The DD-WRT Controversy

By Aaron Weiss

April 23, 2009

To some vocal critics, DD-WRT, the open source firmware currently running on more than one million wireless routers, is betraying its open source roots and possibly even violating the General Public License under which the software is released. [Updated: May 6, 2009]

With an estimated one million or more wireless routers running DD-WRT firmware, it may not be so surprising that—like anything popular—the free open source project has attracted its critics. Some say that DD-WRT is slow to evolve, with long delays between releases. Some say that it still harbors many bugs, despite the time spent in development. But the harshest accusations of all have little to do with DD-WRT's performance and a lot to do with the project's ethics. To some vocal critics, DD-WRT is betraying its open source roots, and possibly even violating the GPL—the GNU General Public License—under which the software is released.

If all this sounds like some kind of gibberish, DD-WRT is software that you can load ("flash") onto a compatible wireless router, such as many models in the Linksys WRT54G family. The DD-WRT software replaces the original ("stock") firmware included by the manufacturer and provides many more features, some of which are usually available in only expensive enterprise-grade routers, such as bandwidth monitoring, hotspot management, client and bridge modes, and output power adjustment.

DD-WRT is not alone among alternative firmware projects. Sveasoft, HyperWRT, OpenWRT, and Tomato all share a common family lineage with DD-WRT that traces back to the original Linksys firmware for its WRT54G V1 router. Because that firmware was licensed as open source software under the GPL, developers downloaded and built upon it. And in fact, DD-WRT is not the first descendant of the original Linksys code to court controversy.

Sveasoft, OpenWRT, and the GPL

One of the earliest projects to build on the open source Linksys codebase is OpenWRT. Although OpenWRT introduced a powerfully open platform to the WRT54G router, it has long been a project oriented toward advanced users, configured primarily through command-line access.

Because OpenWRT itself is an open source GPL-based project, other developers can build upon it, for example to wrap it with a user-friendly interface. Enter Sveasoft, a project spearheaded by one James Ewing, responsible for attracting more mainstream users to alternative router firmware with its releases named Satori, Alchemy, and Talisman. But Ewing's business practices began attracting criticism from open source advocates.

Sveasoft's firmware development incorporated code from OpenWRT. Because OpenWRT is licensed under the GPL, a project that uses OpenWRT code must make available any code using the GPL'd code. Sveasoft, however, would release binaries of its firmware without corresponding source code. They did release source to older firmware versions, but long delays reportedly separated the release of new binaries from corresponding source.

One common misconception about the GPL is that by using GPL code, your whole project must be open sourced under the same license. In fact, it is legal to develop closed or other-licensed code on top of GPL code, so long as the two codebases are not linked into a single binary compile. But in this case, access to the GPL code must be made available with the binary distribution.

In March 2006, OpenWRT publicly accused Sveasoft of violating Section 4 of the GPL, thus terminating their license to use OpenWRT code.

A second accusation against Sveasoft involved their implementation of subscription fees to effectively access the firmware binaries and associated source code. When distributing GPL-based code, it is legal to charge a fee for support, and it can be legal to charge for access to binaries and source code. But because the software is released under the GPL, anyone who receives it can technically republish it elsewhere without said fees—a practice that Sveasoft was hostile to, to the point of attacking Web sites that republished Sveasoft code and revoking access to paying members accused of such. To some, this meant that Sveasoft was trying to circumvent the GPL, by effectively applying closed-source principles to an open-source project.

Although Sveasoft's alleged GPL violations were never brought to court, their business practices—which also reportedly included banning critics from online forums—became the subject of scorn in the open source community who accused the project of violating at least the spirit of the GPL for their own advantage.

At this time, a new project was spawned (or "forked") from the Sveasoft Alchemy firmware. The new project, named DD-WRT and headed by a German coder named Sebastian Gottschall (or "brainslayer" online), was intended to further develop a user-friendly, but powerful router firmware outside the controversial practices of Sveasoft.

Unsurprisingly, Sveasoft considered the DD-WRT project a betrayal of sorts, referring to it as "Sveasoft fork" rather than its new name. Today, the Sveasoft business has been liquidated and DD-WRT—several versions later (the most recent is V24 SP1)—stands as the most popular alternative firmware.

Allegations revisited

Despite DD-WRT's success, though, some now say the project is succumbing to the same temptations as its progenitor Sveasoft, again violating the spirit of the GPL and open source software.

One controversy surrounds DD-WRT's Web interface. When Brainslayer forked a copy of the Sveasoft Alchemy code, he modified the interface to reflect and re-brand it to fit the new DD-WRT project. But, because DD-WRT itself was released under the GPL, other users could do the same thing—modify, re-brand, and recompile DD-WRT—and distribute it as their own.

With V23, Brainslayer published a note on the support page about compiling DD-WRT: "WARNING: Due to abuse by those re-branding DD-WRT and selling it, or pre-flashed routers with it on eBay, builds dated later than 08/04/2006 have some protections against re-branding the web UI."

To support this change, the DD-WRT Web interface was distributed as non-GPL code, although it configures a platform based largely on GPL-code (going back through OpenWRT and the original Linksys firmware). Some say that Brainslayer encrypted the interface code to prevent further modification; Brainslayer himself denies this and says the interface code is simply distributed in compiled form.

The GPL does allow a developer to create proprietary code that operates on GPL code, but of course the GPL-covered portion of code must still be made available. Brainslayer and other DD-WRT supporters say that no GPL clause is being violated. Whether the particular method of DD-WRT distribution is in compliance with the GPL V2, some in the open source community feel that Brainslayer's action is fundamentally hypocritical—by taking and modifying the interface of someone else's project, and then implementing mechanisms to prevent others from doing the same to his.

Another controversy involves the distribution of DD-WRT source code itself. Some allege that the source code is not made available in good faith—again, in the spirit of the GPL. The available code, some say, does not or is not feasible to compile. Others argue that this is hogwash. The DD-WRT support site does provide basic instructions for compiling the source. The source itself, some say, is out-of-date compared to binary releases. This echoes some of the criticism against Sveasoft, who delayed release of source to give their binaries "preferential" treatment—a clear violation of the GPL.

Again, Brainslayer and DD-WRT supporters—who vigorously defend the project in its online forums—say that the code is available. On the surface, it does seem to be available, through DD-WRT Subversion-based code release platform. Which, it turns out, opens up a new can of worms.

As it turns out, several pieces of DD-WRT's published source code would seem to clearly include code from third parties, which is not licensed for re-distribution. This includes code from Broadcom, Atheros, Intel, and Microsoft, among others.

For example, one piece of source code [viewable here] reads quite clearly in the header comments: "This is UNPUBLISHED PROPRIETARY SOURCE CODE of Broadcom Corporation; the contents of this file may not be disclosed to third parties, copied or duplicated in any form, in whole or in part, without the prior written permission of Broadcom Corporation."

True, it is possible that DD-WRT has received permission from Broadcom to use the above code, although no such proof has been published. The problem is, even with such permission, redistribution of this code violated the GPL license under which DD-WRT is released, because that license disallows incorporation of code, which itself is not unencumbered by redistribution limitations.

A third accusation against DD-WRT involves fee-based access to specialized versions of the software. With DD-WRT V24, Brainslayer has made available a "Special Edition" which includes some per-user bandwidth/rule features not available in the free edition. This edition costs just under 20 Euros (about US$26), and for some in the open source community, is a slap in the face. Whether it, in fact, violates the GPL remains unclear. On a similar note, DD-WRT also sells a fee-based license to is x86-based version of DD-WRT, intended to run on more powerful routers And again, accusers say that DD-WRT is effectively charging for access to GPL-based binaries. But Brainslayer defends the charge, saying that the x86 version must include proprietary code from Atheros, for which DD-WRT must pay a license fee.

Spirit and law

Unlike the Sveasoft case, DD-WRT has not been formally called out for GPL violations by any owners of its base code like OpenWRT. Still, there seems to be a growing sentiment in the open source community that Brainslayer has moved the DD-WRT away from the true "spirit" of the GPL.

It may seem ironic, then, that although DD-WRT itself was spawned in response to the decreasing openness of Sveasoft, some users and developers are now moving away from DD-WRT to more transparently open projects, like Tomato and OpenWRT, which now includes a more mature and open user interface, X-WRT.

Perhaps the most striking aspect of this whole melodrama is that it was all spawned by the humble WRT54G and its open source firmware, first released seven years ago.

Aaron Weiss is a freelance writer and Wi-Fi enthusiast based in upstate New York. He also writes our monthly Wi-Fi Guru column.

Originally published on .

Comment and Contribute
(Maximum characters: 1200). You have
characters left.