What is this board??? Help!

bubbadestroy

@stephenw10 said in What is this board??? Help!:

The driver to allow connecting to the switch must have existed somewhere at some point because Stormshield/Netasq had some devices using identical switches with SoCs and their OS is also FreeBSD based. However it appears the never upstreamed the driver changes. Or at least I cannot find them.

Steve

I was just about to suggest that.

My direction next was to brush upon the architecture as if to build a similiar but open source virtual machine from baremetal into pfsense open source enviornment and find a CVE to expose and exploit for eng/dev/su permlission (I have Earthlink and a Mitel as well.

I believe this board had a massive CVE in the early on merge of VMware and velocloud... that I had backed up and ill dig up.

On that note. If this picks up... the boxes are being tossed on ebay at 50, and theyll take or best offers for half! I believe the vulnerabilities and companies shifting around affiliate rights with new partners (DELL is open sauce now I think) made these early models EOL to enterprise purpose and ready to tinker on.

https://fccid.io/NCC/CCAJ16LP3430T2

https://fccid.io/NCC/CCAJ20Z10010T2

bubbadestroy

This post is deleted!

stephenw10

What you're looking for to get functionality to the ports is a FreeBSD igb driver that differs from the default driver by:

1. Allowing it to attach to a device that has an unrecognised PHY or knows about the PHY used here.
2. Exposes the MDIO connection so that the FreeBSD mdio driver can attach to it. The etherswitch framework requires that to read/configure the switch.

There is a possibility the switch can be controlled by some other bus, i2c for example, but that seems to be far less common. Everything I've looked at controls it via the MDIO line on one of the NICs. Like here or here

Steve

bubbadestroy

@stephenw10

Thank you that clears it up. I was learning as I read and u to chalk it up to I'll write up how it goes after I try :)

Spoiler

TLDR
You guys most likely know this.. But do (I understand?) This is the gist of what I am reading I believe.
Researched more into for myself now.
Before getting in or getting too off the scope of topic here.

Super TLDR: get intel drivers from a dev cloud like mediatek or whatever. be careful before u compile and deploy the final firmware build onto the controllers microchip. as it does come with crypto-auth signing codes through an Over The Air checkpoint/cloud/orchestrato.

I have yet to Read more about FIDO and uPCE
Here's are what we're dealing with.

You're working against Intel's sandbox right?
That's what the driver signing is for. you need a white-box. Possibly you can register this one as a white-box on an open platform that won't attempt to sandbox you ..

Just be careful. Maybe use the intel uCPE to build and sign the rest of the box via ssh through their cloud API.
I mean if anyone is going to help individual devs build on safe but not jailed box it should be the microchip manufacturers that control what you can expose OTI anyhow.

Reading up for myself SD-WAN. I'm quite new to this in general.. I just try to Read the Docs and "hack" my way through. Like mario bros.

Anyhow hopefully its set up for you to just go in, orchestrate a virtual dev-workstation, fine tune it and call up some driver scripts over ssh API to load up firmware that is good to go, signed and all through intel.
Should look into a git, or the platform will force you to have one, which is good.

Some things to read
Vendor Agnostic Provisioning:
Ability to provision any device
(Intel or ARM hardware) to any
vendor’s DMS system.
• Provision Edge Services. Ability
to provision “white box” universal
customer premises equipment
(uCPE), with virtual networking
functions (VNFs

EDGE-intelOPEN-Source-FIDO

Their uCPE dashboard...According to im reading.
If the board has the Intel chip. You should be able to get the whole thing legally signed off for open source to use however you like Pfsense, free too imagine as far as Intels personal licensing cost is concerned.

stephenw10

Um, no. This is nothing to do with SD-WAN etc. And most driver sources you find will be Linux.

What you would need here is specifically a FreeBSD igb driver that supports the NICs found in the C2K CPU but with the additional code to allow the MDIO bus driver.

This is the driver we ship: https://github.com/pfsense/FreeBSD-src/tree/RELENG_2_4_5/sys/dev/e1000

That can be compiled against FreeBSD 11.3/4 to produce a kernel module that can be loaded into pfSense in preference to the in-kernel driver.
If there is a patch set out there somewhere that can be applied to allow the mdio interface that could work but I've never found one.

If you were doing this you should probably also start out using a 2.5 dev snapshot as the FreeBSD 12 drivers are significantly different to 11.

Steve

bubbadestroy

@stephenw10 thank you sir. I'll stay OT with pfsense in mind for sure. I do have the network gateway box the OP started up this project for this is such a nifty piece of hardware, it would make one hell of a little development server for a home IoT lab.
If there's anything I can do to upload from hardware let me know. But I think at this point vmware should have the entire device code virtually available to tool with on their cloud api dashboard no?

P.S.
Glad I you are active on this, thought I was going to get lost here:

Spoiler

https://github.com/search?o=desc&q=bios+intel&s=stars&type=Repositories

stephenw10

VMware may have opensourced some of it. But the boot output we had previously looked like it was running OpenWRT anyway. So that code may already be available. It doesn't help is much in FreeBSD though as it Linux based, unless you're able to port that.

Steve

ryno5514

I cannot get the USB to show as a COM for connection, how did you guys get this to happen?

stephenw10

I don't have one of these but what does it show up as?

How are you trying?

ryno5514

@stephenw10 looking at the picture above posted before I tried USB B to USB B, I also tried USB B to USB C.

I can do normal SSH but the command to flash to the other image is normally in the start up process. Not sure if I know of a way to do it via SSH and not "console" a bit out of my skill level.

stephenw10

As I say I don't have one to test but I assume the serial console is the port on the side which I expect to be mini-USB B but I can't see that closely in the pictures. Exactly like most of our own hardware is.

Steve

ryno5514

@stephenw10 There is no console port on the unit, usb rj45 or anything, just USB marked ports, REJ45 and SFP.

stephenw10

In the photo above there is a cable connected to a port on the side. That looks like it's the console. It might be an internal port with no hole in the case....

ryno5514

@stephenw10 Good eye!!! the blue on the bottom right got me. I did not see the black one on the left, I see it on the MB also now.

ryno5514

@ryno5514 Got it loaded.

The unit has 6 ETH Ports and looks like the "LAN" ports are Intel pro100 each has its own mac. However, I cannot get any other ports but #4 to show

Network interface mismatch -- Running interface assignment option.

Valid interfaces are:

igb0 f0:8e:dbXXXX (down) Intel(R) PRO/1000 Network Connection, Version

Do VLANs need to be set up first?
If VLANs will not be used, or only for optional interfaces, it is typical to
say no here and use the webConfigurator to configure VLANs later, if required.

Should VLANs be set up now [y|n]?

stephenw10

Yes, that's expected with the default igb driver. It fails to attach to three of the NICs there probably because it doesn't recognisce the connected PHY.

Steve

bubbadestroy

@ryno5514 This is from the official device manual, maybe something useful in there to help your PFSense on velocloud edge500 build.

https://docs.vmware.com/en/VMware-SD-WAN/3.3/velocloud-admin-guide-33/GUID-325E1415-EF99-4B22-902F-DA64CD5D8473.html

stephenw10

That is a link to 'Enable SR-IOV on KVM'. It seems completely unrelated.

I doubt they would ever put up an actual service manual.

Steve

ryno5514

@stephenw10 I just loaded 2.5
freebsd-version
12.2-STABLE

Still has the same issue so going to tinker a little more

ryno5514

@ryno5514 said in What is this board??? Help!:

@stephenw10 I just loaded 2.5
freebsd-version
12.2-STABLE

Still has the same issue so going to tinker a little more

Tried the following also
cat /boot/loader.conf
kern.cam.boot_delay=10000
kern.ipc.nmbclusters="1000000"
kern.ipc.nmbjumbop="524288"
kern.ipc.nmbjumbo9="524288"
boot_multicons="YES"
boot_serial="YES"
console="comconsole,vidconsole"
comconsole_speed="115200"
autoboot_delay="3"
hw.hn.vf_transparent="0"
hw.hn.use_if_start="1"
legal.intel_iwi.license_ack=1
legal.intel_ipw.license_ack=1
net.link.ifqmaxlen=2048
net.isr.defaultqlimit=2048
net.inet.tcp.soreceive_stream=1
net.inet.tcp.syncache.hashsize=1024
net.inet.tcp.syncache.bucketlimit=100
net.pf.source_nodes_hashsize=1048576

echo "dev.igb.0.enable_lro=0" >>/etc/sysctl.conf
echo "dev.igb.1.enable_lro=0" >>/etc/sysctl.conf
echo "dev.igb.2.enable_lro=0" >>/etc/sysctl.conf
echo "dev.igb.3.enable_lro=0" >>/etc/sysctl.conf