Friday, April 16, 2010

Compiling Shared Libraries .so


Need to compile Library in Position independent code 

When the object files are generated, we have no idea where in memory they will be inserted in a program that will use them. Many different programs may use the same library, and each load it into a different memory in address. Thus, we need that all jump calls ("goto", in assembly speak) and subroutine calls will use relative addresses, and not absolute addresses. Thus, we need to use a compiler flag that will cause this type of code to be generated

gcc -fPIC -c util_file.c
gcc -fPIC -c util_net.c
gcc -fPIC -c util_math.c
gcc -shared libutil.so util_file.o util_net.o util_math.o
Why is this Required ??
dlopen()  --Thing is inspite of Loading library at begining . 
From program we can specify when to Load and unload a Library 
and what to use. 
dlopen returns a handler on success 
lib_handle = dlopen("/full/path/to/library", RTLD_LAZY); 


 
RTLD_LAZY  -- Lazy aproach --defining whether all 
symbols refered to by the library need to be checked immediately or When used
dlopen() UNLOAD


Reference:
http://tldp.org/HOWTO/Program-Library-HOWTO/shared-libraries.html
Posted by at No comments:

Thursday, April 8, 2010

Random C question

Q How to write Multi line MACRO ???  
#define MUL_LINE_MACRO(x)    do{  x=123; } while (0)
 http://c-faq.com/cpp/multistmt.html

Dont put ; after Macro let user put it  MUL_LINE_MACRO(x);
This is required as 
if in code macro is used in if else  condition like;
if (cond )
    MUL_LINE_MACRO(x);
else
   some ;
and macro also has an  ";"  then complilation fails 
if (cond )
      do{  x=123; } while (0);
  ; // this will cause compilation failure
else
   some ;


Posted by at No comments:
Labels:

Tuesday, March 30, 2010

How to do Multicast and Broadcast ? Is it possible for both TCP and UDP

Multicast can not happen on TCP it works only in UDP or RAW socket.
Same applies to Broadcast also .

TCP sockets are always Unicast.

A reliable multicast protocol, like PGM(Pragmatic General Multicast ), adds the ability for receivers to detect lost and/or out-of-order messages and take corrective action (similar in principle to TCP), resulting in a gap-free, in-order message stream.

http://tldp.org/HOWTO/Multicast-HOWTO-6.html
Posted by at No comments:
Labels: ,

Monday, March 29, 2010

Can two application Listen on same port

No. Only one process can bind to a port on an address at any one time. You can bind two processes to the same port number, but on different IP addresses Different NIC , hence different ports.

For UDP (Multicasts), multiple applications can subscribe to the same port.
With multicast sockets more than one application can bind to a port as long as SO_REUSEADDR is set in each socket's options.
We can  accomplish this by writing a "master" process, which accepts and processes all connections, then hands them off to your two applications who need to listen on the same port. This is the approach that Web servers and such take, since many processes need to listen to 80.
Posted by at No comments:
Labels:

Wednesday, February 24, 2010

Kernel debugging

what is KDB
http://www.ibm.com/developerworks/linux/library/l-kdbug/

Q Can we put assembly code in C ?
Ans Yes by asm(" ");

Q How to compile SO?
Ans -f PIC (Position independent code )
  http://tldp.org/HOWTO/Program-Library-HOWTO/shared-libraries.html
Posted by at No comments:

IPSec , IPsec and NAT

IPSec types its uses?
Problem with IPSec and NAT?
The IPSec Authentication Header (AH) . AH runs the entire IP packet, including invariant header fields such as source and destination IP address, through a message digest algorithm to produce a keyed hash. This hash is used by the recipient to authenticate the packet. If any field in the original IP packet is modified, authentication will fail and the recipient will discard the packet. AH is intended to prevent unauthorized modification, source spoofing, and man-in-the-middle attacks. But NAT, by definition, modifies IP packets. Therefore, AH + NAT simply cannot work.

When TCP or UDP are involved--as they are in transport mode ESP--there is a catch-22. Because NAT modifies the TCP packet, NAT must also recalculate the checksum used to verify integrity. If NAT updates the TCP checksum, ESP authentication will fail. If NAT does not update the checksum (for example, payload encrypted), TCP verification will fail.
If the transport endpoint is under your control, you might be able to turn off checksum verification. In other words, ESP can pass through NAT in tunnel mode, or in transport mode with TCP checksums dis- abled or ignored by the receiver.

Key Exchange mechanism? 
IPSEC transport mode and tunnel mode does IP header encrypted??
Diff in IKE1and IKE 2 

http://www.netbsd.org/docs/network/ipsec/

Good information

http://unixwiz.net/techtips/iguide-ipsec.html

http://www.kame.net/newsletter/20001119/

Commands
setkey -D : to see SAD entries d--dump
setkey -PD : Dumps all SPD entries, See Policy Database
setkey - F : flush SAD entries
setkey - FP : flush SPD Policy entries

# IPsec with IKE, with pre-shared secret
Racoon.conf
path pre_shared_key "/usr/local/v6/etc/psk.txt" ;
Posted by at No comments:
Labels: , ,

What is Diameter ? how it is better than Radius

Diameter is Advanced protocol than Radius
*  Its More Reliable uses TCP or SCTP               
*  Larger address space for attribute-value pairs (AVPs) and identifiers is 4 Bytes (32 bits instead of 8 bits)

Radius
*  uses UDP
*  identifiers is 1 Byte only 256 Attributes supported

---Remote Authentication Dial In User Service (RADIUS)
RADIUS server checks that the information is correct using authentication schemes like PAP, CHAP or EAP
NAS (Network Access Server (ASNGW) ) sends Access request to AAA

RADIUS -UDP ports
1812 for RADIUS Authentication and
1813 for RADIUS Accounting
Posted by at No comments:
Labels:
Subscribe to: Posts (Atom)