September 23, 2016

Where to download broadcom Netgear R7000 toolchain binary

The toolchain file is hndtools-arm-linux-2.6.36-uclibc-4.5.3.tar.bz2

Download URL: https://sourceforge.net/projects/nvg599.arris/files/

This tarball also contains the Broadcom code drop bcm963xx_4.06L.03_consumer_release.tar.gz, which was created using Broadcom's source code redistribution process, bcm47xx.tar.bz2 which is the 5GHz code, hndtools-arm-linux-2.6.36-uclibc-4.5.3.tar.bz2, which is the toolchain for the 5Ghz code, and axis.tar.bz2 which is the code that runs on the main SOC.

September 20, 2016

vim matching IP address

\(\d\+\.\)\{3\}\d\{1,3\}

September 15, 2016

configure linux strongswan vpn client

1. generate a vpn client cert, and its private key
2. /etc/ipsec.conf
conn %default
    keyexchange=ikev2
    dpdaction=clear
    dpddelay=300s
    rekey=no
    ikelifetime=24h
    lifetime=24h

conn iosIKE2
     keyexchange=ikev2
     left=%defaultroute
     leftcert=vpncert.cert
     leftsourceip=%config
     right=vpnserver.myserver.com
     rightid=%any
     rightsubnet=0.0.0.0/0
     leftauth=rsa
     rightauth=rsa
     rekey=no
     reauth=no
     dpdtimeout=30
     dpdaction=hold
     auto=start

/etc/strongswan.conf : add logging
charon {
        load_modular = yes
        plugins {
                include strongswan.d/charon/*.conf
        }
    filelog {
        /var/log/charon.log {
            # add a timestamp prefix
            time_format = %b %e %T
            # prepend connection name, simplifies grepping
            ike_name = yes
            # overwrite existing files
            append = no
            # increase default loglevel for all daemon subsystems
            #default = 1
            # flush each line to disk
            flush_line = yes
        }
        }
}

/etc/ipsec.secrets:
: RSA vpncert.key

Then 
copy the cert file to /etc/ipsec.d/certs
copy the CA certs file to /etc/ipsec.d/cacerts, one CA cert per file
copy the private key file to /etc/ipsec.d/private

use ipsec start to start
check file /var/log/charon.log to see logs
ipsec stop to stop 
ipsec status  (or statusall) to status.

The above will make the linux client computer not accessible locally.
If you need split tunnel, add the following:
ip rule add from all pref 100 table 100
ip route add 192.168.140.0/24 dev eth0 table 100

192.168.140.0 is your local subnet
eth0 is your local network interface.

September 8, 2016

How to use curl with a specific network interface

The goal is to direct curl's request to a specific interface, for example, tun0.

Assume tun0 has the IPv4 address of 192.168.15.2. Below is the command line:

mycurl --dns-ipv4-addr 192.168.15.2 --dns-interface tun0 --interface tun0 -4  www.yahoo.com

The default "curl" program in Debian/Ubuntu is not (as is Ubuntu 14.04) compiled with the lib-ares library, which is required for the above arguments to work. You will need to download the lib-ares library first (hosted by curl project), compile it, and then compile your own curl binary.  To configure curl to use your newly installed lib-ares lib, do this:

./configure --enable-ares=/usr/local/

"-4" argument is to tell curl to only use IPv4 IP. Otherwise it will wait for the IPv6 DNS resolving result, which for many sites may not be available and therefore causing curl to hang.

September 6, 2016

tmux start multiple windows

put this in a shell script:

tmux new-session -s main -n workspace -d
tmux neww -t main:1 -n local bash
tmux neww -t main:2 -n local bash
tmux neww -t main:3 -n gw 'mosh gw'
tmux neww -t main:4 -n git 'mosh git'
tmux neww -t main:5 -n download 'mosh download'
tmux attach -t main

September 2, 2016

C operator priority: Shift is lesser than +/-

int main(){
        unsigned char buf[2];
        int x;
        buf[0]=0xF0;
        buf[1]=0xA5;
        x=buf[0]<<8+buf[1];
        printf("x=%08x\n",x);
}


The above code returns wrong values (not 0xF0A5). You need to add parenthesis around the shift operator: 

x=(buf[0]<<8)+buf[1];

Or use multiplication

x=buf[0]*256+buf[1];

August 31, 2016

Linux route and rule

1. There are 3 default route tables: local, main, and default
2. Their priority and selector is defined by "rules".  use "ip rule list" to see the priority and selector of each table.

$ ip rule list
0:      from all lookup local
32766:  from all lookup main
32767:  from all lookup default

by default, local has highest priority (0). default has lowest priority (it's usually empty). main has next to lowest priority. You can all three tables match "from all" packets. So table local consulted first, then table main, then table default.  

$ ip route show table default
(return nothing)
$ ip route show table main
default via 192.168.140.2 dev eth0
(this is the default gateway)

Routing tables goes by number 1-255.  You can find the names at  /etc/iproute2/rt_tables

255 local
254 main
253 default
0 unspec

You can add your own table number like
100 mytable

or you can just use a number if you like.

You can add selector to specify which table should be consulted (or not). For example, you can use 
ip rule add from 10.0.0.0/24 table mytable    OR 
ip rule add to 10.0.0.0/24  OR
ip rule add iif eth0 OR
ip rule add oif eth2 OR
ip rule add fwmark MARK 

ip rule help gives you all the list

Then use "ip route add default via 10.0.0.1 dev eth1 table mytable" to add a default gateway rule to this table. "via ..." "dev ..." just tells the kernel how to route it.