Saturday, February 20, 2016

PowerLine (PLC) support in OpenWrt for D-Link DHP-1565

D-Link 1565 is one of the few routers which integrates a PLC (Power line Communication) chipset (in this case QCA AR7400). Unfortunately, OpenWrt does not provide support for this feature yet.

This post presents configuration steps to enable PLC support in OpenWrt for this device.

Hardware configuration

By digging into D-Link GPL source code released for this device, especially function proprietary_s17_init() in file DHP1565A1_1.01b13_FOSS/src/AthSDK/platform/PLC/drivers/ethernet/phys/athrs17_phy.c, we notice the port 6 of internal switch AR8327  is related to PLC:

This port 6 is configured as a RGMII interface to communicate with PLC chipset. The following patch reproduces the same configuration in OpenWrt:
To build a custom firmware image, please see OpenWrt build system wiki page.
To flash an OpenWrt image, please see OpenWrt flashing wiki page. Don't forget to choose the factory image if you're still running the OEM firmware. If you are already using an OpenWrt firmware, you can use the sysupgrade image.

Network configuration

Once our customized OpenWrt image is flashed & booted, we are already able to see PLC bootloader probes with the swconfig command:
# swconfig dev switch0 show
[...]
Port 6:
mib: Port 6 MIB counters
RxBroad     : 2282
Rx64Byte    : 2282
RxGoodByte  : 146048
Filtered    : 2152
[...]
enable_eee: ???
pvid: 0
link: port:6 link:up speed:1000baseT full-duplex txflow rxflow
[...]
The pvid field indicates that the primary VLAN identifier of port 6 is 0. In file /etc/config/network, we add the port 6 to VLAN identifier 2, which is dedicated to WAN interface in default configuration:
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '0t 5 6'
Warning: configuring PLC port into WAN interface could be a security issue: any host on WAN side can access to PLC chipset. To prevent this risk, you might need to set up a different VLAN configuration.


System configuration


open-plc-utils

Since the PLC chipset is flashless on this board, PLC firmware needs to be loaded at each boot. We can use Qualcomm Atheros Open Powerline Toolkit to manage & configure this PLC chipset.

We can cross-compile open-plc-utils with the OpenWrt toolchain.
First, we setup the following environment variables:
PATH=$PATH:<OpenWrt-Toolchain-ar71xx>/bin
CROSS=mips-openwrt-linux-musl-
ROOTFS=<open-plc-utils>/build
Then, make & make install commands are enough to build it.
Finally, we copy these freshly built binaries to the device in /overlay/upper/open-plc-utils/.

To do a quick test, we can try the Request Information command:
# /overlay/upper/open-plc-utils/amptool -i eth0.2 -Iar
eth0.2 00:B0:52:00:00:01 Request Version Information
eth0.2 00:B0:52:00:00:01 AR7400 BootLoader
eth0.2 00:B0:52:00:00:01 Fetch Device Attributes
eth0.2 00:B0:52:00:00:01 Device Identity
The line "AR7400 Bootloader" indicates that PLC chipset is ready to load a firmware.

PLC firmware

The PLC firmware blob can be found in the original firmware image. Using Binwalk, we extract the content of the /plc directory from the original rootfs, and copy it to /overlay/upper/plc/.
The NVM file is the firmware blob, and PIB files are configuration files: ceb stands for Europe, and na for North America.

The ampboot tool allows to load the firmware:
# /open-plc-utils/ampboot -i eth0.2 -P /plc/plc.ceb.pib -N /plc/plc.nvm
eth0.2 00:B0:52:00:00:01 Write /plc/plc.nvm (0) (00000040:17256)
eth0.2 00:B0:52:00:00:01 Start /plc/plc.nvm (0) (000000C0)
eth0.2 00:B0:52:00:00:01 Write /plc/plc.ceb.pib (0) (00200000:16352)
eth0.2 00:B0:52:00:00:01 Write /plc/plc.nvm (3) (00341194:423788)
eth0.2 00:B0:52:00:00:01 Start /plc/plc.nvm (3) (00341A88)
eth0.2 00:11:22:33:44:55 INT7400-MAC-5-2-5203-01-913-20110713-FINAL-B is running
By default, the HomeplugAV key is used. You can get more information with the amptool command used earlier. This can also be used to discover/join/leave a network, modify the NMK key, etc...

init.d script

To load the PLC firmware at each boot, create the following init script /etc/rc.d/S25amphost :
#!/bin/sh /etc/rc.common
#start right after network
START=25
USE_PROCD=1
start_service() {
procd_open_instance
procd_set_param command /open-plc-utils/amphost -i eth0.2 -P /plc/plc.ceb.pib -N /plc/plc.nvm
procd_set_param respawn
procd_close_instance
}
service_triggers()
{
procd_add_reload_trigger "amphost"
}
Then, to enable this script at startup:
/etc/init.d/amphost enable
Et voilà !

4 comments:

  1. Great stuff!
    I'm currently working on Netgear XAUB2511, but Openwrt for RTL8196C seems still be a bit tricky.
    This 1565 looks much nicer!

    ReplyDelete
  2. Switch Settings can be altered even by a fledgling to make the switch work in the required way. Despite the fact that there are distinctive models of D-Link remote switches, the establishment procedure is to some degree comparative. https://www.customercaretoll.com/listings/d-link-customer-support-toll-free-phone-number

    ReplyDelete
  3. This comment has been removed by the author.

    ReplyDelete