William's random thoughts

General thoughts related to my various projects

Mon, 09 Apr 2012

How to make dhclient give the current hostname to the dhcp server automatically on Debian Squeeze


I recently started working on generating a headless squeeze and wheezy image forthe Efika MX smart top Similar to my headless maverick image.

I ran into a problem though: dhclient does not send the machine's hostname by default. Even worse on Squeeze dhclient has no config directive that will use the systems current hostname.

Thankfully testing and unstable use a version of dhclient that has the gethostname() function implemented. in order to use this feature on wheezy/sid just add send host-name = gethostname(); to the /etc/dhcp/dhclient.conf file.

If you want to do the same thing in Squeeze please read on

Using a hook to re-generate dhclient.conf

In order to make things work on squeeze I made the following hook


#!/bin//sh
HOSTNAME=`/bin/hostname`
export HOSTNAME
rm -f /etc/dhcp/dhclient.tmp
echo "cat >/etc/dhcp/dhclient.conf <<EOF" >/etc/dhcp/dhclient.tmp
cat /etc/dhcp/dhclient.conf.template >>/etc/dhcp/dhclient.tmp
echo EOF >>/etc/dhcp/dhclient.tmp
sh /etc/dhcp/dhclient.tmp >/etc/dhcp/dhclient.conf

In order to use that hook you will want to move dhclient.conf to dhclient.conf.template and then add a line that looks like send host-name "$HOSTNAME"; to that file.

Once that is done just add the hook listed above as a file called update inside of /etc/dhcp/dhclient-enter-hooks.d/ and it should start sending out your configured hostname in all dhcp lease requests from now on.

[/debian] permanent link RSS feed


Sat, 25 Feb 2012

An update to the ip6tables rules


I recently found out that I was screwing up outbound IPv6 connections from the gateway host itself. Also I was jsut dropping packets instead of sending a reset back for closed ports. This new rules6 file should fix that.

The changed bits are in bold

/etc/iptables/rules6:


*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
#INPUT Chain
-A INPUT -p ipv6-icmp -j ACCEPT 
-A INPUT -i he-ipv6 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT 
-A INPUT -i eth0 -j ACCEPT 
-A INPUT -i eth1 -j ACCEPT 
-A INPUT -m rt --rt-type 0 -j DROP 
-A INPUT -s fe80::/10 -j ACCEPT 
-A INPUT -s <Put your ULA here or just delete this part>/64 -j ACCEPT 
-A INPUT -d ff00::/8 -j ACCEPT 
-A INPUT -j REJECT
##Put all rules here for opening services on the firewall itself rather than 
##for other hosts on the internal network.
#Allow Web requests for HE.net certification tests.
#-A INPUT -d 2001:DB8:4242:93:: -i he-ipv6 -p tcp -m tcp --dport 80 -j ACCEPT
#All firewall/routing stuff goes here
#Don't use these rules to open ports on the local machine!
-A FORWARD -p ipv6-icmp -j ACCEPT 
#Reject source routing.
-A FORWARD -m rt --rt-type 0 -j DROP 
#Next two lines allow stateful filtering for anything thats started from inside our network
-A FORWARD -s 2001:DB8:4242:93::/64 -i eth1 -o he-ipv6 -m state --state NEW -j ACCEPT 
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT 
#I don't think this one is needed
#-A FORWARD -i eth1 -o he-ipv6 -p icmpv6 -j ACCEPT
#Add anything here you want to allow through to various ports
#-A FORWARD -d 2001:DB8:4242:93::/64 -i he-ipv6 -p tcp -m tcp --dport 22 -j ACCEPT 
#-A FORWARD -d 2001:DB8:4242:93::/64 -i he-ipv6 -p tcp -m tcp --dport 33600:33604 -j ACCEPT 
#Log all dropped packets.
-A FORWARD -j LOG
-A FORWARD -j REJECT
#Output chain
-A OUTPUT -p ipv6-icmp -j ACCEPT 
-A OUTPUT -o lo -j ACCEPT 
-A OUTPUT -o he-ipv6 -j ACCEPT 
-A OUTPUT -o eth1 -j ACCEPT 
-A OUTPUT -m rt --rt-type 0 -j DROP 
-A OUTPUT -s fe80::/10 -j ACCEPT 
-A OUTPUT -s <Put your ULA here or just delete this part>/64 -j ACCEPT 
-A OUTPUT -d ff00::/8 -j ACCEPT 
COMMIT

[/debian/ipv6] permanent link RSS feed


Sat, 18 Feb 2012

Quick update on my last blog post.


I just got done adding some minor changes to the last post on setting up IPv6 onm your LAN.

I also discovered today that using multicast DNS to look up link-local IPv6 addresses is broken on Linux because libnss-mdns does not implement the correct NSS callbacks needed to give a scope ID back for a link local IPv6 address.

See: http://www.avahi.org/ticket/174 and http://ensiwiki.ensimag.fr/index.php/Fixing_nss-mdns_for_IPv6_linklocal_scoped_addresses for details.

In the mean time I would recommend setting up radvd to set up a unique local address prefix, even if you don't connect out to the IPv6 internet. It's not a big deal since nearly everyone (including myself) uses IPv4 on their lan anyway but if you are testing a V6 only LAN and want it to be fully zero-conf capable this is a bit of a problem.

I've looked at glibc and the two URLs up above and I might see about making a patch for libnss-mdns and sending it in to the libnss-mdns maintainers. I don't know when I will have time for this though. This already works on MacOS X and FreeBSD (at least as far as I could find out researching this problem)

One of the edits I made to my origanal post is changing radvd.conf to advertise the unique local address prefix with an infinite lifetime. This will have the effect of causing (at least as far as I've been able to test on linux anyway) The ULA address to be the primary address on each computer's interface, and also ensuring that the ULA will never expire even if the v6 router goes down. This should cause all zeroconf .local addresses to resolve to the ULA address and keep the ULA addresses more reliable than the global prefix. (which will expire and dissapear off the interfaces after it hasn't been advertised in a while)

[/debian/ipv6] permanent link RSS feed


Wed, 15 Feb 2012

Setting up IPV6 on your LAN with Debian squeeze


I've been experimenting with IPv6 recently since ARIN has run out of IPv4 addresses and the RIRs will likely run out of their addresses rather soon.

I've made it my new years resolution to get my local network and my web/email services up and running on IPv6 by the end of the year. In order to get IPv6 connectivity up and also learn about IPv6 at the same time I've taken advantage of Hurricane Electric's free IPv6 certification program and tunnel broker service.

This blog is a short guide to setting up IPv6 on your own LAN using a Debian box as a router. (It should work on just about any Linux box out there)

Some notes before we begin

All of the addresses shown here are RFC3849 addresses that are meant for documentation only. Please use the actual addresses assigned to you, or in the case of the ULA address (should you decide to use a ULA at all) go use the tool at http://www.sixxs.net/tools/grh/ula/ to generate your own.

Enabling IPv6 on your LAN

If you are running Linux or a version of windows > XP you are already running IPV6 with a link local address space out of the box.

You still might want to install a couple of useful services though.

Multicast DNS

If you don't already have avahi-daemon installed go ahead and install it with apt-get install avahi-daemon. this should pull in everything you need to resolve local machines on your LAN as hostname.local. If you have MacOS X you are already running this service. This is optional but it really does help out on a LAN if you don't want to run your own local DNS.

On some older distros like lucid you may need to edit /etc/avahi/avahi-daemon.conf and make sure use-ipv6=yes.

By default /etc/nsswitch.conf is set to only resolve mDNS through IPv4. You can enable it to resolve mDNS with IPv6 also by changing the line:

hosts:          files mdns4_minimal [NOTFOUND=return] dns mdns4
to
hosts:          files mdns_minimal [NOTFOUND=return] dns

This will prefer resolving over IPv4 first but will still pick up a v6 only host.

Picking up DNS servers from Router Announcements

Stateless auto configuration works out of the box on Linux. As soon as a router announcement is sent over the LAN your interface will get an IPv6 address and route for each advertised prefix. However even though the RA can contain DNS server information Linux will not pick it up and use it unless you have a Daemon called rdnssd installed. (You could also set up dhcpv6 instead but since I did not decide to go that route I won't be covering that)

Just run apt-get install rdnssd on each linux machine on your LAN.

At this point you are now ready to go to the next step.

Getting IPv6 connectivity

You now have your local network ready to get on the IPv6 internet but first you have to get connected to the IPv6 internet to do much of anything useful with it. I recommend going to http://www.tunnelbroker.net and signing up for a free account.

Once you have your tunnel created click on the Example configurations Tab and select linux-route2. You will see a script that looks something like this:


modprobe ipv6
ip tunnel add he-ipv6 mode sit remote 209.51.161.14 local yourpubliciphere ttl 255
ip link set he-ipv6 up
ip addr add 2001:DB8:0001:23::2/64 dev he-ipv6
ip route add ::/0 dev he-ipv6
ip -f inet6 addr

If you are behind NAT just replace your public IP address with your local behind the NAT address instead. (otherwise the tunnel wont work)

Protocol 41

If you have a NAT router that does not forward IP protocol 41 packets you may need to configure it to do so, or just get a better home router. Some people have had luck using the DMZ feature on a particular box running the tunnel but YMMV (and I don't recommend doing it that way in any case). I had an old WRT54G router that didn't forward Protocol 41 and so I just bought a router that runs tomato on eBay for cheap instead.

If you didn't get any errors after pasting in the script (after making changes mentioned above) you should be able to run ping6 ipv6.google.com successfully. If not See what I wrote above about Protocol 41 and check out the forums at tunnelbroker.net.

Setting up a Debian box as a router/firewall

If you successfully pinged ipv6.google.com you now are ready to set up a computer to be the router/firewall for your LAN.

required packages

run apt-get install iptables iptables-persistent radvd This should give you the ip6tables command which will allow us to filter IPv6 traffic. (IPv4 and IPv6 filtering use separate firewall rules. If we don't set this up first you will expose every IPv6 capable machine on your LAN to the global IPv6 internet with no protection. DON'T DO THIS!)

Firewall rules

iptables-persistent currently does not load ipv6 rules but it does create a nice /etc/iptables directory that we can put the rules6 file inside of that my init script uses. Make sure you edit the rules6 file given here to match your routed IPv6 /64 address range and your own ULA address range (just delete the ULA stuff if you aren't going to use a ULA) he-ipv6 is the external interface and eth1 is the internal interface.
/etc/iptables/rules6:

*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
#INPUT Chain
-A INPUT -p ipv6-icmp -j ACCEPT 
-A INPUT -i lo -j ACCEPT 
-A INPUT -i eth0 -j ACCEPT 
-A INPUT -i eth1 -j ACCEPT 
-A INPUT -m rt --rt-type 0 -j DROP 
-A INPUT -s fe80::/10 -j ACCEPT 
-A INPUT -s <Put your ULA address here>::/64 -j ACCEPT 
-A INPUT -d ff00::/8 -j ACCEPT 
##Put all rules here for opening services on the firewall itself rather than 
##for other hosts on the internal network.
#Allow Web requests for HE.net certification tests.
#-A INPUT -d 2001:DB8:4242:93:: -i he-ipv6 -p tcp -m tcp --dport 80 -j ACCEPT
#All firewall/routing stuff goes here
#Don't use these rules to open ports on the local machine!
-A FORWARD -p ipv6-icmp -j ACCEPT 
#Reject source routing.
-A FORWARD -m rt --rt-type 0 -j DROP 
#Next two lines allow stateful filtering for anything thats started from inside our network
-A FORWARD -s 2001:DB8:4242:93::/64 -i eth1 -o he-ipv6 -m state --state NEW -j ACCEPT 
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT 
#I don't think this one is needed
#-A FORWARD -i eth1 -o he-ipv6 -p icmpv6 -j ACCEPT
#Add anything here you want to allow through to various ports
#-A FORWARD -d 2001:DB8:4242:93::/64 -i he-ipv6 -p tcp -m tcp --dport 22 -j ACCEPT 
#-A FORWARD -d 2001:DB8:4242:93::/64 -i he-ipv6 -p tcp -m tcp --dport 33600:33604 -j ACCEPT 
#Log all dropped packets.
-A FORWARD -j LOG
#Output chain
-A OUTPUT -p ipv6-icmp -j ACCEPT 
-A OUTPUT -o lo -j ACCEPT 
-A OUTPUT -o he-ipv6 -j ACCEPT 
-A OUTPUT -o eth1 -j ACCEPT 
-A OUTPUT -m rt --rt-type 0 -j DROP 
-A OUTPUT -s fe80::/10 -j ACCEPT 
-A OUTPUT -s <put your ULA address here>::/64 -j ACCEPT 
-A OUTPUT -d ff00::/8 -j ACCEPT 
COMMIT

Setting up the router announcement daemon

The router announcement daemon is kind of similar to DHCP on an IPv4 network. It sends out multicast packets to the all-hosts multicast address periodically. it also responds to router solicitation requests on the all routers address when a machine wants to get a V6 address. It mainly advertises IPv6 address prefixes, routes and optionally DNS server addresses.

The following is an example /etc/radvd.conf configuration. Just replace the DB8 addresses with your own routed /64 that you obtained from tunnelbroker.net and use your own generated ULA (or just delete that part from the config file if you decided not to use a ULA)

/etc/radvd.conf:

interface eth1
{
   AdvSendAdvert on;
   prefix 2001:DB8:4242:93::/64 
   {
   };

   prefix <put your ULA here or just delete this part>/64 
   {
	AdvValidLifetime infinity;
	AdvPreferredLifetime infinity;
   };
   RDNSS 2620:0:ccc::2 2620:0:ccd::2 
   {
   };
};   

The init script

Finally I have created a simple init script to bring the tunnel up, load the ip6tables firewall rules in, assign the v6 routed address to the internal interface, assign the ULA to the internal interface and finally start up radvd to announce our prefixes/routes to the LAN. you can just make a link to it as /etc/rc2.d/S99ipv6 (or whatever your default runlevel is instead of rc.2) to make it run automatically. Or you can just start/stop it by hand like I'm doing for now.

/etc/init.d/ipv6:

#!/bin/sh
#This is the address of the he.net tunnel server
TUNNELSERVER=209.51.161.14
#this needs to be the local ipv4 address of this machine, if you are behind
#NAT it needs to be the RFC1918 address and not the NAT router's public IP
LOCALIP=192.168.93.111
#This is the local part of the point to point link that he.net gave you
TUNNELV6ADDR=2001:DB8:0001:23::2/64
#This is your actual routed /64 address space (This is different than the 
#TUNNELV6ADDR) Just copy this from your tunnel info on the tunnelbroker page
ROUTED64=2001:DB8:4242:93::/64
#This is optional but rather useful if you want your own local v6 address
#space beyond the link local addresses. DO NOT just put in any address
#Please generate your own using the tool at 
#http://http://www.sixxs.net/tools/grh/ula/
#ULA's are meant to be private but unique in order to avoid the problems
#encountered with RFC1918 addresses in IPv4.
ULA=<enter a /64 address allocated out of your /48 ULA here>
#This is the interface that is on your LAN.
#Used to assign the routed /64 address and the ULA address to)
LANIF=eth1
case "$1" in
start)
        ip6tables-restore </etc/iptables/rules6
	ip tunnel add he-ipv6 mode sit remote $TUNNELSERVER local $LOCALIP  ttl 255
	ip link set he-ipv6 up
	ip addr add $TUNNELV6ADDR dev he-ipv6
	ip addr add $ROUTED64 dev $LANIF
	ip addr add $ULA dev $LANIF
	ip route add ::/0 dev he-ipv6
	echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
	service radvd start
    ;;
stop)
        ip link set he-ipv6 down
	ip tunnel del he-ipv6
	ip addr del $ROUTED64 dev eth1
	service radvd stop
        echo 0 > /proc/sys/net/ipv6/conf/all/forwarding

    ;;
force-stop|restart|force-reload|status)
    ;;
*)
    echo "Usage: $0 {start|stop|force-stop|restart|force-reload|status}" >&2
    exit 1
    ;;
esac

exit 0

We're Done!

Once you have that init script edited and in place and run /etc/init.d/ipv6 start Your tunnel should come up and radvd should start and announce your prefixes to the LAN. If you go to a machine on your LAN and type ifconfig -a you should now see a 2001:* prefix inet6 address assigned to your network interface. Just type ping6 ipv6.google.com to see if everything is working.

Testing your IPv6 connectivity

You can go to http://test-ipv6.com/ to test your IPv6 connectivity and be sure you have your dual stack set up right.

[/debian/ipv6] permanent link RSS feed


Fri, 23 Dec 2011

Getting an old IBM 3151 terminal working with Debian Squeeze


I bring my laptop with me to St. Louis for Christmas every year. In St. Louis I have a big pile of obsolete equipment. One particular piece is an old IBM 3151 Terminal with Wyse 50 emulation card installed.

I like to hook up the IBM 3151 terminal to my laptop to give me an extra text only display and keyboard for editing text files and chatting on IRC etc.

Since this terminal (with the emulation card I have on hand at least) does not handle VT100 escapes it is a bit of a bear to set up so I figured I would write a blog post about how I get it working under Linux.

I like the nice crisp lime green display and the wonderful model M style buckling-sping keyboard.

Setting up the terminal

First plug the serial cable into the rear left hand port (left hand side with the front of the display facing you) the other port is for a serial printer if you have one.

Next type Ctrl-Setup to get to the setup screen. You will use the arrow keys to move around the menu and the space bar to choose the options, once you have selected everything you want on that screen press send to go to the next setup screen.

General Screen

Machine Mode: WYSE50/50+
Enhance Mode: ON
Screen: NORMAL
Row and Column: 25 x 80
Scroll: JUMP
Auto LF: OFF
CRT Saver: ON
Line Wrap: ON
Attribute: SCREEN
Return/Enter: CR/CR
Protect: HALF-INT

Communication Screen

Operating Mode: ECHO
Line Speed (bps) 9600
Word Length (bits) 8
Parity: NO
Stop Bit: 1
Parity Check: OFF
Line Control: PRTS
Pacing: OFF
Block End: US/CR
Edit Mode: DUPLEX
Keyboard Lock: ENABLE

Printer screen

Just ignore this screen if you don't have a printer, it only has the serial port setting for the printer on this screen anyway.

Function Screen

This is the screen that allows you to save your settings. Just press space over the desired function in order to perform it.

You will want to highlight save and press space and then highlight reset and press space on this screen.

The other functions are fairly obvious in what they do. you can search google for the 3151 manual to get full docs on this terminal.

Set up getty to talk to the terminal

Now that the terminal is set up you just have to get init to spawn a getty for the terminal and you will get a login prompt on the terminal. Once you have completed this step we are nearly finished.

Edit /etc/inittab

Add this line to your inittab and when you are finished type init q as root.
T0:23:respawn:/sbin/getty -L ttyUSB0 9600 wyse50

Once you have typed init q you should see a login prompt on the terminal. go a head and log in and you should have a shell. a lot of curses programs, including the pager will act funny though because they seem to assume that the whole world is a VT100 compatable terminal. The next section addresses how to fix this.

How to fix the terminal escapes

The siple answer to getting the terminal to behave as much as possible like a VT100 to applications that are poorly written is to simply use screen to translate those vt100 escapes into wyse50 escapes. just simply invoke screen -a -O once you log in and curses applications should start to behave normally.

I hope this helps someone else that has a similar Terminal that they want to use on a linux machine. I also have a nice AT&T 705 MT terminal I could have used that has excellent VT100 emulation, but I prefer the model M keyboard on my 3151. In the future I might find the DEC emulator card for it at a reasonable price and just simply use that instead and save the headache of using screen.

[/debian] permanent link RSS feed


Mon, 14 Nov 2011

Getting Suspend to disk working on Debian 6.0 Squeeze on the Thinkpad T41


A recent update to the 2.6.32 i486 kernel in Squeeze had the effect of making the kernel crash on resume from disk. I tracked things down to http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=607288

This basicaly boils down to adding acpi_sleep=s4_nohwsig to the kernel command line.

While I'm at it I thought I would describe how I have suspend to disk set up on my T41 since I had to do other things to get hibernate to work at all before this.

Step 1. pre/post suspend script

I crated a file named 20_deep13hibernate inside of /etc/pm/sleep.d/ it looks like this:


#!/bin/sh

# Action script ensure that unattended-upgrades is finished 
# before a hibernate 
#
# Copyright: Copyright (c) 2009 Michael Vogt
# License:   GPL-2
#

PATH=/sbin:/usr/sbin:/bin:/usr/bin


# pm-action(8) -  
#
# On suspend|hibernate, disconnect any wpa-roam managed interfaces,
# reconnect it on resume.

case "${1}" in
        hibernate)
         	echo removing wireless module
		modprobe -r ipw2200;
		pccardctl eject;       
                ;;
        resume|thaw)
		# nothing
		echo loading wireless module
		modprobe ipw2200;
		pccardctl insert;
                ;;
esac

Next Just edit /etc/default/grub and change the line that looks like:
GRUB_CMDLINE_LINUX_DEFAULT="" to
GRUB_CMDLINE_LINUX_DEFAULT="acpi_sleep=s4_nohwsig"

Finally just run update-grub and suspend to disk should work now. You may also want to add other modules into the sleep.d script (particularly if you have a different wifi card inside your Thinkpad T41) I hope this helps someone with a isimilar problem.

[/debian] permanent link RSS feed


Fri, 02 Sep 2011

mod_tcpwrapper -- tcpwrapper support for Lighttpd


As mentioned in a previous post I have recently moved to a Debian squeeze box. This squeeze install is inside of an OpenVZ container so (as far as I know) I can't use tools like fail2ban to edit firewall rules. tcpwrappers works pretty good though as long as your services support it.

I'm already using the denyhosts package to ban people attempting to brute force the ssh service. so I figured I would set up lighty to use tcpwrappers as well.

When I did I found out that lighttpd does not currently have any tcp wrapper support. so I made this little lighttpd module to implement it. Here is the diff between my code and the mod_skeleton.c file it is based off of

wschaub@deep13TP:/tmp/mod_tcpwrapper$ diff -u ../lighttpd-1.4.28/src/mod_skeleton.c mod_tcpwrapper.c 
--- ../lighttpd-1.4.28/src/mod_skeleton.c	2010-08-17 05:04:38.000000000 -0400
+++ mod_tcpwrapper.c	2011-09-02 18:03:26.000000000 -0400
@@ -7,16 +7,15 @@
 #include <ctype.h>
 #include <stdlib.h>
 #include <string.h>
+#include <tcpd.h>
 
 /**
- * this is a skeleton for a lighttpd plugin
- *
- * just replaces every occurance of 'skeleton' by your plugin name
- *
- * e.g. in vim:
- *
- *   :%s/skeleton/myhandler/
+ * mod_tcpwrapper by William Schaub <wschaub@steubentech.com>
+ * This module works like mod_access only it has no configuration parameters
+ * Instead it uses the TCP wrapper library to allow/deny access to the lighttpd
+ * daemon in /etc/hosts.allow and /etc/hosts.deny
  *
+ * This module is under the same license as Lighttpd
  */
 
 
@@ -55,7 +54,7 @@
 }
 
 /* init the plugin data */
-INIT_FUNC(mod_skeleton_init) {
+INIT_FUNC(mod_tcpwrapper_init) {
 	plugin_data *p;
 
 	p = calloc(1, sizeof(*p));
@@ -66,7 +65,7 @@
 }
 
 /* detroy the plugin data */
-FREE_FUNC(mod_skeleton_free) {
+FREE_FUNC(mod_tcpwrapper_free) {
 	plugin_data *p = p_d;
 
 	UNUSED(srv);
@@ -97,12 +96,12 @@
 
 /* handle plugin config and check values */
 
-SETDEFAULTS_FUNC(mod_skeleton_set_defaults) {
+SETDEFAULTS_FUNC(mod_tcpwrapper_set_defaults) {
 	plugin_data *p = p_d;
 	size_t i = 0;
 
 	config_values_t cv[] = {
-		{ "skeleton.array",             NULL, T_CONFIG_ARRAY, T_CONFIG_SCOPE_CONNECTION },       /* 0 */
+		{ "tcpwrapper.array",             NULL, T_CONFIG_ARRAY, T_CONFIG_SCOPE_CONNECTION },       /* 0 */
 		{ NULL,                         NULL, T_CONFIG_UNSET, T_CONFIG_SCOPE_UNSET }
 	};
 
@@ -130,7 +129,7 @@
 
 #define PATCH(x) \
 	p->conf.x = s->x;
-static int mod_skeleton_patch_connection(server *srv, connection *con, plugin_data *p) {
+static int mod_tcpwrapper_patch_connection(server *srv, connection *con, plugin_data *p) {
 	size_t i, j;
 	plugin_config *s = p->config_storage[0];
 
@@ -148,7 +147,7 @@
 		for (j = 0; j < dc->value->used; j++) {
 			data_unset *du = dc->value->data[j];
 
-			if (buffer_is_equal_string(du->key, CONST_STR_LEN("skeleton.array"))) {
+			if (buffer_is_equal_string(du->key, CONST_STR_LEN("tcpwrapper.array"))) {
 				PATCH(match);
 			}
 		}
@@ -158,10 +157,11 @@
 }
 #undef PATCH
 
-URIHANDLER_FUNC(mod_skeleton_uri_handler) {
+URIHANDLER_FUNC(mod_tcpwrapper_uri_handler) {
 	plugin_data *p = p_d;
 	int s_len;
 	size_t k, i;
+	struct request_info request;
 
 	UNUSED(srv);
 
@@ -169,38 +169,33 @@
 
 	if (con->uri.path->used == 0) return HANDLER_GO_ON;
 
-	mod_skeleton_patch_connection(srv, con, p);
-
-	s_len = con->uri.path->used - 1;
+	mod_tcpwrapper_patch_connection(srv, con, p);
 
-	for (k = 0; k < p->conf.match->used; k++) {
-		data_string *ds = (data_string *)p->conf.match->data[k];
-		int ct_len = ds->value->used - 1;
+	/* init the request struct using the fd of our current connection */
+	request_init(&request, RQ_DAEMON,"lighttpd", RQ_FILE,con->fd, 0);
 
-		if (ct_len > s_len) continue;
-		if (ds->value->used == 0) continue;
-
-		if (0 == strncmp(con->uri.path->ptr + s_len - ct_len, ds->value->ptr, ct_len)) {
+	/* Fill in the fromhost bits of the request struct */
+	fromhost(&request);
+	/* Access blocked by tcp wrappers */
+	if(!hosts_access(&request)) {
 			con->http_status = 403;
-
 			return HANDLER_FINISHED;
-		}
 	}
 
-	/* not found */
+	/* Access allowed */
 	return HANDLER_GO_ON;
 }
 
 /* this function is called at dlopen() time and inits the callbacks */
 
-int mod_skeleton_plugin_init(plugin *p) {
+int mod_tcpwrapper_plugin_init(plugin *p) {
 	p->version     = LIGHTTPD_VERSION_ID;
-	p->name        = buffer_init_string("skeleton");
+	p->name        = buffer_init_string("tcpwrapper");
 
-	p->init        = mod_skeleton_init;
-	p->handle_uri_clean  = mod_skeleton_uri_handler;
-	p->set_defaults  = mod_skeleton_set_defaults;
-	p->cleanup     = mod_skeleton_free;
+	p->init        = mod_tcpwrapper_init;
+	p->handle_uri_clean  = mod_tcpwrapper_uri_handler;
+	p->set_defaults  = mod_tcpwrapper_set_defaults;
+	p->cleanup     = mod_tcpwrapper_free;
 
 	p->data        = NULL;

You can download a tarball with the source code, config files and instructions as well as pre-compiled modules for i386 and sparc (compiled for Debian squeeze) at this link mod_tcpwrapper.tgz

[/lighttpd] permanent link RSS feed


I retired my last Solaris machine yesterday.


I have been using Solaris (both on the desktop and on the server) mainly on SPARC hardware since the late 90s. I think it was a great platform and still could be if Oracle didn't pretty much own it. Sometime last year they closed Security patches to the public and wanted insane amounts of money per machine just for the ability to download patches.

This web server ran Solaris 10 Until some time after noon yesterday when I moved it to the most recent Debian stable release. I was thinking of making it a FreeBSD server instead but since I have been doing a lot of work on Debian and Debian based systems lately it seems like a nice fit. Particularly with it's long release cycle and long term support with security patches.

I really want to get back into FreeBSD again sometime though, Hopefully I will have an excuse to do so soon.

As far as Debian goes I'm really impressed with it, I've been running it on my old ThinkPad T41 and on my SunBlade 2000 and I really have no complaints about it. It's very well put together and most of the packages are well thought out and integrated into the system. Everything that goes into the system has to follow a strict policy which is well documented, most everything you need by design is installed into /usr/share/doc/packagenamehere. I couldn't be happier, particularly now that I don't have to compile the majority of the packages that I use anymore.

[/solaris] permanent link RSS feed


Wed, 13 Jul 2011

Solar Outpost Project


I have recently started working part time with Genesi and got involved with an ongoing project of theirs that overlaps with the goals of my TEOTWAWKI Net project. You can read about it at:

I started out as Genesi customer purchasing and getting really excited about their amazing Smart Book and Smart Top products and started making some SD card based demos for the products including a Sugar image, a live SD card image and a headless image.

I found myself at the Genesi Genesi scrum in San Antonio this past June and was asked to help out with this Project in Tanzania.

I applied a lot of the research and development that originally went into TEOTWAWKI Net since 2009 to meet the requirements of this project. Although TEOTWAWKI Net is not integrated into the solar outpost project (yet) A lot of the technologies in the prototype system are there.

Current state of the Solar Outpost Project

The ideas is fairly simple. We send down a solar power system and a collection of low power wireless gear, Efika MX smart tops and smart books and a collection of software that allows them to collaborate and create their own library of content even if there is no existing infrastructure.

The heart of the system is the Efika MX smart top which is a very tiny ARM based machine (running on the Freescale i.MX51 system on a chip) It draws about 4 watts of power when idle and maxes out at around 10 watts, has no fans or any other moving parts, generates almost no heat, has ethernet, wireless, HDMI, USB and built in audio.

We use the Efika MX smart top as a headless server which provides:

All of this combined gives this classroom in a village without grid power the ability to develop course material and collaborate using Efika MX smartbooks over the local wireless AP. the Solar system can be use to re-charge the smart books as necessary and to run the standalone server the rest of the time.

Thanks to the power efficiency of these ARM chips and the flexibility of Linux this is doable with a very modest bare bones Solar system. The server/wireless gear should be able to run all day and as long as the sun shines we should be putting in more power than we take out. The smartbooks can run almost 7 hours on a single charge and don't take long to charge back up to full.

I'm really excited to be working on a project in the real world related to the work I've been doing in my spare time these last few years.

Things to do moving forward:

[/projects/teotwawki] permanent link RSS feed


Tue, 05 Oct 2010

Bluetooth Essentials For Programmers Review


If you have been following my TEOTWAWKI Net project you will know I'm interested in dynamically formed short range wireless networks and so of course bluetooth seems natural to explore. To help me get started I purchased "Bluetooth Essentials For Programmers by Albert S. Haung & Larry Rudolph ISBN 978-0-521-70375-8"

I thought I might review this book a bit and mention what it covers vs what it leaves up to the reader to figure out.

What it does cover:

This book is great to get you started writing code that actually does something very quickly and has great examples in Python, Java, C and objective C. For that reason alone I think it is worth it to buy if you want to get started quickly writing bluetooth applications. Here's a short list of whats covered.

What it doesn't cover:

While it is still a great help for someone wanting to get started with Bluetooth I think they could have gone a bit further than they did its really a basic bluetooth tutorial in book form and it does that well but I think a more expanded edition of the book should be made covering the following topics.

All of the above is pretty much left out and not even touched on it is expected that the reader will dig for that extra info and I guess that is OK but adding these topics would have made this tiny (198 page) book into something truly wonderful in my opinion.

If I have time I plan to cover some of these topics that aren't covered in bluetooth essentials once I have finsihed R&D on the bluetooth support in the future versions of TEOTWAWKI Net.

[/projects/teotwawki] permanent link RSS feed


Thu, 16 Sep 2010

HTC Dreams


As noted on the wiki and on facebook. Thanks to the generous contributions of Fred Grose I got my First rooted HTC Dream phone on Saturday and the second one today. Being someone who is very behind the times as far as mobile technology goes this 2 year old smart phone really impressed me. It's also highly addictive even without any cell service.

So far I haven't written one line of code for the platform yet but putting it through its paces has been very fun. There's so much this thing can do out of the box that I'm sure Apple is in big trouble. particularly since this platform is open source friendly. (That is the main reason I chose this as my first smart phone platform to develop for)

This phone also has me thinking about ARM based machines and how I would really love to have a good ARM netbook with similar capabilities (but with a regular Linux distro and lots more ram and flash space and a bigger screen of course) Hopefully we will see some come onto the market soon. until then I have one heck of a powerful and flexible machine that fits in my pocket! something I have wanted for many years is now a reality.

I still want to own an open pandora one day but this is close enough for what I want to do for now.

I'm done rambling now more info when I finish the python re-write and get serious with the droid. My project will need to use the NDK for various reasons and I should be learning all about android internals soon. I will post more on my blog about android internals that I find interesting as I run across them.

I also wanted to thank the author of the Super E ROM I had no end of trouble with cyanogen 6.0 but Super E seems be nice and solid. It leaves me at android 2.1 but I'm sure the 2.2 roms for the dream will get better by the time I will care about having a 2.2 machine.

[/projects/teotwawki] permanent link RSS feed


Wed, 08 Sep 2010

Python re-write


I finally forced myself to sit down today and I re-implemented about 90% of the mapper daemon today. If I keep things up at this rate we might actually see a real sugar activity version of TEOTWAWKI Net soon.

I still have the following milestones to complete

Once I have a working sugar activity I will release a standalone Linux version and see what can be done to make it work under windows and hopefully smart phones.

I need at least one USB bluetooth dongle and two rooted HTC dream phones (also known as the G1 phone) to get started on the android version.

[/projects/teotwawki] permanent link RSS feed


Wed, 21 Jul 2010

Crock pot hot wings


I just made some amazing hot wings in the crock pot yesterday.

This is what I did:

Make the sauce:

I needed two batches of sauce to cover my wings.

Cover the wings with the sauce and stir to make sure all the wings are covered and set the crock pot on high for 2 and a half hours. (do not take the lid off to check until at least the 2 and a half hours are up!)

Check and make sure the wings are done by taking out a wing and testing it.

Once the wings are fully cooked separate the wings and the sauce. transfer the the sauce to a sauce pan and boil it down as much as you can and then thicken it back up like you would making gravy. (I used flour, but you might also try corn starch, it came out good with flour)

I came up with this because I could not find any good recipes for hotwings that only used a crockpot.
I wasn't expecting it to turn out so good so that's why I'm posting it to here. The end result is a lot like buffalo wings except its
tender and has a really nice flavor. It is greasy but then so are buffalo wings.
I found the sauce to be so good that I ended up just soaking it into bread rather than wasting it. If you try it let me know what you think.

[/cooking] permanent link RSS feed


Tue, 18 May 2010

Historic Usenet Source code


Whenever I get involved with something I like to study it's history for me that means finding the earliest copies of the software and sources.

I decided today to find a copy of the original B-News software and spent a few hours pulling my hair out since ftp.uu.net seems to be no more.

Finally I managed to find copies of A news B news and C news plus the nntp reference implementation. In the interests of posterity I am hosting a copy of the software I found here

I hope I save someone from pulling their hair out.

[/projects/teotwawki] permanent link RSS feed


Tue, 04 May 2010

Thunderbird 3.x preferences rant


I really like Thunderbird so don't get me wrong here. However I just have to rant a bit about the user interface for configuring this particular mail client.

To their credit they do have most everything you would want in the GUI. Except one thing I really needed, a way to set the font size for the list of emails and other things that are part of the user interface not just the message body text.

I know some people will say "but look a simple google search tell you how to do that! Why are you complaning?" I'm complaining because things like this should not require editing a config file! I like that its customizable by a CSS file thats a wonderful thing. But you can't tell me that this couldn't have been editable in the preferences GUI. I have nothing against config files I like being able to do cool things with config files but this is 2010 not 1992! Evrything doesn't need to be in a GUI but I would expect that basic look and feel modifications, like the font size of the list of emails would be configurable from the GUI. Is that too much to ask for in the 21st century?

Maybe I'm getting spoiled these days but I'm sure people considering an open source mail client are put off by things like this. I know they are because I actually got asked by the person whom I was increasing the font size for "Is it difficult to config that option because it's open source?"

Anyway I still love Thunderbird I just hope that they will fix things like this in newer releases.

[/rants] permanent link RSS feed


Thu, 22 Apr 2010

Solaris patch access rant


I really tried to be upbeat about Oracle acquiring Sun Microsystems. I thought for sure that they would do all they could to encourage wide use of Solaris and would invest heavily on Solaris and the SPARC platform.

Whether or not they invest in Solaris and Sun's hardware platforms remains to be seen but one thing is now every clear. They have no intentions whatsoever of treating their customers and potential customers with respect.

Instead they decide that they should handle support and licensing just like they do with their other products. This includes charging well over $300 a year for access to critical security patches.

I have been a long time fan of Solaris over the years and still think it has a lot of merits technically. But those merits mean nothing to me if I'm forced to pay for security patches. There are a lot of small shops out there running Solaris that don't want or even need the hassle of a full support contract just to get patch access.

I might feel a bit better about this if you could simply pay for only basic sunsolve access to documentation and patches only and do self-support. for a reasonable price (say $50 to $100 a year) but charging over $300 a year for something we used to to be able to do ourselves for free is just insane.

I also consider blocking access to security patches to be irresponsible. The net is more hostile than ever today and there will now be even more unpatched Solaris boxes out there just waiting to be rooted, and all because Oracle wants to squeeze as much as possible out of Sun's remaining user base.

So as much as it pains me to do so I will be moving off of Solaris on my web server and switching either to CentOS or one of the BSD flavors. I will still run Solaris on my desktop system on my private network but I think my love affair with Sun has just been killed by Oracle. Thank you Oracle for taking a great company like Sun with tons of talent and some of the best most innovative technology out there and killing it by forcing it to conform to Oracle's culture.

It's been a great ride but I feel that Sun will share the same fate as DEC unless Oracle changes It's ways and soon. RIP Sun Microsystems 1982-2010 you will be missed.

[/rants] permanent link RSS feed


Mon, 12 Oct 2009

AgeStar CFB3AT FireWire Enclosure problems in Solaris


I recently needed to add a new external disk to my SunBlade 2000 I had a spare 500GB SATA drive laying around and I found a drive enclosure that supports both PATA and SATA drives and has USB 1.0, 2.0, Firewire 400 and E-SATA connectors on it. at http://www.cooldrives.com/esu sb20andfi.html

I had nothing but trouble with it under Solaris 10/SPARC but it ran perfectly fine on Linux, Windows and MacOS X. I would get the following errors when copying lots of data to this drive:

 scsi: WARNING: /pci@8,700000/firewire@5,2/unit@0050770e00071002/disk@0,0 (sd37): 
Oct 11 22:27:04 ayeka 	SCSI transport failed: reason 'reset': retrying command
Oct 11 22:27:05 ayeka 	transport rejected fatal error
Oct 11 22:27:05 ayeka ufs: WARNING: Error writing ufs log
Oct 11 22:27:05 ayeka ufs: WARNING: ufs log for /mnt changed state to Error
Oct 11 22:27:05 ayeka ufs: WARNING: Please umount(1M) /mnt and run fsck(1M)


I did a ton of fiddling around and finally I have success! I had to dig around the opensolaris.org code browser looking at the scsa1394 driver. There is an undocumented driver variable called scsa1394_wrka_fake_rmb

Don't ask me what it does exactly all I know is it is off by default and setting it to 1 instead of 0 seems to have fixed my issue. Or at least somewhat anyway. I had it cloning my LaCie BigDisk for most of last night and it did eventually die. I'm going to try re-enabling the symbios workaround and see if that fixes it completely. In the mean time I'm using rsync to do the copy and it seems to be reliable enough to replace my ailing LaCie drive. If things continue to be a big PITA I will just install a USB 2.0 card in my Sun and be done with it.

This tip should work with any enclosure that uses a Prolific Technology Inc. PL-3507 chipset but YMMV. I hope someone finds this info useful because I sure wish I had found it before having to get elbow deep into the guts of Solaris out of frustration.

To set this yourself try putting the following lines into /etc/system and rebooting. I'm not sure that scsa1394_wrka_symbios = 0 is needed.

*Try some FireWire system tuneables
set scsa1394:scsa1394_wrka_symbios = 0
set scsa1394:scsa1394_wrka_fake_rmb = 1

For more information on using firewire drives with SPARC machines take a look at This article

[/solaris/firewire] permanent link RSS feed


Tue, 29 Sep 2009

Open Pandora an idea who's time has come


I just stumbled across the Open Pandora Project and I am practically drooling over this awesome wonder of a device. It is unfortunate that it is primarily focused on gaming because this little gem is capable of so much more!

This little device fits in your pocket, has blue tooth and 802.11 wireless technologies, a battery life around 10 hours. two SDHC slots, two USB ports, an S-video out etc. In short it is the pocket sized general purpose computer (Super PDA if you will) that I always dreamed of ever since those Casio organizers came out. (I always wanted a Casio organizer that could run DOS or UNIX back in the early 90s)

If the first batch starts shipping and the orders keep coming in for this device I am sure to scrape up the cash to get one. This is the perfect device to run TN and a bunch of other applications that are perfect for a pocket sized device like this.

I still plan to get a nice ARM based netbook as well but the awesome possibilities of this device can not be under-stated. It is easily as powerful (actually a lot more powerful) than an OLPC XO-1. and can use blue tooth keyboards etc. It has the same 256MB ram limitation as the XO-1 but if you know what you are doing you can still cram a crap load into that considering that in the 90s I had useful unix workstations running on much less than that.

I believe that powerful, open and compact general purpose devices like these that are completely open source are the future. versatile mobile computing devices and fresh new ways that we will be looking at mobile networks will change the world.

[/projects/teotwawki] permanent link RSS feed


Tue, 22 Sep 2009

Project update


I haven't posted anything on TEOTWAWKI Net in a while so here's an update:

I've been working on the USB sync manager which is simply a script that looks for mount points being added in a certain directory. it then scans that mountpoint for spooled up batch files containing news articles.

Once it finds the batched up articles it reads them in and deposits it's own articles onto the mounted device. once it is done processing all found mount points it will pop up a GUI (optional) listing all found mount points with an unmount button next to each one. This menu will disappear as soon as it starts processing again. The menu will not pop up if there are no more mount points left in the directory it looks in.

USB keys left plugged in will accumulate any new articles that arrive either by the network or by other USB keys being plugged in.

What I just wrote about is not just an idea but is already working now and is in CVS. I just got a lot of this working over the weekend and some more tonight.

I plan on making some changes to how the system is packaged and splitting some things out of start.sh and writing some new documentation to put in the webroot before I build more packages. At that point I might have my first numbered release. Stay tuned.

[/projects/teotwawki] permanent link RSS feed


Fri, 11 Sep 2009

Had fun repackaging OpenDX for Slackware today


I spent about 3 hours re-packaging OpenDX to run on Slackware for a customer today. It was nice to just get back to some good old fashioned UNIX admin work for a change.

Some people may hate the Slackware package management system or accuse it of just being a tar file (or being nonexistent) but they would only be partly right.

In Slackware package files are just tar files but the real brains behind the packaging is inside the package utilities themselves. The packaging utilities are wrappers around tar and maintain a catalog of files installed with a package so that it can be removed or upgraded later. They also can execute shell scripts included in the tarball inside of the install directory. There is no dependency tracking but the same can mostly be said of System V Release 4 packages (as used on Solaris)

Either way love it or hate it the Slackware package system is very easy to work with as a result of it's simplicity. build your project into a directory tree that reflects how the files should look relative to the root file system. put any extra needed stuff inside the install directory and build it with makepkg and you are done.

You can even use rpm2tgz to transfer an rpm into a regular tar file and work off of that if you have to. or just build the tar yourself without makepkg and still get the benefit of being able to uninstall it using removepkg later on.

I subscribe to the idea that small and simple is beautiful. Slackware packages may be lacking in modern features but they are simple and easy to work with which I find quite refreshing in this age of horribly complex software.

[/slackware] permanent link RSS feed


Thu, 03 Sep 2009

Micro controller based TN?


I found a fascinating open source hardware and software project called Arduino that has a surprising amount of sophistication and peripherals available for it. and a seemingly easy to use software development environment.

One of the options is to hook it up to blue tooth or 802.11 wireless modules. I'm thinking that I might be able to take the 802.11 or blue tooth modules (802.11 module supports TCP/IP so it is the obvious choice) and if an SD card can also be utilized I might be able to implement a cheap hardware device that can be placed in your pocket and gather/propagate TEOTWAWKI Net completely unattended. you could then sync it with your laptop or other larger system later.

I have no idea if the Arduino is capable of anything as complex as TN but it was enough to get me thinking. Eventually I would like to implement the network on smart phones and sophisticated PDA devices but open source hardware platforms like this really open a lot of cool possibilities.

Update:

I just spent a couple of hours looking at information about the platform and the microcontroller chip it is based on and it may be a bit too simple to do what I want. however It is still quite capable and flexible for small projects. I really want to see a lot more work being done in the open source hardware area. the amount of new and innovative hardware and software projects that could be built really is unlimited with completely open hardware to build on.

What i would really like to see is a project very much like Arduino but targeted at much larger scale applications. Something that is about the same size as the Arduino and has the ability to plug in multiple I/O boards with storage, wifi, etc. as well as exporting various pins you would find on a micro controller. It would also need to be able to run a decent real time OS (hopefully something POSIX like or even a small version of Linux). I could do a lot with a device like that.

In a nutshell what I would really like to see the hardware hackers come up with is a low cost general purpose embedded computer platform that is small enough to fit in someones pocket and run off of batteries. With enough CPU horsepower and features to run complex wireless network applications. I don't even need a display or a keypad but a modular system would make this easy to add. If the open source hardware hackers ever come up with such a thing I will be very happy.

I'm still tempted to buy some of these kits and see just how far I can push things though. (If only I had unlimited time!)

Another update

Ohhhh Yeahhhh! check this out: http://blogs.leaflabs.com/2009/

This looks like it may well just fit the bill for what I'm wishing for I will be following the development of this project very closely. My main focus is to get the UNIX version of TN working as well as I possibly can before I go off on porting to other platforms embedded or otherwise. but once that goal is accomplished I will be getting some kits and exploring the possibilities.

[/projects/teotwawki] permanent link RSS feed


Fri, 28 Aug 2009

New packages released for the LUGOR/OLPC picnic this Saturday


The packages are built from the code with the lugorpicnic tag in CVS this version includes the new and improved network mapper and sync dispatcher and an important bugfix to the syncnews.pl script (I got the article date and article arrival time backwards when reading the history file) Also as a consequence of the IPC provided by the new network mapper. the network neighborhood is now implemented as a PHP script that reads the network map from the daemon and works much better now.

The new IPC mechanism also allows the syncnews.pl script to update a "lastsync" timestamp in the network map when it successfully syncs with a node. This fixes another problem I had with the old mapper script that could cause some articles to never be sent out to other nodes.

This release also includes the incredibly useful socat utility which can be used to talk to the network mapper socket and for just about anything networking related you can think of.

[/projects/teotwawki] permanent link RSS feed


Tue, 25 Aug 2009

New mapper daemon in CVS


The new network mapper/sync dispatcher has just been committed to CVS. It implements everything I talked about in the previous blog post. the following are the implemented commands for the /tmp/TNmapper IPC socket.

all commands close the socket when they are finished.

UPDATE will return ACK\n on success and NACK\n on fail.

NTOA will return the ip address followed by \n or NACK\n if the nodename is not in the n2a hash.

ATON will return the nodename followed by a \n or NACK\n if the ip address is not in the map hash.

DUMP will return multiple lines containing the entire network map. it is comma separated into the following fields ipaddr, nodename, services Once it is finished dumping the socket is closed. it can return zero lines for an empty network map.

DEBUG This will output the %map and %n2a hashes to the IPC socket in Data::Dumper format.

[/projects/teotwawki] permanent link RSS feed


Mon, 24 Aug 2009

Looks like I have to write a comment system.


This is partly my fault because I either don't understand something or I just had to pick the most obscure blogging platform out there. But I have yet to find a comment plugin for blosxom that actually works or has understandable documentation. All of the plugins I have found are either totally undocumented or woefully out of date.

So I'm just going to have to roll my own comments system You will just have to wait until I get around to it. (I have some general ideas on how to get this done)

I normally wouldn't bother but I rather like the way blosxom does things and wordpress is a giant bloated mess. I just want to get back to simple software with a small footprint modern software is driving me crazy and I'm just sick of it.

[/rants] permanent link RSS feed


A new and improved Network mapper/Sync dispatcher


I've been busy learning a lot more about sockets programming from W. Richard Steven's UNIX Network Programming 1st edition. and applying some of that info to perl. I am modifying an example server that uses select and non blocking I/O to eventually be the new network mapper and sync dispatcher. I already have this test server accepting both UDP connections and AF_UNIX (local system only accessed by unix filesystem paths, (/tmp/afunixsocket for example)) streaming connections and passing them to different handlers.

The end result will be that other processes will be able to communicate with the heart of the TN system and get information about the network and be able to update the crucial time stamp information for each node (the syncnews.pl script needs to be able to do this since it is spawned into the background.)

The reason I'm focusing on this change is that the original script for the network mapper and sync dispatcher just does not seem to be easily extendable the way it currently exists and some of my testing has brought up certain design problems that can cause articles to be lost and the only way forward will be to have the mapper support IPC and add more information to the network map that can be accessed and updated by processes that need to know about and work with this information.

I have wanted to do this from the beginning anyway with the network neighborhood. it is much better to make that a script that gets info from the network map directly. instead of an ugly hack where the mapper daemon re-writes a static html file when it updates the network map.

The new way the process will work will also allow things like a name service switch plugin to be developed that will allow hostname lookups to use the TN network map.

I'm also going to make it a bit of a hybrid server in that while it does select and non-blocking I/O instead of forking. it will only do so for receiving the UDP broadcasts that build the map and handling commands from the AF_UNIX socket that update the map. any other commands will cause it to fork a process that will block and process all other commands namely dumping of the network map and doing specific map lookups. that way the main daemon will not have it's time taken up by queries about the map and since that is handled in a child process that child will only have a copy of the network map at the time of the fork. I also found a really awesome tool that blows away netcat called socat that I think I will include in the TN system for debugging and possibly other purposes later. not only does it allow me to interactively send data to and read from AF_UNIX sockets but it is an incredible networking swiss army knife that allows all sorts of different possible socket combinations to talk to each other.

[/projects/teotwawki] permanent link RSS feed


TEOTWAWKI Net figures


I have dug out xfig and made some simple figures showing how TEOTWAWKI Net works.

TEOTWAWKI Net Software Stack

the arrows pointing to the ad-hoc cloud are as follows:

[/projects/teotwawki] permanent link RSS feed


Tue, 18 Aug 2009

Might have found a way to make an XO act as an AP


I did some digging around and asking on the olpc-devel irc channel and it looks like there is a driver and special "thin firmware" for the libertas chipset that supports AP mode. The guy that maintains the DebXO distro is having me test out a package that includes this new firmware. I will let you and him know about it as soon as I get a chance to test it. theres also instructions for getting the thin firmware working on the stock sugar, but it requires re-building the kernel with the correct options set.

(I will probably create a package for this if it all works out nicely under debian)

It will be so cool to be able to put an XO into AP mode. I've been making further improvements to the sync-up code and am working out some more bugs and timing issues. I also got my UNIX Network Programming 1st edition in the mail today as well.

What a wonderful history book to read from back in early 1990 when most of the world was not POSIX compliant, there were several competing network protocols with TCP/IP and some UNIX vendors were just getting around to getting ANSI compliant compilers (a lot of the examples are K&R style C but the sockets interface really hasn't changed much at all)

It deals a whole lot with interprocess communication and has some rally sophisticated examples and is very in depth. I know I'm going to learn a lot from it to make my project better.

[/projects/teotwawki] permanent link RSS feed


Archives: