What do parrots and BGP routers have in common?

Posted on July 11, 2016 by gawen

David Hauweele, Bruno Quoitin, Cristel Pelsser, Randy Bush

ABSTRACT

The Border Gateway Protocol propagates routing information accross the Internet in an incremental manner. It only advertises to its peers changes in routing. However, as early as 1998, observations have been made of BGP announcing the same route multiple times, causing router CPU load, memory usage and convergence time higher than expected.

In this paper, by performing controlled experiments, we pinpoint multiple causes of duplicates, ranging from the lack of full RIB-Outs to the discrete processing of update messages. To mitigate these duplicates, we insert a cache at the output of the routers. We test it on public BGP traces and discuss the relation of the cache performance with the existence of bursts of updates in the trace.

See the article on CCR online

Download the full article

Redirect traffic to loopback

Posted on June 1, 2016 by gawen

Today I wanted to transparantly redirect the DNS requests coming at the output of a tunnel to a local caching DNS resolver. The caching DNS was listening only on the loopback as port 53 was already bound to other interfaces. That would be fairly simple on Linux:

echo 1 > /proc/sys/net/ipv4/ip_forward

iptables -t nat -A PREROUTING -i tun0 -p udp --dport 53 -j DNAT --to-destination 127.0.0.1
iptables -A FORWARD -i tun0 -o lo -p udp --dport 53 -j ACCEPT

But… The kernel will refuse to route packets with the loopback as source or destination because this qualify as a martian packet. The solution was to enable the route_localnet flag. As stated in the kernel documentation:

route_localnet – BOOLEAN: Do not consider loopback addresses as martian source or destination while routing. This enables the use of 127/8 for local routing purposes (default FALSE).

This is per interface. So I just had to enable this on the tunnel interface:

echo 1 > /proc/sys/net/ipv4/conf/tun0/route_localnet

FreeBSD 10 on ThinkPad X250

Posted on April 24, 2016 by gawen

UPDATE:

Graphic works on FreeBSD 11-STABLE
WiFi works in FreeBSD 11

I’m now using FreeBSD 10-RELEASE on a ThinkPad X250. It’s been quite a while now, and I should have written this long ago. Well… Here we go! Everything works fine except for:

Intel Broadwell integrated graphics
Intel Wireless 7265
Resume/Suspend

For the integrated graphics, the Broadwell architecture is not yet supported [1, 2]. But it works well using VESA at native resolution (1920×1080). I had to tweak the MTTR a little to get reasonable performance. Of course you cannot use your VGA and miniDP anymore. That’s a bummer for giving presentations. To this regard, I still rely on Linux. Also you cannot adjust screen luminosity, it’s always at full power. So if you are in a dark room or a car at night, you will transform yourself into a lamppost.

Here is what I have in my /etc/rc.local for the MTTRs:

memcontrol clear -b 0xc0000000 -l 0x20000000
memcontrol set -b 0xc0000000 -l 0x20000000 -o BIOS write-combine

I also had to force the DPI in /usr/local/etc/X11/xorg.conf.d/dpi.conf

Section "Monitor"
  Identifier "Monitor0"
  Option     "DPI" "96x96"
EndSection

For the WiFi, there is an iwm driver coming in FreeBSD 11 that was ported from OpenBSD. Until recently I used a Ralink RT2500USB card to get it working. But last week, I did a quick and dirty backport for FreeBSD 10, it is available here. This is a fork of the iwm driver before its inclusion in HEAD. It works somewhat. But please keep in mind that I have no clue here. I still have to read more and get into the FreeBSD kernel. And this is a temporary solution while we are waiting for the release of FreeBSD 11.

~~The driver still crashes when loaded with virtual box modules.~~ Also the channel is currently locked. So if you want to use it, you need to find the correct channel first, select it manually, and then try to associate. There is a small script on the repo to do so.

The dawn of 536801

Status

rm -rf / 2>/dev/null

Today’s movie: Gravity

Posted on December 22, 2015 by gawen

F*** classical mechanics.

I’ve finally seen Gravity by Alfonso Cuarón. I remember that this film was so praised for its visual effects and now I finally got to see it. That’s about time! The first fiften minutes or so were really thrilling. I really was under the impression that in space, no one can hear you scream. And I coud feel the relentless and terrifying apathy of cosmos.

But that was about everything there is to it as the rest of the movie lacked anything of substance and I wondered if this wasn’t just a demo for the use of 3D in cinema. It just seemed to me that the movie jumped to the end credits with nothing to tell. And I keep asking myself, what’s this movie all about?

Beside it was beautiful and visually stunning. I didn’t see it in 3D, and I’ve heard that it propels the movie to a whole new level. Also it is said that this is one of the few movie that is worth watching in 3D. But this fad is dying fast.

Although I never really believed in this trend, 3D brought far less to the cinema than the arrival of sound and color. It does not help to immerse the viewer deeper into the story. If you want this, perhaps you would need complete VR, but that is an entirely different medium.

Today’s movie: The Lobster

Posted on November 20, 2015 by gawen

Would you like to dance?

The Lobster directed by Yorgos Lanthimos, Jury Prize at Cannes festival. I really wanted to see this movie although I didn’t really know what to expect. Now that we’ve seen it, it’s really hard to give it a specific genre. We came to the conclusion that it is just disturbingly horrible. The same feeling that you have when you are faced with something really horrible, yet totally real, but so horrible in fact that you don’t want to accept it. It was like a gigantic kick in the ass. A burdensome fable that still haunts me and makes me feel nauseous. Probably not everybody’s movie, but still a really great movie.

Rename interfaces on Linux

Posted on November 14, 2015 by gawen

I just reinstalled a Debian stable on a laptop but messed with the interfaces so that an external USB WiFi card appeared as wlan0 while the main card appeared as wlan1. In case you wondered you can rename or reset interface names in /etc/udev/rules.d/70-persistent-net.rules. That’s on systemd though.
I wonder how we can change that on sysvinit? Nobody cares, probably, but I do.

According to what I read there, it is not consistent. Interfaces are named in the order in which they appear during the boot process. However it is possible to use ifrename from the wireless tools package. Why this tool that should work for all type of interface is part of the wireless tools package is beyond my comprehension. But hey whatever, Linux, and it just works.

If you are curious and want to know how ifrename actually does rename an interface, according to the code it uses a SIOCSIFNAME ioctl on a socket file descriptor. There it passes a struct ifreq in which you can provide a new name for the interface. Just man netdevice(7) for more info.

Use notify-send as root

Posted on November 3, 2015 by gawen

The automount script is a neat devd based automounter for FreeBSD. Just pkg install automount and all your removable media will mount themselves automatically in /media when you plug them in. It’s very clean. You may also check vumount, a short script that I made to list all removable media and remove the mount point when you unmount them.

It’s possible to configure automount to send a notification to your desktop using notify-send from libnotify. What it does exactly is (as root):

env DISPLAY=:0 notify-send automount "Device '${1}' mounted on '${3}' directory."

Except that it doesn’t work… I started dbus-monitor and tried notify-send as root (from ttyv2) but didn’t receive anything and notify-send did not complain. So I tried to start dbus-monitor from root instead, in the hope that it would be a bit more verbose than notify-send. I got this error message:

Failed to open connection to session message bus: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken.

By default DBus sessions are private and don’t accept connections from other users than the one that own the bus, even root. The solution is to configure DBus to allow root on the session bus. Edit /usr/local/etc/dbus-1/session.conf and add this line to the default policy:

<allow user="root"/>

But you still need tell DBus how to connect to the session bus. To do so you have to specify the session bus address in DBUS_SESSION_BUS_ADDRESS. Fortunately automount is a shell script, so you can fetch and export the bus address from its configuration file. Just add this to /usr/local/etc/automount.conf:

# Load DBus session bus address
DBUS_USER=your-user
if [ -d /home/$DBUS_USER/.dbus/session-bus ]
then
  dbus_file=$(ls -t1 /home/$DBUS_USER/.dbus/session-bus | head -n1)
  export DBUS_SESSION_BUS_ADDRESS=$(cat /home/$DBUS_USER/.dbus/session-bus/$dbus_file | \
                                    grep "DBUS_SESSION_BUS_ADDRESS=" | \
                                    sed 's/[A-Z_]*=//')
fi

Data signing failed

Posted on November 2, 2015 by gawen

I got the following error while trying to send a signed (GPG) e-mail using claws-mail:

Signature failed: Data signing failed, General error

Turns out it was a path problem. The GPG agent uses pinentry to ask for your private key password. The agent was configured with the absolute path to pinentry-gtk-2 on Linux. But this happened on FreeBSD and executables are located in /usr/local, not /usr.

So I changed in ~/.gnupg/gpg-agent.conf:

- pinentry-program /usr/bin/pinentry-gtk-2
+ pinentry-program /usr/local/bin/pinentry-gtk-2

Today’s movie: The Martian

Posted on October 26, 2015 by gawen

The Martian directed by Ridley Scott based on a novel by Andy Weir. Considering the last science fiction movie directed by Ridley Scott, I waited for this movie with a bit of anxiety. I still think Scott is a great director, but a butchered plot really can ruin everything.

Annnnnd… I really enjoyed it! It was like watching Prometheus again, except that the plot actually made sens. Damon Lindelof is an awful writer, some have gone so far as to call him an anti-Midas because it seems like everything that he touches just turns to shit. But this isn’t a Prometheus review…

Matt Damon already knows a thing or two about being stranded on a distant planet. But don’t get me wrong, this movie is entirely different.

Dr. Mann, I presume? [Interstellar]

The Martian is fun, optimistic and keeps its feet firmly on the ground, well Martian ground to be more precise. While dancing around a black hole made for Interstellar breathtaking moments, The Martian can be summarized as Man versus Mars. Put in other way while Cooper’s crew carried on their shoulders the last hope of humanity, Mark Watney is by all standard simply that – an ordinary man.

The Martian [xkcd]

By the way there is still something I’ve a hard time to find out about this movie. And I wish I could see it again just for that. From time to time you can see a personage programming to solve some random problem, the camera switches to some computer screen and you can briefly see the source code. I noticed semicolons, and perhaps arrows, but could not pinpoint which language it was. Still it seemed familiar. So if anyone knows better.

Gawen's blog

Enjoy life, one bit at a time.