iptables mirror target for linux kernel 3.6

 iptables mirror target for linux kernel 3.6

After my last kernel upgrade I tried to build the iptables mirror target published the last time here. The iptables mirror target takes the packet sent to your machine and returns the same packet to the machine the packet came from. Thus, let’s say someone tries to scan your machine or tries an attack he would scan his own machine or even attack his own machine. When I tried it with kernel version 3.6 , it did not build anymore with the current linux kernel. This time some functions have got removed from the kernel. Thus I had to update the ip_direct_send function. You can download the newer release for kernel version 3.6 and probably future kernels here:

MIRROR.3.6.0.tar.gz (618) gplv3 127x51 iptables mirror target for linux kernel 3.6

The kernel module has been tested with kernel version 3.7.0-vs2.3.5.1. To build the module, boot the kernel you want to use the module with. Afterwards unpack the archive and run the compile.sh script to build the module. Then run the install.sh script for installing the compiled module into the /lib/modules directory for your kernel.

Now you may use the mirror target in place of the REJECT or DROP target in the INPUT, FORWARD and PREROUTING chains, like this in your firewall script:

$IPTABLES -A INPUT -j MIRROR

Beware: The use of the mirror target may lead to strange results, in example if you want to connect to an iptables protected machine which uses the mirror target, you may end up connecting to the local machine without recognizing it. It also may use much bandwith. The worst case occurs if you have two machines using the module. These machines may end up playing ping pong. So you have been warned, use with caution and at your own risk. For more information see: MIRROR target.

Downloads for older kernel versions are below. Notice the version numbering 2.6.25 works for kernels up to 2.6.27. 2.6.28 also works for 2.6.29 and 2.6.30 kernels. The 2.6.13 version of the module should work up to kernel version 2.6.16.

MIRROR.2.6.13.tar.gz (1567)
MIRROR.2.6.24.tar.gz (1953)
MIRROR.2.6.25.tar.gz (1800)
MIRROR.2.6.28.tar.gz (1839)
MIRROR.2.6.31 (1710)
MIRROR.2.6.35.tar.gz (1646)
MIRROR.2.6.36.tar.gz (1532)
MIRROR.2.6.37.tar.gz (1370)
MIRROR.3.0.7.tar.gz (1113)
MIRROR.3.1.0.tar.gz (847)
MIRROR.3.3.0.tar.gz (861)
gplv3 127x51 iptables mirror target for linux kernel 3.6

regards
Jürgen

 

 

1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 5.00 out of 5)
Loading ... Loading ...

stereoscopic mplayer-1.1-r1

Recently the new mplayer-1.1-r1 ebuild appeared in portage. In the article stereoscopic mplayer-1.0_rc4_p20110322 I provided a modified patch for stereoscopic support in mplayer-1.0_rc4_p20110322. This patch does not work with the current version anymore. However, only a minor fix has been required. To use the new patch, just download it from here: mplayer-stereoscopic-1.1-r1.patch (568) and copy it to:

/etc/portage/patches/media-video/mplayer-1.1-r1/

Afterwards emerge mplayer and play stereoscopic movies with:

mplayer -vo gl2:stereo some_movie_file.avi

mithrandir

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading ... Loading ...

Flightgear-2.8.0 with quad buffered stereo

 Flightgear 2.8.0 with quad buffered stereo

In the article Flightgear with quad buffered stereo I have written about how to get quad buffered stereo to work with the famous flight simulator FlightGear. Recently FlightGear-2.8.0 has been released. The problem with quad buffered stereo still persists with FlightGear-2.8.0 .

One expects to enable stereoscopic mode in FlightGear starting it with the following line:

export OSG_STEREO_MODE=QUAD_BUFFER;export OSG_STEREO=ON; fgfs

When starting flightgear this way, one gets the following console output and no stereoscopic view:

Warning: detected OpenGL error ‘invalid operation’ after RenderBin::draw(,)

Getting FlightGear to work with quad-buffered stereo

The reason for the above error message and the resulting broken stereo mode is, that the stereo context does not get initialized properly. The details are described here: Flightgear with quad buffered stereo. Unfortunately the patch I proposed in the mentioned post does not work for flightgear-2.8.0. However, the good news is, it only required a slight modification, the WindowBuilder.cxx file no longer is in src/Main, but in the src/Viewer directory. You can download the new patch from here: flightgear-2.8.0-stereoscopic.patch (709)

Hopefully the patch finds its way into the next flightgear release.

As usual for quad buffered stereo, you have to use a professional graphics board that supports quad buffered stereo, like a NVIDIA Quadro FX or a Ati FireGL and proper display hardware, like shutter glasses, a HMD or a stereoscopic projection system, to benefit from it. To use the quad buffered stereo mode start flightgear with the environment variables mentioned above. Afterwards you probably have to enable quad buffered stereo mode by selecting the Stereoscopic View Options Item in the the View menu.

The Gentoo way

For gentoo users I have created an overlay. Like the previous one it contains patches and modified ebuilds for flightgear with working quad buffer support. You may get the overlay from here: flightgear-2.8.0 overlay (623) Download the overlay and extract it in /usr/local/portage. Be sure to include the following line in your /etc/make.conf:

PORTDIR_OVERLAY=”/usr/local/portage”

Then emerge flightgear and enjoy it in three dimensions.

Have fun

Jürgen

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading ... Loading ...

Fixing location awareness of N900 IM

 Fixing location awareness of N900 IM

Nokias N900 cellular phone is a location aware device. Usually it has been able to display your location in the  status message of instant messaging services like Jabber or Skype. This function has stopped working completely some time ago. This article describes the underlying problem and presents a fix to restore the function again.

Usually one can enable the N900 phone to display the current location in the status message by tapping the status bar and selecting “Availability”. Afterwards the availability window opens, where the button “my location” can be tapped. Then one can select the precision of the position from street level to town level. Afterwards the current location is being published to contacts. Currently enabling this function does not publish any location to ones contacts. After installing sysklogd, the syslog gives a first hint, where the problem is located:

Aug 31 18:37:33 Nokia-N900 nm-nav-provider[11138]: GLIB WARNING **
default – Could not connect to
http://loc.desktop.maps.svc.ovi.com/geocoder/rgc/1.0?total=1&lat=52.308704391494393&long=13.252864412963390&token=9b87b24dffafdfcb6dfc66eeba834caa
Aug 31 18:37:33 Nokia-N900 [1621]: GLIB WARNING ** rtcom-presence-ui -
null pointer passed to the navigation_provider_location_to_address callback

After killing the nm-nav-provider process and restarting /usr/lib/nokiamaps-navigation-provider/nm-nav-provider from an xterm  a more detailed error message can be seen:

^
http://loc.desktop.maps.svc.ovi.com/geocoder/rgc/1.0?total=1&lat=52.308704391494393&long=13.252864412963390&token=9b87b24dffafdfcb6dfc66eeba834caa:1: parser error : Document is empty
^
http://loc.desktop.maps.svc.ovi.com/geocoder/rgc/1.0?total=1&lat=52.308704391494393&long=13.252864412963390&token=9b87b24dffafdfcb6dfc66eeba834caa:1: parser error : Start tag expected, ‘<’ not found

Thus there is a problem with the request sent to Nokias web service. Most probably Nokia has changed the web service in the meanwhile. However, using the same request without the token leads to the desired result. This can be easily tried out by entering the requests URL in a web browser. Unfortunately nm-nav-provider is closed source, so it cannot easily be modified. A hex editor can be used to search for the token string and then the request can be zero terminated in front of  it.

hexedit nm nav provider 520 Fixing location awareness of N900 IM

Figure: hexedit view of nm-nav-provider token location for webservice

There are two positions with a matching request in the 0.109-3+0m5 version of nm-nav-provider, one at position 0x73F7 and one at 0×7689. The latter is the relevant one for the problem. Replacing the byte at this address by a zero terminates the request string and leads to a request that can be understood by Nokias web service. One has to kill the nm-nav-provider process before being able to write to the file.

Unfortunately the modified binary cannot be published here, because of license restrictions, but an easy way to patch the file can be provided. First of all, enhanced busybox needs to be installed on the N900. Then execute the following line as root user  inside an xterm:

cd /usr/lib/nokiamaps-navigation-provider/; cp nm-nav-provider nm-nav-provider.bak; killall nm-nav-provider;dd conv=notrunc bs=1 count=1 seek=30345 if=/dev/zero of=nm-nav-provider

This line works for nokiamaps-navigation-provider-0.109-3+0m5. After execution, the location can be published to contacts again. The only problem remaining is up to you. Do you really want that all your contacts know your location?

best regards
Jürgen

 

1 Star2 Stars3 Stars4 Stars5 Stars (4 votes, average: 5.00 out of 5)
Loading ... Loading ...

glsldevil binaries

About one year ago I wrote about the OpenGL/GLSL debugger glsldevil in the article gentoo ebuild for glsldevil-1.1.5 and provided a gentoo ebuild for it. Unfortunately glsldevil seems not to be available anymore from the web page of the University of Stuttgart (http://cumbia.informatik.uni-stuttgart.de/glsldevil/), which has rendered the ebuild useless.

Edit 29/5/2012: The original download site of the University of Stuttgart is available again.

Since the license of glsldevil  permits redistribution, I decided to upload my local copy, to make glsldevil available for the public again. Unfortunately this only includes the Linux binaries (32bit and 64bit) and neither Windows binaries or the source code.

You can download the Linux binaries from here: glsldevil-1.1.5.tar.gz (721)

For use with the ebuild, just copy the file to /usr/portage/distfiles/.

regards
Jürgen

 

1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 5.00 out of 5)
Loading ... Loading ...

php-5.4.1_rc1 fails with apache-2.4.1 on gentoo

 php 5.4.1 rc1 fails with apache 2.4.1 on gentoo

Today the apache-2.4.1 ebuild has appeared in gentoos portage tree. Emerging php-5.4.1_rc1 fails with installed apache-2.4.1 web server  on gentoo with the following error message:

Configuring SAPI modules
checking for AOLserver support… no
checking for Apache 1.x module support via DSO through APXS… no
checking for Apache 1.x module support… no
checking whether to enable Apache charset compatibility option… no
checking for Apache 2.0 filter-module support via DSO through APXS… no
checking for Apache 2.0 handler-module support via DSO through APXS…

Sorry, I cannot run apxs.  Possible reasons follow:

1. Perl is not installed
2. apxs was not found. Try to pass the path using –with-apxs2=/path/to/apxs
3. Apache was not built using –enable-so (the apxs usage page is displayed)

The output of /usr/sbin/apxs follows:
./configure: line 8325: /usr/sbin/apxs: No such file or directory
configure: error: Aborting

The reason for this is, that the apxs executable does not get installed with the apache-2.4.1 ebuild. According to gmane.org this issue got fixed with the apache-2.4.1-r1 ebuild.  However, after upgrading apache to 2.4.1-r1 emerging php still fails with the same error message. A quick look onto the filesystem shows that /usr/sbin/apxs got installed as well as the /usr/sbin/apxs2 symlink got created.

mittelerde sbin # ls -alsh apxs*
24K -rw-r–r– 1 root root  23K  1. Apr 16:14 apxs
0 lrwxrwxrwx 1 root root   14  1. Apr 16:14 apxs2 -> /usr/sbin/apxs

This also reveals the reason for emerging php failing with apache-2.4.1-r1. The /usr/sbin/apxs perl-script coming with the apache-2.4.1-r1 ebuild lacks the executable flag.

Thus a simple

chmod +x /usr/sbin/apxs

solves the issue and emerging php afterwards works like a charm. Most probably this will get fixed with the next apache ebuild. To get the apache configuration working after the 2.4 upgrade, you might want to read: Upgrading to 2.4 from 2.2.

Jürgen

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading ... Loading ...

iptables mirror target for linux kernel 3.3

 iptables mirror target for linux kernel 3.3

After my last kernel upgrade I tried to build the iptables mirror target published here. The iptables mirror target takes the packet sent to your machine and returns the same packet to the machine the packet came from. Thus, let’s say someone tries to scan your machine or tries an attack he would scan his own machine or even attack his own machine. When I tried it with kernel version 3.3 , it did not build anymore with the current linux kernel. However, this time only a minor modification has been neccesary. Another header file had to be included and a function name has changed.  You can download the newer release for kernel version 3.3 and probably future kernels here:

MIRROR.3.3.0.tar.gz (861) gplv3 127x51 iptables mirror target for linux kernel 3.3

The kernel module has been tested with kernel version linux-3.3-vserver-2.3.3.1. To build the module, boot the kernel you want to use the module with. Afterwards unpack the archive and run the compile.sh script to build the module. Then run the install.sh script for installing the compiled module into the /lib/modules directory for your kernel.

Now you may use the mirror target in place of the REJECT or DROP target in the INPUT, FORWARD and PREROUTING chains, like this in your firewall script:

$IPTABLES -A INPUT -j MIRROR

Beware: The use of the mirror target may lead to strange results, in example if you want to connect to an iptables protected machine which uses the mirror target, you may end up connecting to the local machine without recognizing it. It also may use much bandwith. The worst case occurs if you have two machines using the module. These machines may end up playing ping pong. So you have been warned, use with caution and at your own risk. For more information see: MIRROR target.

Downloads for older kernel versions are below. Notice the version numbering 2.6.25 works for kernels up to 2.6.27. 2.6.28 also works for 2.6.29 and 2.6.30 kernels. The 2.6.13 version of the module should work up to kernel version 2.6.16.

MIRROR.2.6.13.tar.gz (1567)
MIRROR.2.6.24.tar.gz (1953)
MIRROR.2.6.25.tar.gz (1800)
MIRROR.2.6.28.tar.gz (1839)
MIRROR.2.6.31 (1710)
MIRROR.2.6.35.tar.gz (1646)
MIRROR.2.6.36.tar.gz (1532)
MIRROR.2.6.37.tar.gz (1370)
MIRROR.3.0.7.tar.gz (1113)
MIRROR.3.1.0.tar.gz (847)
gplv3 127x51 iptables mirror target for linux kernel 3.3

regards
Jürgen

 

 

1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 5.00 out of 5)
Loading ... Loading ...

siteinfo

Translator

English flagItalian flagKorean flagChinese (Simplified) flagChinese (Traditional) flagPortuguese flagGerman flagFrench flag
Spanish flagJapanese flagArabic flagRussian flagGreek flagDutch flagBulgarian flagCzech flag
Croatian flagDanish flagFinnish flagHindi flagPolish flagRomanian flagSwedish flagNorwegian flag
Catalan flagFilipino flagHebrew flagIndonesian flagLatvian flagLithuanian flagSerbian flagSlovak flag
Slovenian flagUkrainian flagVietnamese flag