For those of you who are waiting on me to finish testing for OpenBSD
3.9 on the Nokia IP330 firewalls, it appears that the dirty hack that
worked on 3.8 works on 3.9 as well. The main deterrent is that
OpenBSD can't locate a serial port to use as its console, thus giving
the dreaded 'entry point at 0x100120' message. This actually isn't an
error, as it does see the keyboard, it's just not something that's
physically connected on the IP330. These devices aren't generally
powerful. I've personally run across two variants in the wild. The
first has a 266MHz AMD K6-2 CPU with 64MB of RAM and an 8GB Western
Digital hard drive. The second has a 400MHz AMD K6-2 CPU with 256MB
of RAM and a 20GB Western Digital hard drive. There are a few cPCI
cards for them and I've even gotten some others that didn't come with
the devices to work, including a 4-port Znyx ZX414 (for a grand total
of 7 interfaces). I'm not sure if you can replace the CPU or not, but
there is a silkscreened multiplier/clock setting on the mainboard and
it does look to be a Socket7 interface with a standard HSF/clip. It
takes standard PC100, CL2, ECC SDRAM (I'm unsure of the maximum) and
has a standard IDE interface with a single molex connector. There are
3 fxp(4) interfaces by default, mine have an additional 2 dc(4)
interfaces on a single modular cPCI card. (Please note that the
OpenBSD fxp(4) driver will not recognize the original MAC addresses of
the controllers as they are not stored in a standard location -- you
may wish to save these prior to wiping CheckPoint IPSO from the drive!
This might be fixable by making some adjustments to
/usr/src/sys/dev/ic/fxp.c or fxpreg.h, but then again, it's late and I
could be way off my rocker.) There are 2 DB9 male serial ports
(ns16550a) on the front. It uses an Award BIOS and has quite a few
settings you can manipulate -- for most practical purposes, it seems
to be simply a customized x86 machine. The power supply does not have
a cover, so be careful if you get to the point where you're poking
around -- use some common sense when working with 120/240 VAC, don't
do anything stupid.
Here is a brief synopsis of what needs to be done to get it running.
- Order your OpenBSD 3.9 CD (http://www.openbsd.org/items.html#39)
- Unseat the chassis cover by removing 24 phillips-head screws and
pulling forward slightly, then upwards
- Pull the hard drive by removing 4 phillips-head screws from
underneath the chassis, the molex connector and an IDE connector
- Install the hard drive into a surrogate PC
- Install OpenBSD as you normally would to the drive, be sure to set
your console to com0 when asked, 8N1 9600bps (or hack /etc/boot.conf
and /etc/ttys later)
- When the install finishes, do not reboot yet!
- Chroot to the OpenBSD installation (/mnt/usr/sbin/chroot /mnt)
- Mount the OpenBSD CD-ROM (mount /dev/cd0a /mnt)
- Untar/gzip the kernel sources (tar -zxvf /mnt/sys.tar.gz -C /usr/src/)
- Edit /sys/arch/i386/stand/libsa/bioscons.c (export term=vt100; vi
/sys/arch/i386/stand/libsa/bioscons.c)
Go to line 105 and apply the following patch (manually or using the
following diff)
---8<---
105,106c105
< n >>= 9;
< n &= 7;
---
n = 2; /* We know there are two com ports -- force it */
---8<---
- Recompile/reinstall the bootblocks
(http://www.openbsd.org/faq/faq14.html#InstBoot)
# cd /sys/arch/i386/stand/
# make && make install
# cd /usr/mdec; cp ./boot /boot
# ./installboot /boot biosboot wd0 (or whatever device your hard disk is)
- Ensure that your console is set for com0
(http://www.openbsd.org/faq/faq7.html#SerCon)
# /etc/ttys:tty00 "/usr/libexec/getty std.9600" vt100 on secure
# /etc/boot.conf:set tty com0
- Halt the surrogate PC
- Replace the drive into the IP330 and reconnect the molex and IDE
connectors, don't forget to fasten it from below using the screws as
well
- Replace the chassis and tighten the screws
- Connect your console cable at 9600bps, 8N1 and power up
I've attached a dmesg and a quick openssl speed -evp test on
aes-256-cbc for the curious.
OpenBSD 3.9 (GENERIC) #617: Thu Mar 2 02:26:48 MST 2006
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: AMD-K6(tm) 3D processor ("AuthenticAMD" 586-class) 399 MHz
cpu0: FPU,V86,DE,PSE,TSC,MSR,MCE,CX8,PGE,MMX
real mem = 268017664 (261736K)
avail mem = 237568000 (232000K)
using 3297 buffers containing 13504512 bytes (13188K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(6e) BIOS, date 10/27/99, BIOS32 rev. 0 @ 0xfaa20
pcibios0 at bios0: rev 2.1 @ 0xf0000/0xae9c
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfd3c0/144 (7 entries)
pcibios0: PCI Exclusive IRQs: 5 10 11 12
pcibios0: PCI Interrupt Router at 000:07:0 ("Intel 82371SB ISA" rev 0x00)
pcibios0: PCI bus #1 is the last bus
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "Intel 82439TX System" rev 0x01
pcib0 at pci0 dev 7 function 0 "Intel 82371AB PIIX4 ISA" rev 0x02
pciide0 at pci0 dev 7 function 1 "Intel 82371AB IDE" rev 0x01: DMA,
channel 0 wired to compatibility, channel 1 wired to compatibility
wd0 at pciide0 channel 0 drive 0: <WDC WD200EB-11CPF0>
wd0: 16-sector PIO, LBA, 19092MB, 39102336 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2
pciide0: channel 1 disabled (no drives)
uhci0 at pci0 dev 7 function 2 "Intel 82371AB USB" rev 0x01: irq 11
usb0 at uhci0: USB revision 1.0
uhub0 at usb0
uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
piixpm0 at pci0 dev 7 function 3 "Intel 82371AB Power" rev 0x02: SMI
iic0 at piixpm0
"unknown" at iic0 addr 0x4c not configured
fxp0 at pci0 dev 13 function 0 "Intel 8255x" rev 0x05, i82558: irq 10,
address ff:ff:ff:ff:ff:ff
inphy0 at fxp0 phy 1: i82555 10/100 PHY, rev. 0
fxp1 at pci0 dev 14 function 0 "Intel 8255x" rev 0x05, i82558: irq 12,
address ff:ff:ff:ff:ff:ff
inphy1 at fxp1 phy 1: i82555 10/100 PHY, rev. 0
fxp2 at pci0 dev 15 function 0 "Intel 8255x" rev 0x05, i82558: irq 5,
address ff:ff:ff:ff:ff:ff
inphy2 at fxp2 phy 1: i82555 10/100 PHY, rev. 0
ppb0 at pci0 dev 16 function 0 "Intel S21154AE/BE PCI-PCI" rev 0x00
pci1 at ppb0 bus 1
dc0 at pci1 dev 5 function 0 "DEC 21142/3" rev 0x41: irq 10, address
00:c0:95:c7:ce:b8
dcphy0 at dc0 phy 31: internal PHY
dc1 at pci1 dev 6 function 0 "DEC 21142/3" rev 0x41: irq 12, address
00:c0:95:c7:ce:b9
dcphy1 at dc1 phy 31: internal PHY
isa0 at pcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard
pcppi0 at isa0 port 0x61
midi0 at pcppi0: <PC speaker>
spkr0 at pcppi0
lpt0 at isa0 port 0x378/4 irq 7
npx0 at isa0 port 0xf0/16: using exception 16
pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
pccom0: console
pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
biomask eb45 netmask ff65 ttymask ffe7
pctr: user-level cycle counter enabled
mtrr: K6-family MTRR support (2 registers)
dkcsum: wd0 matches BIOS drive 0x80
root on wd0a
rootdev=0x0 rrootdev=0x300 rawdev=0x302
# openssl speed -evp aes-256-cbc
To get the most accurate results, try to run this
program when this computer is idle.
Doing aes-256-cbc for 3s on 16 size blocks: 442902 aes-256-cbc's in 3.01s
Doing aes-256-cbc for 3s on 64 size blocks: 218102 aes-256-cbc's in 3.01s
Doing aes-256-cbc for 3s on 256 size blocks: 70575 aes-256-cbc's in 3.01s
Doing aes-256-cbc for 3s on 1024 size blocks: 19049 aes-256-cbc's in 3.01s
Doing aes-256-cbc for 3s on 8192 size blocks: 2435 aes-256-cbc's in 3.01s
OpenSSL 0.9.7g 11 Apr 2005
built on: date not available
options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long)
aes(partial) blowfish(idx)
compiler: information not available
available timing options: USE_TOD HZ=100 [sysconf value]
timing function used: getrusage
The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
aes-256-cbc 2356.01k 4640.76k 6006.76k 6485.17k 6631.90k
