Paxym Software Services for Multicore CPUs OCTEON XLR Freescale Rangeley QuickAssist
Software Services News & Events

OpenWRT, LEDE, dd-WRT, Linux Applications -- Project Updates

Open-WRT (including Project LEDE), ddWRT, Tomato etc. are Linux OS distributions targetted for low end Networking CPEs and Routers. These are very popular with SoHO (small-office home-office) networking environments. Most of the vendors supporting the SoHo market have hardware platforms which can be easily re-flashed with OpenWRT. Some vendors use OpenWRT or ddWRT directly.

The OpenWRT and dd-WRT distirbutions are easily customized and tailored to meet the needs of new Startups allowing them to save precious development time in creating a full Network Operating System distribution.

Paxym has helped Customers with OpenWRT and dd-WRT customization efforts, including porting new open-source software to OpenWRT packages, Customizing OpenWRT (drivers, LuCI, Automation, Lua), interfacing to the Cloud (Amazon AWS IoT, GCP IoT framework etc.), and Performance Tuning the Devices to the most optimized throughput

OpenWRT Wifi Client Silent Tracking Surveillance

Regular periodic scan spectrum for APs and Stations on channels 1-13. Used a variety of methods, including Pseudo-AP Fake Beacons, Response to Directed Probes, RTS firmware eliciting of CTS, Auth-Resp to Auth-Rq, De-Auth, uuid/Mac methods, etc. to attempt to detect and identify Wifi Clients. Developed a fake Wifi Client handshake tgen (Traffic-Generator), and Wifi Traffic logger. Similar work was done for detecting and logging BlueTooth clients/traffic. Researched and advised Customer for multi-Radio Wifi Devices.

OpenWRT Go / GoLang infrastructure Build, Package, Distribute

For BB & CC releases, applied and fixed-up golang related patches to fresh CC sources, built cross gogcc toolchain and libgo (with cgo) on Host. Scripted building of specified go programs into complete OpenWRT '.ipk' packages usable from opkg. Allowed customer to either create full CC image with the go .ipk packages included, or be distributed later via LuCI Web Package Management to live Routers. Additionally built & verified gopacket, pcap go wrappers, and tested from example go programs. Work completed for OCTEON and Mips24Kc architectures, and is portable to other ARM / x86 commonly used in OpenWRT devices. Customer utilized this sdk system for projects involving gopacket, go-gpsd etc.

OpenWRT VPN Simplified Web UI

Single LuCI Web page selection of Providers and VPN Servers (based on Location, Speed preferences). One click Connect, Disconnect, Re-connect, along with facility to upload single or multiple oVPN profiles. Live monitor WAN connection status, VPN status, throughput, etc. List of bypass destination internet nodes or source MAC based local clients.

OpenWRT Suricata port with Rust

As follow-up to our earlier Suricata optimization work for Multicore MIPS64 network processors, Paxym's team completed Suricata port for Customer using Marvell ARMADA 38x processors. Recently when Rust (Rust programming language) became a Required dependancy, we further worked with Customers to additionally provide a space-optimized port of Rust. We trimmed dependencies and optimized flash space requirements, using some extreme optimizations, and then fully tested it with HelloRust.
  CPUs (ARMADA 38x, armv7, mipsbe)
  Suricata versions: 4.1.4, 4.1.6, 4.1.7, 5.0.1, working on newer (5.0.2).
  OpenWRT versions: CC 15.05, LEDE 17.01.5, OpenWRT 18.06.2 and newer.
  Rust versions: 1.31.1, 1.38.0

OpenWRT LuCI, uci, ubus changes to manage 1-3 LTE mini-PCIe Ethernet Modules

Fog-Computing Optimizer Router running OpenWRT. Various Project tasks for a Customer developing a Fog-Computing solution to assist IOT end-points. Back-end code for management of Cellular Modems, Wiring up of LuCI UI changes to System configuration state, Continuous tracking of System Network state and reflecting onto UI managent elements, Pro-active Connection state tracking.

OpenWRT 4G LTE Router using Gemalto els81_us on MediaTek MT7688

Customer proto platform with MT7688AN with 3 Ethernet LAN ports and 1 WAN port through switch. Our team completed the 4G LTE Router development on this Router / AP board with single Gemalto els81_us 4G LTE mini-PCI adapter card. Initial work performed with USB replica of the els81_us module. Wrote extensive scripts for finding, initializing, connecting, monitoring, disconnecting, upgrading, PIN security, etc. Added multiple heuristics to obtain clean reliable messaging handshake with the Adapter which only supported AT command set. Kernel modifications and port of correct USB cdc ecm drivers for this project. LuCI based web pages for Customer's use, and auto-config reporting for Central Administration / provisioning. Connection profile data modified automatically on a per Country, Region and Carrier code basis. Additionally implemented bandwidth aggregation using dual adapters.

OpenWRT Network Packet Data Plane accelerated forwarding Stack

Offloaded IPv4 Forwarding with full VLAN and LAG Link-Aggregation groups, onto unused MIPS64 cores of Network Processor. Data-Plane implemented in Simple-Exec of OCTEON CPUs, designed to utilize unused MIPS64 cores on Cavium OCTEON-III and OCTEON-TX. Accelerated Router solution supports NAT, Firewall, VLAN, LAG etc. Router's Data-Plane is fully in-synch with Routing Configuration and Topology via inter-core messaging b/w Control-Plane & Data-Plane. See here for more information on Network Offload Stack.

OpenWRT 802.11 MAC protocol driver advanced custom modifications

Custom 802.11 MAC modifications in Linux Kernel (OpenWRT distro), for Customer building a 802.11ac mobility solution utilizing Multiple synchronized APs based on Marvell Wifi MWL-88W8864 Controller. Interrupt based wireline trigger to synchronize TSF timer for multiple APs down to microsecond granularity. Created mac80211 driver mods, to Enable and Set Management IEs like specific TIM bitmask, Get & Set Transient Keys, Survey, Scan and get per Station RSSI values. Modified UAPSD, SAPSD, Beacon generation, PDU Aggregation (A-MPDU, A-MSDU), etc. Code reporting of PS Sleep Entry and Exit notifications for all connected stations. Alternate packet sequence scheduling by skipping BlockAck request and response mechanisms.

OpenWRT Firmware with advanced QoS SQM algorithms to remedy Buffer Bloat

OpenWRT project with auto-sensing QoS tracker to modify SQM policies, as buffer bloat appears likely. Along with complete LuCI-2 Web UI revamp, with back-end Lua scripts. Project implemented on TP-Link routers. An automated SQM policy manager with dynamic QoS reconfiguration based on current WAN line conditions. CPU was Qualcom-Atheros AR9344. Multiple enhancements to System Network connectivity were made and DHCP server scripts were written and integrated into a Site tracker, which logged and accounted for DHCP clients. New Lua index controller for node tree routing per the new Web layout, along with very extensive LuCI Web Management interface rewrite.

OpenWRT Multi-path TCP (MPTCP) implementation

OpenWRT Multi-Path TCP bandwidth aggregator. Complete Multi-path TCP (MPTCP) implemented in OpenWRT, with use of adaptive load distribution on multiple TCP tunnel paths. Utilized tun / tap interfaces to represent interfaces for TCP tunnel endpoints. In-Kernel changes, New driver development and User-space mods to implement sequential or adaptive rtt based traffic distribution. Implemented re-aggregation on receiving path of both ends. Another variant recreated the same system using MP-UDP Multi-Path UDP datagrams instead of TCP. Customer planned to deploy for Commercial Bandwidth aggregation service in Southern California.

OpenWRT Secure Encrypted Private Storage Partition for Vendor Customizations on SSD

Implement late-stage mounting of encrypted Storage Partion on external mPCIe SSD disk, using LUKS. Vendor stored private customization features code and data

OpenWRT x1000 Client Node Centralized Remote Management using TR-069 (Amendment-6) easyCWMP

Analyzed and designed a Customer roll-out of 3000 OpenWRT nodes in suburban and Rural areas of Yucatan and Quintana Roo (Mexico). Centralized remote provisioning and management using CWMP Server (OpenHub CWMP). Each node with easycwmp client included in the Root-Filesystem of OpenWRT. Customer further interested in adding Vendor-private fields for proprietary feature management.

OpenWRT Wifi Captive Portal using CoovaChilli for Customer Affinity Tracking

Involved package selections, porting, configuration and mods to LuCI Web management features for CoovaChilli Wireless Captive Portal for Food Establishment's equipment provider. Targetted for Coffee-Shops, Donut spots, Restaurants etc., the Portal allowed the Customer to greet, register, track and provide internet connectivity to its regular and new Customers. Added a Guest tracking using facebook and google integration. Web back-end for Restaurant promotions and Coupon distributions.

OpenWRT OpenSync with Wifi Alliance's EasyMesh Prpl Wifi and Xmidt libraries for IoT Control Extender

OpenSync Target layer implemented on NetGear Target platforms (DGND series), to test OpenSync for Centralized provisioning, Management and Operations of EasyMesh / (prplMesh implemenation) based IoT network coverage extender at Convention Center. Project re-targetted at x86 APU fpr HW resource needs. Rewrote some Xmidt WRP and MQTT libraries as Ruby GEM for Customer's Testing of WRP message payload, specially CRUD and Dev-Registration / Response payload.

OpenWRT 4G LTE Router using Sierra Wireless mini-PCIe Adapters and Golden-Orb modules

OpenWRT 4G LTE Router.   For a OEM manufacturer of major brand of Telecom products. CC branch based Intel mini-ITX Router, with 2 x Sierra Wireless mini-PCIe LTE modules. Worked on Kernel driver selection for QMI and relevant adapter options. Added post-boot scripts to correctly Number the interfaces in physical (chassis label) order, instead of (flaky) discovery order. Added Lua scripts and uci sections for various needed connect and resilience functions, to maintain connectivity, special one-time initializations at first-boot, auto-update of Dial and Country data, LuCI web pages for control of LTE Connection State and Provisioning info. Drove LEDs on the chassis from Lua scripts. Investigated integration of select Golden-Orb (GoldenOrb) modules requested by Customer.

OpenWRT noDogSplash Customized Wireless Captive Portal supporting dumb Streaming devices

OpenWRT noDogSplash Captive Portal. Modified noDogSplash to allow for un-registered clients, if they don't respond, or seem to not care about the Splash welcome page. This helped the Captive Portal solution for Vacation properties and Guest-Houses to allow non-human internet clients, e.g. Roku and other streaming devices to operate unhindered by Captive Portal. Connection for such impaired devices allowed to only select internet addresses utilizing specific ports. Re-wrote significant chunks of noDogSplash logic and tweaked algorithms to catch a wide majority of Wifi devices.

OpenWRT Port on Cavium OCTEON-III CN7130

OpenWRT port on Cavium OCTEON CN7130.   Port and bring-up on a CN7020 (dual-core OCTEON-III) based Access Point, and a CN7130 (quad-core OCTEON-III) system. Package conflicts, MIPS port issues, Build issues were addressed. A scripted build system to select packages and image configuration options was developed. Each of key package in customer's requirements list was verified. Project was initially rolled out on Ubiquiti EdgeRouter-Lite-3 (CN5020 dual core).

OpenWRT Parental Control Security Router Managed via AWS Cloud back-end

OpenWRT based Parental Control Security Router device.   Device was a Qualcomm-Atheros SoC based home Router, used as a Security Gateway, Discovery Probe and Services governor. Communicating to AWS cloud server via AWS IOT-SDK Toolkit API. Implemented and Wired up AWS Serverless Lambda functions on the backend. The Device provided auto-provisioning, auto-signup, Network Fingerprint Scan / Discovery, DNS white-lists and black-lists, per endpoint ACL at L2 & L3 levels, QoS Discipline, Traffic Shaping Bandwidth Control, NetFlow records collection & export, Rogue AP Detection, Squid, Local Web Administration, Remote Configuration Control from Cloud, etc. The Cloud side software had Client Management, Subscription Accounting, Network mapping, Visual GUI plotting, Featuress Status gauges and Controls UI, etc. Some of the tools used were SQM (for traffic shaping and to avoid buffer bloat and lag latency), Squid, SNORT (IDS), DNS-Masquerade, wflow, DHCP, etc.

OpenWRT 802.11b Custom Mac Driver

OpenWRT 802.11 Mac Protocol changes. Customer required particular changes in device drivers: mac80211. Enabling internal Station client flow handling based on User-Space accessible ioctl calls. Established a periodic ubus message pipe from hostapd to Customer developed Module.

OpenWRT 802.11b Custom Mac Controller Changes

Modified Wireless 802.11 Kernel driver code mac80211, and User-space hostapd etc. Extended validation control into UserSpace APIs to reject Response on a per station basis. Additionally modify mac80211 normal transmission slot allocation to extend a particular Associated endpoint's traffic transmission window. Created convenient ubus extensions to allow for easy ubus based management.

OpenWRT Dynamic Firewall Rules based on WAN / VPN Connectivity Monitoring

Customized CC branch image, to allow auto-insertion of Firewall Rules based on WAN connectivity status. Different Fiewall rules, when Internet is connected directly (Normally) through the WAN port. Different Firewall, rules, if the VPN is established and Internet is secured. Whereas certain class of Servers and Internet assets are selectively bypassed from the Firewall rules, if the VPN communication is not satisfactory. Select assets can be IP addresses, or certain Web URLs or complete Domains. Implemented by actively monitoring WAN status and separately monitoring VPN status.

OpenWRT encrypted network interface serviced by Propreitary Security scheme for Gaming Machines

Architected and Implemented SW changes for XSette Smart Security System for Gaming Industry. Created new Negotiable Security Handshakes b/w Wifi station (client) and AP, Added new Linux Userspace Supplicant support code via Kernel linkage, Wrote and Verified new Crypto algorithm support, Measure Analyzed and Improved Performance of the Algorithm.

OpenWRT Wifi Signal Strength Monitor for Guest Hospitality and Building Management

Central monitor for a distributed cluster of Wifi Probe devices running OpenWRT. For deployment in Hotels, Campus buildings, Travel Premises etc. Amazon AWS based back-end analyzes and tracks Wifi Signal Strength to allow efficient and Complaint-less Wifi coverage guarantee.

OpenWRT Voice FreePBX, Asterisk, FreeTDM, Sangoma Drives, WanPipe Development

Ported FreeTDM and WanPipe packages to CC branch of OpenWRT. Modified FreeTDM to utilize Sangoma Drivers and Sangoma Libraries. Additionally ported and linked to PRI libs.

OpenWRT AWS Cloud IOT-SDK port and MQTT integration

Completed Amazon Cloud AWS-IOT SDK port to OpenWRT, utilizing pure bash, instead of Python scripting. Used S3 storage, Serverless Lambda, IOT Things Shadow, to manage Device State including initial provisioning. Modified OpenWRT to periodically report State, and obtain any Configuration or Firmware changes. Apply changed configurations, or reflash self with updated Firmware as directed by the Control Server. Created System-Manager for Self-Reporting, Self-Provisioning, Dynamic Configuration Delta Updates, Centralized Control, Statistics gathering & Reporting and Device Management. Certificate and Key Management to identify and authenticate each Device.

OpenWRT Facebook XWF (Express Wifi) implementation

Implementation of XWF (Facebook Express Wi-fi) for Netgear WNDR series Access-Point Routers. The implementation allowed the AP to join the XWF HotSpot category and authenticate Guest clients using FreeRadius Server (on local VM Radius Server, instead of a NOC-Cloud based Authentication Controller). Allowed Customer, a Participant of XWF program to field an XWF-FULL compatible AP. Also optimized the modules for XWF-Lite per Consortium by Facebook spec.

OpenWRT Firmware Image Manipulation Post-build Edit of SquashFS and JFFS2

Wrote Scripts to analyze, disassemble, edit or insert new content, and then re-pack the Firmware. Reverse-engineered the native format of SquashFS and JFFS2. Utilized by Customer to insert Security Certificates, Private Keys, Serial Number etc. at the time of Manufacture prior to first Flash burn.

OpenWRT WLAN-Controller with OpenCAPWAP and CoovaChilli Captive Portal

Added OpenCAPWAP and CoovaChilli to OpenWRT image builds. Customized LuCi-2 pages with Lua backend scripts to configure Wireless and Captive Portal's features, with Split-Mac functionality. Customer also deployed internal WLAN controller for a chain of Motel properties

Paxym, Inc. is a Software Development and Testing Services Company. Providing Consulting Services to its Customers in the areas of Cloud Software, Web Front and Back-End Applications, Network and Security Stacks, Linux, xBSD Kernel development and Performance Tuning. Along with Solutions to a variety of computing problems using combination of SW and Hardware, by its Consultants.