- allow multiple ports, protocols, macs, icmp types per rule
- implement "limit" and "limit_burst" options for rules
- implement "extra" option to rules and redirects for passing arbritary flags to iptables
- implement negations for "src_port", "dest_port", "src_dport", "src_mac", "proto" and "icmp_type" options
- allow wildcard (*) "src" and "dest" options in rules to allow specifying "any" source or destination
- validate symbolic icmp-type names against the selected iptables binary
- properly handle forwarded ICMPv6 traffic in the default configuration
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@27317 3c298f89-4303-0410-b956-a3cf2f4a3e73
Ethernet and wifi are not working and this is highly experimental.
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@27301 3c298f89-4303-0410-b956-a3cf2f4a3e73
Use the firmware from linux-firmware git where possible.
Update some firmware files in that process and check for missing firmware files for some modules.
* update Ralink firmwares
* update ath9k_htc firmware
* add firmware for mwl8k
* add more firmware files for libertas-sd and libertas-usb
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@27252 3c298f89-4303-0410-b956-a3cf2f4a3e73
* SiS 190 Fast/Gigabit Ethernet support
* SysKonnect Yukon support
* Atheros L2 Fast Ethernet support
* Atheros L1 Gigabit Ethernet support
* Atheros L1C
* Atheros L1E
Patch by Lauri Võsandi<lauri.vosandi@gmail.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@27242 3c298f89-4303-0410-b956-a3cf2f4a3e73
common.c is missing an include for linux/ratelimit.h.
Signed-off-by: Jonas Gorski <jonas.gorski+openwrt@gmail.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@27190 3c298f89-4303-0410-b956-a3cf2f4a3e73
Insmod silently rejected being run on any non 2.x kernel. Make its version
check allow newer kernels (and reject 2.4- when not enabling the 2.4
feature).
Signed-off-by: Jonas Gorski <jonas.gorski+openwrt@gmail.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@27189 3c298f89-4303-0410-b956-a3cf2f4a3e73
Allows madwifi to be built against linux 3.0.
Signed-off-by: Jonas Gorski <jonas.gorski+openwrt@gmail.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@27188 3c298f89-4303-0410-b956-a3cf2f4a3e73
Add patches from Hauke adding linux 3.0 compatibility.
Signed-off-by: Jonas Gorski <jonas.gorski+openwrt@gmail.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@27187 3c298f89-4303-0410-b956-a3cf2f4a3e73
Also disable rtc-core for now since this changed to a bool, now directly
used in the kernel if enabled.
Signed-off-by: Jonas Gorski <jonas.gorski+openwrt@gmail.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@27186 3c298f89-4303-0410-b956-a3cf2f4a3e73
This library contains core functionality usually (but obviously not always)
provided by libc implementations which isneeded by OpenWrt core packages.
For instance the functions 'strlcat', 'strlcpy' are not implemented in
eglibc but needed by hotplug2 (udevtrigger)
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@27169 3c298f89-4303-0410-b956-a3cf2f4a3e73
Having this file prevents the possibility of having target-specific
fstab config files (as target/linux/${target}/base-files/etc/config/fstab).
There is no need of a non-working example file on the target anyway.
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@27136 3c298f89-4303-0410-b956-a3cf2f4a3e73
eliminates unnecessary flash write cycles at every boot
patch by Peter Wagner (tripolar)
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@27127 3c298f89-4303-0410-b956-a3cf2f4a3e73
This patch is already incorporated into the original source code.
closes#9499
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@27100 3c298f89-4303-0410-b956-a3cf2f4a3e73
If the string received from the ADSL firmware is missing \n, add it in.
Signed-off-by: Nathan Williams <nathan@traverse.com.au>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@27096 3c298f89-4303-0410-b956-a3cf2f4a3e73
The pata-cs5535/pata-cs5536 driver is actually fairly rare: it only gets used on embedded platforms. Therefore, we remove it from the generic x86 configuration.
Also, add definitions for other useful geode modules (high-res timers, MFGPT timers, etc).
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@27037 3c298f89-4303-0410-b956-a3cf2f4a3e73
* backport 2.6.8 patches to .39 / .32.33
* remove lqtapi
* bump tapi/dsl to .39
* migrate to new ltq_ style api
* add amazon_se support
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@27026 3c298f89-4303-0410-b956-a3cf2f4a3e73
* Add missing config symbols
* Update package/kernel for 2.6.39
CONFIG_BT_L2CAP=y and CONFIG_BT_SCO=y are set to build them into the bluetooth module.
Thank you Jonas Gorski for the patch
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@27010 3c298f89-4303-0410-b956-a3cf2f4a3e73
Add a missing dependency to kmod-crypto-iv. chainiv.ko and eseqiv.ko
from kmod-crypto-iv depend on crypto_blkcipher.ko from
kmod-crypto-manager.
Signed-off-by: Lars Hjersted <lars@hjersted.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26984 3c298f89-4303-0410-b956-a3cf2f4a3e73
The attached patch for dnsmasq.init allows to assign a hostname to a
particular mac-address. It's useful to override the client supplied
hostname, especially if the client does not supply a hostname at all.
It corresponds to the following example in dnsmasq.conf.example:
# Always set the name of the host with hardware address
# 11:22:33:44:55:66 to be "fred"
#dhcp-host=11:22:33:44:55:66,fred
Regards
Mathias
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26983 3c298f89-4303-0410-b956-a3cf2f4a3e73
broadcom-wl driver bound to ssb device with ssb driver probe
have osh handle struct pdev pointer value initialized with
ssb_device pointer. Later on pdev is used with legacy pci
dma api as pci_dev thus causing oops sometimes.
The patch replaces legacy pci dma api and pass relevant
device struct pointer to avoid crashes.
Signed-off-by: George Kashperko <george@znau.edu.ua>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26949 3c298f89-4303-0410-b956-a3cf2f4a3e73
It was causing an occasional kernel oops.
Signed-off-by: Nathan Hintz <nlhintz@hotmail.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26948 3c298f89-4303-0410-b956-a3cf2f4a3e73
Hi,
the attached patch makes ipcalc.sh accept IP/Netmask combinations in
CIDR notation. Before you could only do:
# sh ipcalc.sh 192.168.0.0 255.255.255.0 1 10
IP=192.168.0.0
NETMASK=255.255.255.0
BROADCAST=192.168.0.255
NETWORK=192.168.0.0
PREFIX=24
START=192.168.0.1
END=192.168.0.11
with this patch you can also execute it with:
sh ipcalc.sh 192.168.0.0/24 1 10
IP=192.168.0.0
NETMASK=255.255.255.0
BROADCAST=192.168.0.255
NETWORK=192.168.0.0
PREFIX=24
START=192.168.0.1
END=192.168.0.11
The patch is based on #1260 [1], i just changed one line to calculate
the START end END ips right. I wonder why that never got included. If
there is no reason not to do i would like to ask you to commit that
patch, because its a functionality i (and probably others) miss quite often.
Btw, i also fixed 4 useless tabs, that might look a bit strange in the
patch.
Regards, Manuel
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26930 3c298f89-4303-0410-b956-a3cf2f4a3e73
Since the oldest kernel in trunk is 2.6.30 the modules always use the
newer names, so we can just use the _generic prefix directly.
Signed-off-by: Jonas Gorski <jonas.gorski+openwrt@gmail.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26903 3c298f89-4303-0410-b956-a3cf2f4a3e73
There's only 2.6, so it doesn't make sense to mention modules that are
2.4 only or for modules that they are available only for 2.6.
Signed-off-by: Jonas Gorski <jonas.gorski+openwrt@gmail.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26902 3c298f89-4303-0410-b956-a3cf2f4a3e73
With no 2.4 support in trunk, we can safely remove any 2.4 definitions for
kmods and merge the 2.6 definitions into the generic ones.
Signed-off-by: Jonas Gorski <jonas.gorski+openwrt@gmail.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26901 3c298f89-4303-0410-b956-a3cf2f4a3e73
Since there's only 2.6 in trunk $(KMOD_SUFFIX) can be safely replaced with
ko for all mainline kernel modules.
Signed-off-by: Jonas Gorski <jonas.gorski+openwrt@gmail.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26900 3c298f89-4303-0410-b956-a3cf2f4a3e73
package/kernel/modules/other.mk is getting big enough that putting the LEDs stuff into its own file makes sense.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26868 3c298f89-4303-0410-b956-a3cf2f4a3e73
2000::/3 space, so a default route of ::/0 is more correct.
Thanks Dave Taht
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26857 3c298f89-4303-0410-b956-a3cf2f4a3e73
kmod-crypto-ipsec bundles some otherwise unprovided kernel crypto
modules that are useful for IPSEC. This is an alternative to breaking
these modules out into kmod-crypto-wq (crypto_wq.ko), kmod-crypto-rng
(rng.ko and krng.ko), and kmod-crypto-iv (eseqiv.ko and chainiv.ko).
Signed-off-by: Lars Hjersted <lars@hjersted.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26814 3c298f89-4303-0410-b956-a3cf2f4a3e73
Add kmod-crypto-iv as a dependency for kmod-ipsec. Also remove the
extraneous kmod-crypto-core dependency to eliminate recursion.
Signed-off-by: Lars Hjersted <lars@hjersted.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26813 3c298f89-4303-0410-b956-a3cf2f4a3e73
This patch adds kmod-crypto-wq, kmod-crypto-rng, and kmod-crypto-iv
packages. These packages provide some missing kernel crypto modules
which are required for IPSEC. The strongswan4, ipsec-tools, and possibly
other IPSEC packages do not work properly without these modules.
NOTE: The KCONFIG associated with each of these modules gets selected
whenever CRYPTO_MANAGER (kmod-crypto-manager) is selected so these
modules are already being built.
Signed-off-by: Lars Hjersted <lars@hjersted.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26812 3c298f89-4303-0410-b956-a3cf2f4a3e73
Two examples of potentially useful configurations (commented out, of course):
(a) map the ssh service running on the firewall to 22001 externally, without modifying the configuration of the daemon itself. this allows port 22 on the WAN side to then be port-forwarded to a
LAN-based machine if desired, or if not, simply obscures the port from external attack.
(b) allow IPsec/ESP and ISAKMP (UDP-based key exchange) to happen by default. useful for most modern VPN clients you might have on your WAN.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26805 3c298f89-4303-0410-b956-a3cf2f4a3e73
If there is no sprom on an ssb based pci device on the brcm47xx
architecture ssb now asks the architecture code to look into the nvram
to get some sprom data for this device. Now we are able to read out
pci/1/1/ foo or pci/1/3/ foo config options.
This will fix some problems where the wireless devices does not got an
mac address and the following message was show:
ssb: WARNING: Invalid SPROM CRC (corrupt SPROM)
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26801 3c298f89-4303-0410-b956-a3cf2f4a3e73
Fix compilation for 2.6.39 by replacing SPIN_LOCK_UNLOCKED with
DEFINE_SPINLOCK().
Signed-off-by: Jonas Gorski <jonas.gorski+openwrt@gmail.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26771 3c298f89-4303-0410-b956-a3cf2f4a3e73
Allow enabling of N-PHY support for BCM4321 and BCM4322.
Signed-off-by: Jonas Gorski <jonas.gorski+openwrt@gmail.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26736 3c298f89-4303-0410-b956-a3cf2f4a3e73
Allow reenabling the PIO mode fallback for b43.
Signed-off-by: Jonas Gorski <jonas.gorski+openwrt@gmail.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26735 3c298f89-4303-0410-b956-a3cf2f4a3e73
Allow enabling debug output and debugfs for B43.
Signed-off-by: Jonas Gorski <jonas.gorski+openwrt@gmail.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26734 3c298f89-4303-0410-b956-a3cf2f4a3e73
Add the 5.10.56.27 firmware option. This includes updating b43-fwcutter to
its newest release 14 and updating the b43-fwsquash.py to recognise rev 16
n phy files.
Also rename the current options from STABLE/EXPERIMENTAL to their version
numbers.
Signed-off-by: Jonas Gorski <jonas.gorski+openwrt@gmail.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26733 3c298f89-4303-0410-b956-a3cf2f4a3e73
For kernel versions newer then 2.6.31 the ext4 module can be used to mount
ext2/3 filesystems.
Building ext2/3 as modules on the other hand breaks using ext4 for mounting ext2
or ext3, which breaks booting from ext2/3 on machines where the ext4 module is
built into the kernel.
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26645 3c298f89-4303-0410-b956-a3cf2f4a3e73
btrfs needs zlib_deflate, which was built but not included
Signed-off-by: Bastian Bittorf <bittorf@bluebottle.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26632 3c298f89-4303-0410-b956-a3cf2f4a3e73
when using an external toolchain the base-files package copies libc, libgcc and
others from the library directory.
The file list is given as following in the .config:
CONFIG_LIBC_FILE_SPEC="./lib/ld{-*.so,-linux*.so.*} ./lib/lib{anl,c,cidn,crypt,dl,m,nsl,nss_dns,nss_files,resolv,util}{-*.so,.so.*}"
Because the filenames are composed with different endings, not all files exist
and will be skipped. Currently, this works only if the last composed file
(util.so.*) really exists. At the moment this works - but only if you don't add
a new file like 'uClibc'.
Adding it at the end '...resolv,util,uClibc}{-*.so,.so.*}' will lead to this
message, because the combination 'libuClibc.so.*' doesn't exist and Make will
evaluate the last copy statement of the for loop.
--- Message Snippet ---
cp: cannot stat `/home/user/Desktop/code/meetwise/toolchain/staging_dir/toolchain-arm_v5te_gcc-linaro_uClibc-0.9.32_eabi/./lib/libnss_files.so.*': No such file or directory
cp: cannot stat `/home/user/Desktop/code/meetwise/toolchain/staging_dir/toolchain-arm_v5te_gcc-linaro_uClibc-0.9.32_eabi/./lib/libresolv-*.so': No such file or directory
cp: cannot stat `/home/user/Desktop/code/meetwise/toolchain/staging_dir/toolchain-arm_v5te_gcc-linaro_uClibc-0.9.32_eabi/./lib/libresolv.so.*': No such file or directory
cp: cannot stat `/home/user/Desktop/code/meetwise/toolchain/staging_dir/toolchain-arm_v5te_gcc-linaro_uClibc-0.9.32_eabi/./lib/libuClibc.so.*': No such file or directory
make[2]: *** [/home/user/Desktop/code/meetwise/openwrt/bin/at91/packages/libc_-68_at91.ipk] Error 1
make[2]: Leaving directory `/home/user/Desktop/code/meetwise/openwrt/package/base-files'
make[1]: *** [package/base-files/compile] Error 2
make[1]: Leaving directory `/home/user/Desktop/code/meetwise/openwrt'
make: *** [package/base-files/compile] Error 2
--- /Message Snippet/ ---
To fix this unwanted behaviour I added an extra 'exit 0' to each for-loop and
make ignores non-existing files as before.
Signed-off-by: Sven Bachmann <dev@mcbachmann.de>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26623 3c298f89-4303-0410-b956-a3cf2f4a3e73
SFQ with external classifiers method. It also corrects a bug in the
unsupported ESFQ method already used by qos-scripts. (ESFQ:
http://fatooh.org/esfq-2.6/ only updated to 2.6.24, it was switched to
an SFQ patch after that and not updated since 2008)
A class can be forced to use SFQ, and an external classifier added like
this:
config class "Normal"
option avgrate 10
option priority 30
option packetdelay 100
option limitrate 94
# option qdisc "sfq perturb 2"
config class "Normal_up"
# option filter "protocol all flow hash keys src divisor 1024"
config class "Normal_down"
# option filter "protocol all flow hash keys dst divisor 1024"
Using these options, the user needs to load cls_flow before qos-scripts
starts.
I've got more information here:
http://oneitguy.com/blogs/netprince/fair-traffic-sharing-esfq-broken-switching-sfqexternal-classifiers
This has been tested on r23914.
Signed-off-by: Ben Pfountz <netprince<>vt_edu>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26622 3c298f89-4303-0410-b956-a3cf2f4a3e73
Allow a redirect like:
config redirect
option src 'wan'
option dest 'lan'
option src_dport '22001'
option dest_port '22'
option proto 'tcp'
note the absence of the "dest_ip" field, meaning to terminate the connection on the firewall itself.
This patch makes three changes:
(1) moves the conntrack module into the conntrack package (but not any of the conntrack_* helpers).
(2) fixes a bug where the wrong table is used when the "dest_ip" field is absent.
(3) accepts incoming connections on the destination port on the input_ZONE table, but only for DNATted
connections.
In the above example,
ssh -p 22 root@myrouter
would fail from the outside, but:
ssh -p 22001 root@myrouter
would succeed. This is handy if:
(1) you want to avoid ssh probes on your router, or
(2) you want to redirect incoming connections on port 22 to some machine inside your firewall, but
still want to allow firewall access from outside.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26617 3c298f89-4303-0410-b956-a3cf2f4a3e73
Currently the device id in the platform driver is hardcoded to an
id which is specific to AR9130/AR9132 SOCs as it supports only wmac
(wireless mac) of these SOCs. But this needs to be dynamic when we
want to support different wmac of SOCs. So add id_table to driver to
make it extendable to more SOCs.
Signed-off-by: Vasanthakumar Thiagarajan <vasanth@atheros.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26604 3c298f89-4303-0410-b956-a3cf2f4a3e73
* Some module should be loaded later to load them after the modules they are depending on
* add some more missing config symbols
* make CS5535 build again
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26570 3c298f89-4303-0410-b956-a3cf2f4a3e73
Add a bundle for including commonly useful modules for IPtables debugging and development.
For now, it just contains xt_TRACE.ko
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26567 3c298f89-4303-0410-b956-a3cf2f4a3e73