OpenWRT

openwrt.org
OpenWRT Icon

Plenty of scope for customization and a ton of supported addons. Stateful firewall, NAT, and dynamically-configured port forwarding protocols (UPnP, NAT-PMP + upnpd, etc), Load balancing, IP tunneling, IPv4 & IPv6 support.

Open Source

OpenWRT Privacy Policy

Privacy Policy Summary

  • There is a date of the last update of the terms
  • The service can delete your account without prior notice and without a reason

Documents

Domains Covered by Policy

  • openwrt.org
  • forum.openwrt.org

About the Data

This data is kindly provided by tosdr.org. Read full report at: #1603

OpenWRT Source Code

Author

openwrt

Description

This repository is a mirror of https://git.openwrt.org/openwrt/openwrt.git It is for reference only and is not active for check-ins. We will continue to accept Pull Requests here. They will be merged via staging trees then into openwrt.git.

Homepage

License

NOASSERTION

Created

09 Nov 15

Last Updated

19 Jul 24

Latest version

v23.05.4

Primary Language

C

Size

246,574 KB

Stars

19,028

Forks

10,047

Watchers

19,028

Language Usage

Language Usage

Star History

Star History

Recent Commits

  • John Audia (18 Jul 24)

    kernel: bump 6.6 to 6.6.41 Changelog: https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.41 Manually rebased: lantiq/patches-6.6/0028-NET-lantiq-various-etop-fixes.patch All other patches automatically rebased. Build system: x86/64 Build-tested: x86/64/AMD Cezanne, flogic/xiaomi_redmi-router-ax6000-ubootmod Run-tested: x86/64/AMD Cezanne, flogic/xiaomi_redmi-router-ax6000-ubootmod Signed-off-by: John Audia <[email protected]>

  • Zxl hhyccc (18 Jul 24)

    kernel: bump 6.1 to 6.1.100 https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.100 All patches automatically rebased. Build system: bcm53xx ath79 Signed-off-by: Zxl hhyccc <[email protected]>

  • Rafał Miłecki (12 Jul 24)

    base-files: upgrade: nand: use "cmd" argument for extracting command NAND code uses either "cat" or "zcat" for getting firmware image content. Code was full of duplicated ${gz}cat calls. Use "cmd" variable that is determined by a caller and passed to lower level functions. This avoids code duplication and allows adding support for more formats. Signed-off-by: Rafał Miłecki <[email protected]>

  • Rafał Miłecki (12 Jul 24)

    base-files: upgrade: nand: document nand_do_upgrade() Describe what firmware files are supported. Signed-off-by: Rafał Miłecki <[email protected]>

  • Tianling Shen (02 Apr 24)

    mediatek: switch to fitblk for cmcc rax3000m Use the new fitblk driver. Tested-by: Yangyu Chen <[email protected]> Signed-off-by: Tianling Shen <[email protected]>

  • Tianling Shen (02 Apr 24)

    mediatek: convert eeprom/macaddr to nvmem format for cmcc rax3000m Switch to new nvmem binding. Also fixes a issue that the MAC address assigned to lan/wan was reversed on eMMC boards. Signed-off-by: Tianling Shen <[email protected]>

  • Martin Schiller (18 Jul 24)

    target.mk: init default configs if they are missing in the .config The config options that are enabled by default and where other default packages depends on should not only be set if there is no .config file, but also if the .config exists but the config option (e.g. CONFIG_SECCOMP) is missing in the file. This is relevant, for example, if you are working with .config templates and then want to complete the configuration using make defconfig. Signed-off-by: Martin Schiller <[email protected]>

  • Martin Schiller (17 Jul 24)

    target.mk: further improve handling of default enabled SECCOMP The fix in commit 847fad476f3d ("target.mk: improve handling of default enabled SECCOMP") unfortunately does not work for targets where the ARCH variable is set in ./$(SUBTARGET)/target.mk. To get this working, the ./$(SUBTARGET)/target.mk must be included before the check. Fixes: 847fad476f3d ("target.mk: improve handling of default enabled SECCOMP") Signed-off-by: Martin Schiller <[email protected]>

  • Daniel Golle (18 Jul 24)

    mediatek: fix platform_copy_config() Also use env variables exported by export_fitblk_rootdev() in platform_copy_config(). Fixes: 4448d6325f ("mediatek: make use of common uImage.FIT upgrade functions") Signed-off-by: Daniel Golle <[email protected]>

  • Daniel Golle (17 Jul 24)

    base-files: remove fitblk_get_bootdev() from /lib/upgrade/common.sh The function was moved to /lib/upgrade/fit.sh which is part of the fitblk package. Remove it from /lib/upgrade/common.sh to safe space on boards not using unified uImage.FIT images. Signed-off-by: Daniel Golle <[email protected]>

  • Daniel Golle (17 Jul 24)

    uboot-envtools: use /lib/upgrade/fit.sh Use export_fitblk_bootdev() in /lib/upgrade/fit.sh instead of now deprecated fitblk_get_bootdev() function. Include /lib/upgrade/fit.sh instead of /lib/upgrade/common.sh to allow removing the function there. Signed-off-by: Daniel Golle <[email protected]>

  • Daniel Golle (17 Jul 24)

    mediatek: make use of common uImage.FIT upgrade functions Use newly introduced fit_do_upgrade() function in /lib/upgrade/platform.sh. Signed-off-by: Daniel Golle <[email protected]>

  • Daniel Golle (17 Jul 24)

    fitblk: move shell functions to common file Move shell functions used for sysupgrade into /lib/upgrade/fit.sh. Introduce improved fitblk boot device detection function which works also in case ubiblock devices have not yet been created or even UBI itself not yet being attached. Signed-off-by: Daniel Golle <[email protected]>

  • Jan Hoffmann (13 Jul 24)

    omap: re-enable target The target was marked source-only due do the broken Ethernet port on some devices. With that fixed, it can be enabled again. Signed-off-by: Jan Hoffmann <[email protected]>

  • Jan Hoffmann (13 Jul 24)

    omap: switch back to old cpsw ethernet driver The new cpsw-switch driver reserves VLAN 1 for internal use, which conflicts with the default network configuration of OpenWrt. Switch back to the older cpsw driver to make the network connection on the affected devices (BeagleBone Black and AM335x EVM) usable again. Signed-off-by: Jan Hoffmann <[email protected]>

  • Zxl hhyccc (16 Jul 24)

    kernel: bump 6.1 to 6.1.99 https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.99 All patches automatically rebased. Build system: Kirkwood bcm53xx Signed-off-by: Zxl hhyccc <[email protected]>

  • Christian Marangi (16 Jul 24)

    imagebuilder: remove initramfs image files Initramfs images are not supported by imagebuilder. With recent changes to support Per Device Rootfs, we now generate an image and a vmlinux for each Rootfs and these additional files are all shipped in the imagebuilder tar. Drop these new file and any vmlinux-initramfs as they are not used and increase the final size of the imagebuilder archive. Signed-off-by: Christian Marangi <[email protected]>

  • John Audia (15 Jul 24)

    kernel: bump 6.6 to 6.6.40 Changelog: https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.40 All patches (one in this case) automatically rebased. Build system: x86/64 Build-tested: x86/64/AMD Cezanne, flogic/glinet_gl-mt6000 Run-tested: x86/64/AMD Cezanne, flogic/glinet_gl-mt6000 Signed-off-by: John Audia <[email protected]> Link: https://github.com/openwrt/openwrt/pull/15956 Signed-off-by: Hauke Mehrtens <[email protected]>

  • Hauke Mehrtens (14 Jul 24)

    wolfssl: Update to version 5.7.2 This fixes multiple security problems: * [Medium] CVE-2024-1544 Potential ECDSA nonce side channel attack in versions of wolfSSL before 5.6.6 with wc_ecc_sign_hash calls. * [Medium] CVE-2024-5288 A private key blinding operation, enabled by defining the macro WOLFSSL_BLIND_PRIVATE_KEY, was added to mitigate a potential row hammer attack on ECC operations. * [Low] When parsing a provided maliciously crafted certificate directly using wolfSSL API, outside of a TLS connection, a certificate with an excessively large number of extensions could lead to a potential DoS. * [Low] CVE-2024-5991 In the function MatchDomainName(), input param str is treated as a NULL terminated string despite being user provided and unchecked. * [Medium] CVE-2024-5814 A malicious TLS1.2 server can force a TLS1.3 client with downgrade capability to use a ciphersuite that it did not agree to and achieve a successful connection. * [Medium] OCSP stapling version 2 response verification bypass issue when a crafted response of length 0 is received. * [Medium] OCSP stapling version 2 revocation bypass with a retry of a TLS connection attempt. Unset DISABLE_NLS to prevent setting the unsupported configuration option --disable-nls which breaks the build now. Link: https://github.com/openwrt/openwrt/pull/15948 Signed-off-by: Hauke Mehrtens <[email protected]>

  • Chad Monroe (15 Jul 24)

    mediatek: filogic: disable eMMC HS400 mode for Mount Stuart series The eMMC chip used in a small batch of these devices has issues operating in HS400 mode. Reducing to HS200 mode works around the problem and does not cause any noticeable performance penalties as smaller chips are not fast enough to saturate the bus. Root cause analysis is pending. Signed-off-by: Chad Monroe <[email protected]>

  • Felix Fietkau (15 Jul 24)

    uboot-mediatek: fix build error on mt7988-rfb Remove an unnecessary config option that was breaking the build Signed-off-by: Felix Fietkau <[email protected]>

  • Zxl hhyccc (12 Jul 24)

    kernel: bump 6.1 to 6.1.98 https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.98 All patches automatically rebased. Build system: bcm53xx ath79 Signed-off-by: Zxl hhyccc <[email protected]> Link: https://github.com/openwrt/openwrt/pull/15935 Signed-off-by: Hauke Mehrtens <[email protected]>

  • John Audia (11 Jul 24)

    kernel: bump 6.6 to 6.6.39 Changelog: https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.39 Manually rebased: generic/backport-6.6/0080-v6.9-smp-Avoid-setup_max_cpus_namespace_collision_shadowing.patch Removed upstreamed: generic/backport-6.6/801-v6.11-gpio-mmio-do-not-calculate-bgpio_bits-via-ngpios.patch[1] generic/backport-6.6/0081-v6.10-cpu-Fix-broken-cmdline-nosmp-and-maxcpus-0.patch[2] All other patches automatically rebased. 1. https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v6.6.39&id=dee87316b5f5f167a201491a774bbd6e10c8dd94 2. https://github.com/gregkh/linux/commit/69787793e7f0673465c89714d1522fde978bbfa8 Build system: x86/64 Build-tested: x86/64/AMD Cezanne, flogic/glinet_gl-mt6000, flogic/xiaomi_redmi-router-ax6000-ubootmod, ramips/tplink_archer-a6-v3 Run-tested: x86/64/AMD Cezanne, flogic/glinet_gl-mt6000, flogic/xiaomi_redmi-router-ax6000-ubootmod, ramips/tplink_archer-a6-v3 Signed-off-by: John Audia <[email protected]> Co-authored-by: Hauke Mehrtens <[email protected]> Link: https://github.com/openwrt/openwrt/pull/15928 Signed-off-by: Hauke Mehrtens <[email protected]>

  • Daniel Golle (14 Jul 24)

    fstools: update to git HEAD 408c2cc libfstools: skip JFFS2 padding when BLOCKSIZE was given 013050f fstools: remove redundant F2FS_MINSIZE definition Signed-off-by: Daniel Golle <[email protected]>

  • Daniel Golle (14 Jul 24)

    mediatek: add BPi-R3 mini to platform_check_image() Add entry for the BananaPi R3 mini to the platform_check_image() function where it has been missing. Signed-off-by: Daniel Golle <[email protected]>

  • Daniel Golle (09 Jul 24)

    uboot-mediatek: remove hard-coded UBI volume numbers There is no point in hard-coding the UBI volume numbers as we are dynamically looking up the volume by volume name in all cases by now. Remove this relict as it causes problems without being useful for anything. Signed-off-by: Daniel Golle <[email protected]>

  • Shiji Yang (05 Jul 24)

    uboot-mediatek: refresh device defconfig files It seems that most of them are manually modified. However, we can use `make savedefconfig` to generate a clean defconfig file. Refreshed by: ``` Boards=( mt7623n_bpir2_defconfig \ mt7623a_unielec_u7623_02_defconfig \ mt7622_bananapi_bpi-r64-sdmmc_defconfig \ mt7622_bananapi_bpi-r64-emmc_defconfig \ mt7622_bananapi_bpi-r64-snand_defconfig \ mt7622_linksys_e8450_defconfig \ mt7622_ubnt_unifi-6-lr-v1_defconfig \ mt7622_ubnt_unifi-6-lr-v2_defconfig \ mt7622_ubnt_unifi-6-lr-v3_defconfig \ ravpower-rp-wd009-ram_defconfig \ mt7621_zbtlink_zbt-wg3526-16m_defconfig \ mt7986_netcore_n60_defconfig \ mt7986a_bpi-r3-emmc_defconfig \ mt7986a_bpi-r3-nor_defconfig \ mt7986a_bpi-r3-sd_defconfig \ mt7986a_bpi-r3-snand_defconfig \ mt7986_xiaomi_redmi-ax6000_defconfig \ mt7986_tplink_tl-xdr4288_defconfig \ mt7986_tplink_tl-xdr6086_defconfig \ mt7986_tplink_tl-xdr6088_defconfig \ mt7981_qihoo-360t7_defconfig \ mt7981_xiaomi_mi-router-wr30u_defconfig \ mt7981_h3c_magic-nx30-pro_defconfig \ mt7986a_glinet_gl-mt6000_defconfig \ mt7981_cmcc_rax3000m-emmc_defconfig \ mt7981_cmcc_rax3000m-nand_defconfig \ mt7981_jcg_q30-pro_defconfig \ mt7986_zyxel_ex5601-t0_defconfig \ mt7981_xiaomi_mi-router-ax3000t_defconfig \ mt7986a_jdcloud_re-cp-03_defconfig \ mt7986a_bpi-r3-mini-emmc_defconfig \ mt7986a_bpi-r3-mini-snand_defconfig \ mt7981_nokia_ea0326gmp_defconfig \ mt7988a_bananapi_bpi-r4-emmc_defconfig \ mt7988a_bananapi_bpi-r4-sdmmc_defconfig \ mt7988a_bananapi_bpi-r4-snand_defconfig \ mt7988a_bananapi_bpi-r4-poe-emmc_defconfig \ mt7988a_bananapi_bpi-r4-poe-sdmmc_defconfig \ mt7988a_bananapi_bpi-r4-poe-snand_defconfig \ mt7622_xiaomi_redmi-router-ax6s-ubi-loader_defconfig \ mt7981_openwrt-one-nor_defconfig \ mt7981_openwrt-one-spi-nand_defconfig \ ) for Board in ${Boards[@]} do echo "Refresh board ${Board}" make ${Board} make savedefconfig cat ./defconfig > ./configs/${Board} done ``` Signed-off-by: Shiji Yang <[email protected]>

  • Shiji Yang (05 Jul 24)

    uboot-mediatek: update to U-Boot release v2024.07 1. Rename function _do_env_set() to env_do_env_set(). 2. Replace kwbimage hack with UBOOT_CUSTOMIZE_CONFIG: "--disable TOOLS_KWBIMAGE" and "--disable TOOLS_LIBCRYPTO". 3. Disable CONFIG_CMD_BOOTEFI_BOOTMGR for all supported devices because the newly added UEFI bootmenu entries doesn't work. 4. Enable CONFIG_VERSION_VARIABLE for the OpenWrt One. Signed-off-by: Shiji Yang <[email protected]> Co-authored-by: Daniel Golle <[email protected]>

  • Felix Fietkau (13 Jul 24)

    mt76: update to Git HEAD (2024-07-13) 564cd93961fc mt76: sync with upstream changes 3b47d9df427c wifi: mt76: mt7915: fix oops on non-dbdc mt7986 Signed-off-by: Felix Fietkau <[email protected]>

  • 谢致邦 (XIE Zhibang) (17 Jun 24)

    netfilter: kmod-nft-netdev: add egress support The netdev egress hook was added in Linux kernel 5.16. Link: https://patchwork.ozlabs.org/project/openwrt/patch/[email protected]/ Signed-off-by: 谢致邦 (XIE Zhibang) <[email protected]>

OpenWRT Website

Website

[OpenWrt Wiki] Welcome to the OpenWrt Project

Redirects

Does not redirect

Security Checks

All 66 security checks passed

Server Details

  • IP Address 64.226.122.113
  • Hostname wiki-03.infra.openwrt.org
  • Location Frankfurt am Main, Hessen, Germany, EU
  • ISP DigitalOcean LLC
  • ASN AS14061

Associated Countries

  • US
  • DE

Saftey Score

Website marked as safe

100%

Blacklist Check

openwrt.org was found on 0 blacklists

  • ThreatLog
  • OpenPhish
  • PhishTank
  • Phishing.Database
  • PhishStats
  • URLhaus
  • RPiList Not Serious
  • AntiSocial Blacklist
  • PhishFeed
  • NABP Not Recommended Sites
  • Spam404
  • CRDF
  • Artists Against 419
  • CERT Polska
  • PetScams
  • Suspicious Hosting IP
  • Phishunt
  • CoinBlockerLists
  • MetaMask EthPhishing
  • EtherScamDB
  • EtherAddressLookup
  • ViriBack C2 Tracker
  • Bambenek Consulting
  • Badbitcoin
  • SecureReload Phishing List
  • Fake Website Buster
  • TweetFeed
  • CryptoScamDB
  • StopGunScams
  • ThreatFox
  • PhishFort

Website Preview

OpenWRT Reviews

More Router Firmware

  • Easy and powerful user interface. Great access control, bandwidth monitoring and quality of service. IPTables is built-in for firewall, and there's great VPN support as well as additional plug-and-play and wake-on-lan features.

About the Data: OpenWRT

API

You can access OpenWRT's data programmatically via our API. Simply make a GET request to:

https://api.awesome-privacy.xyz/networking/router-firmware/openwrt

The REST API is free, no-auth and CORS-enabled. To learn more, view the Swagger Docs or read the API Usage Guide.

About the Data

Beyond the user-submitted YAML you see above, we also augment each listing with additional data dynamically fetched from several sources. To learn more about where the rest of data included in this page comes from, and how it is computed, see the About the Data section of our About page.

Share OpenWRT

Help your friends compare Router Firmware, and pick privacy-respecting software and services.
Share OpenWRT and Awesome Privacy with your network!

View Router Firmware (2)