This makes it possible to add an iptables rule that offloads routing/NAT
packet processing to a software fast path. This fast path is much
quicker than running packets through the regular tables/chains.
Requires Linux 4.14
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This only works with nftables for now, iptables support will be added
later. Includes a number of related upstream nftables improvements to
simplify backporting follow-up changes
Signed-off-by: John Crispin <john@phrozen.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
With upstream commit 2c93e790e825 ("usb: add CONFIG_USB_PCI for system
have both PCI HW and non-PCI based USB HW") the CONFIG_USB_PCI was
introduced.
The option is disabled by default in our generic kernel 4.14 config, hence
we need to set the option for all related kernel modules.
Signed-off-by: Mathias Kresin <dev@kresin.me>
It is currently possible to enable connlabel-support in iptables.
However, in order for connlabel to work properly, the kernel module must
also be present. This patch adds support for building the
connlabel-module, and selects it by default when connlabel-support is
enabled.
Signed-off-by: Kristian Evensen <kristian.evensen@gmail.com>
For hardware that supports multiple h/w output queues, add
a compatible scheduler (NET_SCH_MULTIQ).
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
The kmod-lp package included both lp.ko and ppdev.ko, but ECP device
drivers may or may not require lp NOT to be loaded, needing only ppdev.
Additionally, There were no packages for any parport interface modules,
such as uss720 or parport_pc, provided here. It has not been otherwise
possible to use PC-style parport hardware for kmod-lp.
Signed-off-by: Daniel Gimpelevich <daniel@gimpelevich.san-francisco.ca.us>
Once installed fou kernel module allows you to use FOU (Foo over UDP)
and GUE (Generic UDP encapsulation) tunnel protocols.
To get ip fou command working you also need to install ip-full.
Signed-off-by: Filip Moc <lede@moc6.cz>
The nf_reject_ipv4 and nf_reject_ipv6 modules are moved into separate
packages, as they are a common dependency of ip(6)tables and nftables. This
avoids a dependency of nftables on kmod-nf-ipt(6). Also, fewer iptables
modules depend on nf-conntrack(6) now.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
The IGB and IXGBE drivers depend on kmod-hwmon core now.
Fixes: af707a178f ("netdevices.mk: add hwmon to IGB and IXGBE drivers")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Off-chip NICs can run hotter than the CPU, so they're definitely
worth instrumenting.
Adding hardware monitoring increases by ~3744 and ~2672 bytes,
respectively, the sizes of the igb.ko and ixgbe.ko drivers.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
This reverts commit 53f62bc5e5.
commit made the builders fail with
"Package kmod-igb is missing dependencies for the following libraries: hwmon.ko"
Signed-off-by: John Crispin <john@phrozen.org>
The IGB and IXGBE drivers depend on kmod-hwmon core now.
Fixes: af707a178f ("netdevices.mk: add hwmon to IGB and IXGBE drivers")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Off-chip NICs can run hotter than the CPU, so they're definitely
worth instrumenting.
Adding hardware monitoring increases by ~3744 and ~2672 bytes,
respectively, the sizes of the igb.ko and ixgbe.ko drivers.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
The iptables TRACE target is only available in raw table that's why the
dependency was moved from iptables-mod-trace into kmod-ipt-debug
Fixes FS#1219
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
This reverts commit 666e9cf222.
The change has not been build-tested on non-x86 targets and leads to
stalled kernel builds due to unset configuration symbols there.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
The kmod-lp package included both lp.ko and ppdev.ko, but ECP device
drivers may or may not require lp NOT to be loaded, needing only ppdev.
Additionally, There were no packages for any parport interface modules,
such as uss720 or parport_pc, provided here. It has not been otherwise
possible to use PC-style parport hardware for kmod-lp.
Signed-off-by: Daniel Gimpelevich <daniel@gimpelevich.san-francisco.ca.us>
Unconditionally enable connmark support and tie it to the conntrack core
module to allow removing this kernel configuration dependency from the
xtables-addons package.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Fixes the following dependency error encountered by the buildbots:
Package kmod-w1 is missing dependencies for the following libraries:
hwmon.ko
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
The NXP 74HC164 GPIO expander driver uses a different config symbol
("CONFIG_GPIO_74X164") and module name since since at least Kernel
version 2.6.37.
Update the kmod package definition accordingly by adjusting kconfig
and module file names.
This unrelated, but correct change has been separated from the
WNR2000v5 support commits.
Ref: https://github.com/lede-project/source/pull/1256
Suggested-by: Raphael Catolino <raphael.catolino@gmail.com>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Add the uas(p) module to the modules loaded early on the boot process.
The uas(p) is an modern alternative, which is used by the modern USB3
storage cases, compared to the bot protocol. To be able to use uas(p)
storage cases for extroot, the kernel module has to be loaded before the
search for extroot has been called. This patch changes the load order to
support uas(p) storage cases for extroot.
Signed-off-by: Daniel Albers <daniel.albers@public-files.de>
Intel motherboards (as well as the Cavium ThunderX SoC) use a
superset of the I2C protocol called SMBus.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
kmod-lib-lzo and kmod-lib-lz4 depend in kernel 4.14 on
kmod-crypto-acompress, add this missing dependency.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
CONFIG_FRAMEBUFFER_CONSOLE does not activate new modules any more in
kernel 4.14, but CONFIG_FRAMEBUFFER_CONSOLE is now a boolean option
which change the kmod-fb package. kmod-fbcon should be split up.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This deactivates the following options which were introduced between
kernel 4.9 and 4.14 in some kernel packages:
CONFIG_INET_ESP_OFFLOAD
CONFIG_INET6_ESP_OFFLOAD
CONFIG_LWTUNNEL_BPF
CONFIG_NET_9P_XEN
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
In kernel 4.14 kmod-bluetooth depends on kmod-crypto-ecdh, add
kmod-crypto-ecdh to LEDE.
Both packages also depend on the kmod-crypto-kpp package. To build this
we have to fix the dependency of CRYPTO_ECDH which has a typo.
This patch is already accepted upstream.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
In kernel 4.14 kmod-crypto-hw-ccp depends on kmod-crypto-rsa, add it.
kmod-crypto-rsa also packages the ASN1 parser and some other code which
is currently only used by this module.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
In kernel 4.14 kmod-dm depends on kmod-dax.
Add DAX: "Direct access to differentiated memory" to LEDE.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
In kernel 4.14 hwmon support can be deactivated for the tg3 driver,
deactivate it by default to save some space.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The default e1000e parameters (interrupt throttling rate, MSI/MSI-X
mode) are optimized for desktop and server computers to optimize
user-space execution (i.e. what's typically referred to as "useful"
work). This assumption breaks on a router under load where most of
the "useful" work actually takes place either in hardware interrupt
handlers (IRQ) or at software IRQ (swirq) modes, so we try to reflect
that by overriding these parameters with more appropriate values.
Patch-by: Philip Prindeville <philipp@redfish-solutions.com>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Fix the target dependency to make it possible to select this module also
on x86 target and its subtargets.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The firmware directory in the Linux kernel was removed in kernel 4.14,
take the e100 firmware files now from the linux-firmware repository
instead. To do so create the new package e100-firmware. This will also
work with older kernel versions.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Adds NFS4 client support:
1. Package kmod-fs-nfs is split into kmod-fs-nfs (nfs.ko) and
kmod-fs-nfs-v3 (nfsv3.ko).
2. A new package kmod-fs-nfs-v4 (nfsv4.ko) is created.
3. Package kmod-fs-nfs-common-v4 is renamed to kmod-fs-nfs-rpcsec
and includes additional module rpcsec_gss_krb5.ko.
CONFIG_NFS_V4 goes into kmod-fs-nfs-v4, CONFIG_NFSD_V4 (NFS4
server) is removed. Missing kernel module oid_registry.ko
needed by auth_rpcgss.ko is added to the package.
A new package kmod-crypto-cts needed by rpcsec_gss_krb5.ko is
also created.
Signed-off-by: Marcin Jurkowski <marcin1j@gmail.com>
[add dependency to kmod-crypto-ecb in fs-nfs-common-rpcsec]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The module parameters "nogameport=1" and "nocir=1" are needed,
because this is not supported on recent chips and doesn't
really tell if the system is stable.
As this features will already be removed in linux-4.13 or newer,
this module parameters can be removed in the future.
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
The kernel firmware/ is going away, so pull this firmware
from the linux-firmware git repo instead. No actual changes
to the installed files.
Signed-off-by: Bjørn Mork <bjorn@mork.no>
These adapters support SR-IOV. Thus the host can assign Virtual Functions
(VFs) to different VMs by the PCI-E Passthrough (e.g. VFIO for KVM), to
gain different advantages (performance, VF to VF communications, host
kernel offload, etc.).
Signed-off-by: Chris Blakely <cpblakely@gmail.com>
This driver supports the Bosch Sensortec BMP180/BMP280 pressure and
temperature sensors. It also supports the BME280 sensors with an
additional humidity channel.
Tested I2C and SPI modes with a BME280 sensor on a Raspberry Pi Zero W.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
MACsec/IEEE 802.1AE is useful to secure communication to and
from endpoints at Layer 2.
Starting with 4.6, the linux kernel provides a universal
macsec driver for authentication and encryption of traffic
in a LAN, typically with GCM-AES-128, and optional replay
protection.
http://standards.ieee.org/getieee802/download/802.1AE-2006.pdf
Note:
LEDE can utilize MACsec with a static connectivity association
key (static PSK) with the ip-full package installed.
<http://man7.org/linux/man-pages/man8/ip-macsec.8.html>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
This will allow you to build and package the uas.ko module.
With more routers supporting USB 3.0 host this could help
speed up activities like DLNA and Samba, as well as reduce
CPU utilization over BOT mass storage drivers.
Signed-off-by: James Christopher Adduono <jc@adduono.com>
This fixes the build of this module and should fix the build bots.
Fixes: a5922f6 ("kernel: bluetooth: add marvell sdio bluetooth module")
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
[removed mveub dependency and update commit comment]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This commit add support for Marvell bluetooth with SDIO interface.
Signed-off-by: Henryk Heisig <hyniu@o2.pl>
[Fix KCONFIG and FILES option]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The tftp and irc netfilter modules are provided by nf-nathelper-extra
and not by nf-nathelper.
Signed-off-by: Uwe Arnold <donvipre@gmail.com>
[move the irc module as well]
Signed-off-by: Mathias Kresin <dev@kresin.me>
Unlike /proc/sys/net/ipv4/conf/INTF/rp_filter flag, rule iptables -t raw
-I PREROUTING -m rpfilter --invert -j DROP prevents conntrack table to
become full when a packet flood with randomly selected source IP addresses
is received from the lan side.
Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
Remove support for NCT6775/6 from W83627EHF driver so the NCT6775
driver will still be used for those chips.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Support for the nct6775/6776 hwmon chips, and other compatibles
in the family as well as the Intel on-chip thermal sensors.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Intel(R) 82576 is an adapter which supports SR-IOV. Thus the host can
assign Virtual Functions (VFs) to different VMs by the PCI-E Passthrough
(e.g. VFIO for KVM), to gain different advantages (performance, VF to VF
communications, host kernel offload, etc.).
The driver of the passthroughed VFs is the igbvf (igb is NOT
compatible).
This is essential for VM guests, to enable them to utilize this feature.
Signed-off-by: Ye Tao <tydus@hongo.wide.ad.jp>
This is a 3rd party chipset which is not present on all Intel
reference designs, so make it a module rather than baked in (this
will also alleviate conflicts with drivers which also detect some
of the same chipsets).
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
This is the standard way we handle this. Please note (it seems) I could
drop few symbols as they are hidden under (disabled) DRM_LEGACY now.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
For targets with i2c not built-in this fixes following error:
Package kmod-drm is missing dependencies for the following libraries:
i2c-core.ko
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Open-code usb_phy_generic_register instead of calling it, since it is
really trivial. Avoid pulling CONFIG_NOP_USB_XCEIV into the kernel
config and add a proper dependency instead
Signed-off-by: Felix Fietkau <nbd@nbd.name>
If ehci platform driver is loaded before the chipidea controller driver,
both are competing for the same IO resources and the generic driver gets
used for the hardware. This results in USB device mode being
unavailable.
Split generic EHCI support code out of kmod-usb2, so that the chipidea
driver can be included without also pulling in the generic one. Also
rework the load order, so that the chipidea driver gets loaded first, in
case both are installed
Signed-off-by: Felix Fietkau <nbd@nbd.name>
The following will enable the TPM kernel module, as well as support for
the atmel i2c TPM driver. Tested and confirmed working on an Aerohive
AP-121
Signed-off-by: Chris Blake <chrisrblake93@gmail.com>