Linux kernel, wifi hack, security & Golang

Google picasaweb 被封，无法看到图片，找个几个IP暂时可以用。

203.208.39.104 picadaweb.google.com
203.208.39.104 lh1.ggpht.com
203.208.39.104 lh2.ggpht.com
203.208.39.104 lh3.ggpht.com
203.208.39.104 lh4.ggpht.com
203.208.39.104 lh5.ggpht.com
203.208.39.104 lh6.ggpht.com

把上面的地址更新进hosts就好了。
Linux: /etc/hosts

FuckGFW

• ICMP 的速度已经优化到0.6ms, 估计还可以优化0.2ms左右。 #
• — 192.168.0.100 ping statistics —156 packets transmitted, 156 received, 0% packet loss, time 155005msrtt min/avg/max/mdev = 0.601/0. … #

Powered by Twitter Tools.

• Bootkit bypasses hard disk encryption http://bit.ly/15MrJ9 #
• XORP 真是个好东西，可以拿来测测刚写的IGMP解析协议，可以不用马上去买支持IGMP的路由器了。 http://www.xorp.org #

Powered by Twitter Tools.

今天在wikipedia看IGMP的时候，无意中发现了XORP, 简单适用了一下非常好用，并且官方的资料真理的比较全，使用也比较方便，还提供了一个基本的shell xorpsh 来配置管理信息。刚好可以省去买支持IGMP的路由器，支持IGMP的路由器最少也要1.5W…

XORP, or Extensible Open Router Platform, is an open source routing software suite, aimed at being both stable and fully featured enough for production use and also extensible to support networking research.

Request:
OS: ubuntu 9.04 (Linux Kernel 2.6.28-11-generic) with GCC 4.3.3
SW: XORP (multicast routing daemon)
HW: PC with 2 or 3 ethernet card (default gw is itself) !

Step 1: Check Linux Kernel Functions!
CONFIG_IP_MULTICAST=y
CONFIG_IP_ADVANCED_ROUTER=y
CONFIG_IP_MROUTE=y
After this configurations, the linux kernel support IGMP, DVMRP and MOSPF. If want support PIM-SM , do below settings
CONFIG_IP_PIMSM_V2=y
PS: you can use vi view /boot/CONFIG-(kernel version) to confirm !

Step 2: edit /etc/sysctl.conf to enable ip_forward
net.ipv4.conf.default.forwarding=1
PS: reboot or use command “sysctl -p” to enable !

Step 3: Install XORP(To compile XORP requires nearly 1.4GB of free disk space)
Step 3.1: Download xorp-1.6.tar.gz
Step 3.2: untar the xorp-1.6.tar.gz
Step 3.3: ./configure
Step 3.4: make
Step 3.4-1: make check (just to check)(it is not necessary)

Step 4: run  rtrmgr/xorp_rtrmgr  rtrmgr/xorpsh (A sample xorp command shell)
Step 4.1: create user group named “xorp”

sudo addgroup xorp

Step 4.2: cp or edit config.boot in xorp-1.6/rtrmgr/config.boot
config.boot for our environment

protocols {
fib2mrib {
disable: false
}
igmp {
disable: false
interface eth0 {
vif eth0 {
disable: false
version: 3
enable-ip-router-alert-option-check: false
query-interval: 125
query-last-member-interval: 1
query-response-interval: 10
robust-count: 2
}
}
}
}
fea {
unicast-forwarding4 {
disable: false
}
}
interfaces {
restore-original-config-on-shutdown: false
interface eth0 {
disable: false
discard: false
description: “”
default-system-config {
}
}
}

Step 4.3: xorp-1.6/rtrmgr/xorp_rtrmgr -b xorp-1.6/rtrmgr/config.boot

Step 5: Check Mrouter work OK
Step 5.1: Connect eth0 to VLC Player server PC and connect eth1 to VLC Player client PC
Step 5.2: Use VLC Player server PC run multicast streaming
Step 5.3: Use VLC Player client PC to play multicast streaming by multicast URL

Step6: run rtrmgr/xorpsh (A sample xorp command shell)

xorp-1.6$ rtrmgr/xorpsh
Welcome to XORP on wifihack

border@wifihack> show igmp ?
Possible completions:
group                Display information about IGMP group membership
interface            Display information about IGMP interfaces

border@wifihack> show igmp group
Interface    Group           Source          LastReported Timeout V State
eth0         224.0.0.2       0.0.0.0         192.168.1.134     240 3     E
eth0         224.0.0.22      0.0.0.0         192.168.1.134     240 3     E
eth0         224.0.0.251     0.0.0.0         192.168.1.134     232 3     E
eth0         224.0.0.252     0.0.0.0         192.168.1.30     232 3     E
eth0         239.255.255.250 0.0.0.0         192.168.1.104     240 3     E

参考:
1. http://www.linuxdiyf.com/bbs/redirect.php?fid=55&tid=69157&goto=nextnewset
2. http://www.xorp.org/getting_started.html
3. “User Manual” http://www.xorp.org/releases/current/docs/user_manual/user_manual.pdf
4. http://en.wikipedia.org/wiki/XORP
5. http://en.wikipedia.org/wiki/IGMP

今天在安装完xmpppy-0.5.0rc1 ，在运行的时候报md5和sha被hashlib替换，查了资料才发现，在Python2.6中使用md5, sha函数不推荐直接使用而是用hashlib替代。

md5

-import md5
-def HH(some): return md5.new(some)
+import hashlib
+def HH(some): return hashlib.md5(some)

sha

-import sha
-def HH(some): return sha.new(some)
+import hashlib
+def HH(some): return hashlib.sha1(some)

都包括 md5(), sha1(), sha224(), sha256(), sha384(), and sha512()

这里给出auth.py md5和sha的patch

diff –git a/xmpp/auth.py b/xmpp/auth.py
index 6e51d72..508718a 100755
— a/xmpp/auth.py
+++ b/xmpp/auth.py
@@ -21,11 +21,11 @@ Can be used both for client and transport authentication.

from protocol import *
from client import PlugIn
-import sha,base64,random,dispatcher,re
+import base64,random,dispatcher,re

-import md5
-def HH(some): return md5.new(some).hexdigest()
-def H(some): return md5.new(some).digest()
+import hashlib
+def HH(some): return hashlib.md5(some).hexdigest()
+def H(some): return hashlib.md5(some).digest()
def C(some): return ‘:’.join(some)

class NonSASL(PlugIn):
@@ -54,15 +54,15 @@ class NonSASL(PlugIn):

if query.getTag(’digest’):
self.DEBUG(”Performing digest authentication”,’ok’)
-            query.setTagData(’digest’,sha.new(owner.Dispatcher.Stream._document_attrs['id']+self.password).hexdigest())
+            query.setTagData(’digest’,hashlib.sha1(owner.Dispatcher.Stream._document_attrs['id']+self.password).hexdigest())
if query.getTag(’password’): query.delChild(’password’)
method=’digest’
elif query.getTag(’token’):
token=query.getTagData(’token’)
seq=query.getTagData(’sequence’)
self.DEBUG(”Performing zero-k authentication”,’ok’)
-            hash = sha.new(sha.new(self.password).hexdigest()+token).hexdigest()
-            for foo in xrange(int(seq)): hash = sha.new(hash).hexdigest()
+            hash = hashlib.sha1(hashlib.sha1(self.password).hexdigest()+token).hexdigest()
+            for foo in xrange(int(seq)): hash = hashlib.sha1(hash).hexdigest()
query.setTagData(’hash’,hash)
method=’0k’
else:
@@ -81,7 +81,7 @@ class NonSASL(PlugIn):
def authComponent(self,owner):
“”" Authenticate component. Send handshake stanza and wait for result. Returns “ok” on success. “”"
self.handshake=0
-        owner.send(Node(NS_COMPONENT_ACCEPT+’ handshake’,payload=[sha.new(owner.Dispatcher.Stream._document_attrs['id']+self.password).hexdigest()]))
+        owner.send(Node(NS_COMPONENT_ACCEPT+’ handshake’,payload=[hashlib.sha1(owner.Dispatcher.Stream._document_attrs['id']+self.password).hexdigest()]))
owner.RegisterHandler(’handshake’,self.handshakeHandler,xmlns=NS_COMPONENT_ACCEPT)
while not self.handshake:
self.DEBUG(”waiting on handshake”,’notify’)

参考:
1.  hashlib http://docs.python.org/library/hashlib.html#module-hashlib

今天下载了wireshark最新的版本1.2.1，编译安装完后，在用的时候报错:

Could not open file: ‘eap.xml’, error: No such file or directory

搜了一下发现，是因为wireshark1.2.1在打包的时候忘了把 diameter/eap.xml 放进去。详细的信息可以参考 "Missing diameter/eap.xml in 1.2.1" 和
"New: eap.xml missing from source tarfile".

简单的修改，从这下载 eap.xml 文件放到 wireshark-1.2.1/diameter/ 目录下, 并在文件 wireshark-1.2.1/Makefile.am 120行增加:

diameter/eap.xml \

增加以后的文件为(116~131):

diameter_DATA = \
	diameter/chargecontrol.xml \

	diameter/dictionary.dtd \
	diameter/dictionary.xml \

	diameter/eap.xml \
	diameter/Ericsson.xml \
	diameter/etsie2e4.xml \

	diameter/gqpolicy.xml \
	diameter/imscxdx.xml \
	diameter/mobileipv4.xml \

	diameter/nasreq.xml \
	diameter/sip.xml \
	diameter/sunping.xml \

	diameter/TGPPGmb.xml \
	diameter/TGPPRx.xml \
	diameter/TGPPSh.xml

参考:
1. “New: eap.xml missing from source tarfile” http://www.wireshark.org/lists/wireshark-dev/200907/msg00273.html
2. “Missing diameter/eap.xml in 1.2.1″ https://www.wireshark.org/lists/wireshark-bugs/200907/msg00621.html