Dis ‘n’ Data

Following up on the previous article titled “A simple rogue dhcp detector”, this script is the sort of IPv6 equivalent.

In IPv4, to automatically get an IP address, netmask and gateway, hosts send a broadcast DHCP Discover packet to the network and hope that the local dhcp server responds (correctly). As it’s a broadcast message, any host can respond and potentially with wrong information. As you know nothing about the network, you have no way to tell what is a good or a bad response. Hosts that respond in error are “rogue dhcp servers”.

In IPv6, dhcp6 is available, but lots of people use the alternative “stateless autoconfiguration”. In this case, a host on the network regularly broadcasts a “router advertisement” to say “all hosts on this network have the following 64-bit prefix, so fill in the remaining 64 bits yourself, the default route is xxxxx”.

Just like with DHCP on IPv4 anyone can send these broadcast messages and mislead the other hosts about the correct prefix and route to use. You can spot these messages with tcpdump. Where fe80::20e:cff:feb1:33a8 is the address of your genuine router, this tcpdump one liner will return as soon as it sees a rogue advertisement (ie one from anyone else).

tcpdump -venxx -c 1 -i eth1 icmp6 and ip6[40] == 134 and src host not fe80::20e:cff:feb1:33a8

[ above updated to include icmp6 filter ]

This script automates the procedure, watching for rogue RAs, sending an alert email when one is seen and then sleeping for an hour before watching again.

#!/bin/sh

DEVICE=eth1
TCPDUMP=/usr/sbin/tcpdump
PROGNAME="rogue_ra_detector.sh"
SLEEPTIME=3600
ALLOWED_RA_SERVERS="fe80::20e:cff:feb1:33a8"
EMAIL="root"

# load up a config
if [ -e "$1" ]
then
        source $1
else
        echo "Config file '$1' not found"
        exit
fi

MESSAGE1="$PROGNAME running on `hostname` ($DEVICE) has detected what looks like \nrogue router advertisements:"
MESSAGE2="Sorry to be the bearer of bad news.  I'll sleep now for $SLEEPTIME seconds and start detecting again\n\n-- \n$PROGNAME\n"
TCPDUMP_COMMAND="$TCPDUMP -venxx -c 1 -i $DEVICE icmp6 and ip6[40] == 134 and src host not $ALLOWED_RA_SERVERS"
echo $TCPDUMP_COMMAND

# check tcpdump
[ ! -x "$TCPDUMP" ] && echo "$TCPDUMP not found or not executable" && exit 1

while( true )
do
        COMMAND_OUTPUT=`$TCPDUMP_COMMAND`
        printf "$MESSAGE1\n\n$COMMAND_OUTPUT\n\n$MESSAGE2\n" | mail -s "Rogue IPv6 Router Adverts Detected on $DEVICE" $EMAIL
        sleep $SLEEPTIME
done

If your listen to the Irish national broadcaster, realplayer is the order of the day. On linux, if you don’t have/want realplayer installed it’s handy to know that mplayer can play these streams. If you mouseover the link to view a stream, it usually looks something like this:

showPlayer('/radio1/player_av.html?0,null,200,http://dynamic.rte.ie/quickaxs/209-r1-marianfinucane.smil')

The red bit is the SMIL playlist file. You can play it with:

mplayer -playlist http://dynamic.rte.ie/quickaxs/209-r1-marianfinucane.smil

You can even save it for later:

mplayer -noframedrop -ao pcm:file=stream.wav -playlist http://dynamic.rte.ie/quickaxs/209-r1-marianfinucane.smil

On behalf of the Tadger, we picked up a Traveller USB Microscope this evening at our local Aldi. It looks a bit “Fisher Price”, but on the other hand, if you can capture the output of a 200x microscope for €40, that seems worth a punt. Tadge likes to promote science to the young folk, so maybe he can do some cool microbiology stuff with it for their benefit.

It basically seems to be a webcam of sorts, rigged up with a rotatable lense housing which allows you to choose between the three lenses (10x, 60x, 100x). There are a couple of buttons on it which seem

I don’t have very long with it, but I was hoping it might work with linux. It doesn’t out of the box on Ubuntu Lucid anyway, but I’m sort of wondering (probably very naively) if the UVC driver might be convinced to work with it. It would appear that if it worked, it should appear as a device in /dev/videoX which would be pretty cool.

For the sake of a record, according to lsusb, the device is as follows:

Bus 001 Device 003: ID 1871:01b0 Aveo Technology Corp.
Device Descriptor:
  bLength                18
  bDescriptorType         1
  bcdUSB               2.00
  bDeviceClass            0 (Defined at Interface level)
  bDeviceSubClass         0
  bDeviceProtocol         0
  bMaxPacketSize0        64
  idVendor           0x1871 Aveo Technology Corp.
  idProduct          0x01b0
  bcdDevice            0.05
  iManufacturer           1 AVEO Technology Corp.
  iProduct                2 AVEO Cheetah3 USB2.0 Device
  iSerial                 0
  bNumConfigurations      1
  Configuration Descriptor:
    bLength                 9
    bDescriptorType         2
    wTotalLength          105
    bNumInterfaces          1
    bConfigurationValue     1
    iConfiguration          0
    bmAttributes         0x80
      (Bus Powered)
    MaxPower              500mA
    Interface Descriptor:
      bLength                 9
      bDescriptorType         4
      bInterfaceNumber        0
      bAlternateSetting       0
      bNumEndpoints           1
      bInterfaceClass       255 Vendor Specific Class
      bInterfaceSubClass    255 Vendor Specific Subclass
      bInterfaceProtocol    255 Vendor Specific Protocol
      iInterface              0
      Endpoint Descriptor:
        bLength                 7
        bDescriptorType         5
        bEndpointAddress     0x83  EP 3 IN
        bmAttributes            1
          Transfer Type            Isochronous
          Synch Type               None
          Usage Type               Data
        wMaxPacketSize     0x0000  1x 0 bytes
        bInterval               1
    Interface Descriptor:
      bLength                 9
      bDescriptorType         4
      bInterfaceNumber        0
      bAlternateSetting       1
      bNumEndpoints           1
      bInterfaceClass       255 Vendor Specific Class
      bInterfaceSubClass    255 Vendor Specific Subclass
      bInterfaceProtocol    255 Vendor Specific Protocol
      iInterface              0
      Endpoint Descriptor:
        bLength                 7
        bDescriptorType         5
        bEndpointAddress     0x83  EP 3 IN
        bmAttributes            1
          Transfer Type            Isochronous
          Synch Type               None
          Usage Type               Data
        wMaxPacketSize     0x0200  1x 512 bytes
        bInterval               1
    Interface Descriptor:
      bLength                 9
      bDescriptorType         4
      bInterfaceNumber        0
      bAlternateSetting       2
      bNumEndpoints           1
      bInterfaceClass       255 Vendor Specific Class
      bInterfaceSubClass    255 Vendor Specific Subclass
      bInterfaceProtocol    255 Vendor Specific Protocol
      iInterface              0
      Endpoint Descriptor:
        bLength                 7
        bDescriptorType         5
        bEndpointAddress     0x83  EP 3 IN
        bmAttributes            1
          Transfer Type            Isochronous
          Synch Type               None
          Usage Type               Data
        wMaxPacketSize     0x03fc  1x 1020 bytes
        bInterval               1
    Interface Descriptor:
      bLength                 9
      bDescriptorType         4
      bInterfaceNumber        0
      bAlternateSetting       3
      bNumEndpoints           1
      bInterfaceClass       255 Vendor Specific Class
      bInterfaceSubClass    255 Vendor Specific Subclass
      bInterfaceProtocol    255 Vendor Specific Protocol
      iInterface              0
      Endpoint Descriptor:
        bLength                 7
        bDescriptorType         5
        bEndpointAddress     0x83  EP 3 IN
        bmAttributes            1
          Transfer Type            Isochronous
          Synch Type               None
          Usage Type               Data
        wMaxPacketSize     0x0400  1x 1024 bytes
        bInterval               1
    Interface Descriptor:
      bLength                 9
      bDescriptorType         4
      bInterfaceNumber        0
      bAlternateSetting       4
      bNumEndpoints           1
      bInterfaceClass       255 Vendor Specific Class
      bInterfaceSubClass    255 Vendor Specific Subclass
      bInterfaceProtocol    255 Vendor Specific Protocol
      iInterface              0
      Endpoint Descriptor:
        bLength                 7
        bDescriptorType         5
        bEndpointAddress     0x83  EP 3 IN
        bmAttributes            1
          Transfer Type            Isochronous
          Synch Type               None
          Usage Type               Data
        wMaxPacketSize     0x0c00  2x 1024 bytes
        bInterval               1
    Interface Descriptor:
      bLength                 9
      bDescriptorType         4
      bInterfaceNumber        0
      bAlternateSetting       5
      bNumEndpoints           1
      bInterfaceClass       255 Vendor Specific Class
      bInterfaceSubClass    255 Vendor Specific Subclass
      bInterfaceProtocol    255 Vendor Specific Protocol
      iInterface              0
      Endpoint Descriptor:
        bLength                 7
        bDescriptorType         5
        bEndpointAddress     0x83  EP 3 IN
        bmAttributes            1
          Transfer Type            Isochronous
          Synch Type               None
          Usage Type               Data
        wMaxPacketSize     0x1400  3x 1024 bytes
        bInterval               1
Device Qualifier (for other device speed):
  bLength                10
  bDescriptorType         6
  bcdUSB               2.00
  bDeviceClass            0 (Defined at Interface level)
  bDeviceSubClass         0
  bDeviceProtocol         0
  bMaxPacketSize0        64
  bNumConfigurations      1
Device Status:     0x0000
  (Bus Powered)

We shall hopefully see…

The Anglican Church are hilarious.

An iPod is a vice now?

Does using an iPod contribute more to climate change than eating chocolate? I suppose if you count the full lifetime (including manufacture) it might, but I doubt ignoring an iPod for a day or forty will extend its useful life noticeably.

We run a number of linux servers at work, almost all using the ext3 filesystem and seldom see any reason to complain.

One exception however is a monitoring machine we have.  It runs MRTG on about 70-80 switches and servers around the campus every 5 minutes. The MRTG instances are run by three shell scripts which start in parallel. Now and then I do a bit of text editing on that machine and (until recently) about every two minutes in five, saving a small text file can take anywhere between 5 and 20 seconds. To put it politely, this is very frustrating and makes the machine pretty unusable for other things.

I was therefore interested to read an LWN article about Solving the ext3 latency problem. Last week, I got around to compiling a 2.6.30 kernel on that machine to try see would it help. The answer is a resounding yes. At this point, you can still notice a delay saving text files, but it’s more like 0.5-1.0 secs. Our munin graphs show the load, vmstat and netstat established connections on the box all dropped hugely after the reboot.

If you’re having trouble with filesystem delay, this kernel is a highly recommended update.

Distros, please backport these changes!!!

We have a couple of Dell servers running Ubuntu GNU/linux (hardy) with MD1000 disk arrays. I’ve always assumed there must be a way in software to create arrays, configure them, initialise them, etc. in software without rebooting but I hadn’t had need of that until now and just need .

I had previously installed the DELL OMSA suite for basic monitoring but hadn’t had time to look into it in detail. I was kind of hoping for command line utilities for everything. As it turns out, most of it is web-based. Perhaps there’s a command line tool hidden in there, but the web-based one is fine for now. I’ve just popped two extra disks into a live array and am initialising them as a RAID1 array now. I’ll be shortly deciding whether to add them to an LVM device or just use the separate block device.

These sites have enough information to get one going:

• OMSA Packages for debian
• Instructions for setting up and using the Dell OMSA Tools
• Instructions for getting OMSA logins working on Debian AMD64 (I was using Ubuntu but the same package names exist on Ubuntu).
• Dell’s OMSA docs

Actually, they tell you all manner of useful things about your server’s health, whether or not you have RAID arrays. I can’t believe I’m only discovering this now.

First impressions on RTÉs flash-based catch-up service are pretty positive.

http://www.rte.ie/player/

Working fine on Linux (albeit requiring the Adobe flash plugin), no nasty logins, no extra software to install, no DRM. I’m sure I’ll find something to complain about, but I haven’t found it yet.