NOTE: The KCONFIG associated with each of these modules gets selected
whenever CRYPTO_MANAGER (kmod-crypto-manager) is selected so these
modules are already being built.
Signed-off-by: Lars Hjersted <lars@hjersted.com>
SVN-Revision: 26812
(a) map the ssh service running on the firewall to 22001 externally, without modifying the configuration of the daemon itself. this allows port 22 on the WAN side to then be port-forwarded to a
LAN-based machine if desired, or if not, simply obscures the port from external attack.
(b) allow IPsec/ESP and ISAKMP (UDP-based key exchange) to happen by default. useful for most modern VPN clients you might have on your WAN.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
SVN-Revision: 26805
If there is no sprom on an ssb based pci device on the brcm47xx
architecture ssb now asks the architecture code to look into the nvram
to get some sprom data for this device. Now we are able to read out
pci/1/1/ foo or pci/1/3/ foo config options.
This will fix some problems where the wireless devices does not got an
mac address and the following message was show:
ssb: WARNING: Invalid SPROM CRC (corrupt SPROM)
SVN-Revision: 26801
Fix compilation for 2.6.39 by replacing SPIN_LOCK_UNLOCKED with
DEFINE_SPINLOCK().
Signed-off-by: Jonas Gorski <jonas.gorski+openwrt@gmail.com>
SVN-Revision: 26771
Add the 5.10.56.27 firmware option. This includes updating b43-fwcutter to
its newest release 14 and updating the b43-fwsquash.py to recognise rev 16
n phy files.
Also rename the current options from STABLE/EXPERIMENTAL to their version
numbers.
Signed-off-by: Jonas Gorski <jonas.gorski+openwrt@gmail.com>
SVN-Revision: 26733
For kernel versions newer then 2.6.31 the ext4 module can be used to mount
ext2/3 filesystems.
Building ext2/3 as modules on the other hand breaks using ext4 for mounting ext2
or ext3, which breaks booting from ext2/3 on machines where the ext4 module is
built into the kernel.
SVN-Revision: 26645
The file list is given as following in the .config:
CONFIG_LIBC_FILE_SPEC="./lib/ld{-*.so,-linux*.so.*} ./lib/lib{anl,c,cidn,crypt,dl,m,nsl,nss_dns,nss_files,resolv,util}{-*.so,.so.*}"
Because the filenames are composed with different endings, not all files exist
and will be skipped. Currently, this works only if the last composed file
(util.so.*) really exists. At the moment this works - but only if you don't add
a new file like 'uClibc'.
Adding it at the end '...resolv,util,uClibc}{-*.so,.so.*}' will lead to this
message, because the combination 'libuClibc.so.*' doesn't exist and Make will
evaluate the last copy statement of the for loop.
A class can be forced to use SFQ, and an external classifier added like
this:
config class "Normal"
option avgrate 10
option priority 30
option packetdelay 100
option limitrate 94
# option qdisc "sfq perturb 2"
config class "Normal_up"
# option filter "protocol all flow hash keys src divisor 1024"
config class "Normal_down"
# option filter "protocol all flow hash keys dst divisor 1024"
Using these options, the user needs to load cls_flow before qos-scripts
starts.
I've got more information here:
http://oneitguy.com/blogs/netprince/fair-traffic-sharing-esfq-broken-switching-sfqexternal-classifiers
This has been tested on r23914.
Signed-off-by: Ben Pfountz <netprince<>vt_edu>
SVN-Revision: 26622
Allow a redirect like:
config redirect
option src 'wan'
option dest 'lan'
option src_dport '22001'
option dest_port '22'
option proto 'tcp'
note the absence of the "dest_ip" field, meaning to terminate the connection on the firewall itself.
This patch makes three changes:
(1) moves the conntrack module into the conntrack package (but not any of the conntrack_* helpers).
(2) fixes a bug where the wrong table is used when the "dest_ip" field is absent.
(3) accepts incoming connections on the destination port on the input_ZONE table, but only for DNATted
connections.
In the above example,
ssh -p 22 root@myrouter
would fail from the outside, but:
ssh -p 22001 root@myrouter
would succeed. This is handy if:
(1) you want to avoid ssh probes on your router, or
(2) you want to redirect incoming connections on port 22 to some machine inside your firewall, but
still want to allow firewall access from outside.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
SVN-Revision: 26617
Currently the device id in the platform driver is hardcoded to an
id which is specific to AR9130/AR9132 SOCs as it supports only wmac
(wireless mac) of these SOCs. But this needs to be dynamic when we
want to support different wmac of SOCs. So add id_table to driver to
make it extendable to more SOCs.
Signed-off-by: Vasanthakumar Thiagarajan <vasanth@atheros.com>
SVN-Revision: 26604
* Some module should be loaded later to load them after the modules they are depending on
* add some more missing config symbols
* make CS5535 build again
SVN-Revision: 26570
Add a bundle for including commonly useful modules for IPtables debugging and development.
For now, it just contains xt_TRACE.ko
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
SVN-Revision: 26567
If your ISP is pushing their own DSL equipment (which many do to contain support costs), they won't be
forthcoming with your various settings: encapsulation, VPI/VCI, etc.
These you might have to discover yourself. The easiest way to do this is with atmdiag and atmdump.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
SVN-Revision: 26542
Jo-Philipp Wich
Gabor Juhos
Felix Fietkau
Hauke Mehrtens
Florian Fainelli
Lars-Peter Clausen
Alexandros C. Couloumbis
Vasilis Tsiligiannis
Hamish Guthrie