counter kmod

diff --git a/developer/cc/Rabbit_module_no-op.kmod.c b/developer/cc/Rabbit_module_no-op.kmod.c
deleted file mode 100644 (file)
index f6c5586..0000000
--- a/developer/cc/Rabbit_module_no-op.kmod.c
+++ /dev/null
@@ -1,69 +0,0 @@
-// rabit_noop.c — Rabit no-op netfilter interposer (Debian 12/Bookworm)
-// Build: out-of-tree module. Load/unload to verify hook coverage.
-// Behavior: increments counters, returns NF_ACCEPT. No packet mutation.
-
-#include <linux/module.h>
-#include <linux/kernel.h>
-#include <linux/version.h>
-#include <linux/skbuff.h>
-#include <linux/atomic.h>
-#include <linux/netdevice.h>
-#include <linux/netfilter.h>
-#include <linux/netfilter_ipv4.h>
-#include <linux/netfilter_ipv6.h>
-
-static atomic64_t cnt_v4_local_out  = ATOMIC_LONG_INIT(0);
-static atomic64_t cnt_v4_postroute  = ATOMIC_LONG_INIT(0);
-static atomic64_t cnt_v6_local_out  = ATOMIC_LONG_INIT(0);
-static atomic64_t cnt_v6_postroute  = ATOMIC_LONG_INIT(0);
-
-static unsigned int rabit_v4_hook(void *priv, struct sk_buff *skb, const struct nf_hook_state *st) {
-  if (st->hook == NF_INET_LOCAL_OUT)     atomic64_inc(&cnt_v4_local_out);
-  else if (st->hook == NF_INET_POST_ROUTING) atomic64_inc(&cnt_v4_postroute);
-  return NF_ACCEPT;
-}
-
-static unsigned int rabit_v6_hook(void *priv, struct sk_buff *skb, const struct nf_hook_state *st) {
-  if (st->hook == NF_INET_LOCAL_OUT)     atomic64_inc(&cnt_v6_local_out);
-  else if (st->hook == NF_INET_POST_ROUTING) atomic64_inc(&cnt_v6_postroute);
-  return NF_ACCEPT;
-}
-
-static struct nf_hook_ops rabit_ops[] = {
-  { .hook = rabit_v4_hook, .pf = NFPROTO_IPV4, .hooknum = NF_INET_LOCAL_OUT,   .priority = NF_IP_PRI_FIRST },
-  { .hook = rabit_v4_hook, .pf = NFPROTO_IPV4, .hooknum = NF_INET_POST_ROUTING,.priority = NF_IP_PRI_FIRST },
-  { .hook = rabit_v6_hook, .pf = NFPROTO_IPV6, .hooknum = NF_INET_LOCAL_OUT,   .priority = NF_IP6_PRI_FIRST },
-  { .hook = rabit_v6_hook, .pf = NFPROTO_IPV6, .hooknum = NF_INET_POST_ROUTING,.priority = NF_IP6_PRI_FIRST },
-};
-
-static int __init rabit_init(void) {
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(5,3,0)
-  int ret = nf_register_net_hooks(&init_net, rabit_ops, ARRAY_SIZE(rabit_ops));
-#else
-  int ret = nf_register_hooks(rabit_ops, ARRAY_SIZE(rabit_ops));
-#endif
-  if (ret)
-    pr_err("rabit_noop: nf_register_* failed: %d\n", ret);
-  else
-    pr_info("rabit_noop: loaded (no-op)\n");
-  return ret;
-}
-
-static void __exit rabit_exit(void) {
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(5,3,0)
-  nf_unregister_net_hooks(&init_net, rabit_ops, ARRAY_SIZE(rabit_ops));
-#else
-  nf_unregister_hooks(rabit_ops, ARRAY_SIZE(rabit_ops));
-#endif
-  pr_info("rabit_noop: unload stats v4(lo=%lld,po=%lld) v6(lo=%lld,po=%lld)\n",
-          (long long)atomic64_read(&cnt_v4_local_out),
-          (long long)atomic64_read(&cnt_v4_postroute),
-          (long long)atomic64_read(&cnt_v6_local_out),
-          (long long)atomic64_read(&cnt_v6_postroute));
-}
-
-module_init(rabit_init);
-module_exit(rabit_exit);
-MODULE_LICENSE("GPL");
-MODULE_AUTHOR("Rabit");
-MODULE_DESCRIPTION("Rabit no-op netfilter interposer");

diff --git a/developer/tool/release b/developer/tool/release
index 73690a3..0eba83f 100755 (executable)
--- a/developer/tool/release
+++ b/developer/tool/release
@@ -18,10 +18,42 @@ script_afp=$(realpath "${BASH_SOURCE[0]}")
 #set -e
 #set -x
 
-release_dir="$REPO_HOME/release"
-
-mkdir -p ${release_dir}/kmod && install -m 0600 scratchpad/*.ko   "${release_dir}/kmod/"
-install -m 0700 scratchpad/hello  "${release_dir}/machine/"
-
-echo "$(script_fn) done."
+cd "$REPO_HOME/developer"
 
+release_dir="$REPO_HOME/release"
+ko_dir="scratchpad/kmod"
+machine_executable_list="scratchpad/hello"
+
+# Enable nullglob so an empty match yields an empty list (not the literal pattern)
+shopt -s nullglob
+
+# zero or more machine executables
+for fglob in $machine_executable_list; do
+  # nesting the loop allows that $fglob is a file glob, and expands it
+  for f in $fglob; do
+    if [[ -x "$f" ]]; then
+      echo "+ install -m 0500 '$f' '$release_dir/machine/'"
+      install -m 0550 "$f" "$release_dir/machine/"
+    else
+      echo "(info) did not find '$f'"
+    fi
+  done
+done
+
+# zero or more Kernel modules
+# release/kmod created 750 so developer can write to it, group can read it
+ko_list=("$ko_dir"/*.ko)
+if (( ${#ko_list[@]} )); then
+  if [[ ! -d "$release_dir/kmod" ]]; then
+    echo "+ install -d '$release_dir/kmod'"
+    install -m 750 -d "$release_dir/kmod"
+  fi
+  for f in "${ko_list[@]}"; do
+    echo "+ install -m 0440 '$f' '$release_dir/kmod/'"
+    install -m 440 "$f" "$release_dir/kmod/"
+  done
+else
+  echo "(info) no kmod artifacts found in $ko_dir; skipping kmod release"
+fi
+
+echo "$script_fn done."

diff --git a/release/kmod/Rabbit_no-op.ko b/release/kmod/Rabbit_no-op.ko
new file mode 100644 (file)
index 0000000..625d157
Binary files /dev/null and b/release/kmod/Rabbit_no-op.ko differ

diff --git a/tool_shared/bespoke/env b/tool_shared/bespoke/env
index 0d47fca..37ba2dc 100644 (file)
--- a/tool_shared/bespoke/env
+++ b/tool_shared/bespoke/env
@@ -9,7 +9,7 @@ fi
 shopt -s nullglob
 
 # does not presume sharing or world permissions
-umask 0077
+umask 0027
 
 # --------------------------------------------------------------------------------
 # project definition