From e302acfd6f82823dd0486f27ec968646949fab94 Mon Sep 17 00:00:00 2001 From: Felix Fietkau Date: Sat, 8 Oct 2005 23:02:34 +0000 Subject: [PATCH] split iptables kernel modules, add usb acm module, add imq patch, update iptables to version 1.3.3 SVN-Revision: 2083 --- openwrt/package/iptables/Makefile | 4 +- openwrt/target/linux/Config.in | 84 +- openwrt/target/linux/control/kmod-imq.control | 6 + .../linux/control/kmod-ipt-conntrack.control | 6 + .../linux/control/kmod-ipt-extra.control | 6 + .../linux/control/kmod-ipt-filter.control | 6 + .../linux/control/kmod-ipt-ipopt.control | 6 + .../linux/control/kmod-ipt-ipsec.control | 6 + .../target/linux/control/kmod-ipt-nat.control | 6 + .../linux/control/kmod-nat-extra.control | 6 + .../target/linux/control/kmod-queue.control | 6 + .../target/linux/control/kmod-usb-acm.control | 4 +- openwrt/target/linux/image/brcm/Makefile | 18 +- openwrt/target/linux/linux-2.4/Makefile | 42 +- openwrt/target/linux/linux-2.4/config/brcm | 91 ++- .../patches/generic/113-netfilter_imq.diff | 748 ++++++++++++++++++ openwrt/target/linux/netfilter.mk | 50 ++ openwrt/target/linux/rules.mk | 8 +- 18 files changed, 1077 insertions(+), 26 deletions(-) create mode 100644 openwrt/target/linux/control/kmod-imq.control create mode 100644 openwrt/target/linux/control/kmod-ipt-conntrack.control create mode 100644 openwrt/target/linux/control/kmod-ipt-extra.control create mode 100644 openwrt/target/linux/control/kmod-ipt-filter.control create mode 100644 openwrt/target/linux/control/kmod-ipt-ipopt.control create mode 100644 openwrt/target/linux/control/kmod-ipt-ipsec.control create mode 100644 openwrt/target/linux/control/kmod-ipt-nat.control create mode 100644 openwrt/target/linux/control/kmod-nat-extra.control create mode 100644 openwrt/target/linux/control/kmod-queue.control create mode 100644 openwrt/target/linux/linux-2.4/patches/generic/113-netfilter_imq.diff create mode 100644 openwrt/target/linux/netfilter.mk diff --git a/openwrt/package/iptables/Makefile b/openwrt/package/iptables/Makefile index b9f7d552bf..968f597acb 100644 --- a/openwrt/package/iptables/Makefile +++ b/openwrt/package/iptables/Makefile @@ -4,9 +4,9 @@ include $(TOPDIR)/rules.mk include kernelconfig.mk PKG_NAME:=iptables -PKG_VERSION:=1.3.1 +PKG_VERSION:=1.3.3 PKG_RELEASE:=1 -PKG_MD5SUM:=c3358a3bd0d7755df0b64a5063db296b +PKG_MD5SUM:=86d88455520cfdc56fd7ae27897a80a4 PKG_SOURCE_URL:=http://www.netfilter.org/files \ ftp://ftp.be.netfilter.org/pub/netfilter/iptables/ \ diff --git a/openwrt/target/linux/Config.in b/openwrt/target/linux/Config.in index 8bf12b9fb6..e1edd8f0f2 100644 --- a/openwrt/target/linux/Config.in +++ b/openwrt/target/linux/Config.in @@ -48,23 +48,82 @@ config BR2_PACKAGE_KMOD_ARPT help Kernel modules for ARP firewalling -config BR2_PACKAGE_KMOD_EBT - tristate "Ethernet Bridge firewalling support" +# disabled because of severe performance issues +# config BR2_PACKAGE_KMOD_EBT +# tristate "Ethernet Bridge firewalling support" +# default m +# help +# Kernel modules for bridge firewalling + +config BR2_PACKAGE_KMOD_IPTABLES_V4_EXTRA + tristate "Extra modules for iptables" default m + select BR2_PACKAGE_KMOD_NAT_EXTRA + select BR2_PACKAGE_KMOD_QUEUE + select BR2_PACKAGE_KMOD_IPT_IPSEC + select BR2_PACKAGE_KMOD_IPT_IPOPT + select BR2_PACKAGE_KMOD_IPT_CONNTRACK + select BR2_PACKAGE_KMOD_IPT_FILTER + select BR2_PACKAGE_KMOD_IPT_NAT + select BR2_PACKAGE_KMOD_IPT_EXTRA help - Kernel modules for bridge firewalling + Extra kernel modules for IPv4 firewalling (metapackage) -config BR2_PACKAGE_KMOD_IPTABLES_V4 - tristate "Basic set of kernel modules for iptables" - default y +config BR2_PACKAGE_KMOD_NAT_EXTRA + tristate "Extra NAT modules for iptables" + default m help - Kernel modules for IPv4 firewalling + Extra NAT kernel modules for special protocols -config BR2_PACKAGE_KMOD_IPTABLES_V4_EXTRA - tristate "Extra modules for iptables" +config BR2_PACKAGE_KMOD_QUEUE + tristate "iptables module for user-space queueing" + default m + help + iptables module for user-space queueing + +config BR2_PACKAGE_KMOD_IPT_IPSEC + tristate "Extra iptables modules for matching IPSec" + default m + help + Extra iptables modules for matching special IPSec packets + +config BR2_PACKAGE_KMOD_IPT_IPOPT + tristate "Extra iptables modules for matching IP packet options" + default m + help + Extra iptables modules for matching IP packet options + +config BR2_PACKAGE_KMOD_IPT_CONNTRACK + tristate "Extra iptables modules for conntrack matching" default m help - Extra kernel modules for IPv4 firewalling + Extra iptables modules for matching conntrack states/options + +config BR2_PACKAGE_KMOD_IPT_FILTER + tristate "Extra iptables modules for content filtering" + default m + help + Extra iptables modules for filtering the contents of packets + Includes: ipp2p, layer7 + +config BR2_PACKAGE_KMOD_IPT_NAT + tristate "Extra iptables modules for NAT" + default m + help + Extra iptables modules for different NAT targets + (MIRROR, REDIRECT) + +config BR2_PACKAGE_KMOD_IPT_EXTRA + tristate "Other extra iptables modules" + default m + help + recent and owner match + +config BR2_PACKAGE_KMOD_IMQ + tristate "Intermediate Queueing device" + default m + help + Kernel support for the Intermediate Queueing device config BR2_PACKAGE_KMOD_IPV6 tristate "IPv6 support" @@ -128,6 +187,11 @@ config BR2_PACKAGE_KMOD_USB_PRINTER default m depends BR2_PACKAGE_KMOD_USB_CONTROLLER +config BR2_PACKAGE_KMOD_USB_ACM + tristate "Support for USB ACM compatible devices" + default m + depends BR2_PACKAGE_KMOD_USB_CONTROLLER + config BR2_PACKAGE_KMOD_IDE tristate "IDE support" default m diff --git a/openwrt/target/linux/control/kmod-imq.control b/openwrt/target/linux/control/kmod-imq.control new file mode 100644 index 0000000000..454cae9cbd --- /dev/null +++ b/openwrt/target/linux/control/kmod-imq.control @@ -0,0 +1,6 @@ +Package: kmod-imq +Priority: optional +Section: net +Maintainer: Felix Fietkau +Source: buildroot internal +Description: Kernel support for the Intermediate Queueing device diff --git a/openwrt/target/linux/control/kmod-ipt-conntrack.control b/openwrt/target/linux/control/kmod-ipt-conntrack.control new file mode 100644 index 0000000000..9da1ec894a --- /dev/null +++ b/openwrt/target/linux/control/kmod-ipt-conntrack.control @@ -0,0 +1,6 @@ +Package: kmod-ipt-conntrack +Priority: optional +Section: net +Maintainer: Felix Fietkau +Source: buildroot internal +Description: Extra iptables modules for matching conntrack states/options diff --git a/openwrt/target/linux/control/kmod-ipt-extra.control b/openwrt/target/linux/control/kmod-ipt-extra.control new file mode 100644 index 0000000000..3f0fafd727 --- /dev/null +++ b/openwrt/target/linux/control/kmod-ipt-extra.control @@ -0,0 +1,6 @@ +Package: kmod-ipt-extra +Priority: optional +Section: net +Maintainer: Felix Fietkau +Source: buildroot internal +Description: Other extra iptables modules diff --git a/openwrt/target/linux/control/kmod-ipt-filter.control b/openwrt/target/linux/control/kmod-ipt-filter.control new file mode 100644 index 0000000000..1d1901b981 --- /dev/null +++ b/openwrt/target/linux/control/kmod-ipt-filter.control @@ -0,0 +1,6 @@ +Package: kmod-ipt-filter +Priority: optional +Section: net +Maintainer: Felix Fietkau +Source: buildroot internal +Description: Extra iptables modules for filtering the contents of packets diff --git a/openwrt/target/linux/control/kmod-ipt-ipopt.control b/openwrt/target/linux/control/kmod-ipt-ipopt.control new file mode 100644 index 0000000000..6303a584d9 --- /dev/null +++ b/openwrt/target/linux/control/kmod-ipt-ipopt.control @@ -0,0 +1,6 @@ +Package: kmod-ipt-ipopt +Priority: optional +Section: net +Maintainer: Felix Fietkau +Source: buildroot internal +Description: Extra iptables modules for matching IP packet options diff --git a/openwrt/target/linux/control/kmod-ipt-ipsec.control b/openwrt/target/linux/control/kmod-ipt-ipsec.control new file mode 100644 index 0000000000..54764e3b8b --- /dev/null +++ b/openwrt/target/linux/control/kmod-ipt-ipsec.control @@ -0,0 +1,6 @@ +Package: kmod-ipt-ipsec +Priority: optional +Section: net +Maintainer: Felix Fietkau +Source: buildroot internal +Description: Extra iptables modules for matching special IPSec packets diff --git a/openwrt/target/linux/control/kmod-ipt-nat.control b/openwrt/target/linux/control/kmod-ipt-nat.control new file mode 100644 index 0000000000..7fa53b8908 --- /dev/null +++ b/openwrt/target/linux/control/kmod-ipt-nat.control @@ -0,0 +1,6 @@ +Package: kmod-ipt-nat +Priority: optional +Section: net +Maintainer: Felix Fietkau +Source: buildroot internal +Description: Extra iptables modules for different NAT targets diff --git a/openwrt/target/linux/control/kmod-nat-extra.control b/openwrt/target/linux/control/kmod-nat-extra.control new file mode 100644 index 0000000000..99fc4bbcbc --- /dev/null +++ b/openwrt/target/linux/control/kmod-nat-extra.control @@ -0,0 +1,6 @@ +Package: kmod-nat-extra +Priority: optional +Section: net +Maintainer: Felix Fietkau +Source: buildroot internal +Description: Extra NAT kernel modules for special protocols diff --git a/openwrt/target/linux/control/kmod-queue.control b/openwrt/target/linux/control/kmod-queue.control new file mode 100644 index 0000000000..2924c955fc --- /dev/null +++ b/openwrt/target/linux/control/kmod-queue.control @@ -0,0 +1,6 @@ +Package: kmod-queue +Priority: optional +Section: net +Maintainer: Felix Fietkau +Source: buildroot internal +Description: iptables module for user-space queueing diff --git a/openwrt/target/linux/control/kmod-usb-acm.control b/openwrt/target/linux/control/kmod-usb-acm.control index 1a9a2de74e..76e66504eb 100644 --- a/openwrt/target/linux/control/kmod-usb-acm.control +++ b/openwrt/target/linux/control/kmod-usb-acm.control @@ -1,6 +1,6 @@ Package: kmod-usb-acm Priority: optional Section: sys -Maintainer: Waldemar Brodkorb +Maintainer: Felix Fietkau Source: buildroot internal -Description: Kernel modules for USB modems and ISDN +Description: Kernel modules for USB ACM (Abstract Control Model) support diff --git a/openwrt/target/linux/image/brcm/Makefile b/openwrt/target/linux/image/brcm/Makefile index 67ea3e2f50..9e74b4b8bf 100644 --- a/openwrt/target/linux/image/brcm/Makefile +++ b/openwrt/target/linux/image/brcm/Makefile @@ -24,13 +24,27 @@ endif ifeq ($(FS),jffs2-4MB) TRXALIGN:=-a 0x10000 endif -$(BIN_DIR)/openwrt-$(BOARD)-$(KERNEL)-$(FS).trx: - $(STAGING_DIR)/bin/trx -o $@ $(BUILD_DIR)/loader.gz $(KDIR)/vmlinux.lzma $(TRXALIGN) $(KDIR)/root.$(FS) + +$(KDIR)/loader.tmp.gz: $(BUILD_DIR)/loader.gz + cp $^ $@ + echo -e "\\x00" >> $@ + +$(BIN_DIR)/openwrt-$(BOARD)-$(KERNEL)-$(FS).trx: $(KDIR)/loader.tmp.gz + $(STAGING_DIR)/bin/trx -o $@ $(KDIR)/loader.tmp.gz $(KDIR)/vmlinux.lzma $(TRXALIGN) $(KDIR)/root.$(FS) ifeq ($(KERNEL),2.4) FSNAME:=$(patsubst jffs2-%,jffs2,$(FS)) +ifeq ($(FS),squashfs) +$(BIN_DIR)/openwrt-wap54g-$(FSNAME).trx: $(BIN_DIR)/openwrt-$(BOARD)-$(KERNEL)-$(FS).trx + cp $< $@ + echo -ne '\x01' >> $@ + +install: $(BIN_DIR)/openwrt-wap54g-$(FSNAME).trx +endif + + ifneq ($(FS),jffs2-8MB) $(BIN_DIR)/openwrt-wrt54g-$(FSNAME).bin: $(BIN_DIR)/openwrt-$(BOARD)-$(KERNEL)-$(FS).trx $(STAGING_DIR)/bin/addpattern -4 -p W54G -v v4.20.6 -i $< -o $@ -g diff --git a/openwrt/target/linux/linux-2.4/Makefile b/openwrt/target/linux/linux-2.4/Makefile index 687069fe07..8a290d64c2 100644 --- a/openwrt/target/linux/linux-2.4/Makefile +++ b/openwrt/target/linux/linux-2.4/Makefile @@ -55,6 +55,42 @@ ifeq ($(BOARD),brcm) include ./broadcom.mk endif +include ../netfilter.mk + +# metapackage for compatibility ... +$(eval $(call KMOD_template,IPTABLES_V4_EXTRA,iptables-extra,\ +,,kmod-nat-extra kmod-queue kmod-ipt-ipsec kmod-ipt-ipopt kmod-ipt-conntrack kmod-ipt-filter kmod-ipt-nat kmod-ipt-extra)) + +$(eval $(call KMOD_template,NAT_EXTRA,nat-extra,\ + $(foreach mod,$(PKG_NAT_EXTRA-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).o) \ +,,,40,$(PKG_NAT_EXTRA-m))) +$(eval $(call KMOD_template,QUEUE,queue,\ + $(foreach mod,$(PKG_QUEUE-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).o) \ +)) +$(eval $(call KMOD_template,IPT_IPSEC,ipt-ipsec,\ + $(foreach mod,$(PKG_IPT_IPSEC-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).o) \ +)) +$(eval $(call KMOD_template,IPT_IPOPT,ipt-ipopt,\ + $(foreach mod,$(PKG_IPT_IPOPT-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).o) \ +)) +$(eval $(call KMOD_template,IPT_CONNTRACK,ipt-conntrack,\ + $(foreach mod,$(PKG_IPT_CONNTRACK-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).o) \ +)) +$(eval $(call KMOD_template,IPT_FILTER,ipt-filter,\ + $(foreach mod,$(PKG_IPT_FILTER-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).o) \ +)) +$(eval $(call KMOD_template,IPT_NAT,ipt-nat,\ + $(foreach mod,$(PKG_IPT_NAT-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).o) \ +)) +$(eval $(call KMOD_template,IMQ,imq,\ + $(foreach mod,$(PKG_IMQ-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).o) \ + $(MODULES_DIR)/kernel/drivers/net/imq.o \ +)) +$(eval $(call KMOD_template,IPT_EXTRA,ipt-extra,\ + $(foreach mod,$(PKG_IPT_EXTRA-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).o) \ +)) + + $(eval $(call KMOD_template,B44,b44,\ $(MODULES_DIR)/kernel/drivers/net/b44.o \ ,CONFIG_B44)) @@ -64,9 +100,6 @@ $(eval $(call KMOD_template,ARPT,arptables,\ $(eval $(call KMOD_template,EBT,ebtables,\ $(MODULES_DIR)/kernel/net/bridge/netfilter/*.o \ ,CONFIG_BRIDGE_NF_EBTABLES)) -$(eval $(call KMOD_template,IPTABLES_V4_EXTRA,iptables-extra,\ - $(MODULES_DIR)/kernel/net/ipv4/netfilter/ip*.o \ -)) $(eval $(call KMOD_template,IPTABLES_V6,ip6tables,\ $(MODULES_DIR)/kernel/net/ipv6/netfilter/ip*.o \ ,CONFIG_IP6_NF_IPTABLES,kmod-ipv6)) @@ -100,6 +133,9 @@ $(eval $(call KMOD_template,USB_STORAGE,usb-storage,\ $(eval $(call KMOD_template,USB_PRINTER,usb-printer,\ $(MODULES_DIR)/kernel/drivers/usb/printer.o \ ,CONFIG_USB_PRINTER,kmod-usb-core,60,printer)) +$(eval $(call KMOD_template,USB_ACM,usb-acm,\ + $(MODULES_DIR)/kernel/drivers/usb/acm.o \ +,CONFIG_USB_ACM,kmod-usb-core,60,acm)) $(eval $(call KMOD_template,IDE,ide,\ $(MODULES_DIR)/kernel/drivers/ide/*.o \ $(MODULES_DIR)/kernel/drivers/ide/*/*.o \ diff --git a/openwrt/target/linux/linux-2.4/config/brcm b/openwrt/target/linux/linux-2.4/config/brcm index b3842487c9..916d022b22 100644 --- a/openwrt/target/linux/linux-2.4/config/brcm +++ b/openwrt/target/linux/linux-2.4/config/brcm @@ -1,5 +1,5 @@ # -# Automatically generated by make menuconfig: don't edit +# Automatically generated make config: don't edit # CONFIG_MIPS=y CONFIG_MIPS32=y @@ -182,6 +182,10 @@ CONFIG_MTD_PARTITIONS=y # CONFIG_MTD_CONCAT is not set # CONFIG_MTD_REDBOOT_PARTS is not set # CONFIG_MTD_CMDLINE_PARTS is not set + +# +# User Modules And Translation Layers +# CONFIG_MTD_CHAR=y CONFIG_MTD_BLOCK=y # CONFIG_FTL is not set @@ -246,6 +250,10 @@ CONFIG_MTD_BCM947XX=y # CONFIG_MTD_SLRAM is not set # CONFIG_MTD_MTDRAM is not set # CONFIG_MTD_BLKMTD is not set + +# +# Disk-On-Chip Device Drivers +# # CONFIG_MTD_DOC1000 is not set # CONFIG_MTD_DOC2000 is not set # CONFIG_MTD_DOC2001 is not set @@ -391,6 +399,7 @@ CONFIG_IP_NF_TARGET_TOS=m CONFIG_IP_NF_TARGET_ECN=m CONFIG_IP_NF_TARGET_DSCP=m CONFIG_IP_NF_TARGET_MARK=y +CONFIG_IP_NF_TARGET_IMQ=m CONFIG_IP_NF_TARGET_CONNMARK=m CONFIG_IP_NF_TARGET_LOG=y CONFIG_IP_NF_TARGET_TTL=m @@ -428,6 +437,7 @@ CONFIG_IP6_NF_FILTER=m CONFIG_IP6_NF_TARGET_LOG=m CONFIG_IP6_NF_MANGLE=m CONFIG_IP6_NF_TARGET_MARK=m +CONFIG_IP6_NF_TARGET_IMQ=m # CONFIG_KHTTPD is not set # @@ -436,6 +446,10 @@ CONFIG_IP6_NF_TARGET_MARK=m # CONFIG_IP_SCTP is not set # CONFIG_ATM is not set CONFIG_VLAN_8021Q=y + +# +# +# # CONFIG_IPX is not set # CONFIG_ATALK is not set # CONFIG_DECNET is not set @@ -500,6 +514,10 @@ CONFIG_IDE=m # IDE, ATA and ATAPI Block devices # CONFIG_BLK_DEV_IDE=m + +# +# Please see Documentation/ide.txt for help/info on IDE drives +# # CONFIG_BLK_DEV_HD_IDE is not set # CONFIG_BLK_DEV_HD is not set # CONFIG_BLK_DEV_IDE_SATA is not set @@ -513,6 +531,10 @@ CONFIG_IDEDISK_STROKE=y # CONFIG_BLK_DEV_IDEFLOPPY is not set # CONFIG_BLK_DEV_IDESCSI is not set # CONFIG_IDE_TASK_IOCTL is not set + +# +# IDE chipset support/bugfixes +# # CONFIG_BLK_DEV_CMD640 is not set # CONFIG_BLK_DEV_CMD640_ENHANCED is not set # CONFIG_BLK_DEV_ISAPNP is not set @@ -570,12 +592,20 @@ CONFIG_BLK_DEV_PDC202XX=y # SCSI support # CONFIG_SCSI=m + +# +# SCSI support type (disk, tape, CD-ROM) +# CONFIG_BLK_DEV_SD=m CONFIG_SD_EXTRA_DEVS=5 # CONFIG_CHR_DEV_ST is not set # CONFIG_CHR_DEV_OSST is not set # CONFIG_BLK_DEV_SR is not set CONFIG_CHR_DEV_SG=m + +# +# Some SCSI devices (e.g. CD jukebox) support multiple LUNs +# # CONFIG_SCSI_DEBUG_QUEUES is not set CONFIG_SCSI_MULTI_LUN=y # CONFIG_SCSI_CONSTANTS is not set @@ -685,6 +715,7 @@ CONFIG_HND=y # CONFIG_DUMMY is not set # CONFIG_BONDING is not set # CONFIG_EQUALIZER is not set +CONFIG_IMQ=m CONFIG_TUN=m CONFIG_NET_RANDOM=y # CONFIG_ETHERTAP is not set @@ -786,6 +817,10 @@ CONFIG_WL=m # CONFIG_PLX_HERMES is not set # CONFIG_TMD_HERMES is not set # CONFIG_PCI_HERMES is not set + +# +# Prism54 PCI/PCMCIA GT/Duette Driver - 802.11(a/b/g) +# # CONFIG_PRISM54 is not set CONFIG_NET_WIRELESS=y @@ -857,6 +892,14 @@ CONFIG_PPDEV=m # Joysticks # # CONFIG_INPUT_GAMEPORT is not set + +# +# Input core support is needed for gameports +# + +# +# Input core support is needed for joysticks +# # CONFIG_QIC02_TAPE is not set # CONFIG_IPMI_HANDLER is not set # CONFIG_IPMI_PANIC_EVENT is not set @@ -1081,6 +1124,10 @@ CONFIG_VIDEO_DEV=m # CONFIG_VIDEO_PROC_FS=y # CONFIG_I2C_PARPORT is not set + +# +# Video Adapters +# # CONFIG_VIDEO_BT848 is not set # CONFIG_VIDEO_PMS is not set # CONFIG_VIDEO_BWQCAM is not set @@ -1114,12 +1161,24 @@ CONFIG_VIDEO_PROC_FS=y # CONFIG_USB=m # CONFIG_USB_DEBUG is not set + +# +# Miscellaneous USB options +# CONFIG_USB_DEVICEFS=y # CONFIG_USB_BANDWIDTH is not set + +# +# USB Host Controller Drivers +# CONFIG_USB_EHCI_HCD=m # CONFIG_USB_UHCI is not set CONFIG_USB_UHCI_ALT=m CONFIG_USB_OHCI=m + +# +# USB Device Class drivers +# # CONFIG_USB_AUDIO is not set # CONFIG_USB_EMI26 is not set # CONFIG_USB_BLUETOOTH is not set @@ -1134,9 +1193,17 @@ CONFIG_USB_STORAGE_HP8200e=y CONFIG_USB_STORAGE_SDDR09=y CONFIG_USB_STORAGE_SDDR55=y CONFIG_USB_STORAGE_JUMPSHOT=y -# CONFIG_USB_ACM is not set +CONFIG_USB_ACM=m CONFIG_USB_PRINTER=m + +# +# USB Human Interface Devices (HID) +# # CONFIG_USB_HID is not set + +# +# Input core support is needed for USB HID input layer or HIDBP support +# # CONFIG_USB_HIDINPUT is not set # CONFIG_USB_HIDDEV is not set # CONFIG_USB_KBD is not set @@ -1145,11 +1212,19 @@ CONFIG_USB_PRINTER=m # CONFIG_USB_WACOM is not set # CONFIG_USB_KBTAB is not set # CONFIG_USB_POWERMATE is not set + +# +# USB Imaging devices +# # CONFIG_USB_DC2XX is not set # CONFIG_USB_MDC800 is not set # CONFIG_USB_SCANNER is not set # CONFIG_USB_MICROTEK is not set # CONFIG_USB_HPUSBSCSI is not set + +# +# USB Multimedia devices +# # CONFIG_USB_IBMCAM is not set # CONFIG_USB_KONICAWC is not set # CONFIG_USB_OV511 is not set @@ -1160,18 +1235,30 @@ CONFIG_USB_PWC=m # CONFIG_USB_VICAM is not set # CONFIG_USB_DSBR is not set # CONFIG_USB_DABUSB is not set + +# +# USB Network adaptors +# # CONFIG_USB_PEGASUS is not set # CONFIG_USB_RTL8150 is not set # CONFIG_USB_KAWETH is not set # CONFIG_USB_CATC is not set # CONFIG_USB_CDCETHER is not set # CONFIG_USB_USBNET is not set + +# +# USB port drivers +# # CONFIG_USB_USS720 is not set # # USB Serial Converter support # # CONFIG_USB_SERIAL is not set + +# +# USB Miscellaneous drivers +# # CONFIG_USB_RIO500 is not set # CONFIG_USB_AUERSWALD is not set # CONFIG_USB_TIGL is not set diff --git a/openwrt/target/linux/linux-2.4/patches/generic/113-netfilter_imq.diff b/openwrt/target/linux/linux-2.4/patches/generic/113-netfilter_imq.diff new file mode 100644 index 0000000000..e2e45af882 --- /dev/null +++ b/openwrt/target/linux/linux-2.4/patches/generic/113-netfilter_imq.diff @@ -0,0 +1,748 @@ +diff -aurN linux-2.4.28-orig/Documentation/Configure.help linux-2.4.28/Documentation/Configure.help +--- linux-2.4.28-orig/Documentation/Configure.help 2004-11-17 11:54:20.000000000 +0000 ++++ linux-2.4.28/Documentation/Configure.help 2004-12-14 11:43:42.000000000 +0000 +@@ -3147,6 +3147,22 @@ + If you want to compile it as a module, say M here and read + . If unsure, say `N'. + ++IMQ target support ++CONFIG_IP_NF_TARGET_IMQ ++ This option adds a `IMQ' target which is used to specify if and ++ to which imq device packets should get enqueued/dequeued. ++ ++ If you want to compile it as a module, say M here and read ++ . If unsure, say `N'. ++ ++IMQ target support ++CONFIG_IP6_NF_TARGET_IMQ ++ This option adds a `IMQ' target which is used to specify if and ++ to which imq device packets should get enqueued/dequeued. ++ ++ If you want to compile it as a module, say M here and read ++ . If unsure, say `N'. ++ + MARK target support + CONFIG_IP_NF_TARGET_MARK + This option adds a `MARK' target, which allows you to create rules +@@ -9799,6 +9815,20 @@ + say M here and read . The module + will be called bonding.o. + ++Intermediate queueing device support ++CONFIG_IMQ ++ The imq device(s) is used as placeholder for QoS queueing disciplines. ++ Every packet entering/leaving the ip stack can be directed through ++ the imq device where it's enqueued/dequeued to the attached qdisc. ++ This allows you to treat network devices as classes and distribute ++ bandwidth among them. Iptables is used to specify through which imq ++ device, if any, packets travel. ++ ++ If you want to compile this as a module ( = code which ca be ++ inserted in and removed from the running kernel whenever you want), ++ say M here and read . The module ++ will be called imq.o ++ + SLIP (serial line) support + CONFIG_SLIP + Say Y if you intend to use SLIP or CSLIP (compressed SLIP) to +diff -aurN linux-2.4.28-orig/drivers/net/Config.in linux-2.4.28/drivers/net/Config.in +--- linux-2.4.28-orig/drivers/net/Config.in 2004-08-07 23:26:04.000000000 +0000 ++++ linux-2.4.28/drivers/net/Config.in 2004-12-14 11:43:42.000000000 +0000 +@@ -7,6 +7,11 @@ + tristate 'Dummy net driver support' CONFIG_DUMMY + tristate 'Bonding driver support' CONFIG_BONDING + tristate 'EQL (serial line load balancing) support' CONFIG_EQUALIZER ++if [ "$CONFIG_NETFILTER" = "y" ]; then ++ tristate 'IMQ (intermediate queueing device) support' CONFIG_IMQ ++else ++ comment 'IMQ needs CONFIG_NETFILTER enabled' ++fi + tristate 'Universal TUN/TAP device driver support' CONFIG_TUN + if [ "$CONFIG_EXPERIMENTAL" = "y" ]; then + tristate 'Ethertap network tap (OBSOLETE)' CONFIG_ETHERTAP +diff -aurN linux-2.4.28-orig/drivers/net/Makefile linux-2.4.28/drivers/net/Makefile +--- linux-2.4.28-orig/drivers/net/Makefile 2004-08-07 23:26:04.000000000 +0000 ++++ linux-2.4.28/drivers/net/Makefile 2004-12-14 11:43:42.000000000 +0000 +@@ -170,6 +170,7 @@ + + obj-$(CONFIG_STRIP) += strip.o + obj-$(CONFIG_DUMMY) += dummy.o ++obj-$(CONFIG_IMQ) += imq.o + obj-$(CONFIG_DE600) += de600.o + obj-$(CONFIG_DE620) += de620.o + obj-$(CONFIG_AT1500) += lance.o +diff -aurN linux-2.4.28-orig/drivers/net/imq.c linux-2.4.28/drivers/net/imq.c +--- linux-2.4.28-orig/drivers/net/imq.c 1970-01-01 00:00:00.000000000 +0000 ++++ linux-2.4.28/drivers/net/imq.c 2004-12-14 11:43:42.000000000 +0000 +@@ -0,0 +1,321 @@ ++/* ++ * Pseudo-driver for the intermediate queue device. ++ * ++ * This program is free software; you can redistribute it and/or ++ * modify it under the terms of the GNU General Public License ++ * as published by the Free Software Foundation; either version ++ * 2 of the License, or (at your option) any later version. ++ * ++ * Authors: Patrick McHardy, ++ * ++ * The first version was written by Martin Devera, ++ * ++ * Credits: Jan Rafaj ++ * - Update patch to 2.4.21 ++ * Sebastian Strollo ++ * - Fix "Dead-loop on netdevice imq"-issue ++ */ ++ ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#if defined(CONFIG_IPV6) || defined (CONFIG_IPV6_MODULE) ++#include ++#endif ++#include ++#include ++ ++static nf_hookfn imq_nf_hook; ++ ++static struct nf_hook_ops imq_ingress_ipv4 = { ++ { NULL, NULL}, ++ imq_nf_hook, ++ PF_INET, ++ NF_IP_PRE_ROUTING, ++ NF_IP_PRI_MANGLE + 1 ++}; ++ ++static struct nf_hook_ops imq_egress_ipv4 = { ++ { NULL, NULL}, ++ imq_nf_hook, ++ PF_INET, ++ NF_IP_POST_ROUTING, ++ NF_IP_PRI_LAST ++}; ++ ++#if defined(CONFIG_IPV6) || defined (CONFIG_IPV6_MODULE) ++static struct nf_hook_ops imq_ingress_ipv6 = { ++ { NULL, NULL}, ++ imq_nf_hook, ++ PF_INET6, ++ NF_IP6_PRE_ROUTING, ++ NF_IP6_PRI_MANGLE + 1 ++}; ++ ++static struct nf_hook_ops imq_egress_ipv6 = { ++ { NULL, NULL}, ++ imq_nf_hook, ++ PF_INET6, ++ NF_IP6_POST_ROUTING, ++ NF_IP6_PRI_LAST ++}; ++#endif ++ ++static unsigned int numdevs = 2; ++ ++MODULE_PARM(numdevs, "i"); ++MODULE_PARM_DESC(numdevs, "number of imq devices"); ++ ++static struct net_device *imq_devs; ++ ++ ++static struct net_device_stats *imq_get_stats(struct net_device *dev) ++{ ++ return (struct net_device_stats *)dev->priv; ++} ++ ++/* called for packets kfree'd in qdiscs at places other than enqueue */ ++static void imq_skb_destructor(struct sk_buff *skb) ++{ ++ struct nf_info *info = skb->nf_info; ++ ++ if (info) { ++ if (info->indev) ++ dev_put(info->indev); ++ if (info->outdev) ++ dev_put(info->outdev); ++ kfree(info); ++ } ++} ++ ++static int imq_dev_xmit(struct sk_buff *skb, struct net_device *dev) ++{ ++ struct net_device_stats *stats = (struct net_device_stats*) dev->priv; ++ ++ stats->tx_bytes += skb->len; ++ stats->tx_packets++; ++ ++ skb->imq_flags = 0; ++ skb->destructor = NULL; ++ ++ dev->trans_start = jiffies; ++ nf_reinject(skb, skb->nf_info, NF_ACCEPT); ++ return 0; ++} ++ ++static int imq_nf_queue(struct sk_buff *skb, struct nf_info *info, ++ void *data) ++{ ++ struct net_device *dev; ++ struct net_device_stats *stats; ++ struct sk_buff *skb2 = NULL; ++ struct Qdisc *q; ++ unsigned int index = skb->imq_flags&IMQ_F_IFMASK; ++ int ret = -1; ++ ++ if (index > numdevs) ++ return -1; ++ ++ dev = imq_devs + index; ++ if (!(dev->flags & IFF_UP)) { ++ skb->imq_flags = 0; ++ nf_reinject(skb, info, NF_ACCEPT); ++ return 0; ++ } ++ dev->last_rx = jiffies; ++ ++ if (skb->destructor) { ++ skb2 = skb; ++ skb = skb_clone(skb, GFP_ATOMIC); ++ if (!skb) ++ return -1; ++ } ++ skb->nf_info = info; ++ ++ stats = (struct net_device_stats *)dev->priv; ++ stats->rx_bytes+= skb->len; ++ stats->rx_packets++; ++ ++ spin_lock_bh(&dev->queue_lock); ++ q = dev->qdisc; ++ if (q->enqueue) { ++ q->enqueue(skb_get(skb), q); ++ if (skb_shared(skb)) { ++ skb->destructor = imq_skb_destructor; ++ kfree_skb(skb); ++ ret = 0; ++ } ++ } ++ if (spin_is_locked(&dev->xmit_lock)) ++ netif_schedule(dev); ++ else ++ qdisc_run(dev); ++ spin_unlock_bh(&dev->queue_lock); ++ ++ if (skb2) ++ kfree_skb(ret ? skb : skb2); ++ ++ return ret; ++} ++ ++static unsigned int imq_nf_hook(unsigned int hook, struct sk_buff **pskb, ++ const struct net_device *indev, ++ const struct net_device *outdev, ++ int (*okfn)(struct sk_buff *)) ++{ ++ if ((*pskb)->imq_flags & IMQ_F_ENQUEUE) ++ return NF_QUEUE; ++ ++ return NF_ACCEPT; ++} ++ ++ ++static int __init imq_init_hooks(void) ++{ ++ int err; ++ ++ if ((err = nf_register_queue_handler(PF_INET, imq_nf_queue, NULL))) ++ goto err1; ++ if ((err = nf_register_hook(&imq_ingress_ipv4))) ++ goto err2; ++ if ((err = nf_register_hook(&imq_egress_ipv4))) ++ goto err3; ++#if defined(CONFIG_IPV6) || defined (CONFIG_IPV6_MODULE) ++ if ((err = nf_register_queue_handler(PF_INET6, imq_nf_queue, NULL))) ++ goto err4; ++ if ((err = nf_register_hook(&imq_ingress_ipv6))) ++ goto err5; ++ if ((err = nf_register_hook(&imq_egress_ipv6))) ++ goto err6; ++#endif ++ ++ return 0; ++ ++#if defined(CONFIG_IPV6) || defined (CONFIG_IPV6_MODULE) ++err6: ++ nf_unregister_hook(&imq_ingress_ipv6); ++err5: ++ nf_unregister_queue_handler(PF_INET6); ++err4: ++ nf_unregister_hook(&imq_egress_ipv4); ++#endif ++err3: ++ nf_unregister_hook(&imq_ingress_ipv4); ++err2: ++ nf_unregister_queue_handler(PF_INET); ++err1: ++ return err; ++} ++ ++static void __exit imq_unhook(void) ++{ ++ nf_unregister_hook(&imq_ingress_ipv4); ++ nf_unregister_hook(&imq_egress_ipv4); ++ nf_unregister_queue_handler(PF_INET); ++#if defined(CONFIG_IPV6) || defined (CONFIG_IPV6_MODULE) ++ nf_unregister_hook(&imq_ingress_ipv6); ++ nf_unregister_hook(&imq_egress_ipv6); ++ nf_unregister_queue_handler(PF_INET6); ++#endif ++} ++ ++static int __init imq_dev_init(struct net_device *dev) ++{ ++ dev->hard_start_xmit = imq_dev_xmit; ++ dev->type = ARPHRD_VOID; ++ dev->mtu = 1500; ++ dev->tx_queue_len = 30; ++ dev->flags = IFF_NOARP; ++ dev->priv = kmalloc(sizeof(struct net_device_stats), GFP_KERNEL); ++ if (dev->priv == NULL) ++ return -ENOMEM; ++ memset(dev->priv, 0, sizeof(struct net_device_stats)); ++ dev->get_stats = imq_get_stats; ++ ++ return 0; ++} ++ ++static void imq_dev_uninit(struct net_device *dev) ++{ ++ kfree(dev->priv); ++} ++ ++static int __init imq_init_devs(void) ++{ ++ struct net_device *dev; ++ int i; ++ ++ if (!numdevs || numdevs > IMQ_MAX_DEVS) { ++ printk(KERN_ERR "numdevs has to be betweed 1 and %u\n", ++ IMQ_MAX_DEVS); ++ return -EINVAL; ++ } ++ ++ imq_devs = kmalloc(sizeof(struct net_device) * numdevs, GFP_KERNEL); ++ if (!imq_devs) ++ return -ENOMEM; ++ memset(imq_devs, 0, sizeof(struct net_device) * numdevs); ++ ++ /* we start counting at zero */ ++ numdevs--; ++ ++ for (i = 0, dev = imq_devs; i <= numdevs; i++, dev++) { ++ SET_MODULE_OWNER(dev); ++ strcpy(dev->name, "imq%d"); ++ dev->init = imq_dev_init; ++ dev->uninit = imq_dev_uninit; ++ ++ if (register_netdev(dev) < 0) ++ goto err_register; ++ } ++ return 0; ++ ++err_register: ++ for (; i; i--) ++ unregister_netdev(--dev); ++ kfree(imq_devs); ++ return -EIO; ++} ++ ++static void imq_cleanup_devs(void) ++{ ++ int i; ++ struct net_device *dev = imq_devs; ++ ++ for (i = 0; i <= numdevs; i++) ++ unregister_netdev(dev++); ++ ++ kfree(imq_devs); ++} ++ ++static int __init imq_init_module(void) ++{ ++ int err; ++ ++ if ((err = imq_init_devs())) ++ return err; ++ if ((err = imq_init_hooks())) { ++ imq_cleanup_devs(); ++ return err; ++ } ++ ++ printk(KERN_INFO "imq driver loaded.\n"); ++ ++ return 0; ++} ++ ++static void __exit imq_cleanup_module(void) ++{ ++ imq_unhook(); ++ imq_cleanup_devs(); ++} ++ ++module_init(imq_init_module); ++module_exit(imq_cleanup_module); ++MODULE_LICENSE("GPL"); +diff -aurN linux-2.4.28-orig/include/linux/imq.h linux-2.4.28/include/linux/imq.h +--- linux-2.4.28-orig/include/linux/imq.h 1970-01-01 00:00:00.000000000 +0000 ++++ linux-2.4.28/include/linux/imq.h 2004-12-14 11:43:42.000000000 +0000 +@@ -0,0 +1,9 @@ ++#ifndef _IMQ_H ++#define _IMQ_H ++ ++#define IMQ_MAX_DEVS 16 ++ ++#define IMQ_F_IFMASK 0x7f ++#define IMQ_F_ENQUEUE 0x80 ++ ++#endif /* _IMQ_H */ +diff -aurN linux-2.4.28-orig/include/linux/netfilter_ipv4/ipt_IMQ.h linux-2.4.28/include/linux/netfilter_ipv4/ipt_IMQ.h +--- linux-2.4.28-orig/include/linux/netfilter_ipv4/ipt_IMQ.h 1970-01-01 00:00:00.000000000 +0000 ++++ linux-2.4.28/include/linux/netfilter_ipv4/ipt_IMQ.h 2004-12-14 11:43:42.000000000 +0000 +@@ -0,0 +1,8 @@ ++#ifndef _IPT_IMQ_H ++#define _IPT_IMQ_H ++ ++struct ipt_imq_info { ++ unsigned int todev; /* target imq device */ ++}; ++ ++#endif /* _IPT_IMQ_H */ +diff -aurN linux-2.4.28-orig/include/linux/netfilter_ipv6/ip6t_IMQ.h linux-2.4.28/include/linux/netfilter_ipv6/ip6t_IMQ.h +--- linux-2.4.28-orig/include/linux/netfilter_ipv6/ip6t_IMQ.h 1970-01-01 00:00:00.000000000 +0000 ++++ linux-2.4.28/include/linux/netfilter_ipv6/ip6t_IMQ.h 2004-12-14 11:43:42.000000000 +0000 +@@ -0,0 +1,8 @@ ++#ifndef _IP6T_IMQ_H ++#define _IP6T_IMQ_H ++ ++struct ip6t_imq_info { ++ unsigned int todev; /* target imq device */ ++}; ++ ++#endif /* _IP6T_IMQ_H */ +diff -aurN linux-2.4.28-orig/include/linux/skbuff.h linux-2.4.28/include/linux/skbuff.h +--- linux-2.4.28-orig/include/linux/skbuff.h 2004-08-07 23:26:06.000000000 +0000 ++++ linux-2.4.28/include/linux/skbuff.h 2004-12-14 11:43:42.000000000 +0000 +@@ -93,6 +93,9 @@ + struct nf_conntrack *master; + }; + #endif ++#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) ++struct nf_info; ++#endif + + struct sk_buff_head { + /* These two members must be first. */ +@@ -182,7 +185,7 @@ + unsigned int len; /* Length of actual data */ + unsigned int data_len; + unsigned int csum; /* Checksum */ +- unsigned char __unused, /* Dead field, may be reused */ ++ unsigned char imq_flags, /* intermediate queueing device */ + cloned, /* head may be cloned (check refcnt to be sure). */ + pkt_type, /* Packet class */ + ip_summed; /* Driver fed us an IP checksum */ +@@ -219,6 +222,9 @@ + #ifdef CONFIG_NET_SCHED + __u32 tc_index; /* traffic control index */ + #endif ++#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) ++ struct nf_info *nf_info; ++#endif + }; + + #ifdef __KERNEL__ +diff -aurN linux-2.4.28-orig/net/core/skbuff.c linux-2.4.28/net/core/skbuff.c +--- linux-2.4.28-orig/net/core/skbuff.c 2003-08-25 11:44:44.000000000 +0000 ++++ linux-2.4.28/net/core/skbuff.c 2004-12-14 11:43:42.000000000 +0000 +@@ -202,6 +202,10 @@ + /* Set up other state */ + skb->len = 0; + skb->cloned = 0; ++#if defined(CONFIG_IMQ) || defined (CONFIG_IMQ_MODULE) ++ skb->imq_flags = 0; ++ skb->nf_info = NULL; ++#endif + skb->data_len = 0; + + atomic_set(&skb->users, 1); +@@ -250,6 +254,10 @@ + #ifdef CONFIG_NET_SCHED + skb->tc_index = 0; + #endif ++#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) ++ skb->imq_flags = 0; ++ skb->nf_info = NULL; ++#endif + } + + static void skb_drop_fraglist(struct sk_buff *skb) +@@ -400,6 +408,10 @@ + #ifdef CONFIG_NET_SCHED + C(tc_index); + #endif ++#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) ++ C(imq_flags); ++ C(nf_info); ++#endif + + atomic_inc(&(skb_shinfo(skb)->dataref)); + skb->cloned = 1; +@@ -444,6 +456,10 @@ + #ifdef CONFIG_NET_SCHED + new->tc_index = old->tc_index; + #endif ++#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) ++ new->imq_flags=old->imq_flags; ++ new->nf_info=old->nf_info; ++#endif + } + + /** +diff -aurN linux-2.4.28-orig/net/ipv4/netfilter/Config.in linux-2.4.28/net/ipv4/netfilter/Config.in +--- linux-2.4.28-orig/net/ipv4/netfilter/Config.in 2003-08-25 11:44:44.000000000 +0000 ++++ linux-2.4.28/net/ipv4/netfilter/Config.in 2004-12-14 11:43:43.000000000 +0000 +@@ -104,6 +104,7 @@ + dep_tristate ' DSCP target support' CONFIG_IP_NF_TARGET_DSCP $CONFIG_IP_NF_MANGLE + + dep_tristate ' MARK target support' CONFIG_IP_NF_TARGET_MARK $CONFIG_IP_NF_MANGLE ++ dep_tristate ' IMQ target support' CONFIG_IP_NF_TARGET_IMQ $CONFIG_IP_NF_MANGLE + fi + dep_tristate ' LOG target support' CONFIG_IP_NF_TARGET_LOG $CONFIG_IP_NF_IPTABLES + dep_tristate ' ULOG target support' CONFIG_IP_NF_TARGET_ULOG $CONFIG_IP_NF_IPTABLES +diff -aurN linux-2.4.28-orig/net/ipv4/netfilter/Makefile linux-2.4.28/net/ipv4/netfilter/Makefile +--- linux-2.4.28-orig/net/ipv4/netfilter/Makefile 2003-08-25 11:44:44.000000000 +0000 ++++ linux-2.4.28/net/ipv4/netfilter/Makefile 2004-12-14 11:43:43.000000000 +0000 +@@ -94,6 +94,7 @@ + obj-$(CONFIG_IP_NF_TARGET_ECN) += ipt_ECN.o + obj-$(CONFIG_IP_NF_TARGET_DSCP) += ipt_DSCP.o + obj-$(CONFIG_IP_NF_TARGET_MARK) += ipt_MARK.o ++obj-$(CONFIG_IP_NF_TARGET_IMQ) += ipt_IMQ.o + obj-$(CONFIG_IP_NF_TARGET_MASQUERADE) += ipt_MASQUERADE.o + obj-$(CONFIG_IP_NF_TARGET_REDIRECT) += ipt_REDIRECT.o + obj-$(CONFIG_IP_NF_NAT_SNMP_BASIC) += ip_nat_snmp_basic.o +diff -aurN linux-2.4.28-orig/net/ipv4/netfilter/ipt_IMQ.c linux-2.4.28/net/ipv4/netfilter/ipt_IMQ.c +--- linux-2.4.28-orig/net/ipv4/netfilter/ipt_IMQ.c 1970-01-01 00:00:00.000000000 +0000 ++++ linux-2.4.28/net/ipv4/netfilter/ipt_IMQ.c 2004-12-14 11:43:43.000000000 +0000 +@@ -0,0 +1,78 @@ ++/* This target marks packets to be enqueued to an imq device */ ++#include ++#include ++#include ++#include ++#include ++ ++static unsigned int imq_target(struct sk_buff **pskb, ++ unsigned int hooknum, ++ const struct net_device *in, ++ const struct net_device *out, ++ const void *targinfo, ++ void *userinfo) ++{ ++ struct ipt_imq_info *mr = (struct ipt_imq_info*)targinfo; ++ ++ (*pskb)->imq_flags = mr->todev | IMQ_F_ENQUEUE; ++ (*pskb)->nfcache |= NFC_ALTERED; ++ ++ return IPT_CONTINUE; ++} ++ ++static int imq_checkentry(const char *tablename, ++ const struct ipt_entry *e, ++ void *targinfo, ++ unsigned int targinfosize, ++ unsigned int hook_mask) ++{ ++ struct ipt_imq_info *mr; ++ ++ if (targinfosize != IPT_ALIGN(sizeof(struct ipt_imq_info))) { ++ printk(KERN_WARNING "IMQ: invalid targinfosize\n"); ++ return 0; ++ } ++ mr = (struct ipt_imq_info*)targinfo; ++ ++ if (strcmp(tablename, "mangle") != 0) { ++ printk(KERN_WARNING ++ "IMQ: IMQ can only be called from \"mangle\" table, not \"%s\"\n", ++ tablename); ++ return 0; ++ } ++ ++ if (mr->todev > IMQ_MAX_DEVS) { ++ printk(KERN_WARNING ++ "IMQ: invalid device specified, highest is %u\n", ++ IMQ_MAX_DEVS); ++ return 0; ++ } ++ ++ return 1; ++} ++ ++static struct ipt_target ipt_imq_reg = { ++ { NULL, NULL}, ++ "IMQ", ++ imq_target, ++ imq_checkentry, ++ NULL, ++ THIS_MODULE ++}; ++ ++static int __init init(void) ++{ ++ if (ipt_register_target(&ipt_imq_reg)) ++ return -EINVAL; ++ ++ return 0; ++} ++ ++static void __exit fini(void) ++{ ++ ipt_unregister_target(&ipt_imq_reg); ++} ++ ++module_init(init); ++module_exit(fini); ++MODULE_LICENSE("GPL"); +diff -aurN linux-2.4.28-orig/net/ipv6/netfilter/Config.in linux-2.4.28/net/ipv6/netfilter/Config.in +--- linux-2.4.28-orig/net/ipv6/netfilter/Config.in 2003-06-13 14:51:39.000000000 +0000 ++++ linux-2.4.28/net/ipv6/netfilter/Config.in 2004-12-14 11:43:43.000000000 +0000 +@@ -71,6 +71,7 @@ + if [ "$CONFIG_IP6_NF_MANGLE" != "n" ]; then + # dep_tristate ' TOS target support' CONFIG_IP6_NF_TARGET_TOS $CONFIG_IP_NF_MANGLE + dep_tristate ' MARK target support' CONFIG_IP6_NF_TARGET_MARK $CONFIG_IP6_NF_MANGLE ++ dep_tristate ' IMQ target support' CONFIG_IP6_NF_TARGET_IMQ $CONFIG_IP6_NF_MANGLE + fi + #dep_tristate ' LOG target support' CONFIG_IP6_NF_TARGET_LOG $CONFIG_IP6_NF_IPTABLES + fi +diff -aurN linux-2.4.28-orig/net/ipv6/netfilter/Makefile linux-2.4.28/net/ipv6/netfilter/Makefile +--- linux-2.4.28-orig/net/ipv6/netfilter/Makefile 2003-06-13 14:51:39.000000000 +0000 ++++ linux-2.4.28/net/ipv6/netfilter/Makefile 2004-12-14 11:43:43.000000000 +0000 +@@ -28,6 +28,7 @@ + obj-$(CONFIG_IP6_NF_FILTER) += ip6table_filter.o + obj-$(CONFIG_IP6_NF_MANGLE) += ip6table_mangle.o + obj-$(CONFIG_IP6_NF_TARGET_MARK) += ip6t_MARK.o ++obj-$(CONFIG_IP6_NF_TARGET_IMQ) += ip6t_IMQ.o + obj-$(CONFIG_IP6_NF_QUEUE) += ip6_queue.o + obj-$(CONFIG_IP6_NF_TARGET_LOG) += ip6t_LOG.o + obj-$(CONFIG_IP6_NF_MATCH_HL) += ip6t_hl.o +diff -aurN linux-2.4.28-orig/net/ipv6/netfilter/ip6t_IMQ.c linux-2.4.28/net/ipv6/netfilter/ip6t_IMQ.c +--- linux-2.4.28-orig/net/ipv6/netfilter/ip6t_IMQ.c 1970-01-01 00:00:00.000000000 +0000 ++++ linux-2.4.28/net/ipv6/netfilter/ip6t_IMQ.c 2004-12-14 11:43:43.000000000 +0000 +@@ -0,0 +1,78 @@ ++/* This target marks packets to be enqueued to an imq device */ ++#include ++#include ++#include ++#include ++#include ++ ++static unsigned int imq_target(struct sk_buff **pskb, ++ unsigned int hooknum, ++ const struct net_device *in, ++ const struct net_device *out, ++ const void *targinfo, ++ void *userinfo) ++{ ++ struct ip6t_imq_info *mr = (struct ip6t_imq_info*)targinfo; ++ ++ (*pskb)->imq_flags = mr->todev | IMQ_F_ENQUEUE; ++ (*pskb)->nfcache |= NFC_ALTERED; ++ ++ return IP6T_CONTINUE; ++} ++ ++static int imq_checkentry(const char *tablename, ++ const struct ip6t_entry *e, ++ void *targinfo, ++ unsigned int targinfosize, ++ unsigned int hook_mask) ++{ ++ struct ip6t_imq_info *mr; ++ ++ if (targinfosize != IP6T_ALIGN(sizeof(struct ip6t_imq_info))) { ++ printk(KERN_WARNING "IMQ: invalid targinfosize\n"); ++ return 0; ++ } ++ mr = (struct ip6t_imq_info*)targinfo; ++ ++ if (strcmp(tablename, "mangle") != 0) { ++ printk(KERN_WARNING ++ "IMQ: IMQ can only be called from \"mangle\" table, not \"%s\"\n", ++ tablename); ++ return 0; ++ } ++ ++ if (mr->todev > IMQ_MAX_DEVS) { ++ printk(KERN_WARNING ++ "IMQ: invalid device specified, highest is %u\n", ++ IMQ_MAX_DEVS); ++ return 0; ++ } ++ ++ return 1; ++} ++ ++static struct ip6t_target ip6t_imq_reg = { ++ { NULL, NULL}, ++ "IMQ", ++ imq_target, ++ imq_checkentry, ++ NULL, ++ THIS_MODULE ++}; ++ ++static int __init init(void) ++{ ++ if (ip6t_register_target(&ip6t_imq_reg)) ++ return -EINVAL; ++ ++ return 0; ++} ++ ++static void __exit fini(void) ++{ ++ ip6t_unregister_target(&ip6t_imq_reg); ++} ++ ++module_init(init); ++module_exit(fini); ++MODULE_LICENSE("GPL"); +diff -aurN linux-2.4.28-orig/net/sched/sch_generic.c linux-2.4.28/net/sched/sch_generic.c +--- linux-2.4.28-orig/net/sched/sch_generic.c 2004-11-17 11:54:22.000000000 +0000 ++++ linux-2.4.28/net/sched/sch_generic.c 2004-12-14 11:44:27.000000000 +0000 +@@ -29,6 +29,9 @@ + #include + #include + #include ++#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) ++#include ++#endif + #include + #include + #include +@@ -90,7 +93,11 @@ + spin_unlock(&dev->queue_lock); + + if (!netif_queue_stopped(dev)) { +- if (netdev_nit) ++ if (netdev_nit ++#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) ++ && !(skb->imq_flags & IMQ_F_ENQUEUE) ++#endif ++ ) + dev_queue_xmit_nit(skb, dev); + + if (dev->hard_start_xmit(skb, dev) == 0) { diff --git a/openwrt/target/linux/netfilter.mk b/openwrt/target/linux/netfilter.mk new file mode 100644 index 0000000000..cd4dcf54b4 --- /dev/null +++ b/openwrt/target/linux/netfilter.mk @@ -0,0 +1,50 @@ + +PKG_NAT_EXTRA-m := +PKG_NAT_EXTRA-$(CONFIG_IP_NF_AMANDA) += ip_conntrack_amanda +PKG_NAT_EXTRA-$(CONFIG_IP_NF_TFTP) += ip_conntrack_tftp +PKG_NAT_EXTRA-$(CONFIG_IP_NF_CT_PROTO_GRE) += ip_conntrack_proto_gre +PKG_NAT_EXTRA-$(CONFIG_IP_NF_PPTP) += ip_conntrack_pptp +PKG_NAT_EXTRA-$(CONFIG_IP_NF_NAT_PROTO_GRE) += ip_nat_proto_gre +PKG_NAT_EXTRA-$(CONFIG_IP_NF_NAT_PPTP) += ip_nat_pptp +PKG_NAT_EXTRA-$(CONFIG_IP_NF_NAT_SNMP_BASIC) += ip_nat_snmp_basic + +PKG_QUEUE-m := +PKG_QUEUE-$(CONFIG_IP_NF_QUEUE) += ip_queue + +PKG_IPT_IPSEC-m := +PKG_IPT_IPSEC-$(CONFIG_IP_NF_MATCH_AH_ESP) += ipt_ah ipt_esp + +PKG_IPT_IPOPT-m := +PKG_IPT_IPOPT-$(CONFIG_IP_NF_MATCH_TOS) += ipt_tos +PKG_IPT_IPOPT-$(CONFIG_IP_NF_MATCH_TTL) += ipt_ttl +PKG_IPT_IPOPT-$(CONFIG_IP_NF_MATCH_ECN) += ipt_ecn +PKG_IPT_IPOPT-$(CONFIG_IP_NF_MATCH_DSCP) += ipt_dscp +PKG_IPT_IPOPT-$(CONFIG_IP_NF_MATCH_LENGTH) += ipt_length +PKG_IPT_IPOPT-$(CONFIG_IP_NF_MATCH_MAC) += ipt_mac +PKG_IPT_IPOPT-$(CONFIG_IP_NF_MATCH_UNCLEAN) += ipt_unclean +PKG_IPT_IPOPT-$(CONFIG_IP_NF_TARGET_TOS) += ipt_TOS +PKG_IPT_IPOPT-$(CONFIG_IP_NF_TARGET_TTL) += ipt_TTL +PKG_IPT_IPOPT-$(CONFIG_IP_NF_TARGET_ECN) += ipt_ECN +PKG_IPT_IPOPT-$(CONFIG_IP_NF_TARGET_DSCP) += ipt_DSCP + + +PKG_IPT_CONNTRACK-m := +PKG_IPT_CONNTRACK-$(CONFIG_IP_NF_MATCH_CONNTRACK) += ipt_conntrack +PKG_IPT_CONNTRACK-$(CONFIG_IP_NF_MATCH_CONNMARK) += ipt_connmark +PKG_IPT_CONNTRACK-$(CONFIG_IP_NF_MATCH_HELPER) += ipt_helper +PKG_IPT_CONNTRACK-$(CONFIG_IP_NF_TARGET_CONNMARK) += ipt_CONNMARK + +PKG_IPT_FILTER-m := +PKG_IPT_FILTER-$(CONFIG_IP_NF_MATCH_IPP2P) += ipt_ipp2p +PKG_IPT_FILTER-$(CONFIG_IP_NF_MATCH_LAYER7) += ipt_layer7 + +PKG_IPT_NAT-m := +PKG_IPT_NAT-$(CONFIG_IP_NF_TARGET_MIRROR) += ipt_MIRROR +PKG_IPT_NAT-$(CONFIG_IP_NF_TARGET_REDIRECT) += ipt_REDIRECT + +PKG_IPT_IMQ-m := +PKG_IPT_IMQ-$(CONFIG_IP_NF_TARGET_IMQ) += ipt_IMQ + +PKG_IPT_EXTRA-m := +PKG_IPT_EXTRA-$(CONFIG_IP_NF_MATCH_RECENT) += ipt_recent +PKG_IPT_EXTRA-$(CONFIG_IP_NF_MATCH_OWNER) += ipt_owner diff --git a/openwrt/target/linux/rules.mk b/openwrt/target/linux/rules.mk index feb0c95837..01987aaf17 100644 --- a/openwrt/target/linux/rules.mk +++ b/openwrt/target/linux/rules.mk @@ -5,11 +5,7 @@ else KDEPEND_$(1):=$($(4)) endif -ifeq ($$(strip $(5)),) -IDEPEND_$(1):=kernel ($(LINUX_VERSION)-$(BOARD)-$(PKG_RELEASE)) -else -IDEPEND_$(1):=kernel ($(LINUX_VERSION)-$(BOARD)-$(PKG_RELEASE)), $(5) -endif +IDEPEND_$(1):=kernel ($(LINUX_VERSION)-$(BOARD)-$(PKG_RELEASE)) $(foreach pkg,$(5),", $(pkg)") PKG_$(1) := $(PACKAGE_DIR)/kmod-$(2)_$(LINUX_VERSION)-$(BOARD)-$(PKG_RELEASE)_$(ARCH).ipk I_$(1) := $(PKG_BUILD_DIR)/ipkg/$(2) @@ -28,7 +24,9 @@ $$(PKG_$(1)): $(LINUX_DIR)/.modules_done mkdir -p $$(I_$(1))/lib/modules/$(LINUX_VERSION) $(SCRIPT_DIR)/make-ipkg-dir.sh $$(I_$(1)) ../control/kmod-$(2).control $(LINUX_VERSION)-$(BOARD)-$(PKG_RELEASE) $(ARCH) echo "Depends: $$(IDEPEND_$(1))" >> $$(I_$(1))/CONTROL/control +ifneq ($(strip $(3)),) cp $(3) $$(I_$(1))/lib/modules/$(LINUX_VERSION) +endif ifneq ($(6),) mkdir -p $$(I_$(1))/etc/modules.d for module in $(7); do \ -- 2.30.2