OpenWrt Forum Archive

Topic: Optimized and feature rich trunk build for select routers

The content of this topic has been archived between 20 Aug 2014 and 5 May 2018. Unfortunately there are posts – most likely complete pages – missing.

If you do the work, I might include it.

This seems to at least dim the LEDs, so could you have the button trigger this small script?

for i in /sys/class/leds/* ; do echo 0 > "$i"/brightness ; done

I think it's better if you just install the trigger on your own router. I'm doing builds for several routers and people want their buttons to behave differently.

bmccoy11 wrote:

This seems to at least dim the LEDs, so could you have the button trigger this small script?

for i in /sys/class/leds/* ; do echo 0 > "$i"/brightness ; done

Sounded nice to have dimmed led lights. Tried this as 'startup' script. Visible effect was: no wifi led lights, everything else the same as default.

WNDR3700v1.

strongswan was installed after i removed all openwrt entries in opkg.conf.

thanks for adding strongswan.

I'm new with openwrt, would try this custom release.
My HW is TP-WR1043ND V2.1.   In menuconfig I can choose 'Target Profile  (TP-LINK TL-WR1043n/ND)'.
Is this correct Setting for V2 HW ?
Wan't avoid to brick my HW....

(Last edited by wm19 on 26 Feb 2015, 18:20)

Is it just me or did anyone else notice that connecting to a FTP server using FileZilla is slow, opening folders as well?

I'm on the latest version of wndr3700. Thanks!

Regarding the topic of this thread "...optimized build...". I posted some IPsec algorithm modules optimized for the WDR4900v1 SoC to the crypto mailing list. They got accepted by the crypto maintainers and might go into mainline as of kernel 4.1.

aes-ppc-spe.ko : https://git.kernel.org/cgit/linux/kerne … erpc%2Faes
sha1-ppc-spe.ko: https://git.kernel.org/cgit/linux/kerne … rpc%2Fsha1
sha256-ppc-spe.ko: https://git.kernel.org/cgit/linux/kerne … c%2Fsha256


Markus

Hey that's cool thanks for letting us know, does any other software than IPSec take advantage of it? I've gotten kind of used to OpenVPN, as it's a lot more compatible with different hotspots.

OpenVPN can make use of kernel modules if you enable cryptodev. So you can take them in your setup too. Especially on devices with hardware crypto this will unleash a lot of power.

As openssl tries to avoid cache timing attacks (in case of multiuser environments) its AES software implementation usually is optimized for constant time and not speed. If you have a look at the comments at https://github.com/openssl/openssl/blob/master/crypto/aes/asm/aes-ppc.pl you will see that AES is throttled at 50% for PPC implementation (e.g. WDR4900v1). Even the basic aes-generic kernel module should be faster. The same should apply for other architectures.

That said comparing the new modules with the openssl benchmark page the to be expected raw speedup factors (without network) for 1K blocks on WDR4900v1 should be:

AES: 2x faster - because of constant openssl implementation
SHA1: 2.6x faster - not prone to timing attacks
SHA256: 2x faster - not prone to timing attacks

So how do I enable cryptodev with your patches and make OpenVPN use it? Not familiar with this stuff at all smile Any docs around?

Arokh,

Maybe this patch is of interest to you (too)?

https://github.com/gwlim/mpc85xx-barrie … erpc.patch

I got it from Alphasparc's topic: "Performance Oriented OpenWRT Builds" in "Community Releases / Announcement", he has quite some patches for the wdr4900V1, although there are for BB. Have a look at his github.

(Last edited by bouwew on 3 Mar 2015, 09:31)

It seems to me like that patch is intended to reduce the ppc binary size of openssl, not necessarily improve performance. I've had a look at his github and thread before but it seems to me like they are just random patches pulled from ddwrt. If there are clear improvements they should be benchmarked and patches be sent upstream.

At the end of the day, routers are low powered machines and there are limits to what they can do. Compiler optimizations is probably the most valuable thing you can do.

On the topic of performance, Marvell is working on increasing NAT performance through a new fastpath module:

https://lists.openwrt.org/pipermail/openwrt-devel/2014-December/030179.html

Excited to see results when the code is published.

arokh wrote:

It seems to me like that patch is intended to reduce the ppc binary size of openssl, not necessarily improve performance. I've had a look at his github and thread before but it seems to me like they are just random patches pulled from ddwrt. If there are clear improvements they should be benchmarked and patches be sent upstream.

At the end of the day, routers are low powered machines and there are limits to what they can do. Compiler optimizations is probably the most valuable thing you can do.

On the topic of performance, Marvell is working on increasing NAT performance through a new fastpath module:

https://lists.openwrt.org/pipermail/openwrt-devel/2014-December/030179.html

Excited to see results when the code is published.

Erm it is not that I didn't benchmark and there is no improvements, I am simply too lazy to sent it upstream.
It is just a patch, anyone can send it upstream it is fine by me

And don't get your hopes ups on fastpath, remember propriety companies have no incentive to contribute code they if do not have to.
It their minds they believe they are helping competition.

You can always take my firmware and benchmark against yours tongue

Btw to add on my process is not add patches and believe it works.
I would deploy the patch and benchmark reboot and benchmark, I am not a fan of snake oil.

(Last edited by alphasparc on 3 Mar 2015, 10:29)

I'm guessing they will perform about the same on the same hardware. Anyway, great that you are seeing good results in your own benchmarks wink

The change log in the first post indicates that r41432 included an update to /etc/hosts.block to remove ads.hulu.com, however, it's still enabled in the hosts.block file in r44548 for the Archer C7 V2.  I tried removing it manually and rebooting, but still got problems with Hulu. 

I ended up removing the blocking line from /etc/config/dhcp to resolve the problem.

Is there an updated hosts.block file that works for most people that can be pushed to the Archer builds?  Thanks.

gmflash wrote:

The change log in the first post indicates that r41432 included an update to /etc/hosts.block to remove ads.hulu.com, however, it's still enabled in the hosts.block file in r44548 for the Archer C7 V2.  I tried removing it manually and rebooting, but still got problems with Hulu. 

I ended up removing the blocking line from /etc/config/dhcp to resolve the problem.

Is there an updated hosts.block file that works for most people that can be pushed to the Archer builds?  Thanks.

The adblock file is the only thing i dislike about this firmware. It completely blocks some websites which Im using and causes some sites not to load properly. However the Adblock Plus Chrome extension works great so is there any way someone can integrate that list?

Otherwise it should be wise to have adblock disabled by default as it's causing too much trouble and made me think the firmware didnt work well with my router but it was just adblock file causing issues.

@gmflash

On the router you only need to restart dnsmasq, but keep in mind that your client has already cached the DNS lookup. You will need to flush the cache or reboot your client as well.

I did remove hulu at some point but once I automated creating the list I forgot to make a whitelist for hulu, I'll see about doing that.

@stereohype

Adblock Plus is using a different approach for blocking ads and can not be made into a simple DNS blocklist like I am using.

Although it's quite easy to disable the adblocking, I could make it disabled by default. I think it adds value though, I can't remember anyone being very unhappy with it. You have examples of sites not working with it?

I have a problem, I use TP-Link MR3020 using OpenWrt BB status Exroot, when I connect computer via wifi internet work buat via cable Lan Internet not work, please help me!! Thanks

arokh wrote:

@gmflash

On the router you only need to restart dnsmasq, but keep in mind that your client has already cached the DNS lookup. You will need to flush the cache or reboot your client as well.

I did remove hulu at some point but once I automated creating the list I forgot to make a whitelist for hulu, I'll see about doing that.

@stereohype

Adblock Plus is using a different approach for blocking ads and can not be made into a simple DNS blocklist like I am using.

Although it's quite easy to disable the adblocking, I could make it disabled by default. I think it adds value though, I can't remember anyone being very unhappy with it. You have examples of sites not working with it?

Well with a lot of sites i keep seeing 'connecting..' at the bottom of a loaded page,i guess thats normal but still kinda annoys me. For example tweakers.net. Sites like https://www.friendlyduck.com dont load at all because they happen to serve ads.

(Last edited by stereohype on 4 Mar 2015, 13:53)

stereohype wrote:
arokh wrote:

@gmflash

On the router you only need to restart dnsmasq, but keep in mind that your client has already cached the DNS lookup. You will need to flush the cache or reboot your client as well.

I did remove hulu at some point but once I automated creating the list I forgot to make a whitelist for hulu, I'll see about doing that.

@stereohype

Adblock Plus is using a different approach for blocking ads and can not be made into a simple DNS blocklist like I am using.

Although it's quite easy to disable the adblocking, I could make it disabled by default. I think it adds value though, I can't remember anyone being very unhappy with it. You have examples of sites not working with it?

Well with a lot of sites i keep seeing 'connecting..' at the bottom of a loaded page,i guess thats normal but still kinda annoys me. For example tweakers.net. Sites like https://www.friendlyduck.com dont load at all because they happen to serve ads.

I had the same kinds of problems unfortunately. Though adblock plus slows things down, it does allow me to go to all the websites I want to browse. The biggest problem for me is that sometimes I do need links to things as hotels, plane tickets and such and a lot of times the addblocking in the router blocks those sites as well.

A much bigger issue i'm having is that sometimes pages dont complete their request successfully. I get "error empty response" or just nothing.. This usually happens in Wordpress admin.

First i thought it was my hosting provider and it frustrated me a lot trying to solve it from their end. Anyone else noticed this? Im on wndr3700.

BTW does anyone know a firmware likes this for the wndr3700 but 100% stable without major issues? Thanks!

I don't see how that would be a router problem. What is your definition of 100% stable? I had 48 days uptime with 0 issues before upgrading to the latest release.

+1 for removing ad-block from router. Plants and Zombies for Xbox One didn't work with adsrv.ea.com blocked. This was not easy to diagnose.

arokh wrote:

I'm guessing they will perform about the same on the same hardware. Anyway, great that you are seeing good results in your own benchmarks wink

This is the benchmark you want with SPE ABI and PPC ASM optimization
| r44550 | 1.0.2 | 87893220 | 81314220 | 38198290 | 21948650 | 10585820 | 3716050 | 17189460 | 14820600 | 13144220 | 17.7 | 654.1 63.3 | 51.8 |

(Last edited by alphasparc on 6 Mar 2015, 14:05)