Re: [OpenWrt-Devel] Recommended settings ip6 DNS server / dnsmasq

2015-08-19 Thread Jean-Michel Pouré - GOOZE
Le mercredi 19 août 2015 à 11:27 +0200, Jean-Michel Pouré - GOOZE a
écrit :
  It is not possible, DHCPv6 doesn't carry routes. So you still need 
  RAs even with ra_management set to 2.

Please don't reply on the devel list. My messages are becoming messy and fill 
the list.
Just use this ticket:https://dev.openwrt.org/ticket/20354
Kind regards,Gnutella

smime.p7s
Description: S/MIME cryptographic signature
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel


Re: [OpenWrt-Devel] Recommended settings ip6 DNS server / dnsmasq

2015-08-19 Thread Jean-Michel Pouré - GOOZE
Le mardi 18 août 2015 à 18:30 +0200, Steven Barth a écrit :
 It is not possible, DHCPv6 doesn't carry routes. So you still need 
 RAs even with ra_management set to 2.


I spotted a problem with ra_management = 2
First configuration: stateful only configuration/sbin/route -A inet6 Table de 
routage IPv6 du noyauDestinationNext Hop   
Flag Met Ref Use If2a01:e35::::3/128  :: U  
  256 0 0 eth0fe80::/64  :: U   
 256 1 4 eth0::/0   :: !n   
-1  1 11892 lo::1/128:: Un   0  
 11   101 lo2a01:e35::::3/128  :: Un   0   
115 lofe80::5642:49ff::/128  :: Un   0   1  
  39 loff00::/8   :: U256 3 
0 eth0::/0   :: !n   -1  1 
11892 lo
There is no unique gateway (no Next Hop for ::/0).The unique gateway should be 
the local address of the OpenWRT gateway.As a result, ping6 does not work 
(network unreachable).
Second configuration: static IPv6 configurationIf i set the IPv6 staticly with 
correct gateway, the routing table becomes:/sbin/route -A inet6 Table de 
routage IPv6 du noyauDestinationNext Hop   
Flag Met Ref Use If2a01:e35::::7/128  :: U  
  256 0 0 eth0fe80::ea94:f6ff::/128  :: U   
 100 0 3 eth0fe80::/64  :: U
256 0 0 eth0::/0   fe80::ea94:f6ff::  UG   
100 7 0 eth0::/0   :: !n   
-1  1 11937 lo::1/128:: Un   0  
 11   107 lo2a01:e35::::7/128  :: Un   0   
138 lofe80::5642:49ff::/128  :: Un   0   1  
   9 loff00::/8   :: U256 2 
0 eth0::/0   :: !n   -1  1 
11937 lo
fe80::ea94:f6ff::xxx is the correct UG. ping6 works.

To me, it seems that when using stateful only configuration, IPv6 gateway is 
not broadcasted. How can this be configured/fixed?
The best would be IMHO to broadcast IPv6 gateway along with dhcp:config host
option name 'sony-vaio'option ip '192.168.1.xxx'option mac 
'54:42:49:xx:xx:xx'option duid '0004901071a15f278795aa0ddxxx'   
 option hostid '3'= option gateway 'fe80::ea94:f6ff::'???
What do you think? Do you know a workaround? Shall I open a bug/feature report?
Kind regards,Gnutella

smime.p7s
Description: S/MIME cryptographic signature
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel


Re: [OpenWrt-Devel] Recommended settings ip6 DNS server / dnsmasq

2015-08-19 Thread Jean-Michel Pouré - GOOZE
Le mardi 18 août 2015 à 18:30 +0200, Steven Barth a écrit :
 It is not possible, DHCPv6 doesn't carry routes. So you still need 
 RAs even with ra_management set to 2.

Sorry for this garbage, I just resend my email :

I spotted a problem with ra_management = 2

First configuration: stateful only configuration/

sbin/route -A inet6 

noyauDestinationNext Hop   Flag Met
Ref Use If2a01:e35::::3/128  :: U  
  256 0 0 eth0fe80::/64  ::
 U256 1 4 eth0::/0   ::
 !n   -1  1 11892 lo::1/128::  
   Un   0   11   101 lo2a01:e35::::3/128 
 :: Un   0   115
lofe80::5642:49ff::/128  :: Un   0   1 
   39 loff00::/8   :: U   
 256 3 0 eth0::/0   :: 
!n   -1  1 11892 lo

There is no unique gateway (no Next Hop for ::/0).
The unique gateway should be the local address of the OpenWRT gateway.

As a result, ping6 does not work (network unreachable).

Second configuration: static IPv6 configuration

If i set the IPv6 staticly with correct gateway, the routing table
becomes:

/sbin/route -A inet6 
noyauDestinationNext Hop   Flag Met
Ref Use If2a01:e35::::7/128  :: U  
  256 0 0 eth0fe80::ea94:f6ff::/128  ::
 U100 0 3 eth0fe80::/64  ::
 U256 0 0 eth0::/0  
 fe80::ea94:f6ff::  UG   100 7 0 eth0::/0  
 :: !n   -1  1 11937 lo::1/128 
   :: Un   0   11   107
lo2a01:e35::::7/128  :: Un   0   1 
   38 lofe80::5642:49ff::/128  :: Un  
 0   1 9 loff00::/8   ::   
  U256 2 0 eth0::/0   ::   
  !n   -1  1 11937 lo
fe80::ea94:f6ff::xxx is the correct UG. ping6 works.

To me, it seems that when using stateful only configuration, IPv6
gateway is not broadcasted. How can this be configured/fixed?

Kind regards,
Gnutella

smime.p7s
Description: S/MIME cryptographic signature
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel


Re: [OpenWrt-Devel] Recommended settings ip6 DNS server / dnsmasq

2015-08-18 Thread Jean-Michel Pouré - GOOZE
Le lundi 17 août 2015 à 20:32 +0200, Steven Barth a écrit :
 is clearly a stateful address (/128) and your host got the host-id
 953 for stateful adressing. You should see the lease on the router
 in the WebUi or under /tmp/hosts/odhcpd. There you can also see the
 duid you need for adding the static lease.


Dear Steven,

I could solve all issues and write a complete HOWTO (in French only at
first).http://wiki.openwrt.org/doc/howto/freebox

My only question would be :

OpenWRT seems to provide at the same time stateful and stateless
adressing. 

Whatever I do, I always receive an IPv6 based on MAC when I would like
my station to have only a stateful address. On the converse, if I
request a stateless address, I also reveive a stateful address.

Is there a way to avoid this?

Kind regards,
Gnutella

smime.p7s
Description: S/MIME cryptographic signature
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel


Re: [OpenWrt-Devel] Recommended settings ip6 DNS server / dnsmasq

2015-08-18 Thread Jean-Michel Pouré - GOOZE
Le mardi 18 août 2015 à 13:49 +0200, Steven Barth a écrit :
 Where you have option dhcpv6 and option ra you can add an option 
 ra_management
 and set it to 0, 1 or 2.
 
 0 means stateless only,
 1 means stateless + stateful (default)
 2 means stateful only
 
 Please note that stateful is not supported by all clients, e.g. all 
 android-based devices
 will not have IPv6 connectivity with setting 2.

Thanks ! I could update my docs and add acknowledgment for your kind 
help.http://wiki.openwrt.org/doc/howto/freebox?#acknowledgmentsremerciements
The only missing part in stateful only configuration is the the default IPv6 
gateway fe80::5642:49ff:fe87: on local network.
Do you know how to propagate the gateway automatically using DHCP6?
Kind regards,Gnutella

smime.p7s
Description: S/MIME cryptographic signature
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel


Re: [OpenWrt-Devel] Recommended settings ip6 DNS server / dnsmasq

2015-08-17 Thread Jean-Michel Pouré - GOOZE
Dear Steven,

Thank you for answering.

 I'm not sure what you are trying to accomplish. If you are connecting 
 a router with a default
 OpenWrt image with default configuration to an ISP or IPv6 router 
 which offers prefix delegation,
 everything works out of the box including client configuration. You 
 don't need to touch a single
 config file.

Prefix delegation works only with a freebox model v6 or Android with
NextHop support. This is probably a limitation on the ISP side.

 OpenWrt serves stateless and stateful addresses to clients by 
 default, the combination of
 option duid and option hostid should also work to change the hostid 
 (I'm using it right now).

We tested with success :
* manual IPv6 settings,
* stateless delegation.

Stateful IPV6 delegation does not work.

 So could you please explain what is special about the freebox as an 
 uplink (sorry I don't
 speak french so I can't decode your wiki page)?

I published the setting here, no need to speak French:
http://wiki.openwrt.org/doc/howto/freebox#configuration_des_clients_ipv
6

Could you tell us more about the setting for stateful delegation? I
would like use the less intrusive settings, including a stock OpenWRT
with no additional package. How can this be done?

How do you set duid and option hostid ? It is unclear which version of
DNSmasq to use, Should we use two configurations config host: one for
ipv4 and one for ipv6.

Here are my settings:


config dnsmasq
option domainneeded '0'
option boguspriv '1'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.auto'
option localservice '1'

config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option ra 'server'
option dhcpv6 'server'

config dhcp 'wan'
option interface 'wan'
option ignore '1'

config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'

config host
option name 'sony-vaio'
option ip '192.168.1.xxx'
option mac '54:42:49:xx:xx:xx'

#config host
#option name 'sony-vaio'
#option ip '2a01:e35:87d8:::3'
#option duid '0004901071a15f278795aa0dd83bde8b250x'
#option hostid '0003'

It could be nice if there was official documentation about stateful
adressing  on the WIKI here:
http://wiki.openwrt.org/doc/uci/network

Kind regards,
Gnutella

smime.p7s
Description: S/MIME cryptographic signature
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel


Re: [OpenWrt-Devel] Recommended settings ip6 DNS server / dnsmasq

2015-08-17 Thread Jean-Michel Pouré - GOOZE
Dear Steven,

Thanks for this kind response.

  addr inet6: 2a01:e35:87d8:::953/128 Scope:Global

OK, I cannot find the lease in Luci, but here is /tmp/hosts/odhcpd
# br-lan 0004901071a15f278795aa0dd83bde8b 49874f74 - 1439881026 953
128 2a01:e35:87d8:::953/128

Is my duid 0004901071a15f278795aa0dd83bde8b?

 addr inet6: 2a01:e35:87d8:::953/128 Scope:Global
 is clearly a stateful address (/128) and your host got the host-id
 953 for stateful adressing. You should see the lease on the router
 in the WebUi or under /tmp/hosts/odhcpd. There you can also see the
 duid you need for adding the static lease.

OK. Good to know.

 At some point using the mac-address (option mac) should work here
 as well but it might be broken currently. I will put it on my todo.
 
 Nevertheless:
 
 config host
 option duid '0012345678900...'
 option hostid 4
 
 is what works already.

I used:
config host 
option name 'sony-vaio'
option ip ''  
option mac '54:42:49:87:xx:xx'   
   
config host
option duid '0004901071a15f278795aa0dd83bde8b'
option hostid '3'


and it does not work. The assigned address is still
2a01:e35:87d8:::953

Kind regards,Jean-Michel

smime.p7s
Description: S/MIME cryptographic signature
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel


[OpenWrt-Devel] Setting password on serial console + disabling linux single user mode

2015-08-17 Thread Jean-Michel Pouré - GOOZE
Dear all,

What is the current way to ask for root password when connecting to
serial console:

/etc/inittab
::askconsole:/bin/ash --login

is there any way to ask for a password?

Also, what are the steps to disable single user mode booting?

Kind regards,
Jean-Michel


smime.p7s
Description: S/MIME cryptographic signature
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel


Re: [OpenWrt-Devel] Recommended settings ip6 DNS server / dnsmasq

2015-08-17 Thread Jean-Michel Pouré - GOOZE
Le lundi 17 août 2015 à 20:32 +0200, Steven Barth a écrit :
 config host
 option duid '0012345678900...'
 option hostid 4

Okay, I got it, it works using 8 digits:0008
Will add it to the HOWTO and try to make a special howto on ipv6 delegation 
sooner.
Kind regards,Jean-Michel

smime.p7s
Description: S/MIME cryptographic signature
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel


Re: [OpenWrt-Devel] Setting password on serial console

2015-08-17 Thread Jean-Michel Pouré - GOOZE
Le lundi 17 août 2015 à 21:31 +0200, Tobias Welz a écrit :
 With Barrier Breaker i use this way - I assume it's the same with 
 Chaos Calmer.
 Install the login shell and change the /etc/inittab:
 
 ::askconsole:/bin/login

There is no /bin/login anymore in OpenWRT development branch. Do I need to 
install a package ?

smime.p7s
Description: S/MIME cryptographic signature
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel


Re: [OpenWrt-Devel] Recommended settings ip6 DNS server / dnsmasq

2015-08-17 Thread Jean-Michel Pouré - GOOZE
 Okay, I got it, it works using 8 digits:0008


I am still having difficulties setting IPv6 gateway using DHCP only.

If using SLAAC, routes will propagate very well, but I end-up with
several IPv6. I don't want any derived IPv6 from MAC.

The client IP is 2a01:e35:87d8::::.

The correct route is:
/sbin/route -A inet6 |grep -w eth0
2a01:e35:87d8::::/128 :: U256 0
 0 eth0
2a01:e35:87d8:::/64:: U100 0   
  0 eth0
fe80::/64  :: U256 0   
  3 eth0
::/0   fe80::ea94:f6ff::  UG   100 3   
  0 eth0
ff00::/8   :: U256 3   
  0 eth0

fe80::ea94:f6ff:: is the local OpenWRT gateway.


DNSMASQ does not know how to set this kind of route using DHCP only.

An alternative would be to use SLAAC for routes only, not to propagate
IPv6 addresses derived from MAC.

Any idea? Does dnsmasq know how to propagate routes using DHCP only?
This would be nice NOT to rely on SLAAC.

I will write a howto with these information, don't worry, just guide
me.

Kind regards,
Jean-Michel

smime.p7s
Description: S/MIME cryptographic signature
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel


[OpenWrt-Devel] Recommended settings ip6 DNS server / dnsmasq

2015-08-15 Thread Jean-Michel Pouré - GOOZE
Dear all,

I currently writting a HOWTO for French Freebox users.
http://wiki.openwrt.org/doc/howto/freebox

We can obtain IPv6 address delegation an configure clients IPv6
staticly. We are using OpenWRT staging (latest dev).

What is the recommended way to serve ipv6 IPs to clients? I need to
serve at least IPv6 and gateway. I would like the lest intrusive
configuration, so we don't have to install additional packages.

My guess was to use dnsmasq, but according to documentation, it needs
to be uninstalled first, with installation of dnsmasq-dhcp6.

In the wiki example, my /64 delegation is 2a01:e35:87d8: (/64)
I would like to serve 2a01:e35:87d8::3 to my host called sony-vaio with
MAC 54:42:49:87:4f:74

So what would you recommend to serve IPv6s to clients? 

Kind regards,
Jean-Michel

P.S. This post is a duplicate of:
https://forum.openwrt.org/viewtopic.php?id=59043

smime.p7s
Description: S/MIME cryptographic signature
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel


[OpenWrt-Devel] IPv6: network segmentation, use of vlan and IPsec

2015-03-27 Thread Jean-Michel Pouré - GOOZE
Dear friends,

I am studying IPv6 networks and would like to share some ideas with the
community. At present, I am not sure to understand how to filter traffic
and split networks. Here are a few questions:

vlan:
IPv6 has no broadcast. Do we still need vlans to segment traffic? Would
you recommend using vlans together with IPv6?

Filtering a switch:
When a device includes a switch, how to filter ipV6 traffic on the
switch? Do we need to use Brouting and ebtable or can it be done with
iptables6? 

Mac address filtering:
ipv6 embeds MAC address in frames. Clients may generate fake MAC
addresses. Is there a way to hide MAC addresses on the router itself?

IPsec:
IPv6 allows to use IPsec in IPv6 frames. Can it be done already with a
combination of FreeRadius, StrongSwan and IPv6. Do you know working
configurations in OpenWRT?

Kind regards,
Gnutella
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel


Re: [OpenWrt-Devel] EAP-TLS / EAP-TTLS PAP

2015-03-27 Thread Jean-Michel Pouré - GOOZE
Le jeudi 26 mars 2015 à 14:33 +0100, Bernd Naumann a écrit :
 K back to the plot:
 Know you any hostapd configurations or other software in openwrt which
 can achieve that goal? Are there any issues which might can lead to
 problems or other downsides I may have missed? Reasons against?

I am new to OpenWRT, but I will try to answer shortly:

The wiki page for wireless is:
http://wiki.openwrt.org/doc/howto/wireless.overview

OpenWRT includes Linux IEEE 802.11 (wireless) subsystem. It covers a
wide range of wireless cards. What you are referencing in your post is :
802.1X (secure) Per-user authentication using RADIUS, including support
for dynamic vlan assignment. Basic WPA Enterprise configuration
instructions:

http://wiki.openwrt.org/doc/howto/wireless.security.8021x

You should never use passwords, whether self-signed X.509 certificates,
i.e. EAP-TLS. It seems to be supported and documentation is available.
Loot at Radius and client certificate in this page:

http://wiki.openwrt.org/doc/uci/wireless#wpaenterpriseaccesspoint

You should be aware that when using certificates, you should be able to
create, sign and manage your CA and certificates. You should set up a
dedicated computer with no connection to Internet. 

OpenSSL will allow you to do that and is very well documented. Gnomint
is a nice GUI: http://gnomint.sourceforge.net/

Kind regards,
Gnutella
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel


Re: [OpenWrt-Devel] Security Vulnerability Reporting and Database

2015-03-26 Thread Jean-Michel Pouré - GOOZE
Le mercredi 25 mars 2015 à 14:31 -0500, Eric Schultz a écrit :
 During the discussions for the OpenWireless/OpenWrt security hackathon
 in April, one of the participants asked if there's a way to report
 security vulnerabilities in OpenWrt. I didn't know of one so I figured
 I should ask. Is there a recommended process for reporting a security
 vulnerability in OpenWrt?

+1. I am also interested in an answer.

Gnutella
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel


Re: [OpenWrt-Devel] Rebuilding for specific hardware, example ar71xx/image for TP-Link TL-WR841ND

2015-03-26 Thread Jean-Michel Pouré - GOOZE
Le mercredi 25 mars 2015 à 11:43 -0400, John Szakmeister a écrit :
 Why not just use:
 
 ./scripts/config/conf --savedefconfig=config.seed Config.in

When building systems for release, one has to be very careful for
security. 

IMHO, I would not leave a toolchain and configuration on a build server
and change it from time to time. If this is the way OpenWRT is built,
there is a higher risk for an attacker to modify the build environment
and/or binaries.

I prefer:
build script = debian chroot = config = toolchain = compilation

I will enquire more about conf --savedefconfig=config.seed Config.in
to see if it suits my needs. From a first approach, I prefer to use a
small script which turns on/off features and builds a .config from
scratch. The only thing is that I need to keep the build script. But
this has to be studies in more details as I am new in the community and
have to learn.

Thanks for pointing it out. There is a lot to learn about OpenWRT, which
seems a very rich environment.

Kind regards,
Gnutella
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel


[OpenWrt-Devel] OpenWRT reproducible build

2015-03-25 Thread Jean-Michel Pouré - GOOZE
Dear all,

This is a post for information.

I would like to point out this Debian Reproducible build project:
https://wiki.debian.org/ReproducibleBuilds
https://reproducible.debian.net/reproducible.html

IMHO, it would be a major improvement to be able to build the same
OpenWRT packages on different location. 

The reason why I am rebuilding OpenWRT packages is that I don't trust a
remote buildtool to provide an effective solution.

Are OpenWRT builds reproducible? If we build on different hosts, does it
provide the same package with same sha signature? Probably not.

Any comments are welcome.

Kind regards,
Gnutella
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel


Re: [OpenWrt-Devel] Dynamically generate custom files before building?

2015-03-25 Thread Jean-Michel Pouré - GOOZE
Le mercredi 25 mars 2015 à 00:10 +0200, Sami Olmari a écrit :
 isn't it quite self-explanatory?

Yes, but we don't know how these scripts work and need to read source
code. Apparently, it branches GIT. So what happens when we need to
upgrade to latest GIT. Furthermore, can you build several appliances at
the same time?

IMHO, I prefer to build a separate build root for each device and
rebuild each time using a script.

If you look at Debian build architecture, it is the idea: create a build
environment, chroot and build.

Kind regards,
Gnutella
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel


Re: [OpenWrt-Devel] Dynamically generate custom files before building?

2015-03-25 Thread Jean-Michel Pouré - GOOZE
Le mercredi 25 mars 2015 à 00:43 +0800, Nguyễn Hồng Quân a écrit :
 Your script has many valuable information

You are more than welcome.

Maybe we should create a page on the wiki to explain howto: create a
minimal Debian build environment, chroot, build. But I am not sure to
understand how to modify /etc files interactively and tweak some
important kernel modules (deactivate breakpoints, etc ...) or even use
GrSec.

Please report any progress and explain us how to do that.

Kind regards,
Gnutella
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel


Re: [OpenWrt-Devel] Dynamically generate custom files before building?

2015-03-24 Thread Jean-Michel Pouré - GOOZE
 I think you should try to modify openwrt/Makefile 
 Add your own script  for target devices.

I am thinking about moving to a Makefile also. 

Currently, my scripts look like this one :
*
#git clone git://git.openwrt.org/openwrt.git openwrt-ar71xx
cd openwrt-ar71xx

#echo make dirclean
#make dirclean

echo git checkout
git checkout master
git pull

echo updating feeds
./scripts/feeds update -a
./scripts/feeds install luci
./scripts/feeds install luci-proto-ipv6

echo make defconfig
rm -f .config
echo  .config 'CONFIG_TARGET_ar71xx_generic_TLWR841=y'
echo  .config 'CONFIG_PACKAGE_luci=y'
echo  .config 'CONFIG_PACKAGE_luci-proto-ipv6=y'

make defconfig

echo compiling
make -j 5
*

Next thing I would like to test is create custom targets. I am not very
sure how to work. But basically, can define
CONFIG_TARGET_ar71xx_generic_TLWR841_myown

I read on the wiki there was also the ability to compile all package and
then use image builder to quickly build custom installers.

At one point, if you need to initialize dozens of routers and APs, you
probably want to use image builder.

Kind regards,
Gnutella
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel


Re: [OpenWrt-Devel] Rebuilding for specific hardware, example ar71xx/image for TP-Link TL-WR841ND

2015-03-23 Thread Jean-Michel Pouré - GOOZE
 but it works and you can tweak it individually via 'make menuconfig'.
 what we do here, is e.g.:
 echo  .config 'CONFIG_TARGET_ar71xx_generic_TLWR1043=y'

Thanks. Due to ignorance, I could not figure it out. 

So my script becomes:
git clone git://git.openwrt.org/openwrt.git openwrt-ar71xx
cd openwrt-ar71xx
git pull
rm -f .config
echo  .config 'CONFIG_TARGET_ar71xx_generic_TLWR841=y'
make defconfig
./scripts/feeds update -a
./scripts/feeds install luci
works great.

Now reading the .config file, there are:
cat .config | grep luci
CONFIG_FEED_luci=y
# CONFIG_PACKAGE_luci is not set

What's the difference between installing luci from feeds and selecting
in make menuconfig?

Kind regards,
Gnutella 
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel


Re: [OpenWrt-Devel] Rebuilding for specific hardware, example ar71xx/image for TP-Link TL-WR841ND

2015-03-23 Thread Jean-Michel Pouré - GOOZE
 I read buildroot WIKI page:
 http://wiki.openwrt.org/doc/howto/build

I am getting confused about the build system.

I am comparing .config generated by buildroot (today's GIT) with
https://downloads.openwrt.org/snapshots/trunk/ar71xx/generic/config 
and this is not the same file. 

Obviously, I need a default .config file before using buildroot. 
Where is it stored and published?

What is the recommended way to rebuild a custom image. 
I used the following script:

git clone git://git.openwrt.org/openwrt.git openwrt-ar71xx
cd openwrt-ar71xx
git pull
./scripts/feeds update -a
./scripts/feeds install lucie
#wget
https://downloads.openwrt.org/snapshots/trunk/ar71xx/generic/config
-O .config
make menuconfig

Shall I fetch .config file with wget?

Kind regards,
Gnutella
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel


Re: [OpenWrt-Devel] Rebuilding for specific hardware, example ar71xx/image for TP-Link TL-WR841ND

2015-03-23 Thread Jean-Michel Pouré - GOOZE
Le lundi 23 mars 2015 à 15:18 +0100, Arjen de Korte a écrit :
 No, you have to run 'make menuconfig' and select the luci package in  
 there. In many cases, other packages are needed when you select a  
 package. This is exactly what menuconfig automates (so making
 changes  
 by hand in the generated .config file is usually a bad idea, just
 like  
 the top lines of this file will tell you).

Thanks, I got it now. So I should run make oldconfig when compiling
automatically everyday?

Kind regards,
Gnutella
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel


[OpenWrt-Devel] Building OpenWRT static kernels

2015-03-23 Thread Jean-Michel Pouré - GOOZE
Dear all,

I would like to discuss the ability to compile a minimal kernel with all
needed modules compiled staticly. This is for custom projects. I know
static kernels are not for mass-release as it would confuse users.

Is there a way to achieve something similar to:
make localyesconfig 
turns modules in static mode.

There is a possibility to return the list of modules runnig lsmod and
then use it with make localyesconfig (I don't remember exactly). Then we
just ban module loading.

Before I do some research on grsecurity, I would like to make static
kernels. How do you proceed on your side? Can we discuss the best (and
recommended) way to make static kernels.

Kind regards,
Gnutella
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel


Re: [OpenWrt-Devel] Rebuilding for specific hardware, example ar71xx/image for TP-Link TL-WR841ND

2015-03-23 Thread Jean-Michel Pouré - GOOZE
Le lundi 23 mars 2015 à 21:21 +0800, Yousong Zhou a écrit :
 ./scripts/feeds install pkgname will make those packages
 visible/available/selectable in menuconfig (creating links in
 package/feeds/feedsname/) as the prior update action only fetches them
 down as is.

Thanks!

So I need to activate compilation with:
echo  .config 'CONFIG_PACKAGE_luci=y'

Kind regards,
Gnutella
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel


[OpenWrt-Devel] Rebuilding for specific hardware, example ar71xx/image for TP-Link TL-WR841ND

2015-03-23 Thread Jean-Michel Pouré - GOOZE
 /target/linux/ar71xx/image/Makefile

I read buildroot WIKI page:
http://wiki.openwrt.org/doc/howto/build

Pardon my ignorance, I am new to OpenWRT.

If I select target TP-Link TL-WR841ND in target of make-menuconfig
this triggers /target/linux/ar71xx/image/Makefile

Will it select automatically this .config file:
target/linux/ar71xx/config-3.18

or do I need to copy config-3.18 and run make-menuconfig.

Kind regards,
Gnutella
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel


Re: [OpenWrt-Devel] Rebuilding for specific hardware, example ar71xx/image for TP-Link TL-WR841ND

2015-03-23 Thread Jean-Michel Pouré - GOOZE
Le lundi 23 mars 2015 à 16:09 +0100, Bastian Bittorf a écrit :
 echo  .config 'CONFIG_PACKAGE_luci=y'
 make defconfig  # (this solves the dependencies)
 make

You spotted the right solution, this results in a nice configuration. I
feel that I am now able to automate daily compilation. OpenWRT really
rocks.

CONFIG_FEED_luci=y
CONFIG_PACKAGE_luci=y
# CONFIG_PACKAGE_luci-ssl is not set
CONFIG_PACKAGE_luci-base=y
CONFIG_PACKAGE_luci-mod-admin-full=y
# CONFIG_PACKAGE_luci-mod-failsafe is not set
# CONFIG_PACKAGE_luci-mod-freifunk is not set
# CONFIG_PACKAGE_luci-mod-freifunk-community is not set
# CONFIG_PACKAGE_luci-mod-rpc is not set
# CONFIG_PACKAGE_luci-app-ahcp is not set
# CONFIG_PACKAGE_luci-app-asterisk is not set
# CONFIG_PACKAGE_luci-app-commands is not set
# CONFIG_PACKAGE_luci-app-ddns is not set
# CONFIG_PACKAGE_luci-app-diag-core is not set
# CONFIG_PACKAGE_luci-app-diag-devinfo is not set
# CONFIG_PACKAGE_luci-app-dump1090 is not set
CONFIG_PACKAGE_luci-app-firewall=y
# CONFIG_PACKAGE_luci-app-freifunk-diagnostics is not set
# CONFIG_PACKAGE_luci-app-freifunk-policyrouting is not set
# CONFIG_PACKAGE_luci-app-freifunk-widgets is not set
# CONFIG_PACKAGE_luci-app-hd-idle is not set
# CONFIG_PACKAGE_luci-app-meshwizard is not set
# CONFIG_PACKAGE_luci-app-mjpg-streamer is not set
# CONFIG_PACKAGE_luci-app-mmc-over-gpio is not set
# CONFIG_PACKAGE_luci-app-multiwan is not set
# CONFIG_PACKAGE_luci-app-ntpc is not set
# CONFIG_PACKAGE_luci-app-ocserv is not set
# CONFIG_PACKAGE_luci-app-olsr is not set
# CONFIG_PACKAGE_luci-app-olsr-services is not set
# CONFIG_PACKAGE_luci-app-olsr-viz is not set
# CONFIG_PACKAGE_luci-app-openvpn is not set
# CONFIG_PACKAGE_luci-app-p2pblock is not set
# CONFIG_PACKAGE_luci-app-p910nd is not set
# CONFIG_PACKAGE_luci-app-pbx is not set
# CONFIG_PACKAGE_luci-app-polipo is not set
# CONFIG_PACKAGE_luci-app-privoxy is not set
# CONFIG_PACKAGE_luci-app-qos is not set
# CONFIG_PACKAGE_luci-app-radvd is not set
# CONFIG_PACKAGE_luci-app-samba is not set
# CONFIG_PACKAGE_luci-app-shairplay is not set
# CONFIG_PACKAGE_luci-app-shairport is not set
# CONFIG_PACKAGE_luci-app-siitwizard is not set
# CONFIG_PACKAGE_luci-app-splash is not set
# CONFIG_PACKAGE_luci-app-statistics is not set
# CONFIG_PACKAGE_luci-app-tinyproxy is not set
# CONFIG_PACKAGE_luci-app-transmission is not set
# CONFIG_PACKAGE_luci-app-udpxy is not set
# CONFIG_PACKAGE_luci-app-upnp is not set
# CONFIG_PACKAGE_luci-app-vnstat is not set
# CONFIG_PACKAGE_luci-app-voice-core is not set
# CONFIG_PACKAGE_luci-app-voice-diag is not set
# CONFIG_PACKAGE_luci-app-watchcat is not set
# CONFIG_PACKAGE_luci-app-wol is not set
# CONFIG_PACKAGE_luci-app-wshaper is not set
CONFIG_PACKAGE_luci-theme-bootstrap=y
# CONFIG_PACKAGE_luci-theme-freifunk-bno is not set
# CONFIG_PACKAGE_luci-theme-freifunk-generic is not set
# CONFIG_PACKAGE_luci-theme-openwrt is not set
# CONFIG_PACKAGE_luci-proto-3g is not set
# CONFIG_PACKAGE_luci-proto-ipv6 is not set
# CONFIG_PACKAGE_luci-proto-openconnect is not set
CONFIG_PACKAGE_luci-proto-ppp=y
# CONFIG_PACKAGE_luci-proto-relay is not set
# CONFIG_PACKAGE_luci-lib-httpclient is not set
CONFIG_PACKAGE_luci-lib-ip=y
# CONFIG_PACKAGE_luci-lib-json is not set
# CONFIG_PACKAGE_luci-lib-jsonc is not set
# CONFIG_PACKAGE_luci-lib-luaneightbl is not set
CONFIG_PACKAGE_luci-lib-nixio=y
# CONFIG_PACKAGE_luci-lib-px5g is not set
# CONFIG_PACKAGE_luci-i18n-base-ca is not set
# CONFIG_PACKAGE_luci-i18n-base-cs is not set
# CONFIG_PACKAGE_luci-i18n-base-de is not set
# CONFIG_PACKAGE_luci-i18n-base-el is not set
# CONFIG_PACKAGE_luci-i18n-base-en is not set
# CONFIG_PACKAGE_luci-i18n-base-es is not set
# CONFIG_PACKAGE_luci-i18n-base-fr is not set
# CONFIG_PACKAGE_luci-i18n-base-he is not set
# CONFIG_PACKAGE_luci-i18n-base-hu is not set
# CONFIG_PACKAGE_luci-i18n-base-it is not set
# CONFIG_PACKAGE_luci-i18n-base-ja is not set
# CONFIG_PACKAGE_luci-i18n-base-ms is not set
# CONFIG_PACKAGE_luci-i18n-base-no is not set
# CONFIG_PACKAGE_luci-i18n-base-pl is not set
# CONFIG_PACKAGE_luci-i18n-base-pt is not set
# CONFIG_PACKAGE_luci-i18n-base-pt-br is not set
# CONFIG_PACKAGE_luci-i18n-base-ro is not set
# CONFIG_PACKAGE_luci-i18n-base-ru is not set
# CONFIG_PACKAGE_luci-i18n-base-sk is not set
# CONFIG_PACKAGE_luci-i18n-base-sv is not set
# CONFIG_PACKAGE_luci-i18n-base-tr is not set
# CONFIG_PACKAGE_luci-i18n-base-uk is not set
# CONFIG_PACKAGE_luci-i18n-base-vi is not set
# CONFIG_PACKAGE_luci-i18n-base-zh-cn is not set
# CONFIG_PACKAGE_luci-i18n-base-zh-tw is not set
# CONFIG_PACKAGE_luci-i18n-firewall-ca is not set
# CONFIG_PACKAGE_luci-i18n-firewall-cs is not set
# CONFIG_PACKAGE_luci-i18n-firewall-de is not set
# CONFIG_PACKAGE_luci-i18n-firewall-el is not set
# CONFIG_PACKAGE_luci-i18n-firewall-en is not set
# CONFIG_PACKAGE_luci-i18n-firewall-es is not set
# CONFIG_PACKAGE_luci-i18n-firewall-fr is not set
# CONFIG_PACKAGE_luci-i18n-firewall-he is not set
# 

Re: [OpenWrt-Devel] Rebuilding for specific hardware, example ar71xx/image for TP-Link TL-WR841ND

2015-03-23 Thread Jean-Michel Pouré - GOOZE
Le lundi 23 mars 2015 à 16:09 +0100, Bastian Bittorf a écrit :
 echo  .config 'CONFIG_PACKAGE_luci=y'
 make defconfig  # (this solves the dependencies)
 make

Thanks. I probably want to go this way for a better automation.

Kind regards,
Gnutella
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel


Re: [OpenWrt-Devel] Building OpenWRT static kernels

2015-03-23 Thread Jean-Michel Pouré - GOOZE
Le lundi 23 mars 2015 à 16:21 +0100, Jonas Gorski a écrit :
 This is currently not easily possible with OpenWrt, as it contains
 several out-of-tree kernel modules, which aren't part of the kernel
 sources and thus can't be statically linked into the kernel. For
 example all wifi drivers are build this way, to use newer driver
 versions with older / stable kernel versions.

 For those build from the kernel sources, you could probably change all
 CONFIG_FOO to CONFIG_FOO=y in package/kernel/linux/modules/*, which
 will then make those modules built-in. But this won't work for the out
 of tree modules.

OK. So what kind of security offer OpenWRT to prevent an attacker from
loading modules into the kernel?

I will try a static compilation and report.

For information, D-Link routers from the GS-1210 line are compiled with
static modules AND GrSec to offer memory randomization and prevent
dynamic loading of modules. I don't know how many professional products
are compiled with static modules, but my thumbs say most of them.

The big interest behind OpenWRT is that you can compile everything on
your own, which is quite marvelous today.

Kind regards,
Gnutella
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel


Re: [OpenWrt-Devel] Building OpenWRT static kernels

2015-03-23 Thread Jean-Michel Pouré - GOOZE
 you would be horrified to look under the covers of most linux based
 appliances, 
 a lot of them are running a stock redhat/centos install with very
 little 
 customization outside of the userspace app that they run. Gaping
 security holes 
 in such appliances are common.

Yes, I agree with you. 

For example, DLink DGS-1210 products revision A1 are running a very old
2.6 Linux kernel and it could be very easy to penetrate, especially
because no update is done on the firmware. All source code is available,
so it is a matter of days before you understand how to break in. You
probably only need to look at OpenSSL vulnerability list ...

On the converse, we may discuss attack surface : a static kernel can
have a very low attack surface. When it includes GrSec, it can become
very difficult to penetrate. Hopefully  ... DLink appliances are using
GrSec.

With current OpenWRT configuration, the attack would be Luci = Kernel
module. I wonder if specialized companies offer on the shelf
penetration tools for OpenWRT, but it would not be surprising.

IMHO, with current penetration tools, not using GrSec or a static kernel
or both is simply too low.

Kind regards,
Gnutella 
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel


[OpenWrt-Devel] Status of X86_64 OpenWRT architecture

2015-03-20 Thread Jean-Michel Pouré - GOOZE
Dear all,

I am working on a custom kernel for the PC Engines APU:
http://wiki.openwrt.org/toh/pcengines/apu

The board can boot OpenWRT git X86 but not X86_64. I have a feeling that
the X86_64 git is out of sync and that most drivers are disabled by
default. Also no compilation options are available in make menuconfig.

Would you mind if I resync X86_64 to match most X86 options and provide
a patch for compilation options. I would like to be able to compile with
CONFIG_DEFAULT_TARGET_OPTIMIZATION=-Os -pipe -march=btver1
-mtune=btver1

The APU is a very powerful CPU, but it needs to be unleashed with custom
compilation options.

Kind regards,
Gnutella
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel


Re: [OpenWrt-Devel] Status of X86_64 OpenWRT architecture

2015-03-20 Thread Jean-Michel Pouré - GOOZE
Le vendredi 20 mars 2015 à 10:12 +0100, Jo-Philipp Wich a écrit :
 Last time I checked the x86-64 target booted just fne on my Alix APU
 board without any custom modifications.

OK, I will give a new try in a new build root.

Kind regards,
Gnutella
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel


Re: [OpenWrt-Devel] Status of X86_64 OpenWRT architecture

2015-03-20 Thread Jean-Michel Pouré - GOOZE
Unfortunately, OpenWRT x86_64 fails to compile on kmod-ipt-ipset.
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel


Re: [OpenWrt-Devel] D-Link switches with GPL Linux kernel available

2015-03-16 Thread Jean-Michel Pouré - GOOZE
Dear friends,

For those interested, I am keeping track of hacking the DGS-1210-10P 
on the WIKI: https://wiki.openwrt.org/toh/d-link/dgs-1210

Any advice is welcome, especially to locate the serial console at first.

Kind regards,
Gnutella
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel


[OpenWrt-Devel] D-Link switches with GPL Linux kernel available

2015-03-15 Thread Jean-Michel Pouré - GOOZE
Dear all,

First I would like to congratulate the community for working hard on
OpenWRT. For years I have been using pfSense and now that they are
closing sources (aka on copyright issues) and compiling without peer
review, I am turning towards OpenWRT. I am impressed by the quality of
OpenWRT project. I like the ability to compile firmwares ourselves.

After migrating to OpenWRT on routers, I would like to give a try at
switches. [This is a cross post on the forum, sorry]:

D-Link published the GPL source code of its main router line (for
individuals and small companies), which is the DGS-1210 line. It
includes Gigabyte routers from 8 to 48 ports, with SPF connectors and
advanced features.

Those switches can be purchased for a low pricing on eBay. Example : 48
port switch for 70,00 GBP (around 98 EUR). One reason is that D-Linked
never updated the firmware between hardware revision A, B, C and D. So
most old switches only support IPv4 and people are massively reselling
them for IPv6 compliance (and buying new ones to D-Link, is that what
D-Link wants?). This may be an opportunity for OpenWRT and us hackers.

All switches are running Linux.

Source code is available here :
http://tsd.dlink.com.tw/downloads2008detail.asp

Scroll down and display lines with GPL source code.
And the click on a model, and download source code.

Example: DGS-1210-10P revision A1 and A2 source code :
https://dlink-gpl.s3.amazonaws.com/GPL1200117/DGS-1210-10P-GPLSourceCode.tar.gz

A script allows to compile a firmware image.

Do you think this is the complete source code or are some drivers not
published and missing? Could you have a quick look at the source code
and tell your opinion?

On my side I am trying to access the console, but no luck until now.
Some GPIOs are used by LED display and I have a hard time finding serial
PINs.

Kind regards,
Gnutella
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel


Re: [OpenWrt-Devel] D-Link switches with GPL Linux kernel available

2015-03-15 Thread Jean-Michel Pouré - GOOZE
Dear friends,

I downloaded D-Link DGS-1210-10P switch latest GPL source code,
hardware rev C1 (latest revision to date, available in shops):

https://dlink-gpl.s3.amazonaws.com/GPL1500075/DGS-1210-10P-GPLSourceCode.tar.gz

Compilation instructions:
https://dlink-gpl.s3.amazonaws.com/GPL1500075/readme.txt

I could find the .config file in :
DGS-1210-10P-GPL/os/linux-3.6.5_iProLDK_3.3.1/broadcom.config/hurricane2

This seems completely open-source, can you confirm. Here is the .config
file for those interested. Do you think it could be adapted to OpenWRT? 

Kind regards,
Gnutella

***
here is the .config file

#
# Automatically generated file; DO NOT EDIT.
# Linux/arm 3.6.5 Kernel Configuration
#
CONFIG_ARM=y
CONFIG_SYS_SUPPORTS_APM_EMULATION=y
CONFIG_GENERIC_GPIO=y
CONFIG_HAVE_PROC_CPU=y
CONFIG_STACKTRACE_SUPPORT=y
CONFIG_LOCKDEP_SUPPORT=y
CONFIG_TRACE_IRQFLAGS_SUPPORT=y
CONFIG_RWSEM_GENERIC_SPINLOCK=y
CONFIG_GENERIC_HWEIGHT=y
CONFIG_GENERIC_CALIBRATE_DELAY=y
CONFIG_NEED_DMA_MAP_STATE=y
CONFIG_VECTORS_BASE=0x
CONFIG_ARM_PATCH_PHYS_VIRT=y
CONFIG_GENERIC_BUG=y
CONFIG_DEFCONFIG_LIST=/lib/modules/$UNAME_RELEASE/.config
CONFIG_HAVE_IRQ_WORK=y

#
# General setup
#
CONFIG_EXPERIMENTAL=y
CONFIG_INIT_ENV_ARG_LIMIT=32
CONFIG_CROSS_COMPILE=$CROSS_COMPILE
CONFIG_LOCALVERSION='-Broadcom Linux'
CONFIG_LOCALVERSION_AUTO=y
CONFIG_HAVE_KERNEL_GZIP=y
CONFIG_HAVE_KERNEL_LZMA=y
CONFIG_HAVE_KERNEL_XZ=y
CONFIG_HAVE_KERNEL_LZO=y
CONFIG_KERNEL_GZIP=y
# CONFIG_KERNEL_LZMA is not set
# CONFIG_KERNEL_XZ is not set
# CONFIG_KERNEL_LZO is not set
CONFIG_DEFAULT_HOSTNAME=(none)
# CONFIG_SWAP is not set
CONFIG_SYSVIPC=y
CONFIG_SYSVIPC_SYSCTL=y
# CONFIG_POSIX_MQUEUE is not set
# CONFIG_BSD_PROCESS_ACCT is not set
# CONFIG_FHANDLE is not set
# CONFIG_TASKSTATS is not set
# CONFIG_AUDIT is not set
CONFIG_HAVE_GENERIC_HARDIRQS=y

#
# IRQ subsystem
#
CONFIG_GENERIC_HARDIRQS=y
CONFIG_GENERIC_IRQ_PROBE=y
CONFIG_GENERIC_IRQ_SHOW=y
CONFIG_HARDIRQS_SW_RESEND=y
CONFIG_IRQ_DOMAIN=y
CONFIG_KTIME_SCALAR=y
CONFIG_GENERIC_CLOCKEVENTS=y
CONFIG_GENERIC_CLOCKEVENTS_BUILD=y
CONFIG_GENERIC_CLOCKEVENTS_BROADCAST=y

#
# Timers subsystem
#
CONFIG_TICK_ONESHOT=y
CONFIG_NO_HZ=y
# CONFIG_HIGH_RES_TIMERS is not set

#
# RCU Subsystem
#
CONFIG_TREE_RCU=y
# CONFIG_PREEMPT_RCU is not set
CONFIG_RCU_FANOUT=32
CONFIG_RCU_FANOUT_LEAF=16
# CONFIG_RCU_FANOUT_EXACT is not set
# CONFIG_RCU_FAST_NO_HZ is not set
# CONFIG_TREE_RCU_TRACE is not set
CONFIG_IKCONFIG=y
CONFIG_IKCONFIG_PROC=y
CONFIG_LOG_BUF_SHIFT=14
# CONFIG_CHECKPOINT_RESTORE is not set
# CONFIG_NAMESPACES is not set
# CONFIG_SCHED_AUTOGROUP is not set
# CONFIG_SYSFS_DEPRECATED is not set
# CONFIG_RELAY is not set
# CONFIG_BLK_DEV_INITRD is not set
# CONFIG_CC_OPTIMIZE_FOR_SIZE is not set
CONFIG_SYSCTL=y
CONFIG_EXPERT=y
CONFIG_UID16=y
CONFIG_SYSCTL_SYSCALL=y
CONFIG_KALLSYMS=y
# CONFIG_KALLSYMS_ALL is not set
CONFIG_HOTPLUG=y
CONFIG_PRINTK=y
CONFIG_BUG=y
# CONFIG_ELF_CORE is not set
# CONFIG_BASE_FULL is not set
CONFIG_FUTEX=y
# CONFIG_EPOLL is not set
# CONFIG_SIGNALFD is not set
# CONFIG_TIMERFD is not set
# CONFIG_EVENTFD is not set
# CONFIG_SHMEM is not set
# CONFIG_AIO is not set
CONFIG_EMBEDDED=y
CONFIG_HAVE_PERF_EVENTS=y
CONFIG_PERF_USE_VMALLOC=y

#
# Kernel Performance Events And Counters
#
# CONFIG_PERF_EVENTS is not set
CONFIG_VM_EVENT_COUNTERS=y
CONFIG_PCI_QUIRKS=y
# CONFIG_SLUB_DEBUG is not set
# CONFIG_COMPAT_BRK is not set
# CONFIG_SLAB is not set
CONFIG_SLUB=y
# CONFIG_SLOB is not set
# CONFIG_PROFILING is not set
CONFIG_HAVE_OPROFILE=y
# CONFIG_KPROBES is not set
# CONFIG_JUMP_LABEL is not set
CONFIG_HAVE_KPROBES=y
CONFIG_HAVE_KRETPROBES=y
CONFIG_HAVE_ARCH_TRACEHOOK=y
CONFIG_HAVE_DMA_ATTRS=y
CONFIG_HAVE_DMA_CONTIGUOUS=y
CONFIG_USE_GENERIC_SMP_HELPERS=y
CONFIG_GENERIC_SMP_IDLE_THREAD=y
CONFIG_HAVE_REGS_AND_STACK_ACCESS_API=y
CONFIG_HAVE_CLK=y
CONFIG_HAVE_DMA_API_DEBUG=y
CONFIG_HAVE_ARCH_JUMP_LABEL=y
CONFIG_ARCH_WANT_IPC_PARSE_VERSION=y

#
# GCOV-based kernel profiling
#
CONFIG_HAVE_GENERIC_DMA_COHERENT=y
CONFIG_RT_MUTEXES=y
CONFIG_BASE_SMALL=1
CONFIG_MODULES=y
# CONFIG_MODULE_FORCE_LOAD is not set
CONFIG_MODULE_UNLOAD=y
# CONFIG_MODULE_FORCE_UNLOAD is not set
# CONFIG_MODVERSIONS is not set
# CONFIG_MODULE_SRCVERSION_ALL is not set
CONFIG_STOP_MACHINE=y
CONFIG_BLOCK=y
CONFIG_LBDAF=y
CONFIG_BLK_DEV_BSG=y
# CONFIG_BLK_DEV_BSGLIB is not set
# CONFIG_BLK_DEV_INTEGRITY is not set

#
# Partition Types
#
CONFIG_PARTITION_ADVANCED=y
# CONFIG_ACORN_PARTITION is not set
# CONFIG_OSF_PARTITION is not set
# CONFIG_AMIGA_PARTITION is not set
# CONFIG_ATARI_PARTITION is not set
# CONFIG_MAC_PARTITION is not set
CONFIG_MSDOS_PARTITION=y
# CONFIG_BSD_DISKLABEL is not set
# CONFIG_MINIX_SUBPARTITION is not set
# CONFIG_SOLARIS_X86_PARTITION is not set
# CONFIG_UNIXWARE_DISKLABEL is not set
# CONFIG_LDM_PARTITION is not set
# CONFIG_SGI_PARTITION is not set
# CONFIG_ULTRIX_PARTITION is not set
# CONFIG_SUN_PARTITION is not set
# CONFIG_KARMA_PARTITION is not set
# CONFIG_EFI_PARTITION is not 

Re: [OpenWrt-Devel] D-Link switches with GPL Linux kernel available

2015-03-15 Thread Jean-Michel Pouré - GOOZE
Sorry, source code is available here :
http://tsd.dlink.com.tw
Select DGS and 1210 and click OK.
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel