- If this option is off, the first returned address will be used.
- This may cause problems when your DNS server is IPv6-capable and
- is returning IPv6 host addresses too. If IPv6 address
- precedes IPv4 one in DNS reply, busybox network applets
- (e.g. wget) will use IPv6 address. On an IPv6-incapable host
- or network applets will fail to connect to the host
- using IPv6 address.
+ If this option is off, the first returned address will be used.
+ This may cause problems when your DNS server is IPv6-capable and
+ is returning IPv6 host addresses too. If IPv6 address
+ precedes IPv4 one in DNS reply, busybox network applets
+ (e.g. wget) will use IPv6 address. On an IPv6-incapable host
+ or network applets will fail to connect to the host
+ using IPv6 address.
- Activate the specified interfaces. This applet makes use
- of either "ifconfig" and "route" or the "ip" command to actually
- configure network interfaces. Therefore, you will probably also want
- to enable either IFCONFIG and ROUTE, or enable
- FEATURE_IFUPDOWN_IP and the various IP options. Of
- course you could use non-busybox versions of these programs, so
- against my better judgement (since this will surely result in plenty
- of support questions on the mailing list), I do not force you to
- enable these additional options. It is up to you to supply either
- "ifconfig", "route" and "run-parts" or the "ip" command, either
- via busybox or via standalone utilities.
+ Activate the specified interfaces. This applet makes use
+ of either "ifconfig" and "route" or the "ip" command to actually
+ configure network interfaces. Therefore, you will probably also want
+ to enable either IFCONFIG and ROUTE, or enable
+ FEATURE_IFUPDOWN_IP and the various IP options. Of
+ course you could use non-busybox versions of these programs, so
+ against my better judgement (since this will surely result in plenty
+ of support questions on the mailing list), I do not force you to
+ enable these additional options. It is up to you to supply either
+ "ifconfig", "route" and "run-parts" or the "ip" command, either
+ via busybox or via standalone utilities.
- ifupdown keeps state information in a file called ifstate.
- Typically it is located in /var/run/ifstate, however
- some distributions tend to put it in other places
- (debian, for example, uses /etc/network/run/ifstate).
- This config option defines location of ifstate.
+ ifupdown keeps state information in a file called ifstate.
+ Typically it is located in /var/run/ifstate, however
+ some distributions tend to put it in other places
+ (debian, for example, uses /etc/network/run/ifstate).
+ This config option defines location of ifstate.
- This enables support for the external dhcp clients. Clients are
- tried in the following order: dhcpcd, dhclient, pump and udhcpc.
- Otherwise, if udhcpc applet is enabled, it is used.
- Otherwise, ifup/ifdown will have no support for DHCP.
+ This enables support for the external dhcp clients. Clients are
+ tried in the following order: dhcpcd, dhclient, pump and udhcpc.
+ Otherwise, if udhcpc applet is enabled, it is used.
+ Otherwise, ifup/ifdown will have no support for DHCP.
- If you are not going to use links of type "frad", "econet",
- "bif" etc, you probably don't need to enable this.
- Ethernet, wireless, infrared, ppp/slip, ip tunnelling
- link types are supported without this option selected.
+ If you are not going to use links of type "frad", "econet",
+ "bif" etc, you probably don't need to enable this.
+ Ethernet, wireless, infrared, ppp/slip, ip tunnelling
+ link types are supported without this option selected.
- nameif is used to rename network interface by its MAC address.
- Renamed interfaces MUST be in the down state.
- It is possible to use a file (default: /etc/mactab)
- with list of new interface names and MACs.
- Maximum interface name length: IFNAMSIZ = 16
- File fields are separated by space or tab.
- File format:
- # Comment
- new_interface_name XX:XX:XX:XX:XX:XX
+ nameif is used to rename network interface by its MAC address.
+ Renamed interfaces MUST be in the down state.
+ It is possible to use a file (default: /etc/mactab)
+ with list of new interface names and MACs.
+ Maximum interface name length: IFNAMSIZ = 16
+ File fields are separated by space or tab.
+ File format:
+ # Comment
+ new_interface_name XX:XX:XX:XX:XX:XX
- This option makes nc closely follow original nc-1.10.
- The code is about 2.5k bigger. It enables
- -s ADDR, -n, -u, -v, -o FILE, -z options, but loses
- busybox-specific extensions: -f FILE.
+ This option makes nc closely follow original nc-1.10.
+ The code is about 2.5k bigger. It enables
+ -s ADDR, -n, -u, -v, -o FILE, -z options, but loses
+ busybox-specific extensions: -f FILE.
- A daemon for the TELNET protocol, allowing you to log onto the host
- running the daemon. Please keep in mind that the TELNET protocol
- sends passwords in plain text. If you can't afford the space for an
- SSH daemon and you trust your network, you may say 'y' here. As a
- more secure alternative, you should seriously consider installing the
- very small Dropbear SSH daemon instead:
+ A daemon for the TELNET protocol, allowing you to log onto the host
+ running the daemon. Please keep in mind that the TELNET protocol
+ sends passwords in plain text. If you can't afford the space for an
+ SSH daemon and you trust your network, you may say 'y' here. As a
+ more secure alternative, you should seriously consider installing the
+ very small Dropbear SSH daemon instead:
- In this example, inetd passes _listening_ socket_ as fd 0
- to telnetd when connection appears.
- telnetd will wait for connections until all existing
- connections are closed, and no new connections
- appear during 10 seconds. Then it exits, and inetd continues
- to listen for new connections.
+ In this example, inetd passes _listening_ socket_ as fd 0
+ to telnetd when connection appears.
+ telnetd will wait for connections until all existing
+ connections are closed, and no new connections
+ appear during 10 seconds. Then it exits, and inetd continues
+ to listen for new connections.
- wget will use internal TLS code to connect to https:// URLs.
- Note:
- On NOMMU machines, ssl_helper applet should be available
- in the $PATH for this to work. Make sure to select that applet.
-
- Note: currently, TLS code only makes TLS I/O work, it
- does *not* check that the peer is who it claims to be, etc.
- IOW: it uses peer-supplied public keys to establish encryption
- and signing keys, then encrypts and signs outgoing data and
- decrypts incoming data.
- It does not check signature hashes on the incoming data:
- this means that attackers manipulating TCP packets can
- send altered data and we unknowingly receive garbage.
- (This check might be relatively easy to add).
- It does not check public key's certificate:
- this means that the peer may be an attacker impersonating
- the server we think we are talking to.
-
- If you think this is unacceptable, consider this. As more and more
- servers switch to HTTPS-only operation, without such "crippled"
- TLS code it is *impossible* to simply download a kernel source
- from kernel.org. Which can in real world translate into
- "my small automatic tooling to build cross-compilers from sources
- no longer works, I need to additionally keep a local copy
- of ~4 megabyte source tarball of a SSL library and ~2 megabyte
- source of wget, need to compile and built both before I can
- download anything. All this despite the fact that the build
- is done in a QEMU sandbox on a machine with absolutely nothing
- worth stealing, so I don't care if someone would go to a lot
- of trouble to intercept my HTTPS download to send me an altered
- kernel tarball".
-
- If you still think this is unacceptable, send patches.
-
- If you still think this is unacceptable, do not want to send
- patches, but do want to waste bandwidth expaining how wrong
- it is, you will be ignored.
+ wget will use internal TLS code to connect to https:// URLs.
+ Note:
+ On NOMMU machines, ssl_helper applet should be available
+ in the $PATH for this to work. Make sure to select that applet.
+
+ Note: currently, TLS code only makes TLS I/O work, it
+ does *not* check that the peer is who it claims to be, etc.
+ IOW: it uses peer-supplied public keys to establish encryption
+ and signing keys, then encrypts and signs outgoing data and
+ decrypts incoming data.
+ It does not check signature hashes on the incoming data:
+ this means that attackers manipulating TCP packets can
+ send altered data and we unknowingly receive garbage.
+ (This check might be relatively easy to add).
+ It does not check public key's certificate:
+ this means that the peer may be an attacker impersonating
+ the server we think we are talking to.
+
+ If you think this is unacceptable, consider this. As more and more
+ servers switch to HTTPS-only operation, without such "crippled"
+ TLS code it is *impossible* to simply download a kernel source
+ from kernel.org. Which can in real world translate into
+ "my small automatic tooling to build cross-compilers from sources
+ no longer works, I need to additionally keep a local copy
+ of ~4 megabyte source tarball of a SSL library and ~2 megabyte
+ source of wget, need to compile and built both before I can
+ download anything. All this despite the fact that the build
+ is done in a QEMU sandbox on a machine with absolutely nothing
+ worth stealing, so I don't care if someone would go to a lot
+ of trouble to intercept my HTTPS download to send me an altered
+ kernel tarball".
+
+ If you still think this is unacceptable, send patches.
+
+ If you still think this is unacceptable, do not want to send
+ patches, but do want to waste bandwidth expaining how wrong
+ it is, you will be ignored.
- Try to use openssl to handle HTTPS.
-
- OpenSSL has a simple SSL client for debug purposes.
- If you select this option, wget will effectively run:
- "openssl s_client -quiet -connect hostname:443
- -servername hostname 2>/dev/null" and pipe its data
- through it. -servername is not used if hostname is numeric.
- Note inconvenient API: host resolution is done twice,
- and there is no guarantee openssl's idea of IPv6 address
- format is the same as ours.
- Another problem is that s_client prints debug information
- to stderr, and it needs to be suppressed. This means
- all error messages get suppressed too.
- openssl is also a big binary, often dynamically linked
- against ~15 libraries.
-
- If openssl can't be executed, internal TLS code will be used
- (if you enabled it); if openssl can be executed but fails later,
- wget can't detect this, and download will fail.
+ Try to use openssl to handle HTTPS.
+
+ OpenSSL has a simple SSL client for debug purposes.
+ If you select this option, wget will effectively run:
+ "openssl s_client -quiet -connect hostname:443
+ -servername hostname 2>/dev/null" and pipe its data
+ through it. -servername is not used if hostname is numeric.
+ Note inconvenient API: host resolution is done twice,
+ and there is no guarantee openssl's idea of IPv6 address
+ format is the same as ours.
+ Another problem is that s_client prints debug information
+ to stderr, and it needs to be suppressed. This means
+ all error messages get suppressed too.
+ openssl is also a big binary, often dynamically linked
+ against ~15 libraries.
+
+ If openssl can't be executed, internal TLS code will be used
+ (if you enabled it); if openssl can be executed but fails later,
+ wget can't detect this, and download will fail.