【硬创邦】跟hoowa学做智能路由:从芯片开始
【硬创邦】跟hoowa学做智能路由(三):选择合适的设备
【硬创邦】跟hoowa学做智能路由(四):第一次刷机
【硬创邦】跟hoowa学做智能路由(五):熟悉OpenWRT
【硬创邦】跟hoowa学做智能路由(六):扩充RAM和FLASH
【硬创邦】跟hoowa学做智能路由(七):路由联网
【硬创邦】跟hoowa学做智能路由(八):防火墙/DMZ
【硬创邦】跟hoowa学做智能路由(九):时区/服务/SSH
OpenWrt开发者沙龙:“学做智能路由”活动发起人hoowa孙冰演讲
【硬创邦】跟hoowa学做智能路由(十):扩充RAM和 和FLASH
实际操作
【硬创邦】跟hoowa学做智能路由(十一):实现网络存储与文件共享
【硬创邦】跟hoowa学做智能路由(十二):网络音箱之声卡驱动
【硬创邦】跟hoowa学做智能路由(十三):网络音箱之Android篇
【硬创邦】跟hoowa学做智能路由(十二):网络音箱之声卡驱动
以上所有详见:http://www.leiphone.com/author/hoowa
参考:http://sowm.cn/channel/5/2.html 输入小米路由事件 或者openwrt
OpenWrt Web界面修改及功能实现实例说明
UCI指令读取配置
语法格式: uci [<options>] <command> [<arguments>] 查看类语法:
uci get <config>.<section>[.<option>] 取得一个键的值 或根据段的名字取得类型
uci show [<config>[.<section>[.<option>]]] 显示出全部 / 配置文件 / 段 / 键 的完整格式
uci changes [<config>] 显示出全部 / 配置文件 的未保存修改(经过commit语法保存后就不再有记录)
uci add <config> <section-type> 增加一个匿名段配置到配置文件中
uci set <config>.<section>[.<option>]=<value> (增加/修改)一个有名字的段 / 增加一个段中的键和值
uci add_list <config>.<section>.<option>=<string> 增加一个列表集合数据到配置文件中
uci del_list <config>.<section>.<option>=<string> 删除一个指定值的列表集合数据
uci delete <config>[.<section>[[.<option>][=<id>]]] 删除一个 段 / 键 / 指定值的键
uci commit [<config>] 将变更保存在文件中,或保存全部变更到各自文件
举例,开启wifi功能:
root@OpenWrt:/# uci set wireless.radio0.disabled=0
root@OpenWrt:/# uci commit wireless
让wifi开启生效:
root@OpenWrt:/# wifi
wifi参数详情:http://www.leiphone.com/news/201406/diy-a-smart-router-topic-router-wire.html
服务启动参数说明
语法: /etc/init.d/network [指令]
可用指令:
start 立即启动服务
stop 立即停止服务
restart 立即重新启动服务
reload 重新读取该服务的配置信息
enable 开机自动启动
disable 禁用开机自动启动
killclients 清楚掉已连接上来的客户端通过以上参数执行,即可达到所需效果。
比如,启动network服务:
Wireless Utilitieshttp://wiki.openwrt.org/doc/howto/wireless.utilities
BSS, ESS, BSSID, SSID, ESSID, IBSS
WPA(保护无线电脑网络安全系统)编辑
本词条缺少 信息栏、 名片图,补充相关内容使词条更完整,还能快速升级,赶紧来 编辑吧!WAP(无线通讯协议)WPA 全名为 Wi-Fi Protected Access,有WPA 和 WPA2两个标准,是一种保护无线电脑网络(Wi-Fi)安全的系统,它是应研究者在前一代的系统 有线等效加密(WEP)中找到的几个严重的弱点而产生的。
WEP问题: these choices have proven to be insufficient: key space istoo small against current attacks, RC4 key scheduling is insufficient(beginning of the pseudorandom stream should be skipped), IV space istoo small and IV reuse makes attacks easier, there is no replayprotection, and non-keyed
authentication does not protect against bitflipping packet data.
WPA对比: It usesTemporal Key Integrity Protocol (TKIP) to replace WEP. TKIP is acompromise on strong security and possibility to use existinghardware. It still uses RC4 for the encryption like WEP, but withper-packet RC4 keys. In addition, it implements replay protection,keyed packet authentication mechanism (Michael MIC).
可见wpa与wep都是协议内部的事,与我们无关,只是在协议内部增加一些防止包被重放攻击等机制。从后面的“WEP WPA WPA2 开放系统 共享密钥 区别”知道 wep的key 既做认证,也做加密秘钥,且每个人都使用一个秘钥, wpa的key 只做认证,秘钥动态分发与更新,且每个人都不一样。WEP只是加密算法;而WPA则包含了认证/加密等多个模块,可以认为是一种安全架构。
Wi-Fi Protected Setup (WPS): 也就是常说的设置秘钥,隐藏ssid
WPS(Wi-Fi Protected Setup,WiFi保护设置),它是由WiFi联盟组织实施的可选认证项目,它主要致力于简化无线网络设置及无线网络加密等工作。一般情况下,用户在新建一个无线网络时,为了保证无线网络的安全,都会对无线网络名称(SSID)和无线加密方式进行设置,即“隐藏SSID”和设置“无线网络连接密码”。可扩展身份验证协议 (EAP)
可扩展的身份验证协议 (EAP)
可扩展的身份验证协议 (EAP) 通过允许那些使用任意长度的凭据和信息交换的任意身份验证方法,来扩展点对点协议 (PPP)。EAP 已被开发以响应身份验证方法的不断增长的需求,这些方法使用诸如智能卡、令牌卡和密码计算器之类的安全设备。EAP 提供业界标准的体系结构来支持 PPP 之内的其他身份验证方法。
通过使用 EAP,您可以支持其他身份验证方案,称为 EAP 类型。这些方案包括令牌卡、一次性密码、使用智能卡的公钥身份验证以及证书。EAP(与强大的 EAP 类型一起)构成安全的虚拟专用网络 (VPN) 连接的重要技术组成部分。强大的 EAP 类型(例如那些基于证书的类型)在对抗野蛮攻击、字典攻击和密码猜测方面比基于密码的身份验证协议(如 CHAP 或 MS-CHAP)更加安全。 在 EAP-TLS 身份验证过程中,将为 Microsoft 点对点加密 (MPPE) 生成共享的机密加密密钥。
Configure WPA (PSK)
Configure WPA (PSK) encryption using UCI.
Configure WPA (PSK)root@OpenWrt:~# uci set wireless.@wifi-iface[0].encryption=psk root@OpenWrt:~# uci set wireless.@wifi-iface[0].key="your_password" root@OpenWrt:~# uci commit wireless root@OpenWrt:~# wifi 参考自:http://wiki.openwrt.org/doc/uci/wireless/encryption#atheros.and.generic.mac80211.wifiConfigure WPA2 (PSK) oot@OpenWrt:~# uci set wireless.@wifi-iface[0].encryption=psk2 root@OpenWrt:~# uci set wireless.@wifi-iface[0].key="your_password" root@OpenWrt:~# uci commit wireless root@OpenWrt:~# wifi
关于wep秘钥的设置的参考:http://wiki.openwrt.org/doc/uci/wireless/encryption#atheros.and.generic.mac80211.wifi
Raw hex keys have 10 hex digits (
0
..9
,a
..f
) for 64-bit WEP keys and 26 hex digits for 128-bit WEP keysIf you do not wish to use raw hex keys then follow the instructions below.
The length of a 64bit WEP key must be exact 5 characters The length of a 128bit WEP key must be exact 13 characters Allowed characters are letters (upper and lower case) and numbersGenerate a 64bit WEP key:
oot@OpenWrt:~# echo -n 'awerf' | hexdump -e '5/1 "%02x" "\n"' 6177657266Generate a 128bit WEP key:
root@OpenWrt:~# echo -n 'xdhdkkewioddd' | hexdump -e '13/1 "%02x" "\n"' 786468646b6b6577696f646464Now use UCI to configure WEP encryption with the hex key you just generated.
root@OpenWrt:~# uci set wireless.@wifi-iface[0].encryption=wep root@OpenWrt:~# uci set wireless.@wifi-iface[0].key1="786468646b6b6577696f646464" root@OpenWrt:~# uci set wireless.@wifi-iface[0].key=1 root@OpenWrt:~# uci commit wireless root@OpenWrt:~# wifiYou can configure up to four WEP keys.
关于模式:
STA (also called station, client or managed mode) AP又称为master mode
openwrt里面的wifi驱动列表:http://wiki.openwrt.org/doc/howto/wireless.overview
wireless-tools 30236 This package contains a collection of tools for configuring wireless adapters implementing WEXT-API 推荐产品线在必要时安装iw包 cfg80211 interface configuration utility
iw 32.100 cfg80211 interface configuration utility http://wiki.openwrt.org/doc/recipes/start ap sta wds等及拓扑图
包括配置一个客人:http://wiki.openwrt.org/doc/recipes/guest-wlan
该网页同时提供其他选择:HotSpot Nodogsplash or WiFiDog.
openwrt wireless FAQ:http://wiki.openwrt.org/doc/faq/faq.wireless 常见的问题。
iw联网:http://blog.csdn.net/lqrensn/article/details/8159096
ACS(Auto Channel Selection,自动信道选择)
噪音干扰(Noise Floor)
Received Signal Strength Indication接收的信号强度指示
http://wiki.openwrt.org/doc/uci/wireless 无线uci配置文件
http://wiki.openwrt.org/doc/uci/network#interfaces 网络uci配置文件
MadWifi 全称是Multiband Atheros Driver for Wifi,使用Atheros系列芯片的802.11a/b/g无线网卡在linux下驱动程序。
市面上有很多基于Atheros芯片的无线网卡,例如DLink的DWL-G650。
特别注意,在中国大陆市场上出售的DLink的DWL-G650+A 不是基于Atheros芯片组,而是Ralink芯片组,不能使用madwifi驱动!!!
wireless配置:
mode
string yes ap
Selects the operation mode of the wireless network interface controller (some are supported simultaneously by some drivers):
ap
for Access Point,
sta
for managed (client) mode,
adhoc
for Ad-Hoc,
wds
for static WDS,
monitor
for monitor mode,
mesh
for IEEE 802.11s mesh mode
mesh
mode only supported bymac80211
(in trunk)
wds
boolean no 0
This sets 4-address mode
高通私有的:
wds
boolean no 0
Enables Lazy-WDS, only applicable in Access Point or Managed mode wdssep
boolean no 0
Separates WDS clients from each other
关于mesh可以参考:http://wireless.kernel.org/en/users/Documentation/modes 所以高通的实现叫懒惰模式lazy-wds 所以正常是说的wds模式应该是上面的mode=wds 不是wds=1
hostaap可以参考:http://w1.fi/cgit/hostap/tree/hostapd/hostapd.conf
or some atheros WNICs, there are three drivers available: atheros proprietary drivers, madwifi-driver and atheros mac80211-based drivers (ath5, ath9 and ath10k)
The MadWifi Project
This page gives some information about the MadWifi project and it's main "products", the Linux drivers for WLAN cards based on Atheros chipsets, such as MadWifi, ath5k and ath9k.
wds配置:
(1)http://wiki.openwrt.org/doc/recipes/broadcomwds#step.2configure.device.2.wds-test-2
(2)ww.openwrt.org.cn/bbs/thread-480-3-1.html
http://www.openwrt.org.cn/bbs/forum.php?mod=viewthread&tid=60
防火墙可参照:http://www.openwrt.org.cn/bbs/forum.php?mod=viewthread&tid=2986
openwrt wds 博通:http://wiki.openwrt.org/doc/recipes/broadcomwds#step.2configure.device.2.wds-test-2
openwrt wds athros:http://wiki.openwrt.org/doc/recipes/atheroswds
client mode:http://wiki.openwrt.org/doc/howto/clientmode 说明以上wds是怎样实现的
static wds可参考:http://wiki.openwrt.org/doc/recipes/routedclient#using.routing 里面的using routing
wds sta wds ap可参考:http://wiki.openwrt.org/doc/howto/clientmode
wpa配置文件:参考:http://wiki.openwrt.org/doc/howto/clientmode
When the wireless configuration is committed and wifi is commanded, a wpa_supplicant-wlan0.conf (may be something besides wlan0 if you are using a different interface) file is created in the /var/run (same as /tmp/run) directory containing the necessary variables. This looks like the following
ctrl_interface=/var/run/wpa_supplicant-wlan0 network={ scan_ssid=1 ssid="YOUR_SSID_HERE" key_mgmt=WPA-EAP proto=WPA2 eap=PEAP phase2="auth=gtc" identity="YOUR_ID_HERE" password="" <----delete this line and save the fileOn MAC80211 OpenWRT use 4 address (option wds 1) (with ap or sta mode) and not repeater mode.
中继模式要在中继机子上跑wds ap + wds sta
防火墙设置例子:
Step 1: Change the firewall configuration
Edit the /etc/config/firewall file and locate the WAN zone definition. Disable masquerading and set the incoming traffic policy to ACCEPT:
config 'zone'
option 'name' 'wan'
option 'input' 'ACCEPT'
option 'output' 'ACCEPT'
option 'forward' 'REJECT'
option 'mtu_fix' '1'
option 'masq' '0'
Proceed with adding a new forwarding section allowing traffic flow from WAN to LAN:
config 'forwarding'
option 'src' 'wan'
option 'dest' 'lan'
linux下IPTABLES配置详解 http://www.cnblogs.com/JemBai/archive/2009/03/19/1416364.html
linux nat http://www.cnblogs.com/JemBai/archive/2012/04/27/2474003.html
WEP WPA WPA2 开放系统 共享密钥 区别http://www.360doc.com/content/12/0508/21/2614615_209599908.shtml
开放认证与 共享认证: 参考openwrt上面的介绍
For an access point in WEP mode, the default is "open system" authentication. Use wep+shared for "shared key" authentication (less secure), wep+open to explicitly use "open system," or wep+mixed to allow either. wep+mixed is only supported by hostapd.
加密方式为none 也就是:open modewpa是没有以上认证方式的区别只有wep才有以上认证方式的区别。
case "$enc" in
*mixed*) iwpriv "$ifname" authmode 4;;
*shared*) iwpriv "$ifname" authmode 2;;
*) iwpriv "$ifname" authmode 1;;
开放与共享的具体实现通过iwpriv ath0 authmode 4/2/1来实现
使用 hostapd 轻松实现强 WiFi 加密http://www.ibm.com/developerworks/cn/linux/l-wifiencrypthostapd/
bash中 [ $i -lt 5 ] && echo "abc" 只有前面成功执行,也就是返回0 后面才会执行。
wmm:开启它, 音视频媒体优先播放 wmm(无线多媒体)是802.11e 标准的一个子集。wmm 允许无线通信根据数据类型定义一个优先级范围。时间敏感的数据,如视频/音频数据将比普通的数据有更高的优先级。为了使wmm 功能工作,无线客户端必须也支持wmm。客户可以根据需求选择是或否。MM (Wi-Fi MultiMedia) 是 Wi-Fi Alliance (WFA) 的 QoS 证书。WMM 一经启用,适配器便用它来支持 Wi-Fi 网络的优先级标记和排队功能。
cwm:“无线频宽检测”:
cwmenableiwpriv athN cwmenable {1|0} enables or disables automatic channel width management if set to 0,the CWM state machine is disabled (1 enables the state machine) Used when static rates and channel widths are desired. The default is 1 ,The get parameter returms the current value
WEP有2种认证方式:开放式系统认证(open system authentication)和共有键认证(shared key authentication)
开放式系统认证
顾名思义,不需要 密钥验证就可以连接。共有键认证
1. 客户端向接入点发送认证请求。2.接入点发回一个明文。4.接入点对 数据包进行解密,比较明文,并决定是否接受请求。综上所述,共有键认证的安全性高于 开放式系统认证,但是就目前的技术而言,完全可以无视这种认证。
无线的模式:
1/桥接模式 (bridge ap/sta)
Bridged AP-
Bridged AP is to extend your existing wired host router to have wireless capabilities. Clients connecting to OpenWRT will get an IP address from the wired host router.
主要功能:将有线扩展为无线。 也就是将openwrt路由器的无线客户端桥接到广域网,也就是上层路由器http://wiki.openwrt.org/doc/recipes/bridgedap
Bridged Client-//Athrose 不支持 brcm支持
http://wiki.openwrt.org/doc/recipes/bridgedclient
2/路由模式(route ap/client)
Router AP-
In the default configuration, OpenWrt bridges the wireless network to the LAN of the device. The advantage of bridging is that broadcast traffic from Wireless to LAN and vice versa works without further changes.
In order to separate the wireless network from LAN, a new network with the corresponding DHCP and firewall settings must be create。
比桥接模式多了pppoe拨号/nat 等路由功能http://wiki.openwrt.org/doc/recipes/routedap
Router Client-
由于Athrose不支持Bridged Client模式,所以该系列设置为sta即为Router Client模式
包含两种方式:
1/Using MASQUERADE //可以理解为ip地址伪装,与snat方式几乎相同参考
2/ Using routing //基于MASQUERADE且只有在能控制 接入点AP的时候才能配置
1)配置本如有 防火墙
2) 配置远程 dhcp 以及 固定wan ip
两种方式都要执行的内容:After setup everything works BUT client subnet cannot access internet
http://wiki.openwrt.org/doc/recipes/routedclient
3/无线网络桥接 WDS
With this configuration you will be able to wirelessly connect a remote wireless OpenWrt device (acting as the wireless station) to a local wireless OpenWrt point (acting as the wireless access point) and the wired devices connected to both devices will be on the same network and broadcast domain。Other wireless client devices can continue to connect to the wireless access point as before
也就是将sta链接到本地的ap,并且有线链接到这两个设备的与无线网络同处于一个广播域。同时以前可以链接到ap的设备仍然可以正常链接。
http://wiki.openwrt.org/doc/recipes/atheroswds
4/中继模式//Athrose 不支持