mac2addr reposted

I’ve posted this before, buyt now that I have better source code formatting, I’ll repost. This converts a mac address to a link only IPv6 address.

mac2ipv6addr.c


#include 
#include 
#include 
#include 

int main(int argc, char** argv){

  int addrlen = strlen("0000:0000:0000:0000:0000:0000:0000:");
  char* out = malloc(addrlen);
  char * outorig = out;

  memset(out, 0, addrlen);

  char* addr =    "00:0c:29:20:4e:e3";

  if (argc > 1){
    addr = argv[1];
  }else{
    fprintf(stderr,"usage %s macaddr\n",argv[0]);
    exit(-1);
  }

  int len = strlen(addr);

  if (len > 18){
    printf ("String too long\n");
    exit(-1);
  }

  /*We know we have the right length.  Main processing follows */

  int i ;
  int col_count = 0;
  unsigned char current = 0;
  for (i = 0; i < len; ++i){
    char c = addr[i];

    if (0 == c){
      break;
    }else if (':' == c){
      switch( col_count ){
      case 0:{
        sprintf(out,"fe80::");
        out += strlen(out);

        /*Toggle the '2' bit*/
        unsigned short c2 = ( current | 0x02 );
        if (c2 == current){
          c2 = current & 0xcf;
        }

        sprintf(out,"%02x",c2);
        out += strlen(out);
      }
        break;
 case 2:{
        /*The magic number goes halfway through the mac address*/
        sprintf(out,"%02xff:fe",current);
        out += strlen(out);
      }
        break;
      default:
        sprintf(out,"%02x",current);
        out += strlen(out);

        if (col_count % 2){
          sprintf(out,":");
          out += strlen(out);
        }
      }
      ++col_count;
      current = 0;
    }else if ((c >= 'a') && (c <= 'f')){
      current *=16;
      current += ( 10 + c - 'a');
    }else if ((c >= 'A') && (c <= 'F')){
      current *=16;
      current += ( 10 + c - 'a');
    }else if ((c >= '0') && (c <= '9')){
      current *=16;
      current += ( c - '0');
    }
  }

  sprintf(out,"%x",current);
  out += strlen(out);
  printf(outorig);
  return 0;

}

Ignore that last line. Not sure why the formatting code is closing my open tags insde a pre tag...

RFI: SPEGNO multiple requests

From what we are seeing and what I’ve read, the browser seems yo send a JSON request with no Auth info, and then the whole SPEGNO handshake takes place, turning what should be a single request response into (at a minimum) two.  It seems to me that we should be able to avoid that after the initial auth has taken place.

Is there any way to cache SPEGNO information such that successive JSON RPC calls provide the needed information automatically, instead of requiring multiple round trips per request?

Any Fedora people worked with this stuff and know how to optimize it?  Do I need to revert to a Cookie based approach?

eth0 not present after libvirt clone

With the release of Fedora 13, I have a new target OS for software. In order to deal with the vagaries of installs, I have come to the pattern of creating one VM per target OS, which I get to the starting point, and then clone that for any actual work.

I recently created a minimal F13 VM.  I booted it, and then brought up the network.

This is a minimal install, as I said, which means that it does not have an X install, nor any of the Graphic utilities. In Fedora systems, networking is performed via Network Manager, a User level graphical tool. In order to bring up the network, I was using the “Old School” command

ifup eth0

When I cloned it, and then tried to bring up eth0 from the command line, I got the error message “eth0 does not seem to be present”.

On  Red Hat style systems like RHEL and Fedora, ifup eth0 gets its config info from

/etc/sysconfig/network-scripts/ifcfg-eth0

However, there is a new twist: dev – dynamic device management.  The udev subsystem, when I first booted the “clean” or prototype F13 installed VM, recorded the mac address in:

/etc/udev/rules.d/70-persistent-net.rules

Specifically, the line looks something like this:

# Networking Interface (rule written by anaconda)
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:aa:bb:00:dd:01", ATTR{type}=="1", KERNEL=="eth*", NAME="eth0"

When I cloned the machine, the clone got a new mac address for the network interface.  Looking in dmesg, I saw a message that eth0 has been renamed to eth1.  When I looked into the rules file above, I saw a second line, with NAME=”eth1″.

When I cloned the machine, the clone process did not know about the subsystem in /etc/sysconfig/network-scripts, so there was not ifcfg-eth1 file created, and thus no networking for the clone.

The solution was to delete the first line, and to change the second line to NAME=”eth0″ and then reboot the machine.  In order to make sure that it has network enabled, I also ran

chkconfig network on

Which should re-enable the old style networking on reboot.

Update:
If you have done old style networking already, make sure you commend out the mac address in

/etc/sysconfing/network-script/ifup-eth0

Or change it to the new one, or the init.d script will not bring up the interface.

interface2addr

This little script will give you the ipv4 address for a given network interface, or list all of them if you leave the parameter blank:

#!/bin/bash

INTERFACE=$1

/sbin/ifconfig $INTERFACE | grep “inet addr” | cut -d\: -f 2 | cut -d” ” -f 1

Call it like this:

~/bin/interface2addr eth0

ad2openldap

I’ve been porting our Active Directory based LDAP scripts to OpenLDAP.

Here’s what I have so far:

in /etc/openldap/slapd.conf

changed

suffix                “dc=my-domain,dc=com”
rootdn                “cn=Manager,dc=my-domain,dc=com”

To:
suffix                “dc=myproject,dc=company,dc=int”
rootdn                “cn=Manager,dc=myproject,dc=company,dc=int”

And added a password generated with:

slappasswd -s password

That looks like this:
rootpw                 {SSHA}qGjxdj5lesdqFmAJNk4Mn/c3uYULH06q

I have a “blow away the DB and restart” script that looks like this:
#  cat ~adyoung/bin/reset_ldap

/etc/init.d/ldap stop
rm -f /var/lib/ldap/*
cp /etc/openldap/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
/etc/init.d/ldap start

I can insert things into the database with:

ldapadd  -D “cn=Manager, dc=myproject, dc=mycompany, dc=int” -x  -w mycompany -f my_schema.ldif

Note that the first thing inserted has to be the top level item itself:

dn: dc=myproject,dc=mycompany,dc=int
changetype: add
objectClass: top
objectClass: dcObject
objectClass: organization
o:myproject
dc:myproject

I can query what objects are in this DB  by running

ldapsearch -LLL -x -b  ‘dc=myproject,dc=mycompany,dc=int’ ‘(objectclass=*)’

I’ve been converting out ldif files for the schema into schema files, as I can then test them by running the above script, which, amongst other things, runs slaptest.

When you insert an object into the LDAP DB, it has to have an objecttype.  Attribute types are simple values used to compose objects.  They are defined before the objectypes that use them.  Here is a sample in schema format:

attributetype ( 1.3.6.1.4.1.6876.40.1.4.1202 NAME ‘project-IsGroup’
DESC ‘Whether a principal refers to a group or a user’
EQUALITY caseExactIA5Match
SYNTAX ‘1.3.6.1.4.1.1466.115.121.1.26’
SINGLE-VALUE )

The number scheme is designed to be universally unique and is one of those things that has a portion assigned by a central server, and a portion defined by the end company.  The SYNTAX keyword references one of the syntax strings defined in this document:

ftp://ftp.isi.edu/in-notes/rfc2252.txt

The above attributetype definition uses ,’1.3.6.1.4.1.1466.115.121.1.26 , the syntax for IA5, a character set that is “not-quite-ascii”.  The EQUALITY keyword references a method that requires the input be validated by that syntax.  Our ldif files are sloppy, in that many of the attributetype definition use syntaxes other than the one above, but still specify EQUALITY types that are IA5 based.  Iy suspect this is a case of MS doing something deliberately broken….

Our objecttype definitions seem to be OK, although we reference a SUP (supertype) of container that doesn’t seem to be defined in the OpenLDAP schema.