Documentation
Getting Started with OpenWRT
OpenWRT System Architecture Overview

OpenWRT System Architecture Overview

Layered Architecture of OpenWRT

Kernel

  • Linux Kernel: OpenWRT uses a customized Linux kernel, typically version 5.15 or 6.1 in recent releases (e.g., 23.05), optimized for embedded devices.
  • Device Drivers: Includes drivers for network interfaces, storage, USB, and wireless chipsets (e.g., Atheros, MediaTek).
  • System Calls: Provides interfaces for user-space applications to interact with hardware.

Device Tree

  • Device Tree: A data structure describing hardware components (e.g., CPU, memory, peripherals).
  • Usage: Used by the kernel and U-Boot to initialize and configure hardware.
  • Bus Drivers: Manages communication between devices (e.g., I2C, SPI).

Toolchain

  • GCC: Uses GNU Compiler Collection for compiling OpenWRT and packages.
  • Binutils: Handles assembling and linking object files.
  • Libraries: Includes musl (default libc in recent versions), libstdc++, and libgcc for lightweight operation.

User Space

  • System Services: Includes procd, netifd, and dnsmasq for process, network, and DNS management.
  • Utilities: Tools like busybox provide essential commands (e.g., ls, cp).
  • Applications: Includes LuCI (web interface), dropbear (SSH), and optional packages like nginx.

Package Management

  • opkg: Manages package installation, updates, and dependencies.
  • Repositories: Connects to OpenWRT’s official and community repositories.

Configuration Management

  • U-Boot: Bootloader for initializing hardware and loading the kernel.
  • UCI: Unified Configuration Interface for system and network settings.
  • Device Tree: Used by U-Boot and kernel for hardware configuration.

Networking

  • Networking Stack: Based on Linux’s network stack, optimized for routing and wireless.
  • Protocols: Supports TCP/IP, UDP, ICMP, IPv6, and routing protocols (e.g., BGP via quagga).
  • Firewall: Uses nftables (since 22.03) for packet filtering and NAT.

Security

  • SELinux/AppArmor: OpenWRT does not use SELinux or AppArmor by default due to resource constraints, contrary to the original notes. Instead, it relies on lightweight security mechanisms.
  • Security Features: Includes dropbear for SSH, wolfssl for TLS, and optional secure boot.
Introduction and FoundationSetting Up the OpenWRT Build Environment