--- /dev/null
+#
+# Copyright (C) 2009 OpenWrt.org
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+# $Id$
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=nocatauth
+PKG_VERSION:=nightly
+PKG_RELEASE:=1
+
+PKG_SOURCE:=NoCatAuth-$(PKG_VERSION).tgz
+PKG_SOURCE_URL:=http://nocat.net/downloads/NoCatAuth/
+PKG_MD5SUM:=b3a5f8d62b322a9409806037ab8d374e
+
+PKG_BUILD_DIR:=$(BUILD_DIR)/NoCatAuth-$(PKG_VERSION)
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/nocatauth
+ SUBMENU:=Captive Portals
+ SECTION:=net
+ CATEGORY:=Network
+ DEPENDS:=+perl +perlbase-essential +perlbase-posix +perlbase-autoloader +perlbase-xsloader +perlbase-fcntl +perlbase-tie +perlbase-getopt +perlbase-findbin +perlbase-cwd +perlbase-config +perlbase-file +perlbase-sigtrap +perlbase-io +perlbase-symbol +perlbase-selectsaver +perlbase-socket +perlbase-errno +kmod-ipt-ipopt +kmod-ipt-nat-extra +iptables-mod-ipopt +iptables-mod-nat-extra
+ TITLE:=Open public network perl-based gateway daemon
+ URL:=http://nocat.net
+endef
+
+define Package/nocatauth/description
+ NoCatAuth is the original "catch and release" captive portal
+ implementation. It provides a simple splash screen web page for
+ clients on your network, as well as a variety of authenticated
+ modes. It is written in Perl.
+endef
+
+define Build/Configure
+endef
+
+define Build/Compile
+ mkdir -p $(PKG_INSTALL_DIR)
+ $(MAKE) -C $(PKG_BUILD_DIR) \
+ PREFIX="$(PKG_INSTALL_DIR)" \
+ gateway
+endef
+
+define Package/nocatauth/install
+ $(INSTALL_DIR) $(1)
+ $(INSTALL_DIR) $(1)/www
+ $(INSTALL_DATA) $(PKG_INSTALL_DIR)/htdocs/{status,splash}.html $(1)/www
+ $(INSTALL_DIR) $(1)/www/images
+ $(INSTALL_DATA) $(PKG_INSTALL_DIR)/htdocs/images/auth_logo.gif $(1)/www/images
+ $(INSTALL_DIR) $(1)/usr/nocatauth/lib
+ $(CP) $(PKG_INSTALL_DIR)/lib/* $(1)/usr/nocatauth/lib
+ $(INSTALL_DIR) $(1)/usr/nocatauth/bin
+ $(CP) $(PKG_INSTALL_DIR)/bin/* $(1)/usr/nocatauth/bin
+ $(INSTALL_DIR) $(1)/etc
+ $(INSTALL_CONF) $(PKG_INSTALL_DIR)/nocat.conf $(1)/etc/
+ $(INSTALL_DIR) $(1)/etc/init.d
+ $(INSTALL_BIN) ./files/nocatauth-gateway $(1)/etc/init.d/nocatauth-gateway
+endef
+
+$(eval $(call BuildPackage,nocatauth))
--- /dev/null
+#!/bin/sh /etc/rc.common
+# Copyright (C) 2009 OpenWrt.org
+
+START=90
+GATEWAY=/usr/nocatauth/bin/gateway
+CONF=/etc/nocat.conf
+
+start() {
+ $GATEWAY -f $CONF
+}
+
+stop() {
+ killall gateway
+}
--- /dev/null
+diff -ru NoCatAuth-nightly/bin/detect-fw.sh NoCatAuth-patched/bin/detect-fw.sh
+--- NoCatAuth-nightly/bin/detect-fw.sh 2002-08-08 23:28:43.000000000 -0700
++++ NoCatAuth-patched/bin/detect-fw.sh 2009-03-18 15:03:00.000000000 -0700
+@@ -9,8 +9,7 @@
+
+ # Do we have iptables *and* are running Linux 2.4?
+ #
+-elif which iptables >/dev/null 2>&1 && \
+- test X"`uname -sr | cut -d. -f-2`" = X"Linux 2.4"; then
++elif which iptables >/dev/null 2>&1 ; then
+ FIREWALL=iptables
+ FW_BIN=iptables
+
+diff -ru NoCatAuth-nightly/bin/gateway NoCatAuth-patched/bin/gateway
+--- NoCatAuth-nightly/bin/gateway 2003-03-07 17:56:51.000000000 -0800
++++ NoCatAuth-patched/bin/gateway 2009-03-19 00:24:05.000000000 -0700
+@@ -7,6 +7,7 @@
+ use lib "$FindBin::Bin/../lib";
+ use NoCat;
+ use strict;
++use sigtrap qw(stack-trace untrapped error-signals);
+
+ # Gracefully handle termination signals.
+ $SIG{INT} = sub { exit };
+diff -ru NoCatAuth-nightly/lib/NoCat/Gateway.pm NoCatAuth-patched/lib/NoCat/Gateway.pm
+--- NoCatAuth-nightly/lib/NoCat/Gateway.pm 2003-07-30 22:22:22.000000000 -0700
++++ NoCatAuth-patched/lib/NoCat/Gateway.pm 2009-03-19 00:22:09.000000000 -0700
+@@ -90,13 +90,12 @@
+
+ sub run {
+ my $self = shift;
+- my $kids = 0;
+ my $hup = 0;
+
+ return unless $self->bind_socket;
+
+ local $SIG{PIPE} = "IGNORE";
+- local $SIG{CHLD} = sub { $kids++ };
++ local $SIG{CHLD} = "IGNORE";
+ local $SIG{HUP} = sub { $hup++ };
+
+ # Reset history.
+@@ -134,13 +133,6 @@
+ $self->log( 6, "HUP received, resetting log file." );
+ $hup = 0;
+ }
+-
+- # See if any kids have expired, reap zombies
+- if ( $kids ) {
+- 1 until ( wait == -1 );
+- $kids = 0;
+- }
+-
+ } # loop forever
+ }
+
--- /dev/null
+diff -ur NoCatAuth-nightly/gateway.conf NoCatAuth-patched/gateway.conf
+--- NoCatAuth-nightly/gateway.conf 2003-02-10 17:59:09.000000000 -0800
++++ NoCatAuth-patched/gateway.conf 2009-03-19 01:20:42.000000000 -0700
+@@ -46,7 +46,7 @@
+ ##
+ # GatewayLog -- Optional. If unset, messages will go to STDERR.
+ #
+-GatewayLog /usr/local/nocat/nocat.log
++GatewayLog /var/log/nocat.log
+
+ ##
+ # LoginTimeout - Number of seconds after a client's last
+@@ -79,7 +79,7 @@
+ # DocumentRoot -- Where all of the application templates (including
+ # SplashPage) are hiding. Can be different from Apache's DocumentRoot.
+ #
+-DocumentRoot /usr/local/nocat/htdocs
++DocumentRoot /www
+
+ # SplashForm -- Form displayed to users on capture.
+ #
+@@ -289,7 +289,7 @@
+ # the bin/ parent directory. Set this only if you put it
+ # somewhere that NoCat doesn't expect.
+ #
+-# PGPKeyPath /usr/local/nocat/pgp
++# PGPKeyPath /usr/lib/nocatauth/pgp
+
+ ##
+ # MessageVerify -- Shell command to verify a PGP signed
--- /dev/null
+diff -ru NoCatAuth-nightly/libexec/iptables/initialize.fw NoCatAuth-patched/libexec/iptables/initialize.fw
+--- NoCatAuth-nightly/libexec/iptables/initialize.fw 2003-03-26 19:21:04.000000000 -0800
++++ NoCatAuth-patched/libexec/iptables/initialize.fw 2009-03-19 19:24:31.000000000 -0700
+@@ -26,18 +26,6 @@
+ #
+ echo "1" > /proc/sys/net/ipv4/ip_forward
+ echo "1" > /proc/sys/net/ipv4/conf/all/rp_filter
+-
+- # Load alllll the kernel modules we need.
+- #
+- rmmod ipchains > /dev/null 2>&1 # for RH 7.1 users.
+-
+- for module in ip_tables ipt_REDIRECT ipt_MASQUERADE ipt_MARK ipt_REJECT \
+- ipt_TOS ipt_LOG iptable_mangle iptable_filter iptable_nat ip_nat_ftp \
+- ip_conntrack ip_conntrack_ftp ip_conntrack_irc \
+- ip_nat_irc ipt_mac ipt_state ipt_mark; do
+-
+- modprobe $module
+- done
+ fi
+
+ # Flush all user-defined chains
+@@ -241,6 +229,8 @@
+ # Add any other local firewall rules below.
+ ##
+
++iptables -t nat -I POSTROUTING -o $ExternalDevice -j MASQUERADE
++
+ ##
+ # Uncomment the following to permit all 10/8 traffic *before* auth
+ ##