Aim Wang: 2020

2020/12/30

用 shell 指令觸發 linux kernel panic

linux kernel sysrq

echo 1 > /proc/sys/kernel/sysrq
echo c > /proc/sysrq-trigger

例如要測試 external watchdog, 就要 not allow reboot/power off (128), 然後再觸發 kernel panic (c) 停止 WDT toggle.

echo 382 > /proc/sys/kernel/sysrq

echo c > /proc/sysrq-trigger

2020/11/26

Use a specific version of ocaml in debian/ubuntu

I used the latest Debian distribution. When I compiling coccinelle, I encountered the error message unbound module Parmap. The reason is that ocaml version that is too new. It is incompatible and must be returned to version 4.02.3. So I use opam to manage the ocaml version used.

1. Inteall opam (root).

sudo apt-get install opam

2. Initial opam (none root).

opam init --compiler 4.02.3

3. Add ocaml path to environment $PATH.

eval $(opam config env)

4. Check the version you got.

ocamlc -v

5. Install modules.

opam install parmap

opam install camlp4

6. When need to switch installed versions.

opam switch 4.05.0
eval $(opam config env)

7. When need to compile and switch other versions.

opam switch create 4.03.0
eval $(opam config env)

2020/11/20

讓 uboot envtools 禁止變更重要的變數

uboot envtools 提供很方便的途徑來存取 uboot 環境變數，但是方便的工具卻也帶來很大的風險，如果被惡意使用，變更了重要的 uboot 環境變數，例如 bootcmd，可能會導致無法預期的後果，所以真的有必要禁止使用 uboot envtools 改變這些重要的變數內容。

以下內容是以 uboot 2014.10 為基礎, 更新的版本應該也不會有太大的差異.

檔案 uboot/tools/env/fw_env.c

最主要的寫入 function 是：

int fw_env_write(char *name, char *value)

要做的事情很單純：

增加一個檢查要寫入的環境變數名稱的 function, 可以被更改的傳回 0, 不能被更改的傳回非0.
在 fw_env_wrire 裡面呼叫 1. 加入的 function 進行檢查.

int fw_env_check_unmodifiable_name(char *name) {
	int i, cnt;
	char *unmodi[] = {
		"bootcmd",
		"baudrate",
		"ethaddr",
		"country",
		"regdomain",
		};
        cnt = sizeof(unmodi)/sizeof(unmodi[0]);
	for (i=0; i<cnt; i++) {
		if (0 == strcmp(unmodi[i], name)) {
			fprintf(stderr, "## Warning: "
						"environment \"%s\" can't be modified.\n", name);
			errno = EINVAL;
			return -EINVAL;
		}
	}
	return 0;
}

/*
 * Set/Clear a single variable in the environment.
 * This is called in sequence to update the environment
 * in RAM without updating the copy in flash after each set
 */
int fw_env_write(char *name, char *value)
{
	int len;
	char *env, *nxt;
	char *oldval = NULL;
	int deleting, creating, overwriting;

	if (fw_env_check_unmodifiable_name(name)) {
		return 0;
	}

2020/11/04

使用 OpenWRT 建構捕捉無線網路封包的設備

OpenWRT wifi basic

OpenWRT 有提供無線網路介面的monitor模式(我猜還是要驅動程式有支援才有用)。

首先修改 /etc/config/wireless 建立一個做為 monitor 的 interface

config wifi-iface wifi_mon0
option device 'wifi0'
option mode 'monitor'

重新啟用 WiFi 之後，就可以看到這個 interface. 我沒有開啟其他 interface 所以介面名稱被分配為 ath0.

monitor 介面建立完成後, 就可以使用 tcpdump 來捕捉封包, 並寫成 pcap 檔案.

tcpdump -i ath0 -w /tmp/ath0.pcap

用 tcpdump 捕捉特定 MAC 的 802.11 radio 封包

tcpdump -ne -y ieee802_11_radio -i ath0 ether host 00:11:22:33:44:55

最後再設法提取到 wireshark 解讀.

2020/06/09

[C] Simple state machine with pthread support

#include <stdio.h>
#include <time.h>
#include <stdlib.h>
#include <signal.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <string.h>
#include <arpa/inet.h>
#include <fcntl.h>
#include <unistd.h>
#include <pthread.h>
#include <sys/types.h>
#include <sys/ipc.h>
#include <sys/msg.h>

#if 1
#define DPRINTF(format, ...) do { \
	printf(format, ## __VA_ARGS__); \
	} while(0)
#else
#define DPRINTF(format, ...) do {} while(0)
#endif

#define SM_CONTINUE	1
#define SM_STOP		0
#define MAX_THREAD	10

enum STATE {
	ST_NULL=0,
	ST_1,
	ST_2,
	ST_MAX,
};

struct STATE_INFO {
	int threadIndex;
	enum STATE state;
	char wait;
};

struct STATE_MACHINE {
	enum STATE state;
	int (*stFunc) (struct STATE_INFO *sInfo);
};

int st1 (struct STATE_INFO *sInfo);
int st2 (struct STATE_INFO *sInfo);

struct STATE_MACHINE statemachineList[ST_MAX] = {
	{ST_1,		st1},
	{ST_2,		st2},
};

pthread_t tid[MAX_THREAD]={0};

void threadWaitReady(struct STATE_INFO *sInfo) {
	while (sInfo->wait) {
		usleep(100);
	}
}

int statemachineFindIndexByState(enum STATE state)
{
	int i, index=-1;
	int stCount = sizeof(statemachineList)/sizeof(struct STATE_MACHINE);
	
	for(i=0; i<stCount; i++) {
		if (statemachineList[i].state == state) {
			index = i;
			i = stCount;
		}
	}
	return index;
}

void * statemachineMain(void *arg)
{
	struct STATE_INFO sInfo, *ssInfo;
	int stateIndex;
	char resume=SM_CONTINUE;

	pthread_detach(pthread_self());
	memcpy(&sInfo, arg, sizeof(sInfo));
	ssInfo = arg;
	ssInfo->wait = 0;
	DPRINTF("t[%d] [%s] start statemachine with state %d\n", sInfo.threadIndex, __func__, sInfo.state);
	while (resume != SM_STOP) {
		stateIndex = statemachineFindIndexByState(sInfo.state);
		if (-1 == stateIndex) {
			resume = SM_STOP;
		} else {
			if (statemachineList[stateIndex].stFunc)
			{
				resume = statemachineList[stateIndex].stFunc(&sInfo);
			} else {
				resume = SM_STOP;
				DPRINTF("t[%d] [%s] state %d without callback function\n", sInfo.threadIndex, __func__, sInfo.state);
			}
		}
	}
	tid[sInfo.threadIndex] = 0;
	pthread_exit(NULL);
}

int threadFindFree (void)
{
	int i, retval=-1;
	for (i=0; i<MAX_THREAD; i++) {
		if (0 == tid[i]) {
			retval = i;
			break;
		}
	}
	return retval;
}

int main(int argc, char *argv[])
{
	struct STATE_INFO sInfo;
	int i, tIndex;
	
	i=0;
	while(1) {
		bzero(&sInfo, sizeof(sInfo));
		sInfo.threadIndex = threadFindFree();
		if (-1 != sInfo.threadIndex) {
			++i;
			i %= ST_MAX;
			sInfo.state = i;
			sInfo.wait = 1;
			if(pthread_create(&tid[sInfo.threadIndex], NULL, statemachineMain, (void*) &sInfo) != 0 ) {
				tid[sInfo.threadIndex] = 0;
				DPRINTF("t[%d] [%s] Failed to create thread\n", sInfo.threadIndex , __func__);
			} else {
				threadWaitReady(&sInfo);
			}
		}
		usleep(1234567);
	}
}

int st1 (struct STATE_INFO *sInfo)
{
	DPRINTF("t[%d] [%s]\n", sInfo->threadIndex, __func__);
	sInfo->state = ST_2;
	usleep(1000000);
	return SM_CONTINUE;
}

int st2 (struct STATE_INFO *sInfo)
{
	DPRINTF("t[%d] [%s]\n", sInfo->threadIndex, __func__);
	sInfo->state = ST_1;
	usleep(2000000);
	return SM_CONTINUE;
}

2020/05/26

Linux shell to access tcp connection.

Open a new connection

1	exec FILE_DESCRIPTOR<>/dev/PROTOCOL/HOST/PORT

FILE_DESCRIPTOR: 0=stdin, 1=stdout, 2=stderr. So you can use numbers larger than 3.

PROTOCOL: tcp or udp

HOST: Host name or IP address.

PORT: Host listen port.

Send message

1	echo -e "MESSAGE" >&FILE_DESCRIPTOR

MESSAGE: The message which you want to send.

FILE_DESCRIPTOR: File descriptor when creating the connection..

Receive message

1	timeout SECOND cat <&FILE_DESCRIPTOR

SECOND: Wait SECOND seconds and then time out.

FILE_DESCRIPTOR: File descriptor when creating the connection..

Close connection

1	exec FILE_DESCRIPTOR<&-

FILE_DESCRIPTOR: File descriptor when creating the connection..

Example

exec 3<>/dev/tcp/192.168.5.250/1539
sleep 1
echo -e "test" >&3
timeout 5 cat <&3
sleep 1
echo -e "exit" >&3
timeout 5 cat <&3
sleep 1
exec 3<&-

[C] Simple daemon example with multiple connections

#include <stdio.h>
#include <stdlib.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <string.h>
#include <arpa/inet.h>
#include <fcntl.h>
#include <unistd.h>
#include <pthread.h>

#define PORT 1539
#define MAX_CLIENT 32

// connection information
struct connectInfo {
	int socket;
	int index;
};

// pthread_mutex_t lock = PTHREAD_MUTEX_INITIALIZER;
pthread_t tid[MAX_CLIENT]={0};

// Each connection creates a pthread to handle communication.
void * sThread(void *arg)
{
	char message[64], retmsg[64];
	struct connectInfo *cInfo = (struct connectInfo *)arg;
	int nSocket = cInfo->socket;

	pthread_detach(pthread_self());
	int resume=1, i;
	struct timeval timeout;
	fd_set fds;
	
	FD_ZERO(&fds);
	FD_SET(nSocket, &fds);
	
	while (resume) {
		// reset timer
		timeout.tv_sec = 300;
		timeout.tv_usec = 0;
		
		// receive message with timeout control.
		i = select(nSocket+1, &fds, NULL, NULL, &timeout);
		if (0 == i) {
			printf("[%d] timeout\n", nSocket);
			resume = 0;
		} else if (-1 == i) {
			printf("[%d] got error\n", nSocket);
			resume = 0;
		} else {
			// The message still needs to be retrieved by recv.
			recv(nSocket , message , sizeof(message) , 0);
			printf("[%d] got message %s\n", nSocket, message);
			//pthread_mutex_lock(&lock);
			/*                         */
			//pthread_mutex_unlock(&lock);
			if (strncmp (message, "exit" , 4) == 0 ) {
				sprintf(retmsg, "bye");
				resume = 0;
			} else {
				sprintf(retmsg, "I got %s", message);
			}
			// Reply message to the other side.
			send(nSocket, retmsg, sizeof(retmsg), 0);
		}
	}
	// close connection
	close(nSocket);
	// release tid
	tid[cInfo->index] = 0;
	// exit pthread
	pthread_exit(NULL);
}

int main(int argc, char *argv[])
{
	int sSocket, nSocket, i;
	struct sockaddr_in s_in;
	struct sockaddr_storage s_storage;
	socklen_t addr_size;
	struct connectInfo cInfo[MAX_CLIENT];
	
	sSocket = socket(PF_INET, SOCK_STREAM, 0);
	
	// Set daemon to listen on port 1539 to any address 
	s_in.sin_family = AF_INET;
	s_in.sin_port = htons(PORT);
	s_in.sin_addr.s_addr = htonl(INADDR_ANY);
	memset(s_in.sin_zero, '\0', sizeof s_in.sin_zero);
	bind(sSocket, (struct sockaddr *) &s_in, sizeof(s_in));

	// start listen.
	if(listen(sSocket, MAX_CLIENT)==0) {
		printf("Listening\n");
	} else {
		printf("Listen Fail\n");
		exit(-1);
	}

	i = 0;
	while (1) {
		addr_size = sizeof(s_storage);
		nSocket = accept(sSocket, (struct sockaddr *) &s_storage, &addr_size);
		if (-1 == nSocket) {	//accept return error
			continue;
		}

		// when got a new connection, find an empty tid to create a new pthread.
		for (i=0; i<MAX_CLIENT; i++) {
			if (0 == tid[i]) {
				cInfo.socket = nSocket;
				cInfo.index = i;
				if( pthread_create(&tid[i], NULL, sThread, (void*) &cInfo[i]) != 0 ) {
					printf("Failed to create thread\n");
				} else {
					i = MAX_CLIENT+1;
				}
			}
		}
		
		if (MAX_CLIENT == i) {
			printf("No more free thread.\n");
			close(nSocket);
		}
	}
}

2020/01/08

[bash] Check if the IP address is used

#!/bin/bash
[ 1 -ne $# ] && {
        echo "Syntax: $0 ip_address"
        exit 0
}

ping -c1 -W1 $1 >/dev/null

ret=$(arp -n | grep "$1" | grep "(incomplete)")
[ -n "$ret" ] &&
{
        echo "$1 unused"
} || {
        echo "$1 used"
}

Line 2~5: Avoid no parameters.
Line 7: Use ping to learn arp.
Line 9~15: Check arp table and echo message.

訂閱：文章 (Atom)