kmod-crypto-ipsec bundles some otherwise unprovided kernel crypto
modules that are useful for IPSEC. This is an alternative to breaking
these modules out into kmod-crypto-wq (crypto_wq.ko), kmod-crypto-rng
(rng.ko and krng.ko), and kmod-crypto-iv (eseqiv.ko and chainiv.ko).
Signed-off-by: Lars Hjersted <lars@hjersted.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26814 3c298f89-4303-0410-b956-a3cf2f4a3e73
Add kmod-crypto-iv as a dependency for kmod-ipsec. Also remove the
extraneous kmod-crypto-core dependency to eliminate recursion.
Signed-off-by: Lars Hjersted <lars@hjersted.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26813 3c298f89-4303-0410-b956-a3cf2f4a3e73
This patch adds kmod-crypto-wq, kmod-crypto-rng, and kmod-crypto-iv
packages. These packages provide some missing kernel crypto modules
which are required for IPSEC. The strongswan4, ipsec-tools, and possibly
other IPSEC packages do not work properly without these modules.
NOTE: The KCONFIG associated with each of these modules gets selected
whenever CRYPTO_MANAGER (kmod-crypto-manager) is selected so these
modules are already being built.
Signed-off-by: Lars Hjersted <lars@hjersted.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26812 3c298f89-4303-0410-b956-a3cf2f4a3e73
Two examples of potentially useful configurations (commented out, of course):
(a) map the ssh service running on the firewall to 22001 externally, without modifying the configuration of the daemon itself. this allows port 22 on the WAN side to then be port-forwarded to a
LAN-based machine if desired, or if not, simply obscures the port from external attack.
(b) allow IPsec/ESP and ISAKMP (UDP-based key exchange) to happen by default. useful for most modern VPN clients you might have on your WAN.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26805 3c298f89-4303-0410-b956-a3cf2f4a3e73
If there is no sprom on an ssb based pci device on the brcm47xx
architecture ssb now asks the architecture code to look into the nvram
to get some sprom data for this device. Now we are able to read out
pci/1/1/ foo or pci/1/3/ foo config options.
This will fix some problems where the wireless devices does not got an
mac address and the following message was show:
ssb: WARNING: Invalid SPROM CRC (corrupt SPROM)
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26801 3c298f89-4303-0410-b956-a3cf2f4a3e73
Fix compilation for 2.6.39 by replacing SPIN_LOCK_UNLOCKED with
DEFINE_SPINLOCK().
Signed-off-by: Jonas Gorski <jonas.gorski+openwrt@gmail.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26771 3c298f89-4303-0410-b956-a3cf2f4a3e73
Allow enabling of N-PHY support for BCM4321 and BCM4322.
Signed-off-by: Jonas Gorski <jonas.gorski+openwrt@gmail.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26736 3c298f89-4303-0410-b956-a3cf2f4a3e73
Allow reenabling the PIO mode fallback for b43.
Signed-off-by: Jonas Gorski <jonas.gorski+openwrt@gmail.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26735 3c298f89-4303-0410-b956-a3cf2f4a3e73
Allow enabling debug output and debugfs for B43.
Signed-off-by: Jonas Gorski <jonas.gorski+openwrt@gmail.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26734 3c298f89-4303-0410-b956-a3cf2f4a3e73
Add the 5.10.56.27 firmware option. This includes updating b43-fwcutter to
its newest release 14 and updating the b43-fwsquash.py to recognise rev 16
n phy files.
Also rename the current options from STABLE/EXPERIMENTAL to their version
numbers.
Signed-off-by: Jonas Gorski <jonas.gorski+openwrt@gmail.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26733 3c298f89-4303-0410-b956-a3cf2f4a3e73
For kernel versions newer then 2.6.31 the ext4 module can be used to mount
ext2/3 filesystems.
Building ext2/3 as modules on the other hand breaks using ext4 for mounting ext2
or ext3, which breaks booting from ext2/3 on machines where the ext4 module is
built into the kernel.
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26645 3c298f89-4303-0410-b956-a3cf2f4a3e73
btrfs needs zlib_deflate, which was built but not included
Signed-off-by: Bastian Bittorf <bittorf@bluebottle.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26632 3c298f89-4303-0410-b956-a3cf2f4a3e73
when using an external toolchain the base-files package copies libc, libgcc and
others from the library directory.
The file list is given as following in the .config:
CONFIG_LIBC_FILE_SPEC="./lib/ld{-*.so,-linux*.so.*} ./lib/lib{anl,c,cidn,crypt,dl,m,nsl,nss_dns,nss_files,resolv,util}{-*.so,.so.*}"
Because the filenames are composed with different endings, not all files exist
and will be skipped. Currently, this works only if the last composed file
(util.so.*) really exists. At the moment this works - but only if you don't add
a new file like 'uClibc'.
Adding it at the end '...resolv,util,uClibc}{-*.so,.so.*}' will lead to this
message, because the combination 'libuClibc.so.*' doesn't exist and Make will
evaluate the last copy statement of the for loop.
--- Message Snippet ---
cp: cannot stat `/home/user/Desktop/code/meetwise/toolchain/staging_dir/toolchain-arm_v5te_gcc-linaro_uClibc-0.9.32_eabi/./lib/libnss_files.so.*': No such file or directory
cp: cannot stat `/home/user/Desktop/code/meetwise/toolchain/staging_dir/toolchain-arm_v5te_gcc-linaro_uClibc-0.9.32_eabi/./lib/libresolv-*.so': No such file or directory
cp: cannot stat `/home/user/Desktop/code/meetwise/toolchain/staging_dir/toolchain-arm_v5te_gcc-linaro_uClibc-0.9.32_eabi/./lib/libresolv.so.*': No such file or directory
cp: cannot stat `/home/user/Desktop/code/meetwise/toolchain/staging_dir/toolchain-arm_v5te_gcc-linaro_uClibc-0.9.32_eabi/./lib/libuClibc.so.*': No such file or directory
make[2]: *** [/home/user/Desktop/code/meetwise/openwrt/bin/at91/packages/libc_-68_at91.ipk] Error 1
make[2]: Leaving directory `/home/user/Desktop/code/meetwise/openwrt/package/base-files'
make[1]: *** [package/base-files/compile] Error 2
make[1]: Leaving directory `/home/user/Desktop/code/meetwise/openwrt'
make: *** [package/base-files/compile] Error 2
--- /Message Snippet/ ---
To fix this unwanted behaviour I added an extra 'exit 0' to each for-loop and
make ignores non-existing files as before.
Signed-off-by: Sven Bachmann <dev@mcbachmann.de>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26623 3c298f89-4303-0410-b956-a3cf2f4a3e73
SFQ with external classifiers method. It also corrects a bug in the
unsupported ESFQ method already used by qos-scripts. (ESFQ:
http://fatooh.org/esfq-2.6/ only updated to 2.6.24, it was switched to
an SFQ patch after that and not updated since 2008)
A class can be forced to use SFQ, and an external classifier added like
this:
config class "Normal"
option avgrate 10
option priority 30
option packetdelay 100
option limitrate 94
# option qdisc "sfq perturb 2"
config class "Normal_up"
# option filter "protocol all flow hash keys src divisor 1024"
config class "Normal_down"
# option filter "protocol all flow hash keys dst divisor 1024"
Using these options, the user needs to load cls_flow before qos-scripts
starts.
I've got more information here:
http://oneitguy.com/blogs/netprince/fair-traffic-sharing-esfq-broken-switching-sfqexternal-classifiers
This has been tested on r23914.
Signed-off-by: Ben Pfountz <netprince<>vt_edu>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26622 3c298f89-4303-0410-b956-a3cf2f4a3e73
Allow a redirect like:
config redirect
option src 'wan'
option dest 'lan'
option src_dport '22001'
option dest_port '22'
option proto 'tcp'
note the absence of the "dest_ip" field, meaning to terminate the connection on the firewall itself.
This patch makes three changes:
(1) moves the conntrack module into the conntrack package (but not any of the conntrack_* helpers).
(2) fixes a bug where the wrong table is used when the "dest_ip" field is absent.
(3) accepts incoming connections on the destination port on the input_ZONE table, but only for DNATted
connections.
In the above example,
ssh -p 22 root@myrouter
would fail from the outside, but:
ssh -p 22001 root@myrouter
would succeed. This is handy if:
(1) you want to avoid ssh probes on your router, or
(2) you want to redirect incoming connections on port 22 to some machine inside your firewall, but
still want to allow firewall access from outside.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26617 3c298f89-4303-0410-b956-a3cf2f4a3e73
Currently the device id in the platform driver is hardcoded to an
id which is specific to AR9130/AR9132 SOCs as it supports only wmac
(wireless mac) of these SOCs. But this needs to be dynamic when we
want to support different wmac of SOCs. So add id_table to driver to
make it extendable to more SOCs.
Signed-off-by: Vasanthakumar Thiagarajan <vasanth@atheros.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26604 3c298f89-4303-0410-b956-a3cf2f4a3e73
* Some module should be loaded later to load them after the modules they are depending on
* add some more missing config symbols
* make CS5535 build again
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26570 3c298f89-4303-0410-b956-a3cf2f4a3e73
Add a bundle for including commonly useful modules for IPtables debugging and development.
For now, it just contains xt_TRACE.ko
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26567 3c298f89-4303-0410-b956-a3cf2f4a3e73
If your ISP is pushing their own DSL equipment (which many do to contain support costs), they won't be
forthcoming with your various settings: encapsulation, VPI/VCI, etc.
These you might have to discover yourself. The easiest way to do this is with atmdiag and atmdump.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26542 3c298f89-4303-0410-b956-a3cf2f4a3e73
This adds the Intel wireless drivers for their normal cards.
Thank you framer99 for the patch, I extended it a little bit.
This closes#7227
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26534 3c298f89-4303-0410-b956-a3cf2f4a3e73
This enables support for Realtek 8169 based network cards for other
platforms than x86. I have a mini-PCI card on ixp4xxx running here.
Maybe for the other cards in netdevices.mk a @DEPENDS change from
@TARGET_x86 to @PCI_SUPPORT makes also sense.
Signed-off-by: Christoph König <christoph.koenig@ikt.uni-hannover.de>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26529 3c298f89-4303-0410-b956-a3cf2f4a3e73
Since r26296 mppe.ko could not be loaded, kernel gives "device missing" error.
According to KConfig cypther-ecb is required.
Signed-off-by: Sven Roederer <mailinglists.sven_at_roederer.dhs.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26507 3c298f89-4303-0410-b956-a3cf2f4a3e73