OpenBSD Journal

[c2k8]: Hackathon Summary Part 5

Contributed by mtu on from the can't-sleep-got-too-much-to-do dept.

c2k8 General Hackathon (Part 5) - June 7-15, 2008, Edmonton, Alberta, Canada

I had the pleasure of working beside Todd Fries (todd@) for my second hackathon. Two years ago at c2k6, we were working on ipsecctl testing together. Even then, he was a heavy IPv6 user. I would also wager a bet that he uses his Zaurus more than any other developer (mcbride@ is a close second) and I don't mean for building snapshots or packages.

Todd

Read on to find out what weird networking is all about:

tfries
He uses the Zaurus as much as any other computer and carries it around on his neck strap. Heck, it's the only way he can check his email in bed! All the other laptops are too bright for his better half and she won't allow it. She's got a good excuse going. My wife just says, "No computers in bed!" :-(. Well, two years later and he's still knee deep in IPsec and IPv6 and won't be caught dead without his Zaurus. However, there is more: He's doing things with all three of them (Zaurus, IPsec and IPv6) that most people would never think of doing. That is, he's the only guy that I know that's tunnelling IPv4 traffic through IPv6 (it's usually the other way around) over a VPN and does it on his Zaurus!

I've met a lot of developers that are in awe of what Todd does and/or how he does it. In fact, he's got a reputation (actually many) in the OpenBSD developer community. For example, he's right up there with Theo and Owain Ainsworth (oga@) when it comes to sleep deprivation at hackathons. You will never hear him swear. He also doesn't deviate from policy, however painful.

todd and owain

Todd lives in Oklahoma, but he has a policy of buying plane tickets solely on the basis of price. As a result, he spent more time in the air and at various transit airports on his way to the c2k8 hackathon than the developers from Australia! Okay, I'm exaggerating a little, but just a little. It's a good policy for collecting air miles but you have to wonder how much he's paying his chiropractor to fix his back from the many hours sitting in those lousy airplane seats ;-).

Sitting beside Todd for a week was a real learning experience. Lately I've been playing with different Window Managers. fvwm(1) is nice for the Spartan in us, but for the past couple of years I've been using fluxbox for a little more eye candy. Then earlier this year, I switched to Enlightenment but have recently switched to cwm(1) :-). Not quite full circle but I think that cwm is where I'll sit for now. So, I look over at Todd's screen and notice that all his xterms have transparency; I just had to ask! A few moments later, he sends me this:

install x11/xcompmgr, type:

xcompmgr -c &
install x11/transset-df, type:
transset-df
... click on a window

...and now I have eye candy with cwm :-) Thanks Todd!

Here is what Todd had to say about his time at the c2k8 hackathon:

As per usual I arrived with a list of things I wanted to work on, and so I did start on them. However, as per usual other things became more interesting once I was at the hackathon; not the least of which was a powerbook g4 that was donated to me by Jason Dixon.

Suddenly the fact that bwi(4) panicked on the powerbook g4 was interesting to me, and Jonathan Gray (jsg@) and I spent some wee hours in the early morning on debugging the situation. It seems that by zeroing memory with the wrong pointer can corrupt the kernel memory. See this commit for the fix.

The bwi(4) panic debugging session quickly made me seek out Dale Rahn (drahn@) who I knew had some knowledge of macppc, since he was the person who did the majority of the original work for powerpc! Something about not having keyboard access at ddb> is rather frustrating, and we both resigned to fix the logic.

To understand the logic, we must go back a few years when apple first released the powerbooks. They came with bluetooth. Nice feature. Too bad they decided they wanted bluetooth keyboards at their firmware prompt. They did not want (I presume) to implement bluetooth in the openfirmware, but they already had usb keyboard and mouse support, and the bluetooth device inside the powerbook is on the usb bus. So they flashed the firmware of the usb bluetooth device to have multiple personalities. One personality is a normal bluetooth device, so the OS can pair with normal bluetooth devices. Once this is done, the system can switch the device to being its alternate personality, appearing to be a USB keyboard and mouse, pairing with devices it's paired with in the past. The joy of this is that the bluetooth device's usb keyboard/mouse profile is default on powerup, which makes the logic for choosing console keyboards on powerbooks (and ibooks) rather moot. The logic was basically 'if it has usb and adb, choose usb'. The diff changes this to 'if it has usb and adb, choose adb for powerbooks and ibooks, otherwise choose usb'. It was not until after the hackathon was over that this was committed, but we both had numerous interruptions and versions of the diff to contemplate in the interim:    link1    link2

Those who know me know that I like to use IPv6 as often as I can. This also means that I do IPSec with IPv6 as well. Turns out there were a couple of bugs lurking that were annoyingly hard to track down:

One of them I spent many hours with Can Erkin Acar (canacar@) debugging. The symptom was a notorious 'truncated-ip6 - 40 bytes missing!' message in every tcpdump line of output traffic when watching packets flow on enc0. This only happened with IPv6 as the outer IP header in the IPSec connection. After narrowing things down bit by bit, and wondering why our printf did not show up inside a test case that ``obviously'' should match, canacar@ said 'oh, this is it' and promptly added 3 characters to solve the math error.

So ... you see, in the kernel, we have '#ifdef INET6' sprinkled in the appopriate places so as to let floppy disks fit like say alpha which is so tight it can't even fit IPv6 code. And if you are programming in C, you need to compare the address family to AF_INET6 to check to see if it is an IPv6 packet. From the very first version of ipsec_input.c, it appears no one had tested IPv4 inside IPv6 since this was a bug from the very first version.

While there, canacar@ also found a bug in the packet size computation in code that had never been tested. Whee!    link3    link4    link5

Another bug related to IPv6 IPSec was causing issues only with ICMP. And only for the host that was doing the encapsulation; it could route IPv4 icmp traffic inside an IPv6 IPSec tunnel just fine, it just couldn't generate the icmp packet itself. Well, not entirely true, it could generate it, it just would go out with bad checksum:

14:16:14.259435 (authentic,confidential): SPI 0x036d23e3: 2001:240:58a:100::41 >
2001:240:58a::1: 10.0.0.201 > 10.0.0.33: icmp: echo request
(id:d764 seq:1) (ttl 255, id 1993, len 84, bad cksum 0!) (len 84, hlim 64)
0000: 6000 0000 0054 0440 2001 0240 058a 0100  `....T.@ ..@....
0010: 0000 0000 0000 0041 2001 0240 058a 0000  .......A ..@....
0020: 0000 0000 0000 0001 4500 0054 07c9 0000  ........E..T...
0030: ff01 0000 0a00 00c9 0a00 0021 0800 47dd  .........!..G
0040: d764 0001 485a b07e 0003 f4dd 0809 0a0b  d..HZ~......
0050: 0c0d 0e0f 1011 1213 1415 1617 1819 1a1b  ................
0060: 1c1d 1e1f 2021 2223 2425 2627 2829 2a2b  .... !"#$%&'()*+
0070: 2c2d 2e2f 3031 3233 3435 3637            ,-./01234567

After mentioning this to Alexander Bluhm (bluhm@) we started debugging this.

If you follow the traffic, you'll note that there is 'ff01 0000 0a00 00c9 0a00 0021' in there. Translated to what it stands for, then, we have: ttl 255 (standard for icmp before it gets routed, -1 at each router) protocol 1 (icmp protcol number) checksum 0 (why all zeros? did someone zero this out?) IP 10.0.0.201 (source IPv4 inner packet) IP 10.0.0.33 (destination IPv4 inner packet)

We tried printing the checksum header in various parts of the kernel code and eventually narrowed it down to the portion of this file that was added in 2004 by itojun@. The reason he was clearing the scope ID on IPv6 packets is because the KAME implementation of IPv6 sets the scope id in the address in the kernel, and is supposed to clear it before it hits the wire. Surprisingly, he did not consider using IPv4 inside IPv6 IPSec, or he would have added the check we did in this commit. See the changes here.

Oh the irony. Only because protocol 1 was ICMP and that it used a 255 TTL by default did it fail. TCP protcol is 6 and UDP protocol is 17, and they worked just fine. Now with this fix, finally, icmp worked too.

Todd Fries .. todd@fries.net

Ellick

Sitting on the other side of Todd was a Ellick Chan (emchan@), a student brought in by Dale Rahn (drahn@). He is new to the Project as a developer but has started work getting the Zaurus architecture to run in QEMU. "For what?", do you say? After all, they have discontinued selling the Zaurus as of last year. Well there are a lot of developers that have one (and some have two) :-).

emchan at bbq

Anyone who has a Zaurus will tell you how convenient it is as a small functional computer that runs OpenBSD. It even has a real hard drive and it is small enough that you can fit it into your shirt pocket. However, they'll also tell you that it takes at least a day or so to do a make build :-(. So, imagine building packages and snapshots for the Zaurus in QEMU on a really fast computer :-). Now think of some other possibilities such as working on removing the linux boot loader that is embedded on the flash without making your real Zaurus unusable in the process :-).

Here is what Ellick had to say about his work and time at the c2k8 hackathon:

Bringing up the Zaurus port of OpenBSD to run on the QEMU emulator in Zaurus CL-3000 (spitz) emulation mode. We managed to get a trivial root filesystem to boot to the shell, and we are working on getting a more advanced filesystem to start. With a bit more work, we hope to get full Zaurus support in the emulator.

For me, the Hackathon was a very interesting experience. I had taken software engineering courses at the University before, and we used an extreme-programming style approach for our project group of eight members. The Hackathon basically took this simple idea and expanded it to a larger scale while mixing in lots of alcohol, fun, and really smart people. It basically "supersized" the entire small team experience without compromising the small team agility and feel. I think the experience was fairly unique, and I'd love to bring some of the feel of it to the University and/or work environment. I'm pretty sure most software developers would appreciate adopting some of the principles heralded by the Hackathon model.

-Ellick

I would like to thank Todd for his great work at the hackathon. I'm sure that the he slept for a week after it was all over. The bug fixes and improvements are impressive and we appreciate your efforts, wonderful personality and friendly tutoring. As for Ellick, I enjoyed talking with you over pizza and I hope that the hackathon gave you a taste of something that we all find special in the OpenBSD developer community. I look forward to running Zaurus in QEMU :-). Thanks for your effort and time on this.

(c2k8 hackathon summary to be continued)

(Comments are closed)


Comments
  1. By Otto Moerbeek (otto) otto@drijf.net on http://www.drijf.net

    ...ID on IPv6 packets is because the this commit....

    The link is mangled....

    Comments
  2. By Anonymous Coward (62.12.170.133) on

    Todd reminds me of the difference between an OpenBSD developer and a Linux coder: The former has a computer _and_ a women in bed... ;)

    Comments
    1. By Anonymous Coward (125.172.63.221) on

      Boy, that was funny. I hope your uncalled-for insulting of other members of the Free Software community makes you feel better about your tiny dick ;-)

      Comments
      1. By Anonymous Coward (203.111.237.49) on

        > Boy, that was funny. I hope your uncalled-for insulting of other members
        > of the Free Software community makes you feel better about your tiny dick
        > ;-)

        oh come on! you can't take the truth? :P

      2. By Anonymous Coward (212.20.215.132) on

        > Boy, that was funny. I hope your uncalled-for insulting of other
        > members of the Free Software community ...

        "the" Free Software community?

  3. By Anonymous Coward (213.185.19.190) on

    s/Jonathon/Jonathan/

    Comments
    1. By Anonymous Coward (24.87.65.150) on

      > s/Jonathon/Jonathan/

      What's wrong with the former spelling? Perhaps he's really Jon who keeps going on and on? And especially at a Hackathon...

  4. By Anonymous Coward (86.169.81.233) on

    Is it just me or do I spy a eeepc sitting in the background of one of those photos, hope it means progress to a working port

    Comments
    1. By Brad (206.51.28.2) brad at comstyle dot com on

      > Is it just me or do I spy a eeepc sitting in the background of one of those photos, hope it means progress to a working port

      OpenBSD already runs on EeePC systems.

      Comments
      1. By Anonymous Coward (62.12.170.133) on


        > OpenBSD already runs on EeePC systems.

        Not really well on the EeePC 900, though (mostly hangs during boot)

      2. By Anonymous Coward (86.150.82.221) on

        > > Is it just me or do I spy a eeepc sitting in the background of one of those photos, hope it means progress to a working port
        >
        > OpenBSD already runs on EeePC systems.

        Okay, that was badly worded, OpenBSD does run on the eeepc, im using it right now. I hope it means progress towards acpi support, and an improved ath driver.

  5. By Anonymous Coward (2001:1bc8:102:40c3:211:d8ff:fed9:b883) on

    Once again: nice series of articles, thanks.

    Comments
    1. By Anonymous Coward (88.90.37.236) on

      > Once again: nice series of articles, thanks.

      I wonder who mods down posts like these. We show our appreciation to the author, and some nimrod figures "no, this sucks, let me mod you down". Go figure.

  6. By Motley Fool (MotleyFool) motleyfool@dieselrepower.org on

    YEA!

    My Zaurus stares at me from underneath a monitor. It's a great little wireless tool.

    Any thought to adding support for a USB VGA device?

    Comments
    1. By Brynet (Brynet) on

      > Any thought to adding support for a USB VGA device?

      I do believe those things are new, and sadly, proprietary. (i.e: They don't share a common standard.)

      If you own a specific USB->VGA adapter, contact the manufactures and request programming docs.

      crazyvendor0 at uhub1 port 2 configuration 1 interface 0 "Crazy USB VGA thingy" rev 2.00/2.00 addr 2
      uvga0 at crazyvendor0
      wsdisplay0 at uvga0 mux 1: console (80x25, vt100 emulation)

      Whee, here's hoping. :)

      Comments
      1. By Brynet (Brynet) on

        > Any thought to adding support for a USB VGA device?

        Whoops, looks like there is a few adaptors based on a "SIS" chipset that are common and a driver exists for Linux:

        "sisusbvga"

        http://www.winischhofer.eu/linuxsisusbvga.shtml

        Comments
        1. By Motley Fool (MotleyFool) on

          > > Any thought to adding support for a USB VGA device?
          >
          > Whoops, looks like there is a few adaptors based on a "SIS" chipset that are common and a driver exists for Linux:
          >
          > "sisusbvga"
          >
          > http://www.winischhofer.eu/linuxsisusbvga.shtml

          See, I wasn't completely crazed in my comment. Though truly it would be better if I owned one and already written a driver for submission. Then I wouldn't be the proto typical OpenBSD whiner, alas I am a whiner.

    2. By sthen (2a01:348:108:155:216:41ff:fe53:6a45) on

      > YEA!
      >
      > My Zaurus stares at me from underneath a monitor. It's a great little wireless tool.
      >
      > Any thought to adding support for a USB VGA device?

      The USB VGA devices all seem to need USB 2, which the Zaurus doesn't do. If you don't need graphics, you could always use a serial terminal with the CE-170TS cable (_not_ the serialio.com cable, they don't work on SL-C3x00).

Credits

Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]