shapeshifter.se

Handy system clock for AVR 8-bit microcontrollers suitable for measuring elapsed time or for use with timers. This provides
a monotonic time since system startup (like the POSIX CLOCK_MONOTONIC).

The system clock is based around a 32kHz clock crystal and one of the 8-bit timers provided by the AVR, it is possible to use the CPU frequency as a timer base as long as it’s a nice, dividable, frequency.
To be able to provide a stable 1 Hz clock but still have sub-second precision we divide 1 second into an arbitrary number of
system ticks. To minimize CPU usage the tick counter should be increased at each interrupt, this means that the number of
ticks per second we we choose determines our interrupt frequency and timer resolution.
How to choose number of ticks? It all depends on your required resolution, if you only want a 1 second resolution a tick and a second becomes equal.

The AVR timer is a 8-bit register that simply counts at the rate of its clock source. The clock source can be either the CPU
clock or an external oscillator, the clock source is also subject to a prescaler to further decrease the frequency.
The timer then generates an interrupt on overflow and/or when it hits a pre-configured value.
Since its a 8-bit timer, we have a maximum of 256 cycles before an interrupt is generated, a smaller interval can be achieved by using the comparator match to generate an interrupt at a specific value.

This example is creating a 1/32 second resolution timer (32 ticks per second) using an external 32768 Hz watch crystal.
comp is the comparator value, to avoid re-arming it with different values it should be limited to 128 or 256, otherwise it has to be changed at each interrupt.

The following to equations can be used to calculate either comp or the prescale value.
prescale is limited by the target device, but common values are powers of 2 (8,32,64,128,256,1024).

Using 128 as the comp value and inserting the other values into equation 2 yields the following prescaler

So, a prescaler of 8 gives us two interrupts per 256 cycles, one at 128 and one at 256 (overflow). Using 256 as comp would yield a perscaler of 4 but the target device I used didn’t have a TS/4 prescaler.

Complete source code for a 1/32 (or 31.25ms) second resolution timer for the ATmegaxx4 using Timer 2 and a 32kHz watch crystal connected to the pins TOSC1 and TOSC2.
Requires AVR libc.

#include <avr/io.h>
#include <avr/interrupt.h>
 
typedef uint32_t clock_time_t;
static clock_time_t global_system_ticks = 0;
 
/* ISR for the timer overflow */
ISR(TIMER2_OVF_vect)
{
    global_system_ticks++;
}
 
/* ISR for the comparator */
ISR(TIMER2_COMPA_vect)
{
    global_system_ticks++;
}
 
/* Return number of elapsed ticks */
clock_time_t clock_time()
{
    return (global_system_ticks);
}
 
/* Return number of elapsed seconds */
unsigned long clock_seconds(void)
{
    uint32_t tmp;
 
    TIMSK2 &= ~(1 << OCIE2A) | (1 << TOIE2);
    tmp = global_system_ticks / 32;
    TIMSK2 |= (1 << OCIE2A) | (1 << TOIE2);
    return (tmp);
}
 
void clock_init()
{
 
    /* Enable external oscillator (32 kHz crystal) connected to TOSC{1,2} */
    ASSR |= (1 << AS2);
 
    /* Reset timer */
    TCNT2 = 0;
 
    /* Set TS/8 prescaler, results in a 4096Hz clock */
    TCCR2B |= (1 << CS21);
 
    /* Compare at half counter value */
    OCR2A = 128;
 
    /*
     * Enable overflow and compare interrupt.
     * Triggers each 1/32 secs
     */
    TIMSK2 |= (1 << OCIE2A) | (1 << TOIE2);
}

Creating PCB footprints is usually quite easy as most components come in standard packages.
Footprints for ‘magjacks’ (RJ45 with built-in Ethernet transformer) are another thing as different manufactures tend to at least put the LED pins at different positions.

Here is an Eagle PCB footprint I created for the MagJack (MJF13T36L-KF06B3GY-0808) from MoreThanAll sold by Sparkfun.

This one has been proven in production and it works, however you should double- (and triple-) check pin-outs and footprint of your device before sending a PCB for manufacturing using this part. Use at your own risk.

Magjack schematic

Magjack footprint

Download

morethanall_magjack.lbr

Getting FreeBSD to connect to a Windows VPN using PPTP (who designed that protocol anyway?) is not the most pleasant experience, but at least it’s doable.

The most competent console tool for this in FreeBSD is probably Mpd5. It’s quite easy to work with but you’ll need to get all the details right otherwise it just won’t work.

The following mpd.conf configuration file worked for me and allowed me to successfully connect to a Windows VPN. One of the keys were to disable EAP, this particular VPN server just plain refused to work with it enabled

default:
    load vpn
vpn:
    create bundle static B1
    # Create a default route (use a net/mask to create specific routes)
    set iface route default
    # Script to execute on connect (custom routes etc)
    # set iface up-script /usr/local/etc/route-up.sh
    # Accept any IP-address
    set ipcp ranges 0.0.0.0/0 0.0.0.0/0
    # Microsoft Point-to-Point Compression, only enable if you have a really fast machine
    # set bundle enable compression
    set ccp yes mppc
    set mppc yes e40
    set mppc yes e56
    set mppc yes e128
    create link static L1 pptp
    set link action bundle B1
    # Replace with you credentials or use the mpd.secret file
    set auth authname USERNAME
    set auth password SECRET
    set link max-redial 0
    set link mtu 1460
    set link keep-alive 20 75
    # Hostname/IP of the VPN server
    set pptp peer vpn.example.com
    set pptp disable windowing
    set link no eap

Save it to a file, say mpd.conf in /usr/local/etc/mpd.conf and simply run mpd5 mpd.conf and with some luck you’ll be connected the the VPN.

The order of the statements are important. As they only apply to the current selected link (create link) or bundle (create bundle). Keep this in mind when editing.

Windows logon name

If you’re connecting to a Windows network you’ll probably need to use “DOMAIN\\username” as the authname (with the quotes and double backslash).

Firewall and NAT issues

The PPTP protocol is far from ideal. If you’re behind NAT chances are you won’t be able to do multiple PPTP connections to the same VPN server from within your LAN.

You’ll also need to allow the GRE protocol through, with Free/OpenBSD pf (packet filter) the following line is enough (you still won’t be able to do simultaneous connections to the same server though)

pass out on $ext_if proto gre from ($ext_if) to any keep state

Replace $ext_if with your external network interface.

…or annoyances with the DSPAM hash driver

I’ve been running DSPAM for a long time and the spam classification is great, unfortunately the maintenance tools are not as it turns out. This is the tale of why and more especially HOW I moved from the hash driver to the mysql driver as a backend for my DSPAM installation.

Read the rest of this entry »

The FreeBSD Diary and Riseup labs describe a way to anonymize the first “received from” header with usually contain the IP-address of the computer the mail was sent from.  This information is removed by taking advantage of the “Authenticated sender” and the header_checks directive in Postfix.

The “Authenticated sender” is added when a user has been authenticated by the MTA through SASL and the directive smtpd_sasl_authenticated_header have been set to yes.  The header_checks directive takes a file containing a regular expression which rewrites the header data and removes sensitive information.

This all works well – with IPv4. The regular expression posted on the pages mentioned above does not take IPv6 addresses into account, I modified it slightly to accept both IPv4 and IPv6 addresses.

/^Received: from (.* \(\[?[-._[:alnum:]]+\]? \[([\.0-9]{7,15}|IPv6[\:a-fA-F0-9]+)\]\))(.*)
\(Authenticated sender: ([^)]+)\)(.*)(by mx1\.example\.com) \(([^)]+)\) with (E?SMTPS?A?) id
 ([A-F[:digit:]]+)(.*)/ REPLACE Received: from smtp-auth.example.com (smtp-auth.example.com
 [127.0.0.1]) (Authenticated sender: hidden)$5$6 ($7) with $8 id $9 $10

Note that this should be one single line.

Put this in a file, for example /usr/local/etc/postfix/obscure_smtp_auth and add the following to your Postfix configuration (assuming you have SASL working).

header_checks = pcre:/usr/local/etc/postfix/obscure_smtp_auth
smtpd_sasl_authenticated_header = yes

The first header will now be rewritten, for both IPv4 and IPv6 clients and will look something like this.

Received: from smtp-auth.example.com (smtp-auth.example.com [127.0.0.1]) 127.0.0.1 (Authenticated sender: hidden)
	by mx1.example.com (Postfix) with ESMTPSA id 3677033C6F
	for &lthostmaster@example.se>; Wed, 10 Dec 2008 16:31:51 +0100 (CET)

instead of

Received: from [IPv6:2001:xxxx:xxxx:xxxx:xxxx:xxxx:fedd:7914] (unknown [IPv6:2001:xxxx:xxxx:xxxx:xxxx:xxxx::fedd:7914])
	(Authenticated sender: someuser@example.com)
	by mx1.example.com (Postfix) with ESMTPSA id 3677033C6F
	for  &lthostmaster@example.se>;  Wed, 10 Dec 2008 16:31:51 +0100 (CET)