OpenBSD Routing with PF

Last summer, I inhereited the bulk of the sysadmin duties at WUVT, the campus radio station, and have been in the process of improving their infrastructure. One project I've been working on is migrating our current router (pfsense, which I would not recommend) to an OpenBSD box. OpenBSD tends to work very well for pretty much any router application that's not consumer-grade or ISP-grade because hardware tends to be comparatively cheaper, incredibly secure, and much more extensible. The main downside tends to be lack of support contracts, but OpenBSD tends to be incredibly well-documented compared to Linux.

My favorite feature in OpenBSD (and other BSDs) is probably PF (the packet filter) which controls routing/NATing and the firewall. On Linux, this would involve using iptables instead, which is a major pain as you have to use its confusing shell interface rather than a simple config file. PF also eliminates the complex "chain" style that iptables uses, and allows you to update rules on the fly by simply rewriting the config file. Additionally, it supports anchors, which are essentially functions you can call on a ruleset.

Quality-of-service support is also built-in, which is a nice way to prevent a single user or service (bittorrent, for example) from hogging the entire pipe. Essentially, you can set different priority queues which are selected by the service, port, or interface using a connection. I haven't tested this in OpenBSD, but it works great for dealing with the congestion management practices of horrible ISPs.

Re: Dorm automation

I just recently saw Ben's post  on Dorm Automation ideas and felt I should share something similar I've done. Last year, I lived in Barringer Hall, a horrible dorm lacking both air conditioning and a thermostat for the radiator. We had fans in the windows, but it became a huge pain for me to get out of bed to turn them on and off whenever I wanted to change the temperature. Using an Arduino, ethernet shield, WRT54G, and spare components, I set out to create an unnecessarily complex system for controlling my fan wirelessly and satisfying my laziness. As it turns out, this was extremely easy to do by hacking together a bunch of sample code, simple circuits, bash scripts.

I installed OpenWrt on my router, which is a custom firmware designed to add lots of enterprise features on consumer hardware; it runs the Linux kernel, but not the full GNU userspace due to a lack of flash memory. It was already running a HTTP server, so I was able to just write a simple HTML page that included frames of external pages on the Arduino. On the Ardunio, I modified an example web server and had it also interface with a LM34 temperature sensor to display its output value, which was fairly easy to do. Hardware was equally simple, as I only needed a NPN transistor to amplify the signal from a digital ouptut pin and operate a solid state relay which controlled a 120VAC extension cord. I ended up putting it in a large enclosure to discourage questions from curious fire marshalls. While the whole setup was one big kludge, it worked well and I was the envy of my fellow engineering hallmates.

Unfortunately, I don't think I saved my final code, so I can't share it. I had planned to replace this whole setup with a more robust python daemon, but soon moved to an apartment with a real thermostat and disassembled it. In the future, I plan on replacing this with either something python based on a laptop that controlls a parallel port or a Cerebot board I have left over from 2534. My eventual goal is to have something more complex than Zack Anderson's setup.

Project Idea: Dorm automation using an IRC network

I happen to have a lot of hackable wireless and networking equipment in my room at the moment: My desktop (of course), my phone, an unused wireless router, an arduino with an ethernet shield, a raspberry pi, Cerebot PIC trainer board with an ethernet port, and three laptops, in various states of repair.

I’ve been thinking about automating various aspects of my dorm. There are a bunch of related items in my room that I think could benefit by controlling each other:

  • Electric kettle
  • Lamps/overhead lights
  • Door lock
  • Window blinds
  • Alarm clock
  • stereo
  • smartphone

Having written an IRC bot for ECE2524, I’m now aware of how easy it would be to connect all of these things using nothing but an IRC network, with servers on the RPi and my desktop computer. I may need to start connecting things together in new and interesting ways :D

Project Idea: Roguelike game based on university tunnel systems

I’ve been playing the roguelike game known as “Stone Soup" since sophomore year of high school. I’m only now beginning to tire of it; I recommend it highly. If you’re unfamiliar with roguelike games, there’s a good writeup here. I was thinking one day about the steam tunnels beneath VT (which I have absolutely not ever been inside), and I think they would make a really excellent backdrop for a roguelike game. Especially if you found maps of other schools’ tunnels and made it a collaborative thing. There could even be an online component, where you could leave messages for other crawlers to find as they played. I’m thinking that, where other roguelikes have levels of the dungeon, this might be arranged more like the Pokemon Gameboy games: Each tunnel system culminates in some kind of boss battle, perhaps against the school’s mascot? You would go around collecting victories over each of the other schools’ dungeons, and then come home to your own dungeon and adventure for a while. These are all just ideas floating around in my head; if you have suggestions you should share them.

Programming languages I like

Since I began programming in 7th grade, I’ve used dozens of languages to do many different things. Some of these languages I liked, and some I did not.

The languages I like seem to have some basic things in common. The most obvious one is that they’re simple. Simple can mean one of many things, though, in a programming language. Maybe it would help if I used examples (in approximate order of increasing level of abstraction):

  • C
  • Scheme
  • Python
  • Ruby

These are all languages that I consider “simple." There are many aspects to the simplicity of a programming language, but I think the primary one is this: It is easy, once you know a few simple rules about how the language works, to write non-trivial projects. This holds for the above four languages. There aren’t too many special cases for a programmer to remember.

In C, the only thing you need to hold in your mind is the basic abstraction of how the computer is actually doing computation. Once you have that, and a few syntax rules, you can write C effectively.

In Scheme, you need only one syntactic structure: The S-expression. You also need to understand the difference between functions and macros, but beyond that there are literally no special cases whatsoever. Function application is easy to wrap your head around, too, if you have a decent guide (Say it with me: “Thanks, Abelson and Sussman!").

Python and Ruby have objects at the center of their designs. In Ruby, everything you do is some combination of objects, methods, and blocks. In Python there are more special things to remember (list comprehensions, for loops, and iterators, to enumerate one category), but you mostly don’t *need* to remember them. And you can look them up when you do need them.

Compare these to a couple other languages I’ve been forced to use recently: C++ and PHP.

C++ is the antithesis of “simple." There are a million things to remember when writing C++ code. What exactly does “const static virtual string& my_method(void);" mean about that method? And why does the compiler freak out about the string reference being a const when I try to use it later? I have never written more than 30 lines of C++ without making some stupid mistake, and I’ve probably written more C++ than I have any other language. I get the impression that you would need to write C++ for years and years to ever even approach “proficiency."

PHP is the other antithesis of “simple." It’s the least consistent language imaginable. How anyone can write PHP without a reference manual in their lap is totally beyond me. Should functions be camelCased or under_scored? The language “designers" couldn’t figure it out, either! What gets cast automatically and what doesn’t? I guess we’ll find out! Objects? Yeah, we have those!

I guess the conclusion of all of this is that one should write interfaces that are consistent, that stay out of the way, and that require very little figurative disk-space in the user’s mind.

Linuxifying my PC ‘scope, Part 2: Beginning

Today I started the process of creating a third-party driver for my USB oscilloscope, the Velleman PCSGU250. I began reading up on Linux device drivers in general (in Linux Device Drivers, 3rd Edition). It doesn’t seem all that difficult, to be honest. Of course, I’m only on chapter two, so we’ll see.

More importantly for this project, I figured out a method of actually determining what data gets sent to and from the oscilloscope during normal operation. At first, I thought the simplest thing would be to reboot into Windows and find some USB introspection tools that work in Windows. So I did that, but I couldn’t actually find anything that seemed to work for examining USB packets. Did a bit of research, and found that it’s actually easier to sniff Windows USB packets in Linux than in Windows.

It’s pretty simple to set up. I have Windows running inside a KVM instance (I assume VirtualBox would work, too), with the USB device forwarded to the virtualized machine. It’s then possible to use what’s known as the “usbmon” kernel module to monitor the USB traffic on the port.

"But that’s a bit gross to wade through using the standard interfaces, isn’t it?" you ask. Yes, it is. But never fear! Turns out, libpcap, everyone’s favorite network packet analysis library, also supports USB packets! And as we all know, libpcap has an extremely user-friendly frontend known as Wireshark!

So here is a screenshot of my current setup:

You can download a couple of the captures I created, and read a little more about the project, here.

I hope that, over this break, I’ll be able to actually get a driver written for this device. By doing this I expect to learn how to actually write Linux device drivers, and hopefully also save myself some money when I would otherwise need to buy a new DSO or a better PC scope that would work with Linux.

Linuxifying my PC ‘scope, Part 1: Exposition

This summer, while interning at IBM, I thought it would be a really capital idea to take a class online from Virginia Tech. I was mostly wrong. First, the material that usually fills a semester of ECE 2004 and 2074 (Electric Circuit Analysis lecture and lab, respectively) was crammed into only a couple of months. Second, I was also working 40 hours per week, and otherwise living a pretty full life.

The lecture component sucked: Every week there would appear a new video lecture, with slides and audio, in a proprietary format that could not be sped up. It would be about an hour and a half long. There would then be a homework assignment based on this lecture. Exams, though, were the worst. I needed to have one of my superiors at work proctor my exam during work hours. Anyway, I ended up doing quite poorly in this section. At the time, the C+ I received was the worst grade I had ever received in any class. I simply didn’t have time to devote to it.

This post, however, is actually about the lab component. This bit was much more enjoyable than the lecture, but I didn’t perform any better. It was equally time consuming, despite being worth only a third of the credit. Our work was validated via skype, and there was a very strict format for each of the lab reports, which I wasn’t very good at following.

Worse, though, we were not allowed to choose our own tools. We were required to use PSPICE (ridiculously buggy and user-unfriendly circuit design and analysis software), which is windows-only, and the Velleman PCSGU250 PC oscilloscope. This oscilloscope, as with many such PC ‘scopes, has drivers and software for only Windows. I needed to use Linux for work, so I had to run PSPICE and the oscilloscope software in a virtual machine. Long story told in short, I swore vengeance on the ‘scope.

I never really got the time to exact this vengeance, though. Until today, that is…

[Continued in the next post]

Everyone’s a Poet Assignment

Haiku:

Try to be simple

you don’t have to tell me that

other teachers won’t

 

Limerick:

I learned about unix

linux and other tricks

python and the shell

I thought that would be hell

but now I’m writing limericks

 

Posted in Uncategorized

Testing another groups project

The project I tested was the room reservation project. I thought it was every well done. It choose this one since I knew a couple people in the group and the project used c++ which I been doing in my applied software class. The code was very well organized which I think was the best part of the project. If you can’t understand how to explain your code to people in the future, then it makes things a lot more complicated for them to update or debug it. But since they gave many comments it made it easy to follow. They followed the Unix design philosophy, by making it simple and well organized with all the functions with it.

I wish I had more times to test out the other projects to see how they work, but maybe after the semester ends and during the break I’ll be able to look at them.

Posted in Uncategorized

Dasvidaniya

So it’s the last day of the semester. Wow! It’s kind of amazing to think about how I started here as an international student, and within just 4 months fell in love with this country and Virginia Tech!

The intro to unix class was an incredible experience for me. It was the first time I was experiencing the flexibility of the  American education system. It was for the first time that I focused more on writing code than memorizing theory – something common in India.

It wasn’t really a walk in the park though. Some of the assignments took me a lot of time to figure out, and it became difficult because of assignments from other courses. However, the excitement and joy of figuring it out and submitting the assignment before the due date was far greater than the frustration.

I really liked how different types of assignments and quizzes were used foe the course. Not only did it keep things interesting, but also kept me on my toes throughout the semester !