OpenWrt Forum Archive

Topic: Update on Linksys WRT1900AC support

The content of this topic has been archived between 16 Sep 2014 and 7 May 2018. Unfortunately there are posts – most likely complete pages – missing.

sera wrote:
gsustek wrote:
sera wrote:

Reading about cesa in here made me want to give it a try, wont be doing sensitive stuff on the device anyway.

Took me 3 builds to get there. Those[1] are the relevant changes I made for cesa on shelby using 4.4.10 and trunk. Credit for 915 and 916 go to InkblotAdmirer.

[1] https://gist.github.com/anonymous/9d736 … 27caf9bc53

is it stable? Would it work for 4.4.6 ?

There was no real testing as of yet. Started with looking into it maybe an hour before posting. All I did was see performance skyrock after fixing some issues. Should apply to 4.4.6 just fine, I also expect it to work for cobra and caiman.

Maybe someone wants to write a script to compare the different set-ups.


Thnx, how do i use that acceleration to services like OPENVPN, SFTP, SSH, where do i have to choose(per service) what crypto do i use, and tell the service to use cesa crypto?
nice tutorial will be nice:-)

@gsustek

I'm not really familiar with crypto hardware. The US apparently doesn't like their residents using strong cryptography as demonstrated here http://www.oracle.com/technetwork/java/ … 33166.html for example. So I'm a bit wary of crypto hardware that can be sold in the US.

That said, applications need to be built with cryptodev support and/or need to call the appropriate functions. For openssl CONFIG_OPENSSL_ENGINE_CRYPTO=y is required and CONFIG_OPENSSL_ENGINE_DIGEST=y is optional. For others all form nothing to recompiling with cryptodev support or even patching the package. You will have to do benchmarks.

There was a link to openssl benchmark on openwrt wiki. That one is a cpu performance test and moves the decimal point into the wrong direction (fine for devices orders of magnitude slower).


aes-256          16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
software           18.7M       19.9M        20.4M        20.4M       20.5M
cesa               93.8M      183.8M       673.7M      2433.8M       infk
speedup             5           9           33          119        very fast
------
low end x86       392.5M      413.7M       447.8M       458.2M      460.8M

Edit: add low end x86 results as comparison.

(Last edited by sera on 19 May 2016, 11:56)

@Inkblot

Marvell-cesa successfully compiled and loaded in the kernel but openssl engine fail to see it, how can i debug this ?

root@net002:/# insmod marvell-cesa
[  568.988177] marvell-cesa f1090000.crypto: CESA device successfully registered
root@net002:/# cat /proc/crypto | grep marvell_cesa
module       : marvell_cesa
module       : marvell_cesa
module       : marvell_cesa
module       : marvell_cesa
module       : marvell_cesa
module       : marvell_cesa
module       : marvell_cesa
module       : marvell_cesa
module       : marvell_cesa
module       : marvell_cesa
module       : marvell_cesa
module       : marvell_cesa
root@net002:/# openssl engine
(dynamic) Dynamic engine loading support
root@net002:~# opkg list-installed | grep crypto
kmod-crypto-aead - 4.4.10-1
kmod-crypto-authenc - 4.4.10-1
kmod-crypto-cbc - 4.4.10-1
kmod-crypto-des - 4.4.10-1
kmod-crypto-hash - 4.4.10-1
kmod-crypto-hmac - 4.4.10-1
kmod-crypto-manager - 4.4.10-1
kmod-crypto-marvell-cesa - 4.4.10-1
kmod-crypto-md5 - 4.4.10-1
kmod-crypto-null - 4.4.10-1
kmod-crypto-pcompress - 4.4.10-1
kmod-crypto-sha1 - 4.4.10-1
kmod-crypto-sha256 - 4.4.10-1
kmod-crypto-test - 4.4.10-1
kmod-crypto-user - 4.4.10-1
kmod-cryptodev - 4.4.10+1.8-mvebu-2
root@net002:~# opkg list-installed | grep openssl
libopenssl - 1.0.2h-1
openssl-util - 1.0.2h-1
openvpn-openssl - 2.3.10-1
openwrt@buildslave003:~/trunk-public$ cat target/linux/mvebu/config-4.4 | grep CESA
CONFIG_CRYPTO_DEV_MARVELL_CESA=y
# CONFIG_CRYPTO_DEV_MV_CESA is not set
openwrt@buildslave003:~/trunk-public$ cat .config | grep CONFIG_OPENSSL
CONFIG_OPENSSL_WITH_EC=y
# CONFIG_OPENSSL_WITH_EC2M is not set
# CONFIG_OPENSSL_WITH_SSL3 is not set
CONFIG_OPENSSL_ENGINE_DIGEST=y
CONFIG_OPENSSL_HARDWARE_SUPPORT=y
CONFIG_OPENSSL_ENGINE_CRYPTO=y
openwrt@buildslave003:~/trunk-public$ cat .config | grep cesa
CONFIG_PACKAGE_kmod-crypto-marvell-cesa=y

Edit: Do i have to patch openssl to find it ? How did you guys do it and on which plateform ?

Edit2: Adding more infos

Edit3: Found this

root@net002:~# find /lib/ -name "*cryptodev*"
/lib/modules/4.4.10/cryptodev.ko
root@net002:~# ls -la /lib/modules/4.4.10/cryptodev.ko
-rw-r--r--    1 root     root         47240 May 12 07:32 /lib/modules/4.4.10/cryptodev.ko
root@net002:~# openssl speed -evp aes128 -elapsed -engine cryptodev
invalid engine "cryptodev"
3069265092:error:25066067:lib(37):func(102):reason(103):NA:0:filename(/usr/lib/engines/libcryptodev.so): Error loading shared library /usr/lib/engines/libcryptodev.so: No such file or directory
3069265092:error:25070067:lib(37):func(112):reason(103):NA:0:
3069265092:error:260B6084:lib(38):func(182):reason(132):NA:0:
3069265092:error:2606A074:lib(38):func(106):reason(116):NA:0:id=cryptodev
3069265092:error:25066067:lib(37):func(102):reason(103):NA:0:filename(libcryptodev.so): Error loading shared library libcryptodev.so: No such file or directory
3069265092:error:25070067:lib(37):func(112):reason(103):NA:0:
3069265092:error:260B6084:lib(38):func(182):reason(132):NA:0:

(Last edited by mrfrezee on 19 May 2016, 12:54)

valueking2011 wrote:

Yes,
#opkg install ./kmod-nls-utf8_4.4.7-1_mvebu.ipk
Installing kmod-nls-utf8 (4.4.7-1) to root...
Collected errors:
* satisfy_dependencies_for: Cannot satisfy the following dependencies for kmod-nls-utf8:
*      kernel (= 4.4.7-1-ed3b8b13a51e04cd5a5e1ff72541fdcc) *
* opkg_install_cmd: Cannot install package kmod-nls-utf8.

That's probably why it's broken. Add these lines below to your Distribution feeds in LuCi, and "Update". After updating, try to add the package needed again.

src/gz designated_driver_base http://davidc502sis.dynamic-dns.net/packages/base
src/gz designated_driver_kernel http://davidc502sis.dynamic-dns.net/packages/kernel
src/gz designated_driver_telephony http://davidc502sis.dynamic-dns.net/packages/telephony
src/gz designated_driver_packages http://davidc502sis.dynamic-dns.net/packages/packages
src/gz designated_driver_routing http://davidc502sis.dynamic-dns.net/packages/routing
src/gz designated_driver_luci http://davidc502sis.dynamic-dns.net/packages/luci
src/gz designated_driver_management http://davidc502sis.dynamic-dns.net/packages/management

Does anyone suffer from slow ssh connections? And I'm not talking about connections TO the router, but THROUGH the router. I have several machines at home that I manage through ssh, and for sometime it's been extremely slow. I can type a whole line before the characters appear in screen, and every few seconds connection stops. It does not disconnect, but stops answering for a while and then comes back again.

I've tried the usual things: disable DNS, disable X11 forwarding,... But it seems it's a router problem, not a server problem. I have a FreeNAS server (FreeBSD), an Ubuntu Linux server, an Android TV Box and even a couple of "strange" devices with Linux. It happens with all of them.

I tried to install QoS scripts, just to test if that could help, but I couldn't. I'm on Davidc502 build, and even adding the sources in Luci, it keeps complaining about the kernel version and won't install.

Any ideas?

Regards.

@nitroshift

I have tried 2 new clones using your buffer-manager patch https://github.com/nitroshift/buffer-manager
the first had my typical defaults set and It bombed the same way
as the second clone that only had target system marvell armada and target profile mamba tagged.
version 4.4.10
Any ideas?

http://pastebin.com/WJVu2FUB
Thanks.

@mrfrezee

See this post.

You have additions to target/linux/mvebu/config-4.4 that are not required and are probably yielding the result you are seeing. The define CONFIG_CRYPTO_DEV_MARVELL_CESA in config-4.4 under generic should be set to "m", and the CONFIG_CRYPTO_HW set to "y". Also ensure both -DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS on the openssl compile.

Here is what I have for opkg list-installed | grep crypto :

kmod-crypto-aead - 4.4.10-1
kmod-crypto-authenc - 4.4.10-1
kmod-crypto-cbc - 4.4.10-1
kmod-crypto-deflate - 4.4.10-1
kmod-crypto-des - 4.4.10-1
kmod-crypto-ecb - 4.4.10-1
kmod-crypto-echainiv - 4.4.10-1
kmod-crypto-gf128 - 4.4.10-1
kmod-crypto-hash - 4.4.10-1
kmod-crypto-hmac - 4.4.10-1
kmod-crypto-iv - 4.4.10-1
kmod-crypto-manager - 4.4.10-1
kmod-crypto-marvell-cesa - 4.4.10-1
kmod-crypto-md5 - 4.4.10-1
kmod-crypto-null - 4.4.10-1
kmod-crypto-pcbc - 4.4.10-1
kmod-crypto-pcompress - 4.4.10-1
kmod-crypto-rng - 4.4.10-1
kmod-crypto-sha1 - 4.4.10-1
kmod-crypto-sha256 - 4.4.10-1
kmod-crypto-test - 4.4.10-1
kmod-crypto-wq - 4.4.10-1
kmod-cryptodev - 4.4.10+1.8-mvebu-2

@gsustek
openvpn just uses openssl, so whatever openssl is using is what openvpn gets.

@mrfrezee

My guess:  the compile order needs to be cryptodev-linux, openssl, openvpn.  You likely need to add cryptodev-linux as a depend in openssl package to force it to compile first.

To test:  recompile openssl and create a package in your already-built setup.  Install that opkg and if openssl now sees the engine, this is your problem.

I posted on that a while back, but this thread is ridiculously cluttered.  Last, you need to make sure OCF cryptodev headers package is selected also, and (strangely) it's in a completely different section of menuconfig.  If you missed that cryptodev won't be installed properly and you likely need to recompile the kernel (and thus your whole build).

northbound wrote:

@nitroshift

I have tried 2 new clones using your buffer-manager patch https://github.com/nitroshift/buffer-manager
the first had my typical defaults set and It bombed the same way
as the second clone that only had target system marvell armada and target profile mamba tagged.
version 4.4.10
Any ideas?

http://pastebin.com/WJVu2FUB
Thanks.


@northbound, are you redirecting you make output to some log file?  Try not doing redirection.  I ran into this when the make is trying to prompt for answers to questions.

    Marvell Armada 38x/XP network interface BM support (MVNETA_BM_ENABLE) [N/m/y/?] (NEW) aborted!

Console input/output is redirected. Run 'make oldconfig' to update configuration.

(Last edited by kirkgbr on 19 May 2016, 17:42)

@kirkgbr
Damn don't I feel stupid. smile That is exactly what I was doing.
Thank you

Add
CONFIG_MVNETA_BM=y
to target/linuc/mvebu/config-4.4

anomeome wrote:

Add
CONFIG_MVNETA_BM=y
to target/linuc/mvebu/config-4.4


Nice!!!

anomeome wrote:

Add
CONFIG_MVNETA_BM=y
to target/linuc/mvebu/config-4.4

There's no need to add that to config. It's already defined in Ethernet Kconfig.

nitroshift

@arokh @davidc503 @mrfreeze
Please take a look at how I described each of your builds under Community Builds to ensure you're okay with the descriptions or wish to have something removed/added


@leitec @sera
I've changed what both of you have suggested, removing the bullet about sysupgrade tarball editing and reformatting of the community builds section.


For all:
I've made all changes to the new WRT1X00AC/S Series wiki: https://wiki.openwrt.org/toh/linksys/wrt1x00ac_series

I've also removed all content from the WRT1900AC wiki, replacing it with a link redirecting to the WRT1X00AC/S Series wiki page.


@nitroshift
I believe my assumption is correct that the kwboot files for bootloader recovery are wrt1900ac v1 specific; if so, is there a way to garnish the required files for caiman, cobra, and shelby?

(Last edited by JW0914 on 19 May 2016, 19:44)

nitroshift wrote:
anomeome wrote:

Add
CONFIG_MVNETA_BM=y
to target/linuc/mvebu/config-4.4

There's no need to add that to config. It's already defined in Ethernet Kconfig.

nitroshift

Even if it defaults to "Y", OpenWrt needs it explicitly defined to avoid having to prompt the user. It will prompt the user for any unknown kernel configuration options.

@nitroshift
If building from a "clean" tree, in the background, and desiring the build to not fail as per @northbound post, that is the only way I have found. By setting that define you alleviate having to build in the foreground just to answer "n,m,y" to the question:

Marvell Armada 38x/XP network interface BM support (MVNETA_BM_ENABLE) [N/m/y/?]

@JW0914
Compared to what it was not long ago the wiki became quite presentable.

Wiki TODO
=========
- no perceived objection
* new suggestions

General Notes
-------------
- model specific pages should redirect to main page after extracting info (by rick)
- reduce the amount of colour and structure used for decorative purposes

Introduction
------------
DISCUSSION: The purpose of this thread isn't exactly clear and traffic rather high. It might make sense to break it up. We could have this thread be some sort of owners club and create topic threads.
* Once there is some consensus document it.

switch layout
-------------
* Possible structure:

Marvell 88E6172 - WRT1900AC v1 (mamba)
Marvell 88E6176 - Currently All The Others

firmware
--------
* possibly nice to have links for verifying checksums

* Possible structure:

Official Builds
  OpenWrt Stable (Recommended)
  OpenWrt Trunk
  Linksys OEM
Community Builds
 No implied warranty or fitness for purpose blurb
  arokh
  davidc502
  mrfreeze

flashing firmware
-----------------
- move notes about default password and how to backup linksys settings to oem -> openwrt
* drop Image Formats section, each of the subsection has exactly one preferred image type, list it there.

openwrt -> openwrt
------------------
* drop from ..., rename firmware section to obtaining firmware?
- add first login

oem -> openwrt
--------------
- fix first login
- move notes about refreshing network and modems up a level.

video tutorials
---------------
- short description of tutorial

@sera
Thanks! =]

- Should have time to get device specific pages done in the next few days

Work to be completed over the weekend:

Switch Layout
- Marvell 88E6172 - WRT1900AC v1 (mamba)
- Marvell 88E6176 - Currently All The Others

Firmware structure suggestions
- links provided will be incorporated
  - https://help.ubuntu.com/community/HowToMD5SUM
  - https://help.ubuntu.com/community/HowToSHA256SUM
- Community Builds disclaimer


Flashing Firmware & Video Tutorials changes have been made
  - Flashing Firmware

(Last edited by JW0914 on 19 May 2016, 21:56)

JW0914 wrote:

Please take a look at how I described each of your builds under Community Builds to ensure you're okay with the descriptions or wish to have something removed/added

Looks really good!! Thank you very much!

anomeome wrote:

The define CONFIG_CRYPTO_DEV_MARVELL_CESA in config-4.4 under generic should be set to "m", and the CONFIG_CRYPTO_HW set to "y".

MARVELL_CESA -> Will change that. CRYPTO_HW -> already set to y

anomeome wrote:

Also ensure both -DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS on the openssl compile.

Makefile is already toggling these for me

package/libs/openssl/Makefile

ifdef CONFIG_OPENSSL_ENGINE_CRYPTO
  OPENSSL_OPTIONS += -DHAVE_CRYPTODEV
  ifdef CONFIG_OPENSSL_ENGINE_DIGEST
    OPENSSL_OPTIONS += -DUSE_CRYPTODEV_DIGESTS
  endif
else
 [...]

-

InkblotAdmirer wrote:

My guess:  the compile order needs to be cryptodev-linux, openssl, openvpn.  You likely need to add cryptodev-linux as a depend in openssl package to force it to compile first.

I know it's PKG_BUILD_DEPENDS or something but i'm not really familiar with the syntax and openwrt's packages building in general, how should i proceed ?

nitroshift wrote:
nitroshift wrote:

@Nihilanth, @kirkgbr

Firmware for v1 (Mamba):

https://onedrive.live.com/redir?resid=5 … =folder%2c

Kernel 4.4.10 and netdata included (netdata can be accessed in a browser on port 19999).

nitroshift

@Nihilanth, @kirkgbr

Did flash it? Any quirks?

nitroshift


Finally got time to flash it.   Most things are fine. 

A couple problems I had were:
- had to remove /etc/config/wireless and regenerate from new because the gui wasn't able to configure.
- for some reason my serial console isn't working properly now.  Not sure it's your build and will have to do some more tests.

Sorry, posts 11376 to 11375 are missing from our archive.