黃巾賊的私人日記: 2008

2008年12月9日星期二

free-radius server/client config

In order to implement RADIUS to my project. I take some practices it on X86 linux.

Here are some simplest setting for PAP, client only pass Username/Password to RADIUS server.

For server side, I only want test basic username/password.
Here are 3 files involved.
"client.conf","users" and "modules/pap"
[peter@localhost raddb]$ vim clients.conf
# Allowed values are:
# dotted quad (1.2.3.4)
# hostname (radius.example.com)
#ipaddr = 127.0.0.1
ipaddr = 172.21.33.112

secret = testing123

#vim modules/pap
pap {
auto_header = yes
}

#vi users
peter Cleartext-Password := "4321"

-----------------------
For client test.
----------------------
[peter@localhost raddb]$ vim /share/rootfs/etc/radiusclient/radiusclient.conf
authserver 172.21.46.133

#vim /share/rootfs/etc/radiusclient/servers
172.21.46.133 testing123

conclusion:
The shared secrets ("testing123" in this case) MUST match with client/server.
The User-Passowrd was sent by s MD5(password, secrets). so the clear-password was never sent to network.

TIP:
#server daemon in my environment.
LD_LIBRARY_PATH=/usr/lib:/lib/:/lib/tls/:$LD_LIBRARY_PATH ./radiusd -s -X
#client test utility
echo "User-Name = test" | /usr/local/bin/radclient localhost:1812 auth s3cr3t
echo "User-Name=test,Password=mypass,Framed-Protocol=PPP " | /usr/local/bin/radclient localhost:1812 auth s3cr3t

--------------------
A debug mode of radiusd -s -X
-------------
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on proxy address * port 1814
Ready to process requests.
rad_recv: Access-Request packet from host 172.21.33.112 port 1054, id=60, length=63
User-Name = "peter"
User-Password = "4321"
Service-Type = Authenticate-Only
NAS-Port = 0
NAS-IP-Address = 172.21.33.112
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "peter", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
[files] users: Matched entry peter at line 93
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns updated
Found Auth-Type = PAP
+- entering group PAP {...}
[pap] login attempt with password "4321"
[pap] Using clear text password "4321"
[pap] User authenticated successfully
++[pap] returns ok
+- entering group post-auth {...}
++[exec] returns noop
Sending Access-Accept of id 60 to 172.21.33.112 port 1054
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 0 ID 60 with timestamp +9
Ready to process requests.

2008年11月10日星期一

pptpd server aligned issues/bug

I was porting PPTPD to ARM board, recently. After tested with other platforms including X86.
It always workable with any client, but only invalid on my target board ...
It takes my around week to figure out the problem.
M.., eventually. I find the problem: memory alignment issues on ARM.
A struct gre_header points to a char buf[]. and char does NOT ficking aligned memory.
This problem delays my schedule almost 1 week....

I just modified as:
int decaps_gre(....)
static unsigned char buffer[PACKT_MAX + 64] __attribute__ ((aligned(4)));

GOT IT! I fixed this bug.

But I want to know: Why compile does not alignment global static varibles? a risk might occurred on some platforms.

2008年9月16日星期二

Build openssl with shared vs static

for openssl-0.9.8h

$ ./Configure linux-generic32 no-asm shared
$make CC=arm-linux-gcc AR="arm-linux-ar r"

[peter@localhost openssl-0.9.8h]$ ls -l lib*
-rw-rw-r-- 1 peter peter 2230728 Sep 16 09:27 libcrypto.a
-rw-rw-r-- 1 peter peter 236 Sep 16 09:28 libcrypto.pc
lrwxrwxrwx 1 peter peter 18 Sep 16 09:27 libcrypto.so -> libcrypto.so.0.9.8*
-rwxrwxr-x 1 peter peter 1444708 Sep 16 09:27 libcrypto.so.0.9.8*
-rw-rw-r-- 1 peter peter 400404 Sep 16 09:27 libssl.a
-rw-rw-r-- 1 peter peter 251 Sep 16 09:28 libssl.pc
lrwxrwxrwx 1 peter peter 15 Sep 16 09:27 libssl.so -> libssl.so.0.9.8*
-rwxrwxr-x 1 peter peter 275668 Sep 16 09:27 libssl.so.0.9.8*

[peter@localhost openssl-0.9.8h]$ file lib*
libcrypto.a: current ar archive
libcrypto.pc: ASCII text
libcrypto.so: symbolic link to `libcrypto.so.0.9.8'
libcrypto.so.0.9.8: ELF 32-bit LSB shared object, ARM, version 1 (ARM), not stripped
libssl.a: current ar archive
libssl.pc: ASCII text
libssl.so: symbolic link to `libssl.so.0.9.8'
libssl.so.0.9.8: ELF 32-bit LSB shared object, ARM, version 1 (ARM), not stripped

[peter@localhost openssl-0.9.8h]$ ll lib*
-rw-rw-r-- 1 peter peter 2230728 Sep 16 09:27 libcrypto.a
-rw-rw-r-- 1 peter peter 236 Sep 16 09:28 libcrypto.pc
lrwxrwxrwx 1 peter peter 18 Sep 16 09:27 libcrypto.so -> libcrypto.so.0.9.8*
-rwxrwxr-x 1 peter peter 1191608 Sep 16 09:59 libcrypto.so.0.9.8*
-rw-rw-r-- 1 peter peter 400404 Sep 16 09:27 libssl.a
-rw-rw-r-- 1 peter peter 251 Sep 16 09:28 libssl.pc
lrwxrwxrwx 1 peter peter 15 Sep 16 09:27 libssl.so -> libssl.so.0.9.8*
-rwxrwxr-x 1 peter peter 233704 Sep 16 09:59 libssl.so.0.9.8*
[peter@localhost openssl-0.9.8h]$
[peter@localhost openssl-0.9.8h]$ file lib*
libcrypto.a: current ar archive
libcrypto.pc: ASCII text
libcrypto.so: symbolic link to `libcrypto.so.0.9.8'
libcrypto.so.0.9.8: ELF 32-bit LSB shared object, ARM, version 1 (ARM), stripped
libssl.a: current ar archive
libssl.pc: ASCII text
libssl.so: symbolic link to `libssl.so.0.9.8'
libssl.so.0.9.8: ELF 32-bit LSB shared object, ARM, version 1 (ARM), stripped

[peter@localhost busybox-1.6.1]$ file busybox
busybox: ELF 32-bit LSB executable, ARM, version 1 (ARM), dynamically linked (uses shared libs), stripped
[peter@localhost busybox-1.6.1]$ ll busybox
-rwxrwxr-x 1 peter peter 699736 Sep 16 09:50 busybox*
[peter@localhost busybox-1.6.1]$ arm_920t_le-ldd busybox
libssl.so.0.9.8 => not found
libcrypto.so.0.9.8 => not found
libdl.so.2 => /share/project/test/buildroot/Storlink/usr/local/920t_le/target/lib/libdl.so.2 (0xdead1000)
libcrypt.so.1 => /share/project/test/buildroot/Storlink/usr/local/920t_le/target/lib/libcrypt.so.1 (0xdead2000)
libc.so.6 => /share/project/test/buildroot/Storlink/usr/local/920t_le/target/lib/libc.so.6 (0xdead3000)
/lib/ld-linux.so.2 => /share/project/test/buildroot/Storlink/usr/local/920t_le/target/lib/ld-linux.so.2 (0xdead4000)

----------------------------------------------------------------------
static link to SSL.
-rwxr-xr-x 1 peter peter 1444068 Sep 16 10:03 busybox.static_ssl

-------------------------------------------------------------------------
dynamic: 420214 openssl (not strip) 368120 openssl(striped)
static : 1641517 openssl(not strip)

----------------------------------------------------------------------
static openvpn: 1283804 (striped)
dynamic openvpn: 389852(striped)

Summary:
static:
busybox-SSL(1444068) + openssl(1641517) + openvpn(1283804)

dynamic:
busybox with SSL: 699736 + oenssl(368120) + openvpn (389852) + libraries (1191608+ 275668)

thanks

有用的blog，文章，文件

http://gaznjang.blogspot.com/search/label/kernel

2008年8月25日星期一

IPsec相關

ipsec openswan vs ipsec-tools(racoon)
http://www.wogri.at/fileadmin/ipsec/multiple_pages/publication.html
http://www.wogri.at/fileadmin/ipsec/multiple_pages/node22.html

IPSec DHCP over IPsec....formus
http://osdir.com/ml/redhat.fedora.devel/2004-01/msg00099.html
http://wiki.guoshuang.com/Openswan

2008年8月24日星期日

模擬器

來玩紅白機吧: http://olderliu.myweb.hinet.net/stg.htm
骨灰日誌
http://boneash.oldgame.tw/index.html

http://www.geocities.com/superhero1b04/
http://romhustler.net/
http://www.romnation.net/srv/roms.html

DEMO快速破關
http://www.wretch.cc/blog/cat069&category_id=8153493
任天堂攻略
http://www.askalee.com/game_guide/fc_game_teach.htm

ff有pic，中英對照
http://www.askalee.com/fc_gamephoto/fc_gamephoto_g1.htm
http://game-midi.blogspot.com/2008/07/sega-mega-drive.html
mame 中文化和大量的rom
http://boneash.oldgame.tw/MAME/mame.html
mame中文說明
http://www.puffer.idv.tw/mame32use1.htm

2008年8月12日星期二

除3，mod 3... for arm cross-compile

article from:
http://osdir.com/ml/debian.devel.gcc/2002-08/msg00071.html
在cros compile時意外發現的問題
當compile share libraries *.so時有用 '%3' (ex 100 % 3)會出現問題
這是在run time時會有unresolved symbol '__modsi3' ，但不會在linking時warnning
but if compiled as ELF executable file, it is work fine.
同樣地，好像除3也會有__divsi3的問題(沒驗證)

這似乎和.hidden section有關，以下文章可供參考

Okay, HJ Lu has helped resolve the remaining issues in our transition to
building glibc under gcc 3.2. There have been several critical binutils
bugs fixed related to this issue that Chris Chimelis will get into the
next binutils package. The remaining portion of this is the attached patch
from Franz Sirl that will be going into glibc-2-2-branch. I will attempt to
explain the rational of these changes so you understand their importance.
 Previous to gcc 3.1, gcc was exporting certain libgcc symbols, in error,
for linking. Starting with gcc 3.1, these symbols are now .hidden. This means
that if glibc is rebuilt with gcc >= 3.1, old binaries expecting to have
these symbols resolved will fail. In order to address this, ia64 and ppc
have provided libgcc-compat code in glibc to present these symbols for
resolution at run-time but not linking. The current glibc-2-2-branch as
of yesterday is insufficient to properly do this as Ulrich demands that
such symbols not be exported for linking. Unfortunately the current
patch there for this libgcc-compat code exports several of these symbols
for linking. The attached patch stops this behavior limiting all the
libgcc-compat symbols to just run-time resolution.
 In getting to the patch attached below we tickled several
obscure binutils bugs with HJ Lu has been kind enough to fix
and check into binutils cvs...

http://sources.redhat.com/ml/binutils/2002-08/msg00175.html
http://sources.redhat.com/ml/binutils/2002-08/msg00217.html
http://sources.redhat.com/ml/binutils/2002-08/msg00221.html

..these patches are essential! Without them binutils will either
have problems linking other programs (complaining in error about
duplicate symbols with __divdi3) and creating a libgcc_s.so.1
in gcc 3.2 with a properly versioned __divdi3 symbol.
 As soon as Chris has released the next binutils package and either
we use the attached patch or resample upstream from glibc-2-2-branch
for the same patch, we will be set to start building with gcc 3.2 on
ppc. It would be very good idea for us to get this resolved in
2.2.5-14, because current glibc-2-2-branch is exporting versioned
symbols for __divdi3, and few others, with a GLIBC_2.0 versioning.
This didn't happen in glibc prior to glibc 2.2.5-14 and it won't
after we add the patch below (which makes those symbols run-time
resolution only). It would be best if we don't muck around and
build a bunch of stuff on ppc against current glibc-2-2-branch without
the fix so as not to have to worry about those symbols.
 Let me know if you have any specific questions. The process is
really simple..

1) updated binutils from HJ or 2.13.90.0.3 with binutils-version-add and
bfd-version-dso patches from this weekend and today.
2) add in glibc-libgcc-compat-ppc-8-2_2d from below or resample
glibc-2-2-branch once Franz has it in.
3) add a depends to gcc 3.2 for the binutils (>=2.13.90.0.4) and
for glibc (>=2.2.5-14). This step is essential to prevent the
build machines from using gcc-3.2 to build against the wrong,
i.e. old, binutils and/or libc accidentally.

Thanks in advance for helping get this transition to gcc 3.2
correctly done on ppc.

2008年8月7日星期四

how to extract rpm files

$ rpm2cpio xxx.i386.rpm | cpio -idv

2008年7月8日星期二

perl one line by google

http://sial.org/howto/perl/one-liner/

# DOS to Unix text convert (example only, dos2unix much faster)
$ perl -i -pe 's/\r//g' file

# Legacy MacOS to Unix text convert
$ perl -i -pe 's/\r/\n/g' file

# Unix to DOS text convert (unix2dos much faster)
$ perl -i -pe 's/\n/\r\n/' file

2008年6月24日星期二

PPTP server client LAB

Unlike L2TP, PPTP server , client packages are different.
and they usually, have a particular packages by pptpd, and pptp-client.
(L2tp have l2tpd, rp-l2tpd and xl2tpd solutions)

PPTP server named: pptpd
PPTP client named: pptp

In my environments, server run on mandrake 10.0, with pptp

the basic command of client on need to involve.
pptp 10.0.0.1 user peter password 4321 noauth
the pptpserver run

[root@localhost etc]# cat pptpd.conf
debug
option /etc/ppp/options.pptp
localip 192.168.123.1
remoteip 192.168.123.2-100

and involved pptd daemon.

==========STOP PPTP client====
to stop established PPTP client, just by kill pppd.
yeah, just do that, I tested!

2008年6月20日星期五

l2tpd server client LAB (add over IPSec)

my server are mandrak 10.1. with l2tpd as server.

[root@localhost l2tpd]# l2tpd -v
Usage: l2tpd -D -c [config file] -s [secret file] -p [pid file]

[root@localhost l2tpd]# pwd /etc/l2tpd
[root@localhost l2tpd]# cat l2tpd.con
[global] ;listen-addr = 192.168.1.98
auth file = /etc/ppp/chap-secrets
[lns default]
ip range = 192.168.1.128-192.168.1.254
local ip = 192.168.1.99
require chap = yes
refuse pap = yes
require authentication = yes
name = Linuxl2tpVPNserver
ppp debug = yes
;pppoptfile = /etc/ppp/options.l2tpd
;length bit = yes
[lac linux]
lns = 172.21.34.138
ppp debug = yes
require authentication = yes
pppoptfile = /etc/ppp/options.l2tpd

================In client [LAC]=======
root@team-server:/etc/ppp# cat options.l2tpd
ipcp-accept-local
ipcp-accept-remote
#ms-dns 10.51.8.15
#ms-dns 10.51.8.243
#noccp
noauth
#require-mschap
#require-mschap-v2
#crtscts
idle 1800
mtu 1200
mru 1200
#username peter
#password 4321
#nodefaultroute
#nodetach
debug
lock
#require-chap
#proxyarp
connect-delay 5000

TIP:
#cat from /var/log/messages with chap user "0123456789" auth failure
Jun 20 16:19:07 localhost pppd[13989]: noccp^I^I# (from /etc/ppp/options)
Jun 20 16:19:07 localhost pppd[13989]: pppd 2.4.2 started by root, uid 0
Jun 20 16:19:07 localhost pppd[13989]: Using interface ppp0
Jun 20 16:19:07 localhost pppd[13989]: Connect: ppp0 <--> /dev/pts/1
Jun 20 16:19:10 localhost pppd[13989]: No CHAP secret found for authenticating 0123456789
Jun 20 16:19:10 localhost pppd[13989]: Peer 0123456789 failed CHAP authentication

http://cad.csie.ncku.edu.tw/~wnlee/l2tp.html

Windows Registry Editor Version 5.00
-------follow up enable/disable l2tp over ipsec in windows.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\Parameters]
"ProhibitIPSec"=dword:00000001

下面是xp client l2tp over IPSec quick mode 的proposal

  17215 | a1 2a b3 51 a3 7d 54 9d
  17216 | responder cookie:
  17217 | 6c b9 d5 a5 6d 66 9f 94
  17218 | next payload type: ISAKMP_NEXT_HASH
  17219 | ISAKMP version: ISAKMP Version 1.0
  17220 | exchange type: ISAKMP_XCHG_QUICK
  17221 | flags: ISAKMP_FLAG_ENCRYPTION
  17222 | message ID: ee 8d 05 29
  17223 | length: 300
  17224 | processing connection l2tp[3] 172.21.33.203
  17225 | ***parse ISAKMP Hash Payload:
  17226 | next payload type: ISAKMP_NEXT_SA
  17227 | length: 24
  17228 | ***parse ISAKMP Security Association Payload:
  17229 | next payload type: ISAKMP_NEXT_NONCE
  17230 | length: 196
  17231 | DOI: ISAKMP_DOI_IPSEC
  17232 | ***parse ISAKMP Nonce Payload:
  17233 | next payload type: ISAKMP_NEXT_ID
  17234 | length: 24
  17235 | ***parse ISAKMP Identification Payload (IPsec DOI):
  17236 | next payload type: ISAKMP_NEXT_ID
  17237 | length: 12
  17238 | ID type: ID_IPV4_ADDR
  17239 | Protocol ID: 17
  17240 | port: 1701
  17241 | ***parse ISAKMP Identification Payload (IPsec DOI):
  17242 | next payload type: ISAKMP_NEXT_NONE
  17243 | length: 12
  17244 | ID type: ID_IPV4_ADDR
  17245 | Protocol ID: 17
  17246 | port: 1701
  17247 | removing 4 bytes of padding
  17248 | peer client is 172.21.33.203
  17249 | peer client protocol/port is 17/1701
  17250 | our client is 172.21.46.133
  17251 | our client protocol/port is 17/1701
  17252 | processing connection l2tp[3] 172.21.33.203
  17253 | ****parse IPsec DOI SIT:
  17254 | IPsec DOI SIT: SIT_IDENTITY_ONLY
  17255 | ****parse ISAKMP Proposal Payload:
  17256 | next payload type: ISAKMP_NEXT_P
  17257 | length: 92

  17258 | proposal number: 1
  17259 | protocol ID: PROTO_IPSEC_ESP
  17260 | SPI size: 4
  17261 | number of transforms: 2
  17262 | parsing 4 raw bytes of ISAKMP Proposal Payload into SPI
  17263 | SPI 1e 0e 52 3c
  17264 | ****parse ISAKMP Proposal Payload:
  17265 | next payload type: ISAKMP_NEXT_NONE
  17266 | length: 92
  17267 | proposal number: 2
  17268 | protocol ID: PROTO_IPSEC_AH
  17269 | SPI size: 4
  17270 | number of transforms: 2
  17271 | *****parse ISAKMP Transform Payload (ESP):
  17272 | next payload type: ISAKMP_NEXT_T
  17273 | length: 40
  17274 | transform number: 1
  17275 | transform ID: ESP_NULL
  17276 | ******parse ISAKMP IPsec DOI attribute:
  17277 | af+type: SA_LIFE_TYPE
  17278 | length/value: 1
  17279 | [1 is SA_LIFE_TYPE_SECONDS]
  17280 | ******parse ISAKMP IPsec DOI attribute:
  17281 | af+type: SA_LIFE_DURATION (variable length)
  17282 | length/value: 4
  17283 | long duration: 3600
  17284 | ******parse ISAKMP IPsec DOI attribute:
  17285 | af+type: SA_LIFE_TYPE
  17286 | length/value: 2
  17287 | [2 is SA_LIFE_TYPE_KBYTES]
  17288 | ******parse ISAKMP IPsec DOI attribute:
  17289 | af+type: SA_LIFE_DURATION (variable length)
  17290 | length/value: 4
  17291 | long duration: 250000
  17292 | ******parse ISAKMP IPsec DOI attribute:
  17293 | af+type: ENCAPSULATION_MODE
  17294 | length/value: 2
  17295 | [2 is ENCAPSULATION_MODE_TRANSPORT]
  17296 | ******parse ISAKMP IPsec DOI attribute:
  17297 | af+type: AUTH_ALGORITHM
  17298 | length/value: 2
  17299 | [2 is AUTH_ALGORITHM_HMAC_SHA1]

  17300 "l2tp"[3] 172.21.33.203 #9: IPsec Transform [ESP_NULL (0), AUTH_ALGORITHM_HMAC_SHA1] refused due to insecure key_len and enc. alg. not listed in "esp" string
  17301 | parsing 4 raw bytes of ISAKMP Proposal Payload into SPI
  17302 | SPI 1e 0e 52 3c
  17303 | *****parse ISAKMP Transform Payload (AH):
  17304 | next payload type: ISAKMP_NEXT_T
  17305 | length: 40
  17306 | transform number: 1
  17307 | transform ID: AH_SHA
  17308 | ******parse ISAKMP IPsec DOI attribute:
  17309 | af+type: SA_LIFE_TYPE
  17310 | length/value: 1
  17311 | [1 is SA_LIFE_TYPE_SECONDS]
  17312 | ******parse ISAKMP IPsec DOI attribute:
  17313 | af+type: SA_LIFE_DURATION (variable length)
  17314 | length/value: 4
  17315 | long duration: 3600
  17316 | ******parse ISAKMP IPsec DOI attribute:
  17317 | af+type: SA_LIFE_TYPE
  17318 | length/value: 2
  17319 | [2 is SA_LIFE_TYPE_KBYTES]
  17320 | ******parse ISAKMP IPsec DOI attribute:
  17321 | af+type: SA_LIFE_DURATION (variable length)
  17322 | length/value: 4
  17323 | long duration: 250000
  17324 | ******parse ISAKMP IPsec DOI attribute:
  17325 | af+type: ENCAPSULATION_MODE
  17326 | length/value: 2
  17327 | [2 is ENCAPSULATION_MODE_TRANSPORT]
  17328 | ******parse ISAKMP IPsec DOI attribute:
  17329 | af+type: AUTH_ALGORITHM
  17330 | length/value: 2
  17331 | [2 is AUTH_ALGORITHM_HMAC_SHA1]
  17332 "l2tp"[3] 172.21.33.203 #9: no acceptable Proposal in IPsec SA
  17333 "l2tp"[3] 172.21.33.203 #9: sending encrypted notification NO_PROPOSAL_CHOSEN to 172.21.33.203:500
  17334 "l2tp"[3] 172.21.33.203 #9: failed to build notification for spisize=0

-----------------------------------------------------------------------------------------------------------------

This log is come from my router, client is L2TP over IPSec run on WinXP (SP3?)
They seems to prefer ESP NULL algorithm + SHA1,

=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2010.03.30 15:25:59 =~=~=~=~=~=~=~=~=~=~=~=
pluto[5161]: |

pluto[5161]: | *received 312 bytes from 172.21.33.203:500 on eth0

pluto[5161]: | **parse ISAKMP Message:

pluto[5161]: | initiator cookie:

pluto[5161]: | 5a 8c 0c 62 6e 27 b4 11

pluto[5161]: | responder cookie:

pluto[5161]: | 00 00 00 00 00 00 00 00

pluto[5161]: | next payload type: ISAKMP_NEXT_SA

pluto[5161]: | ISAKMP version: ISAKMP Version 1.0

pluto[5161]: | exchange type: ISAKMP_XCHG_IDPROT

pluto[5161]: | flags: none

pluto[5161]: | message ID: 00 00 00 00

pluto[5161]: | length: 312

pluto[5161]: | The xchg type is ISAKMP_XCHG_IDPROT (2)

pluto[5161]: | ***parse ISAKMP Security Association Payload:

pluto[5161]: | next payload type: ISAKMP_NEXT_VID

pluto[5161]: | length: 200

pluto[5161]: | DOI: ISAKMP_DOI_IPSEC

pluto[5161]: | ***parse ISAKMP Vendor ID Payload:

pluto[5161]: | next payload type: ISAKMP_NEXT_VID

pluto[5161]: | length: 24

pluto[5161]: | ***parse ISAKMP Vendor ID Payload:

pluto[5161]: | next payload type: ISAKMP_NEXT_VID

pluto[5161]: | length: 20

pluto[5161]: | ***parse ISAKMP Vendor ID Payload:

pluto[5161]: | next payload type: ISAKMP_NEXT_VID

pluto[5161]: | length: 20

pluto[5161]: | ***parse ISAKMP Vendor ID Payload:

pluto[5161]: | next payload type: ISAKMP_NEXT_NONE

pluto[5161]: | length: 20

pluto[5161]: packet from 172.21.33.203:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]

pluto[5161]: | VID: 1e 2b 51 69 05 99 1c 7d 7c 96 fc bf b5 87 e4 61

pluto[5161]: | 00 00 00 04

pluto[5161]: packet from 172.21.33.203:500: ignoring Vendor ID payload [FRAGMENTATION]

pluto[5161]: | VID: 40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3

pluto[5161]: packet from 172.21.33.203:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]

pluto[5161]: | VID: 90 cb 80 91 3e bb 69 6e 08 63 81 b5 ec 42 7b 1f

pluto[5161]: packet from 172.21.33.203:500: ignoring Vendor ID payload [26244d38eddb61b3172a36e3d0cfb819]

pluto[5161]: | VID: 26 24 4d 38 ed db 61 b3 17 2a 36 e3 d0 cf b8 19

pluto[5161]: | ****parse IPsec DOI SIT:

pluto[5161]: | IPsec DOI SIT: SIT_IDENTITY_ONLY

pluto[5161]: | ****parse ISAKMP Proposal Payload:

pluto[5161]: | next payload type: ISAKMP_NEXT_NONE

pluto[5161]: | length: 188

pluto[5161]: | proposal number: 1

pluto[5161]: | protocol ID: PROTO_ISAKMP

pluto[5161]: | SPI size: 0

pluto[5161]: | number of transforms: 5

pluto[5161]: | *****parse ISAKMP Transform Payload (ISAKMP):

pluto[5161]: | next payload type: ISAKMP_NEXT_T

pluto[5161]: | length: 36

pluto[5161]: | transform number: 1

pluto[5161]: | transform ID: KEY_IKE

pluto[5161]: | ******parse ISAKMP Oakley attribute:

pluto[5161]: | af+type: OAKLEY_ENCRYPTION_ALGORITHM

pluto[5161]: | length/value: 5

pluto[5161]: | ******parse ISAKMP Oakley attribute:

pluto[5161]: | af+type: OAKLEY_HASH_ALGORITHM

pluto[5161]: | length/value: 2

pluto[5161]: | ******parse ISAKMP Oakley attribute:

pluto[5161]: | af+type: OAKLEY_GROUP_DESCRIPTION

pluto[5161]: | length/value: 14

pluto[5161]: | ******parse ISAKMP Oakley attribute:

pluto[5161]: | af+type: OAKLEY_AUTHENTICATION_METHOD

pluto[5161]: | length/value: 1

pluto[5161]: | ******parse ISAKMP Oakley attribute:

pluto[5161]: | af+type: OAKLEY_LIFE_TYPE

pluto[5161]: | length/value: 1

pluto[5161]: | ******parse ISAKMP Oakley attribute:

pluto[5161]: | af+type: OAKLEY_LIFE_DURATION (variable length)

pluto[5161]: | length/value: 4

pluto[5161]: | *****parse ISAKMP Transform Payload (ISAKMP):

pluto[5161]: | next payload type: ISAKMP_NEXT_T

pluto[5161]: | length: 36

pluto[5161]: | transform number: 2

pluto[5161]: | transform ID: KEY_IKE

pluto[5161]: | ******parse ISAKMP Oakley attribute:

pluto[5161]: | af+type: OAKLEY_ENCRYPTION_ALGORITHM

pluto[5161]: | length/value: 5

pluto[5161]: | ******parse ISAKMP Oakley attribute:

pluto[5161]: | af+type: OAKLEY_HASH_ALGORITHM

pluto[5161]: | length/value: 2

pluto[5161]: | ******parse ISAKMP Oakley attribute:

pluto[5161]: | af+type: OAKLEY_GROUP_DESCRIPTION

pluto[5161]: | length/value: 2

pluto[5161]: | ******parse ISAKMP Oakley attribute:

pluto[5161]: | af+type: OAKLEY_AUTHENTICATION_METHOD

pluto[5161]: | length/value: 1

pluto[5161]: | ******parse ISAKMP Oakley attribute:

pluto[5161]: | af+type: OAKLEY_LIFE_TYPE

pluto[5161]: | length/value: 1

pluto[5161]: | ******parse ISAKMP Oakley attribute:

pluto[5161]: | af+type: OAKLEY_LIFE_DURATION (variable length)

pluto[5161]: | length/value: 4

pluto[5161]: | *****parse ISAKMP Transform Payload (ISAKMP):

pluto[5161]: | next payload type: ISAKMP_NEXT_T

pluto[5161]: | length: 36

pluto[5161]: | transform number: 3

pluto[5161]: | transform ID: KEY_IKE

pluto[5161]: | ******parse ISAKMP Oakley attribute:

pluto[5161]: | af+type: OAKLEY_ENCRYPTION_ALGORITHM

pluto[5161]: | length/value: 5

pluto[5161]: | ******parse ISAKMP Oakley attribute:

pluto[5161]: | af+type: OAKLEY_HASH_ALGORITHM

pluto[5161]: | length/value: 1

pluto[5161]: | ******parse ISAKMP Oakley attribute:

pluto[5161]: | af+type: OAKLEY_GROUP_DESCRIPTION

pluto[5161]: | length/value: 2

pluto[5161]: | ******parse ISAKMP Oakley attribute:

pluto[5161]: | af+type: OAKLEY_AUTHENTICATION_METHOD

pluto[5161]: | length/value: 1

pluto[5161]: | ******parse ISAKMP Oakley attribute:

pluto[5161]: | af+type: OAKLEY_LIFE_TYPE

pluto[5161]: | length/value: 1

pluto[5161]: | ******parse ISAKMP Oakley attribute:

pluto[5161]: | af+type: OAKLEY_LIFE_DURATION (variable length)

pluto[5161]: | length/value: 4

pluto[5161]: | *****parse ISAKMP Transform Payload (ISAKMP):

pluto[5161]: | next payload type: ISAKMP_NEXT_T

pluto[5161]: | length: 36

pluto[5161]: | transform number: 4

pluto[5161]: | transform ID: KEY_IKE

pluto[5161]: | ******parse ISAKMP Oakley attribute:

pluto[5161]: | af+type: OAKLEY_ENCRYPTION_ALGORITHM

pluto[5161]: | length/value: 1

pluto[5161]: | ******parse ISAKMP Oakley attribute:

pluto[5161]: | af+type: OAKLEY_HASH_ALGORITHM

pluto[5161]: | length/value: 2

pluto[5161]: | ******parse ISAKMP Oakley attribute:

pluto[5161]: | af+type: OAKLEY_GROUP_DESCRIPTION

pluto[5161]: | length/value: 1

pluto[5161]: | ******parse ISAKMP Oakley attribute:

pluto[5161]: | af+type: OAKLEY_AUTHENTICATION_METHOD

pluto[5161]: | length/value: 1

pluto[5161]: | ******parse ISAKMP Oakley attribute:

pluto[5161]: | af+type: OAKLEY_LIFE_TYPE

pluto[5161]: | length/value: 1

pluto[5161]: | ******parse ISAKMP Oakley attribute:

pluto[5161]: | af+type: OAKLEY_LIFE_DURATION (variable length)

pluto[5161]: | length/value: 4

pluto[5161]: | *****parse ISAKMP Transform Payload (ISAKMP):

pluto[5161]: | next payload type: ISAKMP_NEXT_NONE

pluto[5161]: | length: 36

pluto[5161]: | transform number: 5

pluto[5161]: | transform ID: KEY_IKE

pluto[5161]: | ******parse ISAKMP Oakley attribute:

pluto[5161]: | af+type: OAKLEY_ENCRYPTION_ALGORITHM

pluto[5161]: | length/value: 1

pluto[5161]: | ******parse ISAKMP Oakley attribute:

pluto[5161]: | af+type: OAKLEY_HASH_ALGORITHM

pluto[5161]: | length/value: 1

pluto[5161]: | ******parse ISAKMP Oakley attribute:

pluto[5161]: | af+type: OAKLEY_GROUP_DESCRIPTION

pluto[5161]: | length/value: 1

pluto[5161]: | ******parse ISAKMP Oakley attribute:

pluto[5161]: | af+type: OAKLEY_AUTHENTICATION_METHOD

pluto[5161]: | length/value: 1

pluto[5161]: | ******parse ISAKMP Oakley attribute:

pluto[5161]: | af+type: OAKLEY_LIFE_TYPE

pluto[5161]: | length/value: 1

pluto[5161]: | ******parse ISAKMP Oakley attribute:

pluto[5161]: | af+type: OAKLEY_LIFE_DURATION (variable length)

pluto[5161]: | length/value: 4

pluto[5161]: "conn_pptp_ipsec"[1] 172.21.33.203 #1: responding to Main Mode from unknown peer 172.21.33.203

pluto[5161]: | ****parse IPsec DOI SIT:

pluto[5161]: | IPsec DOI SIT: SIT_IDENTITY_ONLY

pluto[5161]: | ****parse ISAKMP Proposal Payload:

pluto[5161]: | next payload type: ISAKMP_NEXT_NONE

pluto[5161]: | length: 188

pluto[5161]: | proposal number: 1

pluto[5161]: | protocol ID: PROTO_ISAKMP

pluto[5161]: | SPI size: 0

pluto[5161]: | number of transforms: 5

pluto[5161]: | *****parse ISAKMP Transform Payload (ISAKMP):

pluto[5161]: | next payload type: ISAKMP_NEXT_T

pluto[5161]: | length: 36

pluto[5161]: | transform number: 1

pluto[5161]: | transform ID: KEY_IKE

pluto[5161]: | ******parse ISAKMP Oakley attribute:

pluto[5161]: | af+type: OAKLEY_ENCRYPTION_ALGORITHM

pluto[5161]: | length/value: 5

pluto[5161]: | [5 is OAKLEY_3DES_CBC]

pluto[5161]: | ******parse ISAKMP Oakley attribute:

pluto[5161]: | af+type: OAKLEY_HASH_ALGORITHM

pluto[5161]: | length/value: 2

pluto[5161]: | [2 is OAKLEY_SHA]

pluto[5161]: | ******parse ISAKMP Oakley attribute:

pluto[5161]: | af+type: OAKLEY_GROUP_DESCRIPTION

pluto[5161]: | length/value: 14

pluto[5161]: | [14 is OAKLEY_GROUP_MODP2048]

pluto[5161]: | ******parse ISAKMP Oakley attribute:

pluto[5161]: | af+type: OAKLEY_AUTHENTICATION_METHOD

pluto[5161]: | length/value: 1

pluto[5161]: | [1 is OAKLEY_PRESHARED_KEY]

pluto[5161]: | ******parse ISAKMP Oakley attribute:

pluto[5161]: | af+type: OAKLEY_LIFE_TYPE

pluto[5161]: | length/value: 1

pluto[5161]: | [1 is OAKLEY_LIFE_SECONDS]

pluto[5161]: | ******parse ISAKMP Oakley attribute:

pluto[5161]: | af+type: OAKLEY_LIFE_DURATION (variable length)

pluto[5161]: | length/value: 4

pluto[5161]: | long duration: 28800

pluto[5161]: | Oakley Transform 1 accepted

pluto[5161]: "conn_pptp_ipsec"[1] 172.21.33.203 #1: transition from state (null) to state STATE_MAIN_R1

pluto[5161]: |

pluto[5161]: | *received 360 bytes from 172.21.33.203:500 on eth0

pluto[5161]: | **parse ISAKMP Message:

pluto[5161]: | initiator cookie:

pluto[5161]: | 5a 8c 0c 62 6e 27 b4 11

pluto[5161]: | responder cookie:

pluto[5161]: | a6 4e e6 ec da 02 54 6c

pluto[5161]: | next payload type: ISAKMP_NEXT_KE

pluto[5161]: | ISAKMP version: ISAKMP Version 1.0

pluto[5161]: | exchange type: ISAKMP_XCHG_IDPROT

pluto[5161]: | flags: none

pluto[5161]: | message ID: 00 00 00 00

pluto[5161]: | length: 360

pluto[5161]: | The xchg type is ISAKMP_XCHG_IDPROT (2)

pluto[5161]: | ***parse ISAKMP Key Exchange Payload:

pluto[5161]: | next payload type: ISAKMP_NEXT_NONCE

pluto[5161]: | length: 260

pluto[5161]: | ***parse ISAKMP Nonce Payload:

pluto[5161]: | next payload type: ISAKMP_NEXT_NAT-D

pluto[5161]: | length: 24

pluto[5161]: | ***parse ISAKMP NAT-D Payload:

pluto[5161]: | next payload type: ISAKMP_NEXT_NAT-D

pluto[5161]: | length: 24

pluto[5161]: | ***parse ISAKMP NAT-D Payload:

pluto[5161]: | next payload type: ISAKMP_NEXT_NONE

pluto[5161]: | length: 24

pluto[5161]: "conn_pptp_ipsec"[1] 172.21.33.203 #1: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: no NAT detected

pluto[5161]: "conn_pptp_ipsec"[1] 172.21.33.203 #1: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2

pluto[5161]: |

pluto[5161]: | *received 68 bytes from 172.21.33.203:500 on eth0

pluto[5161]: | **parse ISAKMP Message:

pluto[5161]: | initiator cookie:

pluto[5161]: | 5a 8c 0c 62 6e 27 b4 11

pluto[5161]: | responder cookie:

pluto[5161]: | a6 4e e6 ec da 02 54 6c

pluto[5161]: | next payload type: ISAKMP_NEXT_ID

pluto[5161]: | ISAKMP version: ISAKMP Version 1.0

pluto[5161]: | exchange type: ISAKMP_XCHG_IDPROT

pluto[5161]: | flags: ISAKMP_FLAG_ENCRYPTION

pluto[5161]: | message ID: 00 00 00 00

pluto[5161]: | length: 68

pluto[5161]: | The xchg type is ISAKMP_XCHG_IDPROT (2)

pluto[5161]: | ***parse ISAKMP Identification Payload:

pluto[5161]: | next payload type: ISAKMP_NEXT_HASH

pluto[5161]: | length: 12

pluto[5161]: | ID type: ID_IPV4_ADDR

pluto[5161]: | DOI specific A: 0

pluto[5161]: | DOI specific B: 0

pluto[5161]: | ***parse ISAKMP Hash Payload:

pluto[5161]: | next payload type: ISAKMP_NEXT_NONE

pluto[5161]: | length: 24

pluto[5161]: | removing 4 bytes of padding

pluto[5161]: "conn_pptp_ipsec"[1] 172.21.33.203 #1: Main mode peer ID is ID_IPV4_ADDR: '172.21.33.203'

pluto[5161]: "conn_pptp_ipsec"[1] 172.21.33.203 #1: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3

pluto[5161]: "conn_pptp_ipsec"[1] 172.21.33.203 #1: sent MR3, ISAKMP SA established

pluto[5161]: |

pluto[5161]: | *received 300 bytes from 172.21.33.203:500 on eth0

pluto[5161]: | **parse ISAKMP Message:

pluto[5161]: | initiator cookie:

pluto[5161]: | 5a 8c 0c 62 6e 27 b4 11

pluto[5161]: | responder cookie:

pluto[5161]: | a6 4e e6 ec da 02 54 6c

pluto[5161]: | next payload type: ISAKMP_NEXT_HASH

pluto[5161]: | ISAKMP version: ISAKMP Version 1.0

pluto[5161]: | exchange type: ISAKMP_XCHG_QUICK

pluto[5161]: | flags: ISAKMP_FLAG_ENCRYPTION

pluto[5161]: | message ID: 23 3c fb 79

pluto[5161]: | length: 300

pluto[5161]: | The xchg type is ISAKMP_XCHG_QUICK (32)

pluto[5161]: | ***parse ISAKMP Hash Payload:

pluto[5161]: | next payload type: ISAKMP_NEXT_SA

pluto[5161]: | length: 24

pluto[5161]: | ***parse ISAKMP Security Association Payload:

pluto[5161]: | next payload type: ISAKMP_NEXT_NONCE

pluto[5161]: | length: 196

pluto[5161]: | DOI: ISAKMP_DOI_IPSEC

pluto[5161]: | ***parse ISAKMP Nonce Payload:

pluto[5161]: | next payload type: ISAKMP_NEXT_ID

pluto[5161]: | length: 24

pluto[5161]: | ***parse ISAKMP Identification Payload (IPsec DOI):

pluto[5161]: | next payload type: ISAKMP_NEXT_ID

pluto[5161]: | length: 12

pluto[5161]: | ID type: ID_IPV4_ADDR

pluto[5161]: | Protocol ID: 17

pluto[5161]: | port: 1701

pluto[5161]: | ***parse ISAKMP Identification Payload (IPsec DOI):

pluto[5161]: | next payload type: ISAKMP_NEXT_NONE

pluto[5161]: | length: 12

pluto[5161]: | ID type: ID_IPV4_ADDR

pluto[5161]: | Protocol ID: 17

pluto[5161]: | port: 1701

pluto[5161]: | removing 4 bytes of padding

pluto[5161]: | peer client is 172.21.33.203/32

pluto[5161]: | peer client protocol/port is 17/1701

pluto[5161]: | our client is 172.21.33.8/32

pluto[5161]: | our client protocol/port is 17/1701

pluto[5161]: | ****parse IPsec DOI SIT:

pluto[5161]: | IPsec DOI SIT: SIT_IDENTITY_ONLY

pluto[5161]: | ****parse ISAKMP Proposal Payload:

pluto[5161]: | next payload type: ISAKMP_NEXT_P

pluto[5161]: | length: 92

pluto[5161]: | proposal number: 1

pluto[5161]: | protocol ID: PROTO_IPSEC_ESP

pluto[5161]: | SPI size: 4

pluto[5161]: | number of transforms: 2

pluto[5161]: | parsing 4 raw bytes of ISAKMP Proposal Payload into SPI

pluto[5161]: | SPI ff 9a 6b fe

pluto[5161]: | ****parse ISAKMP Proposal Payload:

pluto[5161]: | next payload type: ISAKMP_NEXT_NONE

pluto[5161]: | length: 92

pluto[5161]: | proposal number: 2

pluto[5161]: | protocol ID: PROTO_IPSEC_AH

pluto[5161]: | SPI size: 4

pluto[5161]: | number of transforms: 2

pluto[5161]: | *****parse ISAKMP Transform Payload (ESP):

pluto[5161]: | next payload type: ISAKMP_NEXT_T

pluto[5161]: | length: 40

pluto[5161]: | transform number: 1

pluto[5161]: | transform ID: ESP_NULL

pluto[5161]: | ******parse ISAKMP IPsec DOI attribute:

pluto[5161]: | af+type: SA_LIFE_TYPE

pluto[5161]: | length/value: 1

pluto[5161]: | [1 is SA_LIFE_TYPE_SECONDS]

pluto[5161]: | ******parse ISAKMP IPsec DOI attribute:

pluto[5161]: | af+type: SA_LIFE_DURATION (variable length)

pluto[5161]: | length/value: 4

pluto[5161]: | long duration: 3600

pluto[5161]: | ******parse ISAKMP IPsec DOI attribute:

pluto[5161]: | af+type: SA_LIFE_TYPE

pluto[5161]: | length/value: 2

pluto[5161]: | [2 is SA_LIFE_TYPE_KBYTES]

pluto[5161]: | ******parse ISAKMP IPsec DOI attribute:

pluto[5161]: | af+type: SA_LIFE_DURATION (variable length)

pluto[5161]: | length/value: 4

pluto[5161]: | long duration: 250000

pluto[5161]: | ******parse ISAKMP IPsec DOI attribute:

pluto[5161]: | af+type: ENCAPSULATION_MODE

pluto[5161]: | length/value: 2

pluto[5161]: | [2 is ENCAPSULATION_MODE_TRANSPORT]

pluto[5161]: | ******parse ISAKMP IPsec DOI attribute:

pluto[5161]: | af+type: AUTH_ALGORITHM

pluto[5161]: | length/value: 2

pluto[5161]: | [2 is AUTH_ALGORITHM_HMAC_SHA1]

pluto[5161]: "conn_pptp_ipsec"[1] 172.21.33.203 #2: You should NOT use insecure ESP algorithms [ESP_NULL (0)]!

pluto[5161]: "conn_pptp_ipsec"[1] 172.21.33.203 #2: responding to Quick Mode

pluto[5161]: | compute_proto_keymat:needed_len (after ESP enc)=0

pluto[5161]: | kernel_alg_esp_auth_keylen(auth=2, sadb_aalg=3): a_keylen=20

pluto[5161]: | compute_proto_keymat:needed_len (after ESP auth)=20

pluto[5161]: "conn_pptp_ipsec"[1] 172.21.33.203 #2: transition from state (null) to state STATE_QUICK_R1

pluto[5161]: |

pluto[5161]: | *received 52 bytes from 172.21.33.203:500 on eth0

pluto[5161]: | **parse ISAKMP Message:

pluto[5161]: | initiator cookie:

pluto[5161]: | 5a 8c 0c 62 6e 27 b4 11

pluto[5161]: | responder cookie:

pluto[5161]: | a6 4e e6 ec da 02 54 6c

pluto[5161]: | next payload type: ISAKMP_NEXT_HASH

pluto[5161]: | ISAKMP version: ISAKMP Version 1.0

pluto[5161]: | exchange type: ISAKMP_XCHG_QUICK

pluto[5161]: | flags: ISAKMP_FLAG_ENCRYPTION

pluto[5161]: | message ID: 23 3c fb 79

pluto[5161]: | length: 52

pluto[5161]: | The xchg type is ISAKMP_XCHG_QUICK (32)

pluto[5161]: | ***parse ISAKMP Hash Payload:

pluto[5161]: | next payload type: ISAKMP_NEXT_NONE

pluto[5161]: | length: 24

pluto[5161]: "conn_pptp_ipsec"[1] 172.21.33.203 #2: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2

pluto[5161]: "conn_pptp_ipsec"[1] 172.21.33.203 #2: IPsec SA established

#

2008年5月21日星期三

debug trace bcm58XX

#ifconfig eth0 up
Jan 1 08:03:05 (none) user.warn kernel: et0: et_ioctl: cmd 0x8946
Jan 1 08:03:08 (none) user.warn kernel: et0: et_ioctl: cmd 0x8946
Jan 1 08:03:11 (none) user.warn kernel: et0: et_open
Jan 1 08:03:11 (none) user.warn kernel: et0: et_up
Jan 1 08:03:11 (none) user.warn kernel: et0: et_init
Jan 1 08:03:11 (none) user.warn kernel: et0: et_reset
Jan 1 08:03:11 (none) user.warn kernel: et0: etc_reset
Jan 1 08:03:11 (none) user.warn kernel: et0: chipreset
Jan 1 08:03:11 (none) user.warn kernel: et0: chiptxreclaim
Jan 1 08:03:11 (none) user.warn kernel: et0: chiprxreclaim
Jan 1 08:03:11 (none) user.warn kernel: et0: etc_init
Jan 1 08:03:11 (none) user.warn kernel: et0: chipinit
Jan 1 08:03:11 (none) user.warn kernel: et0: et_set_multicast_list
Jan 1 08:03:11 (none) user.warn kernel: et0: et_init
Jan 1 08:03:11 (none) user.warn kernel: et0: et_reset
Jan 1 08:03:11 (none) user.warn kernel: et0: etc_reset
Jan 1 08:03:11 (none) user.warn kernel: et0: chipreset
Jan 1 08:03:11 (none) user.warn kernel: et0: chiptxreclaim
Jan 1 08:03:11 (none) user.warn kernel: et0: chiprxreclaim
Jan 1 08:03:11 (none) user.warn kernel: et0: etc_init
Jan 1 08:03:11 (none) user.warn kernel: et0: chipinit
Jan 1 08:03:11 (none) user.warn kernel: et0: et_get_stats
Jan 1 08:03:11 (none) user.warn kernel: et0: et_set_multicast_list
Jan 1 08:03:11 (none) user.warn kernel: et0: et_init
Jan 1 08:03:11 (none) user.warn kernel: et0: et_reset
Jan 1 08:03:11 (none) user.warn kernel: et0: etc_reset
Jan 1 08:03:11 (none) user.warn kernel: et0: chipreset
Jan 1 08:03:11 (none) user.warn kernel: et0: chiptxreclaim
Jan 1 08:03:11 (none) user.warn kernel: et0: chiprxreclaim
Jan 1 08:03:11 (none) user.warn kernel: et0: etc_init
Jan 1 08:03:11 (none) user.warn kernel: et0: chipinit
Jan 1 08:03:11 (none) user.info kernel: vlan0: dev_set_promiscuity(master, 1)
Jan 1 08:03:11 (none) user.info kernel: br0: port 1(vlan0) entering learning state
Jan 1 08:03:11 (none) user.warn kernel: et0: et_set_multicast_list
Jan 1 08:03:11 (none) user.warn kernel: et0: et_init
Jan 1 08:03:11 (none) user.warn kernel: et0: et_reset
Jan 1 08:03:11 (none) user.warn kernel: et0: etc_reset
Jan 1 08:03:11 (none) user.warn kernel: et0: chipreset
Jan 1 08:03:11 (none) user.warn kernel: et0: chiptxreclaim
Jan 1 08:03:11 (none) user.warn kernel: et0: chiprxreclaim
Jan 1 08:03:11 (none) user.warn kernel: et0: etc_init
Jan 1 08:03:11 (none) user.warn kernel: et0: chipinit
Jan 1 08:03:11 (none) user.warn kernel: et0: et_get_stats
Jan 1 08:03:11 (none) user.info kernel: br0: port 1(vlan0) entering forwarding state
Jan 1 08:03:11 (none) user.info kernel: br0: topology change detected, propagating
Jan 1 08:03:11 (none) user.warn kernel: et0: et_ioctl: cmd 0x8946
Jan 1 08:03:14 (none) user.warn kernel: et0: et_ioctl: cmd 0x8946

#ifconfig eth0 down

Jan 1 08:05:56 (none) user.warn kernel: et0: et_ioctl: cmd 0x8946
Jan 1 08:05:58 (none) user.warn kernel: et0: et_set_multicast_list
Jan 1 08:05:58 (none) user.warn kernel: et0: et_init
Jan 1 08:05:58 (none) user.warn kernel: et0: et_reset
Jan 1 08:05:58 (none) user.warn kernel: et0: etc_reset
Jan 1 08:05:58 (none) user.warn kernel: et0: chipreset
Jan 1 08:05:58 (none) user.warn kernel: et0: chiptxreclaim
Jan 1 08:05:58 (none) user.warn kernel: et0: chiprxreclaim
Jan 1 08:05:58 (none) user.warn kernel: et0: etc_init
Jan 1 08:05:58 (none) user.warn kernel: et0: chipinit
Jan 1 08:05:58 (none) user.warn kernel: et0: et_close
Jan 1 08:05:58 (none) user.warn kernel: et0: et_down
Jan 1 08:05:58 (none) user.warn kernel: et0: et_reset
Jan 1 08:05:58 (none) user.warn kernel: et0: etc_reset
Jan 1 08:05:58 (none) user.warn kernel: et0: chipreset
Jan 1 08:05:58 (none) user.warn kernel: et0: chiptxreclaim
Jan 1 08:05:58 (none) user.warn kernel: et0: chiprxreclaim
Jan 1 08:05:58 (none) user.warn kernel: et0: link down
Jan 1 08:05:58 (none) user.warn kernel: et0: et_get_stats
Jan 1 08:05:58 (none) user.info kernel: br0: port 1(vlan0) entering disabled state
Jan 1 08:05:58 (none) user.warn kernel: et0: et_get_stats
Jan 1 08:05:59 (none) user.warn kernel: et0: et_ioctl: cmd 0x8946

http://linux-ip.net/

在找arp 在proc subsytem時無意找到的一個good site…

2008年5月17日星期六

GIT 教學

http://www.bitsun.com/documents/gittutorcn.htm
http://www.qweruiop.org/nchcrails/posts/49

git-cvsimport
http://docs.moodle.org/en/Development:Tracking_Moodle_CVS_with_git
http://www.blogger.com/profile/06114951663056205324

git vedio
http://git.or.cz/gitwiki/GitDocumentation

#update repositroy from cvs to git
git-cvsimport -C ../../cmds.git/
git-clone ssh://git@172.21.46.131/pub/cmds.git
#log
git-log --stat
git-log --pretty=format:"%cd %cn%n%s" --stat

------------------------------------
My favorite commands.

#change git ssh repository URL , ex: login account
cat .git/config
[core]
repositoryformatversion = 0
filemode = true
bare = false
logallrefupdates = true
[remote "origin"]
url = ssh://git@172.21.46.131/pub/cgi.git
fetch = +refs/heads/*:refs/remotes/origin/*
[branch "master"]
remote = origin
merge = refs/heads/master

#git diff
git-diff HEAD^ public.c

2008年5月15日星期四

Build cross-compiler

今天在rss上看到cross-compiler的howto…
目前沒時間細看
所以先記下來

http://www.linuxjournal.com/article/9904

http://moto.debian.org.tw/viewtopic.php?p=49621

http://www.akae.cn/bbs/viewthread.php?tid=6993&extra=page%3D1

2008年5月12日星期一

pppoe server howto

I have spent all of my working day to setup rp-pppoe server on Linux PC for test pppoe client.
so, I though it should be recoded to, for easy setup in the next time.

Mandrake 10.1
o ppp-2.4.2.
o ra-pppoe for plugin, which including pppoe-server.

[root@localhost ppp]# cat pppoe-server-options
# PPP options for the PPPoE server

# LIC: GPL
require-pap
login
lcp-echo-interval 10
lcp-echo-failure 2
plugin rp-pppoe.so

[root@localhost ppp]# cat chap-secrets
# Secrets for authentication using CHAP
# client server secret IP addresses
vincent * 1234 *

below message from debug.

[root@localhost root]# cat out
May 12 16:59:45 localhost pppd[11073]: nobsdcomp^I^I# (from command line)
May 12 16:59:45 localhost pppd[11073]: nodeflate^I^I# (from command line)
May 12 16:59:45 localhost pppd[11073]: pppd 2.4.2 started by root, uid 0
May 12 16:59:45 localhost pppd[11073]: Using interface ppp0
May 12 16:59:45 localhost pppd[11073]: Connect: ppp0 <--> /dev/pts/2
May 12 16:59:48 localhost pppd[11073]: Cannot determine ethernet address for proxy ARP
May 12 16:59:48 localhost pppd[11073]: local IP address 10.0.0.1
May 12 16:59:48 localhost pppd[11073]: remote IP address 10.67.15.4
May 12 17:00:00 localhost CROND[11097]: (mail) CMD (/usr/bin/python -S /usr/lib/mailman/cron/gate_news)
May 12 17:01:00 localhost CROND[11117]: (root) CMD (nice -n 19 run-parts /etc/cron.hourly)
May 12 17:01:10 localhost pppd[11073]: LCP terminated by peer (User request)
May 12 17:01:13 localhost pppd[11073]: Connection terminated.
May 12 17:01:13 localhost pppd[11073]: Connect time 1.5 minutes.
May 12 17:01:13 localhost pppd[11073]: Sent 54 bytes, received 54 bytes.
May 12 17:01:13 localhost pppoe[11074]: read (asyncReadFromPPP): Session 4: Input/output error
May 12 17:01:13 localhost pppd[11073]: Connect time 1.5 minutes.
May 12 17:01:13 localhost pppd[11073]: Sent 54 bytes, received 54 bytes.
May 12 17:01:13 localhost pppd[11073]: Exit.
May 12 17:01:13 localhost pppoe-server[10916]: Session 4 closed for client 00:50:c2:2b:d0:01 (10.67.15.4) on eth0
May 12 17:01:13 localhost pppoe-server[10916]: Sent PADT
May 12 17:01:21 localhost pppoe-server[11169]: Session 5 created for client 00:50:c2:2b:d0:01 (10.67.15.5) on eth0 using Service-Name ''
May 12 17:01:21 localhost pppd[11169]: Plugin rp-pppoe.so loaded.
May 12 17:01:21 localhost pppd[11169]: RP-PPPoE plugin version 3.3 compiled against pppd 2.4.2
May 12 17:01:21 localhost pppd[11169]: Plugin rp-pppoe.so loaded.
May 12 17:01:21 localhost pppd[11169]: RP-PPPoE plugin version 3.3 compiled against pppd 2.4.2
May 12 17:01:21 localhost pppd[11169]: pppd options in effect:
May 12 17:01:21 localhost pppd[11169]: debug debug debug^I^I# (from /etc/ppp/options)
May 12 17:01:21 localhost pppd[11169]: nodetach^I^I# (from command line)
May 12 17:01:21 localhost pppd[11169]: idle 1800^I^I# (from /etc/ppp/options)
May 12 17:01:21 localhost pppd[11169]: logfd -1^I^I# (from /etc/ppp/options)
May 12 17:01:21 localhost pppd[11169]: connect-delay 5000^I^I# (from /etc/ppp/options)
May 12 17:01:21 localhost pppd[11169]: dump^I^I# (from /etc/ppp/options)
May 12 17:01:21 localhost pppd[11169]: plugin rp-pppoe.so^I^I# (from /etc/ppp/pppoe-server-options)
May 12 17:01:21 localhost pppd[11169]: plugin rp-pppoe.so^I^I# (from /etc/ppp/pppoe-server-options)
May 12 17:01:21 localhost pppd[11169]: require-pap^I^I# (from /etc/ppp/pppoe-server-options)
May 12 17:01:21 localhost pppd[11169]: name vincent^I^I# (from /etc/ppp/options)
May 12 17:01:21 localhost pppd[11169]: password ??????^I^I# (from /etc/ppp/options)
May 12 17:01:21 localhost pppd[11169]: login^I^I# (from /etc/ppp/pppoe-server-options)
May 12 17:01:21 localhost pppd[11169]: ^I^I# (from /etc/ppp/options)
May 12 17:01:21 localhost pppd[11169]: pty /usr/sbin/pppoe -n -I eth0 -e 5:00:50:c2:2b:d0:01 -S ''^I^I# (from command line)
May 12 17:01:21 localhost pppd[11169]: crtscts^I^I# (from /etc/ppp/options)
May 12 17:01:21 localhost pppd[11169]: noaccomp^I^I# (from command line)
May 12 17:01:21 localhost pppd[11169]: default-asyncmap^I^I# (from command line)
May 12 17:01:21 localhost pppd[11169]: mru 1410^I^I# (from /etc/ppp/options)
May 12 17:01:21 localhost pppd[11169]: mtu 1410^I^I# (from /etc/ppp/options)
May 12 17:01:21 localhost pppd[11169]: nopcomp^I^I# (from command line)
May 12 17:01:21 localhost pppd[11169]: passive^I^I# (from /etc/ppp/options)
May 12 17:01:21 localhost pppd[11169]: lcp-echo-failure 2^I^I# (from /etc/ppp/pppoe-server-options)
May 12 17:01:21 localhost pppd[11169]: lcp-echo-interval 10^I^I# (from /etc/ppp/pppoe-server-options)
May 12 17:01:21 localhost pppd[11169]: novj^I^I# (from command line)
May 12 17:01:21 localhost pppd[11169]: novjccomp^I^I# (from command line)
May 12 17:01:21 localhost pppd[11169]: ipcp-accept-local^I^I# (from /etc/ppp/options)
May 12 17:01:21 localhost pppd[11169]: ipcp-accept-remote^I^I# (from /etc/ppp/options)
May 12 17:01:21 localhost pppd[11169]: ms-dns xxx # [don't know how to print value]^I^I# (from /etc/ppp/options)
May 12 17:01:21 localhost pppd[11169]: ms-wins xxx # [don't know how to print value]^I^I# (from /etc/ppp/options)
May 12 17:01:21 localhost pppd[11169]: nodefaultroute^I^I# (from /etc/ppp/options)
May 12 17:01:21 localhost pppd[11169]: proxyarp^I^I# (from /etc/ppp/options)
May 12 17:01:21 localhost pppd[11169]: 10.0.0.1:10.67.15.5^I^I# (from command line)
May 12 17:01:21 localhost pppd[11169]: noccp^I^I# (from /etc/ppp/options)
May 12 17:01:21 localhost pppd[11169]: nobsdcomp^I^I# (from command line)
May 12 17:01:21 localhost pppd[11169]: nodeflate^I^I# (from command line)
May 12 17:01:21 localhost pppd[11169]: pppd 2.4.2 started by root, uid 0
May 12 17:01:21 localhost pppd[11169]: Using interface ppp0
May 12 17:01:21 localhost pppd[11169]: Connect: ppp0 <--> /dev/pts/2
May 12 17:01:24 localhost pppd[11169]: Cannot determine ethernet address for proxy ARP
May 12 17:01:24 localhost pppd[11169]: local IP address 10.0.0.1
May 12 17:01:24 localhost pppd[11169]: remote IP address 10.67.15.5

In client(dail out) just involved ...
# pppd plugin /lib/pppd/2.4.4/rp-pppoe.so eth1 user vincent password 1234 persist usepeerdns defaultroute unit 2

however, It seems could not dailin from windowsXP pppoe.
pppoe-server always complain source MAC should be 00:00:00:00:00:00 then
terminate with PADT.

2008年5月9日星期五

不易使用的apt source.list

用apt-get來update or install 是很方便，但一但萬一有mirror site有問題時就另人頭大了
每次用來update source.list就花我一兩小時…因為我不熟^^，和我的mandrade的urpm一樣…
我也不熟它們的機制。

看一下裡面的檔案架構大概是這樣
http://ubuntu-archive.patan.com.ar/


Archive-Update-in-Progress-leningradskaya.canonical.com	05-May-2008 11:55	1
Archive-Update-in-Progress-lithium.canonical.com	03-May-2008 23:57	1
Archive-Update-in-Progress-prat.canonical.com	04-May-2008 19:57	1
dists/	06-May-2008 20:29	-
indices/	09-May-2008 04:20	-
ls-lR.gz	09-May-2008 03:45	4.9M
pool/	14-Jan-2008 19:05	-
project/	13-Feb-2008 11:39	-

sources.list:
deb http://ubuntu-archive.patan.com.ar edgy main

root@GroupCVS:/tmp# apt-get update -o Dir::Etc::SourceList=/tmp/sources.list
Get:1 http://ubuntu-archive.patan.com.ar edgy Release.gpg [191B]
Get:2 http://ubuntu-archive.patan.com.ar edgy Release [34.7kB]
Get:3 http://ubuntu-archive.patan.com.ar edgy/main Packages [940kB]
Fetched 975kB in 5m25s (2999B/s)
Reading package lists... Done

***********************************
Next, we just involved "apt-get inatll", to install packages.
option -o to specify which source.list .
#root@GroupCVS:/var/lib/apt/lists# apt-get install subversion \
-o Dir::Etc::SourceList=/tmp/sources.list
Reading package lists... Done
Building dependency tree... Done

2008年5月6日星期二

cvs vs svn

最近要用cvs
所以比較了一下和svn的不同
http://svn.collab.net/repos/svn/trunk/doc/user/cvs-crossover-guide.html

2008年5月5日星期一

工作效率低落

在一家公司"混"久了就會有這樣的情況
發現看起來很"忙"
可是捫心自問 - 自已真的是一天八小時有在為公司做事嗎?
相信很多人都和我一樣吧!
尤其是早上時間~大概是我最混的時段~~~

工作這麼久了，最近才在開始找方法來改善效率問題，
主要是工作量漸漸的增加後，一天在公司八小時實在是不夠，
例如上來個meeting，下午來個電話，然後再解個bug好了，剩下的時間就不多了，
如何利用一些片段的時間再處理小事情就變得很重要了，ex:
處理一封簡單的mail
了解一下其他members的進度
or如何利用早上的時段對我也很重要

NFS client

這個sample mesages說不能mount remote dir，一般來說kernel有support nfsclient，設定應該也沒錯，我check一下…exportfs -arv就ok了
另一個可能是kernel 沒built-in "nfsclient root" options,

eth0: using ip header offset of 14
eth0: link up, 1000 Mb/s, full duplex, flow control disabled
eth1: using ip header offset of 14
eth1: link up, 1000 Mb/s, full duplex, flow control disabled
IP-Config: Complete:
device=eth0, addr=192.168.0.1, mask=255.255.255.0, gw=192.168.0.2,
host=192.168.0.1, domain=, nis-domain=(none),
bootserver=192.168.0.2, rootserver=192.168.0.2, rootpath=
Looking up port of RPC 100003/2 on 192.168.0.2
Looking up port of RPC 100005/1 on 192.168.0.2
Root-NFS: Server returned error -13 while mounting /share/rootfs
VFS: Unable to mount root fs via NFS, trying floppy.
VFS: Cannot open root device "nfs" or unknown-block(2,0)
Please append a correct "root=" boot option; here are the available partitions:
1f00 192 mtdblock0 (driver?)
1f01 64 mtdblock1 (driver?)
1f02 1536 mtdblock2 (driver?)
1f03 6144 mtdblock3 (driver?)
1f04 64 mtdblock4 (driver?)
1f05 192 mtdblock5 (driver?)
Kernel panic - not syncing: VFS: Unable to mount root fs on unknown-block(2,0)

2008年4月27日星期日

數位資料整理術

因為工作上的需要，我常要找一些文件，
在google的同時，常常意外遇到而外的資料
這些infomation也許目前不重要
但我覺得也許日後應該有參考到的機會

如何整理這些資料變成我想要解決的問題
這篇來自數位資料整理術的文章可以做為參考

第一篇文章

最近很依賴google，什麼問題第一個就想到google，
好像是沒有google就什麼問題都無法解決一樣
這大概是很多現代過渡依賴網路的通病的吧~~~

其實我想用blog不只是用來記錄一些生活的點滴
主要是想用來記錄一些靈感來有助於改善生活or工作上的效率

訂閱：文章 (Atom)

2008年12月9日 星期二

2008年11月10日 星期一

2008年9月16日 星期二

2008年8月25日 星期一

2008年8月24日 星期日

2008年8月12日 星期二

2008年8月7日 星期四

2008年7月8日 星期二

2008年6月24日 星期二

2008年6月20日 星期五

2008年5月21日 星期三

2008年5月17日 星期六

2008年5月15日 星期四

2008年5月12日 星期一

2008年5月9日 星期五

2008年5月6日 星期二

2008年5月5日 星期一

2008年4月27日 星期日