New Standards – HTTP2

A great article I came accross explaining how HTTP2 works is availible at http://daniel.haxx.se/http2/http2-v1.6.pdf

It has some intresting challenges for adoption and implications for Network Security and vendors of the associated devices used to secure them.  One of the main challenges being that the format moves from an easy to read text form, to a binary blob.  This means Deep Packet Inspection (DPI) of these frames becomes a lot more intensive.

It will also be interesting how this gets adopted for the ‘average’ site.   I can see the Goog, Facebook and Microsoft adopting it but how long did it take for HTTP 1.1 to become adopted ?

One to monitor……

 

Windows 7– Offline files and SMB shares

Why is it so difficult for this to work out of the box ?

I’m currently using a hacked WD MyWorld NAS device that runs BusyBox, Optware and the latest release of Samba.   You would think offline files would be easy to get working.

Wrong.  See http://blog.rainiernetworks.com/2008/06/25/vista-synchronization-errors/ and http://justanothersysadmin.wordpress.com/2008/03/30/vista-offline-files-and-smb-opportunistic-locks/

Why oh why Microsoft not make the offline files function out of the box.  I guess it works fine against a Microsoft server but in the spirit of greater interoperability fix it please !

Adding routes to modern Linuxes

Shamelessly robbed from http://www.akadia.com/services/redhat_static_routes.html

Overview

With the introduction of Redhat version 8 and continued into version 9, the /etc/sysconfig/static-routes file no longer seems to function correctly.

Linux static routes changed in 8.0 to a new format. Now you are to create a file in /etc/sysconfig/network-scripts for each Ethernet interface you wish to create static routes on.

Example:

touch /etc/sysconfig/network-scripts/route-eth0

The syntax for this file is different from the traditional route format used in /etc/sysconfig/static-routes . Redhat has yet to document the change on their web site as of June 2003.

Syntax based on a usenet post go to /etc/sysconfig/network-scripts, make a file called route-devicename (ex: route-eth0) and populate it with your static routes for that device so if you wanted to make a static route to the 192.168.0.0/24 network through 152.3.182.5 type:

192.168.0.0/24 via 152.3.182.5

Persistent static routes for ANY linux distribution

You may use this method to add static routes and it will work under any Linux distribution. However, it is considered by some a ‘hack’ or the ‘ugly way’.

Edit your /etc/rc.local file and add your static routes using the route statement.

Example:

route add -net 10.10.98.0 netmask 255.255.255.0 gw 10.164.234.132 dev eth1
route add -net 10.164.234.96 netmask 255.255.255.252 gw 10.164.234.132 dev eth1
route add -net 10.164.234.112 netmask 255.255.255.240 gw 10.164.234.132 dev eth1

Force the old static-routes file to work under Redhat 9

Clear out the new /etc/sysconfig/network-scripts/ifup-routes script so that you can populate it with the original shell script from Redhat 7.x.

cat /dev/null > /etc/sysconfig/network-scripts/ifup-routes
vi /etc/sysconfig/network-scripts/ifup-routes

type in the following (or copy and paste) not including the tilde lines:

#!/bin/sh

# adds static routes which go through device $1

if [ “$1″ = “” ]; then
  echo “usage: $0 <net-device>”
  exit 1
fi

if [ ! -f /etc/sysconfig/static-routes ]; then
  exit 0
fi

# note the trailing space in the grep gets rid of aliases
grep “^$1 ” /etc/sysconfig/static-routes | while read device args; do
  /sbin/route add -$args $device
done
grep “^any ” /etc/sysconfig/static-routes | while read ignore type net netmask mask bogus dev ; do
  if [ “$dev” = “$1″ ]; then
    /sbin/route add -$type $net $netmask $mask $dev
  fi
done

Remember to use /etc/sysconfig/network for your default gateway

If you only intend to add one route, your default gateway, then you need not worry about the static routes file or using the route command. Simply add your default gateway in /etc/sysconfig/network.

Example

NETWORKING=yes
HOSTNAME=”hostname.linux.org”
GATEWAY=”10.164.234.1″
GATEWAYDEV=”eth0″
FORWARD_IPV4=”yes”

Useful Unix Tools

I can never remember any of these commands.  I know that you flip flop waring, bearded, leather patch wallahs can but heres a list they is very useful.

vmstat n – To show Virtual Machine, Disk I/O, Swap etc use.  The n makes it refresh every n seconds

/etc/sysconfig/network-scripts/ifcfg-eth1 – Use to set static interface on most Linux’s
Contents something like:

# Description of type
DEVICE=eth1
BOOTPROTO=static
IPADDR=x.x.x.x
NETMASK=x.x.x.x
ONBOOT=yes
TYPE=Ethernet

Remember to use /etc/sysconfig/network for your default gateway

NETWORKING=yes
HOSTNAME=”hostname.linux.org”
GATEWAY=”10.164.234.1″
GATEWAYDEV=”eth0″
FORWARD_IPV4=”yes”

TAR – Use extracting/imploding files to one file – does not compress
tar cvf nameoftarfile.tar -I textfile.txt – takes the contents of the text file and adds to tar
tar xcvf nameoftarfile.tar - extract and verify

Solaris and 802.1q tagged interfaces
Interfaces are usually called hostname.ceVLANID000

Adding Interfaces to Solaris – making sure they work on boot
vi /etc/netmasks – add the subnet to this
vi /etc/hosts – add the interface and VLAN
create a hostname.ceVLANID000 file
manually plumb:
  plumb eth1 (bring up L1)
  ifconfig add inet x.x.x.x netmask x.x.x.x broadcast x.x.x.x
  ifconfig eth1 up

Ill keep adding as I think of them