Distributions

A look at OpenWrt

There are numerous Linux distributions focused on small network routers; most of them are ultimately derived from the WRT54G source that was extracted from LinkSys some years ago. One popular choice, Tomato, was reviewed here at the beginning of 2010. Tomato is not a hugely active project, though (one minor release in the 18 months since that review) and is not fully free software. Users wanting a more active, more free distribution are likely to settle on OpenWrt; your editor recently picked up a new router with the idea of playing with this distribution.

Unlike many router distributions, OpenWrt makes a point of supporting a wide range of hardware; see the "table of hardware" for the full list. The table is actually recommended reading for anybody thinking of getting a new router; beyond saying whether a specific router is supported, it provides a concise summary of the features of each.

The router used for this review is a Netgear WNDR3700v2; it is a nice device which runs OpenWrt well - but only for those who are willing to spend a bit of time at it. This product is quite new, so OpenWrt support is in an early state; there are no stable releases with WNDR3700v2 support, and probably will not be for a little longer (it seems that the upcoming 10.03.1 release will include this support). The OpenWrt WNDR3700v2 page describes in great detail how to get things going. Fortunately, much of the information found there (including advanced material like hardware mods) can be ignored at the beginning.

A running OpenWrt instance feels a lot like any other Linux distribution; one can use ssh to run a shell on the device and move around in the usual ways. But it does not take long for the differences to become apparent. One of the first of those is that OpenWrt uses its own packaging system, a tool called opkg. Its operation is easy enough to learn for anybody who is familiar with other package managers, but it is sufficiently different from the alternatives to require a bit of manual reading to get started.

OpenWrt has also taken an interesting approach to configuration; everything is meant to be found in a single directory (/etc/config), and in a single format. One learns quickly that there are some exceptions - /etc/hosts and /etc/ethers, for example, but the bulk of OpenWrt configuration fits within that framework. There is a set of tools making it easy for scripts to manipulate configuration files without breaking them, and another set which seems to implement the configurations by running the relevant daemons with large numbers of command line arguments. Configuring OpenWrt can lead one into a vast maze of obscure options, but, at least, one need not worry about application-specific configuration syntax.

Most of the time. Configuring OpenWrt as a simple router is not particularly difficult; in many situations it may simply work out of the box with no tweaks required. When one gets into the more advanced capabilities it gets rather more complicated. OpenWrt is aimed, after all, at users who are sufficiently motivated to wipe the factory firmware from their device and run something else; one can be sure that it gives those users the ability to tweak almost anything. Would you like, say, 16 options for the behavior of each LED on the front panel? OpenWrt is there for you, but you need to be prepared to spend some time reading the wiki to figure out how to do it.

One of the places where Tomato excels is with its web-based administration screens; unfortunately, that's also the part of Tomato that is non-free. OpenWrt has traditionally been for those who like to configure their routers with vi. That situation has not changed greatly, but the various efforts around creating a browser-based management interface seem to have coalesced around a system called "LuCI". LuCI makes many of the basic tasks around configuring (and monitoring) a router easy, and it makes some of them quite hard. It lacks the cleanness, focus, and ease of Tomato's interface, but it makes it up in volume. One cannot change every aspect of the router's configuration with LuCI, but it looks like the LuCI developers made their best effort toward that goal.

LuCI has an overview screen providing a quick view of the status of the router: load average, free memory, status of the interfaces, DHCP clients, wireless users, etc. There are realtime bandwidth-usage plots that are quite similar (suspiciously so) to those produced by Tomato, but without as much flexibility. Just about every aspect of how the network interfaces work can be configured through LuCI. For a wireless interface, for example, one can deal with mundane parameters like SSID, channel, encryption, and whether the interface is considered to be on the LAN or part of the outside world (or somewhere in between). But one can also tweak the transmit power, MAC address filtering, and many other things. It's all there, but one ends up digging through lots of tabs to find everything; sometimes it turns out to be easier just to go into /etc/config and edit the file directly.

LuCI also provides a basic interface to the package manager, allowing the installation and removal of specific packages. It turns out that there is a lot of stuff in OpenWrt that one can install if desired. As one might imagine, just about any tool which relates to networking is present, but there's more to it than that. Anybody with a desire to run apache, asterisk, cdparanoia, cups, erlang, git, lame, or about 2,000 others need only install the relevant packages. This is part of the power of OpenWrt, of course; it turns a cheap router into a low-power Linux box capable of doing any of a number of things never anticipated by the manufacturer.

Of course, one needs to have enough space and computing power in the router to actually run that stuff. The WNDR3700v2 has all of 16MB of flash; one is not going to be installing an office suite there. The OpenWrt developers have seemingly put a lot of effort into maximizing the resources (especially storage) available on the router, with some interesting implications.

In most installations, squashfs is used for the base filesystem. Squashfs is very good at compression, so the base image is about as small as it can be. The problem, of course, is that squashfs is also a read-only filesystem; the compression techniques used force that limitation. Needless to say, installing new packages onto a read-only filesystem - or even just saving configuration information - can be a challenge. To enable filesystem changes, OpenWrt sets aside a portion of flash for a separate JFFS2 filesystem which is then overlaid over the base filesystem using mini_fo. There is talk of switching to overlayfs instead, but that has not yet happened.

This arrangement can lead to some counter-intuitive results. Removing a package from the system, for example, can decrease the amount of free space available. Space on the squashfs filesystem cannot be recovered; it can only be papered over by adding notes to the overlay filesystem. There are tools for a suitably-motivated user to build a custom image with exactly what is needed, but, for most users, the OpenWrt distribution will remain mostly as it was when it was installed.

There is one important implication here: routinely updating packages is not something that OpenWrt users do. At even a low level of package churn, the available storage space would likely run out in a hurry. To make things worse, the bootloader requires the kernel to be placed in flash ahead of the first filesystem. Since (1) the kernel is not stored in the filesystem itself, and (2) a change in kernel size requires relocating the filesystems that come after it, it's really not possible to update the kernel on an OpenWrt installation. OpenWrt does make it relatively easy to update the entire distribution - configuration files are preserved - but that is not something administrators will do often.

That adds up to a bit of a scary situation. Routers are often in the position of being fully exposed to the Internet and having full access to the local network. They are an obvious target for attack, especially when they are capable of running anything that can be put onto a Linux system. The net is not full of stories of exploitable OpenWrt vulnerabilities, but the possibility always exists, especially if some of the more complex or obscure packages are installed. It seems solid, but your editor would sleep much better if OpenWrt had a better way to install updates and a process for dealing with security issues.

The flexible and widely-ported nature of OpenWrt make it, like Debian, a useful base for others to build their own distributions on. The stock firmware on the WNDR3700v2 is, in fact, derived from OpenWrt - a fact which presumably aided the developers working on that port. Comcast, a big US Internet provider, has a special OpenWrt distribution for those participating in its IPv6 tests. The openwrt-robe project repurposes routers for the development of in-vehicle systems. CoovaAP is a derivative intended for the easy deployment of public WiFi hotspots. PacketProtector, instead, uses OpenWrt to create a "unified threat management" device. The bufferbloat community will soon be releasing a debloated OpenWrt variant for testing. There are many more; OpenWrt has become a base distribution that has made a lot of creativity possible.

In summary: OpenWrt shows some of the best of what our community is capable of. This community has created a distribution which makes a variety of commodity routers into much more powerful devices than their manufacturer may have intended, and they have created a base with which many other things can be done. All that is lacking is just a bit more support from the vendors; wouldn't it be nice if routers just came with an OpenWrt variant with full access to the package repository and updates? Unfortunately, vendors still see themselves as selling black boxes rather than general-purpose devices. But, as long as we can put a proper distribution onto these devices ourselves, that will be good enough.

Comments (39 posted)

Brief items

Distribution quote of the week

-- Josh Boyer (joins the Fedora kernel team)

Comments (none posted)

Release for CentOS-6.0 Minimal

CentOS-6.0/minimal is available for i386 and x86_64 architectures. "The minimal install iso media is an alternative install to the main CentOS-6.0 distribution and comes with a trimmed down, preselected rpm list. However, it still runs off the standard installer, with all the regular features that one would expect from the main distribution, except the rpm selection screen has been disabled. Running an install from this media will not allow you to change the rpms selected for install." These images do contain the complete recovery and rescue environment found in the main distribution.

Full Story (comments: none)

Oracle Linux 5.7

Oracle has announced the release of the seventh update to Oracle Linux 5. Three sets of kernel packages are available with this release, including the Unbreakable Enterprise Kernel (the default), a Red Hat compatible Kernel, and a Red Hat compatible Kernel with bug fixes added by Oracle.

Comments (none posted)

Red Hat Enterprise Linux Extended Update Support 5.4 - End Of Life

The extended update support for Red Hat Enterprise Linux 5.4 has ended. "Note: This does not impact you unless you are subscribed to the Extended Update Support (EUS) channel for Red Hat Enterprise Linux 5.4."

Full Story (comments: none)

Scientific Linux 6.1

Scientific Linux has released version 6.1 for i386 and x86_64. "Scientific Linux release 6.1 is based on the rebuilding of RPMS out of SRPMS's from Enterprise 6 Update 1, both Server and Client." More information can be found in the release notes.

Comments (none posted)

Distribution News

Debian GNU/Linux

Release Update: Goals, Arches, Rolling, Removals

Neil McGovern has an update from the Debian release team, including release goals, architectures, 0-day NMU policy, improving the experimental repository, the package removal process, and a look at what is due in the next update.

Full Story (comments: none)

DebConf11 ends as another success for the Debian Project

DebConf11, this year's annual Debian Conference was held in Banja Luka, Republika Srpska, Bosnia and Herzegovina. Click below for a conference summary. "The Debian Conference was attended by over 400 contributors from over 70 countries ranging as far as New Zealand, Taiwan and Brazil. Beside the original scheduled 78 sessions, about 30 additional sessions where scheduled during the conference." DebConf12 will be held in Managua, Nicaragua.

Full Story (comments: none)

Newsletters and articles of interest

Distribution newsletters

• DistroWatch Weekly, Issue 416 (August 1)
• openSUSE Weekly News 186 (July 30)
• Ubuntu Weekly Newsletter, Issue 226 (July 30)

Comments (none posted)

First Look at Jeoss, a Lean and Mean Ubuntu-Based Server Distribution (Linux.com)

Carla Schroder takes a look at Jeoss, a compact, install-everywhere Ubuntu-based server distribution. "Jeoss is maintained by Patrick Massotta, and is based on Ubuntu 8.04 LTS, the Hardy Heron. It is not virtualized, but rather trimmed down to the naked essentials for a lean, mean efficient server. It uses a modified Ubuntu linux-image-2.6.24-27-server kernel. It differs from the Ubuntu server kernel in three significant ways: it is low-latency, it includes i586 instructions, and it does not require a PAE-enabled CPU. (PAE, Physical Address Extension, is a slick hack for 32-bit CPUs to access more than 4 GB RAM.) So Jeoss can be used with lower-power and non-PAE CPUs like Pentiums and AMD Geode processors, which are popular on single-board computers."

Comments (none posted)

Page editor: Rebecca Sobol
Next page: Development>>