A project I’ve been hacking on for a while is a self-contained 1-wire to IPv6 bridge based on an Atmel AVR ATmega644 and the ENC28J60 Ethernet controller from Microchip.

1-wire: is a serial bus from Dallas Semiconductor/Maxim that only requires 1 data line, there are a number of cheap sensors and other devices for this bus. The strength of this bus is not its speed but that it supports large ranges (up to 300 meters).
Also, each 1-wire device has a permanent unique 64-bit serial number.

IPv6: Insanely large address space. It’s common to use a 64-bit netmask for site networks so that EUI-64 based addresses can be used for auto configuration. This leaves 64-bit for the node address – do you see where this is going now… :)

Yes..I’ve built a device that assigned each 1-wire device it’s connected to its own IPv6 address. Why? you ask, mostly because I can.

Hardware

As mentioned above, the device is based on an AVR ATmega644. It has 64KB of flash memory for program code and 4KB of RAM. It’s running on its built-in oscillator at 8MHz. The ENC28J60 Ethernet chip is connected to the AVR using SPI. The rest of the hardware is mostly for power distribution and management.

The PCB was manufactured by BatchPCB, cheap service but a bit slow turn-around time.

Unfortunately I screwed up the SPI connection but I managed to fix that with some green wires (or black wires in this case). You’ll note them in the picture above.
I also intended to run the AVR at 5V and the ethernet chip at 3.3V. This is what the quad AND-gate in the upper right
corner was for, but since I screwed up the SPI routing it’s disconnected and the whole circuit is running at 3.3V.
The ENC28J60 can only run at 3.3V, the AVR has a range from 2.8-5V and 1-wire should be ran at 5V but works at 3.3V. Hence the need for TTL voltage translation.

As for the 1-wire devices I had implemented a bus master in software that generated the require waveforms. It worked great up to about 10-15 meters. Any cable length greater than that refused to work.
This was a bit unexpected and without an oscilloscope it was more or less impossible to figure out where and how the signals got mangled. So I simply got a DS2480 1-wire line driver that generates the required signals in hardware with more precise timing.

Add-on board with a 1-wire master

This required an add-on board and because I didn’t want to wait for a new PCB I used a 2.54mm prototype board. With the DS2480 only available in SOIC8 packages it required some “creative” soldering :).
The DS2480 required 5V, thus It had to get its own power supply and also required level translation on the UART line between this device and the AVR. I choose an approach using MOSFETs and a few resistors for this (the TO92 packages in the picture above). This turned out to work really good and I think I’m going to use this for the SPI level translation in the next revision of the board.
The wire leaving the board on the left side leads to the 1-wire sensor devices.

The add-on board is extremely ugly. But hey, it works.

Future improvements for the next revision

• Use of external crystal at 16MHz instead of internal 8MHz clock.
• Use MOSFETs for 3.3-5 V translation. Need to test it at 16MHz before manufacturing a PCB though.
• Obviously fix all PCB errors :)
• All SMD parts (resistors and voltage regulators) to shrink PCB size even more.
• Better power distribution. I was a bit too conservative with the decoupling capacitors resulting in some weird power problems (fixable with some caps)
• Create a real add-on board

I’ll publish the PCB CAD files when the next revision is complete.

Software

The only small IPv6 stack I know of is the uIPv6 stack in the Contiki operating system created by Adam Dunkel et al. This is unfortunately only available together with Contiki and not as a stand alone package as the originally uIP (IPv4) stack.

Contiki is a great operating system, but when you only have 4KB of RAM it becomes a bit heavy weight. So I broke out the uIPv6 stack from Contiki and made it run stand alone and ported in to AVR. I also ported the web server application from Contiki and made it run on AVR. As I wanted to use multiple IPv6 addresses I also had to add support for IP aliases to the uIPv6 stack.

Since the uIPv6 was integrated with Contiki it used the Contiki process model which it self is based on “proto-threads” (another thing invented by Adam Dunkel). I felt that this didn’t fit so I turned all processes into a polling mode instead. So one has to call a set of polling functions from the main application loop or from timers.

The other major parts of the code are drivers for ENC28J60, DS2480 and DS1820.

Software

1-wire devices

30 second polling interval with auto-discovery of new devices.
Each device is assigned its own IPv6 address, requires a /64 network to be available.

Webserver

Integrated web server makes it possible to visit each address. An XML file with the latest sensor reading is returned. An “age timestamp” is also provided which makes it possible to determine how old the reading is.

Currently, with 5 1-wire devices connected it uses about 3KB of RAM.

• Source code
• uIPv6 port

In-action

I only have temperature sensors connected at the moment. If you happen to have an IPv6 capable connection you can access the sensors through a web browser.

2001:16d8:ffe5:002:2894:eaf6:100:0c7
2001:16d8:ffe5:002:28c1:b4f6:100:035
2001:16d8:ffe5:002:2809:aef6:100:0ca
2001:16d8:ffe5:002:28c5:a5f6:100:058
2001:16d8:ffe5:002:2813:caf6:100:050

(If you don’t have IPv6 you should get it, or you can view graphs based on the sensor values at lindberg.tl instead).

The FreeBSD Diary and Riseup labs describe a way to anonymize the first “received from” header with usually contain the IP-address of the computer the mail was sent from.  This information is removed by taking advantage of the “Authenticated sender” and the header_checks directive in Postfix.

The “Authenticated sender” is added when a user has been authenticated by the MTA through SASL and the directive smtpd_sasl_authenticated_header have been set to yes.  The header_checks directive takes a file containing a regular expression which rewrites the header data and removes sensitive information.

This all works well – with IPv4. The regular expression posted on the pages mentioned above does not take IPv6 addresses into account, I modified it slightly to accept both IPv4 and IPv6 addresses.

/^Received: from (.* \(\[?[-._[:alnum:]]+\]? \[([\.0-9]{7,15}|IPv6[\:a-fA-F0-9]+)\]\))(.*)
\(Authenticated sender: ([^)]+)\)(.*)(by mx1\.example\.com) \(([^)]+)\) with (E?SMTPS?A?) id
 ([A-F[:digit:]]+)(.*)/ REPLACE Received: from smtp-auth.example.com (smtp-auth.example.com
 [127.0.0.1]) (Authenticated sender: hidden)$5$6 ($7) with $8 id $9 $10

Note that this should be one single line.

Put this in a file, for example /usr/local/etc/postfix/obscure_smtp_auth and add the following to your Postfix configuration (assuming you have SASL working).

header_checks = pcre:/usr/local/etc/postfix/obscure_smtp_auth
smtpd_sasl_authenticated_header = yes

The first header will now be rewritten, for both IPv4 and IPv6 clients and will look something like this.

Received: from smtp-auth.example.com (smtp-auth.example.com [127.0.0.1]) 127.0.0.1 (Authenticated sender: hidden)
	by mx1.example.com (Postfix) with ESMTPSA id 3677033C6F
	for &lthostmaster@example.se>; Wed, 10 Dec 2008 16:31:51 +0100 (CET)

instead of

Received: from [IPv6:2001:xxxx:xxxx:xxxx:xxxx:xxxx:fedd:7914] (unknown [IPv6:2001:xxxx:xxxx:xxxx:xxxx:xxxx::fedd:7914])
	(Authenticated sender: someuser@example.com)
	by mx1.example.com (Postfix) with ESMTPSA id 3677033C6F
	for  &lthostmaster@example.se>;  Wed, 10 Dec 2008 16:31:51 +0100 (CET)

Note: This is about “intra-AS” IPv6 routing and networking as I haven’t had the opportunity to play with IPv6 BGP stuff.

I got a (insanely) large IPv6 address space from SixXS statically routed to me over a 6-in-4 tunnel, it’s connected to a static IPv4 address on a machine with plenty of bandwidth.  As I wanted IPv6 connectivity at multiple points I figured that instead of wasting a /48 for every location I could just as well setup my own “overlay” IPv6 network running on top of several IPv4 tunnels.

Read the rest of this entry »

Granted it’s still poor-mans-ipv6 (aka ipv6 over a ipv4 tunnel), but still. If you’re IPv6 capable you’re most likely reading this over IPv6 already.

The IP address for www.shapeshifter.se is 2001:16d8:ffe5:1:1::1 (from 2001:16d8:ffe5:1::/64)

It has got some shiny AAAA/PTR records too.

shapeshifter.se has IPv6 address 2001:16d8:ffe5:1:1::1
1.0.0.0.0.0.0.0.0.0.0.0.1.0.0.0.1.0.0.0.5.e.f.f.8.d.6.1.1.0.0.2.ip6.arpa domain name pointer www.shapeshifter.se.

I played with IPv6 several years ago (back during the 6BONE days) and recently decided to give it another shot.  Most of my services are now available through IPv6 and my local LAN has IPv6 connectivity. I’ll write more about that in another post.