Site Tools



This page aims at documenting the internals of freshtomato. It can be seen as notes for people who want to become a developer.


So Freshtomato runs on a router, which is mainly composed of a few chips:

  • The SoC (System on Chip), which is the CPU (MIPS/ARM) + Wifi + Ethernet + Ethernet bridge + GPIO (to control leds) + UART + …
  • Flash
  • RAM


The flash is composed of partitions:

  • The boot partition contains the bootloader (CFE, pmon ?) which is the first code executed by the processor. (To be investigated: CFE source code)
  • The kernel partition contains the Linux kernel
  • The root file system (using squashfs, read-only)
  • NVRAM (non-volatile RAM) partition: a small area that contains names associated with values. All the settings are written to the NVRAM. This can be seen as a very primitive file system when flash were very small.
  • JFFS (to be investigated)


The main components are:

  • The kernel, which does most of the work: ethernet interfaces, wifi interfaces, bridging, routing, filtering…
  • dnsmasq, a user process in charge of dhcp server and DNS proxy
  • httpd, a user process for the configuration
  • dropbear, an ssh server
  • /sbin/rc, a multi-application program, in charge of setup, dhcp client

Most of the software is opensource, except the broadcom wifi drivers. This means it might not be possible to customize wifi features (like adding more SSID supports). This also means that the kernel version is mostly frozen.

After power-on or reset, the processor starts to execute the CFE boot loader, which loads and decompress the kernel, which mounts the root filesystem. The first process executed is /sbin/init noinitrd which is also /sbin/rc. The code executed corresponds to It mounts ramfs, creates devices, extract some variables as files, populates /etc, insert kernel modules.


The httpd daemon is a simple and specialized HTTP server. It serves the html pages, but also handle specially some pages (like tomato.cgi) or does substitions so that html pages can display the configuration (by reading nvram variables). The server is also able to write nvram variables and to restart services (by sending a signal to init).

To avoid conflict, httpd is supposed to be the only program writing nvram. But /bin/init is also able to write nvram (at least during boot), and httpd also forks on each request. Thus, there might be races.

Also, each time a setting is modified, the nvram is rewritten.

internals.txt · Last modified: 2021/10/18 19:01 by tgif