tar xzf buildroot.tar.gz patch -s -E -p0 < buildroot.patch cd buildroot mkdir sources/dl cp -a ../dl/* sources/dl make --- buildroot/Makefile +++ buildroot/Makefile @@ -228,6 +228,8 @@ $(TARGET_DIR): rm -rf $(TARGET_DIR) + chmod 755 $(SOURCE_DIR)/openwrt/root/sbin/setntptime + chmod 755 $(SOURCE_DIR)/openwrt/root/etc/init.d/* cp -a $(SOURCE_DIR)/openwrt/root/ $(TARGET_DIR) -find $(TARGET_DIR) -type d -name CVS -exec rm -rf {} \; > /dev/null 2>&1 --- buildroot/make/openwrt.mk +++ buildroot/make/openwrt.mk @@ -25,7 +25,9 @@ OPENWRT_TARGETS:= $(STAGING_DIR)/bin/sstrip gcc3_3 openwrt-linux openwrt-kmodules.tar.bz2 \ openwrt-shared openwrt-mtd openwrt-nvram openwrt-wlconf \ + openwrt-wl \ bridge dnsmasq1 iptables wtools busybox \ + pppoecd \ openwrt-rootprep .PHONY: $(OPENWRT_TARGETS) openwrt-code.bin @@ -174,6 +176,11 @@ openwrt-wlconf-clean: -$(MAKE) -C $(OPENWRT_WLCONF_BUILD_DIR) clean +$(TARGET_DIR)/usr/bin/wl: $(OPENWRT_SRCBASE)/router/mipsel-uclibc/install/utils/usr/sbin/wl + cp -a $(OPENWRT_SRCBASE)/router/mipsel-uclibc/install/utils/usr/sbin/wl $(TARGET_DIR)/usr/bin/wl + +openwrt-wl: $(TARGET_DIR)/usr/bin/wl + ###################################################################### openwrt-rootprep: --- buildroot/sources/iptables-openwrt-extensions.patch +++ buildroot/sources/iptables-openwrt-extensions.patch @@ -1,15 +1,13 @@ diff -burN iptables-1.2.11/extensions/Makefile iptables-1.2.11-openwrt/extensions/Makefile --- iptables-1.2.11/extensions/Makefile 2004-06-17 12:22:54.000000000 +0200 +++ iptables-1.2.11-openwrt/extensions/Makefile 2004-11-01 09:41:13.910649624 +0100 -@@ -5,12 +5,14 @@ +@@ -5,12 +5,12 @@ # header files are present in the include/linux directory of this iptables # package (HW) # -PF_EXT_SLIB:=ah connlimit connmark conntrack dscp ecn esp helper icmp iprange length limit mac mark multiport owner physdev pkttype realm rpc sctp standard state tcp tcpmss tos ttl udp unclean CLASSIFY CONNMARK DNAT DSCP ECN LOG MARK MASQUERADE MIRROR NETMAP NOTRACK REDIRECT REJECT SAME SNAT TARPIT TCPMSS TOS TRACE TTL ULOG -PF6_EXT_SLIB:=eui64 hl icmpv6 length limit mac mark multiport owner standard tcp udp HL LOG MARK TRACE -+#PF_EXT_SLIB:=ah connlimit connmark conntrack dscp ecn esp helper icmp iprange length limit mac mark multiport owner physdev pkttype realm rpc sctp standard state tcp tcpmss tos ttl udp unclean CLASSIFY CONNMARK DNAT DSCP ECN LOG MARK MASQUERADE MIRROR NETMAP NOTRACK REDIRECT REJECT SAME SNAT TARPIT TCPMSS TOS TRACE TTL ULOG -+PF_EXT_SLIB:=icmp iprange mark standard state tcp udp DNAT LOG MARK MASQUERADE REDIRECT REJECT SNAT TCPMSS -+#PF6_EXT_SLIB:=eui64 hl icmpv6 length limit mac mark multiport owner standard tcp udp HL LOG MARK TRACE ++PF_EXT_SLIB:=icmp iprange limit mark multiport standard state tcp tos udp DNAT LOG MARK MASQUERADE REDIRECT REJECT SNAT TCPMSS TOS +PF6_EXT_SLIB:=eui64 icmpv6 mark standard tcp udp LOG # Optionals @@ -18,3 +17,14 @@ PF_EXT_ALL_SLIB:=$(patsubst extensions/libipt_%.c, %, $(wildcard extensions/libipt_*.c)) PF6_EXT_ALL_SLIB:=$(patsubst extensions/libip6t_%.c, %, $(wildcard extensions/libip6t_*.c)) +--- iptables-1.2.11/Makefile.lr 2004-12-23 23:01:57.195945040 +0100 ++++ iptables-1.2.11/Makefile 2004-12-23 23:02:00.742396675 +0100 +@@ -2,7 +2,7 @@ + # NO_SHARED_LIBS = 1 + + # uncomment this to disable IPv6 support +-# DO_IPV6 = 0 ++DO_IPV6 = 0 + + ###################################################################### + # YOU SHOULD NOT NEED TO TOUCH ANYTHING BELOW THIS LINE --- buildroot/sources/openwrt/busybox/busybox.config +++ buildroot/sources/openwrt/busybox/busybox.config @@ -38,18 +38,18 @@ # Archival Utilities # # CONFIG_AR is not set -CONFIG_BUNZIP2=y +# CONFIG_BUNZIP2 is not set # CONFIG_CPIO is not set # CONFIG_DPKG is not set # CONFIG_DPKG_DEB is not set CONFIG_GUNZIP=y -CONFIG_FEATURE_GUNZIP_UNCOMPRESS=y +# CONFIG_FEATURE_GUNZIP_UNCOMPRESS is not set CONFIG_GZIP=y # CONFIG_RPM2CPIO is not set # CONFIG_RPM is not set CONFIG_TAR=y CONFIG_FEATURE_TAR_CREATE=y -CONFIG_FEATURE_TAR_BZIP2=y +# CONFIG_FEATURE_TAR_BZIP2 is not set # CONFIG_FEATURE_TAR_FROM is not set CONFIG_FEATURE_TAR_GZIP=y # CONFIG_FEATURE_TAR_COMPRESS is not set @@ -79,11 +79,12 @@ CONFIG_CUT=y CONFIG_DATE=y CONFIG_FEATURE_DATE_ISOFMT=y -CONFIG_DD=y +# CONFIG_DD is not set CONFIG_DF=y # CONFIG_DIRNAME is not set # CONFIG_DOS2UNIX is not set -# CONFIG_DU is not set +CONFIG_DU=y +CONFIG_FEATURE_DU_DEFALT_BLOCKSIZE_1K=y CONFIG_ECHO=y CONFIG_FEATURE_FANCY_ECHO=y CONFIG_ENV=y @@ -92,10 +93,10 @@ # CONFIG_FOLD is not set CONFIG_HEAD=y # CONFIG_FEATURE_FANCY_HEAD is not set -CONFIG_HOSTID=y +# CONFIG_HOSTID is not set # CONFIG_ID is not set -CONFIG_INSTALL=y -CONFIG_LENGTH=y +# CONFIG_INSTALL is not set +# CONFIG_LENGTH is not set CONFIG_LN=y # CONFIG_LOGNAME is not set CONFIG_LS=y @@ -108,7 +109,7 @@ CONFIG_FEATURE_LS_COLOR=y CONFIG_MD5SUM=y CONFIG_MKDIR=y -CONFIG_MKFIFO=y +# CONFIG_MKFIFO is not set # CONFIG_MKNOD is not set CONFIG_MV=y # CONFIG_OD is not set @@ -147,7 +148,7 @@ CONFIG_WC=y # CONFIG_WHO is not set # CONFIG_WHOAMI is not set -CONFIG_YES=y +# CONFIG_YES is not set # # Common options for cp and mv @@ -188,9 +189,9 @@ CONFIG_MKTEMP=y # CONFIG_PIPE_PROGRESS is not set # CONFIG_READLINK is not set -CONFIG_RUN_PARTS=y +# CONFIG_RUN_PARTS is not set # CONFIG_START_STOP_DAEMON is not set -CONFIG_WHICH=y +# CONFIG_WHICH is not set # # Editors @@ -242,7 +243,7 @@ # CONFIG_HALT is not set # CONFIG_POWEROFF is not set CONFIG_REBOOT=y -CONFIG_MESG=y +# CONFIG_MESG is not set # # Login/Password Management Utilities @@ -256,7 +257,7 @@ # CONFIG_FEATURE_U_W_TMP is not set # CONFIG_LOGIN is not set # CONFIG_FEATURE_SECURETTY is not set -CONFIG_PASSWD=y +# CONFIG_PASSWD is not set # CONFIG_SU is not set # CONFIG_SULOGIN is not set # CONFIG_VLOCK is not set @@ -270,9 +271,9 @@ # Miscellaneous Utilities # # CONFIG_ADJTIMEX is not set -CONFIG_CROND=y +# CONFIG_CROND is not set # CONFIG_FEATURE_CROND_CALL_SENDMAIL is not set -CONFIG_CRONTAB=y +# CONFIG_CRONTAB is not set # CONFIG_DC is not set # CONFIG_DEVFSD is not set # CONFIG_LAST is not set @@ -303,12 +304,12 @@ # # Networking Utilities # -CONFIG_FEATURE_IPV6=y +# CONFIG_FEATURE_IPV6 is not set CONFIG_ARPING=y # CONFIG_FTPGET is not set # CONFIG_FTPPUT is not set # CONFIG_HOSTNAME is not set -CONFIG_HTTPD=y +# CONFIG_HTTPD is not set # CONFIG_FEATURE_HTTPD_USAGE_FROM_INETD_ONLY is not set CONFIG_FEATURE_HTTPD_BASIC_AUTH=y CONFIG_FEATURE_HTTPD_AUTH_MD5=y @@ -327,14 +328,14 @@ # CONFIG_IFUPDOWN is not set # CONFIG_INETD is not set # CONFIG_IP is not set -CONFIG_IPCALC=y +# CONFIG_IPCALC is not set CONFIG_FEATURE_IPCALC_FANCY=y # CONFIG_IPADDR is not set # CONFIG_IPLINK is not set # CONFIG_IPROUTE is not set # CONFIG_IPTUNNEL is not set # CONFIG_NAMEIF is not set -CONFIG_NC=y +# CONFIG_NC is not set CONFIG_NETSTAT=y CONFIG_NSLOOKUP=y CONFIG_PING=y @@ -352,7 +353,7 @@ CONFIG_WGET=y CONFIG_FEATURE_WGET_STATUSBAR=y CONFIG_FEATURE_WGET_AUTHENTICATION=y -CONFIG_FEATURE_WGET_IP6_LITERAL=y +# CONFIG_FEATURE_WGET_IP6_LITERAL is not set # # udhcp Server/Client @@ -375,7 +376,7 @@ CONFIG_TOP=y FEATURE_CPU_USAGE_PERCENTAGE=y CONFIG_UPTIME=y -CONFIG_SYSCTL=y +# CONFIG_SYSCTL is not set # # Another Bourne-like Shell @@ -409,7 +410,7 @@ # CONFIG_FEATURE_SH_EXTRA_QUIET is not set # CONFIG_FEATURE_SH_STANDALONE_SHELL is not set CONFIG_FEATURE_COMMAND_EDITING=y -CONFIG_FEATURE_COMMAND_HISTORY=15 +CONFIG_FEATURE_COMMAND_HISTORY=30 # CONFIG_FEATURE_COMMAND_SAVEHISTORY is not set CONFIG_FEATURE_COMMAND_TAB_COMPLETION=y # CONFIG_FEATURE_COMMAND_USERNAME_COMPLETION is not set @@ -423,7 +424,7 @@ CONFIG_FEATURE_REMOTE_LOG=y CONFIG_FEATURE_IPC_SYSLOG=y CONFIG_FEATURE_IPC_SYSLOG_BUFFER_SIZE=16 -CONFIG_LOGREAD=y +# CONFIG_LOGREAD is not set # CONFIG_FEATURE_LOGREAD_REDUCED_LOCKING is not set CONFIG_KLOGD=y CONFIG_LOGGER=y @@ -452,7 +452,7 @@ CONFIG_RDATE=y # CONFIG_SWAPONOFF is not set CONFIG_MOUNT=y -CONFIG_NFSMOUNT=y +# CONFIG_NFSMOUNT is not set CONFIG_UMOUNT=y CONFIG_FEATURE_MOUNT_FORCE=y --- buildroot/sources/openwrt/root/etc/group +++ buildroot/sources/openwrt/root/etc/group @@ -0,0 +1,2 @@ +root:x:0:root +nobody:x:99:nobody --- buildroot/sources/openwrt/root/etc/init.d/S10boot +++ buildroot/sources/openwrt/root/etc/init.d/S10boot @@ -1,8 +1,20 @@ #!/bin/sh klogd syslogd -C 16 -sysctl -p echo "S" > /proc/jffs2_bbc +# automatic reboot after a kernel panic +echo 3 > /proc/sys/kernel/panic +# allow network forwarding +echo 1 > /proc/sys/net/ipv4/ip_forward +# be more quiet about bogus packets +echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts +echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses +# shorten the time to reduce kernel memory needs +echo 30 > /proc/sys/net/ipv4/tcp_fin_timeout +# send keepalive packets every 2 minutes +echo 120 > /proc/sys/net/ipv4/tcp_keepalive_time +# this leakes information about current uptime +echo 0 > /proc/sys/net/ipv4/tcp_timestamps mkdir -p /var/run @@ -19,7 +31,6 @@ ifconfig eth0 promisc HOSTNAME=$(nvram get wan_hostname) -HOSTNAME=${HOSTNAME%%.*} echo ${HOSTNAME:=OpenWrt} > /proc/sys/kernel/hostname vconfig set_name_type VLAN_PLUS_VID_NO_PAD --- buildroot/sources/openwrt/root/etc/init.d/S35firewall +++ buildroot/sources/openwrt/root/etc/init.d/S35firewall @@ -0,0 +1,38 @@ +#!/bin/sh + +. /etc/functions.sh + +WAN=$(nvram get wan_ifname) +if [ "${WAN%%[0-9]}" = "ppp" ]; then + WAN=$(nvram get pppoe_ifname) +fi +PROTO=$(nvram get wan_proto) +if test "X$PROTO" = Xpppoe ; then + WAN=ppp0 +fi + +IPT=/usr/sbin/iptables + +# Default policy is ACCEPT. +for c in INPUT OUTPUT FORWARD ; do + $IPT -P $c ACCEPT +done +# Flush/delete all chains and reset counters. +for t in `cat /proc/net/ip_tables_names 2>/dev/null` ; do + $IPT -t $t -F + $IPT -t $t -X + $IPT -t $t -Z +done + +$IPT -t filter -A INPUT -m state --state INVALID -j DROP +$IPT -t filter -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT +$IPT -t filter -A INPUT -p icmp -j ACCEPT +$IPT -t filter -A INPUT -i $WAN -p tcp -j REJECT --reject-with tcp-reset +$IPT -t filter -A INPUT -i $WAN -j REJECT --reject-with icmp-port-unreachable + +$IPT -t filter -A FORWARD -m state --state INVALID -j DROP +$IPT -t filter -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT +$IPT -t filter -A FORWARD -i $WAN -m state --state NEW,INVALID -j DROP +$IPT -t filter -A FORWARD -o $WAN -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu + +$IPT -t nat -A POSTROUTING -o $WAN -j MASQUERADE --- buildroot/sources/openwrt/root/etc/init.d/S40network +++ buildroot/sources/openwrt/root/etc/init.d/S40network @@ -5,7 +5,8 @@ ifup lan ifup wan ifup wifi - wifi up + if=$(awk 'sub(":","") {print $1}' /proc/net/wireless) + $DEBUG wlconf $if up for route in $(nvram get static_route); do { eval "set $(echo $route | sed 's/:/ /g')" --- buildroot/sources/openwrt/root/etc/init.d/S45firewall +++ buildroot/sources/openwrt/root/etc/init.d/S45firewall @@ -1,23 +0,0 @@ -#!/bin/sh -. /etc/functions.sh - -WAN=$(nvram get wan_ifname) - -IPT=/usr/sbin/iptables - -for T in filter nat mangle ; do - $IPT -t $T -F - $IPT -t $T -X -done - -$IPT -t filter -A INPUT -m state --state INVALID -j DROP -$IPT -t filter -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -$IPT -t filter -A INPUT -p icmp -j ACCEPT -$IPT -t filter -A INPUT -i $WAN -p tcp -j REJECT --reject-with tcp-reset -$IPT -t filter -A INPUT -i $WAN -j REJECT --reject-with icmp-port-unreachable -$IPT -t filter -A FORWARD -m state --state INVALID -j DROP -$IPT -t filter -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT -$IPT -t filter -A FORWARD -i $WAN -m state --state NEW,INVALID -j DROP -$IPT -t filter -A FORWARD -o $WAN -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu - -$IPT -t nat -A POSTROUTING -o $WAN -j MASQUERADE --- buildroot/sources/openwrt/root/etc/init.d/S50dnsmasq +++ buildroot/sources/openwrt/root/etc/init.d/S50dnsmasq @@ -1,2 +1,8 @@ #!/bin/sh -/usr/sbin/dnsmasq +dhcp_startip=$(nvram get dhcp_startip) +dhcp_endip=$(nvram get dhcp_endip) +if test -n "$dhcp_startip$dhcp_endip" ; then + /usr/sbin/dnsmasq --dhcp-range=$dhcp_startip,$dhcp_endip,12h +else + /usr/sbin/dnsmasq +fi --- buildroot/sources/openwrt/root/etc/init.d/S50httpd +++ buildroot/sources/openwrt/root/etc/init.d/S50httpd @@ -1,2 +1,2 @@ #!/bin/sh -/usr/sbin/httpd -p 80 -h /www -r WRT54G Router +#/usr/sbin/httpd -p 80 -h /www -r WRT54G Router --- buildroot/sources/openwrt/root/etc/init.d/S50ntp +++ buildroot/sources/openwrt/root/etc/init.d/S50ntp @@ -0,0 +1,2 @@ +#!/bin/sh +/sbin/setntptime --- buildroot/sources/openwrt/root/etc/init.d/S99done +++ buildroot/sources/openwrt/root/etc/init.d/S99done @@ -1,7 +1,7 @@ #!/bin/sh # automagically run firstboot [ -z "$FAILSAFE" ] && { - { mount | grep jffs2 1>&-; } || firstboot + { mount | grep -q jffs2 1>&-; } || firstboot } # set leds to normal state echo "0x00" > /proc/sys/diag --- buildroot/sources/openwrt/root/etc/passwd +++ buildroot/sources/openwrt/root/etc/passwd @@ -0,0 +1,2 @@ +root:x:0:0:root:/:/bin/sh +nobody:x:99:99:nobody:/:/bin/sh --- buildroot/sources/openwrt/root/etc/profile +++ buildroot/sources/openwrt/root/etc/profile @@ -6,4 +6,8 @@ alias less=more alias vim=vi +alias l='ls -la' +alias o='more' +alias ..='cd ..' +alias ...='cd ../..' ldd() { LD_TRACE_LOADED_OBJECTS=1 $*; } --- buildroot/sources/openwrt/root/etc/sysctl.conf +++ buildroot/sources/openwrt/root/etc/sysctl.conf @@ -1,7 +0,0 @@ -kernel.panic = 3 -net.ipv4.ip_forward = 1 -net.ipv4.icmp_echo_ignore_broadcasts = 1 -net.ipv4.icmp_ignore_bogus_error_responses = 1 -net.ipv4.tcp_fin_timeout = 30 -net.ipv4.tcp_keepalive_time = 120 -net.ipv4.tcp_timestamps = 0 --- buildroot/sources/openwrt/root/sbin/setntptime +++ buildroot/sources/openwrt/root/sbin/setntptime @@ -0,0 +1,11 @@ +#!/bin/sh + +if test -x /usr/bin/ntpclient ; then + ntp_enable=$(nvram get ntp_enable) + if test "X$ntp_enable" = "X1" ; then + ntp_server=$(nvram get ntp_server) + if test "X$ntp_server" != X ; then + /usr/bin/ntpclient -c 1 -s -h $ntp_server + fi + fi +fi --- buildroot/sources/openwrt/root/sbin/wifi +++ buildroot/sources/openwrt/root/sbin/wifi @@ -1,5 +0,0 @@ -#!/bin/ash -alias debug=${DEBUG:-:} -debug "### wifi $1 ###" -if=$(awk 'sub(":","") {print $1}' /proc/net/wireless) -$DEBUG wlconf $if $1 --- buildroot/sources/uClibc.config +++ buildroot/sources/uClibc.config @@ -57,13 +57,12 @@ BUILD_UCLIBC_LDSO=y # FORCE_SHAREABLE_TEXT_SEGMENTS is not set LDSO_LDD_SUPPORT=y -LDSO_CACHE_SUPPORT=y +# LDSO_CACHE_SUPPORT is not set # LDSO_PRELOAD_FILE_SUPPORT is not set -LDSO_BASE_FILENAME="ld.so" UCLIBC_CTOR_DTOR=y # HAS_NO_THREADS is not set UCLIBC_HAS_THREADS=y -PTHREADS_DEBUG_SUPPORT=y +# PTHREADS_DEBUG_SUPPORT is not set UCLIBC_HAS_LFS=y # MALLOC is not set # MALLOC_SIMPLE is not set @@ -71,7 +70,7 @@ MALLOC_GLIBC_COMPAT=y UCLIBC_DYNAMIC_ATEXIT=y HAS_SHADOW=y -# UNIX98PTY_ONLY is not set +UNIX98PTY_ONLY=y ASSUME_DEVPTS=y UCLIBC_HAS_TM_EXTENSIONS=y UCLIBC_HAS_TZ_CACHING=y @@ -82,9 +81,8 @@ # # Networking Support # -UCLIBC_HAS_IPV6=y -UCLIBC_HAS_RPC=y -UCLIBC_HAS_FULL_RPC=y +# UCLIBC_HAS_IPV6 is not set +# UCLIBC_HAS_RPC is not set # # String and Stdio Support @@ -96,10 +94,11 @@ # UCLIBC_HAS_CTYPE_UNSAFE is not set UCLIBC_HAS_CTYPE_CHECKED=y # UCLIBC_HAS_CTYPE_ENFORCED is not set -UCLIBC_HAS_WCHAR=y +# UCLIBC_HAS_WCHAR is not set # UCLIBC_HAS_LOCALE is not set UCLIBC_HAS_HEXADECIMAL_FLOATS=y UCLIBC_HAS_GLIBC_CUSTOM_PRINTF=y +# USE_OLD_VFPRINTF is not set UCLIBC_PRINTF_SCANF_POSITIONAL_ARGS=9 UCLIBC_HAS_SCANF_GLIBC_A_FLAG=y # UCLIBC_HAS_STDIO_BUFSIZ_NONE is not set --- buildroot/make/iptables.mk +++ buildroot/make/iptables.mk @@ -37,7 +37,7 @@ CC=$(TARGET_CC) COPT_FLAGS="$(TARGET_CFLAGS)" \ DESTDIR=$(TARGET_DIR) install $(STRIP) $(TARGET_DIR)/usr/sbin/iptables* - $(STRIP) $(TARGET_DIR)/usr/sbin/ip6tables* + -$(STRIP) $(TARGET_DIR)/usr/sbin/ip6tables* $(STRIP) $(TARGET_DIR)/usr/lib/iptables/*.so rm -rf $(TARGET_DIR)/usr/man @@ -50,7 +50,7 @@ install -m 644 $(OPENWRT_IPK_DIR)/ip6tables/ip6tables.control $(IP6TABLES_IPK_DIR)/CONTROL/control install -m 755 $(IPTABLES_BUILD_DIR)/ip6tables $(IP6TABLES_IPK_DIR)/usr/sbin install -m 755 $(IPTABLES_BUILD_DIR)/extensions/libip6t_*.so $(IP6TABLES_IPK_DIR)/usr/lib/iptables/ - $(STRIP) $(IP6TABLES_IPK_DIR)/usr/sbin/ip6tables* + -$(STRIP) $(IP6TABLES_IPK_DIR)/usr/sbin/ip6tables* $(STRIP) $(IP6TABLES_IPK_DIR)/usr/lib/iptables/*.so cd $(BUILD_DIR); $(STAGING_DIR)/bin/ipkg-build -c -o root -g root $(IP6TABLES_IPK_DIR) --- buildroot/sources/openwrt/kernel/linux.config +++ buildroot/sources/openwrt/kernel/linux.config @@ -285,7 +285,7 @@ CONFIG_NET_IPGRE=m # CONFIG_ARPD is not set # CONFIG_INET_ECN is not set -# CONFIG_SYN_COOKIES is not set +CONFIG_SYN_COOKIES=y # # IP: Netfilter Configuration