diff --git a/boards/arm/sama5/sama5d3-xplained/README.txt b/boards/arm/sama5/sama5d3-xplained/README.txt index ce9c2f3e52..8b3e82d961 100644 --- a/boards/arm/sama5/sama5d3-xplained/README.txt +++ b/boards/arm/sama5/sama5d3-xplained/README.txt @@ -790,7 +790,9 @@ Networking Networking support via the can be added to NSH by selecting the following configuration options. The SAMA5D36 supports two different Ethernet MAC peripherals: (1) The 10/100Base-T EMAC peripheral and (2) the - 10/100/1000Base-T GMAC peripheral. + 10/100/1000Base-T GMAC peripheral. Ethernet over USB using the + CDC ECM driver is also supported, and should work on Linux, macOS, and + Windows. Selecting the EMAC peripheral ----------------------------- @@ -834,6 +836,21 @@ Networking PHY selection. Later in the configuration steps, you will need to select the KSZ9081 PHY for GMAC (See below) + Selecting Ethernet over USB (CDC ECM driver) + -------------------------------------------- + + This uses the USB 2.0 connector labeled USB-A. On the host computer you will + need to configure the CDC ECM Ethernet over USB driver (see below for Linux + configuration script). + + CONFIG_USBDEV=y + CONFIG_USBDEV_DMA=y + CONFIG_USBDEV_DUALSPEED=y + CONFIG_NET_CDCECM=y + CONFIG_NET_ETH_PKTSIZE=1514 + + You can also use the defconfig file in `boards/arm/sama5/sama5d3-xplained/configs/ethernet-over-usb-2-high-speed`. + Common configuration settings ----------------------------- @@ -1019,6 +1036,69 @@ Networking CONFIG_NSH_NETINIT_RETRYMSEC=2000 : Configure the network monitor as you like CONFIG_NSH_NETINIT_SIGNO=18 + Ethernet Over USB Configuration Script + -------------------------------------- + + There is a configuration script for Linux that will configure the USB Ethernet interface, + it is in `tools/netusb.sh`. You can use it as follows: + + Once you boot a NuttX system with the CDC ECM Ethernet over USB device, the Linux network interface + will be added to your system. You should see something like the following messages in + /var/log/kern.log: + + [302074.552879] usb 1-2: new high-speed USB device number 107 using ehci-pci + [302074.718264] usb 1-2: New USB device found, idVendor=0525, idProduct=a4a2, bcdDevice= 1.00 + [302074.718267] usb 1-2: New USB device strings: Mfr=1, Product=2, SerialNumber=3 + [302074.718269] usb 1-2: Product: CDC/ECM Ethernet + [302074.718271] usb 1-2: Manufacturer: NuttX + [302074.718272] usb 1-2: SerialNumber: 0 + [302074.760638] cdc_ether 1-2:1.0 usb0: register 'cdc_ether' at usb-0000:02:03.0-2, CDC Ethernet Device, 02:00:00:11:22:33 + [302074.796215] cdc_ether 1-2:1.0 ens160u4u2: renamed from usb0 + + + If you execute the command 'ifconfig -a' you should see a new interface: + + $ ifconfig -a + + ens33: flags=4163 mtu 1500 + inet 192.168.46.156 netmask 255.255.255.0 broadcast 192.168.46.255 + inet6 fe80::20c:29ff:fe57:d0f8 prefixlen 64 scopeid 0x20 + ether 00:0c:29:57:d0:f8 txqueuelen 1000 (Ethernet) + RX packets 7628014 bytes 2002078802 (2.0 GB) + RX errors 0 dropped 0 overruns 0 frame 0 + TX packets 6040388 bytes 5327276865 (5.3 GB) + TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 + + ens160u4u2: flags=4163 mtu 1500 + inet6 fe80::ff:fe11:2233 prefixlen 64 scopeid 0x20 + ether 02:00:00:11:22:33 txqueuelen 1000 (Ethernet) + RX packets 36798 bytes 51705300 (51.7 MB) + RX errors 0 dropped 0 overruns 0 frame 0 + TX packets 24196 bytes 1312512 (1.3 MB) + TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 + + ens33 is the host Ethernet or wireless LAN interface. ens160u4u2 is the USB Ethernet + interface. + + The script will bring up the interface, configure it, and set up routes and IP Tables rules so the + nuttx system can access the internet: + + $ sudo ./tools/netusb.sh ens33 ens160u4u2 on + + This will bring down the interface, configure it, and delete routes and IP Tables rules: + + $ sudo ./tools/netusb.sh ens33 ens160u4u2 off + + Now that the new interface has an IP address, you can ping the NuttX box at 10.0.0.2 + (or whatever IP address you configured it to have). If you configured the telnet daemon + and started it, you should be able to telnet to the board using: + + $ telnet 10.0.0.2 + + The helper script also sets up Network Address Translation (NAT) so the NuttX system + can access the Internet. If that is not what you want, you can remove the iptables + + AT25 Serial FLASH ================= @@ -1380,86 +1460,10 @@ USB High-Speed Device CDC/ECM Ethernet Over USB ------------------------- - This will select the CDC/ECM Ethernet over USB device. Defaults for the other - options should be okay. + This allows networking to the host system via Ethernet over USB. See the + Networking section for configuration. On USB 2.0 High Speed, the CDC ECM + driver uses DMA and can transfer 4.4 MBytes/sec (34 Mbits/sec). - CONFIG_NET_CDCECM=y - CONFIG_CDCECM_EP0MAXPACKET=64 - CONFIG_CDCECM_EPINTIN=1 - CONFIG_CDCECM_EPINTIN_FSSIZE=16 - CONFIG_CDCECM_EPINTIN_HSSIZE=16 - CONFIG_CDCECM_EPBULKOUT=5 - CONFIG_CDCECM_EPBULKOUT_FSSIZE=64 - CONFIG_CDCECM_EPBULKOUT_HSSIZE=512 # needed for non-fragmentation IP and ICMP packets in HS mode - CONFIG_CDCECM_EPBULKIN=2 - CONFIG_CDCECM_EPBULKIN_FSSIZE=64 - CONFIG_CDCECM_EPBULKIN_HSSIZE=512 # needed for non-fragmentation IP and ICMP packets in HS mode - CONFIG_CDCECM_VENDORID=0x0525 - CONFIG_CDCECM_PRODUCTID=0xa4a2 - CONFIG_CDCECM_VENDORSTR="NuttX" - CONFIG_CDCECM_PRODUCTSTR="CDC/ECM Ethernet" - - There are two defconfig files that have been tested with these configurations: - - ethernet-over-usb/defconfig - ethernet-over-usb-telnetd/defconfig - - The latter has a telnetd enabled, so once the system boots, you can issue the telnetd command, - and then telnet into it from the host. - - To use them, copy them to .config, and run 'make menuconfig' (you don't have to change anything), - then save the file. Then run 'make' to make NuttX. - - On Linux, a helper script is provided called helpers/netusb-up.sh. This script can be used - to configure the Linux USB Ethernet Gadget network interface. Once you boot a NuttX system with the - CDC ECM Ethernet over USB device, the Linux network interface will be added to your system. You should - see something like the following messages in /var/log/kern.log: - - [302074.552879] usb 1-2: new high-speed USB device number 107 using ehci-pci - [302074.718264] usb 1-2: New USB device found, idVendor=0525, idProduct=a4a2, bcdDevice= 1.00 - [302074.718267] usb 1-2: New USB device strings: Mfr=1, Product=2, SerialNumber=3 - [302074.718269] usb 1-2: Product: CDC/ECM Ethernet - [302074.718271] usb 1-2: Manufacturer: NuttX - [302074.718272] usb 1-2: SerialNumber: 0 - [302074.760638] cdc_ether 1-2:1.0 usb0: register 'cdc_ether' at usb-0000:02:03.0-2, CDC Ethernet Device, 02:00:00:11:22:33 - [302074.796215] cdc_ether 1-2:1.0 ens35u2: renamed from usb0 - - If you execute the command 'ifconfig -a' you should see a new interface: - - $ ifconfig -a - - ens35u2: flags=4098 mtu 576 - ether 02:00:00:11:22:33 txqueuelen 1000 (Ethernet) - RX packets 0 bytes 0 (0.0 B) - RX errors 0 dropped 0 overruns 0 frame 0 - TX packets 0 bytes 0 (0.0 B) - TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 - - If you run the netusb-up.sh script, then do ifconfig, you should see the following: - - $ sudo ./netusb-up.sh - $ ifconfig -a - - ens35u2: flags=4163 mtu 576 - ether 02:00:00:11:22:33 txqueuelen 1000 (Ethernet) - RX packets 0 bytes 0 (0.0 B) - RX errors 0 dropped 0 overruns 0 frame 0 - TX packets 15 bytes 2477 (2.4 KB) - TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 - - ens35u2:0: flags=4163 mtu 576 - inet 10.0.0.1 netmask 255.255.255.0 broadcast 10.0.0.255 - ether 02:00:00:11:22:33 txqueuelen 1000 (Ethernet) - - Now that the new interface has an IP address, you can ping the NuttX box at 10.0.0.2 - (or whatever IP address you configured it to have). If you used the telnet defconfig, - you should be able to telnet to the board using: - - $ telnet 10.0.0.2 - - The helper script also sets up Network Address Translation (NAT) so the NuttX system - can access the Internet. If that is not what you want, you can remove the iptables - NAT commands from the script. Debugging USB Device -------------------- diff --git a/boards/arm/sama5/sama5d3-xplained/configs/ethernet-over-usb-telnetd/defconfig b/boards/arm/sama5/sama5d3-xplained/configs/ethernet-over-usb-2-high-speed/defconfig similarity index 86% rename from boards/arm/sama5/sama5d3-xplained/configs/ethernet-over-usb-telnetd/defconfig rename to boards/arm/sama5/sama5d3-xplained/configs/ethernet-over-usb-2-high-speed/defconfig index b009e70731..68313f5b31 100644 --- a/boards/arm/sama5/sama5d3-xplained/configs/ethernet-over-usb-telnetd/defconfig +++ b/boards/arm/sama5/sama5d3-xplained/configs/ethernet-over-usb-2-high-speed/defconfig @@ -25,11 +25,13 @@ CONFIG_BOARDCTL_USBDEVCTRL=y CONFIG_BOARD_LOOPSPERMSEC=65775 CONFIG_BOOT_RUNFROMSDRAM=y CONFIG_BUILTIN=y -CONFIG_CDCECM_EPINTIN_HSSIZE=16 CONFIG_DEBUG_FEATURES=y CONFIG_DEBUG_SYMBOLS=y CONFIG_DEV_LOOP=y CONFIG_EXAMPLES_HELLO=y +CONFIG_EXAMPLES_TCPBLASTER=y +CONFIG_EXAMPLES_TCPBLASTER_GROUPSIZE=200 +CONFIG_EXAMPLES_TCPECHO=y CONFIG_EXAMPLES_WGET=y CONFIG_EXAMPLES_WGET_URL="http://10.0.0.1/" CONFIG_FAT_LCNAMES=y @@ -37,11 +39,13 @@ CONFIG_FAT_LFN=y CONFIG_FS_FAT=y CONFIG_FS_PROCFS=y CONFIG_FS_PROCFS_EXCLUDE_VERSION=y +CONFIG_FS_ROMFS=y CONFIG_HAVE_CXX=y CONFIG_HAVE_CXXINITIALIZE=y CONFIG_INTELHEX_BINARY=y -CONFIG_IOB_NBUFFERS=24 -CONFIG_IOB_THROTTLE=0 +CONFIG_INTERPRETERS_CHIBI_SCHEME=y +CONFIG_IOB_NBUFFERS=72 +CONFIG_IOB_THROTTLE=16 CONFIG_MAX_TASKS=16 CONFIG_MAX_WDOGPARMS=2 CONFIG_MMCSD=y @@ -49,17 +53,18 @@ CONFIG_NETINIT_NETLOCAL=y CONFIG_NETINIT_NOMAC=y CONFIG_NETUTILS_NETLIB_GENERICURLPARSER=y CONFIG_NETUTILS_TELNETC=y -CONFIG_NETUTILS_TELNETD=y CONFIG_NETUTILS_WEBCLIENT=y CONFIG_NET_ARP_IPIN=y CONFIG_NET_ARP_SEND=y CONFIG_NET_BROADCAST=y CONFIG_NET_CDCECM=y +CONFIG_NET_ETH_PKTSIZE=1514 CONFIG_NET_ICMP=y CONFIG_NET_ICMP_SOCKET=y CONFIG_NET_ROUTE=y CONFIG_NET_STATISTICS=y CONFIG_NET_TCP=y +CONFIG_NET_TCPBACKLOG=y CONFIG_NET_TCP_NOTIFIER=y CONFIG_NET_TCP_WRITE_BUFFERS=y CONFIG_NET_UDP=y @@ -69,6 +74,7 @@ CONFIG_NSH_ARCHINIT=y CONFIG_NSH_BUILTIN_APPS=y CONFIG_NSH_FILEIOSIZE=512 CONFIG_NSH_PROMPT_STRING="nsh> " +CONFIG_NSH_ROMFSETC=y CONFIG_PREALLOC_MQ_MSGS=4 CONFIG_PREALLOC_TIMERS=4 CONFIG_PREALLOC_WDOGS=16 @@ -96,8 +102,13 @@ CONFIG_SAMA5_PIO_IRQ=y CONFIG_SAMA5_UART1=y CONFIG_SAMA5_UDPHS=y CONFIG_SCHED_HPWORK=y +CONFIG_SCHED_LPNTHREADS=2 +CONFIG_SCHED_LPWORK=y CONFIG_SCHED_WAITPID=y CONFIG_SDCLONE_DISABLE=y +CONFIG_SERIAL_TERMIOS=y +CONFIG_SIG_DEFAULT=y +CONFIG_SIG_EVTHREAD=y CONFIG_START_DAY=31 CONFIG_START_MONTH=7 CONFIG_START_YEAR=2014 @@ -111,8 +122,12 @@ CONFIG_SYSTEM_NSH=y CONFIG_SYSTEM_NSH_CXXINITIALIZE=y CONFIG_SYSTEM_PING=y CONFIG_SYSTEM_VI=y +CONFIG_TTY_SIGINT=y +CONFIG_TTY_SIGSTP=y CONFIG_USBDEV=y CONFIG_USBDEV_DMA=y CONFIG_USBDEV_DUALSPEED=y +CONFIG_USBDEV_TRACE=y +CONFIG_USBDEV_TRACE_NRECORDS=512 CONFIG_USER_ENTRYPOINT="nsh_main" CONFIG_WDOG_INTRESERVE=2 diff --git a/boards/arm/sama5/sama5d3-xplained/configs/ethernet-over-usb/defconfig b/boards/arm/sama5/sama5d3-xplained/configs/ethernet-over-usb/defconfig deleted file mode 100644 index 26bdf34e16..0000000000 --- a/boards/arm/sama5/sama5d3-xplained/configs/ethernet-over-usb/defconfig +++ /dev/null @@ -1,117 +0,0 @@ -# -# This file is autogenerated: PLEASE DO NOT EDIT IT. -# -# You can use "make menuconfig" to make any modifications to the installed .config file. -# You can then do "make savedefconfig" to generate a new defconfig file that includes your -# modifications. -# -# CONFIG_DISABLE_OS_API is not set -# CONFIG_NSH_ARGCAT is not set -# CONFIG_NSH_CMDOPT_HEXDUMP is not set -# CONFIG_NSH_CMDPARMS is not set -CONFIG_ARCH="arm" -CONFIG_ARCH_BOARD="sama5d3-xplained" -CONFIG_ARCH_BOARD_SAMA5D3_XPLAINED=y -CONFIG_ARCH_CHIP="sama5" -CONFIG_ARCH_CHIP_ATSAMA5D36=y -CONFIG_ARCH_CHIP_SAMA5=y -CONFIG_ARCH_CHIP_SAMA5D3=y -CONFIG_ARCH_INTERRUPTSTACK=2048 -CONFIG_ARCH_IRQPRIO=y -CONFIG_ARCH_LOWVECTORS=y -CONFIG_ARCH_STACKDUMP=y -CONFIG_ARM_SEMIHOSTING_SYSLOG=y -CONFIG_BOARDCTL_USBDEVCTRL=y -CONFIG_BOARD_LOOPSPERMSEC=65775 -CONFIG_BOOT_RUNFROMSDRAM=y -CONFIG_BUILTIN=y -CONFIG_CDCECM_EPINTIN_HSSIZE=16 -CONFIG_DEBUG_FEATURES=y -CONFIG_DEBUG_SYMBOLS=y -CONFIG_DEV_LOOP=y -CONFIG_EXAMPLES_HELLO=y -CONFIG_EXAMPLES_WGET=y -CONFIG_EXAMPLES_WGET_URL="http://10.0.0.1/" -CONFIG_FAT_LCNAMES=y -CONFIG_FAT_LFN=y -CONFIG_FS_FAT=y -CONFIG_FS_PROCFS=y -CONFIG_FS_PROCFS_EXCLUDE_VERSION=y -CONFIG_HAVE_CXX=y -CONFIG_HAVE_CXXINITIALIZE=y -CONFIG_INTELHEX_BINARY=y -CONFIG_IOB_NBUFFERS=24 -CONFIG_IOB_THROTTLE=0 -CONFIG_MAX_TASKS=16 -CONFIG_MAX_WDOGPARMS=2 -CONFIG_MMCSD=y -CONFIG_NETINIT_NETLOCAL=y -CONFIG_NETINIT_NOMAC=y -CONFIG_NETUTILS_NETLIB_GENERICURLPARSER=y -CONFIG_NETUTILS_TELNETC=y -CONFIG_NETUTILS_WEBCLIENT=y -CONFIG_NET_ARP_IPIN=y -CONFIG_NET_ARP_SEND=y -CONFIG_NET_BROADCAST=y -CONFIG_NET_CDCECM=y -CONFIG_NET_ICMP=y -CONFIG_NET_ICMP_SOCKET=y -CONFIG_NET_ROUTE=y -CONFIG_NET_STATISTICS=y -CONFIG_NET_TCP=y -CONFIG_NET_TCP_NOTIFIER=y -CONFIG_NET_TCP_WRITE_BUFFERS=y -CONFIG_NET_UDP=y -CONFIG_NFILE_DESCRIPTORS=8 -CONFIG_NFILE_STREAMS=8 -CONFIG_NSH_ARCHINIT=y -CONFIG_NSH_BUILTIN_APPS=y -CONFIG_NSH_FILEIOSIZE=512 -CONFIG_NSH_PROMPT_STRING="nsh> " -CONFIG_PREALLOC_MQ_MSGS=4 -CONFIG_PREALLOC_TIMERS=4 -CONFIG_PREALLOC_WDOGS=16 -CONFIG_RAM_SIZE=268435456 -CONFIG_RAM_START=0x20000000 -CONFIG_RAM_VSTART=0x20000000 -CONFIG_RAW_BINARY=y -CONFIG_READLINE_CMD_HISTORY=y -CONFIG_READLINE_CMD_HISTORY_LEN=100 -CONFIG_READLINE_CMD_HISTORY_LINELEN=120 -CONFIG_READLINE_TABCOMPLETION=y -CONFIG_RR_INTERVAL=200 -CONFIG_SAMA5D3XPLAINED_528MHZ=y -CONFIG_SAMA5_BOOT_SDRAM=y -CONFIG_SAMA5_DBGU=y -CONFIG_SAMA5_DBGU_CONSOLE=y -CONFIG_SAMA5_DBGU_NOCONFIG=y -CONFIG_SAMA5_HSMC=y -CONFIG_SAMA5_PIOA_IRQ=y -CONFIG_SAMA5_PIOB_IRQ=y -CONFIG_SAMA5_PIOC_IRQ=y -CONFIG_SAMA5_PIOD_IRQ=y -CONFIG_SAMA5_PIOE_IRQ=y -CONFIG_SAMA5_PIO_IRQ=y -CONFIG_SAMA5_UART1=y -CONFIG_SAMA5_UDPHS=y -CONFIG_SCHED_HPWORK=y -CONFIG_SCHED_WAITPID=y -CONFIG_SDCLONE_DISABLE=y -CONFIG_START_DAY=31 -CONFIG_START_MONTH=7 -CONFIG_START_YEAR=2014 -CONFIG_SYMTAB_ORDEREDBYNAME=y -CONFIG_SYSLOG_CHARDEV=y -CONFIG_SYSLOG_TIMESTAMP=y -CONFIG_SYSTEM_CLE_CMD_HISTORY=y -CONFIG_SYSTEM_CLE_CMD_HISTORY_LEN=20 -CONFIG_SYSTEM_CLE_CMD_HISTORY_LINELEN=120 -CONFIG_SYSTEM_NSH=y -CONFIG_SYSTEM_NSH_CXXINITIALIZE=y -CONFIG_SYSTEM_PING=y -CONFIG_SYSTEM_VI=y -CONFIG_USBDEV=y -CONFIG_USBDEV_DMA=y -CONFIG_USBDEV_DUALSPEED=y -CONFIG_USER_ENTRYPOINT="nsh_main" -CONFIG_WDOG_INTRESERVE=2 diff --git a/tools/README.txt b/tools/README.txt index 614fc99231..0115b2b132 100644 --- a/tools/README.txt +++ b/tools/README.txt @@ -787,6 +787,25 @@ mkdeps.c, cnvwindeps.c, mkwindeps.sh, and mknulldeps.sh eventually be solvable but for now continue to use mkwindeps.sh in that mixed environment. + + netusb.sh + --------- + + Helper script used to set up the CDC ECM Ethernet Over USB driver, + host routes, and IP Tables rules to support networking with a NuttX + system that has a CDC ECM Ethernet Over USB driver configured. Only + supported on Linux. + + General usage: + + $ ./tools/netusb.sh + Usage: tools/netusb.sh + + This has been tested on the SAMA5D3-Xplained board; see + `boards/arm/sama5/sama5d3-xplained/README.txt` for more information on how + to configure the CDC ECM driver for that board. + + README.txt ---------- diff --git a/tools/netusb.sh b/tools/netusb.sh new file mode 100755 index 0000000000..1d9e959c93 --- /dev/null +++ b/tools/netusb.sh @@ -0,0 +1,71 @@ +#!/bin/bash + +#**************************************************************************** +# tools/simhostroute.sh +# +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. The +# ASF licenses this file to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance with the +# License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +#**************************************************************************** + +# USB Ethernet Gadget interface helper script - sets up nuttx to access +# the internet via a host route and IP Tables. + +IP_NET="10.0.0.0/24" +IP_NETMASK="255.255.255.0" +IP_BROADCAST="10.0.0.255" +IP_HOST="10.0.0.1" +IP_NUTTX="10.0.0.2" + +if [ $# != 3 ]; then + echo "Usage: $0 " + exit 1 +fi + +IF_HOST=$1 +IF_USB=$2 +STATUS=$3 + +net_off() { + ip route delete $IP_NET + ip route delete $IP_NUTTX/32 + + # delete nat rules to clean up + iptables -t nat -D POSTROUTING -o $IF_HOST -j MASQUERADE + iptables -D FORWARD -i $IF_HOST -o $IF_USB -m state --state RELATED,ESTABLISHED -j ACCEPT + iptables -D FORWARD -i $IF_USB -o $IF_HOST -j ACCEPT + + ip route show + ifconfig $IF_USB down +} + +if [ "$STATUS" == "on" ]; then + net_off + ifconfig $IF_USB up + ifconfig -a + ifconfig $IF_USB add $IP_HOST + ifconfig $IF_USB:0 broadcast $IP_BROADCAST netmask $IP_NETMASK + ip route add $IP_NET dev $IF_USB src $IP_HOST + ip route add $IP_NUTTX/32 dev $IF_USB src $IP_HOST + + # nat to allow NuttX to access the internet + iptables -t nat -A POSTROUTING -o $IF_HOST -j MASQUERADE + iptables -A FORWARD -i $IF_HOST -o $IF_USB -m state --state RELATED,ESTABLISHED -j ACCEPT + iptables -A FORWARD -i $IF_USB -o $IF_HOST -j ACCEPT + + ip route show +else + net_off +fi