This adds support for configuring VTI interfaces within /etc/config/network.
VTI interfaces are used to create IPsec tunnel interfaces. These interfaces
may be used for routing and other purposes.
Example config:
config interface 'vti1'
option proto 'vti'
option mtu '1500'
option tunlink 'wan'
option peeraddr '192.168.5.16'
option zone 'VPN'
option ikey 2
option okey 2
config interface 'vti1_static'
option proto 'static'
option ifname '@vti1'
option ipaddr '192.168.7.2/24'
The options ikey and okey correspond to the fwmark value of a ipsec policy.
The may be null if you do not want fwmarks.
Also peeraddr may be 0.0.0 if you want all ESP packets go through the
interface.
Example strongswan config:
conn vti
left=%any
leftcert=peer2.test.der
leftid=@peer2.test
right=192.168.5.16
rightid=@peer3.test
leftsubnet=0.0.0.0/0
rightsubnet=0.0.0.0/0
mark=2
auto=route
Signed-off-by: André Valentin <avalentin@marcant.net>
SVN-Revision: 48274
- update to latest version 20160104
- remove cpu dependency (PKGARCH:=all)
- set myself as package maintainer
Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
SVN-Revision: 48271
The Apache Software Foundation offers diverse download mirros.
For packaging Apache software a new alias @APACHE is defined.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
SVN-Revision: 48270
The old signature only worked because brnboot ignores the leading "5" in
the signature. We can see the correct signature when flashing a brnImage
via recovery web-interface, in this case brnboot reports:
[CGI-Signature Check] buf:[BRNDA6431], sigInFlash:[BRNDA6431]
Thanks to Mathias Kresin for reporting this.
Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
SVN-Revision: 48269
This add support for IGMP Snooping on atheros switches (disabled by default),
which avoids flooding the network with multicast data.
Tested on TL-WDR4300: disabling IGMP Snooping results in multicast flooding
on each specific port, enabling it back again prevents each port from
receiving all multicast packets.
Partially based on: http://patchwork.ozlabs.org/patch/418122/
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
SVN-Revision: 48268
The build scripts check for openssl by grepping the string "OpenSSL" in
the output of openssl version command. LibreSSL fails this test as it
outputs something like "LibreSSL 2.2.4". This patch fix the
prereq-bulid.mk file so that it accepts LibreSSL as openssl provider as
well.
Signed-off-by: Marek Behun <kabel@blackhole.sk>
SVN-Revision: 48267
- random-bcm2708 and spi-bcm2708 have been removed.
- sound-soc-bcm2708-i2s has been upstreamed as sound-soc-bcm2835-i2s.
Let's keep linux 4.1 for a while, since linux 4.4 appears to have some issues
with multicast traffic on RPi ethernet:
https://gist.github.com/Noltari/5b1cfdecce5ed4bc08fd
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
SVN-Revision: 48266
This removes the arch-specific mtdsplit parsers and enables the generic
implementations for brnImage, EVA and TP-Link instead.
Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
SVN-Revision: 48264
On most image types the rootfs ends at an erase-block. However, at least
with brnImages this is not the case: while the partitions are aligned
with the erase-block size there is a 12 byte footer at the end of the
partition which must not be touched by any filesystem. This lead to a
rootfs_data partition which was not aligned properly (and thus ended up
being readonly):
0x000000480000-0x00000085a800 : "rootfs_data" (128 KiB EB)
Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
SVN-Revision: 48263
This allows splitting EVA images (usually found in fritz devices). The
firmware will be split into a kernel and a separate rootfs partition.
Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
SVN-Revision: 48262
This adds brnImage (used with the brnboot bootloader) firmware parsing
support. brnboot verifies the integrity of the firmware stored on the
"Code Image" partitions by looking at the 12 byte footer at the very end
of the partition. This footer contains the checksum of the original
brnImage (kernel + rootfs/squashfs) and must not be touched (by our JFFS2
rootfs_data - otherwise the image will not be bootable anymore).
Big thanks to Mathias Kresin for analyzing the brnImage structure and
finding out the information how to keep images valid even when adding a
nested rootfs_data partition.
Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
SVN-Revision: 48261
By default dnsmasq uses random ports for outbound dns queries;
when the minport UCI option is specified the ports used will
always be larger than the specified value.
This is usefull for systems behind firewalls.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
SVN-Revision: 48244
CONFIG_VIDEOBUF2_CORE produces two object files in Linux >= 4.4.
Conditionally add the new file to FILES of kmod-video-videobuf2.
Signed-off-by: Jan Čermák <jan.cermak@nic.cz>
SVN-Revision: 48242
Given those patches are relevant to any ARC platform and even
ISA version it makes perfect sense for patches to exist
in one place instead of being duplicated for each new ARC-based ASIC.
Note this is a prerequisite for upstreaming of ARC HS38 support in
OpenWRT.
Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
Cc: Felix Fietkau <nbd@openwrt.org>
Cc: Jo-Philipp Wich <jow@openwrt.org>
Cc: Jonas Gorski <jogo@openwrt.org>
SVN-Revision: 48241
This switch involved:
[1] Regeneration of config (few options went away)
[2] Regeneration of patches so they apply cleanly (different offsets)
[3] Update of .dts files because we now explicitly specify
memory regions in use as opposed to previously used offset
from 0x8000_0000
Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
Cc: Felix Fietkau <nbd@openwrt.org>
Cc: Jo-Philipp Wich <jow@openwrt.org>
Cc: Jonas Gorski <jogo@openwrt.org>
SVN-Revision: 48240
This fixes diverging executable search paths observed in programs
launched throughn etifd which in turn inherited the search path from
procd early on boot.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 48235
This patch was merged into upstream Linux 4.1.
This fixes#21587 and was introduced in r48223.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
SVN-Revision: 48229
Fully reset the chip like on a full up/down, but without the PHY
statemachine restart.
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 48228