1 OpenWrt
1.1 Basic Concept
UCI to store and manipulate all its configuration
LuCI - a web interface for UCI
1.2 System Basic
1.2.1 Init Ademon
At the end of the boot up process, the init daemon is started,Following the boot up scripts located in /etc/rc.d, init will then start all sorts of programs.
EX:/etc/rc.d/S15qca-wpa-supplicant init daemon will start wpas
1.2.2 Setting Environment Variables
OpenWrt setting environment variables in the file: /etc/profile
EX: export PATH=/usr/sbin:/usr/bin:/sbin:/bin
1.2.3 OpenWrt Command
-1.logread Shows the messages from syslogd openwrt system
-2.cat /proc/version Shows build time
-3.cat /proc/meminfo Shows MemoryInfo
-4.cat /proc/cpuinfo shows cpu info
-5.cat /proc/net/nf_conntrack Linux connect track mechanism
1.2.4 DDNS(Dynamic Domain Name Service)
DDNS simply means to map an IP address to a domain name.In this way, we can access as long as we enter our domain name externally, even if the IP is changed.
/etc/config/ddns holds the configuration for ddns-scripts package.
1.2.5 DNS and DHCP configuration /etc/config/dhcp
OpenWrt uses dnsmasq and odhcpd to serve DNS/DHCP and DHCPv6 by default.
| Roles | Ports | Packages | Configuration |
|---|---|---|---|
| DNS | 53/UDP, 53/TCP | dnsmasq | /etc/config/dhcp |
| DHCP | 67/UDP, 68/UDP | dnsmasq | /etc/config/dhcp |
| DHCPv6 | 547/UDP | odhcpd-ipv6only | /etc/config/dhcp |
1.2.6 Dropbear configuration
The SSH configuration is handled by the Dropbear subsystem of uci and the configuration file is located in /etc/config/dropbear.
1.2.7 Hotplug
Procd (the init system and process management daemon) executes scripts located in /etc/hotplug.d/ when certain events happen.
For example when an interface goes up or down, when a new storage drive is detected, or when a button is pressed.
In the /etc/hotplug.d directory you will find some directories block, iface, net and ntp.When the trigger event fires, Procd will execute all scripts in that trigger's directory, in alphabetical order.
| /etc/hotplug.d sub-directory | Description |
|---|---|
| block | Block device events: device connected/disconnected |
| dhcp | DHCP-related events |
| firewall | Firewall-related events |
| iface | Interface events: LAN/WAN/etc. |
| neigh | Neighbor discovery |
| net | Network-related events |
| usb | USB devices like 3g-modem and tty* |
1.2.8 LED configuration /etc/config/system
The LED configuration is located in system uci subsystem, and written in the /etc/config/system file.
1.2.8 OpenWrt Log System
OpenWrt logging is implemented using logd
The log can be read using logread
logread # List syslog
logger -t TAG MESSAGE # Write a message with a tag to syslog
logread -e TAG # List syslog filtered by tag
logd is configured in /etc/config/system
/etc/init.d/log restart
/etc/init.d/system restart
1.2.9 OpenWrt Managing services
Start, stop, restart, enable and disable system services
Common actions supported by most services: start/stop/enable etc.
Note:Qualcomm Platform does not supply the "service" command
| Command | invocation | Description |
|---|---|---|
| service | ls /etc/init.d | list available services |
| service servicename | /etc/init.d/servicename | list available actions for a service |
| service servicename action | /etc/init.d/service action | Execute action service |
1.2.10 Network basics /etc/config/network
The default OpenWrt network stack of a typical home router looks like this:
OpenWrt network stack
A minimal network configuration for a router usually consists of at least two interfaces (lan and wan) and their associated devices (br-lan and eth0), as well as a switch section if applicable.
Network configuration stored in the file /etc/config/network, After any network configuration change (through uci or otherwise) you need to reload the network configuration by "service network reload" or "/etc/init.d/network reload"
To see a list of interfaces write the following:
ubus list network.interface.*
To view all info about a particular interface such as
ifstatus lan
1.2.11 Scheduling tasks with cron
Set up cron jobs using command-line interface.
# Edit configuration
crontab -e
# Show configuration
crontab -l
# Apply changes
/etc/init.d/cron restart
This will edit the configuraion /etc/crontabs/root file
1.2.12 System configuration /etc/config/system
The system section contains settings that apply to the most basic operation of the system, such as the hostname, the time zone, and how and where to write logging information to
1.2.13 UCI basic system
UCI Setting a value (Change the listening port of the uHTTPd Web Server from 80 to 8080)
uci set uhttpd.main.listen_http='8080'
uci commit uhttpd
/etc/init.d/uhttpd restart
Show a subsystem's current configuration
uci show SUBSYSTEM_NAME
Display just the value of an option
uci get httpd.@httpd[0].port
uci get wireless.@wifi-iface[0].ssid
Append an entry to a list
uci add_list system.ntp.server='0.de.pool.ntp.org'
Adding a new section to subsystem configuration
uci add SUBSYSTEM_NAME SECTION_NAME
uci add firewall rule
Saving modified values of a single subsystem
uci commit SUBSYSTEM_NAME
reload_config
1.3 Network configuration
1.3.1 DHCP Troubleshooting DHCP问题排除
# Capture DHCP traffic
tcpdump -evni any udp port 67 &
# Capture DHCPv6 traffic
tcpdump -evni any udp port 547 &
1.3.2 MAP IPv4-over-IPv6 encapsulation
MAP (Mapping of Address and Port) is an encapsulation used for providing IPv4 connectivity over IPv6 networks. It is a transition technology towards full IPv6.
1.3.3 MultipathTCP and OpenWrt
MultipathTCP support in OpenWrt.
Multipath TCP (MPTCP) is an effort towards enabling the simultaneous use of several IP-addresses/interfaces by a modification of TCP that presents a regular TCP interface to applications, while in fact spreading data across several subflows. Benefits of this include better resource utilization, better throughput and smoother reaction to failures.
1.3.4 OpenWrt as client device(Wireless STA)
Configure the LAN interface statically with the new IP address 192.168.1.2, netmask 255.255.255.0, gateway 192.168.1.1, and DNS 192.168.1.1.
uci set network.lan.proto="static"
uci set network.lan.ipaddr="192.168.1.2"
uci set network.lan.netmask="255.255.255.0"
uci set network.lan.gateway="192.168.1.1"
uci set network.lan.dns="192.168.1.1"
uci commit network
/etc/init.d/network restart
Configure the LAN interface dynamically with DHCP.
uci set network.lan.proto="dhcp"
uci commit network
/etc/init.d/network restart
1.3.5 OpenWrt as router device
OpenWrt as router device will be mostly in its default factory configuration
firewall on
DHCP is on
1.3.6 Routed Client
In the default configuration, OpenWrt bridges the wireless network to the LAN of the device.
Most wireless drivers do not support bridging in client mode, therefore the traffic between LAN and the wireless client must be routed.
Using MASQUERADE
1.3.7 OpenWrt roles
Network devices can operate in 3 different modes:
Client : If you want to connect your device to an existing network to provide additional functions.
Router : If you want to run OpenWrt in its default router configuration, where the device routes traffic between several devices connected to the LAN ports and another network on the WAN port.
Gateway : Your device also behaves as router. But in contrast to the 'as router device' mode, in this mode your device either uses an integrated modem to connect to the Internet or has an external modem attached on its port.
1.3.8 DSA -- Distributed Switch Architecture
DSA stands for Distributed Switch Architecture and is the Linux kernel subsystem for network switches.
1.3.9 IPV6 TroubleShooting
Use ping6 and traceroute6 to verify you can reach IPv6 services
ping6 openwrt.org
traceroute6 openwrt.org
Collect and analyze the following information.
# Restart services
/etc/init.d/log restart; ifup wan6; sleep 10
# Log and status
logread; ifstatus wan6
# Runtime configuration
ip address show; ip route show table all
ip rule show; iptables-save -c
ip -6 rule show; ip6tables-save -c
# Persistent configuration
uci show network; uci show dhcp; uci show firewall
1.3.10 Routing basics
Routing is the process of selecting a path to send network traffic
Routing Troubleshooting
# Restart services
/etc/init.d/log restart; /etc/init.d/network restart; sleep 10
# Log and status
logread; ifstatus wan; ifstatus wan6
# Runtime configuration
ip address show; ip route show table all
ip rule show; iptables-save -c
ip -6 rule show; ip6tables-save -c
# Persistent configuration
uci show network; uci show dhcp; uci show firewall
1.3.11 PBR (Policy-Based Routing)
PBR is a technique used to make routing decisions based on policies set by the network administrator.
1.3.12 Routing rules
Netifd supports IP rule declarations which are required to implement policy routing.
1.3.13 Static routes
Netifd supports static IP route
/etc/config/network using "config route" section
1.4 Traffic shaping
QoS (Network Traffic Control)
QoS configuration /etc/config/qos
SQM (Smart Queue Management)
SQM configuration /etc/config/sqm
Linux Packet Scheduling
1.5 Wi-Fi configuration
1.5.1 Configure AP+STA
AP+STA mode allows OpenWrt to connect to a wireless hotspot (AP) and provide wireless access from that hotspot to anything connected to the OpenWrt AP and Ethernet ports, the br-lan device.
1.5.2 Configure Wi-Fi encryption
Configure WPA (PSK) encryption using UCI
uci set wireless.@wifi-iface[0].encryption=psk
uci set wireless.@wifi-iface[0].key="your_password"
uci commit wireless
wifi
Configure WPA2 (PSK)
uci set wireless.@wifi-iface[0].encryption=psk2
uci set wireless.@wifi-iface[0].key="your_password"
uci commit wireless
wifi
Configure WPA2 Enterprise (EAP-TLS with external RADIUS server)
uci set wireless.@wifi-iface[0].encryption=wpa2
uci set wireless.@wifi-iface[0].key="shared_secret"
uci set wireless.@wifi-iface[0].server=192.168.1.200
uci set wireless.@wifi-iface[0].port=1812
uci commit wireless
wifi
1.5.3 USB 3.0 and Wi-Fi 2.4GHZ interfering
Reference [为什么USB 3.0会干扰 2.4G频段的WIFI? - 知乎 (zhihu.com)](https://zhuanlan.zhihu.com/p/362814362)
1.5.4 Wi-Fi /etc/config/wireless
UCI configuration is located in /etc/config/wireless
A typical wireless config file contains at least a pair of:
wifi-device - specifies general radio properties like channel, driver type and txpower
The wifi-device refer to physical radio devices present on the system.
wifi-iface - defines a wireless network on top of the wifi-device
wifi-iface section per adapter to define a wireless network on top of the hardware
1.5.5 Wi-Fi on/off buttons (WPS)
Quite a bit of devices come with at least one button, which in the stock firmware is used for WPS, toggling Wi-Fi.
# uci show wifitoggle
wifitoggle.@wifitoggle[0]=wifitoggle
wifitoggle.@wifitoggle[0].button='wps'
wifitoggle.@wifitoggle[0].timer='600'
wifitoggle.@wifitoggle[0].persistent='0'
wifitoggle.@wifitoggle[0].led_enable_trigger='timer'
wifitoggle.@wifitoggle[0].led_enable_delayon='500'
wifitoggle.@wifitoggle[0].led_enable_delayoff='500'
wifitoggle.@wifitoggle[0].led_disable_default='0'
1.5.6 How to create and add a wireless access point
Step 1: Modify the Network
Edit /etc/config/network and change the section
On devices with a separate WAN interface, bridge the LAN VLAN together with the WAN interface, remove the existing WAN interface - if any.
Step 2: Change the existing wireless network
Edit /etc/config/wireless and config wifi-device, wifi-iface
config 'wifi-device' 'radio0'
config 'wifi-iface'
Step 3: Disable DHCP Server /etc/init.d/dnsmasq disable
Step 4: Disable DHCPv6 Server /etc/init.d/odhcpd disable
Step 5: Disable Firewall /etc/init.d/firewall disable then stop
Step 6: Apply changes /etc/init.d/network reload
1.5.7 Guest Wi-Fi
Reference:
[Guest Wi-Fi](https://openwrt.org/docs/guide-user/network/wifi/guestwifi/start)
[我家电脑wifi突然有个guest是什么意思_百度知道 (baidu.com)] (https://zhidao.baidu.com/question/1885931950718702028.html)
1.5.8 Mesh Wi-Fi
802.11s operates on Layer 2 and makes sure that all nodes can see each other on a bridged Layer 2 network
802.11s works reliably with OpenWrt 19.07 and later, including authentication and encryption, assuming that there is hardware/driver support and that wpad-mesh-openssl (or equivalent) has been installed.
In OpenWrt,need to install wpad-mesh-openssl
1.5.9 OLSR (Optimized Link State Routing) Mesh
Mesh networks self-arrange and auto-configure themselves on the basis of network topology changes.
OLSR is one of the routing protocols available to create a Mobile Adhoc Networks (MANET), or rather, in more general terms, a wireless mesh network.
1.5.10 Wi-Fi network tools: Aircrack
Aircrack is a suite of tools that enables wireless traffic monitoring and penetration/security testing.
2 Firewall configuration
2.1 Firewall overview
OpenWrt uses the firewall3 (fw3) netfilter/iptable rule builder application.
It runs in user-space to parse a configuration file into a set of iptables rules, sending each to the kernel netfilter modules.
command "fw3 print" , you will see a number of netfilter/iptables rules either not explicitly defined in the fw3 configuration files
Firewall configuration /etc/config/firewall and /etc/firewall.user
There are the following main components to the OpenWrt firewall:
1. the firewall3 application
2. a set of netfilter hooks in the kernel networking stacks
3. a set of linux kernel modules that handle the inspection of network packets
4. a set of kernel tuning parameters to configure the network stacks and firewall modules
2.2 Firewall Configuration
[fw3 configurations](https://openwrt.org/docs/guide-user/firewall/fw3_configurations/start)
2.3 Firewall important componets (netfilter and iptables)
[netfilter and iptables](https://openwrt.org/docs/guide-user/firewall/netfilter_iptables/start)
2.3.1 Logging Forwarded Packets in OpenWrt
# create a new chain for logging forwarded packets
iptables -N forwarding_log_chain
# append to openwrt forwarding_rule chain (which generally has nothing in it)
iptables -A forwarding_rule -j forwarding_log_chain
# add log rules all HTTP/S SYN (can use --syn instead of --tcp-flags) and FIN-ACK events
iptables -A forwarding_log_chain -p tcp --dport 80:443 --tcp-flags ALL SYN -j LOG --log-prefix "HTTP-SYN:"
iptables -A forwarding_log_chain -p tcp --dport 80:443 --tcp-flags ALL ACK,FIN -j LOG --log-prefix "HTTP-ACK-FIN:"
# alternative log rule for all HTTP/S events. NOISY - causes some througput delays)
# iptables -A forwarding_log_chain -p tcp --dport 80:443 -j LOG --log-prefix "HTTP-DPRT-ALL:"
# iptables -A forwarding_log_chain -p tcp --sport 80:443 -j LOG --log-prefix "HTTP-SPRT-ALL:"
# Flush entries from logging chain
# iptables -F forwarding_log_chain
3 Qualcomm && OpenWrt
3.1 Enabling a Wi-Fi access point on OpenWrt
root@OpenWrt:/# rm -f /etc/config/wireless
root@OpenWrt:/# wifi detect > /etc/config/wireless
root@OpenWrt:/# uci show wireless | grep disable
root@OpenWrt:/# uci set wireless.@wifi-device[0].disabled=0
root@OpenWrt:/# uci commit wireless
root@OpenWrt:/# wifi
root@OpenWrt:/# wlanconfig ath0 list ap
SSID BSSID CHAN RATE S:N INT CAPS
OpenWrt_JT_FH 00:03:7f:87:70:44 1 54M 4:0 100 ESs VEN WME VEN VEN
OpenWrt_JT_BH 00:03:7f:87:70:92 1 54M 8:0 100 ESs VEN WME VEN VEN
OpenWrt 00:03:7f:12:42:37 6 54M 9:0 100 ESs VEN WME VEN VEN
OpenWrt-2g 00:03:7f:59:03:79 6 54M 3:0 100 ESs VEN WME VEN VEN
3.2 Change Wireless Section (such as SSID)
uci set wireless.@wifi-iface[0].ssid='OpenWrt_liuyu'
wifi (To reconfigure the Wi-Fi)
3.3 Change Network Section (such as Wireless)
To reconfigure the entire networking stack, including Wi-Fi
/etc/init.d/network restart
3.4 Enabling a STA on OpenWrt
uci del wireless.@wifi-device[0].disabled
uci del wireless.@wifi-iface[0].network
uci set wireless.@wifi-iface[0].mode=sta
uci commit wireless
wifi
wlanconfig ath0 create wlandev wifi0 wlanmode sta #create ath0 VAP
wlanconfig ath0 list ap #list nearby aps when ath0 is sta VAP
iwlist ath0 scan #scan nerby aps
3.5 Init Scripts
This will install a symlink for us in directory /etc/rc.d/ called S15qca-hostapd which point to our respective service script in /etc/init.d/.
OpenWrt will start the services according the the order of S* scripts in /etc/rc.d/.
To see the order you could simply run : $ ls -la /etc/rc.d/S*
Reference:
[Init Scripts](https://openwrt.org/docs/techref/initscripts)
[The Boot Process](https://openwrt.org/docs/techref/process.boot)
[Create a sample procd init script](https://openwrt.org/docs/guide-developer/procd-init-script-example)
4 Reference
Linux系统nf_conntrack连接跟踪机制简介
DDNS简介
DDNS设置
OpenWrt DDNS Doc
OpenWrt DNS and DHCP configuration
DNS and DHCP examples
SSH Configuration - Dropbear
Hotplug-Procd (the init system and process management daemon)
LED configuration /etc/config/system
OpenWrt Log System
OpenWrt Managing services
Network basics /etc/config/network
Scheduling tasks with cron
MAP IPv4-over-IPv6 encapsulation
MultipathTCP and OpenWrt
MultiPath TCP - 知乎 (zhihu.com)
OpenWrt roles
IPv4 configuration
IPv6 configuration
IPv6 multicast
Routing rules
Traffic shaping
Wi-Fi on/off buttons
802.11s based wireless mesh network
Wi-Fi network tools
Firewall overview
OpenWrt User guide
