kmod-crypto-ipsec bundles some otherwise unprovided kernel crypto
modules that are useful for IPSEC. This is an alternative to breaking
these modules out into kmod-crypto-wq (crypto_wq.ko), kmod-crypto-rng
(rng.ko and krng.ko), and kmod-crypto-iv (eseqiv.ko and chainiv.ko).
Signed-off-by: Lars Hjersted <lars@hjersted.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26814 3c298f89-4303-0410-b956-a3cf2f4a3e73
Add kmod-crypto-iv as a dependency for kmod-ipsec. Also remove the
extraneous kmod-crypto-core dependency to eliminate recursion.
Signed-off-by: Lars Hjersted <lars@hjersted.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26813 3c298f89-4303-0410-b956-a3cf2f4a3e73
This patch adds kmod-crypto-wq, kmod-crypto-rng, and kmod-crypto-iv
packages. These packages provide some missing kernel crypto modules
which are required for IPSEC. The strongswan4, ipsec-tools, and possibly
other IPSEC packages do not work properly without these modules.
NOTE: The KCONFIG associated with each of these modules gets selected
whenever CRYPTO_MANAGER (kmod-crypto-manager) is selected so these
modules are already being built.
Signed-off-by: Lars Hjersted <lars@hjersted.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26812 3c298f89-4303-0410-b956-a3cf2f4a3e73
Two examples of potentially useful configurations (commented out, of course):
(a) map the ssh service running on the firewall to 22001 externally, without modifying the configuration of the daemon itself. this allows port 22 on the WAN side to then be port-forwarded to a
LAN-based machine if desired, or if not, simply obscures the port from external attack.
(b) allow IPsec/ESP and ISAKMP (UDP-based key exchange) to happen by default. useful for most modern VPN clients you might have on your WAN.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26805 3c298f89-4303-0410-b956-a3cf2f4a3e73
If there is no sprom on an ssb based pci device on the brcm47xx
architecture ssb now asks the architecture code to look into the nvram
to get some sprom data for this device. Now we are able to read out
pci/1/1/ foo or pci/1/3/ foo config options.
This will fix some problems where the wireless devices does not got an
mac address and the following message was show:
ssb: WARNING: Invalid SPROM CRC (corrupt SPROM)
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26801 3c298f89-4303-0410-b956-a3cf2f4a3e73
Fix compilation for 2.6.39 by replacing SPIN_LOCK_UNLOCKED with
DEFINE_SPINLOCK().
Signed-off-by: Jonas Gorski <jonas.gorski+openwrt@gmail.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26771 3c298f89-4303-0410-b956-a3cf2f4a3e73
Allow enabling of N-PHY support for BCM4321 and BCM4322.
Signed-off-by: Jonas Gorski <jonas.gorski+openwrt@gmail.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26736 3c298f89-4303-0410-b956-a3cf2f4a3e73
Allow reenabling the PIO mode fallback for b43.
Signed-off-by: Jonas Gorski <jonas.gorski+openwrt@gmail.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26735 3c298f89-4303-0410-b956-a3cf2f4a3e73
Allow enabling debug output and debugfs for B43.
Signed-off-by: Jonas Gorski <jonas.gorski+openwrt@gmail.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26734 3c298f89-4303-0410-b956-a3cf2f4a3e73
Add the 5.10.56.27 firmware option. This includes updating b43-fwcutter to
its newest release 14 and updating the b43-fwsquash.py to recognise rev 16
n phy files.
Also rename the current options from STABLE/EXPERIMENTAL to their version
numbers.
Signed-off-by: Jonas Gorski <jonas.gorski+openwrt@gmail.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26733 3c298f89-4303-0410-b956-a3cf2f4a3e73
For kernel versions newer then 2.6.31 the ext4 module can be used to mount
ext2/3 filesystems.
Building ext2/3 as modules on the other hand breaks using ext4 for mounting ext2
or ext3, which breaks booting from ext2/3 on machines where the ext4 module is
built into the kernel.
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26645 3c298f89-4303-0410-b956-a3cf2f4a3e73
btrfs needs zlib_deflate, which was built but not included
Signed-off-by: Bastian Bittorf <bittorf@bluebottle.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26632 3c298f89-4303-0410-b956-a3cf2f4a3e73
when using an external toolchain the base-files package copies libc, libgcc and
others from the library directory.
The file list is given as following in the .config:
CONFIG_LIBC_FILE_SPEC="./lib/ld{-*.so,-linux*.so.*} ./lib/lib{anl,c,cidn,crypt,dl,m,nsl,nss_dns,nss_files,resolv,util}{-*.so,.so.*}"
Because the filenames are composed with different endings, not all files exist
and will be skipped. Currently, this works only if the last composed file
(util.so.*) really exists. At the moment this works - but only if you don't add
a new file like 'uClibc'.
Adding it at the end '...resolv,util,uClibc}{-*.so,.so.*}' will lead to this
message, because the combination 'libuClibc.so.*' doesn't exist and Make will
evaluate the last copy statement of the for loop.
--- Message Snippet ---
cp: cannot stat `/home/user/Desktop/code/meetwise/toolchain/staging_dir/toolchain-arm_v5te_gcc-linaro_uClibc-0.9.32_eabi/./lib/libnss_files.so.*': No such file or directory
cp: cannot stat `/home/user/Desktop/code/meetwise/toolchain/staging_dir/toolchain-arm_v5te_gcc-linaro_uClibc-0.9.32_eabi/./lib/libresolv-*.so': No such file or directory
cp: cannot stat `/home/user/Desktop/code/meetwise/toolchain/staging_dir/toolchain-arm_v5te_gcc-linaro_uClibc-0.9.32_eabi/./lib/libresolv.so.*': No such file or directory
cp: cannot stat `/home/user/Desktop/code/meetwise/toolchain/staging_dir/toolchain-arm_v5te_gcc-linaro_uClibc-0.9.32_eabi/./lib/libuClibc.so.*': No such file or directory
make[2]: *** [/home/user/Desktop/code/meetwise/openwrt/bin/at91/packages/libc_-68_at91.ipk] Error 1
make[2]: Leaving directory `/home/user/Desktop/code/meetwise/openwrt/package/base-files'
make[1]: *** [package/base-files/compile] Error 2
make[1]: Leaving directory `/home/user/Desktop/code/meetwise/openwrt'
make: *** [package/base-files/compile] Error 2
--- /Message Snippet/ ---
To fix this unwanted behaviour I added an extra 'exit 0' to each for-loop and
make ignores non-existing files as before.
Signed-off-by: Sven Bachmann <dev@mcbachmann.de>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26623 3c298f89-4303-0410-b956-a3cf2f4a3e73
SFQ with external classifiers method. It also corrects a bug in the
unsupported ESFQ method already used by qos-scripts. (ESFQ:
http://fatooh.org/esfq-2.6/ only updated to 2.6.24, it was switched to
an SFQ patch after that and not updated since 2008)
A class can be forced to use SFQ, and an external classifier added like
this:
config class "Normal"
option avgrate 10
option priority 30
option packetdelay 100
option limitrate 94
# option qdisc "sfq perturb 2"
config class "Normal_up"
# option filter "protocol all flow hash keys src divisor 1024"
config class "Normal_down"
# option filter "protocol all flow hash keys dst divisor 1024"
Using these options, the user needs to load cls_flow before qos-scripts
starts.
I've got more information here:
http://oneitguy.com/blogs/netprince/fair-traffic-sharing-esfq-broken-switching-sfqexternal-classifiers
This has been tested on r23914.
Signed-off-by: Ben Pfountz <netprince<>vt_edu>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26622 3c298f89-4303-0410-b956-a3cf2f4a3e73
Allow a redirect like:
config redirect
option src 'wan'
option dest 'lan'
option src_dport '22001'
option dest_port '22'
option proto 'tcp'
note the absence of the "dest_ip" field, meaning to terminate the connection on the firewall itself.
This patch makes three changes:
(1) moves the conntrack module into the conntrack package (but not any of the conntrack_* helpers).
(2) fixes a bug where the wrong table is used when the "dest_ip" field is absent.
(3) accepts incoming connections on the destination port on the input_ZONE table, but only for DNATted
connections.
In the above example,
ssh -p 22 root@myrouter
would fail from the outside, but:
ssh -p 22001 root@myrouter
would succeed. This is handy if:
(1) you want to avoid ssh probes on your router, or
(2) you want to redirect incoming connections on port 22 to some machine inside your firewall, but
still want to allow firewall access from outside.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26617 3c298f89-4303-0410-b956-a3cf2f4a3e73
Currently the device id in the platform driver is hardcoded to an
id which is specific to AR9130/AR9132 SOCs as it supports only wmac
(wireless mac) of these SOCs. But this needs to be dynamic when we
want to support different wmac of SOCs. So add id_table to driver to
make it extendable to more SOCs.
Signed-off-by: Vasanthakumar Thiagarajan <vasanth@atheros.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26604 3c298f89-4303-0410-b956-a3cf2f4a3e73
* Some module should be loaded later to load them after the modules they are depending on
* add some more missing config symbols
* make CS5535 build again
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26570 3c298f89-4303-0410-b956-a3cf2f4a3e73
Add a bundle for including commonly useful modules for IPtables debugging and development.
For now, it just contains xt_TRACE.ko
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26567 3c298f89-4303-0410-b956-a3cf2f4a3e73
If your ISP is pushing their own DSL equipment (which many do to contain support costs), they won't be
forthcoming with your various settings: encapsulation, VPI/VCI, etc.
These you might have to discover yourself. The easiest way to do this is with atmdiag and atmdump.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26542 3c298f89-4303-0410-b956-a3cf2f4a3e73
This adds the Intel wireless drivers for their normal cards.
Thank you framer99 for the patch, I extended it a little bit.
This closes#7227
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26534 3c298f89-4303-0410-b956-a3cf2f4a3e73
This enables support for Realtek 8169 based network cards for other
platforms than x86. I have a mini-PCI card on ixp4xxx running here.
Maybe for the other cards in netdevices.mk a @DEPENDS change from
@TARGET_x86 to @PCI_SUPPORT makes also sense.
Signed-off-by: Christoph König <christoph.koenig@ikt.uni-hannover.de>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26529 3c298f89-4303-0410-b956-a3cf2f4a3e73
Since r26296 mppe.ko could not be loaded, kernel gives "device missing" error.
According to KConfig cypther-ecb is required.
Signed-off-by: Sven Roederer <mailinglists.sven_at_roederer.dhs.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26507 3c298f89-4303-0410-b956-a3cf2f4a3e73
adds some more pending patches which (among other things) fix the 'failed to stop RX DMA' messages
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26506 3c298f89-4303-0410-b956-a3cf2f4a3e73
Hi
minrate and maxrate are acually not boolean, so, for example
"config minrate 11000" in /etc/config/wireless has no effect.
Signed-off by: Jan Hetges <tran@ms20.net>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26504 3c298f89-4303-0410-b956-a3cf2f4a3e73
/etc/functions.sh:pi_include() checks if the argument exists and prints
a warning if not. To prevent this warning if package block-mount is installed
but not package e2fsprogs, the script should check if this directory exists
before calling pi_include()
A wrong patch to suppress this warning was previously posted
with subject:
[PATCH] Fix typo in name of to be included file
Signed-off-by: Mark Vels <mark.vels@team-embedded.nl>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26503 3c298f89-4303-0410-b956-a3cf2f4a3e73
The script tests for the existance of /dev/root with test -e which fails if
/dev/root is a dangling symlink making the call to ln fail.
Signed-off-by: Justus Winter <4winter@informatik.uni-hamburg.de>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26483 3c298f89-4303-0410-b956-a3cf2f4a3e73
This patch adds WLAN LED support to the mac80211 driver for Ralink
rt2x00/rt2800 (rt305x) SoC devices. The current driver in
kmod-rt2800-lib is based upon PCI, not SoC. The WLAN LED drivers in
rt2800lib.c set the LED brightness via an MCU request, but do nothing
for SoC. This patch checks for SoC and sets the register to enable the
WLAN LED (instead of an MCU request). This fixes the WLAN LED for
RT305x devices (such as the HW550-3G).
Signed-off-by: Layne Edwards <ledwards76@gmail.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26463 3c298f89-4303-0410-b956-a3cf2f4a3e73
The makefile was missing the coef source filename, so it would install a directory instead of
the coefficients file, breaking voice applications.
Signed-off-by: Luca Olivetti <luca@ventoso.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26462 3c298f89-4303-0410-b956-a3cf2f4a3e73
Changed:
- Support added for mISDN card driver for Cologne AG's HFC pci cards (single port)
- Title texts and help texts for some other isdn drivers adjusted for clarification
Signed-off by: Arnold Schulz <arnysch@gmx.net>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26452 3c298f89-4303-0410-b956-a3cf2f4a3e73
Netfilter LED target triggers blinkenlichten when a network packet hits
a rule.
LED target requires iptables 1.4.9 or higher
Signed-off-by: Łukasz Stelmach <stlman@poczta.fm>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26451 3c298f89-4303-0410-b956-a3cf2f4a3e73
So far, we are setting the bridge interface up before having added any
bridge interface ports. This results in the bridge assigning a random
mac address to its bridge interface and therefore IPv6 assigning a
matching link local address to the bridge interface as soon as the
bridge interface is up. After adding the first bridge port interface,
the bridge's mac address is reset correctly, however the IPv6 link
local address stays the same.
This commit ensures that we are at least having the IPv6 link local
address of the first interface added to the bridge instead of a random
one.
Signed-off-by: Linus Lüssing <linus.luessing@web.de>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26426 3c298f89-4303-0410-b956-a3cf2f4a3e73
r25831 reduced the size of the dropbear executable by, among other things,
disabling support for keyboard-interactive authentication. The default
sshd configuration on Mac OS X only permits keyboard-interactive and
public-key authentication, so unless a public key is set up, the default
OpenWrt ssh client is now unable to connect to Mac OS X hosts. This patch
re-enables keyboard-interactive authentication.
In my tests, this increases the size of the stripped dropbear executable
by 416 bytes on mips and 1,104 bytes on mipsel. In my opinion, such a
small space savings isn't worthwhile when the resultant executable is
severely hamstrung.
Signed-off-by: Mark Mentovai <mark@moxienet.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26390 3c298f89-4303-0410-b956-a3cf2f4a3e73