Group: Hardware/Computers/WiFi Access points/D-Link DSR-500N

From LibrePlanet
Jump to: navigation, search

Introduction

  • It ships with u-boot 1.1.1, Linux 2.6.32 and some vendor nonfree GNU/Linux distribution.
  • It has support in upstream Linux (in arch/mips/boot/dts/cavium-octeon/dlink_dsr-500n.dts)
  • It seems to have 128M of RAM and 32M of flash, so it's probably enough to run something like LibreCMC
  • It has an Atheros mPCI WiFi card (probably ath5k compatible)

Though someone needs to do the work of:

  • Convincing LibreCMC to not remove mips64el support (OpenWRT seems to have some support for it for cavium octeon[1]) and adding support for the D-Link DSR-500N to OpenWRT (to reduce the LibreCMC maintenance costs) and LibreCMC, and convince LibreCMC to build images for the D-Link DSR-500N. Alternatively we could bring back the Parabola or Guix port for MIPS64el, but Guix probably requires more than 128M of RAM to do a guix pull or guix system reconfigure, and for Parabola it's probably a lot of work to bring MIPS64el back. LibreCMC would also work without additional hardware (like an USB storage key that would be required for Parabola and Guix).
  • Finding the vendor source code for u-boot and adding support for it in u-boot

Console connector

There is a console connector that uses an RJ45.

The Serial port is connected in this way: 

CPU <-> UART <-> ADM3202 (voltage level shifter) <-> RJ45 console connector.

So for instance you can get the logs if you make a custom Ethernet cable or if you connect a SOIC-16 clip to the ADM3202 chip.

The console port uses the full RS232 voltages, so you need a regular USB to serial adapter that can work with RS232 voltages.

Here's the pinout to make a cable or to connect to the ADM3202 directly:

ADM3202 Ethernet cable RS232 Adapter
PIN 15 (GND) White blue PIN 5 (GND)
PIN 14 (T1 OUT) White green PIN 2 (RX)
PIN 13 (R1 IN) Green PIN 3 (TX)

Boot log

To get the boot log, I connected an USB to serial port adapter and I got the following log: 

# picocom -b 115200 /dev/ttyUSB2
picocom v3.1

port is        : /dev/ttyUSB2
flowcontrol    : none
baudrate is    : 115200
parity is      : none
databits are   : 8
stopbits are   : 1
escape is      : C-a
local echo is  : no
noinit is      : no
noreset is     : no
hangup is      : no
nolock is      : no
send_cmd is    : sz -vv
receive_cmd is : rz -vv -E
imap is        : 
omap is        : 
emap is        : crcrlf,delbs,
logfile is     : none
initstring     : none
exit_after is  : not set
exit is        : no

Type [C-a] [C-h] to see available commands
Terminal ready


U-Boot 1.1.1 (Development build, svnversion: exported) (Build time: Sep  1 2010 - 16:21:09)

Warning: Board descriptor tuple not found in eeprom, using defaults
CUST_DSR500N board revision major:2, minor:0, serial #: unknown
OCTEON CN5010-SCP pass 1.1, Core clock: 300 MHz, DDR clock: 200 MHz (400 Mhz data rate)
DRAM:  128 MB
Flash: 32 MB
Clearing DRAM...... done
BIST check passed.
Starting PCI
PCI Status: PCI 32-bit
PCI BAR 0: 0x00000000, PCI BAR 1: Memory 0x00000000  PCI 0xf8000000
Net:   octeth0, octeth1, octeth2

Hit any key to stop autoboot:  0 
Image name         : DSR-500N_A1_FW2.13_WW
Image size         : 24891392 bytes
Checksum value     : 0xb462de38
Verifying checksum... OK

Auto Booting...
argv[2]: mtdparts=phys_mapped_flash:640k(bootloader)ro,9M(kernel),20M(rootfs),2M(AppConfig),128k(bootload-env)
ELF file is 64 bit
Attempting to allocate memory for ELF segment: addr: 0xffffffff80120000 (adjusted to: 0x0000000000120000), size 0x7e9030
Allocated memory for ELF segment: addr: 0xffffffff80120000, size 0x7e9030
Loading .text @ 0xffffffff80120000 (0xd0 bytes)
Loading .text.nofill @ 0xffffffff801200d0 (0x8 bytes)
Loading .text.error @ 0xffffffff801200d8 (0x38 bytes)
Loading .text.rc_read @ 0xffffffff80120110 (0x80 bytes)
Loading .text.rc_get_bit @ 0xffffffff80120190 (0x178 bytes)
Loading .text.malloc @ 0xffffffff80120308 (0xd8 bytes)
Loading .text.decompress_kernel @ 0xffffffff801203e0 (0x1230 bytes)
Loading .text.puts @ 0xffffffff80121610 (0x8 bytes)
Loading .text.puthex @ 0xffffffff80121618 (0x8 bytes)
Loading .text.main @ 0xffffffff80121620 (0x8 bytes)
Loading .MIPS.options @ 0xffffffff80121628 (0xa0 bytes)
Loading .rodata.str1.8 @ 0xffffffff801216c8 (0x130 bytes)
Loading .data @ 0xffffffff80122000 (0x3e5000 bytes)
Clearing .bss @ 0xffffffff80507000 (0x402030 bytes)
## Loading Linux kernel with entry point: 0xffffffff80120000 ...
Bootloader: Done loading app on coremask: 0x1
Linux version 2.6.32.13-Cavium-Octeon (nagarajub@build-server1) (gcc version 4.3.3 (Cavium Networks Version: 2_0_0 build 95) ) #1 Thu Apr 26 10:05:17 IST 2018
CVMSEG size: 2 cache lines (256 bytes)
Cavium Networks SDK-2.0
bootconsole [early0] enabled
CPU revision is: 000d0601 (Cavium Octeon+)
Checking for the multiply/shift bug... no.
Checking for the daddiu bug... no.
Determined physical RAM map:
 memory: 0000000000230000 @ 0000000001050000 (usable after init)
 memory: 0000000006c00000 @ 0000000001300000 (usable)
Wasting 233856 bytes for tracking 4176 unused pages
Initrd not found or empty - disabling initrd
Zone PFN ranges:
  DMA32    0x00001050 -> 0x00100000
  Normal   0x00100000 -> 0x00100000
Movable zone start PFN for each node
early_node_map[2] active PFN ranges
    0: 0x00001050 -> 0x00001280
    0: 0x00001300 -> 0x00007f00
Built 1 zonelists in Zone order, mobility grouping on.  Total pages: 27820
Kernel command line:  bootoctlinux 0x5500200 mtdparts=phys_mapped_flash:640k(bootloader)ro,9M(kernel),20M(rootfs),2M(AppConfig),128k(bootload-env) console=ttyS0,115200
PID hash table entries: 512 (order: 0, 4096 bytes)
Dentry cache hash table entries: 16384 (order: 5, 131072 bytes)
Inode-cache hash table entries: 8192 (order: 4, 65536 bytes)
Primary instruction cache 32kB, virtually tagged, 4 way, 64 sets, linesize 128 bytes.
Primary data cache 16kB, 64-way, 2 sets, linesize 128 bytes.
Memory: 106636k/112832k available (5023k kernel code, 6032k reserved, 1565k data, 2240k init, 0k highmem)
Hierarchical RCU implementation.
NR_IRQS:408
Calibrating delay loop (skipped) preset value.. 600.00 BogoMIPS (lpj=1200000)
Mount-cache hash table entries: 256
Checking for the daddi bug... no.
NET: Registered protocol family 16
Enabling Octeon big bar support
PCI Status: PCI 32-bit
PCI Clock: 33 MHz
bio: create slab <bio-0> at 0
SCSI subsystem initialized
usbcore: registered new interface driver usbfs
usbcore: registered new interface driver hub
usbcore: registered new device driver usb
pci 0000:00:03.0: PME# supported from D0 D3hot
pci 0000:00:03.0: PME# disabled
Switching to clocksource OCTEON_CVMCOUNT
NET: Registered protocol family 2
IP route cache hash table entries: 1024 (order: 1, 8192 bytes)
TCP established hash table entries: 4096 (order: 4, 65536 bytes)
TCP bind hash table entries: 4096 (order: 3, 32768 bytes)
TCP: Hash tables configured (established 4096 bind 4096)
TCP reno registered
NET: Registered protocol family 1
RPC: Registered udp transport module.
RPC: Registered tcp transport module.
RPC: Registered tcp NFSv4.1 backchannel transport module.
/proc/octeon_perf: Octeon performace counter interface loaded
octeon_wdt: Initial granularity 5 Sec.
HugeTLB registered 2 MB page size, pre-allocated 0 pages
squashfs: version 4.0 (2009/01/31) Phillip Lougher
NTFS driver 2.1.29 [Flags: R/W].
JFFS2 version 2.2. (NAND) © 2001-2006 Red Hat, Inc.
msgmni has been set to 208
alg: No test for stdrng (krng)
io scheduler noop registered
io scheduler anticipatory registered
io scheduler deadline registered
io scheduler cfq registered (default)
Serial: 8250/16550 driver, 2 ports, IRQ sharing disabled
serial8250.0: ttyS0 at MMIO 0x1180000000800 (irq = 58) is a OCTEON
console [ttyS0] enabled, bootconsole disabled
console [ttyS0] enabled, bootconsole disabled
brd: module loaded
loop: module loaded
mdio-octeon: probed
mdio-octeon mdio-octeon.0: Version 1.0
Intel(R) PRO/1000 Network Driver - version 7.3.21-k5-NAPI
Copyright (c) 1999-2006 Intel Corporation.
e1000e: Intel(R) PRO/1000 Network Driver - 1.0.2-k2
e1000e: Copyright (c) 1999-2008 Intel Corporation.
sky2 driver version 1.25
PPP generic driver version 2.4.2
PPP BSD Compression module registered
PPP MPPE Compression module registered
NET: Registered protocol family 24
PPPoL2TP kernel driver, V1.0
PPTP driver version 0.8.5
usbcore: registered new interface driver asix
usbcore: registered new interface driver net1080
usbcore: registered new interface driver cdc_subset
usbmon: debugfs is not available
ehci_hcd: USB 2.0 'Enhanced' Host Controller (EHCI) Driver
ohci_hcd: USB 1.1 'Open' Host Controller (OHCI) Driver
OcteonUSB: Detected 1 ports
OcteonUSB OcteonUSB.0: Octeon Host Controller
OcteonUSB OcteonUSB.0: new USB bus registered, assigned bus number 1
OcteonUSB OcteonUSB.0: irq 80, io mem 0x00000000
usb usb1: configuration #1 chosen from 1 choice
hub 1-0:1.0: USB hub found
hub 1-0:1.0: 1 port detected
OcteonUSB: Registered HCD for port 0 on irq 80
usbcore: registered new interface driver usblp
Initializing USB Mass Storage driver...
usbcore: registered new interface driver usb-storage
USB Mass Storage support registered.
usbcore: registered new interface driver libusual
usbcore: registered new interface driver ums-alauda
usbcore: registered new interface driver ums-datafab
usbcore: registered new interface driver ums-freecom
usbcore: registered new interface driver ums-isd200
usbcore: registered new interface driver ums-jumpshot
usbcore: registered new interface driver ums-karma
usbcore: registered new interface driver ums-onetouch
usbcore: registered new interface driver ums-sddr09
usbcore: registered new interface driver ums-sddr55
usbcore: registered new interface driver ums-usbat
usbcore: registered new interface driver usbserial
USB Serial support registered for generic
usbcore: registered new interface driver usbserial_generic
usbserial: USB Serial Driver core
i2c /dev entries driver
rtc-ds1307 0-0068: rtc core: registered ds1337 as rtc0
i2c-octeon i2c-octeon.0: version 2.0
oprofile: using mips/octeon performance monitoring.
GACT probability NOT on
Mirror/redirect action on
u32 classifier
    Performance counters on
    Actions configured 
Netfilter messages via NETLINK v0.30.
nf_conntrack version 0.5.0 (834 buckets, 3336 max)
CONFIG_NF_CT_ACCT is deprecated and will be removed soon. Please use
nf_conntrack.acct=1 kernel parameter, acct=1 nf_conntrack module option or
sysctl net.netfilter.nf_conntrack_acct=1 to enable it.
ctnetlink v0.93: registering with nfnetlink.
xt_time: kernel timezone is -0000
GRE over IPv4 demultiplexor driver
ip_tables: (C) 2000-2006 Netfilter Core Team
ipt_account 0.1.7 : Piotr Gasid�o <quaker@barbara.eu.org>, http://www.barbara.eu.org/~quaker/ipt_account/
TCP cubic registered
NET: Registered protocol family 10
ip6_tables: (C) 2000-2006 Netfilter Core Team
IPv6 over IPv4 tunneling driver
NET: Registered protocol family 17
Bridge firewalling registered
Ebtables v2.0 registered
802.1Q VLAN Support v1.8 Ben Greear <greearb@candelatech.com>
All bugs added by David S. Miller <davem@redhat.com>
L2 lock: TLB refill 256 bytes
L2 lock: General exception 128 bytes
L2 lock: low-level interrupt 128 bytes
L2 lock: interrupt 640 bytes
L2 lock: memcpy 1152 bytes
Bootbus flash: Setting flash for 32MB flash at 0x1dc00000
phys_mapped_flash: Found 1 x16 devices at 0x0 in 8-bit bank
 Amd/Fujitsu Extended Query Table at 0x0040
phys_mapped_flash: CFI does not contain boot bank location. Assuming top.
number of CFI chips: 1
cfi_cmdset_0002: Disabling erase-suspend-program due to code brokenness.
cmdlinepart partition parsing not available
Creating 7 MTD partitions on "phys_mapped_flash":
0x000000000000-0x0000000a0000 : "bootloader"
0x0000000a0000-0x0000005a0000 : "kernel"
0x0000005a0000-0x000001aa0000 : "rootfs"
0x000001aa0000-0x000001da0000 : "PackageManager"
0x000001da0000-0x000001fa0000 : "AppConfig"
0x000001fa0000-0x000001fe0000 : "EMPTY"
0x000001fe0000-0x000002000000 : "bootload-env"
Freeing unused kernel memory: 2240k freed
/sbin/rc starting
Booting DSR User Space...

Mounting file systems
fuse init (API version 7.13)
octeon-ethernet 2.0
Interface 0 has 3 ports (RGMII)
Sysctl registeration for hardware offload control suceed
productData: module license 'unspecified' taints kernel.
Disabling lock debugging due to kernel taint
Initialzing Product Data modules 
Loading LED driver
bwMonitor sysctl registered
CONFIG_SYSCTL enabled ...
Initialized bandwidth monitor ...
GobiNet: 2011-07-29-1026
usbcore: registered new interface driver GobiNet
USB Serial support registered for GSM modem (1-port)
usbcore: registered new interface driver option
option: v0.7.2:USB Driver for GSM modems
usbcore: registered new interface driver cdc_acm
cdc_acm: v0.26:USB Abstract Control Model driver for USB modems and ISDN adapters
Enabling Quiet Boot...Done
Setting up loopback
Setting mac address for LAN/WAN1/WAN2
Setting Hostname... Done.
setting Host name.
setting hostname as DSR-500N
Starting pnac daemon...Done
Loading WLAN Modules...Done
Starting dot11 daemon...Done
net.ipv6.conf.eth1.accept_ra = 0
net.ipv6.conf.eth2.accept_ra = 0
net.ipv6.conf.eth1.router_solicitations = 0
net.ipv6.conf.eth2.router_solicitations = 0
Creating Dummy Config File
Starting linkmonitor daemonDone
Inserting ipset modules...Done
inserting default firewall rules
inserting default firewall6 rules
Private Tunnel Intialization .......teamf1.cfg.ascii
teamf1.cfg.ascii
Restoring configuration from persistant storage...
cpAcc.db             en_US.db             system.sql
curRegionInfo.txt    solution_snort.conf  teamf1.cfg.ascii
data                 stats.db             wcfClientd.conf
dhScript.sh          stats.sql
dummy.file           system.db
making database from system settings...
DOT11 CRON : Handling the cron issues for active time.
DOT11 CRON : Calling the cron handler.
restore file: /tmp/teamf1.cfg.ascii
importing...
setting up hardware watchdog timer... Done
Inserting the bcm debug module...Done
Inserting the power saving module...Done
Starting NIMF daemon... Done
creating smtpAlg device
Creating /dev/smtpAlg
starting firewalld Daemon...Done
Starting AutoL2tpIpsec Daemon...Done
Starting IKE Daemon...Done
Done
Starting VPN KEEP ALIVE Daemon...Done
Restoring certficates from persistant storage...Done
SSLVPN Intialization .......  Done
Webserver Starting....Done
Copying Default Login Images...Getting firmware version...Done
Making Brand.conf... 
Done creating Brand.conf
Starting status monitor daemonDone
Copying necessary files for PPTP Server... 
Done
Initializing 3G... Done
starting ntpd Daemon...Done
Logging database already exists.
Loading WpsPB Module..Initialzing Wps module 
starting SNMP Daemon...Done
Starting the cron deamon...Done
Creating /dev/pts/0 pseudo device for L2TP <-> PPP communication... Done
Bandwidth Profile Initialization...Done
OPENVPN Intialization .......Auth Intialization .......  starting auth daemon
Done
Starting captivePortal daemon... Done
Starting CP Accounting daemon... Done
Starting intelAmt daemon... Done
Starting the LM deamon...Done
Loading Factory Defaults ModulesInitialzing Factory defaults modules 
Creating directory /usr/lib/cups ...Done
Creating /var/run/cups/certs ...Done
Creating /var/spool/cups ...Done
Creating /var/spool/cache ...Done
Copying mime files ...Done
Creating directory /tmp/var...Done
Creating directory /tmp/private...Done
Creating misc directories for AD and NT Domain authentication ..\nCopying necessary files for L2TP Server... 
Done
*** glibc detected *** /pfrm2.0/bin/l2tpClientConfig: free(): invalid pointer: 0x2bd49730 ***
Enable hardware offload
DSR-500N login:

We can then login with the following data

Username: admin
Password: admin

And this doesn't give us a shell but a configuration console.

Note that it is also possible to have a shell in u-boot so it might be possible to get a GNU/Linux shell by passing arguments to Linux though the u-boot shell.

u-boot configuration

Here is the u-boot environment: 

bootdelay=3
baudrate=115200
download_baudrate=115200
bootloader_flash_update=protect off $(uboot_flash_addr) +$(uboot_flash_size);erase $(uboot_flash_addr) +$(uboot_flash_size);cp.b $(fileaddr) $(uboot_flash_addr) $(uboot_flash_size);run nuke_env
burn_app=erase $(flash_unused_addr) +$(filesize);cp.b $(fileaddr) $(flash_unused_addr) $(filesize)
bf=bootoct $(flash_unused_addr) forceboot numcores=$(numcores)
nuke_env=protect off $(env_addr) +$(env_size); erase $(env_addr) +$(env_size)
linux_start=0xbdca0000
linux_limit=0xbf99ffff
linux_limit_old=0x1800000
linux_update=protect off $(linux_start) +$(linux_limit_old);erase $(linux_start) +$(linux_limit_old);cp.b $(fileaddr) $(linux_start) $(filesize)
flash_linux_boot=cp.b $(linux_start) $(loadaddr) $(linux_limit_old);bootoctlinux $(loadaddr);
firm_flash=erase $(linux_start) $(linux_limit);cp.b $(fileaddr) $(linux_start) 0x1d00000
boot_firm=cp.b $(linux_start) $(loadaddr) 0x900000;bootoctlinux 0x5500200 mtdparts=phys_mapped_flash:640k(bootloader)ro,9M(kernel),20M(rootfs),2M(AppConfig),128k(bootload-env);
ls=fatls ide 0
autoload=n
autotest=1
ipaddr=192.168.1.1
serverip=192.168.1.100
ethact=octeth0
bootcmd=bootFirmware
loadaddr=0x5500000
numcores=1
stdin=serial
stdout=serial
stderr=serial
env_addr=0xbfbe0000
env_size=0x20000
flash_base_addr=0xbdc00000
flash_size=0x2000000
uboot_flash_addr=0xbdc40000
uboot_flash_size=0x60000
flash_unused_addr=0xbdca0000
flash_unused_size=0x1f40000

Environment size: 1445/131068 bytes

And we have the following commands available: 

?       - alias for 'help'
askenv  - get environment variables from stdin
autoscr - run script from memory
base    - print or set address offset
bootFirmware - Check the firmware CRC number and varify the firmeware is good.
bootelf - Boot from an ELF image in memory
bootoct - Boot from an Octeon Executive ELF image in memory
bootoctelf - Boot a generic ELF image in memory. NOTE: This command does not support
             simple executive applications, use bootoct for those.
bootoctlinux - Boot from a linux ELF image in memory
bootp   - boot image via network using BootP/TFTP protocol
clrgpio   - Clear GPIO.
cmp     - memory compare
coninfo - print console devices and informations
cp      - memory copy
crc32   - checksum calculation
date    - get/set/reset date & time
dhcp    - invoke DHCP client to obtain IP/boot params
echo    - echo args to console
eeprom  - EEPROM sub-system
erase   - erase FLASH memory
ext2load- load binary file from a Ext2 filesystem
ext2ls  - list files in a directory (default /)
fatinfo - print information about filesystem
fatload - load binary file from a dos filesystem
fatloadalloc - load binary file from a dos filesystem, and allocate
          a named bootmem block for file data
fatls   - list files in a directory (default /)
flinfo  - print FLASH memory information
freeprint    - Print list of free bootmem blocks
frtest   - Test reset button.
getpd - print values of all product data
go      - start application at address 'addr'
gunzip  - Uncompress an in memory gzipped file
help    - print online help
ide     - IDE sub-system
itest	 - return true/false on integer compare
ledphy   - Turn on/off PHY LED
ledtest   - Turn on/off LED
loadb   - load binary file over serial line (kermit mode)
loop    - infinite loop on address range
md      - memory display
mii     - MII utility commands
mm      - memory modify (auto-incrementing)
mtest   - simple RAM test
mw      - memory write (fill)
namedalloc    - Allocate a named bootmem block
namedfree    - Free a named bootmem block
namedprint    - Print list of named bootmem blocks
nm      - memory modify (constant address)
pci     - list and access PCI Configuraton Space
ping    - send ICMP ECHO_REQUEST to network host
printenv- print environment variables
protect - enable or disable FLASH write protection
rarpboot- boot image via network using RARP/TFTP protocol
read64    - read 64 bit word from 64 bit address
read64b    - read 8 bit word from 64 bit address
read64l    - read 32 bit word from 64 bit address
read64s    - read 16 bit word from 64 bit address
read_cmp    - read and compare memory to val
readgpio   - Read GPIO.
reset   - Perform RESET of the CPU
run     - run commands in an environment variable
saveenv - save environment variables to persistent storage
savepd - save product data to persistent storage
setenv  - set environment variables
setgpio   - Set GPIO.
setpd - set product data
sleep   - delay execution for some time
switch_reg_read     - BCM53115S reg Read commands
switch_reg_write     - BCM53115S Register Write commands
tftpboot- boot image via network using TFTP protocol
tlv_eeprom  - EEPROM data parsing for ebt3000 board
version - print monitor version
wptest   - Test WPS button.
write64    - write 64 bit word to 64 bit address
write64b    - write 8 bit word to 64 bit address
write64l    - write 32 bit word to 64 bit address
write64s    - write 16 bit word to 64 bit address

This might be relevant somehow to write some installation instructions if one day someone adds support for it in LibreCMC.

References

  1. https://openwrt.org/docs/techref/instructionset/mips64_octeon
Retrieved from "https://libreplanet.org/wiki?title=Group:Hardware/Computers/WiFi_Access_points/D-Link_DSR-500N&oldid=68388"