BarryODonovan.com

Nick introduced me to Soekris a few weeks ago and some neat little boxes they make. For a current project, the net4801 fit the bill perfectly, especially with the add in vpn1411 which off loads the intensive computational operations for encryption and compression.

I plan some future posts looking at the throughput performance of OpenVPN with and without the vpn1411 as well as general traffic throughput measurements. This post however will focus on installing FreeBSD on this device as easily as possible.

Firstly, I ordered the following:

• Soekris net4801-48 in the case;
• vpn1411 for mini-PCI slot;
• 1.5A power supply;
• 8GB Ultra II CF-Card (could probably be sourced from elsewhere for cheaper);
• USB2.0 Flash card reader; and a
• null modem cable.

Including P&P, this all came to €369.48.

While there is a lot of documentation online and a number of methods available to install FreeBSD on a Soekris box, I found that the easiest way to to do it was as if I were installing on the local machine and hence I could just install it as normal. For this, we turn to VirtualBox¹.

1. Install VirtualBox if you don’t have it.
2. Attach the CF card to your computer via the USB card reader.
3. Download a FreeBSD installation CD (e.g. 8.0-RELEASE-i386-disc1.iso.
4. Create a new VirtualBox machine such that:
   • the ISO image is mounted;
   • you have enabled a network adapter (PCnet-PCI II in bridged mode works for me as I have a DHCP server on the LAN).
5. Boot the new VirtualBox machine and from its built in BIOS, choose to boot from the mounted CD ROM.
6. Immediately attach the USB card reader device to the VirtualBox machine.
7. Choose a custom install so you can select the USB device as the destination medium (da0 for me).
8. Proceed with your FreeBSD installation as normal.

Once it completes, there are some changes you should make before popping the CF card back into the Soekris box:

1. In /etc/rc.conf, set up the network configuration. Note that in VirtualBox, the interfaces will be reported as le0 but when booted on the Soekris box, they’ll be sis0 through sis2. I set sis0 (marked Eth 0 on the case) to configure by DHCP. I also set a static IP on sis2 so I can access the box on a direct computer to computer connection if necessary. Lastly, I enable the SSH daemon (ensure you have created a user!):

   ifconfig_sis0="DHCP"
   ifconfig_sis2="inet 192.168.130.2 netmask 255.255.255.0 up"
   sshd_enable="YES"
   

2. When installing via VirtualBox, the destination device was a USB drive. On the Soekris, the CF is handled as an IDE drive. As such, change fstab to something like (as appropriate for you – I have a single root filesystem and a swap partition):

   # Device                Mountpoint      FStype  Options         Dump    Pass#
   /dev/ad0s1b             none            swap    sw              0       0
   /dev/ad0s1a             /               ufs     rw              1       1
   

3. Enable a console on the serial port in /etc/ttys by editing the ttyu0 line:

   ttyu0   "/usr/libexec/getty std.9600"   vt100   on secure
   

4. Lastly, add the following lines to /boot/loader.conf:

   comconsole_speed="9600"
   console="comconsole"
   

Now, pop the CF card back into the Soekris box and boot with the serial console attached (19200,8,n,1). I immediately changed the Soekris console speed to 9600 so that it works seemlessly from Soekris BIOS to FreeBSD bootloader, kernel and console.

1. VirtualBox is a fantastic piece of software. I run Kubuntu natively on my laptop and I have a virtual Windows 7 Professional machine running in VirtualBox most of the time. It runs smoothly and quickly and there is a wonderful feature to allow you to attach USB devices to the virtual machine (so my iPhone can access iTunes for example).

Every time I debootstrap a new Debian server for a XenU domain, I get lots of verbose output from Perl scripts:

perl: warning: Setting locale failed.
perl: warning: Please check that your locale settings:
        LANGUAGE = (unset),
        LC_ALL = (unset),
        LANG = "en_IE.UTF-8"
    are supported and installed on your system.
perl: warning: Falling back to the standard locale ("C").

The fix is simple:

# apt-get install locales
# dpkg-reconfigure locales

and select your locales.

Let be be clear from the outset: I am not a Fianna Fail supporter.

That said, the European elections are about bigger things than giving Fianna Fail a kick in shins. If that’s your motivation in voting, then use the local elections. The European elections are about electing MEPs to represent us and Ireland in Europe. Our choice here is important, even more so since the rejection of Lisbon.

In the Dublin constituency, it’s fair to assume that Gay Mitchell (FG) and Proinsias De Rossa (Lab) will top the poll. The issue is then about the third and final seat. Dublin is being reduced from four to three seats and only one of the two remaining incumbents will take it: either pro-Europe and pro-Lisbon Eoin Ryan (FF) or anti-Europe and anti-Lisbon Mary Lou MacDonald (SF).

In the latest Irish Times / TNS mrbi poll, Ryan is polling at 11% and McDonald on 14% of first preference votes. Ryan will take transfers from his running mate, Eibhlin Byrne, but as a new comer she is unlikely to poll high. MacDonald will also pull transfers from the Libertas candidate, Caroline Simmons.

Polling tells us that the Dublin EU elections is a four horse race. An anti-Fianna Fail vote translates as a pro Sinn Fein, anti-Europe vote. Put you anger aside and look at the bigger picture.

I updated my laptop from Kubuntu 8.04 to 8.10 (just released) yesterday. I do 90% of my work on my desktop which needs to just work and, as such, it’s running Kubuntu 7.10. My laptop, however, I play around with.

Most people’s first impression of 8.10 will be based on the upgrade process and post install issues. To date, I’ve always had to fix a lot of problems with the system after an upgrade to make it work. Not this time – it was absolutely seamless.

I was also apprehensive about KDE 4.1 and, to be honest, I was really worried that in a crunch I’d have to fall back to Gnome before degrading back to 8.04. I just don’t have the time these days to follow KDE development as much as I used to and I briefly installed KDE 4 a few months ago and thought it was far from finished.

I’m delighted to report KDE 4.1 is very slick and very polished. I’ve only had it for just over 24 but I have no complaints yet.

However, my main motivation for the upgrade was mobile broadband. Like most people, I use my laptop when on the move and my desktop when in the office. My laptop has an Ethernet port and a wi-fi card which both worked great with KNetworkManager but not mobile broadband. I got O2′s broadband dongle (the small USB stick) about four months ago and rely on it heavily.

I’ve been using Vodafone’s Mobile Connect Client to great effect but there were some issues:

• setting up the connection was a manual process (change X window access control; su to root; export the DISPLAY setting; and start the application);
• if I suspended the laptop then I needed to reboot the system to use the dongle again.

While both of the above could be solved, it’s just not plug and play. 8.10 is. With the dongle plugged into the USB port, KNetworkManager discovered the tty port. Configuring it was as easy as right clicking on the KNetworkManager icon and selecting New Connection… icon for the tty port.

The next step requires knowledge of the O2 / provider settings but this is readily available online. For O2:

KNetworkManager - Settings for O2 Ireland

After the above, I just accepted the defaults for the rest of the options. And – to my delight – it just worked. And it worked after suspended the laptop. And after popping the USB dongle in and out for the heck of it. By clicking the Auto Connect option as part of the process, it also just works when I pop the dongle in.

UPDATE: April 29th 2008

Anders Baekgaard of Dicea ApS (current chan_ss7 maintainers) recommends the following alternative patch. Please note that mtp3d.c will also need to be patched in the same way:

--- chan_ss7.c~ 2008-04-03 09:23:56.000000000 +0200
+++ chan_ss7.c  2008-04-29 08:29:20.000000000 +0200
@@ -249,11 +249,12 @@

 static void dump_pcap(FILE *f, struct mtp_event *event)
 {
+  unsigned int sec  = event->dump.stamp.tv_sec;
   unsigned int usec  = event->dump.stamp.tv_usec -
     (event->dump.stamp.tv_usec % 1000) +
     event->dump.slinkno*2 + /* encode link number in usecs */
     event->dump.out /* encode direction in/out */;

-  fwrite(&event->dump.stamp.tv_sec, sizeof(event->dump.stamp.tv_sec), 1, f);
+  fwrite(&sec, sizeof(sec), 1, f);
   fwrite(&usec, sizeof(usec), 1, f);
   fwrite(&event->len, sizeof(event->len), 1, f); /* number of bytes of packet in file */
   fwrite(&event->len, sizeof(event->len), 1, f); /* actual length of packet */

END UPDATE: April 29th 2008

A quickie for the Google trolls:

While trying to debug some SS7 Nature of Address (NAI) indication issues, I needed to use chan_ss7′s ‘dump’ feature from the Asterisk CLI. It worked fine but the resultant pcap files always failed with messages like:

# tshark -r /tmp/now
tshark: "/tmp/now" appears to be damaged or corrupt.
(pcap: File has 409000-byte packet, bigger than maximum of 65535)

After much digging about and head-against-wall banging, I discovered the issue
is with the packet header in the pcap file. It’s defined by its spec to be:

typedef struct pcaprec_hdr_s {
        guint32 ts_sec;         /* timestamp seconds */
        guint32 ts_usec;        /* timestamp microseconds */
        guint32 incl_len;       /* number of octets of packet saved in file */
        guint32 orig_len;       /* actual length of packet */
} pcaprec_hdr_t;

chan_ss7 uses the timeval struct defined by system headers to represent ts_sec and ts_usec. But, on 64bit machines (certainly mine), these values are defined as unsigned long rather than unsigned int (presumably as a step to get over the ‘year 2038 bug’). Hence the packet header is all wrong.

An easy solution is the following patch in mtp.h:

77a78,90
> /*
>  * The packet header in the pcap file (used for the CLI command 'dump') is
defined so has to
>  * have the two time components as unsigned ints. However, on 64bit
machines, the system
>  * timeval struct may use unsigned long. As such, we use a custom version
here:
>  */
> struct _32bit_timeval
> {
>   unsigned int tv_sec;            /* Seconds.  */
>   unsigned int tv_usec;      /* Microseconds.  */
> };
>
>
>
125c138
<       struct timeval stamp;        /* Timestamp */
---
>       struct _32bit_timeval stamp;        /* Timestamp */

There may be a better way – but this works.

This relates to chan_ss7-1.0.0 from http://www.dicea.dk/company/downloads and I have let them know also. It’s also a known issue for the Wireshark developers (although I did not investigate in detail to see what their resolution was for the future). See the following thread from 1999:

• http://www.ethereal.com/lists/ethereal-dev/199908/msg00065.html