The network configuration in Kamikaze is stored in /etc/config/network and is divided into interface configurations. Each interface configuration either refers directly to an ethernet/wifi interface (eth0, wl0, ..) or to a bridge containing multiple interfaces. It looks like this:
ifname specifies the Linux interface name. If you want to use bridging on one or more interfaces, set ifname to a list of interfaces and add:
It is possible to use VLAN tagging on an interface simply by adding the VLAN IDs to it, e.g. eth0.1. These can be nested as well.
This sets up a simple static configuration for eth0. proto specifies the protocol used for the interface. The default image usually provides ’none’ ’static’, ’dhcp’ and ’pppoe’. Others can be added by installing additional packages.
When using the ’static’ method like in the example, the options ipaddr and netmask are mandatory, while gateway and dns are optional. You can specify more than one DNS server, separated with spaces.
DHCP currently only accepts ipaddr (IP address to request from the server) and hostname (client hostname identify as) - both are optional.
PPP based protocols (pppoe, pptp, ...) accept these options:
For all protocol types, you can also specify the MTU by using the mtu option.
You can set up static routes for a specific interface that will be brought up after the interface is configured.
Simply add a config section like this:
The name for the route section is optional, the interface, target and gateway options are mandatory. Leaving out the netmask option will turn the route into a host route.
The switch configuration is set by adding a ’switch’ config section. Example:
On Broadcom hardware the section name needs to be eth0, as the switch driver does not detect the switch on any other physical device. Every vlan option needs to have the name vlan<n> where <n> is the VLAN number as used in the switch driver. As value it takes a list of ports with these optional suffixes:
The CPU port defaults to tagged, all other ports to untagged. On Broadcom hardware the CPU port is always 5. The other ports may vary with different hardware.
For instance, if you wish to have 3 vlans, like one 3-port switch, 1 port in a DMZ, and another one as your WAN interface, use the following configuration :
The WiFi settings are configured in the file /etc/config/wireless (currently supported on Broadcom and Atheros). When booting the router for the first time it should detect your card and create a sample configuration file. By default ’option network lan’ is commented. This prevents unsecured sharing of the network over the wireless interface.
Each wireless driver has its own configuration script in /lib/wifi/driver_name.sh which handles driver specific options and configurations. This script is also calling driver specific binaries like wlc for Broadcom, or hostapd and wpa_supplicant for atheros.
The reason for using such architecture, is that it abstracts the driver configuration
Generic Broadcom wireless config:
Generic Atheros wireless config:
Generic multi-radio Atheros wireless config:
A full outline of the wireless configuration file with description of each field:
Limitations: There are certain limitations when combining modes. Only the following mode combinations are supported:
WDS links can only be used in pure AP mode and cannot use WEP (except when sharing the settings with the master interface, which is done automatically).
Adding a new driver configuration Since we currently only support two different wireless drivers : Broadcom and Atheros, you might be interested in adding support for another driver like Ralink RT2x00, Texas Instruments ACX100/111.
The driver specific script should be placed in /lib/wifi/<driver>.sh and has to include several functions providing :
Each driver script should append the driver to a global DRIVERS variable :
scan_<driver> This function will parse the /etc/config/wireless and make sure there are no configuration incompatibilities, like enabling hidden SSIDS with ad-hoc mode for instance. This can be more complex if your driver supports a lof of configuration options. It does not change the state of the interface.
Example:
enable_<driver> This function will bring up the wifi device and optionally create application specific configuration files, e.g. for the WPA authenticator or supplicant.
Example:
disable_<driver> This function will bring down the wifi device and all its virtual interfaces (if supported).
Example:
detect_<driver> This function looks for interfaces that are usable with the driver. Template config sections for new devices should be written to stdout. Must check for already existing config sections belonging to the interfaces before creating new templates.
Example:
The config files are divided into sections and options/values.
Every section has a type, but does not necessarily have a name. Every option has a name and a value and is assigned to the section it was written under.
Syntax:
Every parameter needs to be a single string and is formatted exactly like a parameter for a shell function. The same rules for Quoting and special characters also apply, as it is parsed by the shell.
To be able to load configuration files, you need to include the common functions with:
Then you can use config_load <name> to load config files. The function first checks for <name> as absolute filename and falls back to loading it from /etc/config (which is the most common way of using it).
If you want to use special callbacks for sections and/or options, you need to define the following shell functions before running config_load (after including /etc/functions.sh):
You can also alter option_cb from config_cb based on the section type. This allows you to process every single config section based on its type individually.
config_cb is run every time a new section starts (before options are being processed). You can access the last section through the CONFIG_SECTION variable. Also an extra call to config_cb (without a new section) is generated after config_load is done. That allows you to process sections both before and after all options were processed.
Another way of iterating on config sections is using the config_foreach command.
Syntax:
This command will run the supplied function for every single config section in the currently loaded config. The section name will be passed to the function as argument 1. If the section type is added to the command line, the function will only be called for sections of the given type.
You can access already processed options with the config_get command Syntax:
In busybox ash the three-option config_get is faster, because it does not result in an extra fork, so it is the preferred way.
Additionally you can also modify or add options to sections by using the config_set command.
Syntax:
If a config section is unnamed, an automatically generated name will be assigned internally, e.g. cfg1, cfg2, ...
While it is possible, using unnamed sections through these autogenerated names is strongly discouraged. Use callbacks or config_foreach instead.
Because OpenWrt uses its own init script system, all init scripts must be installed as /etc/init.d/name use /etc/rc.common as a wrapper.
Example: /etc/init.d/httpd
as you can see, the script does not actually parse the command line arguments itself. This is done by the wrapper script /etc/rc.common.
start() and stop() are the basic functions, which almost any init script should provide. start() is called when the user runs /etc/init.d/httpd start or (if the script is enabled and does not override this behavior) at system boot time.
Enabling and disabling init scripts is done by running /etc/init.d/name enable or /etc/init.d/name disable. This creates or removes symbolic links to the init script in /etc/rc.d, which is processed by /etc/init.d/rcS at boot time.
The order in which these scripts are run is defined in the variable START in the init script, which is optional and defaults to 50. Changing it requires running /etc/init.d/name enable again.
You can also override these standard init script functions:
You can also add custom commands by creating the appropriate functions and referencing them in the EXTRA_COMMANDS variable. Helptext is added in EXTRA_HELP.
Example:
To be able to access the network functions, you need to include the necessary shell scripts by running:
Some protocols, such as PPP might change the configured interface names at run time (e.g. eth0 => ppp0 for PPPoE). That’s why you have to run scan_interfaces instead of reading the values from the config directly. After running scan_interfaces, the ’ifname’ option will always contain the effective interface name (which is used for IP traffic) and if the physical device name differs from it, it will be stored in the ’device’ option. That means that running config_get lan ifname after scan_interfaces might not return the same result as running it before.
After running scan_interfaces, the following functions are available:
You can add custom protocol handlers by adding shell scripts to /lib/network. They provide the following two shell functions:
scan_protocolname is optional and only necessary if your protocol uses a custom device, e.g. a tunnel or a PPP device.
One of the biggest challenges to getting started with embedded devices is that you cannot just install a copy of Linux and expect to be able to compile a firmware. Even if you did remember to install a compiler and every development tool offered, you still would not have the basic set of tools needed to produce a firmware image. The embedded device represents an entirely new hardware platform, which is most of the time incompatible with the hardware on your development machine, so in a process called cross compiling you need to produce a new compiler capable of generating code for your embedded platform, and then use it to compile a basic Linux distribution to run on your device.
The process of creating a cross compiler can be tricky, it is not something that is regularly attempted and so there is a certain amount of mystery and black magic associated with it. In many cases when you are dealing with embedded devices you will be provided with a binary copy of a compiler and basic libraries rather than instructions for creating your own – it is a time saving step but at the same time often means you will be using a rather dated set of tools. Likewise, it is also common to be provided with a patched copy of the Linux kernel from the board or chip vendor, but this is also dated and it can be difficult to spot exactly what has been modified to make the kernel run on the embedded platform.
OpenWrt takes a different approach to building a firmware; downloading, patching and compiling everything from scratch, including the cross compiler. To put it in simpler terms, OpenWrt does not contain any executables or even sources, it is an automated system for downloading the sources, patching them to work with the given platform and compiling them correctly for that platform. What this means is that just by changing the template, you can change any step in the process.
As an example, if a new kernel is released, a simple change to one of the Makefiles will download the latest kernel, patch it to run on the embedded platform and produce a new firmware image – there is no work to be done trying to track down an unmodified copy of the existing kernel to see what changes had been made, the patches are already provided and the process ends up almost completely transparent. This does not just apply to the kernel, but to anything included with OpenWrt – It is this one simple understated concept which is what allows OpenWrt to stay on the bleeding edge with the latest compilers, latest kernels and latest applications.
So let’s take a look at OpenWrt and see how this all works.
This article refers to the "Kamikaze" branch of OpenWrt, which can be downloaded via subversion using the following command:
Additionally, there is a trac interface on https://dev.openwrt.org/ which can be used to monitor svn commits and browse the source repository.
There are four key directories in the base:
tools and toolchain refer to common tools which will be used to build the firmware image, the compiler, and the C library. The result of this is three new directories, tool_build, which is a temporary directory for building the target independent tools, toolchain_build_<arch> which is used for building the toolchain for a specific architecture, and staging_dir_<arch> where the resulting toolchain is installed. You will not need to do anything with the toolchain directory unless you intend to add a new version of one of the components above.
package is for exactly that – packages. In an OpenWrt firmware, almost everything is an .ipk, a software package which can be added to the firmware to provide new features or removed to save space. Note that packages are also maintained outside of the main trunk and can be obtained from subversion at the following location:
Those packages can be used to extend the functionality of the build system and need to be symlinked into the main trunk. Once you do that, the packages will show up in the menu for configuration. From kamikaze you would do something like this:
To include all packages, issue the following command:
target refers to the embedded platform, this contains items which are specific to a specific embedded platform. Of particular interest here is the "target/linux" directory which is broken down by platform <arch> and contains the patches to the kernel, profile config, for a particular platform. There’s also the "target/image" directory which describes how to package a firmware for a specific platform.
Both the target and package steps will use the directory "build_<arch> " as a temporary directory for compiling. Additionally, anything downloaded by the toolchain, target or package steps will be placed in the "dl" directory.
While the OpenWrt build environment was intended mostly for developers, it also has to be simple enough that an inexperienced end user can easily build his or her own customized firmware.
Running the command "make menuconfig" will bring up OpenWrt’s configuration menu screen, through this menu you can select which platform you’re targeting, which versions of the toolchain you want to use to build and what packages you want to install into the firmware image. Note that it will also check to make sure you have the basic dependencies for it to run correctly. If that fails, you will need to install some more tools in your local environment before you can begin.
Similar to the linux kernel config, almost every option has three choices, y/m/n which are represented as follows:
After you’ve finished with the menu configuration, exit and when prompted, save your configuration changes.
If you want, you can also modify the kernel config for the selected target system. simply run "make kernel_menuconfig" and the build system will unpack the kernel sources (if necessary), run menuconfig inside of the kernel tree, and then copy the kernel config to target/linux/<platform>/config so that it is preserved over "make clean" calls.
To begin compiling the firmware, type "make". By default OpenWrt will only display a high level overview of the compile process and not each individual command.
This makes it easier to monitor which step it’s actually compiling and reduces the amount of noise caused by the compile output. To see the full output, run the command "make V=99".
During the build process, buildroot will download all sources to the "dl" directory and will start patching and compiling them in the "build_<arch> " directory. When finished, the resulting firmware will be in the "bin" directory and packages will be in the "bin/packages" directory.
One of the things that we’ve attempted to do with OpenWrt’s template system is make it incredibly easy to port software to OpenWrt. If you look at a typical package directory in OpenWrt you’ll find two things:
The patches directory is optional and typically contains bug fixes or optimizations to reduce the size of the executable. The package makefile is the important item, provides the steps actually needed to download and compile the package.
The files directory is also optional and typicall contains package specific startup scripts or default configuration files that can be used out of the box with OpenWrt.
Looking at one of the package makefiles, you’d hardly recognize it as a makefile. Through what can only be described as blatant disregard and abuse of the traditional make format, the makefile has been transformed into an object oriented template which simplifies the entire ordeal.
Here for example, is package/bridge/Makefile:
As you can see, there’s not much work to be done; everything is hidden in other makefiles and abstracted to the point where you only need to specify a few variables.
The PKG_* variables define where to download the package from; @SF is a special keyword for downloading packages from sourceforge. There is also another keyword of @GNU for grabbing GNU source releases. If any of the above mentionned download source fails, the OpenWrt mirrors will be used as source.
The md5sum (if present) is used to verify the package was downloaded correctly and PKG_BUILD_DIR defines where to find the package after the sources are uncompressed into $(BUILD_DIR).
At the bottom of the file is where the real magic happens, "BuildPackage" is a macro set up by the earlier include statements. BuildPackage only takes one argument directly – the name of the package to be built, in this case "bridge". All other information is taken from the define blocks. This is a way of providing a level of verbosity, it’s inherently clear what the contents of the description template in Package/bridge is, which wouldn’t be the case if we passed this information directly as the Nth argument to BuildPackage.
BuildPackage uses the following defines:
Package/<name>:
<name> matches the argument passed to buildroot, this describes the package the
menuconfig and ipkg entries. Within Package/<name> you can define the following
variables: