OpenBSD Journal
Home : : Add Story : : Archives : : About : : Create Account : : Login :
n2k14 hackathon report: henning@ talks about pf, checksumming, and the smash-and-grab
Contributed by tbert on Tue Feb 25 09:22:09 2014 (GMT)
from the turn-inside-out-for-another-day-of-wear dept.

Henning Brauer (henning@) wrote in with his report on the recent hackathon in New Zealand as well as events immediately before and after:

I flew to New Zealand a good week before the hackathon in Dunedin to hike with benno@ and Anja. Fortunately, we didn't plan ahead, all of that had been moot anyway - Qantas didn't feel like getting Anja's bag to NZ and couldn't even tell where it might be (I knew better than to fly Qantas after making that mistake last year), not even a day later - at that point we would have been in the mountains already under normal circumstances. So we went to buy some replacement gear and took off 2 days after arrival.

We went over the Mr. Robert ridge line to Angelus Lake, to continue on an unmarked "trail" towards hopeless hut and almost got stuck in a 500m high rock wall with rain and heavy heavy gusts - it was fun. When we returned after 3 days, we found our car broken into and almost all of our stuff stolen, including 5 laptops and most of our clothes. Most of Anja's stuff was safely at some Airport in Qantas possession, but I didn't even have underwear any more.

To cut a long story short, next day we drove 100km without the passenger window to pick up a new car, another 200 in the opposite direction to meet the police guy in charge - who found a lot of our stuff in a nearby ditch. At least we had our underwear back! However, 4 of the 5 Laptops, 2 each for Benno and me, were in there - thrown out of the window of a driving car, my ones damaged beyond repair, Benno's 2 with broken displays. They kept the cheapest and oldest one. Eventually late at night that day we arrived in Dunedin, having driven over 900km that day, including me driving for a couple of hours, first time in 5 years that I drove a car.

At the hackathon dlg@ loaned me his X60, with my recovered SSD put in there I almost felt home and could hack. Yay!

My biggest achievement on this hackathon was that I managed to not start another giant subsystem rewrite that drives me even more nuts than I already am. Instead, I did lots of small things, of which I am going to mention just two here.

We had a discussion about the pf ruleset in /etc/rc that gets loaded at boottime before we bring the network up - the real ruleset is loaded later. The question was whether we might accidentally pass carp announcements through. That would require the host to be configured as multicast router and we didn't actually check whether the order of operations even leave a (in any case tiny) window, but it was clear we want to tighten this a little more. What we'd want to express is "don't pass these if forwarded". And that means received-on. If a packet has been received on an interface, it doesn't originate from the local host (at least not with the environment set up during boot). So something like

block out quick received-on any

should catch all these. Except... that we didn't have a way to match "any" interface. So I added that, "any" (in interface matching context) matching any interface except loopback ones, because, well, loopback is special. While there, I also added "! received-on".

The other bit I want to mention is followup work to the big checksum rewrite. Since the stack now has nice software engines to offload the checksum calculation to, even if no hardware is present, we could get rid of a few checksum calculations in the upper parts of the stack, just marking the packet for "needs checksumming" is enough now. I had added the functionality for icmp too, even tho there is no hardware that can do icmp checksum offloading (that I am aware of, at least) - consistency is a good thing. So there were several places that did their icmp checksum calculations manually, and I replaced those calculations with the simple "set the flag" operation. That even fixed some minor bugs.

Benno, Anja and myself went for another week of hiking afterwards, in the Arthur's Pass area, going over Kelly Pass, then up the Taipo River valley and finally over Harman Pass. Left our car by the hotel and our gear inside, we're capable of learning from mistakes after all, got rides from nice locals in & out and finally drove back to Christchurch, where I spent and extra day with phessler@ since I am apparently incapable of booking flights on the right days - in the end, that was a nice extra day, some slacking before the 38 hours door-to-door travel back home and work the day after, so all good.

I still had one problem to solve, when they broke into our car, my house keys went missing (pretty sure they are still in a ditch in NZ), and my primary phone was stolen - I had already ordered a replacement while I was in Dunedin, shipped to my office, and a replacement SIM card too. So one of my coworkers deposited a nice package with the new phone, the new SIM card and my spare keys at my Portuguese coffee place, and when I arrived Monday morning, I got myself a galao along with the phone & the key to get into home.

By now I even acquired new laptops to replace the 2 broken ones and am curious what forgotten diffs I'll find on the SSD I used in Dunedin. Watch source-changes@ for them :)

We're terminally curious about what's in those forgotten diffs too, Henning! Thanks for the report and for putting in all this work on our favorite operating system.

[topicopenbsd]

<< How to create a USB flash installer for OpenBSD | Reply | Threaded | OpenBSD Participating in Google Summer of Code 2014 >>

Threshold: Help

Related Links
more by tbert


  Re: n2k14 hackathon report: henning@ talks about pf, checksumming, and the smash-and-grab (mod 0/4)
by Will Backman (bitgeist) (bitgeist@yahoo.com) on Tue Feb 25 11:00:54 2014 (GMT)
http://bsdtalk.blogspot.com
  How terrible that the car was broken into. Amazing that you were able to recover what you did.

What kind of security do you use to protect your work on laptops? Perhaps another article for undeadly?
  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]

  Re: n2k14 hackathon report: henning@ talks about pf, checksumming, and the smash-and-grab (mod 2/4)
by sthen (2001:8b0:648e:cc01:f2de:f1ff:fef9:a752) on Tue Feb 25 11:44:06 2014 (GMT)
  > How terrible that the car was broken into. Amazing that you were able to recover what you did.
>
> What kind of security do you use to protect your work on laptops? Perhaps another article for undeadly?

Fortunately, over the years, Henning has developed a state-of-the-art distributed backup technique (-:
  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]

  Re: n2k14 hackathon report: henning@ talks about pf, checksumming, and the smash-and-grab (mod 3/7)
by Michael (208.67.143.145) on Tue Feb 25 12:54:14 2014 (GMT)
  > Fortunately, over the years, Henning has developed a state-of-the-art distributed backup technique (-:
>

He just has to remember who the backup is...
  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]

  Re: n2k14 hackathon report: henning@ talks about pf, checksumming, and the smash-and-grab (mod 1/3)
by Richard Toohey (203.97.197.6) (richardtoohey@paradise.net.nz) on Tue Feb 25 22:28:06 2014 (GMT)
  > How terrible that the car was broken into.
New Zealand is a great place to live (moved here 12 years ago), but there are still nasty scum who do stuff like this.

Sorry to hear that it happened and made life difficult - you were meant to be enjoying yourself and hacking!

  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]

  Re: n2k14 hackathon report: henning@ talks about pf, checksumming, and the smash-and-grab (mod 2/6)
by Amit Kulkarni (amitkulz) (amitkulz@gmail.com) on Thu Feb 27 05:49:49 2014 (GMT)
  who is anja? more commonly referred to as aja@?
  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]

  Re: n2k14 hackathon report: henning@ talks about pf, checksumming, and the smash-and-grab (mod 0/4)
by Brad Smith (brad) on Thu Feb 27 05:58:22 2014 (GMT)
  > who is anja? more commonly referred to as aja@?

You do know that developers interact with people other than OpenBSD developers?
  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]

  Re: n2k14 hackathon report: henning@ talks about pf, checksumming, and the smash-and-grab (mod -1/3)
by tbert (tbert) on Thu Feb 27 09:09:39 2014 (GMT)
  > > who is anja? more commonly referred to as aja@?
>
> You do know that developers interact with people other than OpenBSD developers?

Heresy. Only @openbsd.org members are allowed into the Hackerdrome.
  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]

  Re: n2k14 hackathon report: henning@ talks about pf, checksumming, and the smash-and-grab (mod 2/2)
by Amit Kulkarni (amitkulz) on Thu Feb 27 14:13:37 2014 (GMT)
  > > who is anja? more commonly referred to as aja@?
>
> You do know that developers interact with people other than OpenBSD developers?

Ok then.
  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]

  Police (mod 0/0)
by Anonymous Coward (103.255.4.73) on Thu Jul 28 08:17:16 2016 (GMT)
  Dude! Awesome stuff. Please keep writing more things like this. I really like the fact you went so in depth on this and really explored the topic as much as you did. I read a lot of blogs but usually, it's pretty shallow content. Thanks for upping the game here!Bob Block Bail Bonds
  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]

[ Home | Add Story | Archives | Polls | About ]

Copyright © 2004-2008 Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to April 2nd 2004 as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. Some icons from slashdot.org used with permission from Kathleen. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. Search engine is ht://Dig. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]