
<pre class="apf"><br />
# gst-launch filesrc location=VIDEO_FILE_LOCATION ! mpegdemux ! mpeg2dec ! ffmpegcolorspace ! fbdevsink<br />
</pre><br />
<br />
==Links==<br />
* http://www.gstreamer.net/<br />
* http://lists.affinix.com/pipermail/delta-affinix.com/2009-April/001493.html</div>JeremieShttp://armadeus.org/wiki/index.php?title=Gstreamer&diff=9656Gstreamer2011-05-11T10:16:30Z<p>JeremieS: Video</p>
<hr />
<div>{{Under_Construction}}<br />
<br />
==Installation==<br />
<pre class="host"><br />
$ make menuconfig<br />
</pre><br />
<br />
<pre class="config"><br />
Package Selection for the target ---><br />
Audio and video libraries and applications ---><br />
...<br />
[*] gstreamer<br />
[*] require libxml2 for registry and load/save<br />
-*- gst-plugins-base ---><br />
[*] gst-plugins-good ---><br />
[*] gst-plugins-bad ---><br />
[*] gst-plugins-ugly ---><br />
</pre><br />
<br />
Plugins worth to activate:<br />
*base: <br />
*good:<br />
*bad:<br />
*ugly:<br />
<br />
==Usage==<br />
===Check installed plugins===<br />
* To see all installed plugins:<br />
<pre class="apf"><br />
# gst-inspect<br />
videoscale: videoscale: Video scaler<br />
queue2: queue2: Queue <br />
ffmpegcolorspace: ffmpegcolorspace: FFMPEG Colorspace converter<br />
audiorate: audiorate: Audio rate adjuster <br />
audioconvert: audioconvert: Audio converter <br />
audioresample: audioresample: Audio resampler <br />
volume: volume: Volume<br />
...<br />
</pre><br />
* To have more details about one particular plugin (here alsasrc):<br />
<pre class="apf"><br />
# gst-inspect alsasrc<br />
Factory Details: <br />
Long name: Audio source (ALSA)<br />
Class: Source/Audio <br />
Description: Read from a sound card via ALSA<br />
Author(s): Wim Taymans <wim@fluendo.com> <br />
Rank: primary (256) <br />
<br />
Plugin Details:<br />
Name: alsa<br />
Description: ALSA plugin library<br />
Filename: /usr/lib/gstreamer-0.10/libgstalsa.so<br />
Version: 0.10.25 <br />
License: LGPL <br />
Source module: gst-plugins-base <br />
Binary package: GStreamer Base Plug-ins source release<br />
Origin URL: Unknown package origin <br />
...<br />
<cut><br />
</pre><br />
<br />
===Audio===<br />
* play a monotic tone to check your sound configuration is working (if not please configure [[ALSA]]):<br />
<pre class="apf"><br />
# gst-launch audiotestsrc ! audioconvert ! audioresample ! alsasink<br />
Setting pipeline to PAUSED ...<br />
Pipeline is PREROLLING ...<br />
Pipeline is PREROLLED ...<br />
Setting pipeline to PLAYING ...<br />
New clock: GstAudioSinkClock<br />
</pre><br />
* play a music file (here a .ogg, supposing the libgstogg plugin was installed):<br />
<pre class="apf"><br />
# gst-launch filesrc location=toto.ogg ! decodebin ! audioconvert ! audioresample ! alsasink<br />
</pre><br />
* record a sound from a mic (APF27 only) and store it as an uncompressed wav file:<br />
<pre class="apf"><br />
# gst-launch alsasrc ! audioconvert ! audioresample ! wavenc ! filesink location=mic.wav<br />
</pre><br />
* record a sound from a mic (APF27 only) and compress it (ogg/worbis):<br />
<pre class="apf"><br />
# gst-launch alsasrc ! audioconvert ! audioresample ! vorbisenc ! oggmux ! filesink location=mic.ogg<br />
</pre><br />
* record a sound from a mic (APF27 only) @ 8KHz (16KHz is too CPU consuming), compress it with [[Speex]] and send it to your Host (here 192.168.1.2) at port 6666:<br />
<pre class="apf"><br />
# gst-launch -v alsasrc ! audioconvert ! audioresample ! 'audio/x-raw-int,rate=8000,width=16,channels=1' ! speexenc ! rtpspeexpay ! udpsink host=192.168.1.2 port=6666<br />
</pre><br />
<pre class="host"><br />
$ gst-launch udpsrc port=6666 caps="application/x-rtp, media=(string)audio, clock-rate=(int)16000, encoding-name=(string)SPEEX, encoding-params=(string)1, payload=(int)110" ! gstrtpjitterbuffer ! rtpspeexdepay ! speexdec ! audioconvert ! audioresample ! autoaudiosink<br />
</pre><br />
<pre class="host"><br />
$ gst-launch udpsrc port=6666 caps="application/x-rtp, media=(string)audio, clock-rate=(int)16000, encoding-name=(string)SPEEX, encoding-params=(string)1, payload=(int)110" ! gstrtpjitterbuffer ! rtpspeexdepay ! speexdec ! audioconvert ! audioresample ! wavenc ! filesink location=toto.wav<br />
</pre><br />
<br />
===Video===<br />
====Plugins====<br />
* You'll need to activate a few plugins in Buildroot menuconfig to play videos with Gstreamer:<br />
<pre class="config"><br />
Package Selection for the target ---><br />
Audio and video libraries and applications ---><br />
...<br />
-*- gst-plugins-base ---><br />
[*] ffmpegcolorspace (mandatory for video playback)<br />
...<br />
[*] playback (mandatory)<br />
[*] gst-plugins-good ---><br />
[*] videobox<br />
[*] videocrop<br />
[*] gst-plugins-bad ---><br />
[*] fbdev<br />
</pre><br />
<br />
====Test installation====<br />
* To test your Gstreamer installation, you need to select a plugin in Buildroot menuconfig:<br />
<pre class="config"><br />
Package Selection for the target ---><br />
Audio and video libraries and applications ---><br />
...<br />
-*- gst-plugins-base ---><br />
[*] videotestsrc<br />
</pre><br />
<br />
* Then on your APF system, launch the following command:<br />
<pre class="apf"><br />
# gst-launch -v videotestsrc ! videocrop top=42 left=1 right=4 bottom=0 ! fbdevsink<br />
</pre><br />
You must see a pattern displayed on the screen if your Gstreamer installation is working well.<br />
<br />
====Play video====<br />
=====MPEG 1/2=====<br />
* If you want to play MPEG 1/2 video, you have to install some plugins in Buildroot menuconfig:<br />
<pre class="config"><br />
Package Selection for the target ---><br />
Audio and video libraries and applications ---><br />
...<br />
[*] gst-plugins-bad ---><br />
[*] mpegdemux<br />
[*] mpegtsmux<br />
[*] mpeg4videoparse<br />
[*] mpegvideoparse<br />
[*] gst-plugins-ugly ---><br />
[*] mpegaudioparse<br />
[*] mpegstream<br />
</pre><br />
<br />
======With FFmpeg decoder======<br />
* In Buildroot menuconfig, select:<br />
<pre class="config"><br />
Package Selection for the target ---><br />
Audio and video libraries and applications ---><br />
...<br />
-*- ffmpeg ---><br />
...<br />
[*] gst-ffmpeg<br />
</pre><br />
<br />
* On your APF system, play the video with the command:<br />
<pre class="apf"><br />
# gst-launch filesrc location=VIDEO_FILE_LOCATION ! mpegdemux ! ffdec_mpegvi<br />
deo ! ffmpegcolorspace ! fbdevsink<br />
</pre><br />
<br />
======With mpeg2dec decoder======<br />
* In Buildroot menuconfig, select:<br />
<pre class="config"><br />
Package Selection for the target ---><br />
Audio and video libraries and applications ---><br />
...<br />
[*] gst-plugins-ugly ---><br />
[*] mpeg2dec<br />
</pre><br />
<br />
* On your APF system, play the video with the command:<br />
<pre class="apf"><br />
# gst-launch filesrc location=Pixar_For_the_Birds.mpg ! mpegdemux ! mpeg2dec ! f<br />
fmpegcolorspace ! fbdevsink<br />
</pre><br />
<br />
==Links==<br />
* http://www.gstreamer.net/<br />
* http://lists.affinix.com/pipermail/delta-affinix.com/2009-April/001493.html</div>JeremieShttp://armadeus.org/wiki/index.php?title=AsDevices&diff=9524AsDevices2011-04-18T08:34:25Z<p>JeremieS: Development planning : C++ wrappers</p>
<hr />
<div>{{Under_Construction}}<br />
<br />
AsDevices is an ARMadeus specific library that simplify APF-board devices usage for developers. This library is written to be used with C, C++, Python, (Java?) languages.<br />
The core is written in C and other languages support is done with "wrappers".<br />
<br />
{{Note| This library is under development, see the [[AsDevices#Development_planning | Development planning.]] to know which functionality is finished.}}<br />
<br />
== Install AsDevices on target ==<br />
<br />
The library is included in Buildroot menu, to use it just select it:<br />
<pre class="host"><br />
$ make menuconfig<br />
</pre><br />
<br />
<pre class="config"><br />
Package Selection for the target ---><br />
*** Armadeus specific packages ***<br />
Armadeus specific tools/utilities ---> <br />
[*] as_devices <br />
</pre><br />
<br />
The base library is in C, to use it with C++ or Python, select the wrapper you need. (For Python you will need to select Python interpreter before as_devices wrapper).<br />
<br />
== Using library in C ==<br />
<br />
All functions in AsDevices library are constructed on the same way. An as_*_open() function return a device structure or an int that represent the device used. All function take this device structure in first parameter, and a function as_*_close() close the device :<br />
<br />
<source lang="C"><br />
struct as_devicename_dev * as_devicename_open(<some parameters>);<br />
<br />
as_devicename_do-something-with-device(struct as_devicename_dev *aDev, <some parameters>);<br />
<br />
int as_devicename_close(struct as_devicename_dev *aDev);<br />
</source><br />
<br />
For each library, full documentation can be found in C header in directory ''target/packages/as_devices/c''.<br />
<br />
=== I²C ===<br />
<br />
as_i2c_* functions are used to access devices on i²c bus that doesn't have/need a Linux driver. If you want to access an i²c device, please find out if a driver is not already existing before using this method.<br />
<br />
To open the bus, you have to know its number. On [[APF9328]] and [[APF27]] only two busses are present: number 0 and number 1. The ''open()'' function returns an int (file descriptor of the opened ''/dec/i2c-x''), that have to be passed to all other as_i2c_* functions :<br />
<br />
<source lang="C"><br />
int as_i2c_open(unsigned int i2c_id);<br />
</source><br />
<br />
Then depending on the complexity of the I2C device communication protocol, you can either use read()/write() (simple frames) or ioctl() with complex "read then write"/"write then read" messages.<br />
<br />
* Example (simple write()):<br />
<br />
<source lang="C"><br />
#include <stdlib.h><br />
#include <stdio.h><br />
<br />
#include <as_devices/as_i2c.h><br />
<br />
<br />
int my_device = 0;<br />
#define MY_DEV_ADDR 0x23<br />
#define MY_I2C_BUS 1<br />
unsigned char buf[10];<br />
int ret;<br />
<br />
...<br />
<br />
my_device = as_i2c_open(MY_I2C_BUS);<br />
if (my_device < 0) {<br />
printf("Can't init I2C port %d!!\n", MY_I2C_BUS);<br />
return -1;<br />
}<br />
as_i2c_set_slave(my_device, MY_DEV_ADDR);<br />
<br />
...<br />
<br />
buf[0] = (unsigned char) my_val;<br />
ret = write(my_device, buf, 1);<br />
if (ret < 0)<br />
printf("Error while sending data to device !!\n");<br />
<br />
...<br />
</source><br />
<br />
=== SPI ===<br />
<br />
==== Usage ====<br />
To use as_spi_* function, the ''spidev'' kernel module/interface is required. See [[SPI]]<br />
page to know how to configure it.<br />
<br />
Once the device file ''/dev/spidevx.x'' is available from the kernel, as_spi library can be used by including the ''as_spi.h'' header in your C source code:<br />
<br />
<source lang="C"><br />
#include <as_devices/as_spi.h><br />
</source><br />
<br />
Full description of the API can be found in this header, available on<br />
[http://armadeus.git.sourceforge.net/git/gitweb.cgi?p=armadeus/armadeus;a=blob_plain;f=target/packages/as_devices/c/as_spi.h;hb=HEAD sourceforge repository].<br />
<br />
==== Example ====<br />
<br />
The three mains useful functions used to communicate with a slave SPI device<br />
are :<br />
<br />
<source lang="C"><br />
int as_spi_open(const unsigned char *aSpidev_name);<br />
</source><br />
<br />
To open the ''/dev/spidevx.x'' special spi file. This function return a file<br />
handler that will be used for all othes as_spi_* function.<br />
<br />
<source lang="C"><br />
void as_spi_close(int aFd);<br />
</source><br />
<br />
As its name said, to close the device.<br />
<br />
<source lang="C"><br />
uint32_t as_spi_msg(int aFd, <br />
uint32_t aMsg, <br />
size_t aLen,<br />
uint32_t aSpeed);<br />
</source><br />
<br />
This function forge spi messages on MOSI pin and return MISO message.<br />
<br />
=== GPIO ===<br />
<br />
==== Usage ====<br />
<br />
To use as_gpio_* functions, the ''gpio'' kernel module is required. See [[GPIO_Driver]] page to know how to configure it.<br />
<br />
Once the device files ''/dev/gpio/*'' are available , as_gpio library can be use by including ''as_gpio.h'' header in the C source code of your application.<br />
<br />
<source lang="C"><br />
#include <as_devices/as_gpio.h><br />
</source><br />
<br />
==== Example ====<br />
<br />
Two examples are given, one for lightening led D14 and one to use blocking read on switch S1. This two example are made for [[APF27Dev]] daughter card.<br />
<br />
* '''Lightening led'''<br />
With as_gpio, each pin port can be openned separately. The as_gpio_open() function returns a pointer on gpio pin structure declared like this:<br />
<br />
<source lang="C"><br />
int ret; /* for returning value */<br />
struct as_gpio_device *pf14;<br />
</source><br />
<br />
On APF27Dev, D14 is plugged on port F pin 14, then to open it :<br />
<br />
<source lang="C"><br />
pf14 = as_gpio_open('F', 14);<br />
</source><br />
<br />
GPIO must be configured in ouput mode :<br />
<br />
<source lang="C"><br />
ret = as_gpio_set_pin_direction(pf14, 1);<br />
</source><br />
<br />
Then to switch LED value, just use ''as_gpio_set_pin_value()'' function:<br />
<br />
<source lang="C"><br />
ret = as_gpio_set_pin_value(pf14, 1); /* led off */<br />
...<br />
ret = as_gpio_set_pin_value(pf14, 0); /* led on */<br />
</source><br />
<br />
Note that because off led wiring, led polarity is inverted (to light on set 0).<br />
<br />
Once gpio pin usage is terminated, it must be closed :<br />
<br />
<source lang="C"><br />
as_gpio_close(pf14);<br />
</source><br />
<br />
* '''Pressing button'''<br />
<br />
The button S1 can be used to test interrupt capability of gpio. The button is plugged on gpio port F pin 13.<br />
After declaring the ''as_gpio_device'' structure, the pin port can be opened :<br />
<br />
<source lang="C"><br />
struct as_gpio_device *pf13;<br />
[...]<br />
<br />
pf13 = as_gpio_open('F', 13);<br />
</source><br />
<br />
To stuff must be configured before using it as interruption source, direction and IRQ mode.<br />
<br />
'''direction'''<br />
<source lang="C"><br />
ret = as_gpio_set_pin_direction(pf13, 0); /* set switch as input */<br />
</source><br />
<br />
'''IRQ mode'''<br />
There is four IRQ mode :<br />
* '''GPIO_IRQ_MODE_NOINT ''': No interrupt, the processor will ignore event on this gpio.<br />
* '''GPIO_IRQ_MODE_RISING ''': rising edge, the processor will generate an interruption on rising edge of gpio pin.<br />
* '''GPIO_IRQ_MODE_FALLING''': falling edge, the processor will generate an interruption on falling edge of gpio pin.<br />
* '''GPIO_IRQ_MODE_BOTH ''': both, the processor will generate an interruption on both rising or falling edge of gpio.<br />
<br />
<source lang="C"><br />
ret = as_gpio_set_irq_mode(pf13, GPIO_IRQ_MODE_FALLING); /* interrupt will be generated on pushed button */<br />
</source><br />
<br />
To capture interruption, the blocking read function can be used with a timeout. If no interruption is raised after the timeout time, read function end with error value -10.<br />
<br />
<source lang="C"><br />
ret = as_gpio_blocking_get_pin_value(pf13, 3, 0); /* wait for interruption for 3 seconds and 0 µs) */<br />
if(ret == -10)<br />
printf("Timeout\n");<br />
</source><br />
<br />
=== MAX1027 ===<br />
=== MAX5821 ===<br />
=== 93LCXX ===<br />
=== PWM ===<br />
==== Usage ====<br />
<br />
To use as_pwm_* functions, the kernel module ''imx_pwm'' needs to be loaded. See [[PWM]] page to know how to configure it.<br />
<br />
Once the special files ''/sys/class/pwm/pwmX/*'' are available , as_pwm_* functions can be use by including ''as_pwm.h'' header in the C source code of your application.<br />
<br />
<source lang="C"><br />
#include <as_devices/as_pwm.h><br />
</source><br />
<br />
==== Example ====<br />
<br />
<source lang="C"><br />
#include <as_devices/as_pwm.h><br />
...<br />
<br />
int main(int argc, char *argv[])<br />
{<br />
struct as_pwm_device *my_pwm;<br />
...<br />
my_pwm = as_pwm_open(0);<br />
if (!my_pwm)<br />
printf("Can't init PWM !!\n");<br />
as_pwm_set_frequency(my_pwm, 150);<br />
as_pwm_set_duty(my_pwm, 500);<br />
...<br />
as_pwm_set_state(my_pwm, 1);<br />
}<br />
</source><br />
<br />
== Using library in Python ==<br />
<br />
To use AsDevices in Python, select the python wrapper in menuconfig as follow :<br />
<br />
<pre class="config"><br />
Package Selection for the target ---><br />
*** Armadeus specific packages ***<br />
Armadeus specific tools/utilities ---> <br />
[*] as_devices <br />
[*] wrapper Python<br />
</pre><br />
<br />
then compile bsp and flash it on your board.<br />
<br />
Once done, just import the module AsDevices to use all function available in library:<br />
<br />
<source lang="python"><br />
import AsDevices<br />
</source><br />
<br />
== Using library in C++ ==<br />
<br />
'''TODO'''<br />
<br />
== Development planning ==<br />
<br />
AsDevices is not finished, following table indicates the remaining work:<br />
<br />
{| border="1" cellpadding="5" cellspacing="0" summary="Development planning of AsDevices"<br />
|- style="background:#efefef;" align="center"<br />
! Name !! C functions !! C++ wrapper !! Python wrapper !! Python class !! description <br />
|- align="center"<br />
| [[I2C | i2c]] || bgcolor="green"| Ok || bgcolor="green"| Ok ||bgcolor=#FF0000| NOK ||bgcolor=#FF0000| NOK || Drive I2C<br />
|- align="center"<br />
| [[SPI | spi]] || bgcolor="green" | Ok, not fully tested || bgcolor="green"| Ok, not fully tested ||bgcolor=#FF0000| NOK ||bgcolor=#FF0000| NOK || Drive SPI<br />
|- align="center"<br />
| [[Gpio | gpio]] || bgcolor="green"| Ok || bgcolor="green"| Ok ||bgcolor="green" | Ok ||bgcolor="green" | Ok || Drive GPIO<br />
|- align="center"<br />
| [[ADC_max1027 | max1027]] || bgcolor="green"| Ok for SLOW mode ||bgcolor="green"| Ok ||bgcolor=#FF0000| NOK ||bgcolor=#FF0000| NOK || Drive Analog to Digital chip [http://www.maxim-ic.com/quick_view2.cfm/qv_pk/3872/t/al MAX1027]<br />
|- align="center"<br />
| [[Max5821 | max5821]] || bgcolor="green"| OK ||bgcolor="green"| Ok, not fully tested ||bgcolor=#FF0000| NOK ||bgcolor=#FF0000| NOK || Drive Digital to Analog chip [http://www.maxim-ic.com/quick_view2.cfm/qv_pk/3288/t/al MAX5821]<br />
|- align="center"<br />
| 93LCxx || bgcolor="green"| OK ||bgcolor=#FF0000| NOK ||bgcolor=#FF0000| NOK ||bgcolor=#FF0000| NOK || [http://ww1.microchip.com/downloads/en/DeviceDoc/21749G.pdf EEPROM memory on SPI].<br />
|- align="center"<br />
| [[PWM]] || bgcolor="green" | OK || bgcolor="red" | NOK || bgcolor="red" | NOK || bgcolor="red" | NOK || Drive imx27 pwm |<br />
|- align="center"<br />
|}</div>JeremieShttp://armadeus.org/wiki/index.php?title=APF27_PPS&diff=9484APF27 PPS2011-03-24T15:48:32Z<p>JeremieS: /* IPSec */</p>
<hr />
<div>==Description==<br />
PPS is an Armadeus System's baseboard for the [[APF27]] module. It can be used to implement and securize network applications such as routers and gateways.<br />
<br />
{|border=0 summary="Photos"<br />
|----------------<br />
| [[Image:PPS_recto.jpeg|center|thumb|400px|Front side, you can see dual Ethernet, USB 2.0 Host & OTG, WiFi Antenna, extension connector footprint and power supply]]<br />
|| [[Image:PPS_verso.jpeg|center|thumb|200px|Back side, with an APF27 module plugged-in]]<br />
<br />
|}<br />
<br />
==Resources==<br />
* [http://www.armadeus.com/english/products-development_boards-apf27_pps.html Product page on Armadeus Systems website]<br />
* [http://www.armadeus.com/_downloads/apf27_PPS/hardware Schematics]<br />
* [http://www.armadeus.com/_downloads/apf27_PPS/documentation Datasheet]<br />
* [http://www.armadeus.com/_downloads/apf27_PPS/hardware Mechanical drawings]<br />
<br />
==Software features==<br />
There are some network applications/features that are preselected in the PPS baseboard default configuration:<br />
* Encryption / Security<br />
** [[SSH|OpenSSH]]<br />
** [[IPSec / IPTables]]<br />
* [[USB Gadget#To emulate an Ethernet link|USB Ethernet gadget support]]<br />
* [[USB Gadget#To emulate a serial link|USB RS232 gadget support]]<br />
* [[USB to Ethernet adapter|SMSC USB to Ethernet Adapter]]<br />
* [[Boa|Boa Web Server]]<br />
* [[WiFi|Wireless tools]] (for securized WiFi with WEP encryption)<br />
* [[WPA supplicant]] (for securized WiFi with WPA/WPA2 encryption)<br />
<br />
{{Note|You can also use the PPS test scripts located in ''/usr/local/pps/scripts'' on the system to test some software functionalities.}}<br />
<br />
==SSH terminal==<br />
The APF27 PPS filesystem is configured to enable SSH connection from a host computer.<br />
It allows you to access a system terminal through the default Ethernet port (the one aside USB Host connector).<br />
<br />
* The default connection informations are:<br />
** '''IP address''': 192.168.0.10<br />
** '''Login''': guest<br />
** '''Password''': armadeus<br />
<br />
* Then you can connect to your system by running the following command on your host:<br />
<pre class="host"><br />
$ ssh guest@192.168.0.10<br />
</pre><br />
<br />
* For more details, refer to the [[SSH#Dropbear|SSH - Dropbear page]] in the Wiki.<br />
<br />
==Debug / Development interface==<br />
* In order to gain access to the serial port of the APF27 (U-Boot & Linux console), a small adapter cable has to be done.<br />
A standard 2.54mm pin header connector (J5) allows accessing the TX and RX debug lines of the i.MX27.<br />
The signals are compatible with a the RS-232 standard so no level translator is required.<br />
<br />
The pinout is described in the [http://www.armadeus.com/_downloads/apf27_PPS/documentation/pps_datasheet_v0A.pdf datasheet] and summarized here:<br />
* pin 1 (square pad): not connected<br />
* pin 2: TX line (processor side)<br />
* pin 3: RX line (processor side)<br />
* pin 4: GND<br />
<br />
{|border=0 summary="Photos"<br />
|----------------<br />
| [[Image:APF27_PPS_J5.png|center|thumb|200px| J5 pin 1]]<br />
|| [[Image:APF27_PPS_RS232_standard.gif|center|thumb|200px| DB9 connection like on APF27Dev (requires Null-Modem cable)]]<br />
|| [[Image:Apf27_PPS_RS232.png|center|thumb|200px| DB9 connection for direct USB<->Serial adapter usage]]<br />
<br />
|}<br />
<br />
* Now you have the debug access, you can [[Setup| install all the tools needed to control your board on your Host]].<br />
<br />
==WiFi usage==<br />
On PPS, WiFi/Libertas driver usage is a little bit different than on other platforms. Here are the things to know:<br />
<br />
===Drivers setup===<br />
You have to install Libertas SDIO and MMC drivers as modules to make Wi2Wi chipset work correctly on PPS (done by default):<br />
<pre class="host"><br />
$ make linux26-menuconfig<br />
</pre><br />
<br />
<pre class="config"><br />
Device drivers ---><br />
[*] Network device support ---><br />
Wireless LAN ---><br />
[*] Wireless LAN (IEEE 802.11)<br />
<M> Marvell 8xxx Libertas WLAN driver support<br />
< > Marvell Livertas 8388 USB 802.11b/g cards<br />
<M> Marvell Libertas 8385 and 8686 SDIO 802.11b/g cards<br />
<M> MMC/SD/SDIO card support ---><br />
*** MMC/SD/SDIO Card Drivers ***<br />
<M> MMC block device driver<br />
</pre><br />
<br />
===Initializing the connection===<br />
Before creating the WiFi connection, you must load the Libertas SDIO and the MMC modules:<br />
<pre class="apf"><br />
# modprobe mxcmmc<br />
i.MX SDHC driver<br />
mmc0: new SDIO card at address 0001<br />
<br />
# modprobe libertas_sdio<br />
lib80211: common routines for IEEE802.11 drivers<br />
libertas_sdio: Libertas SDIO driver<br />
libertas_sdio: Copyright Pierre Ossman<br />
libertas_sdio mmc0:0001:1: firmware: requesting sd8686_helper.bin<br />
libertas_sdio mmc0:0001:1: firmware: requesting sd8686.bin<br />
libertas: 00:19:88:11:6b:d8, fw 9.70.3p36, cap 0x00000303<br />
eth1 (libertas_sdio): not using net_device_ops yet<br />
libertas: PREP_CMD: command 0x00a3 failed: 2<br />
libertas: PREP_CMD: command 0x00a3 failed: 2<br />
libertas: eth1: Marvell WLAN 802.11 adapter<br />
</pre><br />
<br />
Then all informations on [[Libertas_driver]] page apply.<br />
<br />
===Shutdown WiFi interface===<br />
You have to unload the MMC driver along with the Libertas SDIO if you want to completely shutdown the WiFi interface:<br />
<pre class="apf"><br />
# ifconfig eth1 down<br />
# rmmod mxcmmc<br />
# rmmod libertas_sdio<br />
</pre><br />
<br />
===Reset Wi2Wi===<br />
To reset the chipset, you have to use the Wi2Wi RESET GPIO:<br />
<pre class="apf"><br />
# source /usr/bin/gpio_helpers.sh<br />
<br />
# gpio_mode PE11 1<br />
# gpio_set_value PE11 0<br />
# gpio_set_value PE11 1<br />
</pre><br />
<br />
==Test scripts==<br />
You can find test scripts in PPS' filesystem to help you to test the PPS' functionalities.<br />
They are located in the directory ''/usr/local/pps/scripts'' but you can run them from any directory.<br />
<br />
=== Boa ===<br />
* '''File'''<br />
** init_boa.sh<br />
* No argument<br />
* '''Usage''': init_boa.sh<br />
* '''Functionality''': Enable a web server with an interpreted HTML page accessible from outside the system.<br />
<br />
=== USB Gadget ===<br />
==== Ethernet Gadget ====<br />
* '''File'''<br />
** test_ether_gadget.sh<br />
* No argument<br />
* '''Usage''': test_ether_gadget.sh<br />
* '''Functionality''': Activate an Ethernet connection interface on the system through the USB Gadget port.<br />
* '''Test''': Try to ping the system from your host PC on ''192.168.10.1''.<br />
<br />
==== RS232 Gadget ====<br />
* '''File'''<br />
** test_rs232_gadget.sh<br />
* No argument<br />
* '''Usage''': test_rs232_gadget.sh<br />
* '''Functionality''': Enable a RS232 connection interface on the system through the USB Gadget port.<br />
* '''Test''': Enter some datas or texts through /dev/ttyACM0 on your host PC. You should see the same datas displayed on the system.<br />
<br />
=== Bridge ===<br />
* '''File'''<br />
** test_bridge.sh<br />
* No argument<br />
* '''Usage''': test_bridge.sh<br />
* '''Functionality''': Create a bridge through two connection interfaces on the system.<br />
<br />
=== SMSC95xx ===<br />
* '''File'''<br />
** test_ether_smsc95xx.sh<br />
* No argument<br />
* '''Usage''': test_ether_smsc95xx.sh<br />
* '''Functionality''': Create an Ethernet connection interface through the Ethernet SMSC95xx port.<br />
* '''Test''': Try to ping the address ''192.168.0.251'' on your host PC.<br />
<br />
=== Wifi ===<br />
==== IWConfig ''(WEP)'' ====<br />
* '''File'''<br />
** test_wifi.sh<br />
* No argument<br />
* '''Usage''': test_wifi.sh<br />
* '''Functionality''': Create a Wifi connection interface with [[Wifi|IWConfig ''(WEP encryption)'']].<br />
* '''Test''': Ping the address ''192.168.0.251'' on your host PC.<br />
<br />
==== WPA Supplicant ''(WPA/WPA2)'' ====<br />
* '''Files'''<br />
** init_wpa.sh<br />
** reset_wi2wi.sh<br />
** stop_wpa.sh<br />
* '''Arguments'''<br />
** ''SSID'': Wifi connection SSID<br />
** ''PASSPHRASE'': Wifi connection passphrase<br />
* '''Usage''': init_wpa.sh SSID PASSPHRASE<br />
* '''Functionality''': Create a Wifi connection interface with [[WPA supplicant|WPA Supplicant ''(WPA/WPA2 encryption)'']].<br />
* '''Test'''<br />
** Ping the address ''192.168.0.251'' on your host PC.<br />
** To unable the connection, you can run ''stop_wpa.sh''.<br />
** To restart WPA Supplicant, first run ''stop_wpa.sh'' then ''init_wpa.sh'' again.<br />
<br />
=== OpenSSH ===<br />
* '''File'''<br />
** test_ssh_tunnel.sh<br />
* '''Arguments'''<br />
** ''USERNAME'': the login of the user you want to connect on.<br />
** ''HOSTADDRESS'': the IP address of the host PC you want to connect on.<br />
** ''VIRTUALPORT'': the virtual port used to hide the encrypted port.<br />
** ''TELNETPORT'': the number of your Telnet port (must be same on the system and the host PC)<br />
* '''Usage''': test_ssh_tunnel.sh USERNAME HOSTADDRESS VIRTUALPORT TELNETPORT<br />
* '''Functionality''': Create a SSH connection between the system and your host PC on the Telnet port.<br />
* '''Test''': To test it, launch a Wireshark on the host PC to check the datas on your host IP address. The password you type and the name of the [[Telnet]] protocol must be encrypted.<br />
<br />
=== IPSec ===<br />
* '''File'''<br />
** test_ipsec.sh<br />
* '''Argument'''<br />
** ''IPADDRESS'': the system's IP address of the encrypted connection<br />
* '''Usage''': test_ipsec.sh IPADDRESS<br />
* '''Functionality''': Encrypt the connection between your host PC and the system.<br />
* '''Test'''<br />
** Before running the script, edit the file ''/etc/ipsec-tools.conf'' and put the right IP addresses for the system and your host PC.<br />
** Launch Wireshark on your host PC on the encrypted connection's IP address.<br />
** Run [[Telnet]] on the system toward your host PC:<pre class="apf">telnet HOST_ADDRESS</pre><br />
** Your login, password and the name of the [[Telnet]] protocol must be encrypted.<br />
<br />
==Feature list==<br />
<br />
{| border="0" cellpadding="5" cellspacing="5" summary="Hardware Add-Ons by functionnalities"<br />
|----------------<br />
|- style="background:#f4f4f4; color:black; -moz-border-radius:18px;"<br />
|<br />
<br />
===Wired communication===<br />
* [[Uart|UART]]<br />
* [[SPI]]<br />
* [[I2C]]<br />
* [[USB Host]]<br />
* USB OTG<br />
* Ethernet<br />
<br />
===Wireless communication===<br />
* [[Libertas driver|Wi2Wi chipset driver]] (see [[Libertas driver#Wi2Wi chipset|Wi2Wi Section]])<br />
* [[Wifi|WiFi usage on Linux]]<br />
<br />
||<br />
<br />
===Other===<br />
* [[PWM]]: PWM output is on J22 pin 4 <br>(2.8V output, if configured as output)<br />
* [[GPIO Driver]]<br />
* [[JTAG]]<br />
<br />
||<br />
<br />
===FPGA===<br />
* [[Using FPGA]]<br />
<br />
[[Category:DevelopmentBoards]]<br />
[[Category:Hardware]]</div>JeremieShttp://armadeus.org/wiki/index.php?title=APF27_PPS&diff=9483APF27 PPS2011-03-24T15:43:20Z<p>JeremieS: PPS' test scripts</p>
<hr />
<div>==Description==<br />
PPS is an Armadeus System's baseboard for the [[APF27]] module. It can be used to implement and securize network applications such as routers and gateways.<br />
<br />
{|border=0 summary="Photos"<br />
|----------------<br />
| [[Image:PPS_recto.jpeg|center|thumb|400px|Front side, you can see dual Ethernet, USB 2.0 Host & OTG, WiFi Antenna, extension connector footprint and power supply]]<br />
|| [[Image:PPS_verso.jpeg|center|thumb|200px|Back side, with an APF27 module plugged-in]]<br />
<br />
|}<br />
<br />
==Resources==<br />
* [http://www.armadeus.com/english/products-development_boards-apf27_pps.html Product page on Armadeus Systems website]<br />
* [http://www.armadeus.com/_downloads/apf27_PPS/hardware Schematics]<br />
* [http://www.armadeus.com/_downloads/apf27_PPS/documentation Datasheet]<br />
* [http://www.armadeus.com/_downloads/apf27_PPS/hardware Mechanical drawings]<br />
<br />
==Software features==<br />
There are some network applications/features that are preselected in the PPS baseboard default configuration:<br />
* Encryption / Security<br />
** [[SSH|OpenSSH]]<br />
** [[IPSec / IPTables]]<br />
* [[USB Gadget#To emulate an Ethernet link|USB Ethernet gadget support]]<br />
* [[USB Gadget#To emulate a serial link|USB RS232 gadget support]]<br />
* [[USB to Ethernet adapter|SMSC USB to Ethernet Adapter]]<br />
* [[Boa|Boa Web Server]]<br />
* [[WiFi|Wireless tools]] (for securized WiFi with WEP encryption)<br />
* [[WPA supplicant]] (for securized WiFi with WPA/WPA2 encryption)<br />
<br />
{{Note|You can also use the PPS test scripts located in ''/usr/local/pps/scripts'' on the system to test some software functionalities.}}<br />
<br />
==SSH terminal==<br />
The APF27 PPS filesystem is configured to enable SSH connection from a host computer.<br />
It allows you to access a system terminal through the default Ethernet port (the one aside USB Host connector).<br />
<br />
* The default connection informations are:<br />
** '''IP address''': 192.168.0.10<br />
** '''Login''': guest<br />
** '''Password''': armadeus<br />
<br />
* Then you can connect to your system by running the following command on your host:<br />
<pre class="host"><br />
$ ssh guest@192.168.0.10<br />
</pre><br />
<br />
* For more details, refer to the [[SSH#Dropbear|SSH - Dropbear page]] in the Wiki.<br />
<br />
==Debug / Development interface==<br />
* In order to gain access to the serial port of the APF27 (U-Boot & Linux console), a small adapter cable has to be done.<br />
A standard 2.54mm pin header connector (J5) allows accessing the TX and RX debug lines of the i.MX27.<br />
The signals are compatible with a the RS-232 standard so no level translator is required.<br />
<br />
The pinout is described in the [http://www.armadeus.com/_downloads/apf27_PPS/documentation/pps_datasheet_v0A.pdf datasheet] and summarized here:<br />
* pin 1 (square pad): not connected<br />
* pin 2: TX line (processor side)<br />
* pin 3: RX line (processor side)<br />
* pin 4: GND<br />
<br />
{|border=0 summary="Photos"<br />
|----------------<br />
| [[Image:APF27_PPS_J5.png|center|thumb|200px| J5 pin 1]]<br />
|| [[Image:APF27_PPS_RS232_standard.gif|center|thumb|200px| DB9 connection like on APF27Dev (requires Null-Modem cable)]]<br />
|| [[Image:Apf27_PPS_RS232.png|center|thumb|200px| DB9 connection for direct USB<->Serial adapter usage]]<br />
<br />
|}<br />
<br />
* Now you have the debug access, you can [[Setup| install all the tools needed to control your board on your Host]].<br />
<br />
==WiFi usage==<br />
On PPS, WiFi/Libertas driver usage is a little bit different than on other platforms. Here are the things to know:<br />
<br />
===Drivers setup===<br />
You have to install Libertas SDIO and MMC drivers as modules to make Wi2Wi chipset work correctly on PPS (done by default):<br />
<pre class="host"><br />
$ make linux26-menuconfig<br />
</pre><br />
<br />
<pre class="config"><br />
Device drivers ---><br />
[*] Network device support ---><br />
Wireless LAN ---><br />
[*] Wireless LAN (IEEE 802.11)<br />
<M> Marvell 8xxx Libertas WLAN driver support<br />
< > Marvell Livertas 8388 USB 802.11b/g cards<br />
<M> Marvell Libertas 8385 and 8686 SDIO 802.11b/g cards<br />
<M> MMC/SD/SDIO card support ---><br />
*** MMC/SD/SDIO Card Drivers ***<br />
<M> MMC block device driver<br />
</pre><br />
<br />
===Initializing the connection===<br />
Before creating the WiFi connection, you must load the Libertas SDIO and the MMC modules:<br />
<pre class="apf"><br />
# modprobe mxcmmc<br />
i.MX SDHC driver<br />
mmc0: new SDIO card at address 0001<br />
<br />
# modprobe libertas_sdio<br />
lib80211: common routines for IEEE802.11 drivers<br />
libertas_sdio: Libertas SDIO driver<br />
libertas_sdio: Copyright Pierre Ossman<br />
libertas_sdio mmc0:0001:1: firmware: requesting sd8686_helper.bin<br />
libertas_sdio mmc0:0001:1: firmware: requesting sd8686.bin<br />
libertas: 00:19:88:11:6b:d8, fw 9.70.3p36, cap 0x00000303<br />
eth1 (libertas_sdio): not using net_device_ops yet<br />
libertas: PREP_CMD: command 0x00a3 failed: 2<br />
libertas: PREP_CMD: command 0x00a3 failed: 2<br />
libertas: eth1: Marvell WLAN 802.11 adapter<br />
</pre><br />
<br />
Then all informations on [[Libertas_driver]] page apply.<br />
<br />
===Shutdown WiFi interface===<br />
You have to unload the MMC driver along with the Libertas SDIO if you want to completely shutdown the WiFi interface:<br />
<pre class="apf"><br />
# ifconfig eth1 down<br />
# rmmod mxcmmc<br />
# rmmod libertas_sdio<br />
</pre><br />
<br />
===Reset Wi2Wi===<br />
To reset the chipset, you have to use the Wi2Wi RESET GPIO:<br />
<pre class="apf"><br />
# source /usr/bin/gpio_helpers.sh<br />
<br />
# gpio_mode PE11 1<br />
# gpio_set_value PE11 0<br />
# gpio_set_value PE11 1<br />
</pre><br />
<br />
==Test scripts==<br />
You can find test scripts in PPS' filesystem to help you to test the PPS' functionalities.<br />
They are located in the directory ''/usr/local/pps/scripts'' but you can run them from any directory.<br />
<br />
=== Boa ===<br />
* '''File'''<br />
** init_boa.sh<br />
* No argument<br />
* '''Usage''': init_boa.sh<br />
* '''Functionality''': Enable a web server with an interpreted HTML page accessible from outside the system.<br />
<br />
=== USB Gadget ===<br />
==== Ethernet Gadget ====<br />
* '''File'''<br />
** test_ether_gadget.sh<br />
* No argument<br />
* '''Usage''': test_ether_gadget.sh<br />
* '''Functionality''': Activate an Ethernet connection interface on the system through the USB Gadget port.<br />
* '''Test''': Try to ping the system from your host PC on ''192.168.10.1''.<br />
<br />
==== RS232 Gadget ====<br />
* '''File'''<br />
** test_rs232_gadget.sh<br />
* No argument<br />
* '''Usage''': test_rs232_gadget.sh<br />
* '''Functionality''': Enable a RS232 connection interface on the system through the USB Gadget port.<br />
* '''Test''': Enter some datas or texts through /dev/ttyACM0 on your host PC. You should see the same datas displayed on the system.<br />
<br />
=== Bridge ===<br />
* '''File'''<br />
** test_bridge.sh<br />
* No argument<br />
* '''Usage''': test_bridge.sh<br />
* '''Functionality''': Create a bridge through two connection interfaces on the system.<br />
<br />
=== SMSC95xx ===<br />
* '''File'''<br />
** test_ether_smsc95xx.sh<br />
* No argument<br />
* '''Usage''': test_ether_smsc95xx.sh<br />
* '''Functionality''': Create an Ethernet connection interface through the Ethernet SMSC95xx port.<br />
* '''Test''': Try to ping the address ''192.168.0.251'' on your host PC.<br />
<br />
=== Wifi ===<br />
==== IWConfig ''(WEP)'' ====<br />
* '''File'''<br />
** test_wifi.sh<br />
* No argument<br />
* '''Usage''': test_wifi.sh<br />
* '''Functionality''': Create a Wifi connection interface with [[Wifi|IWConfig ''(WEP encryption)'']].<br />
* '''Test''': Ping the address ''192.168.0.251'' on your host PC.<br />
<br />
==== WPA Supplicant ''(WPA/WPA2)'' ====<br />
* '''Files'''<br />
** init_wpa.sh<br />
** reset_wi2wi.sh<br />
** stop_wpa.sh<br />
* '''Arguments'''<br />
** ''SSID'': Wifi connection SSID<br />
** ''PASSPHRASE'': Wifi connection passphrase<br />
* '''Usage''': init_wpa.sh SSID PASSPHRASE<br />
* '''Functionality''': Create a Wifi connection interface with [[WPA supplicant|WPA Supplicant ''(WPA/WPA2 encryption)'']].<br />
* '''Test'''<br />
** Ping the address ''192.168.0.251'' on your host PC.<br />
** To unable the connection, you can run ''stop_wpa.sh''.<br />
** To restart WPA Supplicant, first run ''stop_wpa.sh'' then ''init_wpa.sh'' again.<br />
<br />
=== OpenSSH ===<br />
* '''File'''<br />
** test_ssh_tunnel.sh<br />
* '''Arguments'''<br />
** ''USERNAME'': the login of the user you want to connect on.<br />
** ''HOSTADDRESS'': the IP address of the host PC you want to connect on.<br />
** ''VIRTUALPORT'': the virtual port used to hide the encrypted port.<br />
** ''TELNETPORT'': the number of your Telnet port (must be same on the system and the host PC)<br />
* '''Usage''': test_ssh_tunnel.sh USERNAME HOSTADDRESS VIRTUALPORT TELNETPORT<br />
* '''Functionality''': Create a SSH connection between the system and your host PC on the Telnet port.<br />
* '''Test''': To test it, launch a Wireshark on the host PC to check the datas on your host IP address. The password you type and the name of the [[Telnet]] protocol must be encrypted.<br />
<br />
=== IPSec ===<br />
* '''File'''<br />
** test_ipsec.sh<br />
* '''Argument'''<br />
** ''IPADDRESS'': the system's IP address of the encrypted connection<br />
* '''Usage''': test_ipsec.sh IPADDRESS<br />
* '''Functionality''': Encrypt the connection between your host PC and the system.<br />
* '''Test'''<br />
** Before running the script, edit the file ''/etc/ipsec-tools.conf'' and put the right IP addresses for the system and your host PC.<br />
** Launch Wireshark on your host PC on the encrypted connection's IP address.<br />
** Run [[Telnet]] on the system toward your host PC:<br />
<pre class="apf"><br />
telnet HOST_ADDRESS<br />
</pre><br />
** Your login, password and the name of the [[Telnet]] protocol must be encrypted.<br />
<br />
==Feature list==<br />
<br />
{| border="0" cellpadding="5" cellspacing="5" summary="Hardware Add-Ons by functionnalities"<br />
|----------------<br />
|- style="background:#f4f4f4; color:black; -moz-border-radius:18px;"<br />
|<br />
<br />
===Wired communication===<br />
* [[Uart|UART]]<br />
* [[SPI]]<br />
* [[I2C]]<br />
* [[USB Host]]<br />
* USB OTG<br />
* Ethernet<br />
<br />
===Wireless communication===<br />
* [[Libertas driver|Wi2Wi chipset driver]] (see [[Libertas driver#Wi2Wi chipset|Wi2Wi Section]])<br />
* [[Wifi|WiFi usage on Linux]]<br />
<br />
||<br />
<br />
===Other===<br />
* [[PWM]]: PWM output is on J22 pin 4 <br>(2.8V output, if configured as output)<br />
* [[GPIO Driver]]<br />
* [[JTAG]]<br />
<br />
||<br />
<br />
===FPGA===<br />
* [[Using FPGA]]<br />
<br />
[[Category:DevelopmentBoards]]<br />
[[Category:Hardware]]</div>JeremieShttp://armadeus.org/wiki/index.php?title=USB_Gadget&diff=9459USB Gadget2011-03-03T09:27:32Z<p>JeremieS: /* To emulate a serial link */</p>
<hr />
<div>Instructions on how to use the USB device (or OTG) port of your Armadeus board to communicate with your PC; ie see your board from your PC like an USB device.<br />
<br />
==Introduction==<br />
<br />
You can connect your APF board to your PC using its USB Device port ([[APF9328DevFull]]), a modified USB host port ([[APF27Dev]]), or an USB OTG port ([[APF27 PPS]]), and it can be "enumerated" as most common USB devices (depending on the type of communication you want to use):<br />
* serial device<br />
* net device<br />
* mass storage device<br />
<br />
=== Hardware/software specifics for the APF27dev and APF27 PPS boards ===<br />
At first, an USB A male / A male cable has to be used like this one: http://fr.farnell.com/pro-signal/psg90024/lead-usb-2-0-am-am-2m-black/dp/1494745<br />
<br />
Do not use USB cable with integrated ferrite bead !!<br />
<br />
The APF27dev board is equipped with two USB host ports. Only the high speed Host port (top connector) can be configured as an USB Device.<br />
<br />
In order to activate the device mode, a new parameter has to be added to the U-Boot console variable:<br />
BIOS> setenv console console=ttySMX0,115200 otg_mode=device<br />
BIOS> saveenv<br />
BIOS> boot<br />
<br />
Your port will now work as an USB device.<br />
<br />
{{Warning|DO NOT CONNECT TWO HOST PORTS TOGETHER AND TAKE CARE TO USE THE RIGHT USB PORT ON THE APF27DEV !!}}<br />
<br />
==Installation==<br />
<br />
* The drivers are now installed by default (since armadeus-3.0)<br />
* you should have following modules in your kernel source tree:<br />
'''drivers/usb/gadget/gadgetfs.ko''' For test<br />
'''drivers/usb/gadget/g_ether.ko''' Ethernet emulation on USB<br />
'''drivers/usb/gadget/g_file_storage.ko''' Mass storage<br />
'''drivers/usb/gadget/g_serial.ko''' Serial emulation on USB<br />
'''drivers/usb/gadget/g_zero.ko''' For test<br />
<br />
==Usage==<br />
<br />
===To emulate a mass storage device:===<br />
* [[USB_Gadget#Links |create]] or get a "backing storage file" ([http://dl.free.fr/q9IKqqweK for example])<br />
* copy this file (uncompressed) in the '''/tmp''' directory of your board (here my Host PC has 192.168.0.20 as IP @):<br />
<pre class="apf"><br />
# tftp -g -r backing_file.gz -l /tmp/backing_file.gz 192.168.0.20<br />
# gunzip /tmp/backing_file.gz<br />
</pre><br />
* load ''g_file_storage'' module:<br />
<pre class="apf"><br />
# modprobe g_file_storage file=/tmp/backing_file<br />
g_file_storage gadget: File-backed Storage Gadget, version: 28 November 2005<br />
g_file_storage gadget: Number of LUNs=1<br />
g_file_storage gadget-lun0: ro=0, file: /tmp/backing_file<br />
</pre><br />
* connect target's USB cable to your PC and, <br />
On your Linux Host:<br />
* If you have a recent Linux distribution, your device should be automatically mounted. Otherwise:<br />
** as root, launch ''dmesg'' and find the ''/dev/sdaX'' device assigned to your board:<br />
... usb 1-1.4: new full speed USB device using uhci_hcd and address 7<br />
... usb 1-1.4: configuration #1 chosen from 1 choice<br />
... scsi1 : SCSI emulation for USB Mass Storage devices<br />
... Vendor: Linux Model: File-Stor Gadget Rev: 0314<br />
... Type: Direct-Access ANSI SCSI revision: 02<br />
... SCSI device sda: 8192 512-byte hdwr sectors (4 MB)<br />
... sda: Write Protect is off<br />
... SCSI device sda: 8192 512-byte hdwr sectors (4 MB)<br />
... sda: Write Protect is off<br />
... sda: sda1<br />
... sd 1:0:0:0: Attached scsi disk sda<br />
... sd 1:0:0:0: Attached scsi generic sg0 type 0<br />
*<br />
** then mount the device and enjoy file sharing:<br />
<pre class="host"><br />
$ sudo mount /dev/sda1 /mnt/tmp<br />
$ cd /mnt/tmp<br />
$ showimage /mnt/tmp/test.jpg<br />
</pre><br />
<br />
===To emulate a serial link===<br />
* On your Host PC (if '''usbserial''' module is not already loaded):<br />
<pre class="host"><br />
$ sudo modprobe usbserial vendor=0x0525 product=0xA4A6<br />
</pre><br />
or you can automate it by modifying ''/etc/modprobe.d/options'' file (Tested on *Ubuntu):<br />
<pre class="host"><br />
$ sudo vim /etc/modprobe.d/options<br />
...<br />
options usbserial vendor=0x0525 product=0xA4A6<br />
</pre><br />
* on your APF:<br />
<pre class="apf"><br />
# modprobe g_serial<br />
g_serial gadget: Gadget Serial v2.4<br />
g_serial gadget: g_serial ready<br />
fsl-usb2-udc: bind to driver g_serial<br />
g_serial gadget: high speed config #2: CDC ACM config<br />
<br />
# mknod /dev/ttyGS0 c 249 0 (if not created)<br />
</pre><br />
* then connect the USB cable between your PC and your APF and you should see on your Host:<br />
<pre class="host"><br />
$ tail -f /var/log/messages<br />
Sep 27 10:06:38 ... usb 2-1.3: new high speed USB device using ehci_hcd and address 14<br />
Sep 27 10:06:38 ... usb 2-1.3: configuration #2 chosen from 1 choice<br />
Sep 27 10:06:38 ... cdc_acm 2-1.3:2.0: ttyACM0: USB ACM device<br />
Sep 27 10:06:38 ... usbcore: registered new interface driver cdc_acm<br />
Sep 27 10:06:38 ... cdc_acm: v0.26:USB Abstract Control Model driver for USB modems and ISDN adapters<br />
</pre><br />
* you should now be able to send/receive data through ''/dev/ttyACM0'' (PC) and ''/dev/ttyGS0'' (APF):<br />
<pre class="apf"><br />
# cat /dev/ttyGS0<br />
</pre><br />
<pre class="host"><br />
[armadeus]$ echo "COUCOU" > /dev/ttyACM0<br />
</pre><br />
<pre class="apf"><br />
COUCOU<br />
</pre><br />
<br />
===To emulate an Ethernet link===<br />
* On your Target:<br />
<pre class="apf"><br />
# modprobe g_ether<br />
ether gadget: using random self ethernet address<br />
ether gadget: using random host ethernet address<br />
usb0: Ethernet Gadget, version: May Day 2005<br />
usb0: using imx_udc, OUT ep2out-bulk IN ep1in-bulk STATUS ep4in-int<br />
usb0: MAC be:df:31:95:16:e0<br />
usb0: HOST MAC 3e:86:1e:94:eb:84<br />
usb0: RNDIS ready<br />
</pre><br />
Now an IP address has to be assigned to the USB0 ethernet port <br />
<pre class="apf"><br />
# ifconfig usb0 192.168.10.1<br />
</pre><br />
<br />
<br />
* On your PC:<br />
** On '''Linux''' systems:<pre class="host">$ sudo modprobe cdc_ether</pre><br />
** On '''Windows''' systems: <br/>When the target is detected, you will be asked to give the right driver. <br/>You will find it here: [http://www.armadeus.com/_downloads/apf27_PPS/windrivers/ APF27 PPS Windrivers].<br />
<br />
==Links==<br />
<br />
* http://www.linux-usb.org/gadget/<br />
* http://www.linux-usb.org/usbtest/#gadgets<br />
* http://www.linux-usb.org/gadget/file_storage.html<br />
* http://lxr.linux.no/source/Documentation/usb/gadget_serial.txt<br />
* [[Serial_Transfer]]<br />
* http://www.linux-usb.org/usbnet/<br />
* http://wiki.gp2x.org/wiki/UsbNet_on_Linux<br />
<br />
[[Category:Linux drivers]]<br />
[[Category:USB]]</div>JeremieShttp://armadeus.org/wiki/index.php?title=IPSec_/_IPTables&diff=9347IPSec / IPTables2011-01-24T13:04:03Z<p>JeremieS: /* Host PC (Ubuntu) */</p>
<hr />
<div>IPSec and IPTables are network tools that can be used together to create a VPN between two computers. IPSec securizes the connection as IPTables do the packets routing. The [[APF27 PPS]] board is optimized to use these tools.<br />
<br />
==IPSec==<br />
IPSec is a protocol that securizes IP communications by authenticating and crypting packets from IP address to another, over all computer ports.<br />
<br />
===Setup===<br />
<br />
====Host PC (Ubuntu)====<br />
* You need to install the ipsec-tools package on your host:<br />
<pre class="host"><br />
$ sudo apt-get install ipsec-tools<br />
</pre><br />
<br />
* Give the file ''/etc/ipsec-tools.conf'' the access rights 700:<br />
<pre class="host"><br />
$ sudo chmod 700 /etc/ipsec-tools.conf<br />
</pre><br />
<br />
* Then edit this file and define the IPSec keys like that:<br />
<pre class="host"><br />
<br />
#!/usr/sbin/setkey -f <br />
<br />
# NOTE: Do not use this file if you use racoon with racoon-tool <br />
# utility. racoon-tool will setup SAs and SPDs automatically using <br />
# /etc/racoon/racoon-tool.conf configuration. <br />
# <br />
<br />
## Flush the SAD and SPD <br />
# <br />
flush; <br />
spdflush; <br />
<br />
# Attention: Use this keys only for testing purposes! <br />
# Generate your own keys! <br />
<br />
# AH SAs using 128 bit long keys <br />
add 192.168.0.211 192.168.0.208 ah 0x200 -A hmac-md5 <br />
0xc0291ff014dccdd03874d9e8e4cdf3e6; <br />
<br />
add 192.168.0.208 192.168.0.211 ah 0x300 -A hmac-md5 <br />
0x96358c90783bbfa3d7b196ceabe0536b; <br />
<br />
# ESP SAs using 192 bit long keys (168 + 24 parity) <br />
<br />
add 192.168.0.211 192.168.0.208 esp 0x201 -E 3des-cbc <br />
0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831; <br />
add 192.168.0.208 192.168.0.211 esp 0x301 -E 3des-cbc <br />
0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df; <br />
<br />
<br />
# Security policies <br />
spdadd 192.168.0.208 192.168.0.211 any -P in ipsec <br />
esp/transport//require <br />
ah/transport//require; <br />
<br />
spdadd 192.168.0.211 192.168.0.208 any -P out ipsec <br />
esp/transport//require <br />
ah/transport//require; <br />
</pre><br />
<br />
{{Note|In this example the host is 192.168.0.211 and the APF27 target is 192.168.0.208 but you must adapt the file to your configuration and create your own keys.}}<br />
<br />
{{Note|To generate a 192 bit key you can use the following command: <pre class="host">dd if=/dev/random count=24 bs=1| xxd -ps</pre>}}<br />
<br />
{{Note|You can choose specific ports and protocols to securize with IPSec in the security policies like that:<br />
<pre class="host"><br />
spdadd 192.168.0.211/24[PORT_NUMBER] 192.168.0.208/24[PORT_NUMBER] PROTOCOL_NAME -P in ipsec <br />
esp/transport//require <br />
ah/transport//require; <br />
</pre><br />
<br />
For instance, if you want to encrypt on [[Telnet]] port only, on the server your security policies will be:<br />
<pre class="host"><br />
spdadd 0.0.0.0/0[any] 192.168.0.211/24[23] tcp -P in ipsec <br />
esp/transport//require <br />
ah/transport//require; <br />
<br />
spdadd 192.168.0.211/24[23] 192.168.0.208/24[any] tcp -P out ipsec <br />
esp/transport//require <br />
ah/transport//require; <br />
</pre><br />
<br />
The keyword any means any protocols or any ports.<br />
}}<br />
<br />
====Target (APF27)====<br />
<br />
=====Linux=====<br />
There are some drivers you need to install in Linux Kernel to make IPSec work.<br />
<br />
* To configure Linux, go into the BSP directory and run the command:<br />
<pre class="host"><br />
$ make linux26-menuconfig<br />
</pre><br />
<br />
* Select the following drivers to install in Linux configuration menu:<br />
<pre class="config"><br />
[*] Networking support ---> <br />
Networking options ---> <br />
<*> Transformation user configuration interface<br />
<br />
<*> PF_KEY sockets<br />
<br />
<*> IP: AH transformation <br />
<*> IP: ESP transformation <br />
<*> IP: IPComp transformation <br />
<*> IP: IPsec transport mode <br />
<*> IP: IPsec tunnel mode <br />
<*> IP: IPsec BEET mode <br />
<br />
[*] Cryptographic API ---><br />
<*> Null algorithms<br />
<br />
*** Authenticated Encryption with Associated Data ***<br />
<*> CCM support <br />
<*> GCM/GMAC support <br />
<br />
{*} AES cipher algorithms <br />
</pre><br />
<br />
* Then you can rebuild Linux like that:<br />
<pre class="host"><br />
$ make linux26-clean<br />
$ make linux26<br />
$ make<br />
</pre><br />
<br />
=====Buildroot=====<br />
You must install flex and networking packages like [[SSH#OpenSSH|OpenSSH]], OpenSSL and IPSec-tools.<br />
<br />
* First run this command to open the Buildroot configuration menu:<br />
<pre class="host"><br />
$ make menuconfig<br />
</pre><br />
<br />
* Select the following packages in the menu:<br />
<pre class="config"><br />
Package Selection for the target ---> <br />
[*] flex <br />
<br />
[*] Networking <br />
[*] ipsec-tools <br />
[*] Enable racoonctl(8). <br />
[ ] Enable NAT-Traversal <br />
[*] Enable IKE fragmentation.<br />
[*] Enable statistics logging function. <br />
[ ] Enable IPv6 support <br />
[ ] Enable readline input support if available. <br />
[*] Install IPSec libraries under staging_dir/lib<br />
<br />
[*] openssh<br />
-*- openssl <br />
</pre><br />
<br />
{{Note|If you want to use IPSec in a NAT router/firewall, you must enable the NAT-Traversal option:<br />
<pre class="config"><br />
Package Selection for the target ---> <br />
[*] Networking <br />
[*] ipsec-tools <br />
<br />
[*] Enable NAT-Traversal <br />
</pre><br />
}}<br />
<br />
* Then rebuild Buildroot:<br />
<pre class="host"><br />
$ make<br />
</pre><br />
<br />
=====In the filesystem=====<br />
* You still have to put the following IPSec configuration file on the target in /etc/ipsec-tools.conf:<br />
<pre class="host"><br />
#!/usr/sbin/setkey -f <br />
<br />
# NOTE: Do not use this file if you use racoon with racoon-tool <br />
# utility. racoon-tool will setup SAs and SPDs automatically using <br />
# /etc/racoon/racoon-tool.conf configuration. <br />
# <br />
<br />
## Flush the SAD and SPD <br />
# <br />
flush; <br />
spdflush; <br />
<br />
# Attention: Use this keys only for testing purposes! <br />
# Generate your own keys! <br />
<br />
# AH SAs using 128 bit long keys <br />
add 192.168.0.211 192.168.0.208 ah 0x200 -A hmac-md5 <br />
0xc0291ff014dccdd03874d9e8e4cdf3e6; <br />
<br />
add 192.168.0.208 192.168.0.211 ah 0x300 -A hmac-md5 <br />
0x96358c90783bbfa3d7b196ceabe0536b; <br />
<br />
# ESP SAs using 192 bit long keys (168 + 24 parity) <br />
<br />
add 192.168.0.211 192.168.0.208 esp 0x201 -E 3des-cbc <br />
0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831; <br />
add 192.168.0.208 192.168.0.211 esp 0x301 -E 3des-cbc <br />
0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df; <br />
<br />
<br />
# Security policies <br />
spdadd 192.168.0.211 192.168.0.208 any -P in ipsec <br />
esp/transport//require <br />
ah/transport//require; <br />
<br />
spdadd 192.168.0.208 192.168.0.211 any -P out ipsec <br />
esp/transport//require <br />
ah/transport//require; <br />
</pre><br />
<br />
===Securize the connection===<br />
Once IPSec is installed and configured on both the system and the host, you have to launch it and activate the keys.<br />
<br />
* First on your Host (Ubuntu), you have to reboot the computer or to run the command:<br />
<pre class="host"><br />
$ sudo /etc/init.d/setkey start<br />
* Flushing IPsec SA/SP database: [ OK ]<br />
</pre><br />
If you want to see the generated keys:<br />
<pre class="host"><br />
$ sudo setkey -D<br />
</pre><br />
<br />
* On the target (APF27), you can run the command:<br />
<pre class="apf"><br />
# setkey -f /etc/ipsec-tools.conf<br />
</pre><br />
And you can check the keys with:<br />
<pre class="apf"><br />
# setkey -D<br />
</pre><br />
<br />
===Test IPSec===<br />
* To check that datas are correctly encrypted through the securized connection, launch Wireshark on your host PC and put a capture filter on your host address:<br />
<pre class="host"><br />
$ sudo wireshark<br />
</pre><br />
<br />
* Then you can try to establish a connection between the system and your host with Telnet. <br />
Run the following command on the target:<br />
<pre class="apf"><br />
# telnet -l $USERNAME $HOST_IP<br />
</pre><br />
For instance if you want to connect to computer 192.168.0.225 with the user toto:<br />
<pre class="apf"><br />
# telnet -l toto 192.168.0.225<br />
<br />
Entering character mode<br />
Escape character is '^]'.<br />
<br />
Password: <br />
Last login: Thu Dec 23 14:35:40 CET 2010 from localhost on pts/5<br />
Linux laptop-jeremie-ubuntu 2.6.31-20-generic-pae #58-Ubuntu SMP Fri Mar 12 06:25:51 UTC 2010 i686<br />
<br />
To access official Ubuntu documentation, please visit:<br />
http://help.ubuntu.com/<br />
</pre><br />
You can also connect without the username. When you are asked to fill the username, it will also be encrypted.<br />
<br />
* When you enter the password to connect to your host, check in Wireshark that you can't see the protocol name (Telnet in our example) nor the password in the datagrams. You must only see the ESP protocol and crypted datas.<br />
<br />
{{Note|If you use an [[APF27 PPS]] configured board, you can use the script ''test_ipsec.sh'' to test the IPSec authentication and encryption.}}<br />
<br />
==IPTables==<br />
IPTables is a command-line interface to configure Netfilter. It can allow you to set up the chains and rules of routing in the firewall of a computer. It can also be used to access a public domain from a private network by masquerading the private IP address.<br />
<br />
===Setup===<br />
If you want to use IPTables on your system, you have to configure both Buildroot and Linux.<br />
<br />
====Linux====<br />
* In the BSP directory, run this command to launch the Linux configuration menu:<br />
<pre class="host"><br />
$ make linux26-menuconfig<br />
</pre><br />
<br />
* In the menu, select the following drivers or modules:<br />
<pre class="config"><br />
[*] Networking support ---><br />
Networking options ---><br />
[*] TCP/IP networking<br />
[*] IP: multicasting<br />
[*] IP: advanced router<br />
Choose IP: FIB lookup algorithm (choose FIB_HASH if unsure) (FIB_HASH) ---><br />
[ ] IP: policy routing<br />
[ ] IP: equal cost multipath<br />
[ ] IP: verbose route monitoring<br />
<br />
[*] Network packet filtering framework (Netfilter) ---><br />
[*] Advanced netfilter configuration<br />
[*] Bridged IP/ARP packets filtering<br />
Core Netfilter Configuration ---><br />
{*} Netfilter Xtables support (required for ip_tables)<br />
<br />
IP: Netfilter Configuration ---><br />
<M> IP tables support (required for filtering/masq/NAT)<br />
<br />
<M> Packet filtering<br />
<br />
<M> ARP tables support<br />
<M> ARP packet filtering<br />
< > ARP payload mangling<br />
</pre><br />
<br />
<span id="Full_NAT_router"><br />
{{Note| If you want to use your target as a full NAT router and do masquerading, there are some advanced features you must add to Linux Kernel:<br />
<pre class="config"><br />
[*] Networking support ---><br />
Networking options ---><br />
[*] Network packet filtering framework (Netfilter) ---><br />
Core Netfilter Configuration ---><br />
<M> Netfilter connection tracking support<br />
<M> "state" match support<br />
<br />
IP: Netfilter Configuration ---><br />
<M> IPv4 connection tracking support (required for NAT)<br />
[*] proc/sysctl compatibility with old connectiion tracking<br />
<br />
<M> Full NAT<br />
<M> MASQUERADE target support<br />
<M> NETMAP target support<br />
<M> REDIRECT target support<br />
< > Basic SNMP-ALG support<br />
</pre><br />
}}<br />
</span><br />
<br />
{{Note|In order to use protocols like TFTP or FTP through the NAT router, you have to activate the support for the protocol you want in Netfilter.<br />
For instance with the TFTP protocol:<br />
<pre class="config"><br />
[*] Networking support ---><br />
Networking options ---><br />
[*] Network packet filtering framework (Netfilter) ---><br />
Core Netfilter Configuration ---><br />
<M> Netfilter connection tracking support<br />
<M> TFTP protocol support<br />
</pre><br />
}}<br />
<br />
{{Note|You can also add other IP tables like ''nat'' and ''mangle'' or new firewall rule options like ''LOG'' or ''REJECT'' in Netfilter page of the Linux configuration menu.}}<br />
<br />
* Now you can rebuild Linux:<br />
<pre class="host"><br />
$ make linux26-clean<br />
$ make linux26<br />
$ make<br />
</pre><br />
<br />
====Buildroot====<br />
* In the BSP directory, launch the Buildroot configuration menu:<br />
<pre class="host"><br />
$ make menuconfig<br />
</pre><br />
<br />
* Select the following packages for IPTables to be installed on target:<br />
<pre class="config"><br />
Package selection for the target ---><br />
[*] Networking ---><br />
[*] iptables<br />
</pre><br />
<br />
* Then rebuild Buildroot to generate the rootfs:<br />
<pre class="host"><br />
$ make<br />
</pre><br />
<br />
===IPTables usage===<br />
* To learn how to use IPTables to define firewall chains and rules, please refer to the [http://doc.ubuntu-fr.org/iptables Linux Ubuntu Documentation - IPTables].<br />
<br />
* You may also want to define routing rules with the command ''route''. You can refer to the [http://doc.ubuntu-fr.org/routage Linux Ubuntu Documentation - routage] to use it.<br />
<br />
===Test IPTables on [[APF27 PPS]]===<br />
To test IPTables on the target, we will implement a NAT router in the system and use it as a gateway through two computers.<br />
<br />
* First you have to enable full NAT and masquerading functionalities in Linux Kernel for your target. Please refer to the [[#Full_NAT_router|Note for full NAT installation]] to set up these options and then rebuild Linux:<br />
<pre class="host"><br />
$ make linux26-clean<br />
$ make linux26<br />
$ make<br />
</pre><br />
<br />
* Flash the new kernel and rootfs binaries on the target.<br />
<br />
* Connect an Ethernet cable from your host Linux to the Ethernet port of the target. <br />
And connect the USB A-MiniA cable from your host Linux to your target USB OTG port.<br />
<br />
* Then you have to activate the target network interface for Ethernet and [[USB Gadget]]:<br />
<pre class="apf"><br />
# ifconfig eth0 192.168.0.208<br />
<br />
# modprobe -r smsc95xx<br />
# modprobe -r g_ether<br />
# modprobe g_ether<br />
# ifconfig usb0 192.168.2.251<br />
Freescale High-Speed USB SOC Device Controller driver (Apr 20, 2007)<br />
ULPI OTG Vendor ID 0x4cc Product ID 0x1504<br />
g_ether gadget: using random self ethernet address<br />
g_ether gadget: using random host ethernet address<br />
usb0: MAC f6:cf:00:56:1b:64<br />
usb0: HOST MAC be:60:d1:56:89:fc<br />
g_ether gadget: Ethernet Gadget, version: Memorial Day 2008<br />
g_ether gadget: g_ether ready<br />
fsl-usb2-udc: bind to driver g_ether<br />
g_ether gadget: high speed config #1: CDC Ethernet (ECM)<br />
</pre><br />
<br />
* As the USB gadget interface is connected, you must see the network ''Auto USB'' in your host's ''Network Connections''.<br />
** If you want to make your [[APF27 PPS]] a gateway, you have to use two differents sub-networks for your private network (your computer and the USB gadget interface) and for the remote network (the remote computer and the Ethernet interface).<br />
** Edit then the ''Auto USB'' network to configure it:<br />
*** The '''IP address''' must be in the same sub-network as the USB Gadget interface : for instance 192.168.2.225.<br />
*** The '''Netmask''' : 255.255.255.0<br />
*** The '''Gateway''' is your target's USB Gadget interface : here 192.168.2.251.<br />
*** A '''DNS server''': if you want to browse on Internet through the target. For instance 192.168.0.207.<br />
*** '''Search domains''': For instance armadeus-office.<br />
** Then disconnect your host PC and reconnect to the ''Auto USB'' network.<br />
<br />
* Add the ''default'' route to be able to go on the Internet:<br />
<pre class="apf"><br />
# route add default gw 192.168.0.1 eth0<br />
</pre><br />
<br />
* Configure the IP Advanced router to be able to forward the packets through the target:<br />
<pre class="apf"><br />
# echo "1" > /proc/sys/net/ipv4/ip_forward<br />
</pre><br />
<br />
* Then you have to create the rules for the NAT router/firewall with iptables:<br />
<pre class="apf"><br />
# iptables -P INPUT ACCEPT<br />
# iptables -F INPUT <br />
# iptables -P OUTPUT ACCEPT<br />
# iptables -F OUTPUT <br />
# iptables -P FORWARD DROP<br />
# iptables -F FORWARD <br />
# iptables -t nat -F<br />
nf_conntrack version 0.5.0 (1024 buckets, 4096 max)<br />
<br />
# iptables -A FORWARD -i eth0 -o usb0 -m state --state ESTABLISHED,RELATED -j ACCEPT<br />
# iptables -A FORWARD -i usb0 -o eth0 -j ACCEPT<br />
# iptables -A FORWARD -j LOG<br />
<br />
# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE<br />
</pre><br />
<br />
* To test the gateway is correctly working, you can ping on the different interface and on the remote computer from your host:<br />
<pre class="host"><br />
$ ping 192.168.2.251<br />
PING 192.168.2.251 (192.168.2.251) 56(84) bytes of data.<br />
64 bytes from 192.168.2.251: icmp_seq=1 ttl=64 time=0.736 ms<br />
<br />
$ ping 192.168.0.208<br />
PING 192.168.0.208 (192.168.0.208) 56(84) bytes of data.<br />
64 bytes from 192.168.0.208: icmp_seq=1 ttl=64 time=0.719 ms<br />
<br />
$ ping 192.168.0.1<br />
PING 192.168.0.1 (192.168.0.1) 56(84) bytes of data.<br />
64 bytes from 192.168.0.1: icmp_seq=1 ttl=63 time=1.60 ms<br />
<br />
$ ping REMOTE_ADDRESS<br />
</pre><br />
<br />
* If you have configured your network with a DNS server, you can even ping or browse an URL address on the Internet:<br />
<pre class="host"><br />
$ ping www.yahoo.fr<br />
PING any-rc.a01.yahoodns.net (87.248.120.148) 56(84) bytes of data.<br />
64 bytes from w2.rc.vip.ch1.yahoo.com (87.248.120.148): icmp_seq=1 ttl=49 time=90.3 ms<br />
</pre><br />
<br />
{{Note|If you have the IPSec activated on the remote computer and on your target, you can also securize the connection to the remote computer.<br />
On the remote computer, put the file /etc/ipsec-tools.conf and run the command:<br />
<pre class="host"><br />
$ sudo /etc/init.d/setkey start<br />
* Flushing IPsec SA/SP database: [ OK ]<br />
</pre><br />
On your target, run:<br />
<pre class="apf"><br />
# setkey -f /etc/ipsec-tools.conf<br />
</pre><br />
Then you can check with Wireshark that all datas going through the securized connection are well encrypted.<br />
}}<br />
<br />
==Links==<br />
* [https://help.ubuntu.com/community/IPSecHowTo IPSec HowTo Documentation]<br />
* [http://doc.ubuntu-fr.org/iptables IPTables Ubuntu Documentation]<br />
* [http://doc.ubuntu-fr.org/routage Routing Ubuntu Documentation]</div>JeremieShttp://armadeus.org/wiki/index.php?title=IPSec_/_IPTables&diff=9346IPSec / IPTables2011-01-24T13:02:02Z<p>JeremieS: /* Host PC (Ubuntu) */</p>
<hr />
<div>IPSec and IPTables are network tools that can be used together to create a VPN between two computers. IPSec securizes the connection as IPTables do the packets routing. The [[APF27 PPS]] board is optimized to use these tools.<br />
<br />
==IPSec==<br />
IPSec is a protocol that securizes IP communications by authenticating and crypting packets from IP address to another, over all computer ports.<br />
<br />
===Setup===<br />
<br />
====Host PC (Ubuntu)====<br />
* You need to install the ipsec-tools package on your host:<br />
<pre class="host"><br />
$ sudo apt-get install ipsec-tools<br />
</pre><br />
<br />
* Give the file ''/etc/ipsec-tools.conf'' the access rights 700:<br />
<pre class="host"><br />
$ sudo chmod 700 /etc/ipsec-tools.conf<br />
</pre><br />
<br />
* Then edit this file and define the IPSec keys like that:<br />
<pre class="host"><br />
<br />
#!/usr/sbin/setkey -f <br />
<br />
# NOTE: Do not use this file if you use racoon with racoon-tool <br />
# utility. racoon-tool will setup SAs and SPDs automatically using <br />
# /etc/racoon/racoon-tool.conf configuration. <br />
# <br />
<br />
## Flush the SAD and SPD <br />
# <br />
flush; <br />
spdflush; <br />
<br />
# Attention: Use this keys only for testing purposes! <br />
# Generate your own keys! <br />
<br />
# AH SAs using 128 bit long keys <br />
add 192.168.0.211 192.168.0.208 ah 0x200 -A hmac-md5 <br />
0xc0291ff014dccdd03874d9e8e4cdf3e6; <br />
<br />
add 192.168.0.208 192.168.0.211 ah 0x300 -A hmac-md5 <br />
0x96358c90783bbfa3d7b196ceabe0536b; <br />
<br />
# ESP SAs using 192 bit long keys (168 + 24 parity) <br />
<br />
add 192.168.0.211 192.168.0.208 esp 0x201 -E 3des-cbc <br />
0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831; <br />
add 192.168.0.208 192.168.0.211 esp 0x301 -E 3des-cbc <br />
0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df; <br />
<br />
<br />
# Security policies <br />
spdadd 192.168.0.208 192.168.0.211 any -P in ipsec <br />
esp/transport//require <br />
ah/transport//require; <br />
<br />
spdadd 192.168.0.211 192.168.0.208 any -P out ipsec <br />
esp/transport//require <br />
ah/transport//require; <br />
</pre><br />
<br />
{{Note|In this example the host is 192.168.0.211 and the APF27 target is 192.168.0.208 but you must adapt the file to your configuration and create your own keys.}}<br />
<br />
{{Note|To generate a 192 bit key you can use the following command: <pre class="host">dd if=/dev/random count=24 bs=1| xxd -ps</pre>}}<br />
<br />
{{Note|You can choose specific ports and protocols to securize with IPSec in the security policies like that:<br />
<pre class="host"><br />
spdadd 192.168.0.211/24[PORT_NUMBER] 192.168.0.208/24[PORT_NUMBER] PROTOCOL_NAME -P in ipsec <br />
esp/transport//require <br />
ah/transport//require; <br />
</pre><br />
<br />
For instance, if you want to encrypt only on [[Telnet]] port, on the server your security policies will be:<br />
<pre class="host"><br />
spdadd 0.0.0.0/0[any] 192.168.0.211/24[23] tcp -P in ipsec <br />
esp/transport//require <br />
ah/transport//require; <br />
<br />
spdadd 192.168.0.211/24[23] 192.168.0.208/24[any] tcp -P out ipsec <br />
esp/transport//require <br />
ah/transport//require; <br />
</pre><br />
<br />
The keyword any means any protocols or any ports.<br />
}}<br />
<br />
====Target (APF27)====<br />
<br />
=====Linux=====<br />
There are some drivers you need to install in Linux Kernel to make IPSec work.<br />
<br />
* To configure Linux, go into the BSP directory and run the command:<br />
<pre class="host"><br />
$ make linux26-menuconfig<br />
</pre><br />
<br />
* Select the following drivers to install in Linux configuration menu:<br />
<pre class="config"><br />
[*] Networking support ---> <br />
Networking options ---> <br />
<*> Transformation user configuration interface<br />
<br />
<*> PF_KEY sockets<br />
<br />
<*> IP: AH transformation <br />
<*> IP: ESP transformation <br />
<*> IP: IPComp transformation <br />
<*> IP: IPsec transport mode <br />
<*> IP: IPsec tunnel mode <br />
<*> IP: IPsec BEET mode <br />
<br />
[*] Cryptographic API ---><br />
<*> Null algorithms<br />
<br />
*** Authenticated Encryption with Associated Data ***<br />
<*> CCM support <br />
<*> GCM/GMAC support <br />
<br />
{*} AES cipher algorithms <br />
</pre><br />
<br />
* Then you can rebuild Linux like that:<br />
<pre class="host"><br />
$ make linux26-clean<br />
$ make linux26<br />
$ make<br />
</pre><br />
<br />
=====Buildroot=====<br />
You must install flex and networking packages like [[SSH#OpenSSH|OpenSSH]], OpenSSL and IPSec-tools.<br />
<br />
* First run this command to open the Buildroot configuration menu:<br />
<pre class="host"><br />
$ make menuconfig<br />
</pre><br />
<br />
* Select the following packages in the menu:<br />
<pre class="config"><br />
Package Selection for the target ---> <br />
[*] flex <br />
<br />
[*] Networking <br />
[*] ipsec-tools <br />
[*] Enable racoonctl(8). <br />
[ ] Enable NAT-Traversal <br />
[*] Enable IKE fragmentation.<br />
[*] Enable statistics logging function. <br />
[ ] Enable IPv6 support <br />
[ ] Enable readline input support if available. <br />
[*] Install IPSec libraries under staging_dir/lib<br />
<br />
[*] openssh<br />
-*- openssl <br />
</pre><br />
<br />
{{Note|If you want to use IPSec in a NAT router/firewall, you must enable the NAT-Traversal option:<br />
<pre class="config"><br />
Package Selection for the target ---> <br />
[*] Networking <br />
[*] ipsec-tools <br />
<br />
[*] Enable NAT-Traversal <br />
</pre><br />
}}<br />
<br />
* Then rebuild Buildroot:<br />
<pre class="host"><br />
$ make<br />
</pre><br />
<br />
=====In the filesystem=====<br />
* You still have to put the following IPSec configuration file on the target in /etc/ipsec-tools.conf:<br />
<pre class="host"><br />
#!/usr/sbin/setkey -f <br />
<br />
# NOTE: Do not use this file if you use racoon with racoon-tool <br />
# utility. racoon-tool will setup SAs and SPDs automatically using <br />
# /etc/racoon/racoon-tool.conf configuration. <br />
# <br />
<br />
## Flush the SAD and SPD <br />
# <br />
flush; <br />
spdflush; <br />
<br />
# Attention: Use this keys only for testing purposes! <br />
# Generate your own keys! <br />
<br />
# AH SAs using 128 bit long keys <br />
add 192.168.0.211 192.168.0.208 ah 0x200 -A hmac-md5 <br />
0xc0291ff014dccdd03874d9e8e4cdf3e6; <br />
<br />
add 192.168.0.208 192.168.0.211 ah 0x300 -A hmac-md5 <br />
0x96358c90783bbfa3d7b196ceabe0536b; <br />
<br />
# ESP SAs using 192 bit long keys (168 + 24 parity) <br />
<br />
add 192.168.0.211 192.168.0.208 esp 0x201 -E 3des-cbc <br />
0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831; <br />
add 192.168.0.208 192.168.0.211 esp 0x301 -E 3des-cbc <br />
0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df; <br />
<br />
<br />
# Security policies <br />
spdadd 192.168.0.211 192.168.0.208 any -P in ipsec <br />
esp/transport//require <br />
ah/transport//require; <br />
<br />
spdadd 192.168.0.208 192.168.0.211 any -P out ipsec <br />
esp/transport//require <br />
ah/transport//require; <br />
</pre><br />
<br />
===Securize the connection===<br />
Once IPSec is installed and configured on both the system and the host, you have to launch it and activate the keys.<br />
<br />
* First on your Host (Ubuntu), you have to reboot the computer or to run the command:<br />
<pre class="host"><br />
$ sudo /etc/init.d/setkey start<br />
* Flushing IPsec SA/SP database: [ OK ]<br />
</pre><br />
If you want to see the generated keys:<br />
<pre class="host"><br />
$ sudo setkey -D<br />
</pre><br />
<br />
* On the target (APF27), you can run the command:<br />
<pre class="apf"><br />
# setkey -f /etc/ipsec-tools.conf<br />
</pre><br />
And you can check the keys with:<br />
<pre class="apf"><br />
# setkey -D<br />
</pre><br />
<br />
===Test IPSec===<br />
* To check that datas are correctly encrypted through the securized connection, launch Wireshark on your host PC and put a capture filter on your host address:<br />
<pre class="host"><br />
$ sudo wireshark<br />
</pre><br />
<br />
* Then you can try to establish a connection between the system and your host with Telnet. <br />
Run the following command on the target:<br />
<pre class="apf"><br />
# telnet -l $USERNAME $HOST_IP<br />
</pre><br />
For instance if you want to connect to computer 192.168.0.225 with the user toto:<br />
<pre class="apf"><br />
# telnet -l toto 192.168.0.225<br />
<br />
Entering character mode<br />
Escape character is '^]'.<br />
<br />
Password: <br />
Last login: Thu Dec 23 14:35:40 CET 2010 from localhost on pts/5<br />
Linux laptop-jeremie-ubuntu 2.6.31-20-generic-pae #58-Ubuntu SMP Fri Mar 12 06:25:51 UTC 2010 i686<br />
<br />
To access official Ubuntu documentation, please visit:<br />
http://help.ubuntu.com/<br />
</pre><br />
You can also connect without the username. When you are asked to fill the username, it will also be encrypted.<br />
<br />
* When you enter the password to connect to your host, check in Wireshark that you can't see the protocol name (Telnet in our example) nor the password in the datagrams. You must only see the ESP protocol and crypted datas.<br />
<br />
{{Note|If you use an [[APF27 PPS]] configured board, you can use the script ''test_ipsec.sh'' to test the IPSec authentication and encryption.}}<br />
<br />
==IPTables==<br />
IPTables is a command-line interface to configure Netfilter. It can allow you to set up the chains and rules of routing in the firewall of a computer. It can also be used to access a public domain from a private network by masquerading the private IP address.<br />
<br />
===Setup===<br />
If you want to use IPTables on your system, you have to configure both Buildroot and Linux.<br />
<br />
====Linux====<br />
* In the BSP directory, run this command to launch the Linux configuration menu:<br />
<pre class="host"><br />
$ make linux26-menuconfig<br />
</pre><br />
<br />
* In the menu, select the following drivers or modules:<br />
<pre class="config"><br />
[*] Networking support ---><br />
Networking options ---><br />
[*] TCP/IP networking<br />
[*] IP: multicasting<br />
[*] IP: advanced router<br />
Choose IP: FIB lookup algorithm (choose FIB_HASH if unsure) (FIB_HASH) ---><br />
[ ] IP: policy routing<br />
[ ] IP: equal cost multipath<br />
[ ] IP: verbose route monitoring<br />
<br />
[*] Network packet filtering framework (Netfilter) ---><br />
[*] Advanced netfilter configuration<br />
[*] Bridged IP/ARP packets filtering<br />
Core Netfilter Configuration ---><br />
{*} Netfilter Xtables support (required for ip_tables)<br />
<br />
IP: Netfilter Configuration ---><br />
<M> IP tables support (required for filtering/masq/NAT)<br />
<br />
<M> Packet filtering<br />
<br />
<M> ARP tables support<br />
<M> ARP packet filtering<br />
< > ARP payload mangling<br />
</pre><br />
<br />
<span id="Full_NAT_router"><br />
{{Note| If you want to use your target as a full NAT router and do masquerading, there are some advanced features you must add to Linux Kernel:<br />
<pre class="config"><br />
[*] Networking support ---><br />
Networking options ---><br />
[*] Network packet filtering framework (Netfilter) ---><br />
Core Netfilter Configuration ---><br />
<M> Netfilter connection tracking support<br />
<M> "state" match support<br />
<br />
IP: Netfilter Configuration ---><br />
<M> IPv4 connection tracking support (required for NAT)<br />
[*] proc/sysctl compatibility with old connectiion tracking<br />
<br />
<M> Full NAT<br />
<M> MASQUERADE target support<br />
<M> NETMAP target support<br />
<M> REDIRECT target support<br />
< > Basic SNMP-ALG support<br />
</pre><br />
}}<br />
</span><br />
<br />
{{Note|In order to use protocols like TFTP or FTP through the NAT router, you have to activate the support for the protocol you want in Netfilter.<br />
For instance with the TFTP protocol:<br />
<pre class="config"><br />
[*] Networking support ---><br />
Networking options ---><br />
[*] Network packet filtering framework (Netfilter) ---><br />
Core Netfilter Configuration ---><br />
<M> Netfilter connection tracking support<br />
<M> TFTP protocol support<br />
</pre><br />
}}<br />
<br />
{{Note|You can also add other IP tables like ''nat'' and ''mangle'' or new firewall rule options like ''LOG'' or ''REJECT'' in Netfilter page of the Linux configuration menu.}}<br />
<br />
* Now you can rebuild Linux:<br />
<pre class="host"><br />
$ make linux26-clean<br />
$ make linux26<br />
$ make<br />
</pre><br />
<br />
====Buildroot====<br />
* In the BSP directory, launch the Buildroot configuration menu:<br />
<pre class="host"><br />
$ make menuconfig<br />
</pre><br />
<br />
* Select the following packages for IPTables to be installed on target:<br />
<pre class="config"><br />
Package selection for the target ---><br />
[*] Networking ---><br />
[*] iptables<br />
</pre><br />
<br />
* Then rebuild Buildroot to generate the rootfs:<br />
<pre class="host"><br />
$ make<br />
</pre><br />
<br />
===IPTables usage===<br />
* To learn how to use IPTables to define firewall chains and rules, please refer to the [http://doc.ubuntu-fr.org/iptables Linux Ubuntu Documentation - IPTables].<br />
<br />
* You may also want to define routing rules with the command ''route''. You can refer to the [http://doc.ubuntu-fr.org/routage Linux Ubuntu Documentation - routage] to use it.<br />
<br />
===Test IPTables on [[APF27 PPS]]===<br />
To test IPTables on the target, we will implement a NAT router in the system and use it as a gateway through two computers.<br />
<br />
* First you have to enable full NAT and masquerading functionalities in Linux Kernel for your target. Please refer to the [[#Full_NAT_router|Note for full NAT installation]] to set up these options and then rebuild Linux:<br />
<pre class="host"><br />
$ make linux26-clean<br />
$ make linux26<br />
$ make<br />
</pre><br />
<br />
* Flash the new kernel and rootfs binaries on the target.<br />
<br />
* Connect an Ethernet cable from your host Linux to the Ethernet port of the target. <br />
And connect the USB A-MiniA cable from your host Linux to your target USB OTG port.<br />
<br />
* Then you have to activate the target network interface for Ethernet and [[USB Gadget]]:<br />
<pre class="apf"><br />
# ifconfig eth0 192.168.0.208<br />
<br />
# modprobe -r smsc95xx<br />
# modprobe -r g_ether<br />
# modprobe g_ether<br />
# ifconfig usb0 192.168.2.251<br />
Freescale High-Speed USB SOC Device Controller driver (Apr 20, 2007)<br />
ULPI OTG Vendor ID 0x4cc Product ID 0x1504<br />
g_ether gadget: using random self ethernet address<br />
g_ether gadget: using random host ethernet address<br />
usb0: MAC f6:cf:00:56:1b:64<br />
usb0: HOST MAC be:60:d1:56:89:fc<br />
g_ether gadget: Ethernet Gadget, version: Memorial Day 2008<br />
g_ether gadget: g_ether ready<br />
fsl-usb2-udc: bind to driver g_ether<br />
g_ether gadget: high speed config #1: CDC Ethernet (ECM)<br />
</pre><br />
<br />
* As the USB gadget interface is connected, you must see the network ''Auto USB'' in your host's ''Network Connections''.<br />
** If you want to make your [[APF27 PPS]] a gateway, you have to use two differents sub-networks for your private network (your computer and the USB gadget interface) and for the remote network (the remote computer and the Ethernet interface).<br />
** Edit then the ''Auto USB'' network to configure it:<br />
*** The '''IP address''' must be in the same sub-network as the USB Gadget interface : for instance 192.168.2.225.<br />
*** The '''Netmask''' : 255.255.255.0<br />
*** The '''Gateway''' is your target's USB Gadget interface : here 192.168.2.251.<br />
*** A '''DNS server''': if you want to browse on Internet through the target. For instance 192.168.0.207.<br />
*** '''Search domains''': For instance armadeus-office.<br />
** Then disconnect your host PC and reconnect to the ''Auto USB'' network.<br />
<br />
* Add the ''default'' route to be able to go on the Internet:<br />
<pre class="apf"><br />
# route add default gw 192.168.0.1 eth0<br />
</pre><br />
<br />
* Configure the IP Advanced router to be able to forward the packets through the target:<br />
<pre class="apf"><br />
# echo "1" > /proc/sys/net/ipv4/ip_forward<br />
</pre><br />
<br />
* Then you have to create the rules for the NAT router/firewall with iptables:<br />
<pre class="apf"><br />
# iptables -P INPUT ACCEPT<br />
# iptables -F INPUT <br />
# iptables -P OUTPUT ACCEPT<br />
# iptables -F OUTPUT <br />
# iptables -P FORWARD DROP<br />
# iptables -F FORWARD <br />
# iptables -t nat -F<br />
nf_conntrack version 0.5.0 (1024 buckets, 4096 max)<br />
<br />
# iptables -A FORWARD -i eth0 -o usb0 -m state --state ESTABLISHED,RELATED -j ACCEPT<br />
# iptables -A FORWARD -i usb0 -o eth0 -j ACCEPT<br />
# iptables -A FORWARD -j LOG<br />
<br />
# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE<br />
</pre><br />
<br />
* To test the gateway is correctly working, you can ping on the different interface and on the remote computer from your host:<br />
<pre class="host"><br />
$ ping 192.168.2.251<br />
PING 192.168.2.251 (192.168.2.251) 56(84) bytes of data.<br />
64 bytes from 192.168.2.251: icmp_seq=1 ttl=64 time=0.736 ms<br />
<br />
$ ping 192.168.0.208<br />
PING 192.168.0.208 (192.168.0.208) 56(84) bytes of data.<br />
64 bytes from 192.168.0.208: icmp_seq=1 ttl=64 time=0.719 ms<br />
<br />
$ ping 192.168.0.1<br />
PING 192.168.0.1 (192.168.0.1) 56(84) bytes of data.<br />
64 bytes from 192.168.0.1: icmp_seq=1 ttl=63 time=1.60 ms<br />
<br />
$ ping REMOTE_ADDRESS<br />
</pre><br />
<br />
* If you have configured your network with a DNS server, you can even ping or browse an URL address on the Internet:<br />
<pre class="host"><br />
$ ping www.yahoo.fr<br />
PING any-rc.a01.yahoodns.net (87.248.120.148) 56(84) bytes of data.<br />
64 bytes from w2.rc.vip.ch1.yahoo.com (87.248.120.148): icmp_seq=1 ttl=49 time=90.3 ms<br />
</pre><br />
<br />
{{Note|If you have the IPSec activated on the remote computer and on your target, you can also securize the connection to the remote computer.<br />
On the remote computer, put the file /etc/ipsec-tools.conf and run the command:<br />
<pre class="host"><br />
$ sudo /etc/init.d/setkey start<br />
* Flushing IPsec SA/SP database: [ OK ]<br />
</pre><br />
On your target, run:<br />
<pre class="apf"><br />
# setkey -f /etc/ipsec-tools.conf<br />
</pre><br />
Then you can check with Wireshark that all datas going through the securized connection are well encrypted.<br />
}}<br />
<br />
==Links==<br />
* [https://help.ubuntu.com/community/IPSecHowTo IPSec HowTo Documentation]<br />
* [http://doc.ubuntu-fr.org/iptables IPTables Ubuntu Documentation]<br />
* [http://doc.ubuntu-fr.org/routage Routing Ubuntu Documentation]</div>JeremieShttp://armadeus.org/wiki/index.php?title=IPSec_/_IPTables&diff=9345IPSec / IPTables2011-01-24T13:01:21Z<p>JeremieS: /* Host PC (Ubuntu) */</p>
<hr />
<div>IPSec and IPTables are network tools that can be used together to create a VPN between two computers. IPSec securizes the connection as IPTables do the packets routing. The [[APF27 PPS]] board is optimized to use these tools.<br />
<br />
==IPSec==<br />
IPSec is a protocol that securizes IP communications by authenticating and crypting packets from IP address to another, over all computer ports.<br />
<br />
===Setup===<br />
<br />
====Host PC (Ubuntu)====<br />
* You need to install the ipsec-tools package on your host:<br />
<pre class="host"><br />
$ sudo apt-get install ipsec-tools<br />
</pre><br />
<br />
* Give the file ''/etc/ipsec-tools.conf'' the access rights 700:<br />
<pre class="host"><br />
$ sudo chmod 700 /etc/ipsec-tools.conf<br />
</pre><br />
<br />
* Then edit this file and define the IPSec keys like that:<br />
<pre class="host"><br />
<br />
#!/usr/sbin/setkey -f <br />
<br />
# NOTE: Do not use this file if you use racoon with racoon-tool <br />
# utility. racoon-tool will setup SAs and SPDs automatically using <br />
# /etc/racoon/racoon-tool.conf configuration. <br />
# <br />
<br />
## Flush the SAD and SPD <br />
# <br />
flush; <br />
spdflush; <br />
<br />
# Attention: Use this keys only for testing purposes! <br />
# Generate your own keys! <br />
<br />
# AH SAs using 128 bit long keys <br />
add 192.168.0.211 192.168.0.208 ah 0x200 -A hmac-md5 <br />
0xc0291ff014dccdd03874d9e8e4cdf3e6; <br />
<br />
add 192.168.0.208 192.168.0.211 ah 0x300 -A hmac-md5 <br />
0x96358c90783bbfa3d7b196ceabe0536b; <br />
<br />
# ESP SAs using 192 bit long keys (168 + 24 parity) <br />
<br />
add 192.168.0.211 192.168.0.208 esp 0x201 -E 3des-cbc <br />
0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831; <br />
add 192.168.0.208 192.168.0.211 esp 0x301 -E 3des-cbc <br />
0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df; <br />
<br />
<br />
# Security policies <br />
spdadd 192.168.0.211 192.168.0.208 any -P in ipsec <br />
esp/transport//require <br />
ah/transport//require; <br />
<br />
spdadd 192.168.0.208 192.168.0.211 any -P out ipsec <br />
esp/transport//require <br />
ah/transport//require; <br />
<br />
spdadd 192.168.2.100 192.168.1.100 any -P in ipsec<br />
esp/transport//require<br />
ah/transport//require;<br />
</pre><br />
<br />
{{Note|In this example the host is 192.168.0.211 and the APF27 target is 192.168.0.208 but you must adapt the file to your configuration and create your own keys.}}<br />
<br />
{{Note|To generate a 192 bit key you can use the following command: <pre class="host">dd if=/dev/random count=24 bs=1| xxd -ps</pre>}}<br />
<br />
{{Note|You can choose specific ports and protocols to securize with IPSec in the security policies like that:<br />
<pre class="host"><br />
spdadd 192.168.0.211/24[PORT_NUMBER] 192.168.0.208/24[PORT_NUMBER] PROTOCOL_NAME -P in ipsec <br />
esp/transport//require <br />
ah/transport//require; <br />
</pre><br />
<br />
For instance, if you want to encrypt only on [[Telnet]] port, on the server your security policies will be:<br />
<pre class="host"><br />
spdadd 0.0.0.0/0[any] 192.168.0.211/24[23] tcp -P in ipsec <br />
esp/transport//require <br />
ah/transport//require; <br />
<br />
spdadd 192.168.0.211/24[23] 192.168.0.208/24[any] tcp -P out ipsec <br />
esp/transport//require <br />
ah/transport//require; <br />
</pre><br />
<br />
The keyword any means any protocols or any ports.<br />
}}<br />
<br />
====Target (APF27)====<br />
<br />
=====Linux=====<br />
There are some drivers you need to install in Linux Kernel to make IPSec work.<br />
<br />
* To configure Linux, go into the BSP directory and run the command:<br />
<pre class="host"><br />
$ make linux26-menuconfig<br />
</pre><br />
<br />
* Select the following drivers to install in Linux configuration menu:<br />
<pre class="config"><br />
[*] Networking support ---> <br />
Networking options ---> <br />
<*> Transformation user configuration interface<br />
<br />
<*> PF_KEY sockets<br />
<br />
<*> IP: AH transformation <br />
<*> IP: ESP transformation <br />
<*> IP: IPComp transformation <br />
<*> IP: IPsec transport mode <br />
<*> IP: IPsec tunnel mode <br />
<*> IP: IPsec BEET mode <br />
<br />
[*] Cryptographic API ---><br />
<*> Null algorithms<br />
<br />
*** Authenticated Encryption with Associated Data ***<br />
<*> CCM support <br />
<*> GCM/GMAC support <br />
<br />
{*} AES cipher algorithms <br />
</pre><br />
<br />
* Then you can rebuild Linux like that:<br />
<pre class="host"><br />
$ make linux26-clean<br />
$ make linux26<br />
$ make<br />
</pre><br />
<br />
=====Buildroot=====<br />
You must install flex and networking packages like [[SSH#OpenSSH|OpenSSH]], OpenSSL and IPSec-tools.<br />
<br />
* First run this command to open the Buildroot configuration menu:<br />
<pre class="host"><br />
$ make menuconfig<br />
</pre><br />
<br />
* Select the following packages in the menu:<br />
<pre class="config"><br />
Package Selection for the target ---> <br />
[*] flex <br />
<br />
[*] Networking <br />
[*] ipsec-tools <br />
[*] Enable racoonctl(8). <br />
[ ] Enable NAT-Traversal <br />
[*] Enable IKE fragmentation.<br />
[*] Enable statistics logging function. <br />
[ ] Enable IPv6 support <br />
[ ] Enable readline input support if available. <br />
[*] Install IPSec libraries under staging_dir/lib<br />
<br />
[*] openssh<br />
-*- openssl <br />
</pre><br />
<br />
{{Note|If you want to use IPSec in a NAT router/firewall, you must enable the NAT-Traversal option:<br />
<pre class="config"><br />
Package Selection for the target ---> <br />
[*] Networking <br />
[*] ipsec-tools <br />
<br />
[*] Enable NAT-Traversal <br />
</pre><br />
}}<br />
<br />
* Then rebuild Buildroot:<br />
<pre class="host"><br />
$ make<br />
</pre><br />
<br />
=====In the filesystem=====<br />
* You still have to put the following IPSec configuration file on the target in /etc/ipsec-tools.conf:<br />
<pre class="host"><br />
#!/usr/sbin/setkey -f <br />
<br />
# NOTE: Do not use this file if you use racoon with racoon-tool <br />
# utility. racoon-tool will setup SAs and SPDs automatically using <br />
# /etc/racoon/racoon-tool.conf configuration. <br />
# <br />
<br />
## Flush the SAD and SPD <br />
# <br />
flush; <br />
spdflush; <br />
<br />
# Attention: Use this keys only for testing purposes! <br />
# Generate your own keys! <br />
<br />
# AH SAs using 128 bit long keys <br />
add 192.168.0.211 192.168.0.208 ah 0x200 -A hmac-md5 <br />
0xc0291ff014dccdd03874d9e8e4cdf3e6; <br />
<br />
add 192.168.0.208 192.168.0.211 ah 0x300 -A hmac-md5 <br />
0x96358c90783bbfa3d7b196ceabe0536b; <br />
<br />
# ESP SAs using 192 bit long keys (168 + 24 parity) <br />
<br />
add 192.168.0.211 192.168.0.208 esp 0x201 -E 3des-cbc <br />
0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831; <br />
add 192.168.0.208 192.168.0.211 esp 0x301 -E 3des-cbc <br />
0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df; <br />
<br />
<br />
# Security policies <br />
spdadd 192.168.0.211 192.168.0.208 any -P in ipsec <br />
esp/transport//require <br />
ah/transport//require; <br />
<br />
spdadd 192.168.0.208 192.168.0.211 any -P out ipsec <br />
esp/transport//require <br />
ah/transport//require; <br />
</pre><br />
<br />
===Securize the connection===<br />
Once IPSec is installed and configured on both the system and the host, you have to launch it and activate the keys.<br />
<br />
* First on your Host (Ubuntu), you have to reboot the computer or to run the command:<br />
<pre class="host"><br />
$ sudo /etc/init.d/setkey start<br />
* Flushing IPsec SA/SP database: [ OK ]<br />
</pre><br />
If you want to see the generated keys:<br />
<pre class="host"><br />
$ sudo setkey -D<br />
</pre><br />
<br />
* On the target (APF27), you can run the command:<br />
<pre class="apf"><br />
# setkey -f /etc/ipsec-tools.conf<br />
</pre><br />
And you can check the keys with:<br />
<pre class="apf"><br />
# setkey -D<br />
</pre><br />
<br />
===Test IPSec===<br />
* To check that datas are correctly encrypted through the securized connection, launch Wireshark on your host PC and put a capture filter on your host address:<br />
<pre class="host"><br />
$ sudo wireshark<br />
</pre><br />
<br />
* Then you can try to establish a connection between the system and your host with Telnet. <br />
Run the following command on the target:<br />
<pre class="apf"><br />
# telnet -l $USERNAME $HOST_IP<br />
</pre><br />
For instance if you want to connect to computer 192.168.0.225 with the user toto:<br />
<pre class="apf"><br />
# telnet -l toto 192.168.0.225<br />
<br />
Entering character mode<br />
Escape character is '^]'.<br />
<br />
Password: <br />
Last login: Thu Dec 23 14:35:40 CET 2010 from localhost on pts/5<br />
Linux laptop-jeremie-ubuntu 2.6.31-20-generic-pae #58-Ubuntu SMP Fri Mar 12 06:25:51 UTC 2010 i686<br />
<br />
To access official Ubuntu documentation, please visit:<br />
http://help.ubuntu.com/<br />
</pre><br />
You can also connect without the username. When you are asked to fill the username, it will also be encrypted.<br />
<br />
* When you enter the password to connect to your host, check in Wireshark that you can't see the protocol name (Telnet in our example) nor the password in the datagrams. You must only see the ESP protocol and crypted datas.<br />
<br />
{{Note|If you use an [[APF27 PPS]] configured board, you can use the script ''test_ipsec.sh'' to test the IPSec authentication and encryption.}}<br />
<br />
==IPTables==<br />
IPTables is a command-line interface to configure Netfilter. It can allow you to set up the chains and rules of routing in the firewall of a computer. It can also be used to access a public domain from a private network by masquerading the private IP address.<br />
<br />
===Setup===<br />
If you want to use IPTables on your system, you have to configure both Buildroot and Linux.<br />
<br />
====Linux====<br />
* In the BSP directory, run this command to launch the Linux configuration menu:<br />
<pre class="host"><br />
$ make linux26-menuconfig<br />
</pre><br />
<br />
* In the menu, select the following drivers or modules:<br />
<pre class="config"><br />
[*] Networking support ---><br />
Networking options ---><br />
[*] TCP/IP networking<br />
[*] IP: multicasting<br />
[*] IP: advanced router<br />
Choose IP: FIB lookup algorithm (choose FIB_HASH if unsure) (FIB_HASH) ---><br />
[ ] IP: policy routing<br />
[ ] IP: equal cost multipath<br />
[ ] IP: verbose route monitoring<br />
<br />
[*] Network packet filtering framework (Netfilter) ---><br />
[*] Advanced netfilter configuration<br />
[*] Bridged IP/ARP packets filtering<br />
Core Netfilter Configuration ---><br />
{*} Netfilter Xtables support (required for ip_tables)<br />
<br />
IP: Netfilter Configuration ---><br />
<M> IP tables support (required for filtering/masq/NAT)<br />
<br />
<M> Packet filtering<br />
<br />
<M> ARP tables support<br />
<M> ARP packet filtering<br />
< > ARP payload mangling<br />
</pre><br />
<br />
<span id="Full_NAT_router"><br />
{{Note| If you want to use your target as a full NAT router and do masquerading, there are some advanced features you must add to Linux Kernel:<br />
<pre class="config"><br />
[*] Networking support ---><br />
Networking options ---><br />
[*] Network packet filtering framework (Netfilter) ---><br />
Core Netfilter Configuration ---><br />
<M> Netfilter connection tracking support<br />
<M> "state" match support<br />
<br />
IP: Netfilter Configuration ---><br />
<M> IPv4 connection tracking support (required for NAT)<br />
[*] proc/sysctl compatibility with old connectiion tracking<br />
<br />
<M> Full NAT<br />
<M> MASQUERADE target support<br />
<M> NETMAP target support<br />
<M> REDIRECT target support<br />
< > Basic SNMP-ALG support<br />
</pre><br />
}}<br />
</span><br />
<br />
{{Note|In order to use protocols like TFTP or FTP through the NAT router, you have to activate the support for the protocol you want in Netfilter.<br />
For instance with the TFTP protocol:<br />
<pre class="config"><br />
[*] Networking support ---><br />
Networking options ---><br />
[*] Network packet filtering framework (Netfilter) ---><br />
Core Netfilter Configuration ---><br />
<M> Netfilter connection tracking support<br />
<M> TFTP protocol support<br />
</pre><br />
}}<br />
<br />
{{Note|You can also add other IP tables like ''nat'' and ''mangle'' or new firewall rule options like ''LOG'' or ''REJECT'' in Netfilter page of the Linux configuration menu.}}<br />
<br />
* Now you can rebuild Linux:<br />
<pre class="host"><br />
$ make linux26-clean<br />
$ make linux26<br />
$ make<br />
</pre><br />
<br />
====Buildroot====<br />
* In the BSP directory, launch the Buildroot configuration menu:<br />
<pre class="host"><br />
$ make menuconfig<br />
</pre><br />
<br />
* Select the following packages for IPTables to be installed on target:<br />
<pre class="config"><br />
Package selection for the target ---><br />
[*] Networking ---><br />
[*] iptables<br />
</pre><br />
<br />
* Then rebuild Buildroot to generate the rootfs:<br />
<pre class="host"><br />
$ make<br />
</pre><br />
<br />
===IPTables usage===<br />
* To learn how to use IPTables to define firewall chains and rules, please refer to the [http://doc.ubuntu-fr.org/iptables Linux Ubuntu Documentation - IPTables].<br />
<br />
* You may also want to define routing rules with the command ''route''. You can refer to the [http://doc.ubuntu-fr.org/routage Linux Ubuntu Documentation - routage] to use it.<br />
<br />
===Test IPTables on [[APF27 PPS]]===<br />
To test IPTables on the target, we will implement a NAT router in the system and use it as a gateway through two computers.<br />
<br />
* First you have to enable full NAT and masquerading functionalities in Linux Kernel for your target. Please refer to the [[#Full_NAT_router|Note for full NAT installation]] to set up these options and then rebuild Linux:<br />
<pre class="host"><br />
$ make linux26-clean<br />
$ make linux26<br />
$ make<br />
</pre><br />
<br />
* Flash the new kernel and rootfs binaries on the target.<br />
<br />
* Connect an Ethernet cable from your host Linux to the Ethernet port of the target. <br />
And connect the USB A-MiniA cable from your host Linux to your target USB OTG port.<br />
<br />
* Then you have to activate the target network interface for Ethernet and [[USB Gadget]]:<br />
<pre class="apf"><br />
# ifconfig eth0 192.168.0.208<br />
<br />
# modprobe -r smsc95xx<br />
# modprobe -r g_ether<br />
# modprobe g_ether<br />
# ifconfig usb0 192.168.2.251<br />
Freescale High-Speed USB SOC Device Controller driver (Apr 20, 2007)<br />
ULPI OTG Vendor ID 0x4cc Product ID 0x1504<br />
g_ether gadget: using random self ethernet address<br />
g_ether gadget: using random host ethernet address<br />
usb0: MAC f6:cf:00:56:1b:64<br />
usb0: HOST MAC be:60:d1:56:89:fc<br />
g_ether gadget: Ethernet Gadget, version: Memorial Day 2008<br />
g_ether gadget: g_ether ready<br />
fsl-usb2-udc: bind to driver g_ether<br />
g_ether gadget: high speed config #1: CDC Ethernet (ECM)<br />
</pre><br />
<br />
* As the USB gadget interface is connected, you must see the network ''Auto USB'' in your host's ''Network Connections''.<br />
** If you want to make your [[APF27 PPS]] a gateway, you have to use two differents sub-networks for your private network (your computer and the USB gadget interface) and for the remote network (the remote computer and the Ethernet interface).<br />
** Edit then the ''Auto USB'' network to configure it:<br />
*** The '''IP address''' must be in the same sub-network as the USB Gadget interface : for instance 192.168.2.225.<br />
*** The '''Netmask''' : 255.255.255.0<br />
*** The '''Gateway''' is your target's USB Gadget interface : here 192.168.2.251.<br />
*** A '''DNS server''': if you want to browse on Internet through the target. For instance 192.168.0.207.<br />
*** '''Search domains''': For instance armadeus-office.<br />
** Then disconnect your host PC and reconnect to the ''Auto USB'' network.<br />
<br />
* Add the ''default'' route to be able to go on the Internet:<br />
<pre class="apf"><br />
# route add default gw 192.168.0.1 eth0<br />
</pre><br />
<br />
* Configure the IP Advanced router to be able to forward the packets through the target:<br />
<pre class="apf"><br />
# echo "1" > /proc/sys/net/ipv4/ip_forward<br />
</pre><br />
<br />
* Then you have to create the rules for the NAT router/firewall with iptables:<br />
<pre class="apf"><br />
# iptables -P INPUT ACCEPT<br />
# iptables -F INPUT <br />
# iptables -P OUTPUT ACCEPT<br />
# iptables -F OUTPUT <br />
# iptables -P FORWARD DROP<br />
# iptables -F FORWARD <br />
# iptables -t nat -F<br />
nf_conntrack version 0.5.0 (1024 buckets, 4096 max)<br />
<br />
# iptables -A FORWARD -i eth0 -o usb0 -m state --state ESTABLISHED,RELATED -j ACCEPT<br />
# iptables -A FORWARD -i usb0 -o eth0 -j ACCEPT<br />
# iptables -A FORWARD -j LOG<br />
<br />
# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE<br />
</pre><br />
<br />
* To test the gateway is correctly working, you can ping on the different interface and on the remote computer from your host:<br />
<pre class="host"><br />
$ ping 192.168.2.251<br />
PING 192.168.2.251 (192.168.2.251) 56(84) bytes of data.<br />
64 bytes from 192.168.2.251: icmp_seq=1 ttl=64 time=0.736 ms<br />
<br />
$ ping 192.168.0.208<br />
PING 192.168.0.208 (192.168.0.208) 56(84) bytes of data.<br />
64 bytes from 192.168.0.208: icmp_seq=1 ttl=64 time=0.719 ms<br />
<br />
$ ping 192.168.0.1<br />
PING 192.168.0.1 (192.168.0.1) 56(84) bytes of data.<br />
64 bytes from 192.168.0.1: icmp_seq=1 ttl=63 time=1.60 ms<br />
<br />
$ ping REMOTE_ADDRESS<br />
</pre><br />
<br />
* If you have configured your network with a DNS server, you can even ping or browse an URL address on the Internet:<br />
<pre class="host"><br />
$ ping www.yahoo.fr<br />
PING any-rc.a01.yahoodns.net (87.248.120.148) 56(84) bytes of data.<br />
64 bytes from w2.rc.vip.ch1.yahoo.com (87.248.120.148): icmp_seq=1 ttl=49 time=90.3 ms<br />
</pre><br />
<br />
{{Note|If you have the IPSec activated on the remote computer and on your target, you can also securize the connection to the remote computer.<br />
On the remote computer, put the file /etc/ipsec-tools.conf and run the command:<br />
<pre class="host"><br />
$ sudo /etc/init.d/setkey start<br />
* Flushing IPsec SA/SP database: [ OK ]<br />
</pre><br />
On your target, run:<br />
<pre class="apf"><br />
# setkey -f /etc/ipsec-tools.conf<br />
</pre><br />
Then you can check with Wireshark that all datas going through the securized connection are well encrypted.<br />
}}<br />
<br />
==Links==<br />
* [https://help.ubuntu.com/community/IPSecHowTo IPSec HowTo Documentation]<br />
* [http://doc.ubuntu-fr.org/iptables IPTables Ubuntu Documentation]<br />
* [http://doc.ubuntu-fr.org/routage Routing Ubuntu Documentation]</div>JeremieShttp://armadeus.org/wiki/index.php?title=IPSec_/_IPTables&diff=9344IPSec / IPTables2011-01-24T10:40:47Z<p>JeremieS: /* Linux */</p>
<hr />
<div>IPSec and IPTables are network tools that can be used together to create a VPN between two computers. IPSec securizes the connection as IPTables do the packets routing. The [[APF27 PPS]] board is optimized to use these tools.<br />
<br />
==IPSec==<br />
IPSec is a protocol that securizes IP communications by authenticating and crypting packets from IP address to another, over all computer ports.<br />
<br />
===Setup===<br />
<br />
====Host PC (Ubuntu)====<br />
* You need to install the ipsec-tools package on your host:<br />
<pre class="host"><br />
$ sudo apt-get install ipsec-tools<br />
</pre><br />
<br />
* Give the file ''/etc/ipsec-tools.conf'' the access rights 700:<br />
<pre class="host"><br />
$ sudo chmod 700 /etc/ipsec-tools.conf<br />
</pre><br />
<br />
* Then edit this file and define the IPSec keys like that:<br />
<pre class="host"><br />
<br />
#!/usr/sbin/setkey -f <br />
<br />
# NOTE: Do not use this file if you use racoon with racoon-tool <br />
# utility. racoon-tool will setup SAs and SPDs automatically using <br />
# /etc/racoon/racoon-tool.conf configuration. <br />
# <br />
<br />
## Flush the SAD and SPD <br />
# <br />
flush; <br />
spdflush; <br />
<br />
# Attention: Use this keys only for testing purposes! <br />
# Generate your own keys! <br />
<br />
# AH SAs using 128 bit long keys <br />
add 192.168.0.211 192.168.0.208 ah 0x200 -A hmac-md5 <br />
0xc0291ff014dccdd03874d9e8e4cdf3e6; <br />
<br />
add 192.168.0.208 192.168.0.211 ah 0x300 -A hmac-md5 <br />
0x96358c90783bbfa3d7b196ceabe0536b; <br />
<br />
# ESP SAs using 192 bit long keys (168 + 24 parity) <br />
<br />
add 192.168.0.211 192.168.0.208 esp 0x201 -E 3des-cbc <br />
0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831; <br />
add 192.168.0.208 192.168.0.211 esp 0x301 -E 3des-cbc <br />
0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df; <br />
<br />
<br />
# Security policies <br />
spdadd 192.168.0.211 192.168.0.208 any -P in ipsec <br />
esp/transport//require <br />
ah/transport//require; <br />
<br />
spdadd 192.168.0.208 192.168.0.211 any -P out ipsec <br />
esp/transport//require <br />
ah/transport//require; <br />
<br />
spdadd 192.168.2.100 192.168.1.100 any -P in ipsec<br />
esp/transport//require<br />
ah/transport//require;<br />
</pre><br />
<br />
{{Note|In this example the host is 192.168.0.211 and the APF27 target is 192.168.0.208 but you must adapt the file to your configuration and create your own keys.}}<br />
<br />
{{Note|To generate a 192 bit key you can use the following command: <pre class="host">dd if=/dev/random count=24 bs=1| xxd -ps</pre>}}<br />
<br />
====Target (APF27)====<br />
<br />
=====Linux=====<br />
There are some drivers you need to install in Linux Kernel to make IPSec work.<br />
<br />
* To configure Linux, go into the BSP directory and run the command:<br />
<pre class="host"><br />
$ make linux26-menuconfig<br />
</pre><br />
<br />
* Select the following drivers to install in Linux configuration menu:<br />
<pre class="config"><br />
[*] Networking support ---> <br />
Networking options ---> <br />
<*> Transformation user configuration interface<br />
<br />
<*> PF_KEY sockets<br />
<br />
<*> IP: AH transformation <br />
<*> IP: ESP transformation <br />
<*> IP: IPComp transformation <br />
<*> IP: IPsec transport mode <br />
<*> IP: IPsec tunnel mode <br />
<*> IP: IPsec BEET mode <br />
<br />
[*] Cryptographic API ---><br />
<*> Null algorithms<br />
<br />
*** Authenticated Encryption with Associated Data ***<br />
<*> CCM support <br />
<*> GCM/GMAC support <br />
<br />
{*} AES cipher algorithms <br />
</pre><br />
<br />
* Then you can rebuild Linux like that:<br />
<pre class="host"><br />
$ make linux26-clean<br />
$ make linux26<br />
$ make<br />
</pre><br />
<br />
=====Buildroot=====<br />
You must install flex and networking packages like [[SSH#OpenSSH|OpenSSH]], OpenSSL and IPSec-tools.<br />
<br />
* First run this command to open the Buildroot configuration menu:<br />
<pre class="host"><br />
$ make menuconfig<br />
</pre><br />
<br />
* Select the following packages in the menu:<br />
<pre class="config"><br />
Package Selection for the target ---> <br />
[*] flex <br />
<br />
[*] Networking <br />
[*] ipsec-tools <br />
[*] Enable racoonctl(8). <br />
[ ] Enable NAT-Traversal <br />
[*] Enable IKE fragmentation.<br />
[*] Enable statistics logging function. <br />
[ ] Enable IPv6 support <br />
[ ] Enable readline input support if available. <br />
[*] Install IPSec libraries under staging_dir/lib<br />
<br />
[*] openssh<br />
-*- openssl <br />
</pre><br />
<br />
{{Note|If you want to use IPSec in a NAT router/firewall, you must enable the NAT-Traversal option:<br />
<pre class="config"><br />
Package Selection for the target ---> <br />
[*] Networking <br />
[*] ipsec-tools <br />
<br />
[*] Enable NAT-Traversal <br />
</pre><br />
}}<br />
<br />
* Then rebuild Buildroot:<br />
<pre class="host"><br />
$ make<br />
</pre><br />
<br />
=====In the filesystem=====<br />
* You still have to put the following IPSec configuration file on the target in /etc/ipsec-tools.conf:<br />
<pre class="host"><br />
#!/usr/sbin/setkey -f <br />
<br />
# NOTE: Do not use this file if you use racoon with racoon-tool <br />
# utility. racoon-tool will setup SAs and SPDs automatically using <br />
# /etc/racoon/racoon-tool.conf configuration. <br />
# <br />
<br />
## Flush the SAD and SPD <br />
# <br />
flush; <br />
spdflush; <br />
<br />
# Attention: Use this keys only for testing purposes! <br />
# Generate your own keys! <br />
<br />
# AH SAs using 128 bit long keys <br />
add 192.168.0.211 192.168.0.208 ah 0x200 -A hmac-md5 <br />
0xc0291ff014dccdd03874d9e8e4cdf3e6; <br />
<br />
add 192.168.0.208 192.168.0.211 ah 0x300 -A hmac-md5 <br />
0x96358c90783bbfa3d7b196ceabe0536b; <br />
<br />
# ESP SAs using 192 bit long keys (168 + 24 parity) <br />
<br />
add 192.168.0.211 192.168.0.208 esp 0x201 -E 3des-cbc <br />
0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831; <br />
add 192.168.0.208 192.168.0.211 esp 0x301 -E 3des-cbc <br />
0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df; <br />
<br />
<br />
# Security policies <br />
spdadd 192.168.0.211 192.168.0.208 any -P in ipsec <br />
esp/transport//require <br />
ah/transport//require; <br />
<br />
spdadd 192.168.0.208 192.168.0.211 any -P out ipsec <br />
esp/transport//require <br />
ah/transport//require; <br />
</pre><br />
<br />
===Securize the connection===<br />
Once IPSec is installed and configured on both the system and the host, you have to launch it and activate the keys.<br />
<br />
* First on your Host (Ubuntu), you have to reboot the computer or to run the command:<br />
<pre class="host"><br />
$ sudo /etc/init.d/setkey start<br />
* Flushing IPsec SA/SP database: [ OK ]<br />
</pre><br />
If you want to see the generated keys:<br />
<pre class="host"><br />
$ sudo setkey -D<br />
</pre><br />
<br />
* On the target (APF27), you can run the command:<br />
<pre class="apf"><br />
# setkey -f /etc/ipsec-tools.conf<br />
</pre><br />
And you can check the keys with:<br />
<pre class="apf"><br />
# setkey -D<br />
</pre><br />
<br />
===Test IPSec===<br />
* To check that datas are correctly encrypted through the securized connection, launch Wireshark on your host PC and put a capture filter on your host address:<br />
<pre class="host"><br />
$ sudo wireshark<br />
</pre><br />
<br />
* Then you can try to establish a connection between the system and your host with Telnet. <br />
Run the following command on the target:<br />
<pre class="apf"><br />
# telnet -l $USERNAME $HOST_IP<br />
</pre><br />
For instance if you want to connect to computer 192.168.0.225 with the user toto:<br />
<pre class="apf"><br />
# telnet -l toto 192.168.0.225<br />
<br />
Entering character mode<br />
Escape character is '^]'.<br />
<br />
Password: <br />
Last login: Thu Dec 23 14:35:40 CET 2010 from localhost on pts/5<br />
Linux laptop-jeremie-ubuntu 2.6.31-20-generic-pae #58-Ubuntu SMP Fri Mar 12 06:25:51 UTC 2010 i686<br />
<br />
To access official Ubuntu documentation, please visit:<br />
http://help.ubuntu.com/<br />
</pre><br />
You can also connect without the username. When you are asked to fill the username, it will also be encrypted.<br />
<br />
* When you enter the password to connect to your host, check in Wireshark that you can't see the protocol name (Telnet in our example) nor the password in the datagrams. You must only see the ESP protocol and crypted datas.<br />
<br />
{{Note|If you use an [[APF27 PPS]] configured board, you can use the script ''test_ipsec.sh'' to test the IPSec authentication and encryption.}}<br />
<br />
==IPTables==<br />
IPTables is a command-line interface to configure Netfilter. It can allow you to set up the chains and rules of routing in the firewall of a computer. It can also be used to access a public domain from a private network by masquerading the private IP address.<br />
<br />
===Setup===<br />
If you want to use IPTables on your system, you have to configure both Buildroot and Linux.<br />
<br />
====Linux====<br />
* In the BSP directory, run this command to launch the Linux configuration menu:<br />
<pre class="host"><br />
$ make linux26-menuconfig<br />
</pre><br />
<br />
* In the menu, select the following drivers or modules:<br />
<pre class="config"><br />
[*] Networking support ---><br />
Networking options ---><br />
[*] TCP/IP networking<br />
[*] IP: multicasting<br />
[*] IP: advanced router<br />
Choose IP: FIB lookup algorithm (choose FIB_HASH if unsure) (FIB_HASH) ---><br />
[ ] IP: policy routing<br />
[ ] IP: equal cost multipath<br />
[ ] IP: verbose route monitoring<br />
<br />
[*] Network packet filtering framework (Netfilter) ---><br />
[*] Advanced netfilter configuration<br />
[*] Bridged IP/ARP packets filtering<br />
Core Netfilter Configuration ---><br />
{*} Netfilter Xtables support (required for ip_tables)<br />
<br />
IP: Netfilter Configuration ---><br />
<M> IP tables support (required for filtering/masq/NAT)<br />
<br />
<M> Packet filtering<br />
<br />
<M> ARP tables support<br />
<M> ARP packet filtering<br />
< > ARP payload mangling<br />
</pre><br />
<br />
<span id="Full_NAT_router"><br />
{{Note| If you want to use your target as a full NAT router and do masquerading, there are some advanced features you must add to Linux Kernel:<br />
<pre class="config"><br />
[*] Networking support ---><br />
Networking options ---><br />
[*] Network packet filtering framework (Netfilter) ---><br />
Core Netfilter Configuration ---><br />
<M> Netfilter connection tracking support<br />
<M> "state" match support<br />
<br />
IP: Netfilter Configuration ---><br />
<M> IPv4 connection tracking support (required for NAT)<br />
[*] proc/sysctl compatibility with old connectiion tracking<br />
<br />
<M> Full NAT<br />
<M> MASQUERADE target support<br />
<M> NETMAP target support<br />
<M> REDIRECT target support<br />
< > Basic SNMP-ALG support<br />
</pre><br />
}}<br />
</span><br />
<br />
{{Note|In order to use protocols like TFTP or FTP through the NAT router, you have to activate the support for the protocol you want in Netfilter.<br />
For instance with the TFTP protocol:<br />
<pre class="config"><br />
[*] Networking support ---><br />
Networking options ---><br />
[*] Network packet filtering framework (Netfilter) ---><br />
Core Netfilter Configuration ---><br />
<M> Netfilter connection tracking support<br />
<M> TFTP protocol support<br />
</pre><br />
}}<br />
<br />
{{Note|You can also add other IP tables like ''nat'' and ''mangle'' or new firewall rule options like ''LOG'' or ''REJECT'' in Netfilter page of the Linux configuration menu.}}<br />
<br />
* Now you can rebuild Linux:<br />
<pre class="host"><br />
$ make linux26-clean<br />
$ make linux26<br />
$ make<br />
</pre><br />
<br />
====Buildroot====<br />
* In the BSP directory, launch the Buildroot configuration menu:<br />
<pre class="host"><br />
$ make menuconfig<br />
</pre><br />
<br />
* Select the following packages for IPTables to be installed on target:<br />
<pre class="config"><br />
Package selection for the target ---><br />
[*] Networking ---><br />
[*] iptables<br />
</pre><br />
<br />
* Then rebuild Buildroot to generate the rootfs:<br />
<pre class="host"><br />
$ make<br />
</pre><br />
<br />
===IPTables usage===<br />
* To learn how to use IPTables to define firewall chains and rules, please refer to the [http://doc.ubuntu-fr.org/iptables Linux Ubuntu Documentation - IPTables].<br />
<br />
* You may also want to define routing rules with the command ''route''. You can refer to the [http://doc.ubuntu-fr.org/routage Linux Ubuntu Documentation - routage] to use it.<br />
<br />
===Test IPTables on [[APF27 PPS]]===<br />
To test IPTables on the target, we will implement a NAT router in the system and use it as a gateway through two computers.<br />
<br />
* First you have to enable full NAT and masquerading functionalities in Linux Kernel for your target. Please refer to the [[#Full_NAT_router|Note for full NAT installation]] to set up these options and then rebuild Linux:<br />
<pre class="host"><br />
$ make linux26-clean<br />
$ make linux26<br />
$ make<br />
</pre><br />
<br />
* Flash the new kernel and rootfs binaries on the target.<br />
<br />
* Connect an Ethernet cable from your host Linux to the Ethernet port of the target. <br />
And connect the USB A-MiniA cable from your host Linux to your target USB OTG port.<br />
<br />
* Then you have to activate the target network interface for Ethernet and [[USB Gadget]]:<br />
<pre class="apf"><br />
# ifconfig eth0 192.168.0.208<br />
<br />
# modprobe -r smsc95xx<br />
# modprobe -r g_ether<br />
# modprobe g_ether<br />
# ifconfig usb0 192.168.2.251<br />
Freescale High-Speed USB SOC Device Controller driver (Apr 20, 2007)<br />
ULPI OTG Vendor ID 0x4cc Product ID 0x1504<br />
g_ether gadget: using random self ethernet address<br />
g_ether gadget: using random host ethernet address<br />
usb0: MAC f6:cf:00:56:1b:64<br />
usb0: HOST MAC be:60:d1:56:89:fc<br />
g_ether gadget: Ethernet Gadget, version: Memorial Day 2008<br />
g_ether gadget: g_ether ready<br />
fsl-usb2-udc: bind to driver g_ether<br />
g_ether gadget: high speed config #1: CDC Ethernet (ECM)<br />
</pre><br />
<br />
* As the USB gadget interface is connected, you must see the network ''Auto USB'' in your host's ''Network Connections''.<br />
** If you want to make your [[APF27 PPS]] a gateway, you have to use two differents sub-networks for your private network (your computer and the USB gadget interface) and for the remote network (the remote computer and the Ethernet interface).<br />
** Edit then the ''Auto USB'' network to configure it:<br />
*** The '''IP address''' must be in the same sub-network as the USB Gadget interface : for instance 192.168.2.225.<br />
*** The '''Netmask''' : 255.255.255.0<br />
*** The '''Gateway''' is your target's USB Gadget interface : here 192.168.2.251.<br />
*** A '''DNS server''': if you want to browse on Internet through the target. For instance 192.168.0.207.<br />
*** '''Search domains''': For instance armadeus-office.<br />
** Then disconnect your host PC and reconnect to the ''Auto USB'' network.<br />
<br />
* Add the ''default'' route to be able to go on the Internet:<br />
<pre class="apf"><br />
# route add default gw 192.168.0.1 eth0<br />
</pre><br />
<br />
* Configure the IP Advanced router to be able to forward the packets through the target:<br />
<pre class="apf"><br />
# echo "1" > /proc/sys/net/ipv4/ip_forward<br />
</pre><br />
<br />
* Then you have to create the rules for the NAT router/firewall with iptables:<br />
<pre class="apf"><br />
# iptables -P INPUT ACCEPT<br />
# iptables -F INPUT <br />
# iptables -P OUTPUT ACCEPT<br />
# iptables -F OUTPUT <br />
# iptables -P FORWARD DROP<br />
# iptables -F FORWARD <br />
# iptables -t nat -F<br />
nf_conntrack version 0.5.0 (1024 buckets, 4096 max)<br />
<br />
# iptables -A FORWARD -i eth0 -o usb0 -m state --state ESTABLISHED,RELATED -j ACCEPT<br />
# iptables -A FORWARD -i usb0 -o eth0 -j ACCEPT<br />
# iptables -A FORWARD -j LOG<br />
<br />
# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE<br />
</pre><br />
<br />
* To test the gateway is correctly working, you can ping on the different interface and on the remote computer from your host:<br />
<pre class="host"><br />
$ ping 192.168.2.251<br />
PING 192.168.2.251 (192.168.2.251) 56(84) bytes of data.<br />
64 bytes from 192.168.2.251: icmp_seq=1 ttl=64 time=0.736 ms<br />
<br />
$ ping 192.168.0.208<br />
PING 192.168.0.208 (192.168.0.208) 56(84) bytes of data.<br />
64 bytes from 192.168.0.208: icmp_seq=1 ttl=64 time=0.719 ms<br />
<br />
$ ping 192.168.0.1<br />
PING 192.168.0.1 (192.168.0.1) 56(84) bytes of data.<br />
64 bytes from 192.168.0.1: icmp_seq=1 ttl=63 time=1.60 ms<br />
<br />
$ ping REMOTE_ADDRESS<br />
</pre><br />
<br />
* If you have configured your network with a DNS server, you can even ping or browse an URL address on the Internet:<br />
<pre class="host"><br />
$ ping www.yahoo.fr<br />
PING any-rc.a01.yahoodns.net (87.248.120.148) 56(84) bytes of data.<br />
64 bytes from w2.rc.vip.ch1.yahoo.com (87.248.120.148): icmp_seq=1 ttl=49 time=90.3 ms<br />
</pre><br />
<br />
{{Note|If you have the IPSec activated on the remote computer and on your target, you can also securize the connection to the remote computer.<br />
On the remote computer, put the file /etc/ipsec-tools.conf and run the command:<br />
<pre class="host"><br />
$ sudo /etc/init.d/setkey start<br />
* Flushing IPsec SA/SP database: [ OK ]<br />
</pre><br />
On your target, run:<br />
<pre class="apf"><br />
# setkey -f /etc/ipsec-tools.conf<br />
</pre><br />
Then you can check with Wireshark that all datas going through the securized connection are well encrypted.<br />
}}<br />
<br />
==Links==<br />
* [https://help.ubuntu.com/community/IPSecHowTo IPSec HowTo Documentation]<br />
* [http://doc.ubuntu-fr.org/iptables IPTables Ubuntu Documentation]<br />
* [http://doc.ubuntu-fr.org/routage Routing Ubuntu Documentation]</div>JeremieShttp://armadeus.org/wiki/index.php?title=IPSec_/_IPTables&diff=9343IPSec / IPTables2011-01-24T10:27:42Z<p>JeremieS: /* Test IPSec */</p>
<hr />
<div>IPSec and IPTables are network tools that can be used together to create a VPN between two computers. IPSec securizes the connection as IPTables do the packets routing. The [[APF27 PPS]] board is optimized to use these tools.<br />
<br />
==IPSec==<br />
IPSec is a protocol that securizes IP communications by authenticating and crypting packets from IP address to another, over all computer ports.<br />
<br />
===Setup===<br />
<br />
====Host PC (Ubuntu)====<br />
* You need to install the ipsec-tools package on your host:<br />
<pre class="host"><br />
$ sudo apt-get install ipsec-tools<br />
</pre><br />
<br />
* Give the file ''/etc/ipsec-tools.conf'' the access rights 700:<br />
<pre class="host"><br />
$ sudo chmod 700 /etc/ipsec-tools.conf<br />
</pre><br />
<br />
* Then edit this file and define the IPSec keys like that:<br />
<pre class="host"><br />
<br />
#!/usr/sbin/setkey -f <br />
<br />
# NOTE: Do not use this file if you use racoon with racoon-tool <br />
# utility. racoon-tool will setup SAs and SPDs automatically using <br />
# /etc/racoon/racoon-tool.conf configuration. <br />
# <br />
<br />
## Flush the SAD and SPD <br />
# <br />
flush; <br />
spdflush; <br />
<br />
# Attention: Use this keys only for testing purposes! <br />
# Generate your own keys! <br />
<br />
# AH SAs using 128 bit long keys <br />
add 192.168.0.211 192.168.0.208 ah 0x200 -A hmac-md5 <br />
0xc0291ff014dccdd03874d9e8e4cdf3e6; <br />
<br />
add 192.168.0.208 192.168.0.211 ah 0x300 -A hmac-md5 <br />
0x96358c90783bbfa3d7b196ceabe0536b; <br />
<br />
# ESP SAs using 192 bit long keys (168 + 24 parity) <br />
<br />
add 192.168.0.211 192.168.0.208 esp 0x201 -E 3des-cbc <br />
0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831; <br />
add 192.168.0.208 192.168.0.211 esp 0x301 -E 3des-cbc <br />
0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df; <br />
<br />
<br />
# Security policies <br />
spdadd 192.168.0.211 192.168.0.208 any -P in ipsec <br />
esp/transport//require <br />
ah/transport//require; <br />
<br />
spdadd 192.168.0.208 192.168.0.211 any -P out ipsec <br />
esp/transport//require <br />
ah/transport//require; <br />
<br />
spdadd 192.168.2.100 192.168.1.100 any -P in ipsec<br />
esp/transport//require<br />
ah/transport//require;<br />
</pre><br />
<br />
{{Note|In this example the host is 192.168.0.211 and the APF27 target is 192.168.0.208 but you must adapt the file to your configuration and create your own keys.}}<br />
<br />
{{Note|To generate a 192 bit key you can use the following command: <pre class="host">dd if=/dev/random count=24 bs=1| xxd -ps</pre>}}<br />
<br />
====Target (APF27)====<br />
<br />
=====Linux=====<br />
There are some drivers you need to install in Linux Kernel to make IPSec work.<br />
<br />
* To configure Linux, go into the BSP directory and run the command:<br />
<pre class="host"><br />
$ make linux26-menuconfig<br />
</pre><br />
<br />
* Select the following drivers to install in Linux configuration menu:<br />
<pre class="config"><br />
[*] Networking support ---> <br />
Networking options ---> <br />
<*> Transformation user configuration interface<br />
<br />
<*> PF_KEY sockets<br />
<br />
<*> IP: AH transformation <br />
<*> IP: ESP transformation <br />
<*> IP: IPComp transformation <br />
<*> IP: IPsec transport mode <br />
<*> IP: IPsec tunnel mode <br />
<*> IP: IPsec BEET mode <br />
<br />
[*] Cryptographic API ---><br />
<*> Null algorithms<br />
<br />
*** Authenticated Encryption with Associated Data ***<br />
<*> CCM support <br />
<*> GCM/GMAC support <br />
<br />
{*} AES cipher algorithms <br />
</pre><br />
<br />
* Then you can rebuild Linux like that:<br />
<pre class="host"><br />
$ make linux26-clean<br />
$ make linux26<br />
$ make<br />
</pre><br />
<br />
=====Buildroot=====<br />
You must install flex and networking packages like [[SSH#OpenSSH|OpenSSH]], OpenSSL and IPSec-tools.<br />
<br />
* First run this command to open the Buildroot configuration menu:<br />
<pre class="host"><br />
$ make menuconfig<br />
</pre><br />
<br />
* Select the following packages in the menu:<br />
<pre class="config"><br />
Package Selection for the target ---> <br />
[*] flex <br />
<br />
[*] Networking <br />
[*] ipsec-tools <br />
[*] Enable racoonctl(8). <br />
[ ] Enable NAT-Traversal <br />
[*] Enable IKE fragmentation.<br />
[*] Enable statistics logging function. <br />
[ ] Enable IPv6 support <br />
[ ] Enable readline input support if available. <br />
[*] Install IPSec libraries under staging_dir/lib<br />
<br />
[*] openssh<br />
-*- openssl <br />
</pre><br />
<br />
{{Note|If you want to use IPSec in a NAT router/firewall, you must enable the NAT-Traversal option:<br />
<pre class="config"><br />
Package Selection for the target ---> <br />
[*] Networking <br />
[*] ipsec-tools <br />
<br />
[*] Enable NAT-Traversal <br />
</pre><br />
}}<br />
<br />
* Then rebuild Buildroot:<br />
<pre class="host"><br />
$ make<br />
</pre><br />
<br />
=====In the filesystem=====<br />
* You still have to put the following IPSec configuration file on the target in /etc/ipsec-tools.conf:<br />
<pre class="host"><br />
#!/usr/sbin/setkey -f <br />
<br />
# NOTE: Do not use this file if you use racoon with racoon-tool <br />
# utility. racoon-tool will setup SAs and SPDs automatically using <br />
# /etc/racoon/racoon-tool.conf configuration. <br />
# <br />
<br />
## Flush the SAD and SPD <br />
# <br />
flush; <br />
spdflush; <br />
<br />
# Attention: Use this keys only for testing purposes! <br />
# Generate your own keys! <br />
<br />
# AH SAs using 128 bit long keys <br />
add 192.168.0.211 192.168.0.208 ah 0x200 -A hmac-md5 <br />
0xc0291ff014dccdd03874d9e8e4cdf3e6; <br />
<br />
add 192.168.0.208 192.168.0.211 ah 0x300 -A hmac-md5 <br />
0x96358c90783bbfa3d7b196ceabe0536b; <br />
<br />
# ESP SAs using 192 bit long keys (168 + 24 parity) <br />
<br />
add 192.168.0.211 192.168.0.208 esp 0x201 -E 3des-cbc <br />
0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831; <br />
add 192.168.0.208 192.168.0.211 esp 0x301 -E 3des-cbc <br />
0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df; <br />
<br />
<br />
# Security policies <br />
spdadd 192.168.0.211 192.168.0.208 any -P in ipsec <br />
esp/transport//require <br />
ah/transport//require; <br />
<br />
spdadd 192.168.0.208 192.168.0.211 any -P out ipsec <br />
esp/transport//require <br />
ah/transport//require; <br />
</pre><br />
<br />
===Securize the connection===<br />
Once IPSec is installed and configured on both the system and the host, you have to launch it and activate the keys.<br />
<br />
* First on your Host (Ubuntu), you have to reboot the computer or to run the command:<br />
<pre class="host"><br />
$ sudo /etc/init.d/setkey start<br />
* Flushing IPsec SA/SP database: [ OK ]<br />
</pre><br />
If you want to see the generated keys:<br />
<pre class="host"><br />
$ sudo setkey -D<br />
</pre><br />
<br />
* On the target (APF27), you can run the command:<br />
<pre class="apf"><br />
# setkey -f /etc/ipsec-tools.conf<br />
</pre><br />
And you can check the keys with:<br />
<pre class="apf"><br />
# setkey -D<br />
</pre><br />
<br />
===Test IPSec===<br />
* To check that datas are correctly encrypted through the securized connection, launch Wireshark on your host PC and put a capture filter on your host address:<br />
<pre class="host"><br />
$ sudo wireshark<br />
</pre><br />
<br />
* Then you can try to establish a connection between the system and your host with Telnet. <br />
Run the following command on the target:<br />
<pre class="apf"><br />
# telnet -l $USERNAME $HOST_IP<br />
</pre><br />
For instance if you want to connect to computer 192.168.0.225 with the user toto:<br />
<pre class="apf"><br />
# telnet -l toto 192.168.0.225<br />
<br />
Entering character mode<br />
Escape character is '^]'.<br />
<br />
Password: <br />
Last login: Thu Dec 23 14:35:40 CET 2010 from localhost on pts/5<br />
Linux laptop-jeremie-ubuntu 2.6.31-20-generic-pae #58-Ubuntu SMP Fri Mar 12 06:25:51 UTC 2010 i686<br />
<br />
To access official Ubuntu documentation, please visit:<br />
http://help.ubuntu.com/<br />
</pre><br />
You can also connect without the username. When you are asked to fill the username, it will also be encrypted.<br />
<br />
* When you enter the password to connect to your host, check in Wireshark that you can't see the protocol name (Telnet in our example) nor the password in the datagrams. You must only see the ESP protocol and crypted datas.<br />
<br />
{{Note|If you use an [[APF27 PPS]] configured board, you can use the script ''test_ipsec.sh'' to test the IPSec authentication and encryption.}}<br />
<br />
==IPTables==<br />
IPTables is a command-line interface to configure Netfilter. It can allow you to set up the chains and rules of routing in the firewall of a computer. It can also be used to access a public domain from a private network by masquerading the private IP address.<br />
<br />
===Setup===<br />
If you want to use IPTables on your system, you have to configure both Buildroot and Linux.<br />
<br />
====Linux====<br />
* In the BSP directory, run this command to launch the Linux configuration menu:<br />
<pre class="host"><br />
$ make linux26-menuconfig<br />
</pre><br />
<br />
* In the menu, select the following drivers or modules:<br />
<pre class="config"><br />
[*] Networking support ---><br />
Networking options ---><br />
[*] TCP/IP networking<br />
[*] IP: multicasting<br />
[*] IP: advanced router<br />
Choose IP: FIB lookup algorithm (choose FIB_HASH if unsure) (FIB_HASH) ---><br />
[ ] IP: policy routing<br />
[ ] IP: equal cost multipath<br />
[ ] IP: verbose route monitoring<br />
<br />
[*] Network packet filtering framework (Netfilter) ---><br />
[*] Advanced netfilter configuration<br />
[*] Bridged IP/ARP packets filtering<br />
Core Netfilter Configuration ---><br />
{*} Netfilter Xtables support (required for ip_tables)<br />
<br />
IP: Netfilter Configuration ---><br />
<M> IP tables support (required for filtering/masq/NAT)<br />
<br />
<M> Packet filtering<br />
<br />
<M> ARP tables support<br />
<M> ARP packet filtering<br />
< > ARP payload mangling<br />
</pre><br />
<br />
<span id="Full_NAT_router"><br />
{{Note| If you want to use your target as a full NAT router and do masquerading, there are some advanced features you must add to Linux Kernel:<br />
<pre class="config"><br />
[*] Networking support ---><br />
Networking options ---><br />
[*] Network packet filtering framework (Netfilter) ---><br />
Core Netfilter Configuration ---><br />
<M> Netfilter connection tracking support<br />
<M> "state" match support<br />
<br />
IP: Netfilter Configuration ---><br />
<M> IPv4 connection tracking support (required for NAT)<br />
[*] proc/sysctl compatibility with old connectiion tracking<br />
<br />
<M> Full NAT<br />
<M> MASQUERADE target support<br />
<M> NETMAP target support<br />
<M> REDIRECT target support<br />
< > Basic SNMP-ALG support<br />
</pre><br />
}}<br />
</span><br />
<br />
{{Note|You can also add other IP tables like ''nat'' and ''mangle'' or new firewall rule options like ''LOG'' or ''REJECT'' in Netfilter page of the Linux configuration menu.}}<br />
<br />
* Now you can rebuild Linux:<br />
<pre class="host"><br />
$ make linux26-clean<br />
$ make linux26<br />
$ make<br />
</pre><br />
<br />
====Buildroot====<br />
* In the BSP directory, launch the Buildroot configuration menu:<br />
<pre class="host"><br />
$ make menuconfig<br />
</pre><br />
<br />
* Select the following packages for IPTables to be installed on target:<br />
<pre class="config"><br />
Package selection for the target ---><br />
[*] Networking ---><br />
[*] iptables<br />
</pre><br />
<br />
* Then rebuild Buildroot to generate the rootfs:<br />
<pre class="host"><br />
$ make<br />
</pre><br />
<br />
===IPTables usage===<br />
* To learn how to use IPTables to define firewall chains and rules, please refer to the [http://doc.ubuntu-fr.org/iptables Linux Ubuntu Documentation - IPTables].<br />
<br />
* You may also want to define routing rules with the command ''route''. You can refer to the [http://doc.ubuntu-fr.org/routage Linux Ubuntu Documentation - routage] to use it.<br />
<br />
===Test IPTables on [[APF27 PPS]]===<br />
To test IPTables on the target, we will implement a NAT router in the system and use it as a gateway through two computers.<br />
<br />
* First you have to enable full NAT and masquerading functionalities in Linux Kernel for your target. Please refer to the [[#Full_NAT_router|Note for full NAT installation]] to set up these options and then rebuild Linux:<br />
<pre class="host"><br />
$ make linux26-clean<br />
$ make linux26<br />
$ make<br />
</pre><br />
<br />
* Flash the new kernel and rootfs binaries on the target.<br />
<br />
* Connect an Ethernet cable from your host Linux to the Ethernet port of the target. <br />
And connect the USB A-MiniA cable from your host Linux to your target USB OTG port.<br />
<br />
* Then you have to activate the target network interface for Ethernet and [[USB Gadget]]:<br />
<pre class="apf"><br />
# ifconfig eth0 192.168.0.208<br />
<br />
# modprobe -r smsc95xx<br />
# modprobe -r g_ether<br />
# modprobe g_ether<br />
# ifconfig usb0 192.168.2.251<br />
Freescale High-Speed USB SOC Device Controller driver (Apr 20, 2007)<br />
ULPI OTG Vendor ID 0x4cc Product ID 0x1504<br />
g_ether gadget: using random self ethernet address<br />
g_ether gadget: using random host ethernet address<br />
usb0: MAC f6:cf:00:56:1b:64<br />
usb0: HOST MAC be:60:d1:56:89:fc<br />
g_ether gadget: Ethernet Gadget, version: Memorial Day 2008<br />
g_ether gadget: g_ether ready<br />
fsl-usb2-udc: bind to driver g_ether<br />
g_ether gadget: high speed config #1: CDC Ethernet (ECM)<br />
</pre><br />
<br />
* As the USB gadget interface is connected, you must see the network ''Auto USB'' in your host's ''Network Connections''.<br />
** If you want to make your [[APF27 PPS]] a gateway, you have to use two differents sub-networks for your private network (your computer and the USB gadget interface) and for the remote network (the remote computer and the Ethernet interface).<br />
** Edit then the ''Auto USB'' network to configure it:<br />
*** The '''IP address''' must be in the same sub-network as the USB Gadget interface : for instance 192.168.2.225.<br />
*** The '''Netmask''' : 255.255.255.0<br />
*** The '''Gateway''' is your target's USB Gadget interface : here 192.168.2.251.<br />
*** A '''DNS server''': if you want to browse on Internet through the target. For instance 192.168.0.207.<br />
*** '''Search domains''': For instance armadeus-office.<br />
** Then disconnect your host PC and reconnect to the ''Auto USB'' network.<br />
<br />
* Add the ''default'' route to be able to go on the Internet:<br />
<pre class="apf"><br />
# route add default gw 192.168.0.1 eth0<br />
</pre><br />
<br />
* Configure the IP Advanced router to be able to forward the packets through the target:<br />
<pre class="apf"><br />
# echo "1" > /proc/sys/net/ipv4/ip_forward<br />
</pre><br />
<br />
* Then you have to create the rules for the NAT router/firewall with iptables:<br />
<pre class="apf"><br />
# iptables -P INPUT ACCEPT<br />
# iptables -F INPUT <br />
# iptables -P OUTPUT ACCEPT<br />
# iptables -F OUTPUT <br />
# iptables -P FORWARD DROP<br />
# iptables -F FORWARD <br />
# iptables -t nat -F<br />
nf_conntrack version 0.5.0 (1024 buckets, 4096 max)<br />
<br />
# iptables -A FORWARD -i eth0 -o usb0 -m state --state ESTABLISHED,RELATED -j ACCEPT<br />
# iptables -A FORWARD -i usb0 -o eth0 -j ACCEPT<br />
# iptables -A FORWARD -j LOG<br />
<br />
# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE<br />
</pre><br />
<br />
* To test the gateway is correctly working, you can ping on the different interface and on the remote computer from your host:<br />
<pre class="host"><br />
$ ping 192.168.2.251<br />
PING 192.168.2.251 (192.168.2.251) 56(84) bytes of data.<br />
64 bytes from 192.168.2.251: icmp_seq=1 ttl=64 time=0.736 ms<br />
<br />
$ ping 192.168.0.208<br />
PING 192.168.0.208 (192.168.0.208) 56(84) bytes of data.<br />
64 bytes from 192.168.0.208: icmp_seq=1 ttl=64 time=0.719 ms<br />
<br />
$ ping 192.168.0.1<br />
PING 192.168.0.1 (192.168.0.1) 56(84) bytes of data.<br />
64 bytes from 192.168.0.1: icmp_seq=1 ttl=63 time=1.60 ms<br />
<br />
$ ping REMOTE_ADDRESS<br />
</pre><br />
<br />
* If you have configured your network with a DNS server, you can even ping or browse an URL address on the Internet:<br />
<pre class="host"><br />
$ ping www.yahoo.fr<br />
PING any-rc.a01.yahoodns.net (87.248.120.148) 56(84) bytes of data.<br />
64 bytes from w2.rc.vip.ch1.yahoo.com (87.248.120.148): icmp_seq=1 ttl=49 time=90.3 ms<br />
</pre><br />
<br />
{{Note|If you have the IPSec activated on the remote computer and on your target, you can also securize the connection to the remote computer.<br />
On the remote computer, put the file /etc/ipsec-tools.conf and run the command:<br />
<pre class="host"><br />
$ sudo /etc/init.d/setkey start<br />
* Flushing IPsec SA/SP database: [ OK ]<br />
</pre><br />
On your target, run:<br />
<pre class="apf"><br />
# setkey -f /etc/ipsec-tools.conf<br />
</pre><br />
Then you can check with Wireshark that all datas going through the securized connection are well encrypted.<br />
}}<br />
<br />
==Links==<br />
* [https://help.ubuntu.com/community/IPSecHowTo IPSec HowTo Documentation]<br />
* [http://doc.ubuntu-fr.org/iptables IPTables Ubuntu Documentation]<br />
* [http://doc.ubuntu-fr.org/routage Routing Ubuntu Documentation]</div>JeremieShttp://armadeus.org/wiki/index.php?title=IPSec_/_IPTables&diff=9342IPSec / IPTables2011-01-24T10:26:05Z<p>JeremieS: /* Target (APF27) */</p>
<hr />
<div>IPSec and IPTables are network tools that can be used together to create a VPN between two computers. IPSec securizes the connection as IPTables do the packets routing. The [[APF27 PPS]] board is optimized to use these tools.<br />
<br />
==IPSec==<br />
IPSec is a protocol that securizes IP communications by authenticating and crypting packets from IP address to another, over all computer ports.<br />
<br />
===Setup===<br />
<br />
====Host PC (Ubuntu)====<br />
* You need to install the ipsec-tools package on your host:<br />
<pre class="host"><br />
$ sudo apt-get install ipsec-tools<br />
</pre><br />
<br />
* Give the file ''/etc/ipsec-tools.conf'' the access rights 700:<br />
<pre class="host"><br />
$ sudo chmod 700 /etc/ipsec-tools.conf<br />
</pre><br />
<br />
* Then edit this file and define the IPSec keys like that:<br />
<pre class="host"><br />
<br />
#!/usr/sbin/setkey -f <br />
<br />
# NOTE: Do not use this file if you use racoon with racoon-tool <br />
# utility. racoon-tool will setup SAs and SPDs automatically using <br />
# /etc/racoon/racoon-tool.conf configuration. <br />
# <br />
<br />
## Flush the SAD and SPD <br />
# <br />
flush; <br />
spdflush; <br />
<br />
# Attention: Use this keys only for testing purposes! <br />
# Generate your own keys! <br />
<br />
# AH SAs using 128 bit long keys <br />
add 192.168.0.211 192.168.0.208 ah 0x200 -A hmac-md5 <br />
0xc0291ff014dccdd03874d9e8e4cdf3e6; <br />
<br />
add 192.168.0.208 192.168.0.211 ah 0x300 -A hmac-md5 <br />
0x96358c90783bbfa3d7b196ceabe0536b; <br />
<br />
# ESP SAs using 192 bit long keys (168 + 24 parity) <br />
<br />
add 192.168.0.211 192.168.0.208 esp 0x201 -E 3des-cbc <br />
0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831; <br />
add 192.168.0.208 192.168.0.211 esp 0x301 -E 3des-cbc <br />
0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df; <br />
<br />
<br />
# Security policies <br />
spdadd 192.168.0.211 192.168.0.208 any -P in ipsec <br />
esp/transport//require <br />
ah/transport//require; <br />
<br />
spdadd 192.168.0.208 192.168.0.211 any -P out ipsec <br />
esp/transport//require <br />
ah/transport//require; <br />
<br />
spdadd 192.168.2.100 192.168.1.100 any -P in ipsec<br />
esp/transport//require<br />
ah/transport//require;<br />
</pre><br />
<br />
{{Note|In this example the host is 192.168.0.211 and the APF27 target is 192.168.0.208 but you must adapt the file to your configuration and create your own keys.}}<br />
<br />
{{Note|To generate a 192 bit key you can use the following command: <pre class="host">dd if=/dev/random count=24 bs=1| xxd -ps</pre>}}<br />
<br />
====Target (APF27)====<br />
<br />
=====Linux=====<br />
There are some drivers you need to install in Linux Kernel to make IPSec work.<br />
<br />
* To configure Linux, go into the BSP directory and run the command:<br />
<pre class="host"><br />
$ make linux26-menuconfig<br />
</pre><br />
<br />
* Select the following drivers to install in Linux configuration menu:<br />
<pre class="config"><br />
[*] Networking support ---> <br />
Networking options ---> <br />
<*> Transformation user configuration interface<br />
<br />
<*> PF_KEY sockets<br />
<br />
<*> IP: AH transformation <br />
<*> IP: ESP transformation <br />
<*> IP: IPComp transformation <br />
<*> IP: IPsec transport mode <br />
<*> IP: IPsec tunnel mode <br />
<*> IP: IPsec BEET mode <br />
<br />
[*] Cryptographic API ---><br />
<*> Null algorithms<br />
<br />
*** Authenticated Encryption with Associated Data ***<br />
<*> CCM support <br />
<*> GCM/GMAC support <br />
<br />
{*} AES cipher algorithms <br />
</pre><br />
<br />
* Then you can rebuild Linux like that:<br />
<pre class="host"><br />
$ make linux26-clean<br />
$ make linux26<br />
$ make<br />
</pre><br />
<br />
=====Buildroot=====<br />
You must install flex and networking packages like [[SSH#OpenSSH|OpenSSH]], OpenSSL and IPSec-tools.<br />
<br />
* First run this command to open the Buildroot configuration menu:<br />
<pre class="host"><br />
$ make menuconfig<br />
</pre><br />
<br />
* Select the following packages in the menu:<br />
<pre class="config"><br />
Package Selection for the target ---> <br />
[*] flex <br />
<br />
[*] Networking <br />
[*] ipsec-tools <br />
[*] Enable racoonctl(8). <br />
[ ] Enable NAT-Traversal <br />
[*] Enable IKE fragmentation.<br />
[*] Enable statistics logging function. <br />
[ ] Enable IPv6 support <br />
[ ] Enable readline input support if available. <br />
[*] Install IPSec libraries under staging_dir/lib<br />
<br />
[*] openssh<br />
-*- openssl <br />
</pre><br />
<br />
{{Note|If you want to use IPSec in a NAT router/firewall, you must enable the NAT-Traversal option:<br />
<pre class="config"><br />
Package Selection for the target ---> <br />
[*] Networking <br />
[*] ipsec-tools <br />
<br />
[*] Enable NAT-Traversal <br />
</pre><br />
}}<br />
<br />
* Then rebuild Buildroot:<br />
<pre class="host"><br />
$ make<br />
</pre><br />
<br />
=====In the filesystem=====<br />
* You still have to put the following IPSec configuration file on the target in /etc/ipsec-tools.conf:<br />
<pre class="host"><br />
#!/usr/sbin/setkey -f <br />
<br />
# NOTE: Do not use this file if you use racoon with racoon-tool <br />
# utility. racoon-tool will setup SAs and SPDs automatically using <br />
# /etc/racoon/racoon-tool.conf configuration. <br />
# <br />
<br />
## Flush the SAD and SPD <br />
# <br />
flush; <br />
spdflush; <br />
<br />
# Attention: Use this keys only for testing purposes! <br />
# Generate your own keys! <br />
<br />
# AH SAs using 128 bit long keys <br />
add 192.168.0.211 192.168.0.208 ah 0x200 -A hmac-md5 <br />
0xc0291ff014dccdd03874d9e8e4cdf3e6; <br />
<br />
add 192.168.0.208 192.168.0.211 ah 0x300 -A hmac-md5 <br />
0x96358c90783bbfa3d7b196ceabe0536b; <br />
<br />
# ESP SAs using 192 bit long keys (168 + 24 parity) <br />
<br />
add 192.168.0.211 192.168.0.208 esp 0x201 -E 3des-cbc <br />
0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831; <br />
add 192.168.0.208 192.168.0.211 esp 0x301 -E 3des-cbc <br />
0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df; <br />
<br />
<br />
# Security policies <br />
spdadd 192.168.0.211 192.168.0.208 any -P in ipsec <br />
esp/transport//require <br />
ah/transport//require; <br />
<br />
spdadd 192.168.0.208 192.168.0.211 any -P out ipsec <br />
esp/transport//require <br />
ah/transport//require; <br />
</pre><br />
<br />
===Securize the connection===<br />
Once IPSec is installed and configured on both the system and the host, you have to launch it and activate the keys.<br />
<br />
* First on your Host (Ubuntu), you have to reboot the computer or to run the command:<br />
<pre class="host"><br />
$ sudo /etc/init.d/setkey start<br />
* Flushing IPsec SA/SP database: [ OK ]<br />
</pre><br />
If you want to see the generated keys:<br />
<pre class="host"><br />
$ sudo setkey -D<br />
</pre><br />
<br />
* On the target (APF27), you can run the command:<br />
<pre class="apf"><br />
# setkey -f /etc/ipsec-tools.conf<br />
</pre><br />
And you can check the keys with:<br />
<pre class="apf"><br />
# setkey -D<br />
</pre><br />
<br />
===Test IPSec===<br />
* To check that datas are correctly encrypted through the securized connection, launch Wireshark on your host PC and put a capture filter on your host address:<br />
<pre class="host"><br />
$ sudo wireshark<br />
</pre><br />
<br />
* Then you can try to establish a connection between the system and your host with Telnet. <br />
Run the following command on the target:<br />
<pre class="apf"><br />
# telnet -l $USERNAME $HOST_IP<br />
</pre><br />
For instance if you want to connect to computer 192.168.0.225 with the user toto:<br />
<pre class="apf"><br />
# telnet -l toto 192.168.0.225<br />
<br />
Entering character mode<br />
Escape character is '^]'.<br />
<br />
Password: <br />
Last login: Thu Dec 23 14:35:40 CET 2010 from localhost on pts/5<br />
Linux laptop-jeremie-ubuntu 2.6.31-20-generic-pae #58-Ubuntu SMP Fri Mar 12 06:25:51 UTC 2010 i686<br />
<br />
To access official Ubuntu documentation, please visit:<br />
http://help.ubuntu.com/<br />
</pre><br />
You can also connect without the username. When you are asked to fill the username, it will also be encrypted.<br />
<br />
* When you enter the password to connect to your host, check in Wireshark that you can't see the protocol name (Telnet in our example) nor the password in the datagrams. You must only see the ESP protocol and crypted datas.<br />
<br />
{{Note|If you use an [[APF27 PPS]] configured board, you can use the script ''test_ipsec.sh'' to test the OpenSSH tunnel.}}<br />
<br />
==IPTables==<br />
IPTables is a command-line interface to configure Netfilter. It can allow you to set up the chains and rules of routing in the firewall of a computer. It can also be used to access a public domain from a private network by masquerading the private IP address.<br />
<br />
===Setup===<br />
If you want to use IPTables on your system, you have to configure both Buildroot and Linux.<br />
<br />
====Linux====<br />
* In the BSP directory, run this command to launch the Linux configuration menu:<br />
<pre class="host"><br />
$ make linux26-menuconfig<br />
</pre><br />
<br />
* In the menu, select the following drivers or modules:<br />
<pre class="config"><br />
[*] Networking support ---><br />
Networking options ---><br />
[*] TCP/IP networking<br />
[*] IP: multicasting<br />
[*] IP: advanced router<br />
Choose IP: FIB lookup algorithm (choose FIB_HASH if unsure) (FIB_HASH) ---><br />
[ ] IP: policy routing<br />
[ ] IP: equal cost multipath<br />
[ ] IP: verbose route monitoring<br />
<br />
[*] Network packet filtering framework (Netfilter) ---><br />
[*] Advanced netfilter configuration<br />
[*] Bridged IP/ARP packets filtering<br />
Core Netfilter Configuration ---><br />
{*} Netfilter Xtables support (required for ip_tables)<br />
<br />
IP: Netfilter Configuration ---><br />
<M> IP tables support (required for filtering/masq/NAT)<br />
<br />
<M> Packet filtering<br />
<br />
<M> ARP tables support<br />
<M> ARP packet filtering<br />
< > ARP payload mangling<br />
</pre><br />
<br />
<span id="Full_NAT_router"><br />
{{Note| If you want to use your target as a full NAT router and do masquerading, there are some advanced features you must add to Linux Kernel:<br />
<pre class="config"><br />
[*] Networking support ---><br />
Networking options ---><br />
[*] Network packet filtering framework (Netfilter) ---><br />
Core Netfilter Configuration ---><br />
<M> Netfilter connection tracking support<br />
<M> "state" match support<br />
<br />
IP: Netfilter Configuration ---><br />
<M> IPv4 connection tracking support (required for NAT)<br />
[*] proc/sysctl compatibility with old connectiion tracking<br />
<br />
<M> Full NAT<br />
<M> MASQUERADE target support<br />
<M> NETMAP target support<br />
<M> REDIRECT target support<br />
< > Basic SNMP-ALG support<br />
</pre><br />
}}<br />
</span><br />
<br />
{{Note|You can also add other IP tables like ''nat'' and ''mangle'' or new firewall rule options like ''LOG'' or ''REJECT'' in Netfilter page of the Linux configuration menu.}}<br />
<br />
* Now you can rebuild Linux:<br />
<pre class="host"><br />
$ make linux26-clean<br />
$ make linux26<br />
$ make<br />
</pre><br />
<br />
====Buildroot====<br />
* In the BSP directory, launch the Buildroot configuration menu:<br />
<pre class="host"><br />
$ make menuconfig<br />
</pre><br />
<br />
* Select the following packages for IPTables to be installed on target:<br />
<pre class="config"><br />
Package selection for the target ---><br />
[*] Networking ---><br />
[*] iptables<br />
</pre><br />
<br />
* Then rebuild Buildroot to generate the rootfs:<br />
<pre class="host"><br />
$ make<br />
</pre><br />
<br />
===IPTables usage===<br />
* To learn how to use IPTables to define firewall chains and rules, please refer to the [http://doc.ubuntu-fr.org/iptables Linux Ubuntu Documentation - IPTables].<br />
<br />
* You may also want to define routing rules with the command ''route''. You can refer to the [http://doc.ubuntu-fr.org/routage Linux Ubuntu Documentation - routage] to use it.<br />
<br />
===Test IPTables on [[APF27 PPS]]===<br />
To test IPTables on the target, we will implement a NAT router in the system and use it as a gateway through two computers.<br />
<br />
* First you have to enable full NAT and masquerading functionalities in Linux Kernel for your target. Please refer to the [[#Full_NAT_router|Note for full NAT installation]] to set up these options and then rebuild Linux:<br />
<pre class="host"><br />
$ make linux26-clean<br />
$ make linux26<br />
$ make<br />
</pre><br />
<br />
* Flash the new kernel and rootfs binaries on the target.<br />
<br />
* Connect an Ethernet cable from your host Linux to the Ethernet port of the target. <br />
And connect the USB A-MiniA cable from your host Linux to your target USB OTG port.<br />
<br />
* Then you have to activate the target network interface for Ethernet and [[USB Gadget]]:<br />
<pre class="apf"><br />
# ifconfig eth0 192.168.0.208<br />
<br />
# modprobe -r smsc95xx<br />
# modprobe -r g_ether<br />
# modprobe g_ether<br />
# ifconfig usb0 192.168.2.251<br />
Freescale High-Speed USB SOC Device Controller driver (Apr 20, 2007)<br />
ULPI OTG Vendor ID 0x4cc Product ID 0x1504<br />
g_ether gadget: using random self ethernet address<br />
g_ether gadget: using random host ethernet address<br />
usb0: MAC f6:cf:00:56:1b:64<br />
usb0: HOST MAC be:60:d1:56:89:fc<br />
g_ether gadget: Ethernet Gadget, version: Memorial Day 2008<br />
g_ether gadget: g_ether ready<br />
fsl-usb2-udc: bind to driver g_ether<br />
g_ether gadget: high speed config #1: CDC Ethernet (ECM)<br />
</pre><br />
<br />
* As the USB gadget interface is connected, you must see the network ''Auto USB'' in your host's ''Network Connections''.<br />
** If you want to make your [[APF27 PPS]] a gateway, you have to use two differents sub-networks for your private network (your computer and the USB gadget interface) and for the remote network (the remote computer and the Ethernet interface).<br />
** Edit then the ''Auto USB'' network to configure it:<br />
*** The '''IP address''' must be in the same sub-network as the USB Gadget interface : for instance 192.168.2.225.<br />
*** The '''Netmask''' : 255.255.255.0<br />
*** The '''Gateway''' is your target's USB Gadget interface : here 192.168.2.251.<br />
*** A '''DNS server''': if you want to browse on Internet through the target. For instance 192.168.0.207.<br />
*** '''Search domains''': For instance armadeus-office.<br />
** Then disconnect your host PC and reconnect to the ''Auto USB'' network.<br />
<br />
* Add the ''default'' route to be able to go on the Internet:<br />
<pre class="apf"><br />
# route add default gw 192.168.0.1 eth0<br />
</pre><br />
<br />
* Configure the IP Advanced router to be able to forward the packets through the target:<br />
<pre class="apf"><br />
# echo "1" > /proc/sys/net/ipv4/ip_forward<br />
</pre><br />
<br />
* Then you have to create the rules for the NAT router/firewall with iptables:<br />
<pre class="apf"><br />
# iptables -P INPUT ACCEPT<br />
# iptables -F INPUT <br />
# iptables -P OUTPUT ACCEPT<br />
# iptables -F OUTPUT <br />
# iptables -P FORWARD DROP<br />
# iptables -F FORWARD <br />
# iptables -t nat -F<br />
nf_conntrack version 0.5.0 (1024 buckets, 4096 max)<br />
<br />
# iptables -A FORWARD -i eth0 -o usb0 -m state --state ESTABLISHED,RELATED -j ACCEPT<br />
# iptables -A FORWARD -i usb0 -o eth0 -j ACCEPT<br />
# iptables -A FORWARD -j LOG<br />
<br />
# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE<br />
</pre><br />
<br />
* To test the gateway is correctly working, you can ping on the different interface and on the remote computer from your host:<br />
<pre class="host"><br />
$ ping 192.168.2.251<br />
PING 192.168.2.251 (192.168.2.251) 56(84) bytes of data.<br />
64 bytes from 192.168.2.251: icmp_seq=1 ttl=64 time=0.736 ms<br />
<br />
$ ping 192.168.0.208<br />
PING 192.168.0.208 (192.168.0.208) 56(84) bytes of data.<br />
64 bytes from 192.168.0.208: icmp_seq=1 ttl=64 time=0.719 ms<br />
<br />
$ ping 192.168.0.1<br />
PING 192.168.0.1 (192.168.0.1) 56(84) bytes of data.<br />
64 bytes from 192.168.0.1: icmp_seq=1 ttl=63 time=1.60 ms<br />
<br />
$ ping REMOTE_ADDRESS<br />
</pre><br />
<br />
* If you have configured your network with a DNS server, you can even ping or browse an URL address on the Internet:<br />
<pre class="host"><br />
$ ping www.yahoo.fr<br />
PING any-rc.a01.yahoodns.net (87.248.120.148) 56(84) bytes of data.<br />
64 bytes from w2.rc.vip.ch1.yahoo.com (87.248.120.148): icmp_seq=1 ttl=49 time=90.3 ms<br />
</pre><br />
<br />
{{Note|If you have the IPSec activated on the remote computer and on your target, you can also securize the connection to the remote computer.<br />
On the remote computer, put the file /etc/ipsec-tools.conf and run the command:<br />
<pre class="host"><br />
$ sudo /etc/init.d/setkey start<br />
* Flushing IPsec SA/SP database: [ OK ]<br />
</pre><br />
On your target, run:<br />
<pre class="apf"><br />
# setkey -f /etc/ipsec-tools.conf<br />
</pre><br />
Then you can check with Wireshark that all datas going through the securized connection are well encrypted.<br />
}}<br />
<br />
==Links==<br />
* [https://help.ubuntu.com/community/IPSecHowTo IPSec HowTo Documentation]<br />
* [http://doc.ubuntu-fr.org/iptables IPTables Ubuntu Documentation]<br />
* [http://doc.ubuntu-fr.org/routage Routing Ubuntu Documentation]</div>JeremieShttp://armadeus.org/wiki/index.php?title=USB_Gadget&diff=9331USB Gadget2011-01-10T15:28:55Z<p>JeremieS: /* To emulate an Ethernet link */</p>
<hr />
<div>Instructions on how to use the USB device (or OTG) port of your Armadeus board to communicate with your PC; ie see your board from your PC like an USB device.<br />
<br />
==Introduction==<br />
<br />
You can connect your APF board to your PC using its USB Device port ([[APF9328DevFull]]), a modified USB host port ([[APF27Dev]]), or an USB OTG port ([[APF27 PPS]]), and it can be "enumerated" as most common USB devices (depending on the type of communication you want to use):<br />
* serial device<br />
* net device<br />
* mass storage device<br />
<br />
=== Hardware/software specifics for the APF27dev and APF27 PPS boards ===<br />
At first, an USB A male / A male cable has to be used like this one: http://fr.farnell.com/pro-signal/psg90024/lead-usb-2-0-am-am-2m-black/dp/1494745<br />
<br />
Do not use USB cable with integrated ferrite bead !!<br />
<br />
The APF27dev board is equipped with two USB host ports. Only the high speed Host port (top connector) can be configured as an USB Device.<br />
<br />
In order to activate the device mode, a new parameter has to be added to the U-Boot console variable:<br />
BIOS> setenv console console=ttySMX0,115200 otg_mode=device<br />
BIOS> saveenv<br />
BIOS> boot<br />
<br />
Your port will now work as an USB device.<br />
<br />
{{Warning|DO NOT CONNECT TWO HOST PORTS TOGETHER AND TAKE CARE TO USE THE RIGHT USB PORT ON THE APF27DEV !!}}<br />
<br />
==Installation==<br />
<br />
* The drivers are now installed by default (since armadeus-3.0)<br />
* you should have following modules in your kernel source tree:<br />
'''drivers/usb/gadget/gadgetfs.ko''' For test<br />
'''drivers/usb/gadget/g_ether.ko''' Ethernet emulation on USB<br />
'''drivers/usb/gadget/g_file_storage.ko''' Mass storage<br />
'''drivers/usb/gadget/g_serial.ko''' Serial emulation on USB<br />
'''drivers/usb/gadget/g_zero.ko''' For test<br />
<br />
==Usage==<br />
<br />
===To emulate a mass storage device:===<br />
* [[USB_Gadget#Links |create]] or get a "backing storage file" ([http://dl.free.fr/q9IKqqweK for example])<br />
* copy this file (uncompressed) in the '''/tmp''' directory of your board (here my Host PC has 192.168.0.20 as IP @):<br />
<pre class="apf"><br />
# tftp -g -r backing_file.gz -l /tmp/backing_file.gz 192.168.0.20<br />
# gunzip /tmp/backing_file.gz<br />
</pre><br />
* load ''g_file_storage'' module:<br />
<pre class="apf"><br />
# modprobe g_file_storage file=/tmp/backing_file<br />
g_file_storage gadget: File-backed Storage Gadget, version: 28 November 2005<br />
g_file_storage gadget: Number of LUNs=1<br />
g_file_storage gadget-lun0: ro=0, file: /tmp/backing_file<br />
</pre><br />
* connect target's USB cable to your PC and, <br />
On your Linux Host:<br />
* If you have a recent Linux distribution, your device should be automatically mounted. Otherwise:<br />
** as root, launch ''dmesg'' and find the ''/dev/sdaX'' device assigned to your board:<br />
... usb 1-1.4: new full speed USB device using uhci_hcd and address 7<br />
... usb 1-1.4: configuration #1 chosen from 1 choice<br />
... scsi1 : SCSI emulation for USB Mass Storage devices<br />
... Vendor: Linux Model: File-Stor Gadget Rev: 0314<br />
... Type: Direct-Access ANSI SCSI revision: 02<br />
... SCSI device sda: 8192 512-byte hdwr sectors (4 MB)<br />
... sda: Write Protect is off<br />
... SCSI device sda: 8192 512-byte hdwr sectors (4 MB)<br />
... sda: Write Protect is off<br />
... sda: sda1<br />
... sd 1:0:0:0: Attached scsi disk sda<br />
... sd 1:0:0:0: Attached scsi generic sg0 type 0<br />
*<br />
** then mount the device and enjoy file sharing:<br />
<pre class="host"><br />
$ sudo mount /dev/sda1 /mnt/tmp<br />
$ cd /mnt/tmp<br />
$ showimage /mnt/tmp/test.jpg<br />
</pre><br />
<br />
===To emulate a serial link===<br />
* On your Host PC:<br />
<pre class="host"><br />
$ sudo modprobe usbserial vendor=0x0525 product=0xA4A6<br />
</pre><br />
or you can automate it by modifying ''/etc/modprobe.d/options'' file (Tested on *Ubuntu):<br />
<pre class="host"><br />
$ sudo vim /etc/modprobe.d/options<br />
...<br />
options usbserial vendor=0x0525 product=0xA4A6<br />
</pre><br />
* on your APF:<br />
<pre class="apf"><br />
# mknod /dev/ttyGS0 c 249 0 (if not already existing)<br />
# modprobe g_serial<br />
g_serial gadget: Gadget Serial v2.4<br />
g_serial gadget: g_serial ready<br />
fsl-usb2-udc: bind to driver g_serial<br />
g_serial gadget: high speed config #2: CDC ACM config<br />
</pre><br />
* then connect the USB cable between your PC and your APF and you should see on your Host:<br />
<pre class="host"><br />
$ tail -f /var/log/messages<br />
Sep 27 10:06:38 ... usb 2-1.3: new high speed USB device using ehci_hcd and address 14<br />
Sep 27 10:06:38 ... usb 2-1.3: configuration #2 chosen from 1 choice<br />
Sep 27 10:06:38 ... cdc_acm 2-1.3:2.0: ttyACM0: USB ACM device<br />
Sep 27 10:06:38 ... usbcore: registered new interface driver cdc_acm<br />
Sep 27 10:06:38 ... cdc_acm: v0.26:USB Abstract Control Model driver for USB modems and ISDN adapters<br />
</pre><br />
* you should now be able to send/receive data through ''/dev/ttyACM0'' (PC) and ''/dev/ttyGS0'' (APF):<br />
<pre class="apf"><br />
# cat /dev/ttyGS0<br />
</pre><br />
<pre class="host"><br />
[armadeus]$ echo "COUCOU" > /dev/ttyACM0<br />
</pre><br />
<pre class="apf"><br />
COUCOU<br />
</pre><br />
<br />
===To emulate an Ethernet link===<br />
* On your Target:<br />
<pre class="apf"><br />
# modprobe g_ether<br />
ether gadget: using random self ethernet address<br />
ether gadget: using random host ethernet address<br />
usb0: Ethernet Gadget, version: May Day 2005<br />
usb0: using imx_udc, OUT ep2out-bulk IN ep1in-bulk STATUS ep4in-int<br />
usb0: MAC be:df:31:95:16:e0<br />
usb0: HOST MAC 3e:86:1e:94:eb:84<br />
usb0: RNDIS ready<br />
</pre><br />
Now an IP address has to be assigned to the USB0 ethernet port <br />
<pre class="apf"><br />
# ifconfig usb0 192.168.10.1<br />
</pre><br />
<br />
<br />
* On your PC:<br />
** On '''Linux''' systems:<pre class="host">$ sudo modprobe cdc_ether</pre><br />
** On '''Windows''' systems: <br/>When the target is detected, you will be asked to give the right driver. <br/>You will find it here: [http://www.armadeus.com/_downloads/apf27_PPS/windrivers/ APF27 PPS Windrivers].<br />
<br />
==Links==<br />
<br />
* http://www.linux-usb.org/gadget/<br />
* http://www.linux-usb.org/usbtest/#gadgets<br />
* http://www.linux-usb.org/gadget/file_storage.html<br />
* http://lxr.linux.no/source/Documentation/usb/gadget_serial.txt<br />
* [[Serial_Transfer]]<br />
* http://www.linux-usb.org/usbnet/<br />
* http://wiki.gp2x.org/wiki/UsbNet_on_Linux<br />
<br />
[[Category:Linux drivers]]<br />
[[Category:USB]]</div>JeremieShttp://armadeus.org/wiki/index.php?title=SSH&diff=9324SSH2011-01-07T13:30:42Z<p>JeremieS: Connection with public/private key</p>
<hr />
<div>Secure Shell or SSH is a network protocol that allows data to be exchanged over a secure channel between two computers. Encryption provides confidentiality and integrity of data. SSH uses public-key cryptography to authenticate the remote computer and allow the remote computer to authenticate the user, if necessary.<br><br />
In short, SSH allows you to connect to your board from a remote PC using a secured/encrypted Ethernet connection.<br />
<br />
==Dropbear==<br />
<br />
===Setup===<br />
We use the lightweight Dropbear SSH server. To install it on your rootfs, launch Buildroot configuration:<br />
<pre class="host"><br />
$ make menuconfig<br />
</pre><br />
<pre class="config"><br />
Package Selection for the target ---><br />
[*] Networking ---><br />
[*] dropbear<br />
</pre><br />
<br />
Then rebuild your system and reflash your board.<br />
<pre class="host"><br />
$ make<br />
</pre><br />
<br />
===Usage===<br />
* If you have reflashed your rootfs with dropbear installed, then at first startup it should generates your private and public keys:<br />
<pre class="apf"><br />
Generating RSA Key...<br />
Will output 1024 bit rsa secret key to '/etc/dropbear/dropbear_rsa_host_key'<br />
Generating key, this may take a while...<br />
Public key portion is:<br />
ssh-rsa ........<br />
Fingerprint: md5 82:a2:a3:65:8c:e4:2b:ec:35:27:03:23:2c:f8:91:e9<br />
Generating DSS Key...<br />
Will output 1024 bit dss secret key to '/etc/dropbear/dropbear_dss_host_key'<br />
Generating key, this may take a while...<br />
Public key portion is:<br />
ssh-dss <br />
........<br />
Fingerprint: md5 43:4d:e6:52:df:6b:1f:c3:93:e9:49:e3:92:e7:a1:b2<br />
Starting dropbear sshd:<br />
</pre><br />
<br />
====Connection with password====<br />
* Be sure to have setup a root password on your board. '''If not then:'''<br />
<pre class="apf"><br />
# passwd<br />
Changing password for root<br />
Enter the new password (minimum of 5, maximum of 8 characters)<br />
Please use a combination of upper and lower case letters and numbers.<br />
Enter new password: *****<br />
Re-enter new password: ******<br />
Password changed.<br />
</pre><br />
<br />
* To test your SSH connection, then on your PC launch (replace 192.168.0.3 with your board IP):<br />
<pre class="host"><br />
[armadeus] $ ssh root@192.168.0.3<br />
The authenticity of host '192.168.0.3 (192.168.0.3)' can't be established.<br />
RSA key fingerprint is 82:a2:a3:65:8c:e4:2b:xx:xx:xx:xx:xx:2c:f8:91:e9.<br />
Are you sure you want to continue connecting (yes/no)? yes<br />
Warning: Permanently added '192.168.0.3' (RSA) to the list of known hosts.<br />
</pre><br />
<pre class="apf"><br />
root@192.168.0.3's password:<br />
<br />
BusyBox v1.2.2 (2007.06.25-15:53+0000) Built-in shell (ash)<br />
Enter 'help' for a list of built-in commands.<br />
#<br />
</pre><br />
<br />
====Connection with public/private key====<br />
You can also connect to your system without needing a password.<br />
You only have to let the system know your host's public SSH key.<br />
<br />
* First, in directory ''/root'', on your system, if you don't have a directory ''.ssh'', create it:<br />
<pre class="apf"><br />
# mkdir /root/.ssh<br />
</pre><br />
<br />
* Then you must give it the correct rights:<br />
<pre class="apf"><br />
# chmod 750 /root/.ssh<br />
</pre><br />
<br />
* Now, if not already existing, create the file ''authorized_keys'' in ''/root/.ssh'':<br />
<pre class="apf"><br />
# touch /root/.ssh/authorized_keys<br />
</pre><br />
<br />
* Edit the file ''authorized_keys'' (with '''nano''' for instance) and copy-paste in it your host computer's public key contained in the file ''~/.ssh/id_dsa.pub''.<br />
<br />
* You can test your SSH connection by running the following command on your host PC (replace 192.168.0.3 with your board IP):<br />
<pre class="host"><br />
$ ssh root@192.168.0.3<br />
The authenticity of host '192.168.0.10 (192.168.0.10)' can't be established.<br />
RSA key fingerprint is 7c:4b:e4:9c:6d:ea:6d:ca:ed:36:39:26:91:f9:82:30.<br />
Are you sure you want to continue connecting (yes/no)? yes<br />
Warning: Permanently added '192.168.0.10' (RSA) to the list of known hosts.<br />
</pre><br />
<br />
==OpenSSH==<br />
<br />
OpenSSH is a tool that allows securized communications between two computers. It can be used to create a securized tunnel between two ports of the connected computers. All datas that go through this tunnel are encrypted.<br />
<br />
===Setup===<br />
<br />
====Host PC (Ubuntu)====<br />
* First you have to install telnetd to accept telnet connection from target and Wireshark, a network scanning tool, to check the data encryption :<br />
<pre class="host"><br />
$ sudo apt-get install telnetd <br />
$ sudo /etc/init.d/xinetd restart<br />
$ sudo apt-get install wireshark <br />
</pre><br />
<br />
* Then install OpenSSH server if necessary :<br />
<pre class="host"><br />
$ sudo apt-get install openssh-server openssl<br />
</pre><br />
<br />
* You now have to configure your OpenSSH server to accept connections from the securized port you will use to mask the real host port over SSH connection.<br />
To do that, you have to add the port to the file ''/etc/ssh/sshd_config''.<br />
For instance, we choose the port 32490:<br />
<pre class="host"><br />
# Package generated configuration file<br />
# See the sshd(8) manpage for details<br />
<br />
# What ports, IPs and protocols we listen for<br />
Port 22<br />
'''Port 32490'''<br />
# Use these options to restrict which interfaces/protocols sshd will bind to<br />
#ListenAddress ::<br />
#ListenAddress 0.0.0.0<br />
Protocol 2<br />
# HostKeys for protocol version 2<br />
HostKey /etc/ssh/ssh_host_rsa_key<br />
HostKey /etc/ssh/ssh_host_dsa_key<br />
#Privilege Separation is turned on for security<br />
UsePrivilegeSeparation yes<br />
</pre><br />
<br />
====Target (APF27)====<br />
The OpenSSH and OpenSSL packages must be selected in Buildroot (if not done by default).<br />
<br />
* First launch the Buildroot menu configuration:<br />
<pre class="host"><br />
$ make menuconfig<br />
</pre><br />
<br />
* Then select the packages:<br />
<pre class="config"><br />
Package Selection for the target ---><br />
[*] Networking ---><br />
[*] openssh<br />
-*- openssl<br />
[*] openssl binary<br />
[ ] openssl additional engines<br />
</pre><br />
<br />
* And compile your Buildroot with the command:<br />
<pre class="host"><br />
$ make<br />
</pre><br />
<br />
===Create SSH tunnel===<br />
* On the target, run the following command to create the tunnel between the two machines:<br />
<pre class="apf"><br />
# ssh -fN -L $TARGET_PORT:localhost:$HOST_PORT -C $USERNAME@$HOSTNAME -p $VIRTUALPORT<br />
</pre><br />
Enter then the password to connect to your host.<br />
<br />
* For instance, if you want to securize the Telnet port 23 toward the address toto@192.168.0.210 with the virtual port 32490:<br />
<pre class="apf"><br />
# ssh -fN -L 23:localhost:23 -C toto@192.168.0.210 -p 32490<br />
jeremie@192.168.0.225's password: <br />
#<br />
</pre><br />
<br />
===Test the tunnel===<br />
* To check that datas are correctly encrypted through the tunnel, launch Wireshark on your host PC and put a capture filter on your host address:<br />
<pre class="host"><br />
$ sudo wireshark<br />
</pre><br />
<br />
* If you have securized a Telnet port, you can try to establish a connection between the system and your host with Telnet. <br />
Run the following command on your system:<br />
<pre class="apf"><br />
# telnet localhost<br />
<br />
Entering character mode<br />
Escape character is '^]'.<br />
<br />
Ubuntu 9.10<br />
laptop-jeremie-ubuntu login: <br />
<br />
Password: <br />
Last login: Tue Dec 21 15:01:50 CET 2010 from localhost on pts/6<br />
Linux laptop-jeremie-ubuntu 2.6.31-20-generic-pae #58-Ubuntu SMP Fri Mar 12 06:25:51 UTC 2010 i686<br />
<br />
To access official Ubuntu documentation, please visit:<br />
http://help.ubuntu.com/<br />
</pre><br />
You have to connect to localhost because SSH will automatically redirect it to the address you specified when creating the tunnel.<br />
<br />
* When you enter the password to connect to your host, check in Wireshark that you can't see the protocol name (Telnet in our example) nor the password in the datagrams. You must only see the TCP protocol and crypted datas.<br />
<br />
{{Note|If you use an [[APF27 PPS]] configured board, you can use the script ''test_ssh_tunnel.sh'' to test the OpenSSH tunnel.}}<br />
<br />
==Links==<br />
* http://en.wikipedia.org/wiki/Secure_shell<br />
* [http://matt.ucc.asn.au/dropbear/dropbear.html Dropbear Webpage]<br />
* [[Telnet | Unsecured remote access with Telnet protocol]]<br />
* [http://www.openssh.com/ OpenSSH Webpage]<br />
* [http://www.wireshark.org/ Wireshark Webpage]<br />
<br />
[[Category:Network]]<br />
[[Category:Security]]</div>JeremieShttp://armadeus.org/wiki/index.php?title=APF27_PPS&diff=9323APF27 PPS2011-01-07T13:10:36Z<p>JeremieS: /* SSH terminal */</p>
<hr />
<div>==Description==<br />
PPS is an Armadeus System's baseboard for the [[APF27]] module. It can be used to implement and securize network applications such as routers and gateways.<br />
<br />
{|border=0 summary="Photos"<br />
|----------------<br />
| [[Image:PPS_recto.jpeg|center|thumb|200px|Front side, you can see dual Ethernet, USB 2.0 Host & OTG, WiFi Antenna, extension connector footprint and power supply]]<br />
|| [[Image:PPS_verso.jpeg|center|thumb|200px|Back side, with an APF27 module plugged-in]]<br />
<br />
|}<br />
<br />
==Resources==<br />
* [http://www.armadeus.com/english/products-development_boards-apf27_pps.html Product page on Armadeus Systems website]<br />
* [http://www.armadeus.com/_downloads/apf27_PPS/hardware/pps_v10.pdf Schematics]<br />
* [http://www.armadeus.com/_downloads/apf27_PPS/documentation/pps_datasheet_v0A.pdf Datasheet]<br />
<br />
==Software features==<br />
There are some network applications/features that are preselected in the PPS baseboard default configuration:<br />
* Encryption / Security<br />
** [[SSH|OpenSSH]]<br />
** [[IPSec / IPTables]]<br />
* [[USB Gadget#To emulate an Ethernet link|USB Ethernet gadget support]]<br />
* [[USB Gadget#To emulate a serial link|USB RS232 gadget support]]<br />
* [[USB to Ethernet adapter|SMSC USB to Ethernet Adapter]]<br />
* [[Boa|Boa Web Server]]<br />
* [[WiFi|Wireless tools]] (for securized WiFi with WEP encryption)<br />
* [[WPA supplicant]] (for securized WiFi with WPA/WPA2 encryption)<br />
<br />
{{Note|You can also use the PPS test scripts located in ''/usr/local/pps/scripts'' on the system to test some software functionalities.}}<br />
<br />
==SSH terminal==<br />
The APF27 PPS filesystem is configured to enable SSH connection from a host computer.<br />
It allows you to access a command terminal of the system through the Ethernet ports.<br />
<br />
* The default connection informations are:<br />
** '''IP address''': 192.168.0.10<br />
** '''Login''': guest<br />
** '''Password''': armadeus<br />
<br />
* Then you can connect to your system by running the following command on your host:<br />
<pre class="host"><br />
$ ssh guest@192.168.0.10<br />
</pre><br />
<br />
* For more details, refer to the [[SSH#Dropbear|SSH - Dropbear page]] in the Wiki.<br />
<br />
==Feature list==<br />
<br />
{| border="0" cellpadding="5" cellspacing="5" summary="Hardware Add-Ons by functionnalities"<br />
|----------------<br />
|- style="background:#f4f4f4; color:black; -moz-border-radius:18px;"<br />
|<br />
<br />
===Wired communication===<br />
* [[Uart|UART]]<br />
* [[SPI]]<br />
* [[I2C]]<br />
* [[USB Host]]<br />
* USB OTG<br />
* Ethernet<br />
<br />
===Wireless communication===<br />
* [[Wifi|Wifi (b/g)]]<br />
* [[Libertas driver|Wi2Wi chipset]] (see [[Libertas driver#Wi2Wi chipset|Wi2Wi Section]])<br />
<br />
||<br />
<br />
===Other===<br />
* [[PWM]]: PWM output is on J22 pin 4 <br>(2.8V output, if configured as output)<br />
* [[GPIO Driver]]<br />
* [[JTAG]]<br />
<br />
||<br />
<br />
===FPGA===<br />
* [[Using FPGA]]<br />
<br />
[[Category:DevelopmentBoards]]<br />
[[Category:Hardware]]</div>JeremieShttp://armadeus.org/wiki/index.php?title=APF27_PPS&diff=9322APF27 PPS2011-01-07T13:10:00Z<p>JeremieS: SSH terminal</p>
<hr />
<div>==Description==<br />
PPS is an Armadeus System's baseboard for the [[APF27]] module. It can be used to implement and securize network applications such as routers and gateways.<br />
<br />
{|border=0 summary="Photos"<br />
|----------------<br />
| [[Image:PPS_recto.jpeg|center|thumb|200px|Front side, you can see dual Ethernet, USB 2.0 Host & OTG, WiFi Antenna, extension connector footprint and power supply]]<br />
|| [[Image:PPS_verso.jpeg|center|thumb|200px|Back side, with an APF27 module plugged-in]]<br />
<br />
|}<br />
<br />
==Resources==<br />
* [http://www.armadeus.com/english/products-development_boards-apf27_pps.html Product page on Armadeus Systems website]<br />
* [http://www.armadeus.com/_downloads/apf27_PPS/hardware/pps_v10.pdf Schematics]<br />
* [http://www.armadeus.com/_downloads/apf27_PPS/documentation/pps_datasheet_v0A.pdf Datasheet]<br />
<br />
==Software features==<br />
There are some network applications/features that are preselected in the PPS baseboard default configuration:<br />
* Encryption / Security<br />
** [[SSH|OpenSSH]]<br />
** [[IPSec / IPTables]]<br />
* [[USB Gadget#To emulate an Ethernet link|USB Ethernet gadget support]]<br />
* [[USB Gadget#To emulate a serial link|USB RS232 gadget support]]<br />
* [[USB to Ethernet adapter|SMSC USB to Ethernet Adapter]]<br />
* [[Boa|Boa Web Server]]<br />
* [[WiFi|Wireless tools]] (for securized WiFi with WEP encryption)<br />
* [[WPA supplicant]] (for securized WiFi with WPA/WPA2 encryption)<br />
<br />
{{Note|You can also use the PPS test scripts located in ''/usr/local/pps/scripts'' on the system to test some software functionalities.}}<br />
<br />
==SSH terminal==<br />
The APF27 PPS filesystem is configured to enable SSH connection from a host computer.<br />
It allows you to access a command terminal of the system through the Ethernet ports.<br />
<br />
* The default connection informations are:<br />
** '''IP address''': 192.168.0.10<br />
** '''Login''': guest<br />
** '''Password''': armadeus<br />
<br />
* Then you can connect to your system by running the following command on your host:<br />
<pre class="host"><br />
$ ssh guest@192.168.0.10<br />
</pre><br />
<br />
* For more details, refer to the [[SSH#Dropbear|SSH - Dropbear page] in the Wiki.<br />
<br />
==Feature list==<br />
<br />
{| border="0" cellpadding="5" cellspacing="5" summary="Hardware Add-Ons by functionnalities"<br />
|----------------<br />
|- style="background:#f4f4f4; color:black; -moz-border-radius:18px;"<br />
|<br />
<br />
===Wired communication===<br />
* [[Uart|UART]]<br />
* [[SPI]]<br />
* [[I2C]]<br />
* [[USB Host]]<br />
* USB OTG<br />
* Ethernet<br />
<br />
===Wireless communication===<br />
* [[Wifi|Wifi (b/g)]]<br />
* [[Libertas driver|Wi2Wi chipset]] (see [[Libertas driver#Wi2Wi chipset|Wi2Wi Section]])<br />
<br />
||<br />
<br />
===Other===<br />
* [[PWM]]: PWM output is on J22 pin 4 <br>(2.8V output, if configured as output)<br />
* [[GPIO Driver]]<br />
* [[JTAG]]<br />
<br />
||<br />
<br />
===FPGA===<br />
* [[Using FPGA]]<br />
<br />
[[Category:DevelopmentBoards]]<br />
[[Category:Hardware]]</div>JeremieShttp://armadeus.org/wiki/index.php?title=APF27_PPS&diff=9293APF27 PPS2010-12-23T15:19:20Z<p>JeremieS: /* Software features */</p>
<hr />
<div>==Description==<br />
This is the Armadeus System's PPS board/baseboard for the [[APF27]] module.<br />
This board can be used to implement and securize network applications such as routers and gateways.<br />
<br />
==Resources==<br />
* [http://www.armadeus.com/english/products-development_boards-apf27_pps.html Product page]<br />
* [http://www.armadeus.com/_downloads/apf27_PPS/hardware/pps_v10.pdf Schematics]<br />
* [http://www.armadeus.com/_downloads/apf27_PPS/documentation/pps_datasheet_v0A.pdf Datasheet]<br />
<br />
==Software features==<br />
There are some network applications features that are preselect in the PPS board/baseboard configuration:<br />
* Encryption / Security<br />
** [[SSH|OpenSSH]]<br />
** [[IPSec / IPTables]]<br />
* [[USB Gadget#To emulate an Ethernet link|USB Ethernet gadget support]]<br />
* [[USB Gadget#To emulate a serial link|USB RS232 gadget support]]<br />
* [[USB to Ethernet adapter|SMSC USB to Ethernet Adapter]]<br />
* [[Boa|Boa Web Server]]<br />
* [[WiFi|Iwconfig (for Wifi securized with WEP encryption)]]<br />
* [[WPA supplicant|WPA Supplicant (for Wifi securized with WPA/WPA2 encryption)]]<br />
<br />
{{Note|You can also use the PPS test scripts located in ''/usr/local/pps/scripts'' on the system to test some software functionalities.}}<br />
<br />
==Feature list==<br />
<br />
{| border="0" cellpadding="5" cellspacing="5" summary="Hardware Add-Ons by functionnalities"<br />
|----------------<br />
|- style="background:#f4f4f4; color:black; -moz-border-radius:18px;"<br />
|<br />
<br />
===Wired communication===<br />
* [[Uart|UART]]<br />
* [[SPI]]<br />
* [[I2C]]<br />
* [[USB Host]]<br />
* USB OTG<br />
* Ethernet<br />
<br />
===Wireless communication===<br />
* [[Wifi|Wifi (b/g)]]<br />
* [[Libertas driver|Wi2Wi chipset]] (see [[Libertas driver#Wi2Wi chipset|Wi2Wi Section]])<br />
<br />
||<br />
<br />
===Other===<br />
* [[PWM]]: PWM output is on J22 pin 4 <br>(2.8V output, if configured as output)<br />
* [[GPIO Driver]]<br />
* [[JTAG]]<br />
<br />
||<br />
<br />
===FPGA===<br />
* [[Using FPGA]]<br />
<br />
[[Category:DevelopmentBoards]]<br />
[[Category:Hardware]]</div>JeremieShttp://armadeus.org/wiki/index.php?title=IPSec_/_IPTables&diff=9292IPSec / IPTables2010-12-23T14:29:33Z<p>JeremieS: /* Test IPTables on APF27 PPS */</p>
<hr />
<div>IPSec and IPTables are network tools that can be used together to create a VPN between two computers. IPSec securizes the connection as IPTables do the packets routing. The [[APF27 PPS]] board is optimized to use these tools.<br />
<br />
==IPSec==<br />
IPSec is a protocol that securizes IP communications by authenticating and crypting packets from IP address to another, over all computer ports.<br />
<br />
===Setup===<br />
<br />
====Host PC (Ubuntu)====<br />
* You need to install the ipsec-tools package on your host:<br />
<pre class="host"><br />
$ sudo apt-get install ipsec-tools<br />
</pre><br />
<br />
* Give the file ''/etc/ipsec-tools.conf'' the access rights 700:<br />
<pre class="host"><br />
$ sudo chmod 700 /etc/ipsec-tools.conf<br />
</pre><br />
<br />
* Then edit this file and define the IPSec keys like that:<br />
<pre class="host"><br />
<br />
#!/usr/sbin/setkey -f <br />
<br />
# NOTE: Do not use this file if you use racoon with racoon-tool <br />
# utility. racoon-tool will setup SAs and SPDs automatically using <br />
# /etc/racoon/racoon-tool.conf configuration. <br />
# <br />
<br />
## Flush the SAD and SPD <br />
# <br />
flush; <br />
spdflush; <br />
<br />
# Attention: Use this keys only for testing purposes! <br />
# Generate your own keys! <br />
<br />
# AH SAs using 128 bit long keys <br />
add 192.168.0.211 192.168.0.208 ah 0x200 -A hmac-md5 <br />
0xc0291ff014dccdd03874d9e8e4cdf3e6; <br />
<br />
add 192.168.0.208 192.168.0.211 ah 0x300 -A hmac-md5 <br />
0x96358c90783bbfa3d7b196ceabe0536b; <br />
<br />
# ESP SAs using 192 bit long keys (168 + 24 parity) <br />
<br />
add 192.168.0.211 192.168.0.208 esp 0x201 -E 3des-cbc <br />
0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831; <br />
add 192.168.0.208 192.168.0.211 esp 0x301 -E 3des-cbc <br />
0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df; <br />
<br />
<br />
# Security policies <br />
spdadd 192.168.0.211 192.168.0.208 any -P in ipsec <br />
esp/transport//require <br />
ah/transport//require; <br />
<br />
spdadd 192.168.0.208 192.168.0.211 any -P out ipsec <br />
esp/transport//require <br />
ah/transport//require; <br />
<br />
spdadd 192.168.2.100 192.168.1.100 any -P in ipsec<br />
esp/transport//require<br />
ah/transport//require;<br />
</pre><br />
<br />
{{Note|In this example the host is 192.168.0.211 and the APF27 target is 192.168.0.208 but you must adapt the file to your configuration and create your own keys.}}<br />
<br />
{{Note|To generate a 192 bit key you can use the following command: <pre class="host">dd if=/dev/random count=24 bs=1| xxd -ps</pre>}}<br />
<br />
====Target (APF27)====<br />
<br />
=====Linux=====<br />
There are some drivers you need to install in Linux Kernel to make IPSec work.<br />
<br />
* To configure Linux, go into the BSP directory and run the command:<br />
<pre class="host"><br />
$ make linux26-menuconfig<br />
</pre><br />
<br />
* Select the following drivers to install in Linux configuration menu:<br />
<pre class="config"><br />
[*] Networking support ---> <br />
Networking options ---> <br />
<*> Transformation user configuration interface<br />
<br />
<*> PF_KEY sockets<br />
<br />
<*> IP: AH transformation <br />
<*> IP: ESP transformation <br />
<*> IP: IPComp transformation <br />
<*> IP: IPsec transport mode <br />
<*> IP: IPsec tunnel mode <br />
<*> IP: IPsec BEET mode <br />
<br />
[*] Cryptographic API ---><br />
<*> Null algorithms<br />
<br />
*** Authenticated Encryption with Associated Data ***<br />
<*> CCM support <br />
<*> GCM/GMAC support <br />
<br />
{*} AES cipher algorithms <br />
</pre><br />
<br />
* Then you can rebuild Linux like that:<br />
<pre class="host"><br />
$ make linux26-clean<br />
$ make linux26<br />
$ make<br />
</pre><br />
<br />
=====Buildroot=====<br />
You must install flex and networking packages like [[SSH#OpenSSH|OpenSSH]], OpenSSL and IPSec-tools.<br />
<br />
* First run this command to open the Buildroot configuration menu:<br />
<pre class="host"><br />
$ make menuconfig<br />
</pre><br />
<br />
* Select the following packages in the menu:<br />
<pre class="config"><br />
Package Selection for the target ---> <br />
[*] flex <br />
<br />
[*] Networking <br />
[*] ipsec-tools <br />
[*] Enable racoonctl(8). <br />
[ ] Enable NAT-Traversal <br />
[*] Enable IKE fragmentation.<br />
[*] Enable statistics logging function. <br />
[ ] Enable IPv6 support <br />
[ ] Enable readline input support if available. <br />
[*] Install IPSec libraries under staging_dir/lib<br />
<br />
[*] openssh<br />
-*- openssl <br />
</pre><br />
<br />
{{Note|If you want to use IPSec in a NAT router/firewall, you must enable the NAT-Traversal option:<br />
<pre class="config"><br />
Package Selection for the target ---> <br />
[*] Networking <br />
[*] ipsec-tools <br />
<br />
[*] Enable NAT-Traversal <br />
</pre><br />
}}<br />
<br />
* Then rebuild Buildroot:<br />
<pre class="host"><br />
$ make<br />
</pre><br />
<br />
===Securize the connection===<br />
Once IPSec is installed and configured on both the system and the host, you have to launch it and activate the keys.<br />
<br />
* First on your Host (Ubuntu), you have to reboot the computer or to run the command:<br />
<pre class="host"><br />
$ sudo /etc/init.d/setkey start<br />
* Flushing IPsec SA/SP database: [ OK ]<br />
</pre><br />
If you want to see the generated keys:<br />
<pre class="host"><br />
$ sudo setkey -D<br />
</pre><br />
<br />
* On the target (APF27), you can run the command:<br />
<pre class="apf"><br />
# setkey -f /etc/ipsec-tools.conf<br />
</pre><br />
And you can check the keys with:<br />
<pre class="apf"><br />
# setkey -D<br />
</pre><br />
<br />
===Test IPSec===<br />
* To check that datas are correctly encrypted through the securized connection, launch Wireshark on your host PC and put a capture filter on your host address:<br />
<pre class="host"><br />
$ sudo wireshark<br />
</pre><br />
<br />
* Then you can try to establish a connection between the system and your host with Telnet. <br />
Run the following command on the target:<br />
<pre class="apf"><br />
# telnet -l $USERNAME $HOST_IP<br />
</pre><br />
For instance if you want to connect to computer 192.168.0.225 with the user toto:<br />
<pre class="apf"><br />
# telnet -l toto 192.168.0.225<br />
<br />
Entering character mode<br />
Escape character is '^]'.<br />
<br />
Password: <br />
Last login: Thu Dec 23 14:35:40 CET 2010 from localhost on pts/5<br />
Linux laptop-jeremie-ubuntu 2.6.31-20-generic-pae #58-Ubuntu SMP Fri Mar 12 06:25:51 UTC 2010 i686<br />
<br />
To access official Ubuntu documentation, please visit:<br />
http://help.ubuntu.com/<br />
</pre><br />
You can also connect without the username. When you are asked to fill the username, it will also be encrypted.<br />
<br />
* When you enter the password to connect to your host, check in Wireshark that you can't see the protocol name (Telnet in our example) nor the password in the datagrams. You must only see the ESP protocol and crypted datas.<br />
<br />
{{Note|If you use an [[APF27 PPS]] configured board, you can use the script ''test_ipsec.sh'' to test the OpenSSH tunnel.}}<br />
<br />
==IPTables==<br />
IPTables is a command-line interface to configure Netfilter. It can allow you to set up the chains and rules of routing in the firewall of a computer. It can also be used to access a public domain from a private network by masquerading the private IP address.<br />
<br />
===Setup===<br />
If you want to use IPTables on your system, you have to configure both Buildroot and Linux.<br />
<br />
====Linux====<br />
* In the BSP directory, run this command to launch the Linux configuration menu:<br />
<pre class="host"><br />
$ make linux26-menuconfig<br />
</pre><br />
<br />
* In the menu, select the following drivers or modules:<br />
<pre class="config"><br />
[*] Networking support ---><br />
Networking options ---><br />
[*] TCP/IP networking<br />
[*] IP: multicasting<br />
[*] IP: advanced router<br />
Choose IP: FIB lookup algorithm (choose FIB_HASH if unsure) (FIB_HASH) ---><br />
[ ] IP: policy routing<br />
[ ] IP: equal cost multipath<br />
[ ] IP: verbose route monitoring<br />
<br />
[*] Network packet filtering framework (Netfilter) ---><br />
[*] Advanced netfilter configuration<br />
[*] Bridged IP/ARP packets filtering<br />
Core Netfilter Configuration ---><br />
{*} Netfilter Xtables support (required for ip_tables)<br />
<br />
IP: Netfilter Configuration ---><br />
<M> IP tables support (required for filtering/masq/NAT)<br />
<br />
<M> Packet filtering<br />
<br />
<M> ARP tables support<br />
<M> ARP packet filtering<br />
< > ARP payload mangling<br />
</pre><br />
<br />
<span id="Full_NAT_router"><br />
{{Note| If you want to use your target as a full NAT router and do masquerading, there are some advanced features you must add to Linux Kernel:<br />
<pre class="config"><br />
[*] Networking support ---><br />
Networking options ---><br />
[*] Network packet filtering framework (Netfilter) ---><br />
Core Netfilter Configuration ---><br />
<M> Netfilter connection tracking support<br />
<M> "state" match support<br />
<br />
IP: Netfilter Configuration ---><br />
<M> IPv4 connection tracking support (required for NAT)<br />
[*] proc/sysctl compatibility with old connectiion tracking<br />
<br />
<M> Full NAT<br />
<M> MASQUERADE target support<br />
<M> NETMAP target support<br />
<M> REDIRECT target support<br />
< > Basic SNMP-ALG support<br />
</pre><br />
}}<br />
</span><br />
<br />
{{Note|You can also add other IP tables like ''nat'' and ''mangle'' or new firewall rule options like ''LOG'' or ''REJECT'' in Netfilter page of the Linux configuration menu.}}<br />
<br />
* Now you can rebuild Linux:<br />
<pre class="host"><br />
$ make linux26-clean<br />
$ make linux26<br />
$ make<br />
</pre><br />
<br />
====Buildroot====<br />
* In the BSP directory, launch the Buildroot configuration menu:<br />
<pre class="host"><br />
$ make menuconfig<br />
</pre><br />
<br />
* Select the following packages for IPTables to be installed on target:<br />
<pre class="config"><br />
Package selection for the target ---><br />
[*] Networking ---><br />
[*] iptables<br />
</pre><br />
<br />
* Then rebuild Buildroot to generate the rootfs:<br />
<pre class="host"><br />
$ make<br />
</pre><br />
<br />
===IPTables usage===<br />
* To learn how to use IPTables to define firewall chains and rules, please refer to the [http://doc.ubuntu-fr.org/iptables Linux Ubuntu Documentation - IPTables].<br />
<br />
* You may also want to define routing rules with the command ''route''. You can refer to the [http://doc.ubuntu-fr.org/routage Linux Ubuntu Documentation - routage] to use it.<br />
<br />
===Test IPTables on [[APF27 PPS]]===<br />
To test IPTables on the target, we will implement a NAT router in the system and use it as a gateway through two computers.<br />
<br />
* First you have to enable full NAT and masquerading functionalities in Linux Kernel for your target. Please refer to the [[#Full_NAT_router|Note for full NAT installation]] to set up these options and then rebuild Linux:<br />
<pre class="host"><br />
$ make linux26-clean<br />
$ make linux26<br />
$ make<br />
</pre><br />
<br />
* Flash the new kernel and rootfs binaries on the target.<br />
<br />
* Connect an Ethernet cable from your host Linux to the Ethernet port of the target. <br />
And connect the USB A-MiniA cable from your host Linux to your target USB OTG port.<br />
<br />
* Then you have to activate the target network interface for Ethernet and [[USB Gadget]]:<br />
<pre class="apf"><br />
# ifconfig eth0 192.168.0.208<br />
<br />
# modprobe -r smsc95xx<br />
# modprobe -r g_ether<br />
# modprobe g_ether<br />
# ifconfig usb0 192.168.2.251<br />
Freescale High-Speed USB SOC Device Controller driver (Apr 20, 2007)<br />
ULPI OTG Vendor ID 0x4cc Product ID 0x1504<br />
g_ether gadget: using random self ethernet address<br />
g_ether gadget: using random host ethernet address<br />
usb0: MAC f6:cf:00:56:1b:64<br />
usb0: HOST MAC be:60:d1:56:89:fc<br />
g_ether gadget: Ethernet Gadget, version: Memorial Day 2008<br />
g_ether gadget: g_ether ready<br />
fsl-usb2-udc: bind to driver g_ether<br />
g_ether gadget: high speed config #1: CDC Ethernet (ECM)<br />
</pre><br />
<br />
* As the USB gadget interface is connected, you must see the network ''Auto USB'' in your host's ''Network Connections''.<br />
** If you want to make your [[APF27 PPS]] a gateway, you have to use two differents sub-networks for your private network (your computer and the USB gadget interface) and for the remote network (the remote computer and the Ethernet interface).<br />
** Edit then the ''Auto USB'' network to configure it:<br />
*** The '''IP address''' must be in the same sub-network as the USB Gadget interface : for instance 192.168.2.225.<br />
*** The '''Netmask''' : 255.255.255.0<br />
*** The '''Gateway''' is your target's USB Gadget interface : here 192.168.2.251.<br />
*** A '''DNS server''': if you want to browse on Internet through the target. For instance 192.168.0.207.<br />
*** '''Search domains''': For instance armadeus-office.<br />
** Then disconnect your host PC and reconnect to the ''Auto USB'' network.<br />
<br />
* Add the ''default'' route to be able to go on the Internet:<br />
<pre class="apf"><br />
# route add default gw 192.168.0.1 eth0<br />
</pre><br />
<br />
* Configure the IP Advanced router to be able to forward the packets through the target:<br />
<pre class="apf"><br />
# echo "1" > /proc/sys/net/ipv4/ip_forward<br />
</pre><br />
<br />
* Then you have to create the rules for the NAT router/firewall with iptables:<br />
<pre class="apf"><br />
# iptables -P INPUT ACCEPT<br />
# iptables -F INPUT <br />
# iptables -P OUTPUT ACCEPT<br />
# iptables -F OUTPUT <br />
# iptables -P FORWARD DROP<br />
# iptables -F FORWARD <br />
# iptables -t nat -F<br />
nf_conntrack version 0.5.0 (1024 buckets, 4096 max)<br />
<br />
# iptables -A FORWARD -i eth0 -o usb0 -m state --state ESTABLISHED,RELATED -j ACCEPT<br />
# iptables -A FORWARD -i usb0 -o eth0 -j ACCEPT<br />
# iptables -A FORWARD -j LOG<br />
<br />
# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE<br />
</pre><br />
<br />
* To test the gateway is correctly working, you can ping on the different interface and on the remote computer from your host:<br />
<pre class="host"><br />
$ ping 192.168.2.251<br />
PING 192.168.2.251 (192.168.2.251) 56(84) bytes of data.<br />
64 bytes from 192.168.2.251: icmp_seq=1 ttl=64 time=0.736 ms<br />
<br />
$ ping 192.168.0.208<br />
PING 192.168.0.208 (192.168.0.208) 56(84) bytes of data.<br />
64 bytes from 192.168.0.208: icmp_seq=1 ttl=64 time=0.719 ms<br />
<br />
$ ping 192.168.0.1<br />
PING 192.168.0.1 (192.168.0.1) 56(84) bytes of data.<br />
64 bytes from 192.168.0.1: icmp_seq=1 ttl=63 time=1.60 ms<br />
<br />
$ ping REMOTE_ADDRESS<br />
</pre><br />
<br />
* If you have configured your network with a DNS server, you can even ping or browse an URL address on the Internet:<br />
<pre class="host"><br />
$ ping www.yahoo.fr<br />
PING any-rc.a01.yahoodns.net (87.248.120.148) 56(84) bytes of data.<br />
64 bytes from w2.rc.vip.ch1.yahoo.com (87.248.120.148): icmp_seq=1 ttl=49 time=90.3 ms<br />
</pre><br />
<br />
{{Note|If you have the IPSec activated on the remote computer and on your target, you can also securize the connection to the remote computer.<br />
On the remote computer, put the file /etc/ipsec-tools.conf and run the command:<br />
<pre class="host"><br />
$ sudo /etc/init.d/setkey start<br />
* Flushing IPsec SA/SP database: [ OK ]<br />
</pre><br />
On your target, run:<br />
<pre class="apf"><br />
# setkey -f /etc/ipsec-tools.conf<br />
</pre><br />
Then you can check with Wireshark that all datas going through the securized connection are well encrypted.<br />
}}<br />
<br />
==Links==<br />
* [https://help.ubuntu.com/community/IPSecHowTo IPSec HowTo Documentation]<br />
* [http://doc.ubuntu-fr.org/iptables IPTables Ubuntu Documentation]<br />
* [http://doc.ubuntu-fr.org/routage Routing Ubuntu Documentation]</div>JeremieShttp://armadeus.org/wiki/index.php?title=IPSec_/_IPTables&diff=9291IPSec / IPTables2010-12-23T14:28:50Z<p>JeremieS: /* Linux */</p>
<hr />
<div>IPSec and IPTables are network tools that can be used together to create a VPN between two computers. IPSec securizes the connection as IPTables do the packets routing. The [[APF27 PPS]] board is optimized to use these tools.<br />
<br />
==IPSec==<br />
IPSec is a protocol that securizes IP communications by authenticating and crypting packets from IP address to another, over all computer ports.<br />
<br />
===Setup===<br />
<br />
====Host PC (Ubuntu)====<br />
* You need to install the ipsec-tools package on your host:<br />
<pre class="host"><br />
$ sudo apt-get install ipsec-tools<br />
</pre><br />
<br />
* Give the file ''/etc/ipsec-tools.conf'' the access rights 700:<br />
<pre class="host"><br />
$ sudo chmod 700 /etc/ipsec-tools.conf<br />
</pre><br />
<br />
* Then edit this file and define the IPSec keys like that:<br />
<pre class="host"><br />
<br />
#!/usr/sbin/setkey -f <br />
<br />
# NOTE: Do not use this file if you use racoon with racoon-tool <br />
# utility. racoon-tool will setup SAs and SPDs automatically using <br />
# /etc/racoon/racoon-tool.conf configuration. <br />
# <br />
<br />
## Flush the SAD and SPD <br />
# <br />
flush; <br />
spdflush; <br />
<br />
# Attention: Use this keys only for testing purposes! <br />
# Generate your own keys! <br />
<br />
# AH SAs using 128 bit long keys <br />
add 192.168.0.211 192.168.0.208 ah 0x200 -A hmac-md5 <br />
0xc0291ff014dccdd03874d9e8e4cdf3e6; <br />
<br />
add 192.168.0.208 192.168.0.211 ah 0x300 -A hmac-md5 <br />
0x96358c90783bbfa3d7b196ceabe0536b; <br />
<br />
# ESP SAs using 192 bit long keys (168 + 24 parity) <br />
<br />
add 192.168.0.211 192.168.0.208 esp 0x201 -E 3des-cbc <br />
0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831; <br />
add 192.168.0.208 192.168.0.211 esp 0x301 -E 3des-cbc <br />
0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df; <br />
<br />
<br />
# Security policies <br />
spdadd 192.168.0.211 192.168.0.208 any -P in ipsec <br />
esp/transport//require <br />
ah/transport//require; <br />
<br />
spdadd 192.168.0.208 192.168.0.211 any -P out ipsec <br />
esp/transport//require <br />
ah/transport//require; <br />
<br />
spdadd 192.168.2.100 192.168.1.100 any -P in ipsec<br />
esp/transport//require<br />
ah/transport//require;<br />
</pre><br />
<br />
{{Note|In this example the host is 192.168.0.211 and the APF27 target is 192.168.0.208 but you must adapt the file to your configuration and create your own keys.}}<br />
<br />
{{Note|To generate a 192 bit key you can use the following command: <pre class="host">dd if=/dev/random count=24 bs=1| xxd -ps</pre>}}<br />
<br />
====Target (APF27)====<br />
<br />
=====Linux=====<br />
There are some drivers you need to install in Linux Kernel to make IPSec work.<br />
<br />
* To configure Linux, go into the BSP directory and run the command:<br />
<pre class="host"><br />
$ make linux26-menuconfig<br />
</pre><br />
<br />
* Select the following drivers to install in Linux configuration menu:<br />
<pre class="config"><br />
[*] Networking support ---> <br />
Networking options ---> <br />
<*> Transformation user configuration interface<br />
<br />
<*> PF_KEY sockets<br />
<br />
<*> IP: AH transformation <br />
<*> IP: ESP transformation <br />
<*> IP: IPComp transformation <br />
<*> IP: IPsec transport mode <br />
<*> IP: IPsec tunnel mode <br />
<*> IP: IPsec BEET mode <br />
<br />
[*] Cryptographic API ---><br />
<*> Null algorithms<br />
<br />
*** Authenticated Encryption with Associated Data ***<br />
<*> CCM support <br />
<*> GCM/GMAC support <br />
<br />
{*} AES cipher algorithms <br />
</pre><br />
<br />
* Then you can rebuild Linux like that:<br />
<pre class="host"><br />
$ make linux26-clean<br />
$ make linux26<br />
$ make<br />
</pre><br />
<br />
=====Buildroot=====<br />
You must install flex and networking packages like [[SSH#OpenSSH|OpenSSH]], OpenSSL and IPSec-tools.<br />
<br />
* First run this command to open the Buildroot configuration menu:<br />
<pre class="host"><br />
$ make menuconfig<br />
</pre><br />
<br />
* Select the following packages in the menu:<br />
<pre class="config"><br />
Package Selection for the target ---> <br />
[*] flex <br />
<br />
[*] Networking <br />
[*] ipsec-tools <br />
[*] Enable racoonctl(8). <br />
[ ] Enable NAT-Traversal <br />
[*] Enable IKE fragmentation.<br />
[*] Enable statistics logging function. <br />
[ ] Enable IPv6 support <br />
[ ] Enable readline input support if available. <br />
[*] Install IPSec libraries under staging_dir/lib<br />
<br />
[*] openssh<br />
-*- openssl <br />
</pre><br />
<br />
{{Note|If you want to use IPSec in a NAT router/firewall, you must enable the NAT-Traversal option:<br />
<pre class="config"><br />
Package Selection for the target ---> <br />
[*] Networking <br />
[*] ipsec-tools <br />
<br />
[*] Enable NAT-Traversal <br />
</pre><br />
}}<br />
<br />
* Then rebuild Buildroot:<br />
<pre class="host"><br />
$ make<br />
</pre><br />
<br />
===Securize the connection===<br />
Once IPSec is installed and configured on both the system and the host, you have to launch it and activate the keys.<br />
<br />
* First on your Host (Ubuntu), you have to reboot the computer or to run the command:<br />
<pre class="host"><br />
$ sudo /etc/init.d/setkey start<br />
* Flushing IPsec SA/SP database: [ OK ]<br />
</pre><br />
If you want to see the generated keys:<br />
<pre class="host"><br />
$ sudo setkey -D<br />
</pre><br />
<br />
* On the target (APF27), you can run the command:<br />
<pre class="apf"><br />
# setkey -f /etc/ipsec-tools.conf<br />
</pre><br />
And you can check the keys with:<br />
<pre class="apf"><br />
# setkey -D<br />
</pre><br />
<br />
===Test IPSec===<br />
* To check that datas are correctly encrypted through the securized connection, launch Wireshark on your host PC and put a capture filter on your host address:<br />
<pre class="host"><br />
$ sudo wireshark<br />
</pre><br />
<br />
* Then you can try to establish a connection between the system and your host with Telnet. <br />
Run the following command on the target:<br />
<pre class="apf"><br />
# telnet -l $USERNAME $HOST_IP<br />
</pre><br />
For instance if you want to connect to computer 192.168.0.225 with the user toto:<br />
<pre class="apf"><br />
# telnet -l toto 192.168.0.225<br />
<br />
Entering character mode<br />
Escape character is '^]'.<br />
<br />
Password: <br />
Last login: Thu Dec 23 14:35:40 CET 2010 from localhost on pts/5<br />
Linux laptop-jeremie-ubuntu 2.6.31-20-generic-pae #58-Ubuntu SMP Fri Mar 12 06:25:51 UTC 2010 i686<br />
<br />
To access official Ubuntu documentation, please visit:<br />
http://help.ubuntu.com/<br />
</pre><br />
You can also connect without the username. When you are asked to fill the username, it will also be encrypted.<br />
<br />
* When you enter the password to connect to your host, check in Wireshark that you can't see the protocol name (Telnet in our example) nor the password in the datagrams. You must only see the ESP protocol and crypted datas.<br />
<br />
{{Note|If you use an [[APF27 PPS]] configured board, you can use the script ''test_ipsec.sh'' to test the OpenSSH tunnel.}}<br />
<br />
==IPTables==<br />
IPTables is a command-line interface to configure Netfilter. It can allow you to set up the chains and rules of routing in the firewall of a computer. It can also be used to access a public domain from a private network by masquerading the private IP address.<br />
<br />
===Setup===<br />
If you want to use IPTables on your system, you have to configure both Buildroot and Linux.<br />
<br />
====Linux====<br />
* In the BSP directory, run this command to launch the Linux configuration menu:<br />
<pre class="host"><br />
$ make linux26-menuconfig<br />
</pre><br />
<br />
* In the menu, select the following drivers or modules:<br />
<pre class="config"><br />
[*] Networking support ---><br />
Networking options ---><br />
[*] TCP/IP networking<br />
[*] IP: multicasting<br />
[*] IP: advanced router<br />
Choose IP: FIB lookup algorithm (choose FIB_HASH if unsure) (FIB_HASH) ---><br />
[ ] IP: policy routing<br />
[ ] IP: equal cost multipath<br />
[ ] IP: verbose route monitoring<br />
<br />
[*] Network packet filtering framework (Netfilter) ---><br />
[*] Advanced netfilter configuration<br />
[*] Bridged IP/ARP packets filtering<br />
Core Netfilter Configuration ---><br />
{*} Netfilter Xtables support (required for ip_tables)<br />
<br />
IP: Netfilter Configuration ---><br />
<M> IP tables support (required for filtering/masq/NAT)<br />
<br />
<M> Packet filtering<br />
<br />
<M> ARP tables support<br />
<M> ARP packet filtering<br />
< > ARP payload mangling<br />
</pre><br />
<br />
<span id="Full_NAT_router"><br />
{{Note| If you want to use your target as a full NAT router and do masquerading, there are some advanced features you must add to Linux Kernel:<br />
<pre class="config"><br />
[*] Networking support ---><br />
Networking options ---><br />
[*] Network packet filtering framework (Netfilter) ---><br />
Core Netfilter Configuration ---><br />
<M> Netfilter connection tracking support<br />
<M> "state" match support<br />
<br />
IP: Netfilter Configuration ---><br />
<M> IPv4 connection tracking support (required for NAT)<br />
[*] proc/sysctl compatibility with old connectiion tracking<br />
<br />
<M> Full NAT<br />
<M> MASQUERADE target support<br />
<M> NETMAP target support<br />
<M> REDIRECT target support<br />
< > Basic SNMP-ALG support<br />
</pre><br />
}}<br />
</span><br />
<br />
{{Note|You can also add other IP tables like ''nat'' and ''mangle'' or new firewall rule options like ''LOG'' or ''REJECT'' in Netfilter page of the Linux configuration menu.}}<br />
<br />
* Now you can rebuild Linux:<br />
<pre class="host"><br />
$ make linux26-clean<br />
$ make linux26<br />
$ make<br />
</pre><br />
<br />
====Buildroot====<br />
* In the BSP directory, launch the Buildroot configuration menu:<br />
<pre class="host"><br />
$ make menuconfig<br />
</pre><br />
<br />
* Select the following packages for IPTables to be installed on target:<br />
<pre class="config"><br />
Package selection for the target ---><br />
[*] Networking ---><br />
[*] iptables<br />
</pre><br />
<br />
* Then rebuild Buildroot to generate the rootfs:<br />
<pre class="host"><br />
$ make<br />
</pre><br />
<br />
===IPTables usage===<br />
* To learn how to use IPTables to define firewall chains and rules, please refer to the [http://doc.ubuntu-fr.org/iptables Linux Ubuntu Documentation - IPTables].<br />
<br />
* You may also want to define routing rules with the command ''route''. You can refer to the [http://doc.ubuntu-fr.org/routage Linux Ubuntu Documentation - routage] to use it.<br />
<br />
===Test IPTables on [[APF27 PPS]]===<br />
To test IPTables on the target, we will implement a NAT router in the system and use it as a gateway through two computers.<br />
<br />
* First you have to enable full NAT and masquerading functionalities in Linux Kernel for your target. Please refer to the [[#full NAT router|Note for full NAT installation]] to set up these options and then rebuild Linux:<br />
<pre class="host"><br />
$ make linux26-clean<br />
$ make linux26<br />
$ make<br />
</pre><br />
<br />
* Flash the new kernel and rootfs binaries on the target.<br />
<br />
* Connect an Ethernet cable from your host Linux to the Ethernet port of the target. <br />
And connect the USB A-MiniA cable from your host Linux to your target USB OTG port.<br />
<br />
* Then you have to activate the target network interface for Ethernet and [[USB Gadget]]:<br />
<pre class="apf"><br />
# ifconfig eth0 192.168.0.208<br />
<br />
# modprobe -r smsc95xx<br />
# modprobe -r g_ether<br />
# modprobe g_ether<br />
# ifconfig usb0 192.168.2.251<br />
Freescale High-Speed USB SOC Device Controller driver (Apr 20, 2007)<br />
ULPI OTG Vendor ID 0x4cc Product ID 0x1504<br />
g_ether gadget: using random self ethernet address<br />
g_ether gadget: using random host ethernet address<br />
usb0: MAC f6:cf:00:56:1b:64<br />
usb0: HOST MAC be:60:d1:56:89:fc<br />
g_ether gadget: Ethernet Gadget, version: Memorial Day 2008<br />
g_ether gadget: g_ether ready<br />
fsl-usb2-udc: bind to driver g_ether<br />
g_ether gadget: high speed config #1: CDC Ethernet (ECM)<br />
</pre><br />
<br />
* As the USB gadget interface is connected, you must see the network ''Auto USB'' in your host's ''Network Connections''.<br />
** If you want to make your [[APF27 PPS]] a gateway, you have to use two differents sub-networks for your private network (your computer and the USB gadget interface) and for the remote network (the remote computer and the Ethernet interface).<br />
** Edit then the ''Auto USB'' network to configure it:<br />
*** The '''IP address''' must be in the same sub-network as the USB Gadget interface : for instance 192.168.2.225.<br />
*** The '''Netmask''' : 255.255.255.0<br />
*** The '''Gateway''' is your target's USB Gadget interface : here 192.168.2.251.<br />
*** A '''DNS server''': if you want to browse on Internet through the target. For instance 192.168.0.207.<br />
*** '''Search domains''': For instance armadeus-office.<br />
** Then disconnect your host PC and reconnect to the ''Auto USB'' network.<br />
<br />
* Add the ''default'' route to be able to go on the Internet:<br />
<pre class="apf"><br />
# route add default gw 192.168.0.1 eth0<br />
</pre><br />
<br />
* Configure the IP Advanced router to be able to forward the packets through the target:<br />
<pre class="apf"><br />
# echo "1" > /proc/sys/net/ipv4/ip_forward<br />
</pre><br />
<br />
* Then you have to create the rules for the NAT router/firewall with iptables:<br />
<pre class="apf"><br />
# iptables -P INPUT ACCEPT<br />
# iptables -F INPUT <br />
# iptables -P OUTPUT ACCEPT<br />
# iptables -F OUTPUT <br />
# iptables -P FORWARD DROP<br />
# iptables -F FORWARD <br />
# iptables -t nat -F<br />
nf_conntrack version 0.5.0 (1024 buckets, 4096 max)<br />
<br />
# iptables -A FORWARD -i eth0 -o usb0 -m state --state ESTABLISHED,RELATED -j ACCEPT<br />
# iptables -A FORWARD -i usb0 -o eth0 -j ACCEPT<br />
# iptables -A FORWARD -j LOG<br />
<br />
# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE<br />
</pre><br />
<br />
* To test the gateway is correctly working, you can ping on the different interface and on the remote computer from your host:<br />
<pre class="host"><br />
$ ping 192.168.2.251<br />
PING 192.168.2.251 (192.168.2.251) 56(84) bytes of data.<br />
64 bytes from 192.168.2.251: icmp_seq=1 ttl=64 time=0.736 ms<br />
<br />
$ ping 192.168.0.208<br />
PING 192.168.0.208 (192.168.0.208) 56(84) bytes of data.<br />
64 bytes from 192.168.0.208: icmp_seq=1 ttl=64 time=0.719 ms<br />
<br />
$ ping 192.168.0.1<br />
PING 192.168.0.1 (192.168.0.1) 56(84) bytes of data.<br />
64 bytes from 192.168.0.1: icmp_seq=1 ttl=63 time=1.60 ms<br />
<br />
$ ping REMOTE_ADDRESS<br />
</pre><br />
<br />
* If you have configured your network with a DNS server, you can even ping or browse an URL address on the Internet:<br />
<pre class="host"><br />
$ ping www.yahoo.fr<br />
PING any-rc.a01.yahoodns.net (87.248.120.148) 56(84) bytes of data.<br />
64 bytes from w2.rc.vip.ch1.yahoo.com (87.248.120.148): icmp_seq=1 ttl=49 time=90.3 ms<br />
</pre><br />
<br />
{{Note|If you have the IPSec activated on the remote computer and on your target, you can also securize the connection to the remote computer.<br />
On the remote computer, put the file /etc/ipsec-tools.conf and run the command:<br />
<pre class="host"><br />
$ sudo /etc/init.d/setkey start<br />
* Flushing IPsec SA/SP database: [ OK ]<br />
</pre><br />
On your target, run:<br />
<pre class="apf"><br />
# setkey -f /etc/ipsec-tools.conf<br />
</pre><br />
Then you can check with Wireshark that all datas going through the securized connection are well encrypted.<br />
}}<br />
<br />
==Links==<br />
* [https://help.ubuntu.com/community/IPSecHowTo IPSec HowTo Documentation]<br />
* [http://doc.ubuntu-fr.org/iptables IPTables Ubuntu Documentation]<br />
* [http://doc.ubuntu-fr.org/routage Routing Ubuntu Documentation]</div>JeremieShttp://armadeus.org/wiki/index.php?title=IPSec_/_IPTables&diff=9290IPSec / IPTables2010-12-23T14:26:39Z<p>JeremieS: /* Linux */</p>
<hr />
<div>IPSec and IPTables are network tools that can be used together to create a VPN between two computers. IPSec securizes the connection as IPTables do the packets routing. The [[APF27 PPS]] board is optimized to use these tools.<br />
<br />
==IPSec==<br />
IPSec is a protocol that securizes IP communications by authenticating and crypting packets from IP address to another, over all computer ports.<br />
<br />
===Setup===<br />
<br />
====Host PC (Ubuntu)====<br />
* You need to install the ipsec-tools package on your host:<br />
<pre class="host"><br />
$ sudo apt-get install ipsec-tools<br />
</pre><br />
<br />
* Give the file ''/etc/ipsec-tools.conf'' the access rights 700:<br />
<pre class="host"><br />
$ sudo chmod 700 /etc/ipsec-tools.conf<br />
</pre><br />
<br />
* Then edit this file and define the IPSec keys like that:<br />
<pre class="host"><br />
<br />
#!/usr/sbin/setkey -f <br />
<br />
# NOTE: Do not use this file if you use racoon with racoon-tool <br />
# utility. racoon-tool will setup SAs and SPDs automatically using <br />
# /etc/racoon/racoon-tool.conf configuration. <br />
# <br />
<br />
## Flush the SAD and SPD <br />
# <br />
flush; <br />
spdflush; <br />
<br />
# Attention: Use this keys only for testing purposes! <br />
# Generate your own keys! <br />
<br />
# AH SAs using 128 bit long keys <br />
add 192.168.0.211 192.168.0.208 ah 0x200 -A hmac-md5 <br />
0xc0291ff014dccdd03874d9e8e4cdf3e6; <br />
<br />
add 192.168.0.208 192.168.0.211 ah 0x300 -A hmac-md5 <br />
0x96358c90783bbfa3d7b196ceabe0536b; <br />
<br />
# ESP SAs using 192 bit long keys (168 + 24 parity) <br />
<br />
add 192.168.0.211 192.168.0.208 esp 0x201 -E 3des-cbc <br />
0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831; <br />
add 192.168.0.208 192.168.0.211 esp 0x301 -E 3des-cbc <br />
0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df; <br />
<br />
<br />
# Security policies <br />
spdadd 192.168.0.211 192.168.0.208 any -P in ipsec <br />
esp/transport//require <br />
ah/transport//require; <br />
<br />
spdadd 192.168.0.208 192.168.0.211 any -P out ipsec <br />
esp/transport//require <br />
ah/transport//require; <br />
<br />
spdadd 192.168.2.100 192.168.1.100 any -P in ipsec<br />
esp/transport//require<br />
ah/transport//require;<br />
</pre><br />
<br />
{{Note|In this example the host is 192.168.0.211 and the APF27 target is 192.168.0.208 but you must adapt the file to your configuration and create your own keys.}}<br />
<br />
{{Note|To generate a 192 bit key you can use the following command: <pre class="host">dd if=/dev/random count=24 bs=1| xxd -ps</pre>}}<br />
<br />
====Target (APF27)====<br />
<br />
=====Linux=====<br />
There are some drivers you need to install in Linux Kernel to make IPSec work.<br />
<br />
* To configure Linux, go into the BSP directory and run the command:<br />
<pre class="host"><br />
$ make linux26-menuconfig<br />
</pre><br />
<br />
* Select the following drivers to install in Linux configuration menu:<br />
<pre class="config"><br />
[*] Networking support ---> <br />
Networking options ---> <br />
<*> Transformation user configuration interface<br />
<br />
<*> PF_KEY sockets<br />
<br />
<*> IP: AH transformation <br />
<*> IP: ESP transformation <br />
<*> IP: IPComp transformation <br />
<*> IP: IPsec transport mode <br />
<*> IP: IPsec tunnel mode <br />
<*> IP: IPsec BEET mode <br />
<br />
[*] Cryptographic API ---><br />
<*> Null algorithms<br />
<br />
*** Authenticated Encryption with Associated Data ***<br />
<*> CCM support <br />
<*> GCM/GMAC support <br />
<br />
{*} AES cipher algorithms <br />
</pre><br />
<br />
* Then you can rebuild Linux like that:<br />
<pre class="host"><br />
$ make linux26-clean<br />
$ make linux26<br />
$ make<br />
</pre><br />
<br />
=====Buildroot=====<br />
You must install flex and networking packages like [[SSH#OpenSSH|OpenSSH]], OpenSSL and IPSec-tools.<br />
<br />
* First run this command to open the Buildroot configuration menu:<br />
<pre class="host"><br />
$ make menuconfig<br />
</pre><br />
<br />
* Select the following packages in the menu:<br />
<pre class="config"><br />
Package Selection for the target ---> <br />
[*] flex <br />
<br />
[*] Networking <br />
[*] ipsec-tools <br />
[*] Enable racoonctl(8). <br />
[ ] Enable NAT-Traversal <br />
[*] Enable IKE fragmentation.<br />
[*] Enable statistics logging function. <br />
[ ] Enable IPv6 support <br />
[ ] Enable readline input support if available. <br />
[*] Install IPSec libraries under staging_dir/lib<br />
<br />
[*] openssh<br />
-*- openssl <br />
</pre><br />
<br />
{{Note|If you want to use IPSec in a NAT router/firewall, you must enable the NAT-Traversal option:<br />
<pre class="config"><br />
Package Selection for the target ---> <br />
[*] Networking <br />
[*] ipsec-tools <br />
<br />
[*] Enable NAT-Traversal <br />
</pre><br />
}}<br />
<br />
* Then rebuild Buildroot:<br />
<pre class="host"><br />
$ make<br />
</pre><br />
<br />
===Securize the connection===<br />
Once IPSec is installed and configured on both the system and the host, you have to launch it and activate the keys.<br />
<br />
* First on your Host (Ubuntu), you have to reboot the computer or to run the command:<br />
<pre class="host"><br />
$ sudo /etc/init.d/setkey start<br />
* Flushing IPsec SA/SP database: [ OK ]<br />
</pre><br />
If you want to see the generated keys:<br />
<pre class="host"><br />
$ sudo setkey -D<br />
</pre><br />
<br />
* On the target (APF27), you can run the command:<br />
<pre class="apf"><br />
# setkey -f /etc/ipsec-tools.conf<br />
</pre><br />
And you can check the keys with:<br />
<pre class="apf"><br />
# setkey -D<br />
</pre><br />
<br />
===Test IPSec===<br />
* To check that datas are correctly encrypted through the securized connection, launch Wireshark on your host PC and put a capture filter on your host address:<br />
<pre class="host"><br />
$ sudo wireshark<br />
</pre><br />
<br />
* Then you can try to establish a connection between the system and your host with Telnet. <br />
Run the following command on the target:<br />
<pre class="apf"><br />
# telnet -l $USERNAME $HOST_IP<br />
</pre><br />
For instance if you want to connect to computer 192.168.0.225 with the user toto:<br />
<pre class="apf"><br />
# telnet -l toto 192.168.0.225<br />
<br />
Entering character mode<br />
Escape character is '^]'.<br />
<br />
Password: <br />
Last login: Thu Dec 23 14:35:40 CET 2010 from localhost on pts/5<br />
Linux laptop-jeremie-ubuntu 2.6.31-20-generic-pae #58-Ubuntu SMP Fri Mar 12 06:25:51 UTC 2010 i686<br />
<br />
To access official Ubuntu documentation, please visit:<br />
http://help.ubuntu.com/<br />
</pre><br />
You can also connect without the username. When you are asked to fill the username, it will also be encrypted.<br />
<br />
* When you enter the password to connect to your host, check in Wireshark that you can't see the protocol name (Telnet in our example) nor the password in the datagrams. You must only see the ESP protocol and crypted datas.<br />
<br />
{{Note|If you use an [[APF27 PPS]] configured board, you can use the script ''test_ipsec.sh'' to test the OpenSSH tunnel.}}<br />
<br />
==IPTables==<br />
IPTables is a command-line interface to configure Netfilter. It can allow you to set up the chains and rules of routing in the firewall of a computer. It can also be used to access a public domain from a private network by masquerading the private IP address.<br />
<br />
===Setup===<br />
If you want to use IPTables on your system, you have to configure both Buildroot and Linux.<br />
<br />
====Linux====<br />
* In the BSP directory, run this command to launch the Linux configuration menu:<br />
<pre class="host"><br />
$ make linux26-menuconfig<br />
</pre><br />
<br />
* In the menu, select the following drivers or modules:<br />
<pre class="config"><br />
[*] Networking support ---><br />
Networking options ---><br />
[*] TCP/IP networking<br />
[*] IP: multicasting<br />
[*] IP: advanced router<br />
Choose IP: FIB lookup algorithm (choose FIB_HASH if unsure) (FIB_HASH) ---><br />
[ ] IP: policy routing<br />
[ ] IP: equal cost multipath<br />
[ ] IP: verbose route monitoring<br />
<br />
[*] Network packet filtering framework (Netfilter) ---><br />
[*] Advanced netfilter configuration<br />
[*] Bridged IP/ARP packets filtering<br />
Core Netfilter Configuration ---><br />
{*} Netfilter Xtables support (required for ip_tables)<br />
<br />
IP: Netfilter Configuration ---><br />
<M> IP tables support (required for filtering/masq/NAT)<br />
<br />
<M> Packet filtering<br />
<br />
<M> ARP tables support<br />
<M> ARP packet filtering<br />
< > ARP payload mangling<br />
</pre><br />
<br />
{{anchor|Full NAT router}}<br />
{{Note| If you want to use your target as a full NAT router and do masquerading, there are some advanced features you must add to Linux Kernel:<br />
<pre class="config"><br />
[*] Networking support ---><br />
Networking options ---><br />
[*] Network packet filtering framework (Netfilter) ---><br />
Core Netfilter Configuration ---><br />
<M> Netfilter connection tracking support<br />
<M> "state" match support<br />
<br />
IP: Netfilter Configuration ---><br />
<M> IPv4 connection tracking support (required for NAT)<br />
[*] proc/sysctl compatibility with old connectiion tracking<br />
<br />
<M> Full NAT<br />
<M> MASQUERADE target support<br />
<M> NETMAP target support<br />
<M> REDIRECT target support<br />
< > Basic SNMP-ALG support<br />
</pre><br />
}}<br />
<br />
{{Note|You can also add other IP tables like ''nat'' and ''mangle'' or new firewall rule options like ''LOG'' or ''REJECT'' in Netfilter page of the Linux configuration menu.}}<br />
<br />
* Now you can rebuild Linux:<br />
<pre class="host"><br />
$ make linux26-clean<br />
$ make linux26<br />
$ make<br />
</pre><br />
<br />
====Buildroot====<br />
* In the BSP directory, launch the Buildroot configuration menu:<br />
<pre class="host"><br />
$ make menuconfig<br />
</pre><br />
<br />
* Select the following packages for IPTables to be installed on target:<br />
<pre class="config"><br />
Package selection for the target ---><br />
[*] Networking ---><br />
[*] iptables<br />
</pre><br />
<br />
* Then rebuild Buildroot to generate the rootfs:<br />
<pre class="host"><br />
$ make<br />
</pre><br />
<br />
===IPTables usage===<br />
* To learn how to use IPTables to define firewall chains and rules, please refer to the [http://doc.ubuntu-fr.org/iptables Linux Ubuntu Documentation - IPTables].<br />
<br />
* You may also want to define routing rules with the command ''route''. You can refer to the [http://doc.ubuntu-fr.org/routage Linux Ubuntu Documentation - routage] to use it.<br />
<br />
===Test IPTables on [[APF27 PPS]]===<br />
To test IPTables on the target, we will implement a NAT router in the system and use it as a gateway through two computers.<br />
<br />
* First you have to enable full NAT and masquerading functionalities in Linux Kernel for your target. Please refer to the [[#full NAT router|Note for full NAT installation]] to set up these options and then rebuild Linux:<br />
<pre class="host"><br />
$ make linux26-clean<br />
$ make linux26<br />
$ make<br />
</pre><br />
<br />
* Flash the new kernel and rootfs binaries on the target.<br />
<br />
* Connect an Ethernet cable from your host Linux to the Ethernet port of the target. <br />
And connect the USB A-MiniA cable from your host Linux to your target USB OTG port.<br />
<br />
* Then you have to activate the target network interface for Ethernet and [[USB Gadget]]:<br />
<pre class="apf"><br />
# ifconfig eth0 192.168.0.208<br />
<br />
# modprobe -r smsc95xx<br />
# modprobe -r g_ether<br />
# modprobe g_ether<br />
# ifconfig usb0 192.168.2.251<br />
Freescale High-Speed USB SOC Device Controller driver (Apr 20, 2007)<br />
ULPI OTG Vendor ID 0x4cc Product ID 0x1504<br />
g_ether gadget: using random self ethernet address<br />
g_ether gadget: using random host ethernet address<br />
usb0: MAC f6:cf:00:56:1b:64<br />
usb0: HOST MAC be:60:d1:56:89:fc<br />
g_ether gadget: Ethernet Gadget, version: Memorial Day 2008<br />
g_ether gadget: g_ether ready<br />
fsl-usb2-udc: bind to driver g_ether<br />
g_ether gadget: high speed config #1: CDC Ethernet (ECM)<br />
</pre><br />
<br />
* As the USB gadget interface is connected, you must see the network ''Auto USB'' in your host's ''Network Connections''.<br />
** If you want to make your [[APF27 PPS]] a gateway, you have to use two differents sub-networks for your private network (your computer and the USB gadget interface) and for the remote network (the remote computer and the Ethernet interface).<br />
** Edit then the ''Auto USB'' network to configure it:<br />
*** The '''IP address''' must be in the same sub-network as the USB Gadget interface : for instance 192.168.2.225.<br />
*** The '''Netmask''' : 255.255.255.0<br />
*** The '''Gateway''' is your target's USB Gadget interface : here 192.168.2.251.<br />
*** A '''DNS server''': if you want to browse on Internet through the target. For instance 192.168.0.207.<br />
*** '''Search domains''': For instance armadeus-office.<br />
** Then disconnect your host PC and reconnect to the ''Auto USB'' network.<br />
<br />
* Add the ''default'' route to be able to go on the Internet:<br />
<pre class="apf"><br />
# route add default gw 192.168.0.1 eth0<br />
</pre><br />
<br />
* Configure the IP Advanced router to be able to forward the packets through the target:<br />
<pre class="apf"><br />
# echo "1" > /proc/sys/net/ipv4/ip_forward<br />
</pre><br />
<br />
* Then you have to create the rules for the NAT router/firewall with iptables:<br />
<pre class="apf"><br />
# iptables -P INPUT ACCEPT<br />
# iptables -F INPUT <br />
# iptables -P OUTPUT ACCEPT<br />
# iptables -F OUTPUT <br />
# iptables -P FORWARD DROP<br />
# iptables -F FORWARD <br />
# iptables -t nat -F<br />
nf_conntrack version 0.5.0 (1024 buckets, 4096 max)<br />
<br />
# iptables -A FORWARD -i eth0 -o usb0 -m state --state ESTABLISHED,RELATED -j ACCEPT<br />
# iptables -A FORWARD -i usb0 -o eth0 -j ACCEPT<br />
# iptables -A FORWARD -j LOG<br />
<br />
# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE<br />
</pre><br />
<br />
* To test the gateway is correctly working, you can ping on the different interface and on the remote computer from your host:<br />
<pre class="host"><br />
$ ping 192.168.2.251<br />
PING 192.168.2.251 (192.168.2.251) 56(84) bytes of data.<br />
64 bytes from 192.168.2.251: icmp_seq=1 ttl=64 time=0.736 ms<br />
<br />
$ ping 192.168.0.208<br />
PING 192.168.0.208 (192.168.0.208) 56(84) bytes of data.<br />
64 bytes from 192.168.0.208: icmp_seq=1 ttl=64 time=0.719 ms<br />
<br />
$ ping 192.168.0.1<br />
PING 192.168.0.1 (192.168.0.1) 56(84) bytes of data.<br />
64 bytes from 192.168.0.1: icmp_seq=1 ttl=63 time=1.60 ms<br />
<br />
$ ping REMOTE_ADDRESS<br />
</pre><br />
<br />
* If you have configured your network with a DNS server, you can even ping or browse an URL address on the Internet:<br />
<pre class="host"><br />
$ ping www.yahoo.fr<br />
PING any-rc.a01.yahoodns.net (87.248.120.148) 56(84) bytes of data.<br />
64 bytes from w2.rc.vip.ch1.yahoo.com (87.248.120.148): icmp_seq=1 ttl=49 time=90.3 ms<br />
</pre><br />
<br />
{{Note|If you have the IPSec activated on the remote computer and on your target, you can also securize the connection to the remote computer.<br />
On the remote computer, put the file /etc/ipsec-tools.conf and run the command:<br />
<pre class="host"><br />
$ sudo /etc/init.d/setkey start<br />
* Flushing IPsec SA/SP database: [ OK ]<br />
</pre><br />
On your target, run:<br />
<pre class="apf"><br />
# setkey -f /etc/ipsec-tools.conf<br />
</pre><br />
Then you can check with Wireshark that all datas going through the securized connection are well encrypted.<br />
}}<br />
<br />
==Links==<br />
* [https://help.ubuntu.com/community/IPSecHowTo IPSec HowTo Documentation]<br />
* [http://doc.ubuntu-fr.org/iptables IPTables Ubuntu Documentation]<br />
* [http://doc.ubuntu-fr.org/routage Routing Ubuntu Documentation]</div>JeremieShttp://armadeus.org/wiki/index.php?title=IPSec_/_IPTables&diff=9289IPSec / IPTables2010-12-23T14:23:12Z<p>JeremieS: </p>
<hr />
<div>IPSec and IPTables are network tools that can be used together to create a VPN between two computers. IPSec securizes the connection as IPTables do the packets routing. The [[APF27 PPS]] board is optimized to use these tools.<br />
<br />
==IPSec==<br />
IPSec is a protocol that securizes IP communications by authenticating and crypting packets from IP address to another, over all computer ports.<br />
<br />
===Setup===<br />
<br />
====Host PC (Ubuntu)====<br />
* You need to install the ipsec-tools package on your host:<br />
<pre class="host"><br />
$ sudo apt-get install ipsec-tools<br />
</pre><br />
<br />
* Give the file ''/etc/ipsec-tools.conf'' the access rights 700:<br />
<pre class="host"><br />
$ sudo chmod 700 /etc/ipsec-tools.conf<br />
</pre><br />
<br />
* Then edit this file and define the IPSec keys like that:<br />
<pre class="host"><br />
<br />
#!/usr/sbin/setkey -f <br />
<br />
# NOTE: Do not use this file if you use racoon with racoon-tool <br />
# utility. racoon-tool will setup SAs and SPDs automatically using <br />
# /etc/racoon/racoon-tool.conf configuration. <br />
# <br />
<br />
## Flush the SAD and SPD <br />
# <br />
flush; <br />
spdflush; <br />
<br />
# Attention: Use this keys only for testing purposes! <br />
# Generate your own keys! <br />
<br />
# AH SAs using 128 bit long keys <br />
add 192.168.0.211 192.168.0.208 ah 0x200 -A hmac-md5 <br />
0xc0291ff014dccdd03874d9e8e4cdf3e6; <br />
<br />
add 192.168.0.208 192.168.0.211 ah 0x300 -A hmac-md5 <br />
0x96358c90783bbfa3d7b196ceabe0536b; <br />
<br />
# ESP SAs using 192 bit long keys (168 + 24 parity) <br />
<br />
add 192.168.0.211 192.168.0.208 esp 0x201 -E 3des-cbc <br />
0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831; <br />
add 192.168.0.208 192.168.0.211 esp 0x301 -E 3des-cbc <br />
0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df; <br />
<br />
<br />
# Security policies <br />
spdadd 192.168.0.211 192.168.0.208 any -P in ipsec <br />
esp/transport//require <br />
ah/transport//require; <br />
<br />
spdadd 192.168.0.208 192.168.0.211 any -P out ipsec <br />
esp/transport//require <br />
ah/transport//require; <br />
<br />
spdadd 192.168.2.100 192.168.1.100 any -P in ipsec<br />
esp/transport//require<br />
ah/transport//require;<br />
</pre><br />
<br />
{{Note|In this example the host is 192.168.0.211 and the APF27 target is 192.168.0.208 but you must adapt the file to your configuration and create your own keys.}}<br />
<br />
{{Note|To generate a 192 bit key you can use the following command: <pre class="host">dd if=/dev/random count=24 bs=1| xxd -ps</pre>}}<br />
<br />
====Target (APF27)====<br />
<br />
=====Linux=====<br />
There are some drivers you need to install in Linux Kernel to make IPSec work.<br />
<br />
* To configure Linux, go into the BSP directory and run the command:<br />
<pre class="host"><br />
$ make linux26-menuconfig<br />
</pre><br />
<br />
* Select the following drivers to install in Linux configuration menu:<br />
<pre class="config"><br />
[*] Networking support ---> <br />
Networking options ---> <br />
<*> Transformation user configuration interface<br />
<br />
<*> PF_KEY sockets<br />
<br />
<*> IP: AH transformation <br />
<*> IP: ESP transformation <br />
<*> IP: IPComp transformation <br />
<*> IP: IPsec transport mode <br />
<*> IP: IPsec tunnel mode <br />
<*> IP: IPsec BEET mode <br />
<br />
[*] Cryptographic API ---><br />
<*> Null algorithms<br />
<br />
*** Authenticated Encryption with Associated Data ***<br />
<*> CCM support <br />
<*> GCM/GMAC support <br />
<br />
{*} AES cipher algorithms <br />
</pre><br />
<br />
* Then you can rebuild Linux like that:<br />
<pre class="host"><br />
$ make linux26-clean<br />
$ make linux26<br />
$ make<br />
</pre><br />
<br />
=====Buildroot=====<br />
You must install flex and networking packages like [[SSH#OpenSSH|OpenSSH]], OpenSSL and IPSec-tools.<br />
<br />
* First run this command to open the Buildroot configuration menu:<br />
<pre class="host"><br />
$ make menuconfig<br />
</pre><br />
<br />
* Select the following packages in the menu:<br />
<pre class="config"><br />
Package Selection for the target ---> <br />
[*] flex <br />
<br />
[*] Networking <br />
[*] ipsec-tools <br />
[*] Enable racoonctl(8). <br />
[ ] Enable NAT-Traversal <br />
[*] Enable IKE fragmentation.<br />
[*] Enable statistics logging function. <br />
[ ] Enable IPv6 support <br />
[ ] Enable readline input support if available. <br />
[*] Install IPSec libraries under staging_dir/lib<br />
<br />
[*] openssh<br />
-*- openssl <br />
</pre><br />
<br />
{{Note|If you want to use IPSec in a NAT router/firewall, you must enable the NAT-Traversal option:<br />
<pre class="config"><br />
Package Selection for the target ---> <br />
[*] Networking <br />
[*] ipsec-tools <br />
<br />
[*] Enable NAT-Traversal <br />
</pre><br />
}}<br />
<br />
* Then rebuild Buildroot:<br />
<pre class="host"><br />
$ make<br />
</pre><br />
<br />
===Securize the connection===<br />
Once IPSec is installed and configured on both the system and the host, you have to launch it and activate the keys.<br />
<br />
* First on your Host (Ubuntu), you have to reboot the computer or to run the command:<br />
<pre class="host"><br />
$ sudo /etc/init.d/setkey start<br />
* Flushing IPsec SA/SP database: [ OK ]<br />
</pre><br />
If you want to see the generated keys:<br />
<pre class="host"><br />
$ sudo setkey -D<br />
</pre><br />
<br />
* On the target (APF27), you can run the command:<br />
<pre class="apf"><br />
# setkey -f /etc/ipsec-tools.conf<br />
</pre><br />
And you can check the keys with:<br />
<pre class="apf"><br />
# setkey -D<br />
</pre><br />
<br />
===Test IPSec===<br />
* To check that datas are correctly encrypted through the securized connection, launch Wireshark on your host PC and put a capture filter on your host address:<br />
<pre class="host"><br />
$ sudo wireshark<br />
</pre><br />
<br />
* Then you can try to establish a connection between the system and your host with Telnet. <br />
Run the following command on the target:<br />
<pre class="apf"><br />
# telnet -l $USERNAME $HOST_IP<br />
</pre><br />
For instance if you want to connect to computer 192.168.0.225 with the user toto:<br />
<pre class="apf"><br />
# telnet -l toto 192.168.0.225<br />
<br />
Entering character mode<br />
Escape character is '^]'.<br />
<br />
Password: <br />
Last login: Thu Dec 23 14:35:40 CET 2010 from localhost on pts/5<br />
Linux laptop-jeremie-ubuntu 2.6.31-20-generic-pae #58-Ubuntu SMP Fri Mar 12 06:25:51 UTC 2010 i686<br />
<br />
To access official Ubuntu documentation, please visit:<br />
http://help.ubuntu.com/<br />
</pre><br />
You can also connect without the username. When you are asked to fill the username, it will also be encrypted.<br />
<br />
* When you enter the password to connect to your host, check in Wireshark that you can't see the protocol name (Telnet in our example) nor the password in the datagrams. You must only see the ESP protocol and crypted datas.<br />
<br />
{{Note|If you use an [[APF27 PPS]] configured board, you can use the script ''test_ipsec.sh'' to test the OpenSSH tunnel.}}<br />
<br />
==IPTables==<br />
IPTables is a command-line interface to configure Netfilter. It can allow you to set up the chains and rules of routing in the firewall of a computer. It can also be used to access a public domain from a private network by masquerading the private IP address.<br />
<br />
===Setup===<br />
If you want to use IPTables on your system, you have to configure both Buildroot and Linux.<br />
<br />
====Linux====<br />
* In the BSP directory, run this command to launch the Linux configuration menu:<br />
<pre class="host"><br />
$ make linux26-menuconfig<br />
</pre><br />
<br />
* In the menu, select the following drivers or modules:<br />
<pre class="config"><br />
[*] Networking support ---><br />
Networking options ---><br />
[*] TCP/IP networking<br />
[*] IP: multicasting<br />
[*] IP: advanced router<br />
Choose IP: FIB lookup algorithm (choose FIB_HASH if unsure) (FIB_HASH) ---><br />
[ ] IP: policy routing<br />
[ ] IP: equal cost multipath<br />
[ ] IP: verbose route monitoring<br />
<br />
[*] Network packet filtering framework (Netfilter) ---><br />
[*] Advanced netfilter configuration<br />
[*] Bridged IP/ARP packets filtering<br />
Core Netfilter Configuration ---><br />
{*} Netfilter Xtables support (required for ip_tables)<br />
<br />
IP: Netfilter Configuration ---><br />
<M> IP tables support (required for filtering/masq/NAT)<br />
<br />
<M> Packet filtering<br />
<br />
<M> ARP tables support<br />
<M> ARP packet filtering<br />
< > ARP payload mangling<br />
</pre><br />
<br />
{{Note| If you want to use your target as a full NAT router and do masquerading, there are some advanced features you must add to Linux Kernel:<br />
<pre class="config"><br />
[*] Networking support ---><br />
Networking options ---><br />
[*] Network packet filtering framework (Netfilter) ---><br />
Core Netfilter Configuration ---><br />
<M> Netfilter connection tracking support<br />
<M> "state" match support<br />
<br />
IP: Netfilter Configuration ---><br />
<M> IPv4 connection tracking support (required for NAT)<br />
[*] proc/sysctl compatibility with old connectiion tracking<br />
<br />
<M> Full NAT<br />
<M> MASQUERADE target support<br />
<M> NETMAP target support<br />
<M> REDIRECT target support<br />
< > Basic SNMP-ALG support<br />
</pre><br />
}}<br />
<br />
{{Note|You can also add other IP tables like ''nat'' and ''mangle'' or new firewall rule options like ''LOG'' or ''REJECT'' in Netfilter page of the Linux configuration menu.}}<br />
<br />
* Now you can rebuild Linux:<br />
<pre class="host"><br />
$ make linux26-clean<br />
$ make linux26<br />
$ make<br />
</pre><br />
<br />
====Buildroot====<br />
* In the BSP directory, launch the Buildroot configuration menu:<br />
<pre class="host"><br />
$ make menuconfig<br />
</pre><br />
<br />
* Select the following packages for IPTables to be installed on target:<br />
<pre class="config"><br />
Package selection for the target ---><br />
[*] Networking ---><br />
[*] iptables<br />
</pre><br />
<br />
* Then rebuild Buildroot to generate the rootfs:<br />
<pre class="host"><br />
$ make<br />
</pre><br />
<br />
===IPTables usage===<br />
* To learn how to use IPTables to define firewall chains and rules, please refer to the [http://doc.ubuntu-fr.org/iptables Linux Ubuntu Documentation - IPTables].<br />
<br />
* You may also want to define routing rules with the command ''route''. You can refer to the [http://doc.ubuntu-fr.org/routage Linux Ubuntu Documentation - routage] to use it.<br />
<br />
===Test IPTables on [[APF27 PPS]]===<br />
To test IPTables on the target, we will implement a NAT router in the system and use it as a gateway through two computers.<br />
<br />
* First you have to enable full NAT and masquerading functionalities in Linux Kernel for your target. Please refer to the [[#full NAT router|Note for full NAT installation]] to set up these options and then rebuild Linux:<br />
<pre class="host"><br />
$ make linux26-clean<br />
$ make linux26<br />
$ make<br />
</pre><br />
<br />
* Flash the new kernel and rootfs binaries on the target.<br />
<br />
* Connect an Ethernet cable from your host Linux to the Ethernet port of the target. <br />
And connect the USB A-MiniA cable from your host Linux to your target USB OTG port.<br />
<br />
* Then you have to activate the target network interface for Ethernet and [[USB Gadget]]:<br />
<pre class="apf"><br />
# ifconfig eth0 192.168.0.208<br />
<br />
# modprobe -r smsc95xx<br />
# modprobe -r g_ether<br />
# modprobe g_ether<br />
# ifconfig usb0 192.168.2.251<br />
Freescale High-Speed USB SOC Device Controller driver (Apr 20, 2007)<br />
ULPI OTG Vendor ID 0x4cc Product ID 0x1504<br />
g_ether gadget: using random self ethernet address<br />
g_ether gadget: using random host ethernet address<br />
usb0: MAC f6:cf:00:56:1b:64<br />
usb0: HOST MAC be:60:d1:56:89:fc<br />
g_ether gadget: Ethernet Gadget, version: Memorial Day 2008<br />
g_ether gadget: g_ether ready<br />
fsl-usb2-udc: bind to driver g_ether<br />
g_ether gadget: high speed config #1: CDC Ethernet (ECM)<br />
</pre><br />
<br />
* As the USB gadget interface is connected, you must see the network ''Auto USB'' in your host's ''Network Connections''.<br />
** If you want to make your [[APF27 PPS]] a gateway, you have to use two differents sub-networks for your private network (your computer and the USB gadget interface) and for the remote network (the remote computer and the Ethernet interface).<br />
** Edit then the ''Auto USB'' network to configure it:<br />
*** The '''IP address''' must be in the same sub-network as the USB Gadget interface : for instance 192.168.2.225.<br />
*** The '''Netmask''' : 255.255.255.0<br />
*** The '''Gateway''' is your target's USB Gadget interface : here 192.168.2.251.<br />
*** A '''DNS server''': if you want to browse on Internet through the target. For instance 192.168.0.207.<br />
*** '''Search domains''': For instance armadeus-office.<br />
** Then disconnect your host PC and reconnect to the ''Auto USB'' network.<br />
<br />
* Add the ''default'' route to be able to go on the Internet:<br />
<pre class="apf"><br />
# route add default gw 192.168.0.1 eth0<br />
</pre><br />
<br />
* Configure the IP Advanced router to be able to forward the packets through the target:<br />
<pre class="apf"><br />
# echo "1" > /proc/sys/net/ipv4/ip_forward<br />
</pre><br />
<br />
* Then you have to create the rules for the NAT router/firewall with iptables:<br />
<pre class="apf"><br />
# iptables -P INPUT ACCEPT<br />
# iptables -F INPUT <br />
# iptables -P OUTPUT ACCEPT<br />
# iptables -F OUTPUT <br />
# iptables -P FORWARD DROP<br />
# iptables -F FORWARD <br />
# iptables -t nat -F<br />
nf_conntrack version 0.5.0 (1024 buckets, 4096 max)<br />
<br />
# iptables -A FORWARD -i eth0 -o usb0 -m state --state ESTABLISHED,RELATED -j ACCEPT<br />
# iptables -A FORWARD -i usb0 -o eth0 -j ACCEPT<br />
# iptables -A FORWARD -j LOG<br />
<br />
# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE<br />
</pre><br />
<br />
* To test the gateway is correctly working, you can ping on the different interface and on the remote computer from your host:<br />
<pre class="host"><br />
$ ping 192.168.2.251<br />
PING 192.168.2.251 (192.168.2.251) 56(84) bytes of data.<br />
64 bytes from 192.168.2.251: icmp_seq=1 ttl=64 time=0.736 ms<br />
<br />
$ ping 192.168.0.208<br />
PING 192.168.0.208 (192.168.0.208) 56(84) bytes of data.<br />
64 bytes from 192.168.0.208: icmp_seq=1 ttl=64 time=0.719 ms<br />
<br />
$ ping 192.168.0.1<br />
PING 192.168.0.1 (192.168.0.1) 56(84) bytes of data.<br />
64 bytes from 192.168.0.1: icmp_seq=1 ttl=63 time=1.60 ms<br />
<br />
$ ping REMOTE_ADDRESS<br />
</pre><br />
<br />
* If you have configured your network with a DNS server, you can even ping or browse an URL address on the Internet:<br />
<pre class="host"><br />
$ ping www.yahoo.fr<br />
PING any-rc.a01.yahoodns.net (87.248.120.148) 56(84) bytes of data.<br />
64 bytes from w2.rc.vip.ch1.yahoo.com (87.248.120.148): icmp_seq=1 ttl=49 time=90.3 ms<br />
</pre><br />
<br />
{{Note|If you have the IPSec activated on the remote computer and on your target, you can also securize the connection to the remote computer.<br />
On the remote computer, put the file /etc/ipsec-tools.conf and run the command:<br />
<pre class="host"><br />
$ sudo /etc/init.d/setkey start<br />
* Flushing IPsec SA/SP database: [ OK ]<br />
</pre><br />
On your target, run:<br />
<pre class="apf"><br />
# setkey -f /etc/ipsec-tools.conf<br />
</pre><br />
Then you can check with Wireshark that all datas going through the securized connection are well encrypted.<br />
}}<br />
<br />
==Links==<br />
* [https://help.ubuntu.com/community/IPSecHowTo IPSec HowTo Documentation]<br />
* [http://doc.ubuntu-fr.org/iptables IPTables Ubuntu Documentation]<br />
* [http://doc.ubuntu-fr.org/routage Routing Ubuntu Documentation]</div>JeremieShttp://armadeus.org/wiki/index.php?title=IPSec_/_IPTables&diff=9288IPSec / IPTables2010-12-23T14:22:46Z<p>JeremieS: </p>
<hr />
<div>IPSec and IPTables are network tools that can be used together to create a VPN between two computers. IPSec securizes the connection as IPTables do the packets routing. The [[APF27 PPS] board is optimized to use these tools.<br />
<br />
==IPSec==<br />
IPSec is a protocol that securizes IP communications by authenticating and crypting packets from IP address to another, over all computer ports.<br />
<br />
===Setup===<br />
<br />
====Host PC (Ubuntu)====<br />
* You need to install the ipsec-tools package on your host:<br />
<pre class="host"><br />
$ sudo apt-get install ipsec-tools<br />
</pre><br />
<br />
* Give the file ''/etc/ipsec-tools.conf'' the access rights 700:<br />
<pre class="host"><br />
$ sudo chmod 700 /etc/ipsec-tools.conf<br />
</pre><br />
<br />
* Then edit this file and define the IPSec keys like that:<br />
<pre class="host"><br />
<br />
#!/usr/sbin/setkey -f <br />
<br />
# NOTE: Do not use this file if you use racoon with racoon-tool <br />
# utility. racoon-tool will setup SAs and SPDs automatically using <br />
# /etc/racoon/racoon-tool.conf configuration. <br />
# <br />
<br />
## Flush the SAD and SPD <br />
# <br />
flush; <br />
spdflush; <br />
<br />
# Attention: Use this keys only for testing purposes! <br />
# Generate your own keys! <br />
<br />
# AH SAs using 128 bit long keys <br />
add 192.168.0.211 192.168.0.208 ah 0x200 -A hmac-md5 <br />
0xc0291ff014dccdd03874d9e8e4cdf3e6; <br />
<br />
add 192.168.0.208 192.168.0.211 ah 0x300 -A hmac-md5 <br />
0x96358c90783bbfa3d7b196ceabe0536b; <br />
<br />
# ESP SAs using 192 bit long keys (168 + 24 parity) <br />
<br />
add 192.168.0.211 192.168.0.208 esp 0x201 -E 3des-cbc <br />
0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831; <br />
add 192.168.0.208 192.168.0.211 esp 0x301 -E 3des-cbc <br />
0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df; <br />
<br />
<br />
# Security policies <br />
spdadd 192.168.0.211 192.168.0.208 any -P in ipsec <br />
esp/transport//require <br />
ah/transport//require; <br />
<br />
spdadd 192.168.0.208 192.168.0.211 any -P out ipsec <br />
esp/transport//require <br />
ah/transport//require; <br />
<br />
spdadd 192.168.2.100 192.168.1.100 any -P in ipsec<br />
esp/transport//require<br />
ah/transport//require;<br />
</pre><br />
<br />
{{Note|In this example the host is 192.168.0.211 and the APF27 target is 192.168.0.208 but you must adapt the file to your configuration and create your own keys.}}<br />
<br />
{{Note|To generate a 192 bit key you can use the following command: <pre class="host">dd if=/dev/random count=24 bs=1| xxd -ps</pre>}}<br />
<br />
====Target (APF27)====<br />
<br />
=====Linux=====<br />
There are some drivers you need to install in Linux Kernel to make IPSec work.<br />
<br />
* To configure Linux, go into the BSP directory and run the command:<br />
<pre class="host"><br />
$ make linux26-menuconfig<br />
</pre><br />
<br />
* Select the following drivers to install in Linux configuration menu:<br />
<pre class="config"><br />
[*] Networking support ---> <br />
Networking options ---> <br />
<*> Transformation user configuration interface<br />
<br />
<*> PF_KEY sockets<br />
<br />
<*> IP: AH transformation <br />
<*> IP: ESP transformation <br />
<*> IP: IPComp transformation <br />
<*> IP: IPsec transport mode <br />
<*> IP: IPsec tunnel mode <br />
<*> IP: IPsec BEET mode <br />
<br />
[*] Cryptographic API ---><br />
<*> Null algorithms<br />
<br />
*** Authenticated Encryption with Associated Data ***<br />
<*> CCM support <br />
<*> GCM/GMAC support <br />
<br />
{*} AES cipher algorithms <br />
</pre><br />
<br />
* Then you can rebuild Linux like that:<br />
<pre class="host"><br />
$ make linux26-clean<br />
$ make linux26<br />
$ make<br />
</pre><br />
<br />
=====Buildroot=====<br />
You must install flex and networking packages like [[SSH#OpenSSH|OpenSSH]], OpenSSL and IPSec-tools.<br />
<br />
* First run this command to open the Buildroot configuration menu:<br />
<pre class="host"><br />
$ make menuconfig<br />
</pre><br />
<br />
* Select the following packages in the menu:<br />
<pre class="config"><br />
Package Selection for the target ---> <br />
[*] flex <br />
<br />
[*] Networking <br />
[*] ipsec-tools <br />
[*] Enable racoonctl(8). <br />
[ ] Enable NAT-Traversal <br />
[*] Enable IKE fragmentation.<br />
[*] Enable statistics logging function. <br />
[ ] Enable IPv6 support <br />
[ ] Enable readline input support if available. <br />
[*] Install IPSec libraries under staging_dir/lib<br />
<br />
[*] openssh<br />
-*- openssl <br />
</pre><br />
<br />
{{Note|If you want to use IPSec in a NAT router/firewall, you must enable the NAT-Traversal option:<br />
<pre class="config"><br />
Package Selection for the target ---> <br />
[*] Networking <br />
[*] ipsec-tools <br />
<br />
[*] Enable NAT-Traversal <br />
</pre><br />
}}<br />
<br />
* Then rebuild Buildroot:<br />
<pre class="host"><br />
$ make<br />
</pre><br />
<br />
===Securize the connection===<br />
Once IPSec is installed and configured on both the system and the host, you have to launch it and activate the keys.<br />
<br />
* First on your Host (Ubuntu), you have to reboot the computer or to run the command:<br />
<pre class="host"><br />
$ sudo /etc/init.d/setkey start<br />
* Flushing IPsec SA/SP database: [ OK ]<br />
</pre><br />
If you want to see the generated keys:<br />
<pre class="host"><br />
$ sudo setkey -D<br />
</pre><br />
<br />
* On the target (APF27), you can run the command:<br />
<pre class="apf"><br />
# setkey -f /etc/ipsec-tools.conf<br />
</pre><br />
And you can check the keys with:<br />
<pre class="apf"><br />
# setkey -D<br />
</pre><br />
<br />
===Test IPSec===<br />
* To check that datas are correctly encrypted through the securized connection, launch Wireshark on your host PC and put a capture filter on your host address:<br />
<pre class="host"><br />
$ sudo wireshark<br />
</pre><br />
<br />
* Then you can try to establish a connection between the system and your host with Telnet. <br />
Run the following command on the target:<br />
<pre class="apf"><br />
# telnet -l $USERNAME $HOST_IP<br />
</pre><br />
For instance if you want to connect to computer 192.168.0.225 with the user toto:<br />
<pre class="apf"><br />
# telnet -l toto 192.168.0.225<br />
<br />
Entering character mode<br />
Escape character is '^]'.<br />
<br />
Password: <br />
Last login: Thu Dec 23 14:35:40 CET 2010 from localhost on pts/5<br />
Linux laptop-jeremie-ubuntu 2.6.31-20-generic-pae #58-Ubuntu SMP Fri Mar 12 06:25:51 UTC 2010 i686<br />
<br />
To access official Ubuntu documentation, please visit:<br />
http://help.ubuntu.com/<br />
</pre><br />
You can also connect without the username. When you are asked to fill the username, it will also be encrypted.<br />
<br />
* When you enter the password to connect to your host, check in Wireshark that you can't see the protocol name (Telnet in our example) nor the password in the datagrams. You must only see the ESP protocol and crypted datas.<br />
<br />
{{Note|If you use an [[APF27 PPS]] configured board, you can use the script ''test_ipsec.sh'' to test the OpenSSH tunnel.}}<br />
<br />
==IPTables==<br />
IPTables is a command-line interface to configure Netfilter. It can allow you to set up the chains and rules of routing in the firewall of a computer. It can also be used to access a public domain from a private network by masquerading the private IP address.<br />
<br />
===Setup===<br />
If you want to use IPTables on your system, you have to configure both Buildroot and Linux.<br />
<br />
====Linux====<br />
* In the BSP directory, run this command to launch the Linux configuration menu:<br />
<pre class="host"><br />
$ make linux26-menuconfig<br />
</pre><br />
<br />
* In the menu, select the following drivers or modules:<br />
<pre class="config"><br />
[*] Networking support ---><br />
Networking options ---><br />
[*] TCP/IP networking<br />
[*] IP: multicasting<br />
[*] IP: advanced router<br />
Choose IP: FIB lookup algorithm (choose FIB_HASH if unsure) (FIB_HASH) ---><br />
[ ] IP: policy routing<br />
[ ] IP: equal cost multipath<br />
[ ] IP: verbose route monitoring<br />
<br />
[*] Network packet filtering framework (Netfilter) ---><br />
[*] Advanced netfilter configuration<br />
[*] Bridged IP/ARP packets filtering<br />
Core Netfilter Configuration ---><br />
{*} Netfilter Xtables support (required for ip_tables)<br />
<br />
IP: Netfilter Configuration ---><br />
<M> IP tables support (required for filtering/masq/NAT)<br />
<br />
<M> Packet filtering<br />
<br />
<M> ARP tables support<br />
<M> ARP packet filtering<br />
< > ARP payload mangling<br />
</pre><br />
<br />
{{Note| If you want to use your target as a full NAT router and do masquerading, there are some advanced features you must add to Linux Kernel:<br />
<pre class="config"><br />
[*] Networking support ---><br />
Networking options ---><br />
[*] Network packet filtering framework (Netfilter) ---><br />
Core Netfilter Configuration ---><br />
<M> Netfilter connection tracking support<br />
<M> "state" match support<br />
<br />
IP: Netfilter Configuration ---><br />
<M> IPv4 connection tracking support (required for NAT)<br />
[*] proc/sysctl compatibility with old connectiion tracking<br />
<br />
<M> Full NAT<br />
<M> MASQUERADE target support<br />
<M> NETMAP target support<br />
<M> REDIRECT target support<br />
< > Basic SNMP-ALG support<br />
</pre><br />
}}<br />
<br />
{{Note|You can also add other IP tables like ''nat'' and ''mangle'' or new firewall rule options like ''LOG'' or ''REJECT'' in Netfilter page of the Linux configuration menu.}}<br />
<br />
* Now you can rebuild Linux:<br />
<pre class="host"><br />
$ make linux26-clean<br />
$ make linux26<br />
$ make<br />
</pre><br />
<br />
====Buildroot====<br />
* In the BSP directory, launch the Buildroot configuration menu:<br />
<pre class="host"><br />
$ make menuconfig<br />
</pre><br />
<br />
* Select the following packages for IPTables to be installed on target:<br />
<pre class="config"><br />
Package selection for the target ---><br />
[*] Networking ---><br />
[*] iptables<br />
</pre><br />
<br />
* Then rebuild Buildroot to generate the rootfs:<br />
<pre class="host"><br />
$ make<br />
</pre><br />
<br />
===IPTables usage===<br />
* To learn how to use IPTables to define firewall chains and rules, please refer to the [http://doc.ubuntu-fr.org/iptables Linux Ubuntu Documentation - IPTables].<br />
<br />
* You may also want to define routing rules with the command ''route''. You can refer to the [http://doc.ubuntu-fr.org/routage Linux Ubuntu Documentation - routage] to use it.<br />
<br />
===Test IPTables on [[APF27 PPS]]===<br />
To test IPTables on the target, we will implement a NAT router in the system and use it as a gateway through two computers.<br />
<br />
* First you have to enable full NAT and masquerading functionalities in Linux Kernel for your target. Please refer to the [[#full NAT router|Note for full NAT installation]] to set up these options and then rebuild Linux:<br />
<pre class="host"><br />
$ make linux26-clean<br />
$ make linux26<br />
$ make<br />
</pre><br />
<br />
* Flash the new kernel and rootfs binaries on the target.<br />
<br />
* Connect an Ethernet cable from your host Linux to the Ethernet port of the target. <br />
And connect the USB A-MiniA cable from your host Linux to your target USB OTG port.<br />
<br />
* Then you have to activate the target network interface for Ethernet and [[USB Gadget]]:<br />
<pre class="apf"><br />
# ifconfig eth0 192.168.0.208<br />
<br />
# modprobe -r smsc95xx<br />
# modprobe -r g_ether<br />
# modprobe g_ether<br />
# ifconfig usb0 192.168.2.251<br />
Freescale High-Speed USB SOC Device Controller driver (Apr 20, 2007)<br />
ULPI OTG Vendor ID 0x4cc Product ID 0x1504<br />
g_ether gadget: using random self ethernet address<br />
g_ether gadget: using random host ethernet address<br />
usb0: MAC f6:cf:00:56:1b:64<br />
usb0: HOST MAC be:60:d1:56:89:fc<br />
g_ether gadget: Ethernet Gadget, version: Memorial Day 2008<br />
g_ether gadget: g_ether ready<br />
fsl-usb2-udc: bind to driver g_ether<br />
g_ether gadget: high speed config #1: CDC Ethernet (ECM)<br />
</pre><br />
<br />
* As the USB gadget interface is connected, you must see the network ''Auto USB'' in your host's ''Network Connections''.<br />
** If you want to make your [[APF27 PPS]] a gateway, you have to use two differents sub-networks for your private network (your computer and the USB gadget interface) and for the remote network (the remote computer and the Ethernet interface).<br />
** Edit then the ''Auto USB'' network to configure it:<br />
*** The '''IP address''' must be in the same sub-network as the USB Gadget interface : for instance 192.168.2.225.<br />
*** The '''Netmask''' : 255.255.255.0<br />
*** The '''Gateway''' is your target's USB Gadget interface : here 192.168.2.251.<br />
*** A '''DNS server''': if you want to browse on Internet through the target. For instance 192.168.0.207.<br />
*** '''Search domains''': For instance armadeus-office.<br />
** Then disconnect your host PC and reconnect to the ''Auto USB'' network.<br />
<br />
* Add the ''default'' route to be able to go on the Internet:<br />
<pre class="apf"><br />
# route add default gw 192.168.0.1 eth0<br />
</pre><br />
<br />
* Configure the IP Advanced router to be able to forward the packets through the target:<br />
<pre class="apf"><br />
# echo "1" > /proc/sys/net/ipv4/ip_forward<br />
</pre><br />
<br />
* Then you have to create the rules for the NAT router/firewall with iptables:<br />
<pre class="apf"><br />
# iptables -P INPUT ACCEPT<br />
# iptables -F INPUT <br />
# iptables -P OUTPUT ACCEPT<br />
# iptables -F OUTPUT <br />
# iptables -P FORWARD DROP<br />
# iptables -F FORWARD <br />
# iptables -t nat -F<br />
nf_conntrack version 0.5.0 (1024 buckets, 4096 max)<br />
<br />
# iptables -A FORWARD -i eth0 -o usb0 -m state --state ESTABLISHED,RELATED -j ACCEPT<br />
# iptables -A FORWARD -i usb0 -o eth0 -j ACCEPT<br />
# iptables -A FORWARD -j LOG<br />
<br />
# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE<br />
</pre><br />
<br />
* To test the gateway is correctly working, you can ping on the different interface and on the remote computer from your host:<br />
<pre class="host"><br />
$ ping 192.168.2.251<br />
PING 192.168.2.251 (192.168.2.251) 56(84) bytes of data.<br />
64 bytes from 192.168.2.251: icmp_seq=1 ttl=64 time=0.736 ms<br />
<br />
$ ping 192.168.0.208<br />
PING 192.168.0.208 (192.168.0.208) 56(84) bytes of data.<br />
64 bytes from 192.168.0.208: icmp_seq=1 ttl=64 time=0.719 ms<br />
<br />
$ ping 192.168.0.1<br />
PING 192.168.0.1 (192.168.0.1) 56(84) bytes of data.<br />
64 bytes from 192.168.0.1: icmp_seq=1 ttl=63 time=1.60 ms<br />
<br />
$ ping REMOTE_ADDRESS<br />
</pre><br />
<br />
* If you have configured your network with a DNS server, you can even ping or browse an URL address on the Internet:<br />
<pre class="host"><br />
$ ping www.yahoo.fr<br />
PING any-rc.a01.yahoodns.net (87.248.120.148) 56(84) bytes of data.<br />
64 bytes from w2.rc.vip.ch1.yahoo.com (87.248.120.148): icmp_seq=1 ttl=49 time=90.3 ms<br />
</pre><br />
<br />
{{Note|If you have the IPSec activated on the remote computer and on your target, you can also securize the connection to the remote computer.<br />
On the remote computer, put the file /etc/ipsec-tools.conf and run the command:<br />
<pre class="host"><br />
$ sudo /etc/init.d/setkey start<br />
* Flushing IPsec SA/SP database: [ OK ]<br />
</pre><br />
On your target, run:<br />
<pre class="apf"><br />
# setkey -f /etc/ipsec-tools.conf<br />
</pre><br />
Then you can check with Wireshark that all datas going through the securized connection are well encrypted.<br />
}}<br />
<br />
==Links==<br />
* [https://help.ubuntu.com/community/IPSecHowTo IPSec HowTo Documentation]<br />
* [http://doc.ubuntu-fr.org/iptables IPTables Ubuntu Documentation]<br />
* [http://doc.ubuntu-fr.org/routage Routing Ubuntu Documentation]</div>JeremieShttp://armadeus.org/wiki/index.php?title=IPSec_/_IPTables&diff=9287IPSec / IPTables2010-12-23T14:22:29Z<p>JeremieS: IPSec/IPTables page creation</p>
<hr />
<div>{{Under Construction}}<br />
<br />
IPSec and IPTables are network tools that can be used together to create a VPN between two computers. IPSec securizes the connection as IPTables do the packets routing. The [[APF27 PPS] board is optimized to use these tools.<br />
<br />
==IPSec==<br />
IPSec is a protocol that securizes IP communications by authenticating and crypting packets from IP address to another, over all computer ports.<br />
<br />
===Setup===<br />
<br />
====Host PC (Ubuntu)====<br />
* You need to install the ipsec-tools package on your host:<br />
<pre class="host"><br />
$ sudo apt-get install ipsec-tools<br />
</pre><br />
<br />
* Give the file ''/etc/ipsec-tools.conf'' the access rights 700:<br />
<pre class="host"><br />
$ sudo chmod 700 /etc/ipsec-tools.conf<br />
</pre><br />
<br />
* Then edit this file and define the IPSec keys like that:<br />
<pre class="host"><br />
<br />
#!/usr/sbin/setkey -f <br />
<br />
# NOTE: Do not use this file if you use racoon with racoon-tool <br />
# utility. racoon-tool will setup SAs and SPDs automatically using <br />
# /etc/racoon/racoon-tool.conf configuration. <br />
# <br />
<br />
## Flush the SAD and SPD <br />
# <br />
flush; <br />
spdflush; <br />
<br />
# Attention: Use this keys only for testing purposes! <br />
# Generate your own keys! <br />
<br />
# AH SAs using 128 bit long keys <br />
add 192.168.0.211 192.168.0.208 ah 0x200 -A hmac-md5 <br />
0xc0291ff014dccdd03874d9e8e4cdf3e6; <br />
<br />
add 192.168.0.208 192.168.0.211 ah 0x300 -A hmac-md5 <br />
0x96358c90783bbfa3d7b196ceabe0536b; <br />
<br />
# ESP SAs using 192 bit long keys (168 + 24 parity) <br />
<br />
add 192.168.0.211 192.168.0.208 esp 0x201 -E 3des-cbc <br />
0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831; <br />
add 192.168.0.208 192.168.0.211 esp 0x301 -E 3des-cbc <br />
0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df; <br />
<br />
<br />
# Security policies <br />
spdadd 192.168.0.211 192.168.0.208 any -P in ipsec <br />
esp/transport//require <br />
ah/transport//require; <br />
<br />
spdadd 192.168.0.208 192.168.0.211 any -P out ipsec <br />
esp/transport//require <br />
ah/transport//require; <br />
<br />
spdadd 192.168.2.100 192.168.1.100 any -P in ipsec<br />
esp/transport//require<br />
ah/transport//require;<br />
</pre><br />
<br />
{{Note|In this example the host is 192.168.0.211 and the APF27 target is 192.168.0.208 but you must adapt the file to your configuration and create your own keys.}}<br />
<br />
{{Note|To generate a 192 bit key you can use the following command: <pre class="host">dd if=/dev/random count=24 bs=1| xxd -ps</pre>}}<br />
<br />
====Target (APF27)====<br />
<br />
=====Linux=====<br />
There are some drivers you need to install in Linux Kernel to make IPSec work.<br />
<br />
* To configure Linux, go into the BSP directory and run the command:<br />
<pre class="host"><br />
$ make linux26-menuconfig<br />
</pre><br />
<br />
* Select the following drivers to install in Linux configuration menu:<br />
<pre class="config"><br />
[*] Networking support ---> <br />
Networking options ---> <br />
<*> Transformation user configuration interface<br />
<br />
<*> PF_KEY sockets<br />
<br />
<*> IP: AH transformation <br />
<*> IP: ESP transformation <br />
<*> IP: IPComp transformation <br />
<*> IP: IPsec transport mode <br />
<*> IP: IPsec tunnel mode <br />
<*> IP: IPsec BEET mode <br />
<br />
[*] Cryptographic API ---><br />
<*> Null algorithms<br />
<br />
*** Authenticated Encryption with Associated Data ***<br />
<*> CCM support <br />
<*> GCM/GMAC support <br />
<br />
{*} AES cipher algorithms <br />
</pre><br />
<br />
* Then you can rebuild Linux like that:<br />
<pre class="host"><br />
$ make linux26-clean<br />
$ make linux26<br />
$ make<br />
</pre><br />
<br />
=====Buildroot=====<br />
You must install flex and networking packages like [[SSH#OpenSSH|OpenSSH]], OpenSSL and IPSec-tools.<br />
<br />
* First run this command to open the Buildroot configuration menu:<br />
<pre class="host"><br />
$ make menuconfig<br />
</pre><br />
<br />
* Select the following packages in the menu:<br />
<pre class="config"><br />
Package Selection for the target ---> <br />
[*] flex <br />
<br />
[*] Networking <br />
[*] ipsec-tools <br />
[*] Enable racoonctl(8). <br />
[ ] Enable NAT-Traversal <br />
[*] Enable IKE fragmentation.<br />
[*] Enable statistics logging function. <br />
[ ] Enable IPv6 support <br />
[ ] Enable readline input support if available. <br />
[*] Install IPSec libraries under staging_dir/lib<br />
<br />
[*] openssh<br />
-*- openssl <br />
</pre><br />
<br />
{{Note|If you want to use IPSec in a NAT router/firewall, you must enable the NAT-Traversal option:<br />
<pre class="config"><br />
Package Selection for the target ---> <br />
[*] Networking <br />
[*] ipsec-tools <br />
<br />
[*] Enable NAT-Traversal <br />
</pre><br />
}}<br />
<br />
* Then rebuild Buildroot:<br />
<pre class="host"><br />
$ make<br />
</pre><br />
<br />
===Securize the connection===<br />
Once IPSec is installed and configured on both the system and the host, you have to launch it and activate the keys.<br />
<br />
* First on your Host (Ubuntu), you have to reboot the computer or to run the command:<br />
<pre class="host"><br />
$ sudo /etc/init.d/setkey start<br />
* Flushing IPsec SA/SP database: [ OK ]<br />
</pre><br />
If you want to see the generated keys:<br />
<pre class="host"><br />
$ sudo setkey -D<br />
</pre><br />
<br />
* On the target (APF27), you can run the command:<br />
<pre class="apf"><br />
# setkey -f /etc/ipsec-tools.conf<br />
</pre><br />
And you can check the keys with:<br />
<pre class="apf"><br />
# setkey -D<br />
</pre><br />
<br />
===Test IPSec===<br />
* To check that datas are correctly encrypted through the securized connection, launch Wireshark on your host PC and put a capture filter on your host address:<br />
<pre class="host"><br />
$ sudo wireshark<br />
</pre><br />
<br />
* Then you can try to establish a connection between the system and your host with Telnet. <br />
Run the following command on the target:<br />
<pre class="apf"><br />
# telnet -l $USERNAME $HOST_IP<br />
</pre><br />
For instance if you want to connect to computer 192.168.0.225 with the user toto:<br />
<pre class="apf"><br />
# telnet -l toto 192.168.0.225<br />
<br />
Entering character mode<br />
Escape character is '^]'.<br />
<br />
Password: <br />
Last login: Thu Dec 23 14:35:40 CET 2010 from localhost on pts/5<br />
Linux laptop-jeremie-ubuntu 2.6.31-20-generic-pae #58-Ubuntu SMP Fri Mar 12 06:25:51 UTC 2010 i686<br />
<br />
To access official Ubuntu documentation, please visit:<br />
http://help.ubuntu.com/<br />
</pre><br />
You can also connect without the username. When you are asked to fill the username, it will also be encrypted.<br />
<br />
* When you enter the password to connect to your host, check in Wireshark that you can't see the protocol name (Telnet in our example) nor the password in the datagrams. You must only see the ESP protocol and crypted datas.<br />
<br />
{{Note|If you use an [[APF27 PPS]] configured board, you can use the script ''test_ipsec.sh'' to test the OpenSSH tunnel.}}<br />
<br />
==IPTables==<br />
IPTables is a command-line interface to configure Netfilter. It can allow you to set up the chains and rules of routing in the firewall of a computer. It can also be used to access a public domain from a private network by masquerading the private IP address.<br />
<br />
===Setup===<br />
If you want to use IPTables on your system, you have to configure both Buildroot and Linux.<br />
<br />
====Linux====<br />
* In the BSP directory, run this command to launch the Linux configuration menu:<br />
<pre class="host"><br />
$ make linux26-menuconfig<br />
</pre><br />
<br />
* In the menu, select the following drivers or modules:<br />
<pre class="config"><br />
[*] Networking support ---><br />
Networking options ---><br />
[*] TCP/IP networking<br />
[*] IP: multicasting<br />
[*] IP: advanced router<br />
Choose IP: FIB lookup algorithm (choose FIB_HASH if unsure) (FIB_HASH) ---><br />
[ ] IP: policy routing<br />
[ ] IP: equal cost multipath<br />
[ ] IP: verbose route monitoring<br />
<br />
[*] Network packet filtering framework (Netfilter) ---><br />
[*] Advanced netfilter configuration<br />
[*] Bridged IP/ARP packets filtering<br />
Core Netfilter Configuration ---><br />
{*} Netfilter Xtables support (required for ip_tables)<br />
<br />
IP: Netfilter Configuration ---><br />
<M> IP tables support (required for filtering/masq/NAT)<br />
<br />
<M> Packet filtering<br />
<br />
<M> ARP tables support<br />
<M> ARP packet filtering<br />
< > ARP payload mangling<br />
</pre><br />
<br />
{{Note| If you want to use your target as a full NAT router and do masquerading, there are some advanced features you must add to Linux Kernel:<br />
<pre class="config"><br />
[*] Networking support ---><br />
Networking options ---><br />
[*] Network packet filtering framework (Netfilter) ---><br />
Core Netfilter Configuration ---><br />
<M> Netfilter connection tracking support<br />
<M> "state" match support<br />
<br />
IP: Netfilter Configuration ---><br />
<M> IPv4 connection tracking support (required for NAT)<br />
[*] proc/sysctl compatibility with old connectiion tracking<br />
<br />
<M> Full NAT<br />
<M> MASQUERADE target support<br />
<M> NETMAP target support<br />
<M> REDIRECT target support<br />
< > Basic SNMP-ALG support<br />
</pre><br />
}}<br />
<br />
{{Note|You can also add other IP tables like ''nat'' and ''mangle'' or new firewall rule options like ''LOG'' or ''REJECT'' in Netfilter page of the Linux configuration menu.}}<br />
<br />
* Now you can rebuild Linux:<br />
<pre class="host"><br />
$ make linux26-clean<br />
$ make linux26<br />
$ make<br />
</pre><br />
<br />
====Buildroot====<br />
* In the BSP directory, launch the Buildroot configuration menu:<br />
<pre class="host"><br />
$ make menuconfig<br />
</pre><br />
<br />
* Select the following packages for IPTables to be installed on target:<br />
<pre class="config"><br />
Package selection for the target ---><br />
[*] Networking ---><br />
[*] iptables<br />
</pre><br />
<br />
* Then rebuild Buildroot to generate the rootfs:<br />
<pre class="host"><br />
$ make<br />
</pre><br />
<br />
===IPTables usage===<br />
* To learn how to use IPTables to define firewall chains and rules, please refer to the [http://doc.ubuntu-fr.org/iptables Linux Ubuntu Documentation - IPTables].<br />
<br />
* You may also want to define routing rules with the command ''route''. You can refer to the [http://doc.ubuntu-fr.org/routage Linux Ubuntu Documentation - routage] to use it.<br />
<br />
===Test IPTables on [[APF27 PPS]]===<br />
To test IPTables on the target, we will implement a NAT router in the system and use it as a gateway through two computers.<br />
<br />
* First you have to enable full NAT and masquerading functionalities in Linux Kernel for your target. Please refer to the [[#full NAT router|Note for full NAT installation]] to set up these options and then rebuild Linux:<br />
<pre class="host"><br />
$ make linux26-clean<br />
$ make linux26<br />
$ make<br />
</pre><br />
<br />
* Flash the new kernel and rootfs binaries on the target.<br />
<br />
* Connect an Ethernet cable from your host Linux to the Ethernet port of the target. <br />
And connect the USB A-MiniA cable from your host Linux to your target USB OTG port.<br />
<br />
* Then you have to activate the target network interface for Ethernet and [[USB Gadget]]:<br />
<pre class="apf"><br />
# ifconfig eth0 192.168.0.208<br />
<br />
# modprobe -r smsc95xx<br />
# modprobe -r g_ether<br />
# modprobe g_ether<br />
# ifconfig usb0 192.168.2.251<br />
Freescale High-Speed USB SOC Device Controller driver (Apr 20, 2007)<br />
ULPI OTG Vendor ID 0x4cc Product ID 0x1504<br />
g_ether gadget: using random self ethernet address<br />
g_ether gadget: using random host ethernet address<br />
usb0: MAC f6:cf:00:56:1b:64<br />
usb0: HOST MAC be:60:d1:56:89:fc<br />
g_ether gadget: Ethernet Gadget, version: Memorial Day 2008<br />
g_ether gadget: g_ether ready<br />
fsl-usb2-udc: bind to driver g_ether<br />
g_ether gadget: high speed config #1: CDC Ethernet (ECM)<br />
</pre><br />
<br />
* As the USB gadget interface is connected, you must see the network ''Auto USB'' in your host's ''Network Connections''.<br />
** If you want to make your [[APF27 PPS]] a gateway, you have to use two differents sub-networks for your private network (your computer and the USB gadget interface) and for the remote network (the remote computer and the Ethernet interface).<br />
** Edit then the ''Auto USB'' network to configure it:<br />
*** The '''IP address''' must be in the same sub-network as the USB Gadget interface : for instance 192.168.2.225.<br />
*** The '''Netmask''' : 255.255.255.0<br />
*** The '''Gateway''' is your target's USB Gadget interface : here 192.168.2.251.<br />
*** A '''DNS server''': if you want to browse on Internet through the target. For instance 192.168.0.207.<br />
*** '''Search domains''': For instance armadeus-office.<br />
** Then disconnect your host PC and reconnect to the ''Auto USB'' network.<br />
<br />
* Add the ''default'' route to be able to go on the Internet:<br />
<pre class="apf"><br />
# route add default gw 192.168.0.1 eth0<br />
</pre><br />
<br />
* Configure the IP Advanced router to be able to forward the packets through the target:<br />
<pre class="apf"><br />
# echo "1" > /proc/sys/net/ipv4/ip_forward<br />
</pre><br />
<br />
* Then you have to create the rules for the NAT router/firewall with iptables:<br />
<pre class="apf"><br />
# iptables -P INPUT ACCEPT<br />
# iptables -F INPUT <br />
# iptables -P OUTPUT ACCEPT<br />
# iptables -F OUTPUT <br />
# iptables -P FORWARD DROP<br />
# iptables -F FORWARD <br />
# iptables -t nat -F<br />
nf_conntrack version 0.5.0 (1024 buckets, 4096 max)<br />
<br />
# iptables -A FORWARD -i eth0 -o usb0 -m state --state ESTABLISHED,RELATED -j ACCEPT<br />
# iptables -A FORWARD -i usb0 -o eth0 -j ACCEPT<br />
# iptables -A FORWARD -j LOG<br />
<br />
# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE<br />
</pre><br />
<br />
* To test the gateway is correctly working, you can ping on the different interface and on the remote computer from your host:<br />
<pre class="host"><br />
$ ping 192.168.2.251<br />
PING 192.168.2.251 (192.168.2.251) 56(84) bytes of data.<br />
64 bytes from 192.168.2.251: icmp_seq=1 ttl=64 time=0.736 ms<br />
<br />
$ ping 192.168.0.208<br />
PING 192.168.0.208 (192.168.0.208) 56(84) bytes of data.<br />
64 bytes from 192.168.0.208: icmp_seq=1 ttl=64 time=0.719 ms<br />
<br />
$ ping 192.168.0.1<br />
PING 192.168.0.1 (192.168.0.1) 56(84) bytes of data.<br />
64 bytes from 192.168.0.1: icmp_seq=1 ttl=63 time=1.60 ms<br />
<br />
$ ping REMOTE_ADDRESS<br />
</pre><br />
<br />
* If you have configured your network with a DNS server, you can even ping or browse an URL address on the Internet:<br />
<pre class="host"><br />
$ ping www.yahoo.fr<br />
PING any-rc.a01.yahoodns.net (87.248.120.148) 56(84) bytes of data.<br />
64 bytes from w2.rc.vip.ch1.yahoo.com (87.248.120.148): icmp_seq=1 ttl=49 time=90.3 ms<br />
</pre><br />
<br />
{{Note|If you have the IPSec activated on the remote computer and on your target, you can also securize the connection to the remote computer.<br />
On the remote computer, put the file /etc/ipsec-tools.conf and run the command:<br />
<pre class="host"><br />
$ sudo /etc/init.d/setkey start<br />
* Flushing IPsec SA/SP database: [ OK ]<br />
</pre><br />
On your target, run:<br />
<pre class="apf"><br />
# setkey -f /etc/ipsec-tools.conf<br />
</pre><br />
Then you can check with Wireshark that all datas going through the securized connection are well encrypted.<br />
}}<br />
<br />
==Links==<br />
* [https://help.ubuntu.com/community/IPSecHowTo IPSec HowTo Documentation]<br />
* [http://doc.ubuntu-fr.org/iptables IPTables Ubuntu Documentation]<br />
* [http://doc.ubuntu-fr.org/routage Routing Ubuntu Documentation]</div>JeremieShttp://armadeus.org/wiki/index.php?title=SSH&diff=9286SSH2010-12-23T13:41:10Z<p>JeremieS: /* Create SSH tunnel */</p>
<hr />
<div>Secure Shell or SSH is a network protocol that allows data to be exchanged over a secure channel between two computers. Encryption provides confidentiality and integrity of data. SSH uses public-key cryptography to authenticate the remote computer and allow the remote computer to authenticate the user, if necessary.<br><br />
In short, SSH allows you to connect to your board from a remote PC using a secured/encrypted Ethernet connection.<br />
<br />
==Dropbear==<br />
<br />
===Setup===<br />
We use the lightweight Dropbear SSH server. To install it on your rootfs, launch Buildroot configuration:<br />
<pre class="host"><br />
$ make menuconfig<br />
</pre><br />
<pre class="config"><br />
Package Selection for the target ---><br />
[*] Networking ---><br />
[*] dropbear<br />
</pre><br />
<br />
Then rebuild your system and reflash your board.<br />
<pre class="host"><br />
$ make<br />
</pre><br />
<br />
===Usage===<br />
* If you have reflashed your rootfs with dropbear installed, then at first startup it should generates your private and public keys:<br />
<pre class="apf"><br />
Generating RSA Key...<br />
Will output 1024 bit rsa secret key to '/etc/dropbear/dropbear_rsa_host_key'<br />
Generating key, this may take a while...<br />
Public key portion is:<br />
ssh-rsa ........<br />
Fingerprint: md5 82:a2:a3:65:8c:e4:2b:ec:35:27:03:23:2c:f8:91:e9<br />
Generating DSS Key...<br />
Will output 1024 bit dss secret key to '/etc/dropbear/dropbear_dss_host_key'<br />
Generating key, this may take a while...<br />
Public key portion is:<br />
ssh-dss <br />
........<br />
Fingerprint: md5 43:4d:e6:52:df:6b:1f:c3:93:e9:49:e3:92:e7:a1:b2<br />
Starting dropbear sshd:<br />
</pre><br />
<br />
* Be sure to have setup a root password on your board. '''If not then:'''<br />
<pre class="apf"><br />
# passwd<br />
Changing password for root<br />
Enter the new password (minimum of 5, maximum of 8 characters)<br />
Please use a combination of upper and lower case letters and numbers.<br />
Enter new password: *****<br />
Re-enter new password: ******<br />
Password changed.<br />
</pre><br />
<br />
* To test your SSH connection, then on your PC launch (replace 192.168.0.3 with your board IP):<br />
<pre class="host"><br />
[armadeus] $ ssh root@192.168.0.3<br />
The authenticity of host '192.168.0.3 (192.168.0.3)' can't be established.<br />
RSA key fingerprint is 82:a2:a3:65:8c:e4:2b:xx:xx:xx:xx:xx:2c:f8:91:e9.<br />
Are you sure you want to continue connecting (yes/no)? yes<br />
Warning: Permanently added '192.168.0.3' (RSA) to the list of known hosts.<br />
</pre><br />
<pre class="apf"><br />
root@192.168.0.3's password:<br />
<br />
BusyBox v1.2.2 (2007.06.25-15:53+0000) Built-in shell (ash)<br />
Enter 'help' for a list of built-in commands.<br />
#<br />
</pre><br />
<br />
==OpenSSH==<br />
<br />
OpenSSH is a tool that allows securized communications between two computers. It can be used to create a securized tunnel between two ports of the connected computers. All datas that go through this tunnel are encrypted.<br />
<br />
===Setup===<br />
<br />
====Host PC (Ubuntu)====<br />
* First you have to install telnetd to accept telnet connection from target and Wireshark, a network scanning tool, to check the data encryption :<br />
<pre class="host"><br />
$ sudo apt-get install telnetd <br />
$ sudo /etc/init.d/xinetd restart<br />
$ sudo apt-get install wireshark <br />
</pre><br />
<br />
* Then install OpenSSH server if necessary :<br />
<pre class="host"><br />
$ sudo apt-get install openssh-server openssl<br />
</pre><br />
<br />
* You now have to configure your OpenSSH server to accept connections from the securized port you will use to mask the real host port over SSH connection.<br />
To do that, you have to add the port to the file ''/etc/ssh/sshd_config''.<br />
For instance, we choose the port 32490:<br />
<pre class="host"><br />
# Package generated configuration file<br />
# See the sshd(8) manpage for details<br />
<br />
# What ports, IPs and protocols we listen for<br />
Port 22<br />
'''Port 32490'''<br />
# Use these options to restrict which interfaces/protocols sshd will bind to<br />
#ListenAddress ::<br />
#ListenAddress 0.0.0.0<br />
Protocol 2<br />
# HostKeys for protocol version 2<br />
HostKey /etc/ssh/ssh_host_rsa_key<br />
HostKey /etc/ssh/ssh_host_dsa_key<br />
#Privilege Separation is turned on for security<br />
UsePrivilegeSeparation yes<br />
</pre><br />
<br />
====Target (APF27)====<br />
The packages OpenSSH and OpenSSL must be compiled in Buildroot.<br />
<br />
* First launch the Buildroot menu configuration:<br />
<pre class="host"><br />
$ make menuconfig<br />
</pre><br />
<br />
* Then select the packages:<br />
<pre class="config"><br />
Package Selection for the target ---><br />
[*] Networking ---><br />
[*] openssh<br />
-*- openssl<br />
[*] openssl binary<br />
[ ] openssl additional engines<br />
</pre><br />
<br />
* And compile your Buildroot with the command:<br />
<pre class="host"><br />
$ make<br />
</pre><br />
<br />
===Create SSH tunnel===<br />
* On the target, run the following command to create the tunnel between the two machines:<br />
<pre class="apf"><br />
# ssh -fN -L $TARGET_PORT:localhost:$HOST_PORT -C $USERNAME@$HOSTNAME -p $VIRTUALPORT<br />
</pre><br />
Enter then the password to connect to your host.<br />
<br />
* For instance, if you want to securize the Telnet port 23 toward the address toto@192.168.0.210 with the virtual port 32490:<br />
<pre class="apf"><br />
# ssh -fN -L 23:localhost:23 -C toto@192.168.0.210 -p 32490<br />
jeremie@192.168.0.225's password: <br />
#<br />
</pre><br />
<br />
===Test the tunnel===<br />
* To check that datas are correctly encrypted through the tunnel, launch Wireshark on your host PC and put a capture filter on your host address:<br />
<pre class="host"><br />
$ sudo wireshark<br />
</pre><br />
<br />
* If you have securized a Telnet port, you can try to establish a connection between the system and your host with Telnet. <br />
Run the following command on your system:<br />
<pre class="apf"><br />
# telnet localhost<br />
<br />
Entering character mode<br />
Escape character is '^]'.<br />
<br />
Ubuntu 9.10<br />
laptop-jeremie-ubuntu login: <br />
<br />
Password: <br />
Last login: Tue Dec 21 15:01:50 CET 2010 from localhost on pts/6<br />
Linux laptop-jeremie-ubuntu 2.6.31-20-generic-pae #58-Ubuntu SMP Fri Mar 12 06:25:51 UTC 2010 i686<br />
<br />
To access official Ubuntu documentation, please visit:<br />
http://help.ubuntu.com/<br />
</pre><br />
You have to connect to localhost because SSH will automatically redirect it to the address you specified when creating the tunnel.<br />
<br />
* When you enter the password to connect to your host, check in Wireshark that you can't see the protocol name (Telnet in our example) nor the password in the datagrams. You must only see the TCP protocol and crypted datas.<br />
<br />
{{Note|If you use an [[APF27 PPS]] configured board, you can use the script ''test_ssh_tunnel.sh'' to test the OpenSSH tunnel.}}<br />
<br />
==Links==<br />
* http://en.wikipedia.org/wiki/Secure_shell<br />
* [http://matt.ucc.asn.au/dropbear/dropbear.html Dropbear Webpage]<br />
* [[Telnet | Unsecured remote access with Telnet protocol]]<br />
* [http://www.openssh.com/ OpenSSH Webpage]<br />
* [http://www.wireshark.org/ Wireshark Webpage]<br />
<br />
[[Category:Network]]<br />
[[Category:Security]]</div>JeremieShttp://armadeus.org/wiki/index.php?title=SSH&diff=9285SSH2010-12-23T13:40:43Z<p>JeremieS: /* Create SSH tunnel */</p>
<hr />
<div>Secure Shell or SSH is a network protocol that allows data to be exchanged over a secure channel between two computers. Encryption provides confidentiality and integrity of data. SSH uses public-key cryptography to authenticate the remote computer and allow the remote computer to authenticate the user, if necessary.<br><br />
In short, SSH allows you to connect to your board from a remote PC using a secured/encrypted Ethernet connection.<br />
<br />
==Dropbear==<br />
<br />
===Setup===<br />
We use the lightweight Dropbear SSH server. To install it on your rootfs, launch Buildroot configuration:<br />
<pre class="host"><br />
$ make menuconfig<br />
</pre><br />
<pre class="config"><br />
Package Selection for the target ---><br />
[*] Networking ---><br />
[*] dropbear<br />
</pre><br />
<br />
Then rebuild your system and reflash your board.<br />
<pre class="host"><br />
$ make<br />
</pre><br />
<br />
===Usage===<br />
* If you have reflashed your rootfs with dropbear installed, then at first startup it should generates your private and public keys:<br />
<pre class="apf"><br />
Generating RSA Key...<br />
Will output 1024 bit rsa secret key to '/etc/dropbear/dropbear_rsa_host_key'<br />
Generating key, this may take a while...<br />
Public key portion is:<br />
ssh-rsa ........<br />
Fingerprint: md5 82:a2:a3:65:8c:e4:2b:ec:35:27:03:23:2c:f8:91:e9<br />
Generating DSS Key...<br />
Will output 1024 bit dss secret key to '/etc/dropbear/dropbear_dss_host_key'<br />
Generating key, this may take a while...<br />
Public key portion is:<br />
ssh-dss <br />
........<br />
Fingerprint: md5 43:4d:e6:52:df:6b:1f:c3:93:e9:49:e3:92:e7:a1:b2<br />
Starting dropbear sshd:<br />
</pre><br />
<br />
* Be sure to have setup a root password on your board. '''If not then:'''<br />
<pre class="apf"><br />
# passwd<br />
Changing password for root<br />
Enter the new password (minimum of 5, maximum of 8 characters)<br />
Please use a combination of upper and lower case letters and numbers.<br />
Enter new password: *****<br />
Re-enter new password: ******<br />
Password changed.<br />
</pre><br />
<br />
* To test your SSH connection, then on your PC launch (replace 192.168.0.3 with your board IP):<br />
<pre class="host"><br />
[armadeus] $ ssh root@192.168.0.3<br />
The authenticity of host '192.168.0.3 (192.168.0.3)' can't be established.<br />
RSA key fingerprint is 82:a2:a3:65:8c:e4:2b:xx:xx:xx:xx:xx:2c:f8:91:e9.<br />
Are you sure you want to continue connecting (yes/no)? yes<br />
Warning: Permanently added '192.168.0.3' (RSA) to the list of known hosts.<br />
</pre><br />
<pre class="apf"><br />
root@192.168.0.3's password:<br />
<br />
BusyBox v1.2.2 (2007.06.25-15:53+0000) Built-in shell (ash)<br />
Enter 'help' for a list of built-in commands.<br />
#<br />
</pre><br />
<br />
==OpenSSH==<br />
<br />
OpenSSH is a tool that allows securized communications between two computers. It can be used to create a securized tunnel between two ports of the connected computers. All datas that go through this tunnel are encrypted.<br />
<br />
===Setup===<br />
<br />
====Host PC (Ubuntu)====<br />
* First you have to install telnetd to accept telnet connection from target and Wireshark, a network scanning tool, to check the data encryption :<br />
<pre class="host"><br />
$ sudo apt-get install telnetd <br />
$ sudo /etc/init.d/xinetd restart<br />
$ sudo apt-get install wireshark <br />
</pre><br />
<br />
* Then install OpenSSH server if necessary :<br />
<pre class="host"><br />
$ sudo apt-get install openssh-server openssl<br />
</pre><br />
<br />
* You now have to configure your OpenSSH server to accept connections from the securized port you will use to mask the real host port over SSH connection.<br />
To do that, you have to add the port to the file ''/etc/ssh/sshd_config''.<br />
For instance, we choose the port 32490:<br />
<pre class="host"><br />
# Package generated configuration file<br />
# See the sshd(8) manpage for details<br />
<br />
# What ports, IPs and protocols we listen for<br />
Port 22<br />
'''Port 32490'''<br />
# Use these options to restrict which interfaces/protocols sshd will bind to<br />
#ListenAddress ::<br />
#ListenAddress 0.0.0.0<br />
Protocol 2<br />
# HostKeys for protocol version 2<br />
HostKey /etc/ssh/ssh_host_rsa_key<br />
HostKey /etc/ssh/ssh_host_dsa_key<br />
#Privilege Separation is turned on for security<br />
UsePrivilegeSeparation yes<br />
</pre><br />
<br />
====Target (APF27)====<br />
The packages OpenSSH and OpenSSL must be compiled in Buildroot.<br />
<br />
* First launch the Buildroot menu configuration:<br />
<pre class="host"><br />
$ make menuconfig<br />
</pre><br />
<br />
* Then select the packages:<br />
<pre class="config"><br />
Package Selection for the target ---><br />
[*] Networking ---><br />
[*] openssh<br />
-*- openssl<br />
[*] openssl binary<br />
[ ] openssl additional engines<br />
</pre><br />
<br />
* And compile your Buildroot with the command:<br />
<pre class="host"><br />
$ make<br />
</pre><br />
<br />
===Create SSH tunnel===<br />
* On the target, run the following command to create the tunnel between the two machines:<br />
<pre class="apf"><br />
# ssh -fN -L TARGET_PORT:localhost:HOST_PORT -C USERNAME@HOSTNAME -p VIRTUALPORT<br />
</pre><br />
Enter then the password to connect to your host.<br />
<br />
* For instance, if you want to securize the Telnet port 23 toward the address toto@192.168.0.210 with the virtual port 32490:<br />
<pre class="apf"><br />
# ssh -fN -L 23:localhost:23 -C toto@192.168.0.210 -p 32490<br />
jeremie@192.168.0.225's password: <br />
#<br />
</pre><br />
<br />
===Test the tunnel===<br />
* To check that datas are correctly encrypted through the tunnel, launch Wireshark on your host PC and put a capture filter on your host address:<br />
<pre class="host"><br />
$ sudo wireshark<br />
</pre><br />
<br />
* If you have securized a Telnet port, you can try to establish a connection between the system and your host with Telnet. <br />
Run the following command on your system:<br />
<pre class="apf"><br />
# telnet localhost<br />
<br />
Entering character mode<br />
Escape character is '^]'.<br />
<br />
Ubuntu 9.10<br />
laptop-jeremie-ubuntu login: <br />
<br />
Password: <br />
Last login: Tue Dec 21 15:01:50 CET 2010 from localhost on pts/6<br />
Linux laptop-jeremie-ubuntu 2.6.31-20-generic-pae #58-Ubuntu SMP Fri Mar 12 06:25:51 UTC 2010 i686<br />
<br />
To access official Ubuntu documentation, please visit:<br />
http://help.ubuntu.com/<br />
</pre><br />
You have to connect to localhost because SSH will automatically redirect it to the address you specified when creating the tunnel.<br />
<br />
* When you enter the password to connect to your host, check in Wireshark that you can't see the protocol name (Telnet in our example) nor the password in the datagrams. You must only see the TCP protocol and crypted datas.<br />
<br />
{{Note|If you use an [[APF27 PPS]] configured board, you can use the script ''test_ssh_tunnel.sh'' to test the OpenSSH tunnel.}}<br />
<br />
==Links==<br />
* http://en.wikipedia.org/wiki/Secure_shell<br />
* [http://matt.ucc.asn.au/dropbear/dropbear.html Dropbear Webpage]<br />
* [[Telnet | Unsecured remote access with Telnet protocol]]<br />
* [http://www.openssh.com/ OpenSSH Webpage]<br />
* [http://www.wireshark.org/ Wireshark Webpage]<br />
<br />
[[Category:Network]]<br />
[[Category:Security]]</div>JeremieShttp://armadeus.org/wiki/index.php?title=WPA_supplicant&diff=9284WPA supplicant2010-12-23T13:38:24Z<p>JeremieS: /* Stop it */</p>
<hr />
<div>When dealing with "strong" encryption of WiFi networks, you have to setup a WPA or WPA2 configuration.<br />
To handle the requirements of these protocols during association, a userspace daemon is needed: it is called a WPA supplicant.<br />
The most used one on Linux is ''wpa_supplicant''; we will see here how to install and configure it.<br />
<br />
{{Note|wpa_supplicant is also able to handle WEP connections}}<br />
<br />
==Installation==<br />
<pre class="host"><br />
$ make menuconfig<br />
</pre><br />
<br />
<pre class="config"><br />
Package Selection for the target ---><br />
Networking ---><br />
[*] wpa_supplicant<br />
[ ] Enable WPA with EAP<br />
[*] Install wpa_cli binary<br />
[ ] Install wpa_passphrase binary<br />
</pre><br />
<br />
EAP is only needed if you plan to use WPA in Enterprise mode == with a Radius server.<br />
<br />
==Usage==<br />
wpa_supplicant needs a configuration file in ''/etc/wpa_supplicant.conf''.<br />
Here is an example:<br />
ctrl_interface=/var/run/wpa_supplicant<br />
ctrl_interface_group=wheel<br />
network={<br />
ssid="''SSID''"<br />
scan_ssid=1<br />
proto=WPA<br />
key_mgmt=WPA-PSK<br />
pairwise=TKIP<br />
psk="''PASSPHRASE''"<br />
}<br />
<br />
Then you can create the Wifi connexion with WPA Supplicant:<br />
<pre class="apf"><br />
# ifconfig iwlan0 up<br />
# wpa_supplicant -iwlan0 -c /etc/wpa_supplicant.conf -Dwext -B dhclient<br />
</pre><br />
<br />
==Stop it==<br />
To stop WPA Supplicant daemon and switch off the connexion, you can use this command:<br />
<pre class="apf"><br />
# wpa_cli terminate<br />
</pre><br />
<br />
==Links==<br />
* [http://hostap.epitest.fi/gitweb/gitweb.cgi?p=hostap.git;a=blob_plain;f=wpa_supplicant/README wpa_supplicant README]<br />
* [http://hostap.epitest.fi/wpa_supplicant/ wpa_supplicant Webpage]<br />
<br />
[[Category:Wireless]]<br />
[[Category:Security]]</div>JeremieShttp://armadeus.org/wiki/index.php?title=WPA_supplicant&diff=9283WPA supplicant2010-12-23T13:38:00Z<p>JeremieS: /* Usage */</p>
<hr />
<div>When dealing with "strong" encryption of WiFi networks, you have to setup a WPA or WPA2 configuration.<br />
To handle the requirements of these protocols during association, a userspace daemon is needed: it is called a WPA supplicant.<br />
The most used one on Linux is ''wpa_supplicant''; we will see here how to install and configure it.<br />
<br />
{{Note|wpa_supplicant is also able to handle WEP connections}}<br />
<br />
==Installation==<br />
<pre class="host"><br />
$ make menuconfig<br />
</pre><br />
<br />
<pre class="config"><br />
Package Selection for the target ---><br />
Networking ---><br />
[*] wpa_supplicant<br />
[ ] Enable WPA with EAP<br />
[*] Install wpa_cli binary<br />
[ ] Install wpa_passphrase binary<br />
</pre><br />
<br />
EAP is only needed if you plan to use WPA in Enterprise mode == with a Radius server.<br />
<br />
==Usage==<br />
wpa_supplicant needs a configuration file in ''/etc/wpa_supplicant.conf''.<br />
Here is an example:<br />
ctrl_interface=/var/run/wpa_supplicant<br />
ctrl_interface_group=wheel<br />
network={<br />
ssid="''SSID''"<br />
scan_ssid=1<br />
proto=WPA<br />
key_mgmt=WPA-PSK<br />
pairwise=TKIP<br />
psk="''PASSPHRASE''"<br />
}<br />
<br />
Then you can create the Wifi connexion with WPA Supplicant:<br />
<pre class="apf"><br />
# ifconfig iwlan0 up<br />
# wpa_supplicant -iwlan0 -c /etc/wpa_supplicant.conf -Dwext -B dhclient<br />
</pre><br />
<br />
==Stop it==<br />
To stop WPA Supplicant daemon and switch off the connexion, you can use this command:<br />
<pre class="host"><br />
wpa_cli terminate<br />
</pre><br />
<br />
==Links==<br />
* [http://hostap.epitest.fi/gitweb/gitweb.cgi?p=hostap.git;a=blob_plain;f=wpa_supplicant/README wpa_supplicant README]<br />
* [http://hostap.epitest.fi/wpa_supplicant/ wpa_supplicant Webpage]<br />
<br />
[[Category:Wireless]]<br />
[[Category:Security]]</div>JeremieShttp://armadeus.org/wiki/index.php?title=SSH&diff=9282SSH2010-12-23T13:36:10Z<p>JeremieS: /* Test the tunnel */</p>
<hr />
<div>Secure Shell or SSH is a network protocol that allows data to be exchanged over a secure channel between two computers. Encryption provides confidentiality and integrity of data. SSH uses public-key cryptography to authenticate the remote computer and allow the remote computer to authenticate the user, if necessary.<br><br />
In short, SSH allows you to connect to your board from a remote PC using a secured/encrypted Ethernet connection.<br />
<br />
==Dropbear==<br />
<br />
===Setup===<br />
We use the lightweight Dropbear SSH server. To install it on your rootfs, launch Buildroot configuration:<br />
<pre class="host"><br />
$ make menuconfig<br />
</pre><br />
<pre class="config"><br />
Package Selection for the target ---><br />
[*] Networking ---><br />
[*] dropbear<br />
</pre><br />
<br />
Then rebuild your system and reflash your board.<br />
<pre class="host"><br />
$ make<br />
</pre><br />
<br />
===Usage===<br />
* If you have reflashed your rootfs with dropbear installed, then at first startup it should generates your private and public keys:<br />
<pre class="apf"><br />
Generating RSA Key...<br />
Will output 1024 bit rsa secret key to '/etc/dropbear/dropbear_rsa_host_key'<br />
Generating key, this may take a while...<br />
Public key portion is:<br />
ssh-rsa ........<br />
Fingerprint: md5 82:a2:a3:65:8c:e4:2b:ec:35:27:03:23:2c:f8:91:e9<br />
Generating DSS Key...<br />
Will output 1024 bit dss secret key to '/etc/dropbear/dropbear_dss_host_key'<br />
Generating key, this may take a while...<br />
Public key portion is:<br />
ssh-dss <br />
........<br />
Fingerprint: md5 43:4d:e6:52:df:6b:1f:c3:93:e9:49:e3:92:e7:a1:b2<br />
Starting dropbear sshd:<br />
</pre><br />
<br />
* Be sure to have setup a root password on your board. '''If not then:'''<br />
<pre class="apf"><br />
# passwd<br />
Changing password for root<br />
Enter the new password (minimum of 5, maximum of 8 characters)<br />
Please use a combination of upper and lower case letters and numbers.<br />
Enter new password: *****<br />
Re-enter new password: ******<br />
Password changed.<br />
</pre><br />
<br />
* To test your SSH connection, then on your PC launch (replace 192.168.0.3 with your board IP):<br />
<pre class="host"><br />
[armadeus] $ ssh root@192.168.0.3<br />
The authenticity of host '192.168.0.3 (192.168.0.3)' can't be established.<br />
RSA key fingerprint is 82:a2:a3:65:8c:e4:2b:xx:xx:xx:xx:xx:2c:f8:91:e9.<br />
Are you sure you want to continue connecting (yes/no)? yes<br />
Warning: Permanently added '192.168.0.3' (RSA) to the list of known hosts.<br />
</pre><br />
<pre class="apf"><br />
root@192.168.0.3's password:<br />
<br />
BusyBox v1.2.2 (2007.06.25-15:53+0000) Built-in shell (ash)<br />
Enter 'help' for a list of built-in commands.<br />
#<br />
</pre><br />
<br />
==OpenSSH==<br />
<br />
OpenSSH is a tool that allows securized communications between two computers. It can be used to create a securized tunnel between two ports of the connected computers. All datas that go through this tunnel are encrypted.<br />
<br />
===Setup===<br />
<br />
====Host PC (Ubuntu)====<br />
* First you have to install telnetd to accept telnet connection from target and Wireshark, a network scanning tool, to check the data encryption :<br />
<pre class="host"><br />
$ sudo apt-get install telnetd <br />
$ sudo /etc/init.d/xinetd restart<br />
$ sudo apt-get install wireshark <br />
</pre><br />
<br />
* Then install OpenSSH server if necessary :<br />
<pre class="host"><br />
$ sudo apt-get install openssh-server openssl<br />
</pre><br />
<br />
* You now have to configure your OpenSSH server to accept connections from the securized port you will use to mask the real host port over SSH connection.<br />
To do that, you have to add the port to the file ''/etc/ssh/sshd_config''.<br />
For instance, we choose the port 32490:<br />
<pre class="host"><br />
# Package generated configuration file<br />
# See the sshd(8) manpage for details<br />
<br />
# What ports, IPs and protocols we listen for<br />
Port 22<br />
'''Port 32490'''<br />
# Use these options to restrict which interfaces/protocols sshd will bind to<br />
#ListenAddress ::<br />
#ListenAddress 0.0.0.0<br />
Protocol 2<br />
# HostKeys for protocol version 2<br />
HostKey /etc/ssh/ssh_host_rsa_key<br />
HostKey /etc/ssh/ssh_host_dsa_key<br />
#Privilege Separation is turned on for security<br />
UsePrivilegeSeparation yes<br />
</pre><br />
<br />
====Target (APF27)====<br />
The packages OpenSSH and OpenSSL must be compiled in Buildroot.<br />
<br />
* First launch the Buildroot menu configuration:<br />
<pre class="host"><br />
$ make menuconfig<br />
</pre><br />
<br />
* Then select the packages:<br />
<pre class="config"><br />
Package Selection for the target ---><br />
[*] Networking ---><br />
[*] openssh<br />
-*- openssl<br />
[*] openssl binary<br />
[ ] openssl additional engines<br />
</pre><br />
<br />
* And compile your Buildroot with the command:<br />
<pre class="host"><br />
$ make<br />
</pre><br />
<br />
===Create SSH tunnel===<br />
* On the target, run the following command to create the tunnel between the two machines:<br />
<pre class="apf"><br />
# ssh -fN -L ''TARGET_PORT'':localhost:''HOST_PORT'' -C ''USERNAME''@''HOSTNAME'' -p ''VIRTUALPORT''<br />
</pre><br />
Enter then the password to connect to your host.<br />
<br />
* For instance, if you want to securize the Telnet port 23 toward the address toto@192.168.0.210 with the virtual port 32490:<br />
<pre class="apf"><br />
# ssh -fN -L 23:localhost:23 -C toto@192.168.0.210 -p 32490<br />
jeremie@192.168.0.225's password: <br />
#<br />
</pre><br />
<br />
===Test the tunnel===<br />
* To check that datas are correctly encrypted through the tunnel, launch Wireshark on your host PC and put a capture filter on your host address:<br />
<pre class="host"><br />
$ sudo wireshark<br />
</pre><br />
<br />
* If you have securized a Telnet port, you can try to establish a connection between the system and your host with Telnet. <br />
Run the following command on your system:<br />
<pre class="apf"><br />
# telnet localhost<br />
<br />
Entering character mode<br />
Escape character is '^]'.<br />
<br />
Ubuntu 9.10<br />
laptop-jeremie-ubuntu login: <br />
<br />
Password: <br />
Last login: Tue Dec 21 15:01:50 CET 2010 from localhost on pts/6<br />
Linux laptop-jeremie-ubuntu 2.6.31-20-generic-pae #58-Ubuntu SMP Fri Mar 12 06:25:51 UTC 2010 i686<br />
<br />
To access official Ubuntu documentation, please visit:<br />
http://help.ubuntu.com/<br />
</pre><br />
You have to connect to localhost because SSH will automatically redirect it to the address you specified when creating the tunnel.<br />
<br />
* When you enter the password to connect to your host, check in Wireshark that you can't see the protocol name (Telnet in our example) nor the password in the datagrams. You must only see the TCP protocol and crypted datas.<br />
<br />
{{Note|If you use an [[APF27 PPS]] configured board, you can use the script ''test_ssh_tunnel.sh'' to test the OpenSSH tunnel.}}<br />
<br />
==Links==<br />
* http://en.wikipedia.org/wiki/Secure_shell<br />
* [http://matt.ucc.asn.au/dropbear/dropbear.html Dropbear Webpage]<br />
* [[Telnet | Unsecured remote access with Telnet protocol]]<br />
* [http://www.openssh.com/ OpenSSH Webpage]<br />
* [http://www.wireshark.org/ Wireshark Webpage]<br />
<br />
[[Category:Network]]<br />
[[Category:Security]]</div>JeremieShttp://armadeus.org/wiki/index.php?title=SSH&diff=9281SSH2010-12-23T13:34:33Z<p>JeremieS: /* Create SSH tunnel */</p>
<hr />
<div>Secure Shell or SSH is a network protocol that allows data to be exchanged over a secure channel between two computers. Encryption provides confidentiality and integrity of data. SSH uses public-key cryptography to authenticate the remote computer and allow the remote computer to authenticate the user, if necessary.<br><br />
In short, SSH allows you to connect to your board from a remote PC using a secured/encrypted Ethernet connection.<br />
<br />
==Dropbear==<br />
<br />
===Setup===<br />
We use the lightweight Dropbear SSH server. To install it on your rootfs, launch Buildroot configuration:<br />
<pre class="host"><br />
$ make menuconfig<br />
</pre><br />
<pre class="config"><br />
Package Selection for the target ---><br />
[*] Networking ---><br />
[*] dropbear<br />
</pre><br />
<br />
Then rebuild your system and reflash your board.<br />
<pre class="host"><br />
$ make<br />
</pre><br />
<br />
===Usage===<br />
* If you have reflashed your rootfs with dropbear installed, then at first startup it should generates your private and public keys:<br />
<pre class="apf"><br />
Generating RSA Key...<br />
Will output 1024 bit rsa secret key to '/etc/dropbear/dropbear_rsa_host_key'<br />
Generating key, this may take a while...<br />
Public key portion is:<br />
ssh-rsa ........<br />
Fingerprint: md5 82:a2:a3:65:8c:e4:2b:ec:35:27:03:23:2c:f8:91:e9<br />
Generating DSS Key...<br />
Will output 1024 bit dss secret key to '/etc/dropbear/dropbear_dss_host_key'<br />
Generating key, this may take a while...<br />
Public key portion is:<br />
ssh-dss <br />
........<br />
Fingerprint: md5 43:4d:e6:52:df:6b:1f:c3:93:e9:49:e3:92:e7:a1:b2<br />
Starting dropbear sshd:<br />
</pre><br />
<br />
* Be sure to have setup a root password on your board. '''If not then:'''<br />
<pre class="apf"><br />
# passwd<br />
Changing password for root<br />
Enter the new password (minimum of 5, maximum of 8 characters)<br />
Please use a combination of upper and lower case letters and numbers.<br />
Enter new password: *****<br />
Re-enter new password: ******<br />
Password changed.<br />
</pre><br />
<br />
* To test your SSH connection, then on your PC launch (replace 192.168.0.3 with your board IP):<br />
<pre class="host"><br />
[armadeus] $ ssh root@192.168.0.3<br />
The authenticity of host '192.168.0.3 (192.168.0.3)' can't be established.<br />
RSA key fingerprint is 82:a2:a3:65:8c:e4:2b:xx:xx:xx:xx:xx:2c:f8:91:e9.<br />
Are you sure you want to continue connecting (yes/no)? yes<br />
Warning: Permanently added '192.168.0.3' (RSA) to the list of known hosts.<br />
</pre><br />
<pre class="apf"><br />
root@192.168.0.3's password:<br />
<br />
BusyBox v1.2.2 (2007.06.25-15:53+0000) Built-in shell (ash)<br />
Enter 'help' for a list of built-in commands.<br />
#<br />
</pre><br />
<br />
==OpenSSH==<br />
<br />
OpenSSH is a tool that allows securized communications between two computers. It can be used to create a securized tunnel between two ports of the connected computers. All datas that go through this tunnel are encrypted.<br />
<br />
===Setup===<br />
<br />
====Host PC (Ubuntu)====<br />
* First you have to install telnetd to accept telnet connection from target and Wireshark, a network scanning tool, to check the data encryption :<br />
<pre class="host"><br />
$ sudo apt-get install telnetd <br />
$ sudo /etc/init.d/xinetd restart<br />
$ sudo apt-get install wireshark <br />
</pre><br />
<br />
* Then install OpenSSH server if necessary :<br />
<pre class="host"><br />
$ sudo apt-get install openssh-server openssl<br />
</pre><br />
<br />
* You now have to configure your OpenSSH server to accept connections from the securized port you will use to mask the real host port over SSH connection.<br />
To do that, you have to add the port to the file ''/etc/ssh/sshd_config''.<br />
For instance, we choose the port 32490:<br />
<pre class="host"><br />
# Package generated configuration file<br />
# See the sshd(8) manpage for details<br />
<br />
# What ports, IPs and protocols we listen for<br />
Port 22<br />
'''Port 32490'''<br />
# Use these options to restrict which interfaces/protocols sshd will bind to<br />
#ListenAddress ::<br />
#ListenAddress 0.0.0.0<br />
Protocol 2<br />
# HostKeys for protocol version 2<br />
HostKey /etc/ssh/ssh_host_rsa_key<br />
HostKey /etc/ssh/ssh_host_dsa_key<br />
#Privilege Separation is turned on for security<br />
UsePrivilegeSeparation yes<br />
</pre><br />
<br />
====Target (APF27)====<br />
The packages OpenSSH and OpenSSL must be compiled in Buildroot.<br />
<br />
* First launch the Buildroot menu configuration:<br />
<pre class="host"><br />
$ make menuconfig<br />
</pre><br />
<br />
* Then select the packages:<br />
<pre class="config"><br />
Package Selection for the target ---><br />
[*] Networking ---><br />
[*] openssh<br />
-*- openssl<br />
[*] openssl binary<br />
[ ] openssl additional engines<br />
</pre><br />
<br />
* And compile your Buildroot with the command:<br />
<pre class="host"><br />
$ make<br />
</pre><br />
<br />
===Create SSH tunnel===<br />
* On the target, run the following command to create the tunnel between the two machines:<br />
<pre class="apf"><br />
# ssh -fN -L ''TARGET_PORT'':localhost:''HOST_PORT'' -C ''USERNAME''@''HOSTNAME'' -p ''VIRTUALPORT''<br />
</pre><br />
Enter then the password to connect to your host.<br />
<br />
* For instance, if you want to securize the Telnet port 23 toward the address toto@192.168.0.210 with the virtual port 32490:<br />
<pre class="apf"><br />
# ssh -fN -L 23:localhost:23 -C toto@192.168.0.210 -p 32490<br />
jeremie@192.168.0.225's password: <br />
#<br />
</pre><br />
<br />
===Test the tunnel===<br />
* To check that datas are correctly encrypted through the tunnel, launch Wireshark on your host PC and put a capture filter on your host address:<br />
<pre class="host"><br />
$ sudo wireshark<br />
</pre><br />
<br />
* If you have securized a Telnet port, you can try to establish a connection between the system and your host with Telnet. <br />
Run the following command on your system:<br />
<pre class="host"><br />
# telnet localhost<br />
</pre><br />
You have to connect to localhost because SSH will automatically redirect it to the address you specified when creating the tunnel.<br />
<br />
* When you enter the password to connect to your host, check in Wireshark that you can't see the protocol name (Telnet in our example) nor the password in the datagrams. You must only see the TCP protocol and crypted datas.<br />
<br />
{{Note|If you use an [[APF27 PPS]] configured board, you can use the script ''test_ssh_tunnel.sh'' to test the OpenSSH tunnel.}}<br />
<br />
==Links==<br />
* http://en.wikipedia.org/wiki/Secure_shell<br />
* [http://matt.ucc.asn.au/dropbear/dropbear.html Dropbear Webpage]<br />
* [[Telnet | Unsecured remote access with Telnet protocol]]<br />
* [http://www.openssh.com/ OpenSSH Webpage]<br />
* [http://www.wireshark.org/ Wireshark Webpage]<br />
<br />
[[Category:Network]]<br />
[[Category:Security]]</div>JeremieShttp://armadeus.org/wiki/index.php?title=SSH&diff=9280SSH2010-12-23T13:34:04Z<p>JeremieS: /* Create SSH tunnel */</p>
<hr />
<div>Secure Shell or SSH is a network protocol that allows data to be exchanged over a secure channel between two computers. Encryption provides confidentiality and integrity of data. SSH uses public-key cryptography to authenticate the remote computer and allow the remote computer to authenticate the user, if necessary.<br><br />
In short, SSH allows you to connect to your board from a remote PC using a secured/encrypted Ethernet connection.<br />
<br />
==Dropbear==<br />
<br />
===Setup===<br />
We use the lightweight Dropbear SSH server. To install it on your rootfs, launch Buildroot configuration:<br />
<pre class="host"><br />
$ make menuconfig<br />
</pre><br />
<pre class="config"><br />
Package Selection for the target ---><br />
[*] Networking ---><br />
[*] dropbear<br />
</pre><br />
<br />
Then rebuild your system and reflash your board.<br />
<pre class="host"><br />
$ make<br />
</pre><br />
<br />
===Usage===<br />
* If you have reflashed your rootfs with dropbear installed, then at first startup it should generates your private and public keys:<br />
<pre class="apf"><br />
Generating RSA Key...<br />
Will output 1024 bit rsa secret key to '/etc/dropbear/dropbear_rsa_host_key'<br />
Generating key, this may take a while...<br />
Public key portion is:<br />
ssh-rsa ........<br />
Fingerprint: md5 82:a2:a3:65:8c:e4:2b:ec:35:27:03:23:2c:f8:91:e9<br />
Generating DSS Key...<br />
Will output 1024 bit dss secret key to '/etc/dropbear/dropbear_dss_host_key'<br />
Generating key, this may take a while...<br />
Public key portion is:<br />
ssh-dss <br />
........<br />
Fingerprint: md5 43:4d:e6:52:df:6b:1f:c3:93:e9:49:e3:92:e7:a1:b2<br />
Starting dropbear sshd:<br />
</pre><br />
<br />
* Be sure to have setup a root password on your board. '''If not then:'''<br />
<pre class="apf"><br />
# passwd<br />
Changing password for root<br />
Enter the new password (minimum of 5, maximum of 8 characters)<br />
Please use a combination of upper and lower case letters and numbers.<br />
Enter new password: *****<br />
Re-enter new password: ******<br />
Password changed.<br />
</pre><br />
<br />
* To test your SSH connection, then on your PC launch (replace 192.168.0.3 with your board IP):<br />
<pre class="host"><br />
[armadeus] $ ssh root@192.168.0.3<br />
The authenticity of host '192.168.0.3 (192.168.0.3)' can't be established.<br />
RSA key fingerprint is 82:a2:a3:65:8c:e4:2b:xx:xx:xx:xx:xx:2c:f8:91:e9.<br />
Are you sure you want to continue connecting (yes/no)? yes<br />
Warning: Permanently added '192.168.0.3' (RSA) to the list of known hosts.<br />
</pre><br />
<pre class="apf"><br />
root@192.168.0.3's password:<br />
<br />
BusyBox v1.2.2 (2007.06.25-15:53+0000) Built-in shell (ash)<br />
Enter 'help' for a list of built-in commands.<br />
#<br />
</pre><br />
<br />
==OpenSSH==<br />
<br />
OpenSSH is a tool that allows securized communications between two computers. It can be used to create a securized tunnel between two ports of the connected computers. All datas that go through this tunnel are encrypted.<br />
<br />
===Setup===<br />
<br />
====Host PC (Ubuntu)====<br />
* First you have to install telnetd to accept telnet connection from target and Wireshark, a network scanning tool, to check the data encryption :<br />
<pre class="host"><br />
$ sudo apt-get install telnetd <br />
$ sudo /etc/init.d/xinetd restart<br />
$ sudo apt-get install wireshark <br />
</pre><br />
<br />
* Then install OpenSSH server if necessary :<br />
<pre class="host"><br />
$ sudo apt-get install openssh-server openssl<br />
</pre><br />
<br />
* You now have to configure your OpenSSH server to accept connections from the securized port you will use to mask the real host port over SSH connection.<br />
To do that, you have to add the port to the file ''/etc/ssh/sshd_config''.<br />
For instance, we choose the port 32490:<br />
<pre class="host"><br />
# Package generated configuration file<br />
# See the sshd(8) manpage for details<br />
<br />
# What ports, IPs and protocols we listen for<br />
Port 22<br />
'''Port 32490'''<br />
# Use these options to restrict which interfaces/protocols sshd will bind to<br />
#ListenAddress ::<br />
#ListenAddress 0.0.0.0<br />
Protocol 2<br />
# HostKeys for protocol version 2<br />
HostKey /etc/ssh/ssh_host_rsa_key<br />
HostKey /etc/ssh/ssh_host_dsa_key<br />
#Privilege Separation is turned on for security<br />
UsePrivilegeSeparation yes<br />
</pre><br />
<br />
====Target (APF27)====<br />
The packages OpenSSH and OpenSSL must be compiled in Buildroot.<br />
<br />
* First launch the Buildroot menu configuration:<br />
<pre class="host"><br />
$ make menuconfig<br />
</pre><br />
<br />
* Then select the packages:<br />
<pre class="config"><br />
Package Selection for the target ---><br />
[*] Networking ---><br />
[*] openssh<br />
-*- openssl<br />
[*] openssl binary<br />
[ ] openssl additional engines<br />
</pre><br />
<br />
* And compile your Buildroot with the command:<br />
<pre class="host"><br />
$ make<br />
</pre><br />
<br />
===Create SSH tunnel===<br />
* On the target, run the following command to create the tunnel between the two machines:<br />
<pre class="apf"><br />
# ssh -fN -L ''TARGET_PORT'':localhost:''HOST_PORT'' -C ''USERNAME''@''HOSTNAME'' -p ''VIRTUALPORT''<br />
</pre><br />
Enter then the password to connect to your host.<br />
<br />
* For instance, if you want to securize the Telnet port 23 toward the address toto@192.168.0.210 with the virtual port 32490:<br />
<pre class="apf"><br />
# ssh -fN -L 23:localhost:23 -C toto@192.168.0.210 -p 32490<br />
jeremie@192.168.0.225's password: <br />
</pre><br />
<br />
===Test the tunnel===<br />
* To check that datas are correctly encrypted through the tunnel, launch Wireshark on your host PC and put a capture filter on your host address:<br />
<pre class="host"><br />
$ sudo wireshark<br />
</pre><br />
<br />
* If you have securized a Telnet port, you can try to establish a connection between the system and your host with Telnet. <br />
Run the following command on your system:<br />
<pre class="host"><br />
# telnet localhost<br />
</pre><br />
You have to connect to localhost because SSH will automatically redirect it to the address you specified when creating the tunnel.<br />
<br />
* When you enter the password to connect to your host, check in Wireshark that you can't see the protocol name (Telnet in our example) nor the password in the datagrams. You must only see the TCP protocol and crypted datas.<br />
<br />
{{Note|If you use an [[APF27 PPS]] configured board, you can use the script ''test_ssh_tunnel.sh'' to test the OpenSSH tunnel.}}<br />
<br />
==Links==<br />
* http://en.wikipedia.org/wiki/Secure_shell<br />
* [http://matt.ucc.asn.au/dropbear/dropbear.html Dropbear Webpage]<br />
* [[Telnet | Unsecured remote access with Telnet protocol]]<br />
* [http://www.openssh.com/ OpenSSH Webpage]<br />
* [http://www.wireshark.org/ Wireshark Webpage]<br />
<br />
[[Category:Network]]<br />
[[Category:Security]]</div>JeremieShttp://armadeus.org/wiki/index.php?title=SSH&diff=9279SSH2010-12-22T16:50:00Z<p>JeremieS: /* Target (Buildroot) */</p>
<hr />
<div>Secure Shell or SSH is a network protocol that allows data to be exchanged over a secure channel between two computers. Encryption provides confidentiality and integrity of data. SSH uses public-key cryptography to authenticate the remote computer and allow the remote computer to authenticate the user, if necessary.<br><br />
In short, SSH allows you to connect to your board from a remote PC using a secured/encrypted Ethernet connection.<br />
<br />
==Dropbear==<br />
<br />
===Setup===<br />
We use the lightweight Dropbear SSH server. To install it on your rootfs, launch Buildroot configuration:<br />
<pre class="host"><br />
$ make menuconfig<br />
</pre><br />
<pre class="config"><br />
Package Selection for the target ---><br />
[*] Networking ---><br />
[*] dropbear<br />
</pre><br />
<br />
Then rebuild your system and reflash your board.<br />
<pre class="host"><br />
$ make<br />
</pre><br />
<br />
===Usage===<br />
* If you have reflashed your rootfs with dropbear installed, then at first startup it should generates your private and public keys:<br />
<pre class="apf"><br />
Generating RSA Key...<br />
Will output 1024 bit rsa secret key to '/etc/dropbear/dropbear_rsa_host_key'<br />
Generating key, this may take a while...<br />
Public key portion is:<br />
ssh-rsa ........<br />
Fingerprint: md5 82:a2:a3:65:8c:e4:2b:ec:35:27:03:23:2c:f8:91:e9<br />
Generating DSS Key...<br />
Will output 1024 bit dss secret key to '/etc/dropbear/dropbear_dss_host_key'<br />
Generating key, this may take a while...<br />
Public key portion is:<br />
ssh-dss <br />
........<br />
Fingerprint: md5 43:4d:e6:52:df:6b:1f:c3:93:e9:49:e3:92:e7:a1:b2<br />
Starting dropbear sshd:<br />
</pre><br />
<br />
* Be sure to have setup a root password on your board. '''If not then:'''<br />
<pre class="apf"><br />
# passwd<br />
Changing password for root<br />
Enter the new password (minimum of 5, maximum of 8 characters)<br />
Please use a combination of upper and lower case letters and numbers.<br />
Enter new password: *****<br />
Re-enter new password: ******<br />
Password changed.<br />
</pre><br />
<br />
* To test your SSH connection, then on your PC launch (replace 192.168.0.3 with your board IP):<br />
<pre class="host"><br />
[armadeus] $ ssh root@192.168.0.3<br />
The authenticity of host '192.168.0.3 (192.168.0.3)' can't be established.<br />
RSA key fingerprint is 82:a2:a3:65:8c:e4:2b:xx:xx:xx:xx:xx:2c:f8:91:e9.<br />
Are you sure you want to continue connecting (yes/no)? yes<br />
Warning: Permanently added '192.168.0.3' (RSA) to the list of known hosts.<br />
</pre><br />
<pre class="apf"><br />
root@192.168.0.3's password:<br />
<br />
BusyBox v1.2.2 (2007.06.25-15:53+0000) Built-in shell (ash)<br />
Enter 'help' for a list of built-in commands.<br />
#<br />
</pre><br />
<br />
==OpenSSH==<br />
<br />
OpenSSH is a tool that allows securized communications between two computers. It can be used to create a securized tunnel between two ports of the connected computers. All datas that go through this tunnel are encrypted.<br />
<br />
===Setup===<br />
<br />
====Host PC (Ubuntu)====<br />
* First you have to install telnetd to accept telnet connection from target and Wireshark, a network scanning tool, to check the data encryption :<br />
<pre class="host"><br />
$ sudo apt-get install telnetd <br />
$ sudo /etc/init.d/xinetd restart<br />
$ sudo apt-get install wireshark <br />
</pre><br />
<br />
* Then install OpenSSH server if necessary :<br />
<pre class="host"><br />
$ sudo apt-get install openssh-server openssl<br />
</pre><br />
<br />
* You now have to configure your OpenSSH server to accept connections from the securized port you will use to mask the real host port over SSH connection.<br />
To do that, you have to add the port to the file ''/etc/ssh/sshd_config''.<br />
For instance, we choose the port 32490:<br />
<pre class="host"><br />
# Package generated configuration file<br />
# See the sshd(8) manpage for details<br />
<br />
# What ports, IPs and protocols we listen for<br />
Port 22<br />
'''Port 32490'''<br />
# Use these options to restrict which interfaces/protocols sshd will bind to<br />
#ListenAddress ::<br />
#ListenAddress 0.0.0.0<br />
Protocol 2<br />
# HostKeys for protocol version 2<br />
HostKey /etc/ssh/ssh_host_rsa_key<br />
HostKey /etc/ssh/ssh_host_dsa_key<br />
#Privilege Separation is turned on for security<br />
UsePrivilegeSeparation yes<br />
</pre><br />
<br />
====Target (APF27)====<br />
The packages OpenSSH and OpenSSL must be compiled in Buildroot.<br />
<br />
* First launch the Buildroot menu configuration:<br />
<pre class="host"><br />
$ make menuconfig<br />
</pre><br />
<br />
* Then select the packages:<br />
<pre class="config"><br />
Package Selection for the target ---><br />
[*] Networking ---><br />
[*] openssh<br />
-*- openssl<br />
[*] openssl binary<br />
[ ] openssl additional engines<br />
</pre><br />
<br />
* And compile your Buildroot with the command:<br />
<pre class="host"><br />
$ make<br />
</pre><br />
<br />
===Create SSH tunnel===<br />
* On the target, run the following command to create the tunnel between the two machines:<br />
<pre class="host"><br />
$ ssh -fN -L ''TARGET_PORT'':localhost:''HOST_PORT'' -C ''USERNAME''@''HOSTNAME'' -p ''VIRTUALPORT''<br />
</pre><br />
Enter then the password to connect to your host.<br />
<br />
* For instance, if you want to securize the Telnet port 23 toward the address toto@192.168.0.210 with the virtual port 32490:<br />
<pre class="host"><br />
$ ssh -fN -L 23:localhost:23 -C toto@192.168.0.210 -p 32490<br />
</pre><br />
<br />
===Test the tunnel===<br />
* To check that datas are correctly encrypted through the tunnel, launch Wireshark on your host PC and put a capture filter on your host address:<br />
<pre class="host"><br />
$ sudo wireshark<br />
</pre><br />
<br />
* If you have securized a Telnet port, you can try to establish a connection between the system and your host with Telnet. <br />
Run the following command on your system:<br />
<pre class="host"><br />
# telnet localhost<br />
</pre><br />
You have to connect to localhost because SSH will automatically redirect it to the address you specified when creating the tunnel.<br />
<br />
* When you enter the password to connect to your host, check in Wireshark that you can't see the protocol name (Telnet in our example) nor the password in the datagrams. You must only see the TCP protocol and crypted datas.<br />
<br />
{{Note|If you use an [[APF27 PPS]] configured board, you can use the script ''test_ssh_tunnel.sh'' to test the OpenSSH tunnel.}}<br />
<br />
==Links==<br />
* http://en.wikipedia.org/wiki/Secure_shell<br />
* [http://matt.ucc.asn.au/dropbear/dropbear.html Dropbear Webpage]<br />
* [[Telnet | Unsecured remote access with Telnet protocol]]<br />
* [http://www.openssh.com/ OpenSSH Webpage]<br />
* [http://www.wireshark.org/ Wireshark Webpage]<br />
<br />
[[Category:Network]]<br />
[[Category:Security]]</div>JeremieS