Alt om ingenting og litt i mellom En blogg av Knut-Olav

FreeBSD top of network connections

2. oktober 2012 · Comments Off

To view the active connections in FreeBSD, which might be a very good debugging/overview tool for a router, one can use ipfstat -t.

This will output something like this:

Source IP             Destination IP         ST   PR   #pkts    #bytes       ttl
10.1.1.100,1052       199.47.216.148,80     4/4  tcp   37860   6446150 119:59:07
10.1.1.100,17500      255.255.255.255,17500 0/0  udp   11681   1740469      1:55
10.1.1.100,17500      10.1.1.255,17500      0/0  udp   11681   1740469      1:55

Finding which Windows process uses what IP socket

2. oktober 2012 · Comments Off

To find out which application uses what IP port on a Windows, both open listening sockets and open connections, you can use netstat with some options and then grep for the port number, or findstr as it’s called in Windows world.

netstat -ano | findstr “:xxxx”

This outputs something like this:

Aktive tilkoblinger

  Prot. Lokal adresse          Ekstern adresse          Tilstand           PID
  TCP    0.0.0.0:135            0.0.0.0:0              LISTENING       1232
  TCP    0.0.0.0:445            0.0.0.0:0              LISTENING       4
  TCP    0.0.0.0:17500          0.0.0.0:0              LISTENING       3500
  TCP    10.1.1.100:139         0.0.0.0:0              LISTENING       4
  TCP    10.1.1.100:1051        10.1.1.1:443           CLOSE_WAIT      3500
  TCP    10.1.1.189:1052        199.47.216.148:80      ESTABLISHED     3500

In the right column you’ll find the PID of the process using the socket. Open task manager, make sure the PID column is visible (might need to add it to the view, then look around in the drop down menus).

Windows Task Manager shows process PID of Dropbox

Windows Task Manager shows process PID of Dropbox

Source: http://www.windowsnetworking.com/kbase/WindowsTips/WindowsServer2008/AdminTips/Network/DeterminingwhatserviceorapplicationownsaTCPport.html

KMail – Use GSSAPI for authentication to IMAP account

21. september 2012 · Comments Off

On a freshly installed Debian testing with KDE desktop, i set up KMail to read email from our corporate MS Exchange server using the IMAP protocol.

The curiosity in me wanted to check out GSSAPI for authentication, but the IMAP server replied with SASL(-4): no mechanism available: no worthy mechs found.

Of course, I need the krb5-user package and run the kinit command to retrieve a valid Kerberos session ticket. What wasn’t so obvious was the need for the package libsasl2-modules-gssapi-mit. Voila! Got me some emails :D

Redshift – a Linux tool for late nights

6. september 2012 · Comments Off

Redshift is a nice Linux tool for adjusting the color temperature of the screen according to time of the day.

At night this tool makes the screen a bit warmer, so your eyes wont “hurt” so much of the otherwise so bright display of your desktop background, browser or editor.

You provide the tool with your approximately geo coordinates and some value for upper and lower limit of color temperature, then it will automatically and continuously change color temperature all through day and night.

Example command for running this tool, if your’re in Norway:

$ redshift -l 60.0:10.0 -t 5700:3600 -g 0.8 -m vidmode -v

MIME Multipart, boundary og linjeskift

3. august 2012 · Comments Off

MIME Multipart-meldinger er kresne og er vanskelige å håndkode.
Det er allikevel mulig å håndkode dem hvis man har god nok teksteditor (som kan vise kontrolltegn som linjeskift) og god tålmodighet og tunga rett i munnen.

MIME-meldinger krever CRLF-endinger på linjene før og etter boundary-kodene og etter hver MIME-header.
I eksempelet nedenfor representeres hvert linjeskift som LF.

MIME-meldingseksempel

De steder hvor det står ^M brukes CR, som oftest rett før linjeskiftet.


--part-boundary-1^M
Content-Type: text/plain; charset=utf-8; name=litt-tekst.txt^M
Content-ID:
^M
Content-Disposition: attachment; name="litt-tekst.txt"; filename="litt-tekst.txt"^M
^M
Dette er noe tekst i en fil som heter some-text.txt
Denne fila bruker UNIX-linjeendinger, altså LF og ikke CRLF,
og det er helt i orden, siden innholdet av denne tekstfila er utenfor kontekst av MIME.

Dette er siste linje i fila^M
--part-boundary-1^M
Content-Type: image/png; name=lite-bilde.png^M
content-transfer-encoding: base64^M
^M
iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAIAAACQkWg2AAAAAXNSR0IArs4c6QAAAAlwSFlzAAAL
EwAACxMBAJqcGAAAAAd0SU1FB9wIAwwLKSOxKhgAAAAZdEVYdENvbW1lbnQAQ3JlYXRlZCB3aXRo
IEdJTVBXgQ4XAAAAMklEQVQoz2P8z4AD/Mcuw8RAIhjGGv7/J0UDbtUMDAws+KQZGUnxAzbVuDXg
UD1SYxoAH7UJHx3uIsQAAAAASUVORK5CYII=
^M
--part-boundary-1--^M

Store og små bokstaver i navn på MIME-headere har ingen betydning.

Blokk og separatorkoder (boundary)

I denne meldingen bruker vi separatorkoden (boundary) part-boundary-1.
Separatorene i fila prefikses med --, som viser til start på en MIME Part-blokk.
En slik blokk varer fram til neste separator av samme kode.
Siste separator appendes med -- i tillegg til prefiksen, som betyr at det ikke er flere blokker.

En blokk i en multipart kan også være en multipart, men blokker under denne separeres med egen separatorkode.

Teste meldingen mot en server

For å teste opplasting med HTTP til en web servlet kan man bruke curl.
Vi lagrer multipart-meldingen på fil melding.multipart.
For at serveren skal kunne forstå multipart-meldingen må Content-Type-headeren spesifiseres som multipart/related og boundary satt til part-boundary-1.

Eksempel på kommando:


$ curl -X POST \
    -H "Content-Type: multipart/related; boundary=\"part-boundary-1\"" \
    --data-binary @melding.multipart \
    "http://localhost:8080/multipartServlet"

Forskjellige biblioteker og krav til CRLF

Det er noe forskjeller i hvordan forskjellige kodebiblioteker tolker multipart-meldinger.
Noen tillater linjeendinger med bare LF (uten CR), mens andre er strengere og krever CRLF.

Servlet 3 sin multipart-parser er streng og krever CRLF.
Samme er tilfellet med CXF sin SOAP-Attachment-parser.

Telia MMS MMSC-parser er derimot mer tilgivende.

Ansvarsfraskrivelse…

Det er ikke sikkert jeg har forstått dette 100% ennå.
Det kan være at mitt håndkoda eksempel over inneholder noen skrivefeil.
Jeg hadde Java i tankene da jeg skrev dette, og det er Java jeg har arbeidet med for behandling av MIME-meldinger da jeg forsket på feilscenariene jeg har hatt med linjeendinger.

Mer om MIME-meldinger

RFC 1341 og spesielt seksjonen 7.2 om multipart gir mer informasjon om strukturen til MIME multiparts.

Cryptic error message from Courier IMAP server – Permission Denied

2. juli 2012 · Comments Off

I have debugged this error message for the last couple of days.

Jul  1 23:11:56 lance imapd: LOGIN, user=knut-olav@hoven.ws, ip=[::ffff:AAA.BBB.CCC.DDD], port=[48700], protocol=IMAP
Jul  1 23:11:56 lance imapd: knut-olav@hoven.ws: Permission denied

The solution was pretty simple.

The /tmp folder had bad permissions. This server was only meant for hosting email services, so bad permissions on /tmp folder was actually not an issue earlier.

I guess the wrong permissions were caused by my custom XEN node setup using multiple partitions, including a partition just for /tmp.

Debugging was quite hard

Authentication was successful, as I got a different error message when authenticating with a known bad password.

I debugged it using strace. It wasn’t easy, as courier imap forks out child processes for each connection, which I had to strace as well.

# strace /usr/sbin/couriertcpd -address=0 -maxprocs=40 -maxperip=20 -nodnslookup -noidentlookup 143 /usr/lib/courier/courier/imaplogin /usr/bin/imapd Maildir

Connect to port 143 using telnet.
Log in using this command:

i login MY_EMAIL_USERNAME MY_PASSWORD

Then find the imap process PID. Look for a process running as user vmail:

$ ps axuw|grep imapd
#...
vmail      362  0.0  1.0   4616  1344 ?        S    01:46   0:00 /usr/bin/imapd /var/spool/mail/vmail/hoven.ws/knut-olav/Maildir/
#...

In this case, the PID is 362. Then attach strace to it using strace -p 362, as sudo.

From the telnet interface, I entered a couple of commands like these:

2 select "INBOX"
5 UID fetch 1:10 (UID RFC822.SIZE FLAGS BODY.PEEK[HEADER.FIELDS (From To Cc Bcc Subject Date Message-ID Priority X-Priority References Newsgroups In-Reply-To Content-Type)])

Then I found this somewhere down into the strace output:

open("/tmp/tmpfWsezjv", O_RDWR|O_CREAT|O_EXCL, 0600) = -1 EACCES (Permission denied)
write(2, "ERR: knut-olav@hoven.ws: Permiss"..., 43) = 43

Fixing the problem
chmod 1777 /tmp

As I wrote earier… a simple solution.

Bringing an old Dreambox DM-7000 back to life

18. september 2011 · Comments Off

A long time ago, in a … no, really, I can’t remember how long ago it was… but a long time ago I bought a Dreambox DM-7000-C, a 4 headed satellite dish and got a lot of channels. That was a fun time. But time changes fast and finally I got about zero channels. My last attempt to use the Dreambox with a legal Canal Digital (Conax) card failed, and so the Dreambox got stuffed away in a closet.

I came across it one day this summer and decided to give it another try. After all, it was VERY fast in changing channels. And I don’t have to wait two minutes on the Dreambox for the EPG to show either. I browsed the Internet for what firmware to use, and thought that since the box is very old, some final recommended image could be easily found… but no.

Dreambox on top of a Canal Digital box

The Dreambox might be a lot bigger than the box from Canal Digital, but it's a lot faster too!

The world of Dreambox is kind of cloudy, with lots of forums of users with completely different experiences of what works like a dream and what “just sucks”, and of course a lot of broken links. After a while I came up with a list of possible candidates: Peter Pan, Pli jade, OpenPLi, SifTeam, EDG Nemesis and Gemini Project. I was only looking for images compatible with my DM-7000.

Peter Pan Neverland was the “nordic image” of choice, but is now outdated, last version from 13.01.2007.

I saw a forum post of one recommending SifTeam and after some research on my own I found out that they provided the newest image for my box, version 1.9.4c from 04.06.2010. I decided to give it a try, but had to scratch it since it froze to often.

Gemini Project seemed to be more focused on stuffing addons into the firmware such as web servers, SSH server, print server, you name it, than actually provide me with useful information about softcams and stuff needed for watching TV. Actually, to be open to you, I don’t like Gemini Project at all, after they injected a virus into their firmwares that bricked DM-500 clones (in norwegian).

I couldn’t find any information about EDG Nemesis other than the version number and that they have released version 5.0 beta in 08.11.2010. Since no changelog was provided, I decided to drop trying it.

PLi Jade seemed at first to be very old, a version from 27.06.2009, but there is a version called OpenPLi which provides daily builds. I kind of like the idea, but I very much doubt that they work on it daily. I still haven’t figured out when the last change actually was made. This is the version I decided to settle on. It runs smoothly, no crashes, the EPG works and after installing CCcam softcam it reads my Canal Digital card too and I “got the picture”.

A good source for Dreambox images can be found at the website of Dreambox Tool.

Ok, there it is. This is as far as I came on “the project” today, and it remains to see if the card gets updated entitlements or not. I guess the next thing I need is to set up some “bouquets” for easy access to the favourites.

Ukjent bug på ruta

23. august 2011 · 2 Kommentarer

Jeg har de siste årene sett noen merkelig små insekter på ruta. De er bitte, bitte, bitte små, men etter jeg kjøpte meg Olympus XZ-1, så har jeg endelig klart å få et godt bilde av en.

Noen som vet slags insekt hva dette er?

Et insekt som satt på verandadøra hos meg. Foto: Knut-Olav Hoven

Gutterommet på hytta

17. august 2011 · Comments Off

Store deler av sommeren nyter jeg på hytta. Jeg har hatt det samme rommet siden jeg var veldig liten. Med tiden er Lego blitt byttet ut med trådløst modem og PC, men det henger fremdeles igjen gamle bilder, tegninger og puslespill på veggen, samt Brannmann Sam-lampa i taket, som minner om tida som barn.

Da jeg i helgen ryddet litt så fant jeg en diger rull med filmplakater som jeg fikk fra den gamle Bekkekiosken for 15 år siden. De har bare ligget i en krok og støvet ned.

Mange plakater havnet i søpla, men jeg tok vare på noen få. Jeg tok vare på klassikerne, om man kan kalle dem det. Så nå er gutterommet på hytta i god stand!

Plakater av filmene Speed og A Bronx Tale

Filmklassikerne Speed og A Bronx Tale

Filmplakat til True Lies

Arnold Schwarzenegger hører hjemme på gutterommet. Legg også merke til skattekartet fra Kristiansand Dyrepark!