MACsec/IEEE 802.1AE is useful to secure communication to and
from endpoints at Layer 2.
Starting with 4.6, the linux kernel provides a universal
macsec driver for authentication and encryption of traffic
in a LAN, typically with GCM-AES-128, and optional replay
protection.
http://standards.ieee.org/getieee802/download/802.1AE-2006.pdf
Note:
LEDE can utilize MACsec with a static connectivity association
key (static PSK) with the ip-full package installed.
<http://man7.org/linux/man-pages/man8/ip-macsec.8.html>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Remove CONFIG_VLAN_8021Q overrides for two targets
These features are built into the kernel image for all targets
Signed-off-by: Felix Fietkau <nbd@nbd.name>
HTB and TBF are the basic traffic shapers used by sqm-scripts. Moving
these into kmod-sched-core enables sqm-scripts to downgrade its
dependency from kmod-sched to kmod-sched-core, potentially making it
useful on devices with smaller flash sizes.
This adds around 30k to the size of kmod-sched-core (20k for sch_htb.ko
and 10k for sch_tbf.ko).
Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
The ESP algorithms in CBC mode require echainiv, so have kmod-ipsec
depend on kmod-crypto-echainiv.
See upstream commit 32b6170ca59ccf07d0e394561e54b2cd9726038c.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Without any in-tree users enabled the Kernel's build process doesn't
actually build those modules. Enable some potential in-tree users
during Kernel build, so out-of-tree modules can depend on them.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
9pfs is used by kvm to share files between host and guest,
add proper config option to enable it.
Signed-off-by: Matteo Croce <matteo.croce@canonical.com>
This adds support for MPLS protocol including usage of lightweight tunnels.
Kernel size of vmlinuz.bin grows by ~8k.
Signed-off-by: André Valentin <avalentin@marcant.net>
SVN-Revision: 48710
This pulls in CONFIG_KEYS, which bloats up the kernel size and is thus
very undesirable. It also currently exposes the kernel to a local root
vulnerability
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 48364
Revision 46834 changed IPv6 support from a module to builtin. But
since the configuration of the IPv6 kernel options was left in
package/kernel/linux/modules/netsupport.mk, this means that an
empty kmod-ipv6 module was still being generated (not packaged).
This patch moves the configuration of the IPv6 kernel options to
config/Config-kernel.in to remove this last bit of the module.
Note that CONFIG_IPV6_PRIVACY was dropped (enabled by default
since Linux v3.13), so this option is no longer needed.
See 5d9efa7ee9
Signed-off-by: Arjen de Korte <arjen+openwrt@de-korte.org>
SVN-Revision: 48132
Spotted a missing 'ip6_udp_tunnel.ko' build failure during a local
build with all kmods enabled but globally disabled IPv6 support.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 47487
Everything except for blkcipher was already built-in, so make blkcipher
built-in as well.
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 46820
These are two new packet schedulers introduced in Linux 3.12 and 3.14
respectively. sch_fq is a perfect fairness queueing scheduler that also
adds pacing on host TCP flows, and sch_pie is an AQM.
Having them available in kmod-sched makes it easier for people to test
these new queueing schemes.
Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
SVN-Revision: 45885
Before r45593 kmod-l2tp-ip did not depend on kmod-ipv6.
With r45593 support for L2TP IPv6 encapsulation was added and
included in the kmod-l2tp-ip package. This change also
added the dependency to kmod-ipv6 to kmod-l2tp-ip, regardless
of whether the user chose to generally include IPv6 support
or not.
Change this so L2TP over IPv6 and the resulting dependency
to kmod-ipv6 is only included in kmod-l2tp-ip if IPv6 support
is enabled.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
SVN-Revision: 45612
from upstream
commit title: "[IPV4]: The scheduled removal of multipath cached routing support."
removed in Kernel 2.6.23 (2007)
Reasons: very buggy, no maintainer, no fixes
Signed-off-by: Dirk Neukirchen <dirkneukirchen@web.de>
SVN-Revision: 45121
HAMRADIO enabled in all generic configs, but no one platform directly
use related drivers/protocols. This symbol is only used for kmod-ax25
package modules. Furthermore, half of platforms explicitly disables
this symbol, what silently disables build of modules for kmod-ax25
package.
So disable HAMRADIO by-default in generic config, add it to kmod-ax25
package and remove it from platform specific configs.
Signed-off-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
SVN-Revision: 44613
IP VTI (Virtual Tunnel Interface) is used to create a virtual device
for IPsec VPN (similar to OpenVPN).
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
SVN-Revision: 44606
More recent kernel versions (>= 3.12) support native VXLAN
support.
The Open VSwitch kernel module tries to build using native VXLAN
support if it detects a kernel version >=3.12.
The build works fine, but during startup the OVS kernel module
does not load.
dmesg output is something like this:
[ 1201.262842] openvswitch: Unknown symbol vxlan_sock_release
[ 1201.262949] openvswitch: Unknown symbol vxlan_xmit_skb
[ 1201.263161] openvswitch: Unknown symbol vxlan_sock_add
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
SVN-Revision: 43126
When CONFIG_LLC gets build as a module, also p8022.ko and psnap.ko are
getting build as a module. kmod-appletalk depends on llc.ko and
psnap.ko, but at least psnap.ko,was not packed. On most systems
CONFIG_LLC will be build into the kernel so this problem does not show
up.
This fixes the missing dependency of kmod-appletalk on psnap.ko
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
SVN-Revision: 37673
