مناجاة، أذكار وأدعية

I’ve recently write a Blog about monologues, prayers and remembrances and i hope that will help me and others to pray to GOD correctly and use each prayer in each contest, the Blog is named Dikr and can be found at the URL: http://www.dikr.tk/ Please feel free to join Dikr community.

A Method for Transmissing PPP Over Ethernet (PPPoE) (RFC2516)

Publication date : February 1999
RFC Author(s) : R.Wheeler, D.Simone, D. Carrel, J. Evarts, K. Lidl, L. Mamakos
Category : informational

The Point-to-point Protocol (PPP) provides a standard method for transporting multi-protocol datagrams over point-to-point links.

PPPoE has two differents stages, first one is PPP Discovery stage that contains four steps when a host discovers the MAC address of peer (Concentrator) and the PPPoE session ID.
In the fact, the Mac address and PPPoE_SESSION_ID uniquely define a ession.
The relationship between the peers is a simple client/server when a client asks server(Concentrator) for informations to establish
the session.

The Frame sent is a simple Ethernet frame where the ETHER_TYPE is set to either 0×8863 (Discovery Stage) or 0×8864 (PPP Session Stage).

Here is the Ethernet Payload for PPPoE:
[ VER:4 | TYPE:4 | CODE:8 | SESSION_ID:16 | LENGTH:16 | PAYLOAD:16 ]

Discovery Stage : Ethernet Frame have the ETHER_TYPE field set to 0×8863

1. Client to server: Initiation (PPPoE Active Discovery Initiation)
PADI:
* Host send a broadcast packet, with the code field set to 0×09
* The session id set to 0×0000

2. Server to client: Offer (PPPoE Active Disocvery Offer)
PADO:
* Access Concentrator reply to an unicast address, with code set to 0×07
* The session id set to 0×0000
* PADO packet contains AC-Name TAG, Service-Name TAG

3. Client to server: Request (PPPoE Active Discovery Request)
PADR:
* Host receive one or more PADO packet and has to choice one
* Choice is based on AC-Name or Services offred
* Host send one PADR packet to Concentrator
* Destination is the unicat Ethernet address of Cencentrator
* code field is set to 0×19 and session id is set to 0×0000

4. Server to client: Session-confirmation (PPPoE Active Discovery Session-confirmation)
PADS:
* When Access receive PADR it prepare to begin PPP session
* generate a unique session id
* reply with an unicat Ethernet address
* code field is set to 0×65
* contains exactly one TAG of TAG_TYPE Service-Name

5. Either end to other end: Termination (PADT)
* packet sent bu host or Access Concentrator
* session is established
* Destination address is unicast
* session is the SESSION_ID generated
* code field is set to 0xa7

Examples Using scapy:
1. PADI:
sendp(Ether(type=0×8863,src=”00:60:4c:72:e7:69″,dst=”ff:ff:ff:ff:ff:ff”)/PPPoED(code=0×09,sessionid=0×0000),iface=”nas0″)

PADO:
2. sendp(Ether(type=0×8863,src=”00:bf:12:fa:90:fd”, dst=”00:60:4c:72:e7:69″)/PPPoED(code=0×07,sessionid=0×0000),iface=”nas0″)

EtherIP: Tunneling Ethernet Frames in IP Datagrams (RFC3378)

Publication date : September 2002
RFC Author(s) : R.Housley, S.Hollenbeck
Category : informational

EtherIP protocol developed in 1991, and used to tunnel Ethernet and IEEE 802.3 media access control (MAC) frames (including IEEE 802.1Q [VLAN] datagrams) across an IP internet.

The EtherIP datagrams contains 16-bit header and a variable-length encapsulated Ethernet or IEEE 802.3 frame that immediately follows IP fields.

The 16-bit of EtherIP header contains two fields, the version 4-bit that must be set to 3 (0011) and 12-bit reserved reserved for future that have to be set to zero, for encapsulation and decapsulation operations. An IP datagram with a EtherIP header must set the IPv4 protocol to 97 (decimal).

The brigde-like station must listen for IP datagram that contains the protocol 97 and ignore the rest LAN frames. if this case it extract MAC from datagrams on the LAN and calculate the (FCS) frame check sequence even the IP checksum does not provide integrity protection for Ethernet/IEEE 802.3, and append the frame as part of data link layer.

One security consideration solution is to protect the IP datagram that carry EtherIP with IPsec [RFC2401].

Sending text message using AT command

Playing with my USB dongle that is a 3g modem, i felt the need to send message using this modem.
but i saw that it has no support to send message using AT command, well to check this use the AT+CSMS command before any shake.

In the case when you have a GSM/GPRS modem/mobile phone with full support of what we talk about before :
You can easily sending message using the great Kannel, or from scratch:
In this article we will focus on how to send message using AT command and we can resume this in five steps :
1. Initializing the modem
2. Setting SMSC
3. Storing the message into storage
4. Sending
5. Delete the message from storage

First of all, to interact with the device you need a serial tools like screen or may be minicom.
Well i recommend the use of screen when you work on pseudo devices :

Let’s connect to the device (ttyUSB0) using screen with a baud of 9600 :
$ screen /dev/ttyUSB0 9600

1. Send the initialize strings :
AT
OK
ATZ
OK

2. Define the service center address as follow and verify that it is correct:
AT+CSCA=”+85290000000″,145

145 means that we deal with formatted address using typical ISDN/telephony numbering plan
(ITU E.164/E.163) and it is an international number.

3. In the fact if you may send a text messages to +85291234567, write the message first to storage area, as like as:
AT+CMGW=”+85291234567″,145,”STO UNSENT”Hello world

4. And finally you can now send the message, referenced with it index:
AT+CMSS=3

You can also do this if you rather to send it to mutli destinations:
AT+CMSS=3,”91234567″
AT+CMSS=3,”97777777″
AT+CMSS=3,”96666666″

Lastly, delete the message from storage area.
5. AT+CMGD=3

To read the first message indexed with 1 :
AT+CMGR=1

Also if you need to play or list all the message in the storage
AT+CMGL=”ALL”

Great document about this can be found here

ICMPv6 Python client using pcs

Reading about IPv6 security, i get the need to write a simple IPv6 client using  python as first step, and libnet6 later.

Well on python there are a nice module named pcs, that permit to forge packet, here is a example of a icmpv6 client :

import pcs

from pcs.packets.ipv6 import *
from pcs.packets.icmpv6 import *
from pcs.packets.ethernet import *
from socket import *

# building ethernet header
e = ethernet()
e.src = ether_atob(’de:de:de:de:de:de’)
e.dst = ether_atob(’da:da:da:da:da:da’)
e.type = ETHERTYPE_IPV6

# building ipv6 header
ip6 = ipv6()
ip6.src = ip6.dst = inet_pton(AF_INET6, "dead::beef")
ip6.length = 8 # equal to payload length.
ip6.hop = 255
ip6.next_header = IPPROTO_ICMPV6

# building icmpv6 echo request
icmpv6 = icmpv6(ICMP6_ECHO_REQUEST)
icmpv6.code = 0
icmpv6.id = 0x01
icmpv6.checksum = icmpv6.cksum(ip6, "") & 0xffff

# we can now send our packet
pcap = pcs.PcapConnector(’ral0’)
pkt = pcs.Chain([e, ip6, icmpv6])
pcap.write(pkt.bytes, len(pkt.bytes))

In the fast, you may see a pretty ICMP reply using your favorite sniffer wireshark or may be tcpdump. But if your prefer to be more techos you can get it using pcap module as like as :

import dpkt, pcap
pc = pcap.pcap()
pc.setfilter('icmp6')
for timestamp, packet in pc:
    print dpkt.ethernet.Ethernet(pkt)

IPv6 Router Advertisement Options for DNS Configuration (RFC6106)

Publication date  : November 2010
RFC Author(s)       : S. Park, L. Beloeil, S. Madanapalli
Category              : Standards Track

This article describe some specifications of RA DNS options, which allow  to IPv6 routers to advertise a list of DNS recursive server addresses and a list of Domain name server Search List to an IPv6 node.

RA Options are based on Neighbor Discovery (ND) for IPv6 stateless  autoconfiguration, that provide a simple way to configure mobile node in a IPv6 network and which make ability to nomadic hosts to reach Internet Services. In this document (section 5) the IPv6 DNS configuration defines two ND  options :

1. The Recursive DNS Server (RDNSS) Contains one or more IPv6 addresses of recursive DNS servers, this Option Format contain 4 field :
Type (8-bit), Length (8-bit), Reserved(16-bit), Lifetime(32-bit) and Addresse of IPv6 Recursive DNS servers (128-bit)

2. The DNS Search List (DNSSL) Contains one or more domains name, this Option Format contain 4 field :
Type (8-bit), Length (8-bit), Reserved(16-bit), Lifetime(32-bit) and Domain Names of DNS Search List (128-bit)

Section 5.1, define that a packet with lifetime value set all one bits (0xffffffff) represents infinity, which mean that the node must keep the DNS parameters, until next update.

Section 5.2, define that a packet with lifetime value set to zero means that RDNSS address must no longer be used.

The RFC describe also, that storing RDNSS addresses from at least two different sources is highly recommended.

Source : https://tools.ietf.org/html/rfc6106

Converting MySQL to PostgreSQL

It has been a long time that i did not write a post into my blog, well it’s time, working with bacula, i got a need to upgrade my database from MySQL to PostgreSQL. If you have to do so, well you can do it simpley using command line and tools given with these database applications.

First of all dump your tables with

$ mysqldump –compatible=postgresql databasename > outputfile.sql

but even then you will have to change quote escaping:

$ sed “s/\\\’/\’\'/g” outputfile.sql

You also have to manually modify the data types when /int.* unsigned/ “bigint” when /bigint/ “bigint” when “bit(1)” “boolean” when “tinyint(1)” “boolean” when /tinyint/ “tinyint” when /int/ “integer” when /varchar/ “varchar” when /char/ “char” when /(float|decimal)/ “decimal” when /double/ “double precision”

After you convert your tables, import them the same way you were used to in MySQL, that is

$ psql -h server -d databasename -U username -W < data.sql

Create random password using /dev/urandom

In many situation administrators are affronted to generate passwords, however it’s more secure to keep in eyes random password even that ordinarie one.
Well, for such use let’s keep it simple and let’s define some files:

/dev/random: is a special file that serves as a true random number generator or as a pseudorandom number generator.
/dev/urandom: (“unlocked” random source) which reuses the internal pool to produce more pseudo-random bits.

If your system does not have /dev/random and /dev/urandom created already, they can be created with the following commands:
$ mknod -m 644 /dev/random c 1 8
$ mknod -m 644 /dev/urandom c 1 9
$ chown root:root /dev/random /dev/urandom

$ tr -cd a-zA-Z0-9 < /dev/urandom | head -c 12 ; echo ""

How to run source bash command between two lines and from file

When i ran my start ADSL connection script, i've been many times blocked by a lock somewhere.
It's no matter, so i realized a python script that can do what the bash command "source" does, even this few line of python can gives you possibility to run codes given between two lines.
Here is the code :

#!/usr/bin/env python
import sys, os

if len(sys.argv) != 4:
   print "Usage: source file startline endline"
   sys.exit(1)

file  = sys.argv[1]
start = int(sys.argv[2])
end   = int(sys.argv[3])

fd=open(file, 'r')
data=fd.readlines()
enter = '\n'

for item in data:
   if enter  in data:
      data.remove(enter)

for cmd in data[start-1:end]:
   # debug print "exec command:", cmd.strip()
   os.popen(cmd.strip())

How to send a bit to the parallel port on Linux (2nd part)

In this second part of how to send bits to the parallel port on Linux, i describe here basics on how to do the same on kernel space.
Here is a simple linux kernel module, that create a char device named parlport, and you can communicate directly with device using the /dev/parlport

#include <linux/module.h>
#include <linux/kernel.h>
#include <linux/init.h>
#include <linux/fs.h>
#include <linux/unistd.h>
#include <asm/uaccess.h>
#include <linux/file.h>
#include <asm/io.h>

#define NAME “parlp”
#define VERSION “0.1″
#define LICENSE “GPL”
#define DESCPT “Simple Parallel Port LED driver”
#define AUTHOR “Mezgani Ali\n”\
“mail: mezgani [AT] nativelabs [.] org\n”\
“blog: http://securfox.wordpress.com/”

#define SUCCESS 0
#define DEVICE_NAME “parlport”
#define BASEPORT 0×0378

static int major = 61; /* major number assigned to our device driver */

static int __init start_module(void);
static void __exit clean_module(void);

static int device_open(struct inode *, struct file *);
static int device_release(struct inode *, struct file *);
static ssize_t device_read(struct file *, char *, size_t, loff_t *);
static ssize_t device_write(struct file *, char *, size_t, loff_t *);

static struct file_operations fops = {
.open = device_open,
.release = device_release,
.read = device_read,
.write = device_write
};

static int
__init start_module(void)
{
int result;

result = register_chrdev(major, DEVICE_NAME, &fops);

if (result < 0) {
printk(KERN_ALERT “Registering device failed with %d\n”, major);
return result;
}

if (!(request_region(BASEPORT, 1, DEVICE_NAME))){
printk(KERN_WARNING “Winbond error request region: %X\n”, BASEPORT);
release_region(BASEPORT, 1);

return result;
}

printk(KERN_INFO “I was assigned major number %d. To talk to\n”, major);
printk(KERN_INFO “the driver, create a dev file with\n”);
printk(KERN_INFO “‘mknod /dev/%s c %d 0′.\n”, DEVICE_NAME, major);

return SUCCESS;
}

static void
__exit clean_module(void)
{
release_region(BASEPORT, 1);

unregister_chrdev(major, DEVICE_NAME);
printk(KERN_ALERT “unregister_chrdev && cleaning module\n”);

}

static int
device_open(struct inode *inode, struct file *file)
{
try_module_get(THIS_MODULE);
return SUCCESS;
}

static int
device_release(struct inode *inode, struct file *file)
{
module_put(THIS_MODULE);
return 0;
}

static ssize_t
device_read(struct file *filp, char *buffer, size_t length, loff_t * offset)
{
unsigned char pbuffer;
int len;

/* input a byte (8 bits) from a port, call inb(port), it returns the byte it got */
pbuffer = inb(BASEPORT);

len = copy_to_user(buffer, &pbuffer, 1);
if (len) return -EFAULT;

if (*offset == 0) {
*offset += 1;
return 1;
} else {
return 0;
}
}

static ssize_t
device_write(struct file *filp, char *buffer, size_t length, loff_t * offset)
{

char pbuffer, *ptr;
int len;

ptr = buffer + length – 1;
len = copy_from_user(&pbuffer, ptr, 1);
if (len) return -EFAULT;

/* output the data to parallel port */
outb(pbuffer, BASEPORT);
return 1;
}

module_init(start_module);
module_exit(clean_module);

MODULE_LICENSE(LICENSE);
MODULE_AUTHOR(AUTHOR);
MODULE_DESCRIPTION(DESCPT);
MODULE_VERSION(VERSION);

Example of use after compilation ;

# insmod parlport.ko
# mknod /dev/parlport c 61 0
# chown 666 /dev/parlport
# echo F > /dev/parlport