Thursday, September 10, 2009

tcpdump can't find /dev/bpf

Setting up new router/firewall and during testing had this issue:

# tcpdump -n -e -tttt -vv -i pflog0
tcpdump: (cannot open device) /dev/bpf: No such file or directory

# ls /dev/bp*
crw------- 1 root wheel - 0, 84 Sep 9 20:54 /dev/bpf0
crw------- 1 root wheel - 0, 86 Sep 9 20:54 /dev/bpf1
crw------- 1 root wheel - 0, 87 Sep 9 20:54 /dev/bpf2


Turns out that the tcpdump package for FreeBSD 7.2 that I had installed, version 3.9.7, was the cause of the problem. Weird part is that the base tcpdump is 3.9.8 -- newer than the packaged port! Weird indeed.

Anyway, deinstalled the package and now the base tcpdump has no problem connecting to the pflog0 interface for real-time pflog examination.

# which tcpdump
/usr/local/sbin/tcpdump

# pkg_deinstall tcpdump
---> Deinstalling 'tcpdump-3.9.7'
[Updating the pkgdb ... (...) done]

# which tcpdump
/usr/sbin/tcpdump

# tcpdump -V
tcpdump version 3.9.8
libpcap version 0.9.8
Usage: tcpdump ...

# /usr/sbin/tcpdump -n -e -tttt -vv -i pflog0
tcpdump: WARNING: pflog0: no IPv4 address assigned
tcpdump: listening on pflog0, link-type PFLOG (OpenBSD pflog file), capture size 96 bytes


Live and learn...

Tuesday, August 25, 2009

Modifying a FreeBSD release ISO for headless booting

Ok, here are the commands. I will come back later to add context, too many irons in the fire right this minute...

# mkdir /bigdisk/iso
# mkdir /bigdisk/iso_headless
# cd /bigdisk
# fetch ftp://ftp7.us.freebsd.org/pub/FreeBSD/releases/i386/ISO-IMAGES/7.2/7.2-RELEASE-i386-disc1.iso
# mdconfig -a -t vnode -f /bigdisk/7.2-RELEASE-i386-disc1.iso -u 0
# mount -t cd9660 /dev/md0 /bigdisk/iso


No trailing slash on the rsync destination is significant. The following two commands are equivalent:
   rsync -av /bigdisk/iso/ /bigdisk/iso_headless
rsync -av /bigdisk/iso/* /bigdisk/iso_headless/

# rsync -av /bigdisk/iso/ /bigdisk/iso_headless
# umount /bigdisk/iso
# mdconfig -d -u 0


Note that I did attempt the following, which failed:
   echo "/boot/loader -h" > /bigdisk/iso_headless/boot.config

# echo 'console="comconsole"' >> /bigdisk/iso_headless/boot/loader.conf
# mkisofs -no-emul-boot -U -R -b boot/cdboot -o /bigdisk/7.2-RELEASE-i386-disc1_HEADLESS.iso /bigdisk/iso_headless
# cdrecord -scanbus


Set whatever speed you want here. I had some cheap, old CDRs and they needed burn slowly. I have plenty to keep me busy while it's burning...

# cdrecord speed=2 dev=1,0,0 /bigdisk/7.2-RELEASE-i386-disc1_HEADLESS.iso


That's all for now, please enjoy responsibly.

Wednesday, August 19, 2009

Retrieve ARP table from Cisco router, parse, spew

I had a colleague in need of an automated way to retrieve the ARP table from a lot of Cisco routers and format the output in a spreadsheet. Another colleague suggested using an Expect script, which is definitely cool because I love using Expect (seriously, it's a Swiss Army knife), but I wanted to take it a different direction. I looked up the SNMP MIB to retrieve the ARP table and then parsed the input to provide a two-column output consisting of the IP address and MAC address, one pair per line.

Here is the script:

snmpwalk -t 60 -v 1 -c MYCOMMSTRING routerhostname .1.3.6.1.2.1.4.22.1.2 | \
while read line; do \
IP_ADDR=`echo ${line} | \
awk '{print $1;}' | \
sed -e 's/^IP-MIB::ipNetToMediaPhysAddress.[0-9]*\.//'`; \
MAC_ADDR=`echo ${line} | \
awk '{print $4;}' | \
sed -e 's/^\([0-9a-f]\)/0\1/' \
-e 's/:\([0-9a-f]\):/:0\1:/g' \
-e 's/:\([0-9a-f]\):/:0\1:/g' \
-e 's/:\([0-9a-f]\)$/:0\1/' | \
tr '[:lower:]' '[:upper:]'`; \
echo "${IP_ADDR} ${MAC_ADDR}"; \
done


Notice that there are two mid-string sed matches, each with a 'g' matching command. The reason that this command needs to be listed twice is that a single iteration of 'g' doesn't mean global, it means to match up to two addresses within the stream. Since some of the MAC addresses I was dealing with were beyond that, such as "0:d:ed:c:7:5e", just using a single mid-string pattern with 'g' left me with "00:0d:ed:0c:7:5e" (note the :7: instead of the desired :07:). Adding the second iteration of mid-string matching fixed this issue by enabling matching of a third and fourth mid-string single-digit. I learned something new about sed, and learning something new is a good thing.

Saturday, August 8, 2009

FreeBSD 7.2 on my Samsung NC10-14GB

Everything working well so far. To get X working I read a lot of forums and ML archives. To get the 915resolution tool, from ports, working with the 945GME chipset in this netbook, I had to patch a couple of files...

# diff -ruN 915resolution.c.orig 915resolution.c
--- 915resolution.c.orig 2009-08-08 22:51:00.000000000 +0000
+++ 915resolution.c 2009-08-08 22:53:44.000000000 +0000
@@ -57,12 +57,12 @@
typedef unsigned int cardinal;

typedef enum {
- CT_UNKWN, CT_830, CT_845G, CT_855GM, CT_865G, CT_915G, CT_915GM, CT_945G, CT_945GM,
+ CT_UNKWN, CT_830, CT_845G, CT_855GM, CT_865G, CT_915G, CT_915GM, CT_945G, CT_945GM, CT_945GME,
CT_946GZ, CT_G965, CT_Q965
} chipset_type;

char * chipset_type_names[] = {
- "UNKNOWN", "830", "845G", "855GM", "865G", "915G", "915GM", "945G", "945GM",
+ "UNKNOWN", "830", "845G", "855GM", "865G", "915G", "915GM", "945G", "945GM", "945GME",
"946GZ", "G965", "Q965"
};

@@ -216,6 +216,10 @@
type = CT_945GM;
break;

+ case 0x27ac8086:
+ type = CT_945GME;
+ break;
+
case 0x29708086:
type = CT_946GZ;
break;
@@ -511,6 +515,7 @@
case CT_915GM:
case CT_945G:
case CT_945GM:
+ case CT_945GME:
case CT_946GZ:
case CT_G965:
case CT_Q965:
@@ -551,6 +556,7 @@
case CT_915GM:
case CT_945G:
case CT_945GM:
+ case CT_945GME:
case CT_946GZ:
case CT_G965:
case CT_Q965:
@@ -806,6 +812,9 @@
else if (!strcmp(argv[index], "945GM")) {
*forced_chipset = CT_945GM;
}
+ else if (!strcmp(argv[index], "945GME")) {
+ *forced_chipset = CT_945GME;
+ }
else if (!strcmp(argv[index], "946GZ")) {
*forced_chipset = CT_946GZ;
}


...and this one...

# diff -ruN chipset_info.txt.orig chipset_info.txt
--- chipset_info.txt.orig 2007-04-15 07:31:29.000000000 +0000
+++ chipset_info.txt 2009-08-08 22:53:59.000000000 +0000
@@ -7,3 +7,4 @@
915PM, 915GM, 915GMS, 910GML $2590_8086 $91 - $92
945G $2770_8086 $91 - $92
945GM $27A0_8086 $91 - $92
+945GME $27AC_8086 $91 - $92


More to come later, but I will leave you with this:

# kldstat
Id Refs Address Size Name
1 22 0xc0400000 9fab28 kernel
2 2 0xc0dfb000 4a64c sound.ko
3 1 0xc0e46000 1ae38 snd_hda.ko
4 1 0xc0e61000 802c ng_ubt.ko
5 6 0xc0e6a000 da08 netgraph.ko
6 1 0xc0e78000 6a45c acpi.ko
7 4 0xc5a80000 2000 ng_bluetooth.ko
8 1 0xc5a82000 d000 ng_hci.ko
9 1 0xc5aba000 f000 ng_l2cap.ko
10 1 0xc5acb000 1a000 ng_btsocket.ko
11 1 0xc5aed000 4000 ng_socket.ko
12 1 0xc5b39000 22000 linux.ko
13 1 0xc5e27000 9000 i915.ko
14 1 0xc5e30000 13000 drm.ko


Have fun!

Friday, June 19, 2009

Rant: There, fixed that for ya...

I am so sick and tired of people who think they are so clever to reply to someone else on a mailing list, EDITING SOMEONE ELSE'S WORDS, and then covering with the oh-so-bright "There, fixed that for you." comment. Hello jackass, why don't you form an intelligent reply and submit that to the list and refrain from editing quoted text from someone else. If I happen to jump straight into a message in some archive via a Google search or such and I see a quoted message then I don't REALLY know what the quoted message was if some super-smart guy decides to "fix" someone else's quote, do I?

Please, if you have taken up this bad habit, give some thought to quitting. It isn't nearly as witty as you believe it is.