Thursday, December 3, 2009

Device Drivers and UART

One of the classic step by step explanation of the device drivers is explained in the following linux journal


One of the classic explanation for UART is explained here

Wednesday, December 2, 2009

Void Pointers CANNOT be deferenced

A void pointer in C cannot b derefrenced, nor can any arithmetic operation be performed on it

It's mainly used in function prototypes to indicate a pointer whose type is only known at runtime.

So, one could write a trivial function to sort an array of ints:

#include
#include

int cmp_int(const void *a, const void *b);

int main(void)
{
int a[] = { 1, 5, 2, 9, 3};
size_t n = sizeof a / sizeof a[0];
qsort(&a, n, sizeof a[0], cmp_int);
for (i=0; i < n; i++)
printf("%d\n", a[i]);
return EXIT_SUCCESS;
}

int cmp_int(const void *a, const void *b)
{
const int *f = a;
const int *s = b;

/* Here, one cannot perform *a < *b */
if (*f < *s) {
return -1;
} else if (*f > *s) {
return 1;
} else {
return 0;
}
}

Tuesday, September 1, 2009

Setting up your own server for blogs

http://linux.byexamples.com/archives/333/setup-your-own-apache-server-to-host-your-weblog-free/#more-333

Monday, August 31, 2009

For watching some command output after time intervals

watch -n 1 "cat /proc/meminfo | grep MemFree"

ssh login without a passwd

Let say you want to access to a machine with IP 10.0.0.4, and make sure you have command ssh, ssh-keygen, ssh-copy-id.

First, generate the key, the key will be used to open the remote machines door.

ssh-keygenYou will see something like that

Enter file in which to save the key (/home/myname/.ssh/id_rsa):Whatever it appears just press enter until it ends, press enter for passphase as well.

Okay, the key will be generated, something looks like ~/.ssh/id_rsa.pub

Copy over the key to remote machine, and enter your password

ssh-copy-id -i ~/.ssh/id_rsa.pub mysurface@10.0.0.4Done. Now you can ssh 10.0.0.4 with username mysurface without password.

ssh mysurface@10.0.0.4

Wednesday, August 26, 2009

Taglist info in vim

1) Download taglist plugin from http://vim-taglist.sourceforge.net/
2)Unzip in $HOME/.vim directory
3)Open a vim editor and type :TListToggle

You should see a Tag List Wiindows at your left side. This will contain info about all the functions , variables, macros etc. Very useful

Make your vim competent with other IDE's

Simple File Sharing Mechanism between machines

cd _directory_to_share_
python -m SimpleHTTPServer _port_no_

where port_no could be anything like 1234

From the other machine, http://_ip_addr_:_port_no_/

Tuesday, August 25, 2009

Setting up private network

Assumption:

----> M2 <--------------------> M3--
| -----------------------------------------|
M1 ------------------------------------M4


M2 and M3 are servers
M1 and M4 are clients

M1 - 10.18.71.238
M2 - 10.18.71.1
M3 - 10.18.207.1
M4 - 10.18.207.180


Hardware connections
1) All are single homed (They have only one ethernet slot)
2) There are 2 network switches (M1 and M2 are connected to one switch; M3 and M4 are connected to the other switch. These hubs are directly connected so that M2 and M3 are connected
3) All of these switches are just accept and forward type of switches

Configurations

On Clients
M1
1) Assign the ip
ifconfig eth0 10.18.71.238/24
2) Set the default gw as 10.18.71.1 (M2)
ip route flush all
route add net 10.18.71.0/24 dev eth0 ( This means, if you need connection to the local n/w, try anywhere where you find eth0)
route add default gw 10.18.71.1


M4
1) Assign the ip
ifconfig eth0 10.18.207.180/24
2) Set the default gw as 10.18.207.1 (M3)
ip route flush all
route add net 10.18.207.0/24 dev eth0 ( This means, if you need connection to the local n/w, try anywhere where you find eth0)
route add default gw 10.18.207.1

Check: Now M1 should be pingable to/from M2 and M3 should be pingable to/from M4. If these are NOT pinging, something else might be wrong. Resolve this before proceeding further

On servers
M2
1) Assign the ip
ifconfig eth0 10.18.71.1/24
2) Make this as a router
ip route flush all
route add -net 10.18.71.0/24 dev eth0
route add -host 10.18.207.1 dev eth0
route add -host 10.18.207.180 gw 10.18.207.1
echo 1 > /proc/sys/net/ipv4/ip_forward

M3
1) Assign the ip
ifconfig eth0 10.18.207.1/24
2) Make this as a router
ip route flush all
route add -net 10.18.207.0/24 dev eth0
route add -host 10.18.71.1 dev eth0
route add -host 10.18.71.238 gw 10.18.71.1
echo 1 > /proc/sys/net/ipv4/ip_forward

Check : Now M2 --> M3 should be pingable

Now the private network is establised. All machines should be pingable from/to all machines

P.S- Make sure to disable Firewalls of all machines (iptables --flush; iptables -t nat --flush; verify iptables -L and iptables -t nat -L. This should NOT have any entries in them

Wednesday, June 10, 2009

Viewing the contents of ext2/3 filesystem

If you have created a filesystem with .ext2 OR .ext3 extensions, in other words, if they are either of ext2/3 filesystems, they could be viewed with the following command
debugfs xxx.ext2

Sunday, May 31, 2009

Creating and analysing coredump messages

1) Creating a core dump

a) Run the command ulimit -c unlimited

b) Run the executable that is crashing

c) You should see a message like "Segmentation fault (core dumped)"

2) Analysing core dump using gdb

a) Run the command

gdb

b) You should see the point of the crash (in the back trace)

Reading symbols from /lib/libcrypto.so.0.9.8...done.Loaded symbols for /lib/libcrypto.so.0.9.8Reading symbols from /lib/libresolv.so.2...done.Loaded symbols for /lib/libresolv.so.2Reading symbols from /lib/libc.so.6...done.Loaded symbols for /lib/libc.so.6Reading symbols from /lib/libdl.so.2...done.Loaded symbols for /lib/libdl.so.2Reading symbols from /lib/ld.so.1...done.Loaded symbols for /lib/ld.so.1

#0 0x0fd60954 in strlen () from /lib/libc.so.6

This means it is some problem with strlen .

Tuesday, May 26, 2009

Setting up IPSEC on Linux

From various sources on internet, I am able to setup IPSEC on Linux. I have done the following to achieve this

Pre-requisites:
(Check if IPSec is already installed by typing the command setkey and press enter. If it works then it means it has the ipsec support). If it fails, then do the following till section 3
1) Kernel should be configured to support IPSec. This could be done as follows

a ) Go to kernel sources location
If you do not have the kernel sources then do the following
The installation requires at least a Linux kernel of version 2.5.47 or 2.6.*. The kernel source may be downloaded at http://www.kernel.org/. After downloading the source the kernel source package must be extracted, configured and compiled.
cd /usr/local/src
tar xvjf /path-to-source/linux-.tar.bz2
cd linux-


b) make xconfig OR make menuconfig
Select the following
Networking support (NET) [Y/n/?] y
*
* Networking options
*
PF_KEY sockets (NET_KEY) [Y/n/m/?] y
IP: AH transformation (INET_AH) [Y/n/m/?] y
IP: ESP transformation (INET_ESP) [Y/n/m/?] y
IP: IPsec user configuration interface (XFRM_USER) [Y/n/m/?] y
Cryptographic API (CRYPTO) [Y/n/?] y
HMAC support (CRYPTO_HMAC) [Y/n/?] y
Null algorithms (CRYPTO_NULL) [Y/n/m/?] y
MD5 digest algorithm (CRYPTO_MD5) [Y/n/m/?] y
SHA1 digest algorithm (CRYPTO_SHA1) [Y/n/m/?] y
DES and Triple DES EDE cipher algorithms (CRYPTO_DES) [Y/n/m/?] y
AES cipher algorithms (CRYPTO_AES) [Y/n/m/?] y


c) make bzImage OR make uImage (depending on what you want the required output. By default for Linux, it is make bzImage)

d) make modules

e) make modules_install

f) make install

g) Boot from this built image (Please check on the internet about configuring the new built image to boot. This is out of scope of the document)

2) Install the ipsec-tools on the Linux machine. (Check if is already installed by typing setkey and enter. If it works then it means it has the support)

a) Get the iptools from http://ipsec-tools.sourceforge.net/.

b) Then configure and install ipsec-tools using the following
./configure --with-kernel-headers=/lib/modules/2.6.X/build/include (Or give the path where you have the kernel-headers installed)
make
make install

Now, everything should be ready to setup the IPSEC. Now type setkey and enter. It should work. If not, there is some problem in configuring. Make sure you have the setkey and other binaries like racoon in the exported PATH


SETTING UP IPSEC.
Our assumption would be as follows
Setting up IPSec between 2 hosts 10.0.0.216 (zakir) and 10.0.0.11 (laptop)

3) Manual Keying

a) On the host 10.0.0.216, write a script host_216
#!/sbin/setkey -f
flush;
spdflush;
# AH
add 10.0.0.11 10.0.0.216 ah 15700 -A hmac-md5 "1234567890123456";
add 10.0.0.216 10.0.0.11 ah 24500 -A hmac-md5 "1234567890123456";
# ESP
add 10.0.0.11 10.0.0.216 esp 15701 -E 3des-cbc "123456789012123456789012";
add 10.0.0.216 10.0.0.11 esp 24501 -E 3des-cbc "123456789012123456789012";
spdadd 10.0.0.216 10.0.0.11 any -P out ipsec
esp/transport//require
ah/transport//require;
spdadd 10.0.0.11 10.0.0.216 any -P in ipsec
esp/transport//require
ah/transport//require;

b) On host 10.0.0.11, write a script host_11
#!/sbin/setkey -f
flush;
spdflush;
# AH
add 10.0.0.11 10.0.0.216 ah 15700 -A hmac-md5 "1234567890123456";
add 10.0.0.216 10.0.0.11 ah 24500 -A hmac-md5 "1234567890123456";
# ESP
add 10.0.0.11 10.0.0.216 esp 15701 -E 3des-cbc "123456789012123456789012";
add 10.0.0.216 10.0.0.11 esp 24501 -E 3des-cbc "123456789012123456789012";
spdadd 10.0.0.11 10.0.0.216 any -P out ipsec
esp/transport//require
ah/transport//require;
spdadd 10.0.0.216 10.0.0.11 any -P in ipsec
esp/transport//require
ah/transport//require;

c) chmod +x host_11 host_216

d) On host 216, run host_216
./host_216

e) On host 11, run host_11
./host_11

f) Run setkey -D on both machines to check whether what you have configured is getting reflected

g) ping 10.0.0.216 from 10.0.0.11. It should ping to each other.

h) Run tcpdump on one machine and ping on the other machine.
tcpdump -i eth0 -n -vvv 'host 10.0.0.11' > capture_11 (On machine 10.0.0.216)
ping 10.0.0.216 (on machine 10.0.0.11)

i) Open capture_11 using vim, you will be able to see the AH and ESP what you have set in the scripts host_11 and host_216. This confirms that ipsec is working. This is still a startup

4) Automatic keying:
In manual keying, we had hardcored the value of AH, now, we shall allow racoon to generate automatically.

4.1) On both hosts, do the following

a) if there is no /etc/racoon, then mkdir -p /etc/racoon

b) write the script, /etc/racoon/racoon.conf

path pre_shared_key "/etc/racoon/psk.txt";
remote anonymous
{
exchange_mode aggressive,main;
doi ipsec_doi;
situation identity_only;
my_identifier address;
lifetime time 2 min; # sec,min,hour
initial_contact on;
proposal_check obey; # obey, strict or claim
proposal {
encryption_algorithm 3des;
hash_algorithm sha1;
authentication_method pre_shared_key;
dh_group 2 ;
}
}

sainfo anonymous
{
pfs_group 1;
lifetime time 2 min;
encryption_algorithm 3des ;
authentication_algorithm hmac_sha1;
compression_algorithm deflate ;
}


4.2) On host 10.0.0.216,
a) Open a file /etc/racoon/psk.txt, type
10.0.0.11 passwd1

b) Write a file host_216_auto
#!/sbin/setkey -f
flush;
spdflush;
spdadd 10.0.0.216 10.0.0.11 any -P out ipsec
esp/transport//require;
spdadd 10.0.0.11 10.0.0.216 any -P in ipsec
esp/transport//require;


4.3) On host 10.0.0.11,
a) Open a file /etc/racoon/psk.txt, type
10.0.0.216 passwd1

b) Write a script, host_11_auto
#!/sbin/setkey -f
flush;
spdflush;
spdadd 10.0.0.11 10.0.0.216 any -P out ipsec
esp/transport//require;
spdadd 10.0.0.216 10.0.0.11 any -P in ipsec
esp/transport//require;


4.4) chmod +x host_11_auto host_216_auto

4.5) chmod 0600 /etc/racoon/*. Without this it might fail to work

4.6) Run racoon using the following command on both hosts
killall racoon
racoon -f /etc/racoon/racoon.conf -F &

4.7) On host 10.0.0.216, run host_216_auto and on host 10.0.0.11, run host_11_auto

4.8) Ping to each other. First time, it fails to ping, but establishes IPSEC. It pings from second time

4.9) These also, could be captured using tcpdump as explained in Section 3) Manual keying, step h)

5) Automatic Keying using X509 certificates
We used preshared key secret in Automatic Keying, now, we shall use the certificates

5.1) Generate 4 keys for our hosts (public and private key combinations). We shall name our hosts as zakir and laptop
a) openssl req -new -nodes -newkey rsa:1024 -sha1 -keyform PEM -keyout zakir.private \ -outform PEM -out request.pem
It might ask some questions, which you can just type enter if you don't want to.
Repeat this for the other host laptop as well

b) Create a public certificate by self signing it
openssl x509 -req -in request.pem -signkey zakir.private -out zakir.public
Repeat this for the other host laptop as well

5.2) On host 10.0.0.216 ( zakir)
a) Write a script /etc/racoon/racoon_cert.conf
path certificate "/etc/racoon/certs";
remote 10.0.0.216
{
exchange_mode aggressive,main;
my_identifier asn1dn;
peers_identifier asn1dn;
certificate_type x509 "zakir.public" "zakir.private";
peers_certfile "laptop.public";
proposal {
encryption_algorithm 3des;
hash_algorithm sha1;
authentication_method rsasig;
dh_group 2 ;
}

}
sainfo anonymous
{
pfs_group 1;
lifetime time 2 min;
encryption_algorithm 3des ;
authentication_algorithm hmac_sha1;
compression_algorithm deflate ;
}
b) Create a directory /etc/racoon/certs
mkdir /etc/racoon/certs
chmod 0700 certs
c) Copy the created certificates for the host zakir and the public certificates here
cp zakir.private zakir.public laptop.public /etc/racoon/certs
chmod 0600 /etc/racoon/certs/*
chmod 0600 /etc/racoon/racoon_cert.conf

5.3) On host 10.0.011 (host laptop)
a) Write a script /etc/racoon/racoon_cert.conf
path certificate "/etc/racoon/certs";
remote 10.0.0.11
{
exchange_mode aggressive,main;
my_identifier asn1dn;
peers_identifier asn1dn;
certificate_type x509 "laptop.public" "laptop.private";

peers_certfile "zakir.public";
proposal {
encryption_algorithm 3des;
hash_algorithm sha1;
authentication_method rsasig;
dh_group 2 ;
}
}


sainfo anonymous
{
pfs_group 1;
lifetime time 2 min;
encryption_algorithm 3des ;
authentication_algorithm hmac_sha1;
compression_algorithm deflate ;
}
b) Create a directory /etc/racoon/certs
mkdir /etc/racoon/certs
chmod 0700 certs

c) Copy the created certificates for the host laptop and the public certificates here
cp laptop.private laptop.public zakir.public /etc/racoon/certs
chmod 0600 /etc/racoon/certs/*
chmod 0600 /etc/racoon/racoon_cert.conf

5.4) Run racoon on both hosts
killall racoon
racoon -f /etc/racoon/racoon_cert.conf -F &

5.5) Run the same host scripts that we have written in Section 4
On host 10.0.0.216 (zakir),
./host_216_auto
On host 10.0.0.11 (laptop),
./host_11_auto

5.6) ping to each other. First ping fails but you could see the IPSEC handshake messages on the console. Subsequent pings should work correctly. The following are the messages you get on the console
Apr 4 17:14:58 terrapin racoon: INFO: IPsec-SA request for 192.168.1.169 queued due to no phase1 found.
Apr 4 17:14:58 terrapin racoon: INFO: initiate new phase 1 negotiation: 192.168.1.1[500]<=>192.168.1.169[500]
Apr 4 17:14:58 terrapin racoon: INFO: begin Aggressive mode.
Apr 4 17:14:58 terrapin racoon: INFO: received Vendor ID: DPD
Apr 4 17:14:58 terrapin racoon: NOTIFY: couldn't find the proper pskey, try to get one by the peer's address.
Apr 4 17:14:58 terrapin racoon: INFO: ISAKMP-SA established 192.168.1.1[500]-192.168.1.169[500] spi:58c4669f762abf10:60593eb9e3dd7406
Apr 4 17:14:59 terrapin racoon: INFO: initiate new phase 2 negotiation: 192.168.1.1[0]<=>192.168.1.169[0]
Apr 4 17:14:59 terrapin racoon: INFO: IPsec-SA established: ESP/Transport 192.168.1.169->host1ip; spi=232781799(0xddff7e7)
Apr 4 17:14:59 terrapin racoon: INFO: IPsec-SA established: ESP/Transport 192.168.1.1->192.168.1.169 spi=93933800(0x59950e8)

Sunday, April 5, 2009

Common NFS error

Root-NFS: Unable to get nfsd port number from server, using default
Looking up port of RPC 100005/1 on 107.108.71.79
Root-NFS: Unable to get mountd port number from server, using default
mount: server 107.108.71.79 not responding, timed out
Root-NFS: Server returned error -5 while mounting /nfs/cosmos_1302/rootfs_Bala_samba/rootfs
VFS: Unable to mount root fs via NFS, trying floppy.
VFS: Cannot open root device "nfs" or unknown-block(2,0)
Please append a correct "root=" boot option
Kernel panic - not syncing: VFS: Unable to mount root fs on unknown-block(2,0)
Rebooting in 180 seconds..

Soln: NFS on the machine is not started. Restart nfs using the command "service nfs restart"

Thursday, April 2, 2009

Redirection Tricks

Now, there are lots of redirection symbols that you can use, and here are some of them:
< file
means open a file for reading and associate with STDIN.
<< token
Means use the current input stream as STDIN for the program until token is seen. We will ignore this one until we get to scripting.
> file
means open a file for writing and truncate it and associate it with STDOUT.
>> file
means open a file for writing and seek to the end and associate it with STDOUT. This is how you append to a file using a redirect.
n>&m
means redirect FD n to the same places as FD m. Eg, 2>&1 means send STDERR to the same place that STDOUT is going to.

Tuesday, March 31, 2009

Kernel map (interactive)

http://www.makelinux.net/kernel_map#sd

This gives the complete overall picture of the kernel map on Linux

Technical (Tracking process)

Let’s assume you have written two script name script1.sh and script2.sh. You can do this
time ./script1.sh
Same thing to script2.sh, and the results will looks as bellow:
real 0m1.005s
user 0m0.000s
sys 0m0.008s
real shows you the execution time script1.sh takes, o minutes 1.005 seconds. user and sys tracks the CPU processing time. From the results, shows us that script1.sh uses 8 milliseconds CPU processing time in kernel mode (sys) and None in user mode.

Monday, March 30, 2009

Just created

I have just created my blog. Please have patience till I upload something here