Wednesday, June 16, 2010

Some question

CA
Remote login Through C code ?
Return of printf?  printf("%d",m) whede m = 987

-------------juniper

Endianess happens because of what ? why cant OS take  care of it ?
how to write code which can be easily ported across OS?
Static Function?
Hashing how to decide hash funciton?
AVL tree ,  bst--Binary tree ? Complexity ot binary tree?  how nlogn comes?
---------------------------------
LG.
Q If i do malloc for 64 MB will it go if yes how .  Does process memory increases .
Q Is Stack frame Size constant .  what is stack corruption.
Q Use of extern in C++
Q Can we have static  Ctor od Dtor  if not why??
Press ENTER to look up in Wiktionary or CTRL+ENTER to look up in Wikipedia
Posted by at No comments:

Friday, June 11, 2010

Linux Find If Processor / CPU is 64 bit / 32 bit ( long mode ~ lm )

for OS

uname -a

 CPU
grep flags /proc/cpuinfo 

CPU Modes:

lm means Long mode - 64 bit CPU

Real mode 16 bit CPU

Protected Mode is 32-bit CPU

 
Posted by at No comments:
Labels:

Monday, May 10, 2010

Extensible Authentication Protocol - EAP

* Extension to PPP
* Authentication Framework , not a Specific Authentication Mechanism
* Desired Authentication Method can be Negotiated  like EAP-TTLS, EAP-MD5, EAP-TLS,EAP-PSK
* In 80.11 it is used to negotiate Secure PMK (Pairwise Master key )

TTLS -Tunneled Transport Layer Security
PSK- Pre Shared Key







Codes :
EAP                                          Radius
1--Request                              1--Access Request
2--Success                              2--Access Accept
3--Response                           3--Access Reject
4--Failure                               4--Accounting Request
                                              5--Accounting Response
Posted by at No comments:
Labels: ,

Authentication in Wimax System

















Protocols  Stack :

  
Posted by at No comments:
Labels:

Thursday, May 6, 2010

Any real problem faced

I face a problem wehre RAw Socket was in promniiscous mode and lietening to all intefaces  though it was intended to listen on one Inteface .
// creation of raw socket 

 read_sockfd = socket( AF_PACKET , SOCK_RAW, htons(ETH_P_ALL)) ;
This stmt was success but not solving purpose
setsockopt(read_sockfd , SOL_SOCKET , SO_BINDTODEVICE , BIND_DEV , devlen+1 )


Solution
    struct sockaddr_ll sa
    int interfaceId =-1;
    struct ifreq ifr;

    memset(&sa, 0, sizeof(sa));
    strncpy(ifr.ifr_name,BIND_DEV, devlen+1);
    sa.sll_family = AF_PACKET;
// get interface index
    interfaceId = ioctl(read_sockfd ,SIOCGIFINDEX,&ifr);
    sa.sll_protocol = htons(ETH_P_ALL);
    sa.sll_ifindex =ifr.ifr_ifindex 
   bind( g_frame_read_sockfd , (struct sockaddr*) &sa, sizeof(sa));

Thing is we have to explicitly bind raw socket to socket address structure(with proper interface index )
Man page clearly says
By default all packets of the specified protocol type are passed  to  a    packet  socket.    To  only  get  packets    from  a specific interface use  bind(2) specifying an address in  a  struct  sockaddr_ll  to  bind  the
 packet    socket     to  an  interface.  Only  the    sll_protocol  and  the  sll_ifindex address fields are used for purposes of binding.

------------------------------------------
 tcpdump  -d   vlan and ip  
tcpdump -dd vlan and \(ip or arp \)
tcpdump -d ether src 00:80:42:1B:1D:94 and vlan and \(ip or arp \)
tcpdump -d not ether src 00:80:42:1B:1D:94 and vlan and \(ip or arp \)
Posted by at No comments:

Friday, April 16, 2010

Compiling Shared Libraries .so


Need to compile Library in Position independent code 

When the object files are generated, we have no idea where in memory they will be inserted in a program that will use them. Many different programs may use the same library, and each load it into a different memory in address. Thus, we need that all jump calls ("goto", in assembly speak) and subroutine calls will use relative addresses, and not absolute addresses. Thus, we need to use a compiler flag that will cause this type of code to be generated

gcc -fPIC -c util_file.c
gcc -fPIC -c util_net.c
gcc -fPIC -c util_math.c
gcc -shared libutil.so util_file.o util_net.o util_math.o
Why is this Required ??
dlopen()  --Thing is inspite of Loading library at begining . 
From program we can specify when to Load and unload a Library 
and what to use. 
dlopen returns a handler on success 
lib_handle = dlopen("/full/path/to/library", RTLD_LAZY); 


 
RTLD_LAZY  -- Lazy aproach --defining whether all 
symbols refered to by the library need to be checked immediately or When used
dlopen() UNLOAD


Reference:
http://tldp.org/HOWTO/Program-Library-HOWTO/shared-libraries.html
Posted by at No comments:

Thursday, April 8, 2010

Random C question

Q How to write Multi line MACRO ???  
#define MUL_LINE_MACRO(x)    do{  x=123; } while (0)
 http://c-faq.com/cpp/multistmt.html

Dont put ; after Macro let user put it  MUL_LINE_MACRO(x);
This is required as 
if in code macro is used in if else  condition like;
if (cond )
    MUL_LINE_MACRO(x);
else
   some ;
and macro also has an  ";"  then complilation fails 
if (cond )
      do{  x=123; } while (0);
  ; // this will cause compilation failure
else
   some ;


Posted by at No comments:
Labels:

Tuesday, March 30, 2010

How to do Multicast and Broadcast ? Is it possible for both TCP and UDP

Multicast can not happen on TCP it works only in UDP or RAW socket.
Same applies to Broadcast also .

TCP sockets are always Unicast.

A reliable multicast protocol, like PGM(Pragmatic General Multicast ), adds the ability for receivers to detect lost and/or out-of-order messages and take corrective action (similar in principle to TCP), resulting in a gap-free, in-order message stream.

http://tldp.org/HOWTO/Multicast-HOWTO-6.html
Posted by at No comments:
Labels: ,

Monday, March 29, 2010

Can two application Listen on same port

No. Only one process can bind to a port on an address at any one time. You can bind two processes to the same port number, but on different IP addresses Different NIC , hence different ports.

For UDP (Multicasts), multiple applications can subscribe to the same port.
With multicast sockets more than one application can bind to a port as long as SO_REUSEADDR is set in each socket's options.
We can  accomplish this by writing a "master" process, which accepts and processes all connections, then hands them off to your two applications who need to listen on the same port. This is the approach that Web servers and such take, since many processes need to listen to 80.
Posted by at No comments:
Labels:

Wednesday, February 24, 2010

Kernel debugging

what is KDB
http://www.ibm.com/developerworks/linux/library/l-kdbug/

Q Can we put assembly code in C ?
Ans Yes by asm(" ");

Q How to compile SO?
Ans -f PIC (Position independent code )
  http://tldp.org/HOWTO/Program-Library-HOWTO/shared-libraries.html
Posted by at No comments:

IPSec , IPsec and NAT

IPSec types its uses?
Problem with IPSec and NAT?
The IPSec Authentication Header (AH) . AH runs the entire IP packet, including invariant header fields such as source and destination IP address, through a message digest algorithm to produce a keyed hash. This hash is used by the recipient to authenticate the packet. If any field in the original IP packet is modified, authentication will fail and the recipient will discard the packet. AH is intended to prevent unauthorized modification, source spoofing, and man-in-the-middle attacks. But NAT, by definition, modifies IP packets. Therefore, AH + NAT simply cannot work.

When TCP or UDP are involved--as they are in transport mode ESP--there is a catch-22. Because NAT modifies the TCP packet, NAT must also recalculate the checksum used to verify integrity. If NAT updates the TCP checksum, ESP authentication will fail. If NAT does not update the checksum (for example, payload encrypted), TCP verification will fail.
If the transport endpoint is under your control, you might be able to turn off checksum verification. In other words, ESP can pass through NAT in tunnel mode, or in transport mode with TCP checksums dis- abled or ignored by the receiver.

Key Exchange mechanism? 
IPSEC transport mode and tunnel mode does IP header encrypted??
Diff in IKE1and IKE 2 

http://www.netbsd.org/docs/network/ipsec/

Good information

http://unixwiz.net/techtips/iguide-ipsec.html

http://www.kame.net/newsletter/20001119/

Commands
setkey -D : to see SAD entries d--dump
setkey -PD : Dumps all SPD entries, See Policy Database
setkey - F : flush SAD entries
setkey - FP : flush SPD Policy entries

# IPsec with IKE, with pre-shared secret
Racoon.conf
path pre_shared_key "/usr/local/v6/etc/psk.txt" ;
Posted by at No comments:
Labels: , ,

What is Diameter ? how it is better than Radius

Diameter is Advanced protocol than Radius
*  Its More Reliable uses TCP or SCTP               
*  Larger address space for attribute-value pairs (AVPs) and identifiers is 4 Bytes (32 bits instead of 8 bits)

Radius
*  uses UDP
*  identifiers is 1 Byte only 256 Attributes supported

---Remote Authentication Dial In User Service (RADIUS)
RADIUS server checks that the information is correct using authentication schemes like PAP, CHAP or EAP
NAS (Network Access Server (ASNGW) ) sends Access request to AAA

RADIUS -UDP ports
1812 for RADIUS Authentication and
1813 for RADIUS Accounting
Posted by at No comments:
Labels:

dig utility for dns lookup

The dig command includes some timing stats and the actual query that will be performed.

ns lookup is also there :
but dig (Domain Information Groper)gives more Packet level information.
OPCODE etc ..

host command is also useful
Ref:
http://uw713doc.sco.com/en/NET_tcpip/dnsC.nslook.html
Posted by at No comments:
Labels:

Friday, February 19, 2010

How to make sure process are running on both processor in SMP??

Posted by at No comments:
Labels:

Thursday, January 28, 2010

DNS -uses TCP or UDP Explain

port no 53 (both TCP and UDP)
DNS : DNS is used to resolve ip query this should be FAST enough so it uses UDP.
But there are some requirements where Reliability is of more concern in DNS like ZONE TRANSFER
also it is used when the response data size exceeds 512 bytes.
UDP DNS messages are limited to 512 bytes , longer messages are truncated and a special bit (TC) in the header is set to indicate that this has occurred. If a message being truncated causes a problem for its recipient, the query must be repeated using TCP, as described below.

ZONE Transfer (QTYPE: AXFR) : what happens there??
Whole data is replicated from server DNS to client DNS .
* Before sending the AXFR request, the AXFR client usually sends a preliminary SOA request to decide whether it wants to see the AXFR results. This SOA request may be sent through UDP or through TCP.
* TCP port 53 is simultaneously used by normal (non-AXFR) DNS clients requesting data that did not fit through UDP. A non-AXFR DNS client tries all queries through UDP first; however, if a UDP DNS server sets the ``TC'' bit in its response, the DNS client tries the query again through TCP.

The end of a zone transfer is marked by duplicating the SOA RR that started the zone.


REf:
http://www.tcpipguide.com/free/t_DNSMessageHeaderandQuestionSectionFormat.htm
http://technet.microsoft.com/en-us/library/cc781340(WS.10).aspx
http://cr.yp.to/djbdns/axfr-notes.html
http://www.faqs.org/rfcs/rfc1035.html
Posted by at No comments:
Labels:
Subscribe to: Posts (Atom)