norbert's weblog

OSPF on OpenBSD-current

Claudio Jeker (claudio@) just commited preliminary support for OSPF (Open Shortest Path First) in OpenBSD. Here is the CVS commit:

CVSROOT:	/cvs
Module name:	src
Changes by:	claudio@cvs.openbsd.org	2005/01/28 07:05:41

Added files:
	usr.sbin/ospfd : Makefile area.c auth.c buffer.c config.c 
	                 control.c control.h database.c hello.c imsg.c 
	                 in_cksum.c interface.c iso_cksum.c kroute.c 
	                 log.c log.h lsack.c lsreq.c lsupdate.c 
	                 neighbor.c ospf.h ospfd.8 ospfd.c ospfd.h 
	                 ospfe.c ospfe.h packet.c parse.y rde.c rde.h 
	                 rde_lsdb.c 

Log message:
Welcome ospfd
started by Esben Norby some time ago by using the imsg/three process framework
of bgpd. He implemented the basic concept plus the ospf finite state machines.
Later I joined and helped him cleanup, debug and extend his work.
Right now it is not particularly useful, major parts are still missing but is
imported to allow more people to work on it.
status:
The basic protocol works for broadcast networks and the LS database is
synchronized and updated. It is not possible to be DR or BDR on a network
and other interface types like point-to-point are not yet supported.
The shortest path tree is not calculated and so no routing information is
exchanged with the kernel FIB.

Not yet connected to the builds.
OK henning@

As I have commented a while ago, I noticed that the OpenBSD development team is really taking the routing technology road.

BandwithD on OpenBSD 3.6

From the bandwidthd site:

BandwidthD tracks usage of TCP/IP network subnets and builds html files with graphs to display utilization. Charts are built by individual IPs, and by default display utilization over 2 day, 8 day, 40 day, and 400 day periods. Furthermore, each ip address's utilization can be logged out at intervals of 3.3 minutes, 10 minutes, 1 hour or 12 hours in cdf format, or to a backend database server. HTTP, TCP, UDP, ICMP, VPN, and P2P traffic are color coded.

The latest version of bandwidthd is 2.0.1. However under OpenBSD 3.6, there is a little problem in the configure script of bandwidthd's latest version. To those who would like to run bandwidthd on OpenBSD 3.6, I have an edited version of bandwidthd source tarball:

http://www.feu-nrmf.ph/norbert/bandwidthd-2.0.1-obsd.tgz
MD5 3089833a0555e38f620a88851b2e5ae2

This tarball contains the fixed configure script for OpenBSD 3.6. It also contains some minor changes that fixed some compiler warnings. You can use diff to compare the difference of my changes to the original source. You may also read the file INSTALL.OpenBSD for detailed instructions on how to compile it.

Hope this little thing can help :-)

FreeBSD 4.11-RELEASE

FreeBSD 4.11-RELEASE has been released. Read the release announcement here:

http://www.freebsd.org/releases/4.11R/announce.html

As always advised every FreeBSD releases, please read the release errata for late-breaking news and latest issues with the release.

The ISO images are now available at the FreeBSD main FTP site. You can also download the ISO images via BitTorrent.

http://people.freebsd.org/~kensmith/4.11-torrent/

This may be the last release for 4.x (RELENG_4 branch) since most of the FreeBSD developers are now focused on 5.x (RELENG_5 branch) and CURRENT (HEAD branch).

Beastie Brewing Beer?

FreeBSD is a free Unix-like operating system used for server applications, desktop systems, embedded systems, and...

for brewing beer :-)

See Greg's temperature-controlled fridge.

"Pasiyam" and "Gulgol"

I'm still here at Laoag, Ilocos Norte. This is the night of "Pasiyam" for my auntie. "Pasiyam" is a Filipino tradition offered to a dead relative. It is commonly done on the ninth day after the death of a person. During "Pasiyam", the people join in prayer for the repose of the soul of the departed. Foods are also served for the people who join the bereaved family. "Siyam" is a Filipino word meaning nine (9).

There is one burial tradition here in Ilocos Norte which is uncommon to me. They called it "gulgol" (though I don't know the meaning of it). They said "gulgol" is done after the burial. Family members and relatives of the departed will go to the river and they will wash their hair using the ash of a burned rice straw and "basi" (a wine made from sugarcane). Tommorow will be the "gulgol" day. And since the departed is my auntie, my relatives are inviting me to join the "gulgol" ceremony.

BTW, we will be leaving Laoag tommorow night.

PIM on OpenBSD (and other...)

OpenBSD committer Ryan Thomas McBride (mcbride@) imported some code from Pavlin Radoslavov which implements Protocol Independent Multicast (PIM) to the OpenBSD-current tree.

CVSROOT:        /cvs
Module name:    src
Changes by:     mcbride@cvs.openbsd.org 2005/01/14 07:51:28

Modified files:
        sys/conf       : GENERIC
        sys/netinet    : in.h in_proto.c ip_mroute.c ip_mroute.h
                         raw_ip.c
Added files:
        sys/netinet    : pim.h pim_var.h

Log message:
Add kernel support for Protocol Independant Multicast (PIM)
Information: http://netweb.usc.edu/pim/

I noticed that OpenBSD is taking a path on routing technology road. First is PF, then comes bgpd, then CARP, then radix multipath support, then PIM. I've also noticed that preliminary support for Bluetooth protocol stack was added by Alexander Yurchenko (grange@). SGI port was also declared as an official port and Dale Rahn just imported Zaurus port to the repository recently.

Let's help the project by testing the snapshots now. Report any bugs you may find. Let's make OpenBSD 3.7 another great release! :-)

We're Going to Laoag

My auntie from Ilocos Norte called me last week and she said that their eldest sister passed away last January 6, 2005. This is really a sad news. She is a good auntie to me and a good sister to my mother. I'll surely miss her.

I decided not to tell my mother in Bicol about this. My mother is suffering from hemiplegia (or paralysis on one side of the body) due to cerebrovascular accident (or stroke). I don't want her to be depressed. My relatives and friends have agreed on my desision not to tell the sad news to my mother because it may hinder her recovery.

Me and my girlfriend will be going to Laoag Ilocos Norte later to attend my auntie's burial.

More Linux vulnerabilities...

It's a security-related storm again for Linux community. There are several vulnerabilities discovered in the Linux kernel >= 2.6.10. One of them is the uselib() function vulnerability discovered by Paul Starzetz of ISEC.

Brad Spengler, the author of grsecurity, also reported in bugtraq mailing list that there are several vulnerabities in the Linux kernel. He discovered 4 exploitable vulnerabilities in a matter of 15 minutes. It's a bad news that more vulnerabilities were found on 2.6 than in 2.4 version of the Linux kernel.

The PaX team also discovered a mlockall/expand_down DoS vulnerability. Note that this vulnerability has been fixed in PaX for 2 years already. The PaX team already notified Linus via email about the vulnerability since December 27, 2004, and they resend the same email on January 2, 2004 to Linus Torvalds again and Andrew Morton. I guess they did not get any reply.

Another security issues to deal with are not kernel related. Good thing that patches for these vulnerabilities are available already, but it may still affect several Linux users. The libtiff library is affected by several integer overflows that can allow an attacker to execute malicious code when a specially crafted tiff image is viewed in a program that uses the library.

iDefense also reported a boundary error vulnerability in xpdf, which can be used to execute malicious code via opening a specially crafted pdf file.

The commonly used media players for Linux/BSD, xine and mplayer, are also affected by several vulnerabilities. The fixed version are already available on their websites. Several critical bugs has also been discovered in Shoutcast last month.

What's going on with the Linux security? I've also noticed that ISEC is continuosly releasing serious Linux kernel security advisories on every fresh version of Linux kernel that comes out. I hope the kernel developers and the Linux community will do something about this.

Free Beer!

Just got home. Thanks to Teejay and Richard for the free beer. We had a good discussion a while ago.

I'll drink a cup of coffee first, read some email, then go to sleep.

Welcome 2005!

My sister and I just finished lighting up some small firecrackers. Heh I don't want to lose any of my fingers just because of firecrackers. I'll watch TV later.

Another year had passed. Welcome 2005, the year of the wooden rooster. Happy New Year!