Sometimes you need to get packets from somewhere awkward, but you want to be able to stream them and do live analysis. Rather than dump to a file and ship that around Wireshark supports a bunch of modes to get remote captures, they are detailed on the Pipes Wireshark Wiki Page .

I want to be able to get Air packets (WIFI!) from OpenWRT, but think about them on my FreeBSD desktop.

I bought the OpenWRT One router for just this sort of thing. A well supported, modern hardware platform that also supports the OpenWRT project with money - who could resist.

OpenWRT Setup

The OpenWRT One router ships as a home router, with a 'secured' wan port and WiFi bridged with Ethernet on a LAN port, WiFi is disabled out the box. I'm pretty happy for the router to hang our on my network with the wan port facing my internal network and the LAN port for testing devices.

For my setup I needed to enable control on the wan port in the firewall and add rules for my PCAP server. Then I needed to configure monitor mode on the WiFi interfaces.

After a first set up, where I was made to configure a password I was locked out. A quick reset (hold the front button while powering on) returned me to some soft of factor default with the lUCI web interface uninstalled.A

That actually suits me fine - now I have to configure stuff on the command line I won't get confused by buttons.

I added rules to the WAN interface to allow SSH in and TCP connections to port 19000 by adding the following to /etc/config/firewall :

# allow ssh on wan port
config rule
    option name     Allow-ssh-wan
    option src      wan
    option dest_port    22
    option proto        tcp
    option target       ACCEPT

# allow serving pcap from netcat on wan port
config rule
    option name     Allow-pcap-wan
    option src      wan
    option dest_port    19000
    option proto        tcp
    option target       ACCEPT

And then reloaded firewall configuration by running

root@OpenWrt:~# /etc/init.d/firewall reload

I tested this works by ssh'ing in on the wan interface.

I then set up WiFi by editing /etc/config/wireless and changing the mode of default_radio0 to 'monitor' and changing 'disabled' to '0':

config wifi-device 'radio0'
    option type 'mac80211'
    option path 'platform/soc/18000000.wifi'
    option band '2g'
    option channel '6'
    option htmode 'HE20'
    option num_global_macaddr '7'
    option disabled '0'

config wifi-iface 'default_radio0'
    option device 'radio0'
    option network 'lan'
    option mode 'monitor'
#   option ssid 'OpenWrt'
#   option encryption 'none'

Running

root@OpenWrt:~# /etc/init.d/wireless restart

gave me a new interface in ifconfig:

phy0-mon0 Link encap:UNSPEC  HWaddr XX-XX-XX-XX-XX-XX-00-00-00-00-00-00-00-00-00-00
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:8064610 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:2521292141 (2.3 GiB)  TX bytes:0 (0.0 B)

pcaping

The easiest way to remotely get packets into Wireshark ssh'ing to somewhere an pulling stuff back over the socket, Wireshark has a builtin method for this via the sshdump extcap. Not all platforms package up all the Wireshark tools, FreeBSD is missing a lot of these and my capture target OpenWrt doesn't seem to have any.

I really don't want to build my own FreeBSD packages and I refuse to build my own OpenWrt ones.

After some long thoughts looking over the Wireshark capture modes I figured that I could feed packets from tcpdump into netcat and then let Wireshark pull them over the network.

From OpenWRT you need to install, netcat and tcpdump:

root@OpenWrt:~# apk add netcat tcpdump

With remote hosts being able to connect to the listener with the firewall rule (above) i could now run tcpdump and feed traffic into netcat:

root@OpenWrt:~# tcpdump -i phy0-mon0 --immediate-mode -U -w - | nc -l -p 19000

Wireshark can now connect to my remote host (192.168.4.34 as an example):

wireshark -k -i TCP@192.168.1.34:19000

OpenWrt netcat is jarringly different to FreeBSD (from openbsd) netcat, once I figured that out I was in business and started getting packets from the air from OpenWrt.

My work on FreeBSD is supported by the FreeBSD Foundation , you can contribute to improving FreeBSD with code, documentation or financially by donating to the FreeBSD Foundation .

The universe has conspired and I have had to leave the house or my 2024 travel development setup.

The last month or so my office at home has been getting very cold and I have been pushing off my Wife's comments of "work in the warm bit" with the response that "I need the cables from my laptop to the computer to do development". Having been made to leave the house this excuse is going to fall apart and I will have to stop pretending I'm some rugedd person out in the wilds.

To continue hacking on wifi I needed to make my setup portable, the Morefine M6 (the worst best computer) , is incredibly small and quite perfect for this.

Here is my full development setup:

The setup is composed of:

• Framework 13 with a 12th Generation Intel Processor and just not enough storage
• Morefine M6 N200 Intel mini pc
• GL.inet Beryl AX travel router
• Anker Prime Charger Power Supply
• Openterface KVM
• A random anker USB-C hub with ethernet
• A random no name USB-C hub with ethernet, PD pass through and a detachable cable with hates my monitor at home
• 2015 rad1o badge (its basically a hackrf)
• A pencil case full of cables
• The nice silicone Ethernet cables that came with my EEROs, but were too short to use.

Framework 13

The Framework 13 has been my main development machine since I joined The FreeBSD Foundation last year. It runs FreeBSD well and the processor does this amazing thing where it can build FreeBSD in the same time as my testbed build machines. Battery life sucks, WiFi is available, but there is no suspend.

I now mostly use it docked and I have a wonderful user experience of it as a computer that does what I want. Using the framework as a laptop again has been really nice. They have done a good job with these things.

I have been trying to streamline development as much as I can. Right now I do everything on my laptop and I have a script that handles deploying a kernel or userspace binaries, rebooting and running tests. The M6 fits into this as well as other hardware does.

Morefine M6

The linked blog post has more about the M6, the key part is that it has become my main development target for the last few months. Some kernel hackers are happy to work in the same VM they test on, but I like there to be a lot of separation between the computer I type into and the computer that kernel panics constantly. Maybe they write fewer kernel panics.

From sheer luck the M6 has the right WiFi I need to work and it has done a great job as a hypervisor running a single VM. Only very occasionally have I upset the wifi card enough to require a full host power cycle.

The downside of the M6 is the fan. I won't be able to use it in the quiet carriage of the ICE, but I'm now starting to target the WiFi in the framework for further testing so the timing of things worked out well.

GL.INET Beryl AX

For WiFi development I needed a test router as a target. I have been using USB WiFi dongles, but as rates go up there are a few downsides. FreeBSD support is good, but not great, generally they are limited on the bands they can support and they don't act as an independent test target.

When debugging things it is good to be able to rule out FreeBSDisms and the Gl.Inet was heavily discounted for Jeff's birthday party.

It is just OpenWRT with an extra UI layer, the extra UI can be turned off which I think will happen soon as I need a more useful machine for development than most people need for exceeding device limits on hotel WiFi.

The main thing for the GL.iNet so far is that it is a reasonably representative access point and it seems to be. Once we start pushing into ac and ax speeds it'll be great to have a good reference device.

Anker Prime Charger

All of these things need power and the idea of taking 5 USB-C power bricks with me on the road is quite upsetting. At my desk so far I have been using the Pine64 PinePower, but there are reports of it killing attached devices, the lcd screen makes audio output unusable with my laptop and there are occasional bugs.

The Prime Charger is a 250W power supply, it can spread this over a number of devices with 2 ports being high power, 2 lower power and 2 USB-A ports. I have wanted to replace the Pine Power for a while and a brand name GAN device with 4 USB-C ports and 2 USB-A ports was very tempting. Discounts for Geoff's birthday sealed the deal.

I am seriously underwhelmed.

The Morefine M6 is a 12V 3A USB-C device, which while not in spec, isn't too rare. The GL.inet is a 5V 3A device. My framework laptop will charge at whatever.

What I need from this power supply for travel is 3 consistent ports that will be on when they should be.

The Prime is completely unwilling to offer 12V to the M6. I was sure from reading the tiny spec block on the Geogs-books.com webpage that it could offer 12V 3A, but it turns out that is only offered on the USB-A ports and it is picky.

The supply offers multiple power zones which are shared across ports. This is super confusing and the UI is frankly terrible. The Pine Power just has 4 separate supplies.

I want to host computers from this supply, but it won't give me 12V so the M6 is on a different power brick (the one that came with the OpenWRT ONE - a toy for next year). While working I charged my headphones, lightning on USB2. When I unplugged the headphones my laptop got a full power cycle and reconnect. A terrifying thought it I were doing something useful on a computer running from the supply.

Other things

The Openterface (worst product name) arrived just before leaving and I threw it in my bag in case I needed to figure out what is going on with the M6. The KVM side requires software that depends on KDE Plasma 6 which isn't packaged yet on FreeBSD. The video part of the KVM is just a MACRO SILICON HDMI capture device which I have (and got for a tenner). This works without the KVM software so I took a keyboard with me to handle the host control part if needed.

I have a large collection of cables, I'm leaning towards taking silicone cables now and have USB-C and Ethernet ones. They are nice to hold and the flexibility makes them much less annoying to use on a desk with a lot of stuff. They don't pick things up as easily as PVC copper cables do.

I have a pencil case for most cables that I got in a street market in Berlin last summer. It was a nice find.

For my winter pause project I wanted to do something with radios. I chickened out travelling with the Flipper Zero, it is too expensive to risk being stolen by a security guard in an airport. Instead I took the rad1o badge with its battery removed. I'm going to write more about that project if it gets anywhere. If it gets going to be serious type 3 fun.

For power I have a Shargeek 140, its nice enough and a good form factor. It looks really cool. The final interesting thing I took with me (and isn't pictured) is a half frame 35mm camera. This will get a write up once I get the first films back. No point talking about it if it doesn't work.

I guess my winter pause project involves some software defined radio and it has been a long time since I've tried this. I borrowed the rad1o badge from a friend and have done some work to get it working as a hackrf . Thankfully hackrf ships a firmware for the rad1o badge and it is just an update to get it in sync with libhackrf, though you do lose the portapak features.

In the intervening 8 or so years there are a lot more and more user friendly tools available and I thought I would try out sdr++ (sdrpp in many places because the plus sign causes trouble with software. I'm not sure my blog engine can handle it either...).

sdrpp gives easy access to a frequency and waterfall view of the spectrum, supports many software defined radios and is able to demodulate various audio modes.

The first "check" with any sdr is to demod broadcast fm, that is "listen to the radio". Broadcast fm is a target of choice because it is put out with a ton of power, there are many stations and it requires an antenna as complex as a piece of wire (any length!).

I quickly found that the sinks menu of sdrpp only offered network audio. I think there is something up with the FreeBSD port or portaudio. I couldn't figure out how to debug this and debugging this isn't my project!

Instead I tried the network output, but other than "its pcm" in a github issue I couldn't find any information on what I needed.

Eventually I got to this:

nc -kul 127.0.0.1 7355 | sox -traw -r48000 -b16 -e signed-integer - -d

start up netcat on localhost and the port in the sdrpp ui (7355 for me). Pipe the audio to sox at 48000 (or whatever you configure) and treat it as raw signed-integer input.

This let me demod audio and scroll around the band. It might be sdrpp or it might be the part of Germany I'm in right now, but all stations were playing the same audio, different strengths and clarities, but the same audio.

Figuring out that is a different problem.

I’m not great about backups, I’m probably very good at backups compared to most, but not compared to the zfs experts I know. They are an outlier and shouldn't have been counted.

I am confused at why so few machines offer dual NVMe, I guess I understand laptops, but everything has space and power. If one is none then everyone should want their base storage to be a mirror.

Ideally there would be something with the power performance profile of the Mac mini, but with the ability to run the software I want without jumping through infinite hoops. Alas no, I’m stuck with the choice between poorly supported slow SBCs or expensive Intel boxes.

One day early in 2024 while searching Ali express for “dual nvme computer” as you do I found the Morefine M6.

This is a phone sized Intel N200 based SBC, it sports dual NVMe slots, 2.5G wired network, high speed wireless, usb-c for power, usb-c for data and three USB3 ports. This thing is a dream, a tiny machine with mirrorable storage that will run off nothing.

I had an idea for the M6 immediately, it can live on my desktop as a first hop backup target for my laptop. Mirror to the M6 at 2.5Gbit/s and it can then gradually upload to the cloud over the terrible VDSL (we since moved and have symmetric gigabit fiber, greatly reducing upload times, but the idea was still compelling).

The M6 came and I was immediately surprised at the weight of the device. I had thought from the pictures that it was an aluminium body, a metal that would act as a heat sink. Instead the entire case is plastic and there is a tiny fan and heat pipe arrangement to move heat away.

The second impression was the fan noise. This think is incredibly loud, the two pin fan has no way to control speed so it is always going.

The third thing was performance. The M6 arrived just as we closed on our house so I could only do a minimum of testing. I installed FreeBSD to a pair of mirrored usb sticks and started to do performance measurements of the CPU and network and the M6 continually locked up or reset. I never caught what happen, it was just dead.

Rather than debug this I bought and moved into a house a prepared for a child to arrive. Disappointed I couldn't resolve back ups before life got too hectic.

Return to the M6

Some time passes and I return to work after some wonderful parental leave.

I started porting OpenBSD's iwx WiFi driver (via haiku for complete weirdness) to FreeBSD. iwx supports Intel PCIe ax200, ax201, ax210 and ax211 chipsets, this is currently supported by the Linux compat iwlwifi driver on FreeBSD. OpenBSD decided rather than bloating iwm, to add a new driver supporting later chipsets.

I always planned to use PCIe pass through and bhyve for development if it could be possible. When I had a stub driver building I set up an OpenBSD test VM on one of my testbed machines and discovered to much surprise that the PCIe test card I had wasn't supported. I tried in iwlwifi and it also wasn't supported.

I ordered another card, but things seem to come the next day only when they aren't needed and take weeks otherwise.

While waiting I tried the M6 and low and behold I was able to use iwx on OpenBSD in a VM with PCIe pass through without any issue.

The M6 has been my main development target for the iwx port so far with FreeBSD as a hyper visor and FreeBSD as a guest (and sometimes OpenBSD when I need to compare command traces).

The M6 still locks up sometimes, but this has tampered off. I transfer kernels to the guest over Ethernet and saturate the 2.5 Gbit link between my framework laptop and the VM machine for these tiny transfers.

The M6 is limited to 6 cores, but the most strenuous thing it is doing is run iperf. Mostly it sits there sipping power ready for work (and blasting that stupid fan).

Improvements

Via Reddit I've almost found two things which offer improvements. The one I have found is 3D models to replace the back of the case where the NVMe mounts with a 3D printed metal plate to use as a heat sink.

The one I almost have is a model to completely replace the fan side with a heat sink. If the M6 hadn't become so key I wouldn't consider these, but it is also too important now to mess with a lot.

I’m on the road and it is wonderful to be able to take a tiny usb-c powered vm host with me and get useful work done. I can’t wait for more computers in stupid form factors like this.

Oh and the shenanigans I have planned for it when it is no longer my primary development target.

Pictures

As a treat and for hackers here are its insides, the NVMe side is just slots for the NVMe.

10 years after my first visit I’m returning to the Chaos Communication Congress (CCC), run by the Chaos Computer Club (CCC) for some time Chilling Chatting and Cdrinking (CCC).

It’s been a long time since I last attended a congress, it was the final one in Hamburg and a lot has changed since.

Returning to Congress I wanted to make a list of things I could do to make the event more special. I’m definitely more of a “plan to do everything and then do nothing person” when it comes to these events, but as I’m only managing two days and I’m not travelling with a group making and then following a plan might be nice.

• [ ] Attend a workshop
• [ ] Go to a main hall talk
• [ ] Go to a second talk
• [ ] Have deep thoughts in the night club
• [ ] Dance!
• [ ] Dance at a spontaneous party
• [ ] Tee trinken in das Tee Haus
• [ ] Leak some at Whiskey leaks
• [ ] Get all the stickers
• [ ] Pick up some random electronics from a community space
• [ ] Meet old friends
• [ ] Meet new friends
• [ ] Promulgate some Scott’s lingo
• [ ] Investigate a puzzle
• [ ] Hack a thing
• [ ] Drink a tschunk
• [ ] Flora mate
• [ ] Beer…
• [ ] Coffee bike
• [ ] Attend a demo party

You would think “go to a talk/workshop” would be a no brainer and it is for everyone who comes and therefore really difficult to do. A major “no one goes there it’s too busy” situation.

I've already lined up a hardware workshop, it is too exciting to tease if it doesn't work out.

The best thing a happen an hacker events spontaneously, will foregoes planning them, if this is your first congress you should not make too many plans and instead aim to hang out in the spaces for hacker communities. Priorities community sessions, workshops and then talks.

The talks are recorded, the community session will never happen again. To actually join a workshop you’ll need to be hours early to queue, maybe that isn't the best use of the event for you.

I've already plans to see new and old friends, but if you are heading to Congress you could try and track me down (I’m only around days 0-2.5) or maybe and me an email to make things easier.