NOTE: The KCONFIG associated with each of these modules gets selected
whenever CRYPTO_MANAGER (kmod-crypto-manager) is selected so these
modules are already being built.
Signed-off-by: Lars Hjersted <lars@hjersted.com>
SVN-Revision: 26812
(a) map the ssh service running on the firewall to 22001 externally, without modifying the configuration of the daemon itself. this allows port 22 on the WAN side to then be port-forwarded to a
LAN-based machine if desired, or if not, simply obscures the port from external attack.
(b) allow IPsec/ESP and ISAKMP (UDP-based key exchange) to happen by default. useful for most modern VPN clients you might have on your WAN.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
SVN-Revision: 26805
If there is no sprom on an ssb based pci device on the brcm47xx
architecture ssb now asks the architecture code to look into the nvram
to get some sprom data for this device. Now we are able to read out
pci/1/1/ foo or pci/1/3/ foo config options.
This will fix some problems where the wireless devices does not got an
mac address and the following message was show:
ssb: WARNING: Invalid SPROM CRC (corrupt SPROM)
SVN-Revision: 26801
Fix compilation for 2.6.39 by replacing SPIN_LOCK_UNLOCKED with
DEFINE_SPINLOCK().
Signed-off-by: Jonas Gorski <jonas.gorski+openwrt@gmail.com>
SVN-Revision: 26771
Add the 5.10.56.27 firmware option. This includes updating b43-fwcutter to
its newest release 14 and updating the b43-fwsquash.py to recognise rev 16
n phy files.
Also rename the current options from STABLE/EXPERIMENTAL to their version
numbers.
Signed-off-by: Jonas Gorski <jonas.gorski+openwrt@gmail.com>
SVN-Revision: 26733
For kernel versions newer then 2.6.31 the ext4 module can be used to mount
ext2/3 filesystems.
Building ext2/3 as modules on the other hand breaks using ext4 for mounting ext2
or ext3, which breaks booting from ext2/3 on machines where the ext4 module is
built into the kernel.
SVN-Revision: 26645
The file list is given as following in the .config:
CONFIG_LIBC_FILE_SPEC="./lib/ld{-*.so,-linux*.so.*} ./lib/lib{anl,c,cidn,crypt,dl,m,nsl,nss_dns,nss_files,resolv,util}{-*.so,.so.*}"
Because the filenames are composed with different endings, not all files exist
and will be skipped. Currently, this works only if the last composed file
(util.so.*) really exists. At the moment this works - but only if you don't add
a new file like 'uClibc'.
Adding it at the end '...resolv,util,uClibc}{-*.so,.so.*}' will lead to this
message, because the combination 'libuClibc.so.*' doesn't exist and Make will
evaluate the last copy statement of the for loop.
A class can be forced to use SFQ, and an external classifier added like
this:
config class "Normal"
option avgrate 10
option priority 30
option packetdelay 100
option limitrate 94
# option qdisc "sfq perturb 2"
config class "Normal_up"
# option filter "protocol all flow hash keys src divisor 1024"
config class "Normal_down"
# option filter "protocol all flow hash keys dst divisor 1024"
Using these options, the user needs to load cls_flow before qos-scripts
starts.
I've got more information here:
http://oneitguy.com/blogs/netprince/fair-traffic-sharing-esfq-broken-switching-sfqexternal-classifiers
This has been tested on r23914.
Signed-off-by: Ben Pfountz <netprince<>vt_edu>
SVN-Revision: 26622
Allow a redirect like:
config redirect
option src 'wan'
option dest 'lan'
option src_dport '22001'
option dest_port '22'
option proto 'tcp'
note the absence of the "dest_ip" field, meaning to terminate the connection on the firewall itself.
This patch makes three changes:
(1) moves the conntrack module into the conntrack package (but not any of the conntrack_* helpers).
(2) fixes a bug where the wrong table is used when the "dest_ip" field is absent.
(3) accepts incoming connections on the destination port on the input_ZONE table, but only for DNATted
connections.
In the above example,
ssh -p 22 root@myrouter
would fail from the outside, but:
ssh -p 22001 root@myrouter
would succeed. This is handy if:
(1) you want to avoid ssh probes on your router, or
(2) you want to redirect incoming connections on port 22 to some machine inside your firewall, but
still want to allow firewall access from outside.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
SVN-Revision: 26617
Currently the device id in the platform driver is hardcoded to an
id which is specific to AR9130/AR9132 SOCs as it supports only wmac
(wireless mac) of these SOCs. But this needs to be dynamic when we
want to support different wmac of SOCs. So add id_table to driver to
make it extendable to more SOCs.
Signed-off-by: Vasanthakumar Thiagarajan <vasanth@atheros.com>
SVN-Revision: 26604
* Some module should be loaded later to load them after the modules they are depending on
* add some more missing config symbols
* make CS5535 build again
SVN-Revision: 26570
Add a bundle for including commonly useful modules for IPtables debugging and development.
For now, it just contains xt_TRACE.ko
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
SVN-Revision: 26567
If your ISP is pushing their own DSL equipment (which many do to contain support costs), they won't be
forthcoming with your various settings: encapsulation, VPI/VCI, etc.
These you might have to discover yourself. The easiest way to do this is with atmdiag and atmdump.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
SVN-Revision: 26542
This adds the Intel wireless drivers for their normal cards.
Thank you framer99 for the patch, I extended it a little bit.
This closes#7227
SVN-Revision: 26534
This enables support for Realtek 8169 based network cards for other
platforms than x86. I have a mini-PCI card on ixp4xxx running here.
Maybe for the other cards in netdevices.mk a @DEPENDS change from
@TARGET_x86 to @PCI_SUPPORT makes also sense.
Signed-off-by: Christoph König <christoph.koenig@ikt.uni-hannover.de>
SVN-Revision: 26529
Since r26296 mppe.ko could not be loaded, kernel gives "device missing" error.
According to KConfig cypther-ecb is required.
Signed-off-by: Sven Roederer <mailinglists.sven_at_roederer.dhs.org>
SVN-Revision: 26507
Hi
minrate and maxrate are acually not boolean, so, for example
"config minrate 11000" in /etc/config/wireless has no effect.
Signed-off by: Jan Hetges <tran@ms20.net>
SVN-Revision: 26504
/etc/functions.sh:pi_include() checks if the argument exists and prints
a warning if not. To prevent this warning if package block-mount is installed
but not package e2fsprogs, the script should check if this directory exists
before calling pi_include()
A wrong patch to suppress this warning was previously posted
with subject:
[PATCH] Fix typo in name of to be included file
Signed-off-by: Mark Vels <mark.vels@team-embedded.nl>
SVN-Revision: 26503
The script tests for the existance of /dev/root with test -e which fails if
/dev/root is a dangling symlink making the call to ln fail.
Signed-off-by: Justus Winter <4winter@informatik.uni-hamburg.de>
SVN-Revision: 26483
This patch adds WLAN LED support to the mac80211 driver for Ralink
rt2x00/rt2800 (rt305x) SoC devices. The current driver in
kmod-rt2800-lib is based upon PCI, not SoC. The WLAN LED drivers in
rt2800lib.c set the LED brightness via an MCU request, but do nothing
for SoC. This patch checks for SoC and sets the register to enable the
WLAN LED (instead of an MCU request). This fixes the WLAN LED for
RT305x devices (such as the HW550-3G).
Signed-off-by: Layne Edwards <ledwards76@gmail.com>
SVN-Revision: 26463
Changed:
- Support added for mISDN card driver for Cologne AG's HFC pci cards (single port)
- Title texts and help texts for some other isdn drivers adjusted for clarification
Signed-off by: Arnold Schulz <arnysch@gmx.net>
SVN-Revision: 26452
Netfilter LED target triggers blinkenlichten when a network packet hits
a rule.
LED target requires iptables 1.4.9 or higher
Signed-off-by: Łukasz Stelmach <stlman@poczta.fm>
SVN-Revision: 26451
So far, we are setting the bridge interface up before having added any
bridge interface ports. This results in the bridge assigning a random
mac address to its bridge interface and therefore IPv6 assigning a
matching link local address to the bridge interface as soon as the
bridge interface is up. After adding the first bridge port interface,
the bridge's mac address is reset correctly, however the IPv6 link
local address stays the same.
This commit ensures that we are at least having the IPv6 link local
address of the first interface added to the bridge instead of a random
one.
Signed-off-by: Linus Lüssing <linus.luessing@web.de>
SVN-Revision: 26426
disabling support for keyboard-interactive authentication. The default
sshd configuration on Mac OS X only permits keyboard-interactive and
public-key authentication, so unless a public key is set up, the default
OpenWrt ssh client is now unable to connect to Mac OS X hosts. This patch
re-enables keyboard-interactive authentication.
In my tests, this increases the size of the stripped dropbear executable
by 416 bytes on mips and 1,104 bytes on mipsel. In my opinion, such a
small space savings isn't worthwhile when the resultant executable is
severely hamstrung.
Signed-off-by: Mark Mentovai <mark@moxienet.com>
SVN-Revision: 26390