DDWRT Firmware

Help documents of dd-wrt



Basic Setup

Shortcut Forwarding Engine

Q) What is Shortcut?
A) Shortcut is an in-Linux-kernel IP packet forwarding engine. It’s designed to offer very high speed IP packet forwarding based on IP connection tracking. It’s dramatically faster than the standard netfilter-based NAT forwarding path but is designed to synchronise state back to netfilter/conntrack so that it doesn’t need to deal with all of the complexities of special cases.

Q) What versions of IP does it support?
A) The current version only supports IPv4 but will be extended to support IPv6 in the future.

Q) What transport protocols does it support?
A) TCP and UDP. It also knows enough about ICMP to spot ICMP error messages related to TCP and UDP and handle things accordingly.

Q) Is there a design spec for this software?
A) Not at the moment. I’ll write one when I get more time. The code is intended to be a good tutorial though - it’s very heavily commented. If you find yourself reading something and not understanding it then I take that to mean I’ve probably not done a sufficently good job of explaining what it’s doing in the comments. Let me know - I will try to fix it :-)

Q) Why was it written?
A) It was written as a demonstration of what can be done to provide high performance forwarding inside the kernel. There were two initial motivations:

    1. To provide a platform to enable research into how QoS analysis systems can offload work and avoid huge Linux overheads.
    1. To provide a tool to investigate the behaviour of various processors, SoCs and software sets so that we can characterize and design new network processor SoCs.

Q) How much faster is it than the Linux kernel forwarding path?
A) At the time of pushing this to github it’s been tested on a QCA AP135. This has a Scorpion (QCA Scopion, not the QMC one :-)) SoC, QCA9550. The SoC’s processor is a MIPS74K running at 720 MHz and with a DDR2 memory subsystem that offers a peak of 600 MT/s (16-bit transfers). Running IPv4 NAT forwarding of UDP between the board’s 2 GMAC ports and using a SmartBits 200 as a traffic generator Linux is able to forward 70k PPS. Once the SFE code is invoked this will increase to 350k PPS! There’s also a slightly hacky mode which causes SFE to bypass the Linux bridge layer, but this isn’t really ready for use because it doesn’t have sufficient MAC address checks or integration of statistics back to the Ethernet bridge, but that runs at 436k PPS.


Spanning Tree Protocol(STP)在IEEE802.1D文档中定义。该协议的原理是按照树的结构来构造网络拓扑,消除网络中的环路,避免由于环路的存在而造成广播风暴问题。

Advanced Routing

Operating Mode

  • Gateway: Setting the operating mode to “gateway” allows your router to route packets between the LAN/WLAN and the Internet (through the WAN port). This is the default setting and the most common setting when the router is hosting the network’s Internet connection through the WAN port
  • BGP(Border Gateway Protocol): Border Gateway Protocol (BGP) is the core routing protocol of the Internet, generally used by Internet Service Providers to establish routing among each other. It is also used on private networks to “multihome”.
  • RIP2 Router
  • OLSR Router (Optimized Link State Routing Protocol): OLSR (Optimized Link State Routing Protocol) is an IP routing protocol optimized for mobile ad-hoc networks, which can also be used on other wireless ad-hoc networks. OLSR is a proactive link-state routing protocol, which uses hello and topology control (TC) messages to discover and then disseminate link state information throughout the mobile ad-hoc network. Individual nodes use this topology information to compute next hop destinations for all nodes in the network using shortest hop forwarding paths.
  • Router: A router is a device that handles IP addressing. Routers connect LANs and WANs together. Routers link MAC addresses to IP addresses. Interfaces connect to switches in a lan, those switches are connected to routers to communicate beyond their LAN. The router itself does NOT include the Wireless Access Point (WAP) or 5 port switch that “home routers” include (like my wrt-54gs). Most of these devices are actually “3-in-1” devices (router, switch, WAP).


QCA wireless settingson ddwrt website.

Noise Immunity

Controls radio sensitivity in noisy environments by tuning driver parameters from info based on but not limited to, OFDM/CCK errors, beacon RSSI levels, OFDM weak detection, FIRPWR, FIRSTEP_LEVEL, CYCPWR_THR1.
The goal of noise immunity is in the name, to help make the router more “immune” to noise, its generally recommended to leave this enabled, only disable if you are an advanced user, are diagnosing various wireless issues, or it fixes a specific issue you were having.
Especially if you have multiple Qualcomm Atheros routers connected to eachother in any way, its highly recommended to have noise immunity enabled or disabled on all routers, not mixed.
There has been some reports over the years that disabling noise immunity has helped stabilize the WLAN in terms of throughput or reducing dropouts, disabling noise immunity could also result in great or unchanged close range performance, but horrible or no throughput whatsoever, at medium ~ far range, so experiment with this setting.
There is also some cases where enabling noise immunity gives abnormally low TX/RX rates and throughput, or noise immunity is simply too aggressive even in low noise, in this case, disable, but start with enabled first.

Short GI

Short Gi(shorter guard interval)

The standard guard interval used in 802.11 OFDM is 0.8 μs, to increase data rate 802.11n added optional support for a shorter 0.4 μs guard interval which provides about a 10% increase in data rate.
The shorter guard interval could (but usually doesn’t) result in a higher packet error rate if timing synchronization between the transmitter and receiver is not precise.
To reduce complexity, short guard interval is only implemented as a final rate adaptation step when the device is running at its highest data rate such as 72 Mbps, 144 Mbps, 300 Mbps etc, this is by design and not changeable.

Airtime Fairness

  • Available Settings: Enable, Disable
  • Default Setting: Disable
  • Recommended Setting: Enable

Airtime Fairness is a feature that boosts the overall network performance by sacrificing a little bit of network time on your slowest devices (A/B/G, even N when compared to AC).
The slower Wi-Fi devices can be slow from either long physical distance, weak signal strength, or simply being a legacy device using an older standard.
Example; Device A, functioning at 1 Mb/s and a faster device, B, that transmits at 5 Mb/s. If A needs to transmit 10 Mb of data, it will take 10 seconds. This means that for B to start data transmission after A, it may need to wait the full 10 seconds before A finishes it’s transmission. Airtime fairness will give each device a fair amount of time. Instead of mostly or all air time to one device.

Sensitivity Range

Sensitiveity Range (ACK Timing)

Adjusts the ACK timing in Atheros typical way based on the maximum distance in meters:

  • 0:disables ACK timing completely
  • 1-999999: adjusts ACK timing

The default is 2000 meters.
When a packet is sent out from the router, it waits for an “ACKnowledgement” frame from the other end. The router will wait for a response until a certain amount of time has elapsed, called the “ACK timeout” (or “window”).
Conventional wisdom holds that should be set to the maximum distance in meters x 2 (doubled to account for round-trip). For example, if you roam with your laptop up to 50 meters from your AP, the setting would be 100.
Under nominal conditions (obstructions, power limitations, in-band interference, etc), the usable range of 802.11b/g is perhaps less than 100 meters, so it might seem that this setting should never exceed 200. However, if using a directional antenna that boosts range, timing needs would increase. Maximum theoretical ACK timeouts are approximately 744µs (11 km) for 802.11b, and 372µs (55 km) for 802.11g. There have been reports of experimental, assisted WiFi connections in excess of 40 kilometers plus.
Another use for ACK might be for restricting the distance at which people can connect. This could be useful for WDS access points or for minimizing the zone of connectivity.
Keep in mind, the higher the ACK timing, the lower the throughput will be. If set too high, packets could be lost as the router waits for the ACK window to timeout. Conversely, if ACK is set too low, the window will expire too soon and returning packets could be dropped, also lowering throughput.



Boot Wait

Boot Wait is a feature you will hopefully never need. It introduces a short delay while booting (5 seconds). During this delay, you can initiate the upload of a new firmware image, usually with TFTP or Telnet, providing flash ROM is not completely broken. This is only necessary if the installed firmware will not boot or you cannot use the upload routine in the DD-WRT GUI. The default and recommended setting is “Enable”. You can access the Boot Wait setting by going to “Administration” > “Management”. For more info, see the topic Is your router bricked? in Peackock Thread in the Broadcom Forum.


802.1x协议是基于Client/Server的访问控制和认证协议。它可以限制未经授权的用户/设备通过接入端口(access port)访问LAN/WLAN。在获得交换机或LAN提供的各种业务之前,802.1x对连接到交换机端口上的用户/设备进行认证。在认证通过之前,802.1x只允许EAPoL(基于局域网的扩展认证协议)数据通过设备连接的交换机端口;认证通过以后,正常的数据可以顺利地通过以太网端口。


  1. 当用户有上网需求时打开802.1X客户端程序,输入已经申请、登记过的用户名和口令,发起连接请求。此时,客户端程序将发出请求认证的报文给交换机,开始启动一次认证过程。
  2. 交换机收到请求认证的数据帧后,将发出一个请求帧要求用户的客户端程序将输入的用户名送上来。
  3. 客户端程序响应交换机发出的请求,将用户名信息通过数据帧送给交换机。交换机将客户端送上来的数据帧经过封包处理后送给认证服务器进行处理。
  4. 认证服务器收到交换机转发上来的用户名信息后,将该信息与数据库中的用户名表相比对,找到该用户名对应的口令信息,用随机生成的一个加密字对它进行加密处理,同时也将此加密字传送给交换机,由交换机传给客户端程序。
  5. 客户端程序收到由交换机传来的加密字后,用该加密字对口令部分进行加密处理(此种加密算法通常是不可逆的),并通过交换机传给认证服务器。
  6. 认证服务器将送上来的加密后的口令信息和其自己经过加密运算后的口令信息进行对比,如果相同,则认为该用户为合法用户,反馈认证通过的消息,并向交换机发出打开端口的指令,允许用户的业务流通过端口访问网络。否则,反馈认证失败的消息,并保持交换机端口的关闭状态,只允许认证信息数据通过而不允许业务数据通过。


Routing enables the OSPF and RIP routing daemons if you have set up OSPF or RIP routing in the Advanced Routing page.



Flash Firmware


  • 路由器的现有固件必须是ddwrt。
  • 设置里的”Administration–>Management–>Boot Wait“选项必须开启。
  1. Set your computer hardware adapter to a static IP address within the same subnet as the router’s original firmware (ex…set a static of if your router’s default IP address is Set the net mask to
  2. Start the TFTP utility.
    :~$ tftp
    tftp> binary
    tftp> rexmt 1
    tftp> timeout 60
    tftp> put dd-wrt.bin
  3. Now plug the ethernet cable from your computer into a LAN port of the router.
  4. Unplug the router, plug it back in, and immediately hit the enter button on keyboard.
  5. If it worked, it will say something like “Sent 1769472 bytes in 9.0 seconds”. If it didn’t work, it will say “Transfer timed out.” This is often because it cannot connect to the IP address. Make sure you have manually set your computer’s IP address to one in the router’s subnet.
  6. Once it flashes and you receive the Success message. Wait for a full 2 minutes while the new firmware flash configures itself. DO NOT power down the router!

Use Web GUI

  1. “Administration–>Factory Defaults–>Restore Factory Defaults”
  2. “Administration–>Firmware Upgrade”, browse the firmware and click upgrade button.

Use Command Line

This is only available on routers that already have DD-WRT installed and Telnet/SSH enabled.
It is the ONLY recommended method to upgrade the router wirelessly because the file is transferred from the DD-WRT servers to the router and the checksum is verified to ensure that the file is not corrupt.
Other flashing methods transfer the file from your PC to the router (which would go over the wireless which is not as reliable) and do nothing to verify that the file is not corrupted.

  1. Telnet or ssh into DD-WRT.
  2. Download the firmware to the router’s /tmp directory with wget (http or ftp), curl (http or ftp), scp, or a mounted share.
    # Method 1
    root@DD-WRT:~# cd /tmp
    root@DD-WRT:/tmp# wget http://download1.dd-wrt.com/dd-wrtv2/downloads/betas/{year}/{build}/dd-wrt-xxx.bin
    # Method 2
    :~$ scp dd-wrt-xxx.bin [email protected]:/tmp/
  3. For modern builds, one can also download the file to their computer and check the md5sum for both downloads:
    root@DD-WRT:/tmp# md5sum dd-wrt-xxx.bin
  4. Now write the firmware to flash (do NOT use mtd write):
    write dd-wrt-xxx.bin linux &
    freeram=[8085504] bufferram=[1839104]
    The free memory is enough, writing image once.
    linux: CRC OK (0x64A4D852)
    Writing image to flash, waiting a moment...
    write block [3866624] at [0x003B0000]
    done [3932160]

    Note: some routers can have more than one firmware partition: e.g. linux and linux2
  • For an example on how to check and switch boot partitions, see here.
  1. reboot router
    root@DD-WRT:/tmp# reboot
  2. reset nvram
    root@DD-WRT:~# erase nvram;nvram erase; reboot