nohero’s blog

mindcompletion.blogspot.com …

This blog is officially closed for… well… pretty unstable and uncertain reasons. Come back… well… actually never. Thank you.

I am currently planning/implementing a GUI frontend for the OpenBSD Packet Filter software package. It shall be easy to use and allow a novice user to open and close ports in the firewall. Extended topics like NAT and ALTQ are currently not planned, but who knows? Currently these futures are planned:

• Integration into the KDE Control Center.
• Enabling/Disabling of the OpenBSD Packet Filter.
• Easy start/stop/restart frontend of the pf rc.d script.
• Easy opening/closing of ports.
• A little help by predefining most used ports like: FTP, HTTP, SSH and so forth.
• Advanced settings, which allows to restrict a port rule to a subnet/IP range.
• Backup’s of the rule file (just in case…).

It is intended for PC-BSD, of course. But I suppose it will work as is on FreeBSD - just in case someone is interested in it.

Christmas brought me a 4 port KVM switch from Belkin. What an awesome device! I always wanted that one to manage my 3 PC’s via one mouse, monitor and keyboard. Windows operates well with the switched Logitech mouse and the noname keyboard, but FreeBSD had (ha! it is nice to say “had” rather than “has”) a problem with the mouse though. I use a Logitech MX 500 pinned down from USB to PS/2 plugged into my KVM switch.

I have to say I recompiled my kernel to cut out some devices. Like wireless, firewall and so forth. But okay, back to the problem. I rebooted my kernel with -v (verbose logging) and dmesg gave me the following output:

psm0: unable to allocate IRQ
psmcpnp0: <PS/2 mouse port> irq 12 on acpi0
psm0: current command byte:0047
psm0: failed to enable the aux device

Okay… fine. I googled around and found out the following things: The first line is okay since the psm driver tries to allocate IRQ 12 on it’s own before testing if acpi already allocated it. A proper device hint can avoid this. The second line, is alright because he found the PS/2 port via acpi0. The third line is also “alright”, since others (who posted their dmesg into usenet, mailinglists or forums) have the same value and a working mouse. So the problem lies within the fourth line.

I googled around a little bit more but was not able to find a good solution. Therefore I tried to fix it on my own. I looked up the source code of the psm driver and found it:

/usr/src/sys/dev/atkbdc/psm.c

And looked up the the source of the error:

if (!enable_aux_dev(sc->kbdc) || !disable_aux_dev(sc->kbdc)) {
    /* MOUSE ERROR */
    recover_from_error(sc->kbdc);
    restore_controller(sc->kbdc, command_byte);
    if (verbose)
        printf("psm%d: failed to enable the aux device.\n", unit);
    endprobe(ENXIO);
}

Pretty obvious where to look up the error hu? Of course: enable_aux_dev():

/* device I/O routines */
static int
enable_aux_dev(KBDC kbdc)
{
    int res;
	
    res = send_aux_command(kbdc, PSMC_ENABLE_DEV);
    VLOG(2, (LOG_DEBUG, "psm: ENABLE_DEV return code:%04x\n", res));
	
    return (res == PSM_ACK);
}

The method send_aux_command() always returns 0x00fe which is PSM_RESEND declared in atkbdcreg.h:

#define PSM_RESEND		0x00fe

If it is called PSM_RESEND why doesn’t the psm driver do what the error indicates? Retry the operation untill PSM_ACK is returned? Therefore I decided to change the method to:

/* device I/O routines */
static int
enable_aux_dev(KBDC kbdc)
{
    int res = PSM_RESEND;
    int ret = 7; /* just a view retries */
	
    while ( res == PSM_RESEND && (ret--) )
    {
        res = send_aux_command(kbdc, PSMC_ENABLE_DEV);
        VLOG(2, (LOG_DEBUG, "psm: ENABLE_DEV return code:%04x\n", res));
    }
	
    return (res == PSM_ACK);
}

But it didn’t fix the issue: send_aux_command() still returns PSM_RESEND. I came to the conclusion that it won’t stop doing so. I blamed it on my KVM switch and fixed it radically:

Notice: This fix bypasses the described solution pretty ugly and is the worst hack you may come up with when solving this problem. Google around and try any solution that comes up, and only read on when you are really desperated and frustrated because the solutions you found do not work as promised.

Albeit the ugliness of the hack it works just fine for me:

/* device I/O routines */
static int
enable_aux_dev(KBDC kbdc)
{
    int res = PSM_RESEND;
	
    res = send_aux_command(kbdc, PSMC_ENABLE_DEV);
    VLOG(2, (LOG_DEBUG, "psm: ENABLE_DEV return code:%04x\n", res));
	
    return (res == PSM_ACK || res == PSM_RESEND);
}

FreeBSD still boots and creates a /dev/psm0 device which works just fine (tested with moused and with Xorg) but gives the following output:

psm0: unable to allocate IRQ
psmcpnp0: <PS/2 mouse port> irq 12 on acpi0
psm0: current command byte:0047
psm0: failed to get status.
psm0: <PS/2 Mouse> irq 12 on atkbdc0
psm0: [GIANT-LOCKED]
psm0: model Generic PS/2 mouse, device ID 255-ffffffff, 2 buttons
psm0: config:00000000, flags:00000008, packet size:3
psm0: syncmask:c0, syncbits:00

Whoops ;).

For the brand new Vista package! It includes:

• Windows Vista
• Microsoft Office 2007
• 2GB Mini SanDisk USB Stick (ready for ReadyBoost!)
• Vista Mouse Pad
• USB DirectSync cable
• DirectSync Software
• Security USB Stick
• Product Guide & and lot of informations!
• Zoo Tycoon 2

Thanks a lot!

(Click to enlarge)

I recently searched through the internet looking for a good FreeBSD icon set for KDE 3.5.X but I didn’t find any. Therefore I downloaded the new logos from the FreeBSD site and made a KMenu icon for myself. Just download it, and extract it at /usr/local/share/icons into your current icon set folder. You might want to back up your original “kmenu.png”. Check it out!

:: Download at KDE-Look ::
:: Direct download ::

I installed apache22 and mod_perl on the machine to serve a little web page showing the user his IP and describing him where he landed. Currently it is only available over IPv6, the rest must wait until I open and redirect the IPv4 http/tcp port back to saladrex. You may also reach saladrex’ vsftpd over IPv6 - but the public ftp directory is currently empty though (I don’t have anything interesting to share) - or ssh over IPv6 (Putty can do it for Windows) but it’s pretty an outpost since no else (school, internet cafe and so forth) provide IPv6.

You may reach him via Freenet6 over IPv6 or via DynDNS over IPv4. So far, my IPv6 workings at home have finished with a good looking result.

I didn’t believe that it was that easy. I just grabbed the TSP Client from Freenet6 and compiled and installed it:

make install target=freebsd installdir=/usr/local/freenet6

Now I edited /usr/local/freenet6/bin/tspc.conf: I filled in my credentials, switched to the server broker.freenet6.net and changed the host type to “router”. The next thing I did: I created a new rc.d script which would automatically run the tspc client software for me. This program is a little bit annoying though, since it outputs everything to stdout. But I suppose this can be fixed somehow by editing some magic lines the config file. I rebooted saladrex to check if the rc scripts do their work: Yes, like a charm.

Now I tried to ping6 ftp.freebsd.org… Like a charm. Next big step: Get it cracking on Windows XP SP2. I removed the TSP Windows Client from my working machine “adalon” and rebooted [just to be sure, you never know ;)] it. Running ipconfig gave me the following:

(Click to enlarge)

Hmmm… The configuration seems a bit overheaded and confusing. 2001/ addresses mixed along with my rtadvd addresses fc00/. I am not a genuis when it comes to IPv6 routing/networking, it may be that I misunderstood something or did something pretty circumstanced. But it seems I reached my goal, so lets try to ping something:

(Click to enlarge)

Yeha! It worke! Without the Windows TSP Client running in the background, how awesome! This means that my saladrex box must be available over nohero.broker.freenet6.net for IPv6 and nohero.dyndns.org for IPv4. Although my IPv4 router does not forward *any* port by now, so if you want to brute force me you have to use IPv6 ;-). Next thing will be: Serving something over IPv6 to the public.

And the finest thing: I can browse some websites using IPv6.:

www.kame.net as http://[2001:200:0:8002:203:47ff:fea5:3085]/ — I can see dancing turtles!
ftp.freebsd.org as http://[2001:4f8:0:2::e] — All hail the beastie.
6net.iif.hu as http://[2001:738:0:402::2] — “You are using IPv6 :)”

I have IPv6 installed on all my boxes, regardless if it runs FreeBSD or WinXP. But I barely used it. I didn’t had any IPv6 router who gave away addresses, and was therefore bound to link local adresses. Well, it was not such a problem for FreeBSD since their hosts file allowed the link identifer, but WinXP didn’t. And typing “fe80::240c:88:a78a:8f9e%8″ everytime I would like to reach my other box is pretty sadistic, isn’t it?

Therefore I decided yesterday to get myself an IPv6 router (in addition to my IPv4 one, a D-Link 604 I have received with my aDSL connection). First of all I looked for a hardware router, but those are not very easy to find and get: Either they are way to overhead (24 port router, with 1GBit uplink and so forth) or way to expensive. There was a D-Link (W)LAN router who may operate IPv6, but only if you upgrade it with a firmware which is currently in alpha state. And everytime I thought about having an alpha firmware raised one clear image in my head: My yammering sister complaining about the internet not working, and a pissed of guy that is me rebooting the new D-Link every 4 hours or so. *shudder*. No way.

So the only solution was a software IPv6 router. This solution really came in handy, since I have two boxes at home which don’t have anything to do at all. I picked saladrex, my FreeBSD 6.1 discs and my FreeBSD book today and started working. Saladrex is a Pentium 4 with 1.8 Ghz, two 256MB DDR-RAM and two 30 GB harddisks which was intended as backup server running FreeBSD 5.4. I decided to remove FreeBSD 5.4 and upgrade to 6.1. I believe it was a good decision because maybe some tricks explained in my FreeBSD book which is for 6.0 might not work on 5.4.

The primary 30GB had some bad sectors, thefore I made it slave *whip-cracking* and elevated the second to the master. I formatted both and installed FreeBSD as usual: Plugged in a keyboard and a monitor and run the FreeBSD setup program. The root and the usr directory got mounted on the first error free hard disk and a global pub directory - which will later be served over ftp/http - on the second non-error free hard disk. I just installed the kernel plus sources, base, man and ports; thats all I need. After installation I started the sshd daemon, so I can configure the rest on my laptop while lying in my bed :)

I found out that I need to run the router advertisment daemon (short rtadvd) and serve as an IPv6 gateway. To achieve this I had to add some lines to rc.conf:

ipv6_enable="YES"
ipv6_gateway_enable="YES"

So far so good. But I cannot serve as a gateway or a router without a fix IPv6 address. Hah, and there is the trick: Currently I am not in the 6bone network, that means I do not have any IPv6 address which I can use for myself. And the site local addresses “fec0::/10″ are now deprecated. By now I picked the Unique Local Adress prefix (fc00::/7) and did the rest on my own. I came up with the new address: fc00:a80:523::1 (Yes! Yes! I know! It is neither very long nor the best solution, but well… these addresses will never reach the internet, so who cares?). And assigned it to my interface rl0:

ipv6_ifconfig_rl0="fc00:a80:523::1"

After a reboot my interface card has now, beside the link local address which does not want to go away, the address fc00:a80:523::1. Now, the only thing left to do is to setup rtadvd. Ha! Cannot be easier:

rtadvd_enable="YES"
rtadvd_interface="rl0"

But wait! It still needs a config file! So here we go:

rl0:\
  :addrs#1:\
  :addr="fc00:0a80:523::1":prefixlen#64:tc=ether:

The first line defines the interface we are configurating, the second how many addresses follow, and the second defines the first address. I rechecked the rc.conf is everything is alright and rebooted: To see if the routing worked and to see if the startup scripts behave correctly.

Ha! It works: My Windows Vista RC 2 successfuly retrieved an address starting with “fc00:a80:523″:

(Sorry for the German screenshot though, but I guess you can see what I mean anyway. Click for a larger view.)

Next thing to do: Test the network. I went to /usr/ports/ftp/vsftpd and installed vsftpd on the FreeBSD box. But now it’s getting tricky: I want the vsftpd to be reachable from outside, everywhere I go (oh no… IPv4) and in my LAN (IPv6). Which means: Two seperate vsftpd configuration files - since the two “listen” flags are mutually exclusive - to setup and to maintain. So here we go: Two vsftpd config files allowing anonymous login only, but prohibit any write commands. One listening on IPv4, and the other on IPv6. The two files are almost the same except for the listen statement:

# IPv4 way, vsftpd.ipv4.conf
listen=YES
# IPv6 way, vsftpd.ipv6.conf
listen_ipv6=YES

And I slightly modified the welcome text for the IPv6 version. Since two instances of vsftpd have run on start up, I cannot use the default rc.d script and wrote my own:

name="vsftpd"
rcvar=$name
# for IPv4 only:
# command="/usr/local/libexec/${name}"
# command_args="/usr/local/etc/vsftpd.ipv4.conf &"
start_cmd="${name}_start"
stop_cmd="${name}_stop"
	
vsftpd_start()
{
   echo "Starting vsftpd for IPv4... "
   /usr/local/libexec/vsftpd /usr/local/etc/vsftpd.ipv4.conf &
   echo "Starting vsftpd for IPv6... "
   /usr/local/libexec/vsftpd /usr/local/etc/vsftpd.ipv6.conf &
}
	
vsftpd_stop()
{
   echo "Stopping vsftpd... "
   killall vsftpd
}
	
load_rc_config $name
run_rc_command "$1"

It is more a hack than a fully working script, but it works. Phew… Now start the twins:

saladrex$ /etc/rc.d/vsftpd forcestart
Starting vsftpd for IPv4...
Starting vsftpd for IPv6... 

And probe for them:

saladrex# nc -z localhost 21
Connection to localhost 21 port [tcp/ftp] succeeded!
saladrex# nc -6z localhost 21
Connection to localhost 21 port [tcp/ftp] succeeded!

Yeha! Looks great. But before we test them, we set the access rights for the new /pub/ftp folder (commands ommited). Okay, let’s try it from Windows Vista:

(Click to enlarge)

Hey! Great job! This small feeling of success is enough for today. Tomorrow I will try to get IPv6 enabled internet working using the Freenet6 TSP client software. Let’s see if we can mac-gyver this one.

You will surely read more soon!

Reading a news paper is a very important thing no one should skip. It informs me of news, events and some new technologies that might be out there. When I read “analog” news everything is fine: I can buy two or three sources (newspaper, or watch the news on TV) and can get different opinions. But the most important thing: I am are free of user comments. A very, very important point why “digital” (forums, news services and so forth) are the cancer of information spreading: Because every dumb-f*** - at least every one who can use a Computer - can write his own opinion as a comment to the news.

This issue can be found in an extremly degenerated manner in technical internet news services, like Slashdot, Golem or Heise. Just go to your favourite news portal and take a look at it, and I am sure you will agree with me: Everytime some certain technical words are spoken the counterpart crawls out of their hole’s and starts flaming. Without a reason, and without being invited (!).

The most common case is the ‘W’ or the ‘M’ word is being said in an article and the fellowers of the L word start rising like rotten brain dead zombies in your favourite B-movie. The same with the adherent of the ‘A’ sect. Ohh, don’t get me wrong, and don’t take it as a chance to start the mess I am speaking of: It is the same the other way round.

But the most idiotic on these posts is their content: Each of these posters take the article as a chance to defend their point of view. Even if the article does not even mention their “side”. The results are as usual: Flamming, trolling, threatening, sapping of the other’s product. And sites of sites of useless, hollow “discussions” which repeat like a parrot on every article postet.

And even if there is atleast one who writes sentences like: “everyone should use what he wants to use” or “every system has drawbacks and benefits”… well… He will be ignored by others or - even worse - being pegged as ignorant.

I am so sick of it. And if you are either: Lets boycott internet news platforms!