Commit Graph

5359 Commits

Author SHA1 Message Date
Jo-Philipp Wich
a9977eca91 firewall: allow local redirection of ports
Allow a redirect like:

config redirect
        option src 'wan'
        option dest 'lan'
        option src_dport '22001'
        option dest_port '22'
        option proto 'tcp'

note the absence of the "dest_ip" field, meaning to terminate the connection on the firewall itself.

This patch makes three changes:

(1) moves the conntrack module into the conntrack package (but not any of the conntrack_* helpers).
(2) fixes a bug where the wrong table is used when the "dest_ip" field is absent.
(3) accepts incoming connections on the destination port on the input_ZONE table, but only for DNATted
    connections.

In the above example,

ssh -p 22 root@myrouter

would fail from the outside, but:

ssh -p 22001 root@myrouter

would succeed.  This is handy if:

(1) you want to avoid ssh probes on your router, or
(2) you want to redirect incoming connections on port 22 to some machine inside your firewall, but
    still want to allow firewall access from outside.

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>

SVN-Revision: 26617
2011-04-12 20:03:59 +00:00
Felix Fietkau
512bb389ee pppd: support the nomp option if multilink support is disabled
SVN-Revision: 26614
2011-04-12 18:29:28 +00:00
Felix Fietkau
768877966d hostapd: properly mark random data as ready if initialization succeeds without reassociation (#9222)
SVN-Revision: 26611
2011-04-12 17:30:16 +00:00
Felix Fietkau
966dee23c3 mac80211: fix WPA auth on WDS station interfaces (#9227)
SVN-Revision: 26609
2011-04-12 17:17:56 +00:00
Hamish Guthrie
6f497711cf Modify environment variables for altered filesystem layout
SVN-Revision: 26608
2011-04-12 14:24:20 +00:00
Gabor Juhos
5ffdddc75e mac80211: ath9k: register id table for platform device
Currently the device id in the platform driver is hardcoded to an
id which is specific to AR9130/AR9132 SOCs as it supports only wmac
(wireless mac) of these SOCs. But this needs to be dynamic when we
want to support different wmac of SOCs. So add id_table to driver to
make it extendable to more SOCs.

Signed-off-by: Vasanthakumar Thiagarajan <vasanth@atheros.com>

SVN-Revision: 26604
2011-04-12 09:29:23 +00:00
Gabor Juhos
98d3aa13f4 package/kernel: add module for the gpio_keys_polled driver
SVN-Revision: 26602
2011-04-12 09:29:14 +00:00
Jo-Philipp Wich
37f7e8afdc opkg: update to r618
SVN-Revision: 26598
2011-04-11 22:08:43 +00:00
Felix Fietkau
93da23803b ath5k: disable the unusable 2 GHz mode on the first radio of a dual-band AR5312 device
SVN-Revision: 26587
2011-04-11 03:26:08 +00:00
Felix Fietkau
092de86b0a ath5k: fix eeprom capability checks that disabled AES crypto support where it should have been enabled
SVN-Revision: 26586
2011-04-11 03:26:03 +00:00
Felix Fietkau
718f5aa78e ath5k: fix mac address detection on dual-radio ar5312
SVN-Revision: 26583
2011-04-10 21:12:05 +00:00
Felix Fietkau
8ab360f9b3 ath5k: fix 2ghz-only radio handling on ar5312
SVN-Revision: 26582
2011-04-10 21:12:00 +00:00
Felix Fietkau
702a2f8430 ath5k: decrease interrupt load for rx/tx interrupts
SVN-Revision: 26579
2011-04-10 16:23:39 +00:00
Felix Fietkau
cffea3eb4e ath5k: clean up debugfs code
SVN-Revision: 26578
2011-04-10 16:23:34 +00:00
Felix Fietkau
8978c04f2a ath5k: fix config options for debugfs
SVN-Revision: 26577
2011-04-10 16:23:28 +00:00
Hauke Mehrtens
077377a294 kernel: do not build gpiolib into the kernel
fix for r26570.

SVN-Revision: 26574
2011-04-10 10:28:30 +00:00
Hauke Mehrtens
1c64f756d4 mac80211: fix compile with older kernel versions
SVN-Revision: 26573
2011-04-09 23:51:30 +00:00
Hauke Mehrtens
76cce7c90e acx-mac80211 needs some header files from compat-wireless to build
SVN-Revision: 26572
2011-04-09 23:44:03 +00:00
Hauke Mehrtens
2ce13f05cb kernel: add symbols, small fixes
* Some module should be loaded later to load them after the modules they are depending on
* add some more missing config symbols
* make CS5535 build again

SVN-Revision: 26570
2011-04-09 23:34:20 +00:00
Hauke Mehrtens
3b659a2519 crypto: The if statement for twofish did not work, deflate depends on zlib_deflate
SVN-Revision: 26569
2011-04-09 23:30:09 +00:00
Hauke Mehrtens
be08c96f01 sound: do not pack ac97_bus.ko and snd-ac97-codec.ko into two packages.
SVN-Revision: 26568
2011-04-09 23:26:00 +00:00
Hauke Mehrtens
24c1caef5f iipt-debug: create bundle of netfilter modules for debugging
Add a bundle for including commonly useful modules for IPtables debugging and development.

For now, it just contains xt_TRACE.ko

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>

SVN-Revision: 26567
2011-04-09 23:23:46 +00:00
Felix Fietkau
8ee695885a ath5k: add some more performance improvements
SVN-Revision: 26566
2011-04-09 22:56:51 +00:00
Felix Fietkau
3df1de1b80 ath5k: rename a misnamed patch
SVN-Revision: 26565
2011-04-09 22:56:47 +00:00
Felix Fietkau
f9be6569c8 ath5k: add a few fixes that improve performance
SVN-Revision: 26564
2011-04-09 21:11:06 +00:00
Felix Fietkau
3ce630447a ath5k: fix tx status reporting
SVN-Revision: 26563
2011-04-09 19:21:26 +00:00
Hauke Mehrtens
0a637d604b kernel: add scsi cdrom support
This closes #9125.

SVN-Revision: 26548
2011-04-09 15:59:03 +00:00
Felix Fietkau
8371085c8b ath9k: properly count retries when frames are filtered due to excessive retries when a client is not in powersave mode
SVN-Revision: 26545
2011-04-09 15:22:01 +00:00
Felix Fietkau
ad6cb6294e mac80211: fix reading the station flags in debugfs
SVN-Revision: 26544
2011-04-09 15:21:57 +00:00
Hauke Mehrtens
cdd51194ca linux-atm: package atm-diagnostics with atmdump, atmdiag, etc.
If your ISP is pushing their own DSL equipment (which many do to contain support costs), they won't be
forthcoming with your various settings: encapsulation, VPI/VCI, etc.

These you might have to discover yourself.  The easiest way to do this is with atmdiag and atmdump.

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>

SVN-Revision: 26542
2011-04-09 13:05:48 +00:00
Felix Fietkau
df49468a51 kernel: include firmware in the e100 package
SVN-Revision: 26539
2011-04-08 21:53:38 +00:00
Hauke Mehrtens
b62cc9ae9b brcm47xx: add Netgear WNR834BV1
Thank you realopty for the patch.

This closes #7702

SVN-Revision: 26537
2011-04-08 19:22:09 +00:00
Hauke Mehrtens
cbab3e4c9b mac80211: add Intel wireless drivers.
This adds the Intel wireless drivers for their normal cards.

Thank you framer99 for the patch, I extended it a little bit.

This closes #7227

SVN-Revision: 26534
2011-04-08 16:17:21 +00:00
Felix Fietkau
5505e8f61e ath9k: improve the rx dma stop fix, add more debugging output in case the issue still occurs
SVN-Revision: 26532
2011-04-08 12:18:43 +00:00
Felix Fietkau
070c2ba1f4 mac80211: fix support for iftype wds
SVN-Revision: 26531
2011-04-08 01:04:44 +00:00
Vasilis Tsiligiannis
6fab820124 kernel/modules: Enable Realtek R8169 not only for x86
This enables support for Realtek 8169 based network cards for other
platforms than x86. I have a mini-PCI card on ixp4xxx running here.
Maybe for the other cards in netdevices.mk a @DEPENDS change from
@TARGET_x86 to @PCI_SUPPORT makes also sense.

Signed-off-by: Christoph König <christoph.koenig@ikt.uni-hannover.de>

SVN-Revision: 26529
2011-04-07 23:31:56 +00:00
Felix Fietkau
40d6cd6c16 kernel: enable MPPE again, got broken in r26296
Since r26296 mppe.ko could not be loaded, kernel gives "device missing" error.
According to KConfig cypther-ecb is required.

Signed-off-by: Sven Roederer <mailinglists.sven_at_roederer.dhs.org>

SVN-Revision: 26507
2011-04-07 19:06:34 +00:00
Felix Fietkau
34643f24ed mac80211: update to wireless-testing 2011-04-06
adds some more pending patches which (among other things) fix the 'failed to stop RX DMA' messages

SVN-Revision: 26506
2011-04-07 18:42:22 +00:00
Daniel Dickinson
abf0b4b9a2 block-mount: Reverting 26503. Was already fixed in a better way in commit 26474.
SVN-Revision: 26505
2011-04-07 01:00:14 +00:00
Vasilis Tsiligiannis
98da9c9066 madwifi: typo(s) in /lib/wifi/madwifi.sh
Hi
minrate and maxrate are acually not boolean, so, for example
"config minrate 11000" in /etc/config/wireless has no effect.

Signed-off by: Jan Hetges <tran@ms20.net>

SVN-Revision: 26504
2011-04-06 20:50:14 +00:00
Vasilis Tsiligiannis
5f6a87f6c4 block-mount: fsck.sh should only call pi_include() if dir /lib/functions/fsck exists.
/etc/functions.sh:pi_include() checks if the argument exists and prints
a warning if not. To prevent this warning if package block-mount is installed
but not package e2fsprogs, the script should check if this directory exists
before calling pi_include()

A wrong patch to suppress this warning was previously posted
with subject:
	[PATCH] Fix typo in name of to be included file

Signed-off-by: Mark Vels <mark.vels@team-embedded.nl>

SVN-Revision: 26503
2011-04-06 20:50:06 +00:00
Felix Fietkau
a4e59b89b8 ath9k: fall back to the default noise floor if the calibrated one is not available, fixes signal strength display in initial scan
SVN-Revision: 26494
2011-04-05 19:04:05 +00:00
Felix Fietkau
6ed952272e busybox: get rid of the useless extra menu
SVN-Revision: 26493
2011-04-05 19:04:02 +00:00
Felix Fietkau
7fba202f97 librpc: use MDEPENDS instead of DEPENDS for @USE_UCLIBC to fix recursive busybox dependencies
SVN-Revision: 26492
2011-04-05 19:03:55 +00:00
Vasilis Tsiligiannis
980190367c base-files: Use -h instead of deprecated -L for symlink check
SVN-Revision: 26485
2011-04-05 15:09:43 +00:00
Vasilis Tsiligiannis
3549fb214f madwifi: Always escape SSID parameter
SVN-Revision: 26484
2011-04-05 15:09:38 +00:00
Vasilis Tsiligiannis
48465d3d63 base-files: fix minor problem in init.d/boot
The script tests for the existance of /dev/root with test -e which fails if
/dev/root is a dangling symlink making the call to ln fail.

Signed-off-by: Justus Winter <4winter@informatik.uni-hamburg.de>

SVN-Revision: 26483
2011-04-05 15:09:32 +00:00
Vasilis Tsiligiannis
9d54c7aaaf hostapd: add accounting configuration to hostapd uci script
Hello

This patch add accounting configuration in hostapd.sh
It also change "server, port, key" to "auth_server, auth_port, auth_secret" but keep backward compatibility
Please patch backfire & trunk

Thanks in advance.

Signed-off-by: Etienne CHAMPETIER <etienne.champetier@free.fr>

SVN-Revision: 26482
2011-04-05 15:09:26 +00:00
Daniel Dickinson
d5542b4f59 block-mount base-files: Added additional check to pi_include to ensure that a directory used with pi_include actually contains files matching the souring pattern because if not the shell dies due to an empty string in for statement. Added /lib/functions/fsck as an empty dir to block-mount. This combination fixes a warning which generates a lot of bug reports, without panicking the kernel like the last attempt.
SVN-Revision: 26479
2011-04-05 12:12:57 +00:00
Daniel Dickinson
b62e95c11b block-mount: Revert 26468: it causes a kernel panic due to pi_include failing due to the included directory being empty.
SVN-Revision: 26476
2011-04-05 03:19:10 +00:00