openwrt and perl

OpenWRT and Perl

(Because, why not smoke CPAN on your home’s router?)

Dean Hamsteaddean@bytefoundry.com.au

This ‘LCARS’ like slide theme was just a choice on Google docs.

It’s not a statement on Star Trek vs Star Wars.

If pressed, my thoughts on Star Trek vs Star Wars are as follows...

Dislcaimer

An introduction to OpenWRT

Installing Perl

Smoking CPAN

You all go home and brick your routers

Overview

Linux distroAimed at IP routers and Access Points

Originated from Linksys’s infamous WRT54G

Started 2004Kernel is kept parallel to mainline

Lot’s goes upstream, wifi related especially, but no sense in mainlining code for quirks in just one modem model

Release names are alcoholic beverages

OpenWRT in a nutshell

Userland is ash, uClibc and BusyBox with lots of Lua scripts

opkg package suite

Unified Config. Interface (UCI)Configures everything in one place - /etc/configUse vim, and/or CLI and GUI toolsEasy to backup/migrate all your config!

OpenWRT in a nutshell (cont.)

Similar Projects/ProductsDD-WRTSome devices require a licensehttp://www.dd-wrt.com

Tomato FirmwareBased on HyperWRThttp://advancedtomato.com

LibreCMCOpenWRT minus binary blobshttp://librecmc.org

Quick Start

Buy a compatible router

Find & download the correct image file

Then install it...

Flash the firmware via “upgrade”

Log in for the first timeThe router/AP hands out IP’s via DHCP by default

Watch out for that!

Telnet (yes, telnet) to 192.168.1.1 to log in as root

Set root’s password with ‘passwd’ and telnet will be automatically and forever disabled

Log back in as root via ssh

Now you can do stuff!

See also http://wiki.openwrt.org/toh/start

That’s it!

Ok, let’s dive in deeper...

SoC - System on a Chip. The CPU + whatever is on the same die

PCB - Printed Circuit Board

TTL - Transistor-Transistor Logic. Serial done differently is all you need to know

Pin Headers (header) - Pins you can attach too on the PCB. Sometimes you have to solder them on.

JTAG - Colloquialism for the TTL headers on the modems PCB

Important Terms

From: http://www.dd-wrt.com/phpBB2/viewtopic.php?p=431294

Router Structure 101

Like Router, but without the Switch bit

Access Point Structure 101

From: https://wiki.openwrt.org/doc/techref/internal.layout

Router Structure 202

On embedded devices a “bootloader” initializes the hardware then loads the kernel. Bootloader->Kernel

Contrast to the PC with BIOS->Grub->KernelDas U-Boot (GPL) is the most common IMOIt has lots of nice features, especially for recoveryVendors tend to mess with the bootloader

Arbitrary kernel size limitsMagic values need to be present in the kernelRequire some exotic firmware formatDon’t support ELF

See also http://wiki.openwrt.org/doc/techref/bootloader

The Bootloader

Most modems and routers are the MIPS architecture, as opposed to x86 or AMD64

“Microprocessor without Interlocked Pipeline Stages”Good performance/cost/power ratiosRISC, simple instructions, frequently studied in

Universities (I had to write a mips VM)Manufacturers make various changes for whatever

reason, which results in lots of “sub” architecturesOpenWRT also supports ARM, PowerPC and x86’s

See https://dev.openwrt.org/wiki/platforms

Let’s learn about Architectures

Let’s learn about flashRouters have flash rather than HDD, which serves the same purposeWhen flash directly attached to the SoC, OpenWRT calls it “raw flash”When there is a chip between the SoC and the flash (like an SSD or

USB), OpenWRT calls this a “Flash Translation Layer”Older routers usually have NOR flashNewer routers have NAND flashNAND can tolerate errors, though Linux still can’tLinux and hence OpenWRT, utilize raw flash via the “Memory Technology

Device” layer and a special purpose FSMore flash is always good, you can install more stuff!

You will likely want to use one of OpenWRT two main flash formats, SquashFS or JFFS2

See also http://wiki.openwrt.org/doc/techref/flash.layoutSee also http://wiki.openwrt.org/doc/techref/filesystems

SquashFS is a read-only LZMA compressed file system.

In this image type, OpenWRT stores the system in SquashFS partition, then uses a JFFS2 partition to

overlay changes

JFFS2 is r/w and also LZMA compressed, but SquashFS is 20-30% smaller.

Includes wear leveling and Journalling. This OpenWRT image type just has one partition

SquashFS vs JFFS2

+less space+failsafe recovery- read only- uses more space

over time

SquashFS JFFS2

+r/w, journaling and wear leveling

+compression saves space

- … but actual space usage difficult to estimate before writing files

- no failsafe recovery

SquashFS is a good choice for beginners as you can “factory reset”.

So let’s just plan to download a SquashFS image once you’ve picked out a router as your first victim.

Which we will do now...

So… SquashFS or JFFS2?

Firstly:Throw away all your preconceptions about “good” and “bad” router brands.They are all just a SoC + RAM + Flash on a PCB mounted inside a plastic case.Who cares how woeful the vendor firmware is, it won’t be on there for long!Don’t spend extra $ on the same SoC

Picking a Router / AP device

A compatible Router or APLinksys WRT54G is too old now. Avoid it.

Netgear & TP-Link are readily available in Australia.

Check compatibility BEFORE you buy! There’s no consistency with compatibility at all. Even between model revisions! Netgear WNR3500Lv1 is a good choice. Alas

you’ll need to order online or via eBay.

If listed as supported on OpenWRT wiki, it’s supported

If listed as absolutely no chance (i.e. due to SoC or low flash), it’s not supported

Anything in between it may be supported via nightlies

Search their forums, their change log and commit history

Don’t be offput by nightliesCheck BEFORE you buy

A compatible Router or AP (cont.)

OpenWRT ships nightly builds and “stable” releasesNightlies will support the latest and greatestMajor stable releases seem to be roughly annual, with

minor updates in betweenStable release version numbers are the year and month

of issue. (An additional third number indicates a service or interim release from that branch)

LUCI web interface isn’t included in nightlies (not a huge loss)

I’ve had as much success with nightly builds as with stable, so no need to be sheepish

Naturally, YMMV

Nightlies, what?

Netgear WNR3500L v1

Ubiquiti UniFi AP’s

TP-Link TL-WR703N, TL-WDR3500/3600

See also:wiki.openwrt.org/toh/buyerguide

Suggested Devices

Yes, OpenWRT runs on Raspberry Pi!

A, B, B+, B2 all supported

WiFi + 2nd NIC via USB

(Miserable performance IMO)

See also http://wiki.openwrt.org/toh/raspberry_pi

What about Raspberry Pi?

Older modems might not be able to sustain ‘modern’ (NBN, Cable, FTTN) speeds LAN to WAN, irrespective of the port connection speed

The original Linksys WRT54G could only manage 30mbps LAN2WAN

I also recommend making any serious use of the built in switch, they usually suck.

Note!

99.9% OpenWRT has no ADSL support

Traverse Technologies has a Geode (x86!) based dual ADSL modem with fully FOSS ADSL. A little pricy but only just outside impulse buy IMO.

www.traverse.com.au

ADSL?

Netgear released a GPL driver in their code drop for their VEVG2500 device. It uses the Lantiq VR9 SoC and was only released in France?

Good news! the TP-W8970 & TP-W8980 use the same SoC

Supports both VDSL and ADSL2+ !

ADSL? (cont.)

You’re mostly out of luck, cable modems tend to run eCos and have fun getting source

Get a cable modem with bridge mode, connect to it an IP router with OpenWRT

Optus (and Telstra?) currently only ship NATing modems, so you’ll have to head to eBay.

Far be it for me to EVER recommend Cisco Products. But for Optus I do recommend the Cisco DPQ3212 if you can find it. It’s DOCSIS 3.0 for 100mbps+.

Cable? (DOCSIS)

Buy a set of Torx Screwdrivers from Jaycar or online

Alas you can’t really just buy 1

You’ll need these to open up your modem when...

Torx Screwdrivers

...you inevitable brick your modem. Not a big deal

Modems usually have a 3.3v TTL console header inside

Purchase a USB Serial to TTL off of eBay for a few dollars

Buy the cheapest you can findLinux supports w/ in kernel driver,

Windows not so muchI recommend moulded with floating

pin sockets as pictured

Also available are pure PCB, or actual RS232 to TTL converters

USB Serial to TTL

More on installation...

Use web interface for “upgrade”

The Ubiquiti UniFi AP’s can be upgraded via scp+ssh, as can many other devices

Some devices require a special intermediate image which is either signed or somehow breaks out of vendor lock in

Refer to the OpenWRT Wiki page for your modem!

… or via CLI

Other modems you will need to attach your TTL cable and get into the bootloader

Yet other modems will allow you to hold the reset button and put them into a “brain load” mode

From either of the above, you can then feed in an OpenWRT image via tftp. Good times.

...or via serial and/or tftp

Bricking isn’t a big deal (I 99% promise)If you brick your router due to config, with

SquashFS you can just “factory reset” back to vanilla OpenWRT

Reminder: back up /etc/configIf you brick during upgrade:

“Failsafe” reload is a common function of U-Boot devices. Hold down reset, power on, then tftp upload firmware

Otherwise you will need to use your TTL cable...

Rescuing your bricked router

Sometimes needed to loadOften needed to de-brickCarelessness can release the magic black smoke inside

the chips. No magic = no modem. be careful

Unlike in movies, the colors of the TTL wires are basically random

If you have 4 wires, attach to USB and use a volt-meter to determine which one is +5V

Mark it clearlyPlugging it to your device will almost certainly release the

genie. So don’t plug it to your device.

Connecting your TTL Cable

If you’re lucky the pins are labeled or documented on online (i.e. OpenWRT wiki)

Some online reference may tell you the BAUD rate. Set that in your terminal software. Else start with 19200 or 38400

I like cu and gtkterm. minicom not so much. putty has great serial support too

Turn on your modem, and try the different wires on each pin until you get something meaningful on your screen

Mark that pin as “out” on the pcb and “rx” on the wire

Repeat for “in” / “tx” - mash keys and look for screen changes

The remaining wire & pin is ground. Mark that too

I suggest you take a photo for good measure ---->

Optionally, make it a permanent fixture by drilling a small hole in the case and feeding the cable through, then tying a small knot in the cable on the inside to secure it. Maybe use a glue gun too

Connecting your TTL Cable (cont.)

Doing stuff via TTL

When you boot the device, you will see it POST and boot. If it’s bricked you will see some of that

For Atheros, BIOS is usually ‘Das U-Boot’You can set an IP (or DHCP) then pull a tftp

file to boot. Something like:

setenv ipaddr 192.168.0.1setenv serverip 192.168.0.10setenv bootargs 'board=WNDR3700'tftpboot 80800000 openwrt-fixed.outbootm

Now What? On to Perl

Micro Perl Smoker, B.O.M.

TP-Link TL-WR703N (not the 702!!)A USB thumb driveA Linux machineToo much spare time

Just get it from eBay

Generally it will come from Asia with a transformer unsuited to our Australian wall sockets… but it’s just micro-USB (like on most Android phones)

Acquire TL703N

Get the “Chaos Calmer” stable release from: http://downloads.openwrt.org/chaos_calmer/15.05/ar71xx/generic/

You’ll want the 703n...factory.bin fileRevisions prior to 1.7, just use the GUI to

flash1.7 is a pain

Flash TL703N

Copy and paste non-english menus to Google translate. Or guess from the URL.

Flash TL703N (cont.)

For version 1.7, follow the steps on https://wiki.openwrt.org/toh/tp-link/tl-wr703n

Basically, you will split the openwrt image into two pieces using ‘dd’. Set up a tftp server. Then exploit a bug in the web interface to download and overwrite the vendor firmware… using curl.

It’s actually not too bad!

Flash TL703N (cont.)

Plug your Linux PC via Ethernet to the TL703N

Get an IP via DHCPTelnet to 192.168.1.1Use ‘passwd’ to set a password (telnet is

now disabled and ssh enabled)Logout, then ssh root@192.168.1.1Optionally, configure WiFi as a clientSee also https://wiki.openwrt.org/doc/howto/firstlogin

Follow first install steps

Insert drive to your linux PCfdisk /dev/sdXset to type 83mkfs.ext4 /dev/sdX1remove thumbdrive

Format your thumb drive

The TL703N doesn’t have enough space, so we pack a custom image without PPP and plus usb+ext4

Pack not compile - OpenWRT provides nice tools for this purpose

Image Generate (was Image Builder)Learn more

https://wiki.openwrt.org/doc/howto/obtain.firmware.generate

Pack a custom OpenWRT image

cd ~; mkdir openwrt; cd openwrtwget https://downloads.openwrt.org/chaos_calmer/15.05/ar71xx/generic/OpenWrt-ImageBuilder-15.05-ar71xx-generic.Linux-x86_64.tar.bz2tar -xvjf OpenWrt-ImageBuilder-15.05-ar71xx-generic.Linux-x86_64.tar.bz2make image PROFILE=TLWR703 PACKAGES="blkid block-mount kmod-fs-ext4 kmod-usb2 kmod-usb-uhci kmod-usb-ohci kmod-usb-storage -ppp -kmod-ppp -ppp-mod-pppoe -kmod-pppoe -kmod-pppox"cd bin/71xxscp *sysupgrade.bin root@192.168.1.1:/tmp/ssh root@192.168.1.1cd /tmpsysupgrade *bin

… thats it!

Packing Steps

There still isn’t enough space. So we set the root to the external drive (ExtRoot). First plug in the USB drive, then:ssh root@192.168.1.1mount /dev/sda1 /mnt ; tar -C /overlay -cvf - . | tar -C /mnt -xf - ; umount /mntecho -e "config 'global'\n\toption anon_swap '0'\n\toption anon_mount '1'\n\toption auto_swap '1'\n\toption auto_mount '1'\n\toption delay_root '5'\n\toption check_fs '0'\n\nconfig 'mount'\n\toption target '/'\n\toption enabled '1'\n\toption device '/dev/sda1'\n" > /etc/config/fstab# read more at https://wiki.openwrt.org/doc/uci/fstab

reboot# if something seems fishy, it’s safe to start up the TL703N without the usb, and it will fallback to the onboard flash

Make system ExtRoot

root@MiniOpenWrt:~# df -hFilesystem Size Used Available Use% Mounted onrootfs 3.6G 7.7M 3.4G 0% //dev/root 2.3M 2.3M 0 100% /romtmpfs 14.0M 68.0K 14.0M 0% /tmp/dev/sda1 3.6G 7.7M 3.4G 0% /overlayoverlayfs:/overlay 3.6G 7.7M 3.4G 0% /tmpfs 512.0K 0 512.0K 0% /dev/dev/mtdblock3 640.0K 244.0K 396.0K 38% /mnt/mtdblock3

Hooray we have more space!

Trivia:OpenWRT breaks core perl up into very small pieces… infact, ridiculously so.

However, this means you can be very frugal with the tiny space you have available.

# Note the double >>echo -e "src/gz chaos_calmer_base http://downloads.openwrt.org/chaos_calmer/15.05/ar71xx/generic/packages/base\nsrc/gz chaos_calmer_packages http://downloads.openwrt.org/chaos_calmer/15.05/ar71xx/generic/packages/packages\nsrc/gz chaos_calmer_routing http://downloads.openwrt.org/chaos_calmer/15.05/ar71xx/generic/packages/routing\nsrc/gz chaos_calmer_management http://downloads.openwrt.org/chaos_calmer/15.05/ar71xx/generic/packages/management\n" >> /etc/opkg.conf

opkg updateopkg install perl perlbase-cpan perlbase-unicore perlbase-dynaloader perlbase-term perlbase-perlio perlbase-if perlbase-universal perlbase-getopt# optionally...opkg install screen wget

# things are looking good!

Install a Perl

perl -MCPAN -e shell> install CPAN::Reporter

##### OH GNOES KILLED!!!!! #####

dmesg | tail -5# [160707.320000] Out of memory: Kill process 3501 (perl) score 529 or sacrifice child# [160707.330000] Killed process 3501 (perl) total-vm:19836kB, anon-rss:15568kB, file-rss:80kB

Not surprising really...> egrep 'Swap|^Mem' /proc/meminfoMemTotal: 28740 kBMemFree: 13472 kBMemAvailable: 15580 kBSwapCached: 0 kBSwapTotal: 0 kBSwapFree: 0 kB

Install a CPAN Smoker...

# its like windows all over againdd if=/dev/zero of=/swapfile bs=1M count=1024# because hax00rschmod 600 /swapfilemkswap /swapfile# that url again https://wiki.openwrt.org/doc/uci/fstabecho -e “\nconfig ‘swap’\noption device ‘/swapfile’\n”swapon /swapfile

# win! - note: swap on a USB thumb drive will thrash it> grep Swap /proc/meminfoSwapCached: 0 kBSwapTotal: 524284 kBSwapFree: 524284 kB

Quick, add a swap file

perl -MCPAN -e shell> install CPAN::Reporter

# wait a long long time

##### OH GNOES KILLED!!!!! #####

dmesg | tail -5# [160707.320000] Out of memory: Kill process 3501 (perl) score 529 or sacrifice child# [160707.330000] Killed process 3501 (perl) total-vm:19836kB, anon-rss:15568kB, file-rss:80kB

And now the dramatic, unexpected twist!

Try CPAN again

I haven’t solved why OOM keeps killing it!

I suspect:/tmp (tmpfs) is chewing up “RAM”Whilst perl is also chewing up “RAM”

I will need a bigger USB stick or several USB

sticks on a USB hub to experiment further.

Questions?

http://www.linux-magazine.com/Online/Features/The-One-Watt-Server

http://www.openwrt.org

Others?

Useful links