Posted by Bolster on Mar 14, 2010 in
Instructional 
An Example of network simulation using NS
NS-3 Appears to have a staggeringly steep learning curve so I hope these posts help out someone else (or me, when i forget all this in a month).
Running off a virtualised Ubuntu 9.10 system, the prerequisites I installed were all the ones listed here. (And i removed some out of date packages)
sudo apt-get install bison bzr dia doxygen flex g++ gcc gdb graphviz imagemagick libgoocanvas-dev libgtk2.0-0 libgtk2.0-dev libsqlite3-dev libxml2 libxml2-dev mercurial python python-dev python-kiwi python-pygoocanvas python-pygraphviz sqlite sqlite3 tcpdump texi2html texinfo texlive texlive-extra-utils texlive-generic-extra texlive-generic-recommended texlive-latex-extra valgrind
That will take a while to install so go get coffee.
Once thats all finished, grab the source using Mercurial (it was installed in the command above). For tidyness, I do all of this under ~/src (If this was a multi-user system I would suggest working under /usr/src and performing the relevant steps as root or under sudo)
If you havent used Mercurial before, check my post on the subject.
$ hg clone http://code.nsnam.org/ns-3-allinone
destination directory: ns-3.7
requesting all changes
adding changesets
adding manifests
adding file changes
added 31 changesets with 45 changes to 7 files
updating working directory
7 files updated, 0 files merged, 0 files removed, 0 files unresolved
Thats the easy bit done, what you’ve downloaded is basically the instructions for downloading everything else about NS-3, all in python scripts.
The download.py script also allows the inclusion (-r) of NS’s regression testing framework so we’re sure that everything works.
For safety I am not using the dev branch;
$ ./download.py -n ns-3.7 -r ns-3.7-ref-traces
And that will output a whole pile of stuff that isnt too salient. Unless you’re really bored…
After which there is a python script that looks after the actual build process, so fire it off with a simple;
$ ./build.py
And, again, lots of waiting (seriously, get coffee, on my VM it took just under 15 minutes) and lots of output.
It is not made clear on the project wiki but this script also fires off the python http://code.nsnam.org/ns-3-allinone
destination directory: ns-3.7
requesting all changes
adding changesets
adding manifests
adding file changes
added 31 changesets with 45 changes to 7 files
updating working directory
7 files updated, 0 files merged, 0 files removed, 0 files unresolved
Thats the easy bit done, what you’ve downloaded is basically the instructions for downloading everything else about NS-3, all in python scripts.
The download.py script also allows the inclusion (-r) of NS’s regression testing framework so we’re sure that everything works.
For safety I am not using the dev branch;
$ ./download.py -n ns-3.7 -r ns-3.7-ref-traces
And that will output a whole pile of stuff that isnt too salient. Unless you’re really bored…
After which there is a python script that looks after the actual build process, so fire it off with a simple;
$ ./build.py
And, again, lots of waiting (seriously, get coffee, on my VM it took just under 15 minutes) and lots of output.
It is not made clear on the project wiki but this script also fires off the python WAF script so its a complete end to end builder. What isn’t included in the build script is the (very tidy) automated regression test suite, so just for completeness…
$ cd ns-3.7
$./test.py
[...]
104 of 104 tests passed (104 passed, 0 skipped, 0 failed, 0 crashed, 0 valgrind errors)
(please, if something goes wrong using these instructions at this stage, please comment or report it directly to
NSNAM.org’s bugtracker)
Installer is all done and ns-3.7 is ready to rock an roll! Tutorials coming as soon as I work it out myself!
Tags: code, linux, networking, programming, simulation, software, Ubuntu, workstation
Posted by Bolster on Mar 13, 2010 in
Instructional I hadn’t used Mercurial before so I thought it might be a good idea to leave a reminder for me and anyone else who comes across it…
For tidyness, I do all of my dev-stuff (Subversion, Mercurial, CVS, Git etc) under ~/src and only take root privileges when its needed; any good makefile should relocate the necessary files for you at the ‘make install’ or equivalent point.
To start off, you should add some form of identification to your ~/.hgrc file
$ cat ~/.hgrc
[ui]
username = User Name
Now you can connect to <HOSTNAME> and grab a clone of <PROJECT> for you to work on
$ hg clone http://<HOSTNAME>/repo/<PROJECT>
$ cd <PROJECT>
Now you can work away, but if you add any files, remember before you commit back to the server to add the new files into the project manifest;
$ hg add <ADDFILES>
Once you’ve made your changes, commit and push them back to the host with an appropriate comment.
$ hg commit -m 'I added <ADDFILES> to extend/fix/etc'
$ hg push
If you dont want to make any changes, but you’ve clones a project (say to install something…) and 6 months later you want to update it, you don’t have to delete and recreate the directory;
$ hg pull http://<HOSTNAME>/repo/<PROJECT>
pulling from http://<HOSTNAME>/repo/<PROJECT>
[...]
$ hg update
X files updated, X files merged, X files removed, X files unresolved
Of course, this assumed you haven’t been tinkering with the code, in which case update will generally override your changes and reproduce whatever is currently sitting on the project server. If you want to merge, do so!
$ hg merge
For more interesting commands such as
hg log; hg status
and more, consult the man pages… of if you’re looking for serious detail, check out ‘The Definitive Guide’ by fellow island-man, Bryan O’Sullivan
Tags: code, networking, ns, programming, software, Ubuntu, version control
Posted by Bolster on Mar 12, 2010 in
Instructional So, say you have a long list of instruction (like multiple apt-get install lines) and you want to eliminate common words?
Easiest way to do it is (assuming you have all of the instrustions in “list.txt”)
[FYI the '\' character indicates a continuation of a single line ]
cat list.txt\
| tr ‘ ‘ ‘\n’ \ #Expands all space characters to new lines
| sort | uniq \ #sorts each line, and then eliminates duplicates
| tr ‘\n’ ” #turns all the new-lines into spaces
Depending on the actual content, it may be necessary to remove specific entries, (such as apt-get or sudo). Thats an exercise for the reader.
Tags: bash, code, linux, software, workstation
Posted by Bolster on Mar 6, 2010 in
Instructional While working on an IDS Solution for a client, I came across Untangle, and I loved it so much that I pulled out an old box and loaded it up as my office firewall.
One thing that is lacking, from my perspective (at least in the ‘free’ edition) is the firewall interface; Untangle uses an IpTables based firewall, but doesn’t replicate the usual INPUT FOWARD OUTPUT rulebase. I think that in 90% of usecases for Untangle, this isnt a problem, but I found it a little bit alien to have portfowarding hidden in the Networking config pane, and firewall separatly.
Anyway, It’s been a few years since I cared that much about firewalls, and came up against a few issues of simply not remembering what ports to open up in which direction; Untangle’s firewall ships with a default-pass configuration, which is fairly pointless from a security stance.
To make matters more confusing, I set up Untangle in a transparent configuration so that I wouldnt have to reconfigure my office IP addresses to a new subnet, and so avoid dealing with the portforwarding twice (external router, and internal firewall).
So, with that in mind, I set up the following rule.
Allow any > any from 192.168.1.1/24 to 192.168.1.1/24
And that dealt with any internal traffic, but still logged the traffic in the unlikely event anything local is compromised.
Anyway, biggest issue I came across was what traffic to allow out from the Internal network, So I’m leaving myself a list for next time… (Lots of mail ones because I use thunderbird)
DNS – port 53
SSH – port 22
FTP – port 21
HTTP – port 80, 8080
HTTPS – port 443
POP3 – port 110
IMAP – port 143
SMTP – port 25
Secure SMTP (SSMTP) – port 465
Secure IMAP (IMAP4-SSL) – port 585
IMAP4 over SSL (IMAPS) – port 993
Secure POP3 (SSL-POP) – port 995
So each of those rules are, “Allow Internal > External:<ports>”, going the other way is a bad idea!!!
Tags: firewall, hardware, linux, networking, security
Posted by Bolster on Jul 13, 2009 in
Instructional As was noted in my LENOVO ROCKS post, I recieved a virgin hard drive for a laptop with no disk drives.
This is a problem that has been long solved in Linux Distros but is not so good for Windows, but i did find this brilliant guide by Sandip from earlier this year, i just wanted to point out a few difference that i made to the process that i think make it slightly more transparent whats going on.
- Get a USB drive > 4GB
- Use The Disk Managment pane in Computer Managment (Control Panel > Administrative tools)
- Find your drive and right-click > Format the partition as NTFS
- Once its formatted, right click it again and ‘Mark Partition as Active’
- Use a image mounter such as WinCDEmu to mount the Windows 7 image
- Drop into a cmd prompt and navigate to the drive where the Window7 image is mounted, cd to ‘boot’ and execute ‘bootsect /nt60 X:’ where X: is the drive letter the target partition is mounted on.
- Copy the contents of the mounted Windows 7 image to ‘X:’
- Reboot and if you dont know how to boot from a USB drive, you probably arn’t reading this, but if not…
I know there are alternative methods for doing this in Linux, but since i didnt use them in this instance, i cant comment on them.
FYI: Windows 7 is now my full time OS, and frankly im suprised; Theres a few things I miss, like a nice easy command line networking, SSH built in, a decent X11 server, but for a all round notes/documentation/lil-bit-o-code machine, the Tableting pros few out-weigh the cons. E.G The wonderous marvelous stupendous Math Input Panel that outputs in MathML!
Tags: HDD, ISO, laptop, lenovo, USB, Windows 7
Posted by Bolster on Jul 13, 2009 in
Commentary,
Instructional I’ll try and keep this as short and sweet as possible.
From the looks of my google analytics page(if anyone has a blog or site, i hightly recommend it) people were very interested in my experiences with lenovo, and I’m sorry for not updating.
About a week after my previous post, the problem continued to get worse until it simply wouldn’t boot. I called Lenovo Ireland and (after a suprisingly short hold time) as soon as i said the magic number “2100″ I was asked for my product and serial numbers and an address i wanted the new hard drive shipped to. Now, there was a slight hiccup where the outsourced phone operator recorded my serial number incorrectly, but that was fixed very speedily.
That was on a Friday at around 4:30. By 10am Tuesday, a fresh and shiny harddrive was on my desk.
Something that I should point out is that I got this machine from Lenovo America, with no extra fancy warrenties or anything, and they STILL gave me a great quality of service. I dont want to come across as ‘glowing’ or anything, but my next machine after this is going to be a Lenovo.
My only qualm about the experience was that there is no realistic way to ‘restore to factory settings’ for a blank drive on a machine with on Disk Drive but I wanted to try out Windows 7 RC anyway and installed it from USB. But thats for a different post.
Tags: hard drive, HDD, laptop, lenovo
Posted by Bolster on Jul 12, 2009 in
House Recently the only additions I’ve been making to this blog are presumptious ‘
I’ll be doing this’ messages, and this is no excection.
I’ve been living and working in Athlone, Ireland for the past year and have really learnt alot and very much enjoyed myself, but however much I will miss the place, academia drags on; it sounds like a campaign slogan but I’m back in Queens for ‘TWO MORE YEARS…TWO MORE YEARS’
Anyway, as such i will be moving in to a house in Ebor St in Belfast with my long term partner and my little brother (in this economy who can blame him for grabbing coattails?) .
Now, while that will make for many personal and social changes, those are outside the scope of this blog; what it REALLY means is that for the first time, I’ll have a hackable (within partners aesthetic reasoning) house. Were planning on holding on the the place for 2 years so i can justify the investment.
This is the plan of things i want to set up, and I will be updating this page with some extra links and notes as i make them.
In no particular order
- Shared media storage area for the whole house (probably using my MyBook) that will work with games consoles aswell as laptops/desktops internally and externally.
- Shared calendars and timetables availiable.
- Festival based alarm clock with dynamic alarm times based on respective timetables. (2)
- VPN access for all housemates.
- Some form of SFF pc in the living room to act as a Skype box attached to big-screen (My partner has ‘attentive’ parents that will be 3000 miles away, and mine will be about 500 miles away, i expect them to be in contact somehow, so it may as well make it as inexpensive as possible…)
- Secure wireless (obv)
- Centralised logging (syslog/snmp trap) across all ‘applicable’ machines, with some form of visualisation (mrtg)
- X10 automation of (at least) lights, could be augmented by basic motion detectors and environmental montiors
- Remote webcam (may turn this into a robotics/machine learning/machine vision project with the old eeepc and have a kinda roomba on steroids)
Its a big list and i dont expect to finish half of them, but what gets done will be documented here!
Tags: desktop, Embedded, hardware, linux, machine learning, machine vision, multi-monitor, MyBook, networking, remote, skype, webcam, Wireless, workstation
Posted by Bolster on May 22, 2009 in
Instructional So, I love my lenovo tablet, so far through all the trails, tribulations, transcontinental visits, banging, bashing, bumping, swinging, twisting, scribbling, et al, its survived and become a near essential piece of my working and personal development.
Famous…Last…Words.
Appear back at the house last night after a fwe bevvies with the guys and loe and behold,
“Error 2100 – Hard drive initialization error”
The BIOS cant see the harddrive. But wait, lenovo built in that seemingly pointless blue button to do recover right? Recovery off the hard drive… That it cant see.
Anyway, enough of the problem, on to the solution. Starting from here and here
Lots of lovely corroborating evidence telling me unless your very…VERY lucky, your out of luck. (I have the Hitachi Hard drive, and had already reseated the drive in the bay).
Now, the X61 Tablet doesn’t have a optical drive. So what does Lenovo produce to solve this out-of-nowhere-disaster? A 30MB iso. In a format that cannot be booted from USB (please, correct me if I’m wrong)
Fortunately one of the guys in work (Thanks Mossey) had an external DVD burner. Borrowed that, grabbed the firmware update from here, burnt it to a DVDR (30MB wasted on a DVD!) and while praying, booted the machine.
It dropped into a lovely old-skool PCDOS display that, after some humming and haaing politely said “No firmware upgrade available”……
Fair enough, I’m one of those unlucky people, no worries, I’m sure i can just send in the harddrive for a replacement, only a few weeks…. But just to try it, i booted again, and magically, all back to normal.
Now, maybe i just wasnt paying attention and the firmware DID get updated while i wasnt looking, but either way its a very strange “Success” message….
UPDATE: Problem got an awful lot worse but Lenovo treated me right, detailed here
Tags: hardware, tablet
Posted by Bolster on Apr 4, 2009 in
Instructional Last week or there abouts, there was a big buzz around the interwebs revisiting Dan Kaminski’s OzymanDNS tool, a perl based toolkit for tunnelling TCP traffic over DNS requests (technically its TCP over SSL over DNS but whos counting) That was originally released mid-2004.
I never really found the true source of the new hype surrounding a “old” project (it may have been HAK5’s episode 504 that demonstrated the tool, mubix has put the write up in at room362)
I then found that it had since been reengineered by Andreas Gohr and wrote a brilliant write up on its setup and use and i think is the best example for any skill level.
Long story short, i gave it a go redirecting dns requests from my andrewbolster.info domain using my main development box at home as a “server” and tested it using my Asus EEEpc from a guest wireless access point in work, and it works. Its VERY slow, but it works.
But that left me with a problem; I turn off my dev box as often as I can (Dual core CPU, 3 internal HDDs, Cooling systems, 6GB ram, Fatty graphics card, etc, kinda draw a bit of juice) and i definatly dont want to leave it on if i’m going to be away from the house for weeks. So i turned to my brilliant Western Digital MyBook World edition.
Problem was the Perl in optware aswell as the one that ships with the device, had no compiled threads support, and on a less technical point, running cpan would max our CPU and memory on this tiny box, all taken up by the perl processes. Long story short, perl was not the way to go ( I would have recompiled Perl as per the write up on mybookworld.wikidot.com, but with perl performing as badly as it was with relativly simple “one time” processes, i didnt want to have that running 24/7/356 ).
Tracing back through the history led me to dns2tcp, originally written by Olivier Dembour in C, my favourite language for small systems (duh) and i found it to be hurrendously under-documented. So below is a quick blow by blow of what i did to get dns2tcp installed, running and client configured
If you do not have access to a hosted or internet assessible DNS server / BIND system, you are screwed; Some people will let you use theirs, and if you ask really nicely I’ll put in a redirect on mine, but i probably wont.
- (Assuming you have a web interface to a internet facing DNS server) Add a “NS” name listing in your DNS settings that redirects to a server that DOES NOT RUN DNS. Example:
I have the domain andrewbolster.info that has its own DNS settings, so when you go to blog.andrewbolster.info, it goes to a different machine than going to www.andrewbolster.info does.
I have a DynDNS entry for my home network, eg iwant2gohomenow.dyndns.net that i use for accessing the MBWE from anywhere, i do not host a DNS server at home. So if im running my dns2tcp server at iwant2gohomenow.dyndns.net the entry I put in my andrewbolster.info (Dreamhost ) DNS configuration is this:
Name: [ tunnel ].andrewbolster.info
Type : [ NS ]
Value: [ iwant2gohomenow.dyndns.org ]
If i was going it command line style in BIND I’d add
tunnel.andrewbolster.info IN NS iwant2gohomenow.dyndns.net
This basically mean that when you ask “What ip address does tunnel.andrewbolster.info have?”, the andrewbolster.info server says “pfft , i dunno, ask the guy at iwant2gohomenow.dyndns.org”.
Unfortunatly, Theres nobody he can talk to there.
- PORT FOWARDING IS A PAIN There, i said it, but fact is its good security. DNS operates on UDP port 53. In my case, the internal IP address of my MBWE is 192.168.1.3, and if your reading this far down then I assume you can port foward on a router. If not, this is a good guide .
- If you havent already hacked your MBWE to shreds, this is a great place to start. For the below to work, the “server” to host the dns tunnel MUST have a ssh box (you can get it to redirect using multiple ressources below, but I leave that as an exercise for the reader)
- Log on to the device that is going to be your server and make sure you have the build packages for your environment: in my case it was simply a case of
ipkg install gcc
For debian based, its
apt-get install build-essential
- Download the dns2tcp tarfile from dns2tcp and untar it in a sensible place like /opt/src or /usr/src (tar -xvzf <tarfile> or gunzip -c <tarfile> | tar xvf – depending on your environment)
- READ THE INSTALL AND README DOCUMENTS, I know they both suck, just read them.
- This bit is (hopefully) easy; [ ./configure && make && make install ] answer the questions it asks if it asks, and if it craps out and google cant help, and forums dont help, twitterme!
- cd back to your home directory and replace the values entered with those that are appropriate to you:
cat > ~/.dtf2tcpdrc << EOF
listen = 192.168.1.3
port = 53
domain = tunnel.andrewbolster.info
ressources = ssh:127.0.0.1:22
EOF
Yes, i know, resources is spelt wrong, but it works, ok?
- Now test it with
dns2tcpd -F -d2
The -F keeps it in the foreground instead of daemonising it, and the -d2 is a debug flag to give just a bit more info.
If it doesnt crap out, your good to move on to the client.
- Do steps 4,5,and 7 on whatever client you are using
- Same idea with the home directory file
cat > ~/.dtf2tcprc << EOF
domain = tunnel.andrewbolster.info
ressource = ssh
local_port = 2222
debug_level = 1
server = bolster.homelinux.net
EOF
The local_port is completly arbitrary but 2222 is my default for remove shells
- Now for the test! Start dns2tcpc with
dns2tcpc -d2
And you should get no errors
Now go to a different terminal and log into the server like this
ssh testUser@localhost -p 2222
Whats that you say? localhost? dns2tcp has opened up a port on your client system that connected to port 22 on the server, so your logging into the server, but my going thru the client port first.
- If all goes well, you should have your normal user shell on the server, but if you fire up wireshark or some other traffic sniffer, you’ll see that there is only DNS traffic (assuming you done have FF or anything else running at the time)
- Waaay, shell, fun, and everyone loves Lynx, but were not done yet. If your “server” ssh server has been updated in the past decade, it can also operate as a SOCKS proxy, so we can route “real” web surfing fun through DNS without any of that pesky deep packet inspection stuff because its all wrapped up in SSL.
To fire up a SOCKS connection, execute
ssh testUser@localhost -p 2222 -D 8888
As with 2222, 8888 is arbitrary, but i use it for proxies.
- At this point we have an arrangement where everything that gets sent to port 8888, gets sent on thru port 2222 on the client, that then gets encrypted and sent off as an obsfucated DNS query, and while that sounds interesting, its not really useful; Until you change your firefox proxy settings to localhost:8888 (dont forget to checkbox the socks)
ITS SLOW, I know, but then next time you miss a bus or a train or a plane and you are stuck in some god foresaken hell hole of a transit hub with only the expensive starbucks wifi to serve you, it is on your own conscious wether you use this too to accidentally GET AROUND PAYING FOR IT. Its illegal, how could you ever think about doing something like GETTING FREE INTERNET. I’m ashamed of you for even thinking about USING FREE TOOLS TO GET AROUND PROPRIATORY RESTRICTIONS TO THE FREE INTERNET. Go sit in the corner, the corner with the T-Mobile wireless access.
And, if you find this write-up useful or interesting, please a) repost it with credit b) comment
Also, big thanks to all the people whos tools I’ve used to demonstrate this, be sure to visit their websited and subscribe to their feeds.
Tags: code, desktop, eee, Embedded, hardware, linux, MyBook, networking, programming, software
Posted by Bolster on Mar 29, 2009 in
Instructional,
Off-Topic Ingredients:
2 eggs
Dash of milk
1 tortilla
Cheese
assorted herbs and spices
1) Eggs, Dash of milk, and Herbs etc into a bowl and whisk until uniform colour and consistency,
2) pour into an appropriately sized (eg tortilla size) frying pan, pre-oiled (Extra Virgin Olive oil does the best)
3) Turn the heat up to about half, and let the egg slowly cook
4) When the bottom of the eggs are hard but the top is still liquid, grate the cheese over it so it melts into the eg, and then cover in the tortilla.
5) When Air bubbles form under the tortilla, making it rise up, flip the whole thing, turn the heat all the way up, and let it sit for about a minute, then flip back onto the egg side for 30 seconds, and serve, rolled.
Tags: cheese
