December 15, 2009

Ad hoc cell splitting re-post (original website down)

Information about cell-id splitting, stuck beacons, and failed IBSS merges!

From VillageTelco

Jump to: navigation, search


The trouble with Madwifi and IBSS (ad-hoc) mode

While testing the Atheros Madwifi driver on the Ubiquity Nanostation2 in the Freifunk mesh network I ran into the problem that from time to time the card stopped working for approximately 30 seconds. I performed VOIP-calls with David Rowe using the Nanostation via the Freifunk network, but those irregular intermissions are annoying and would be a real show-stopper for the Villagetelco project. (If you depend on a chain of forwarding nodes to your gateway and they all stop working randomly for one minute within 15 minutes, there is always one that interrupts your call!)

It is the notorious Madwifi "stuck beacon" problem that causes intermittent operation in IBSS mode, caused by MAC timer skews when cards try to perform an "IBSS merge". If a MAC timer shift occurs because of an attempted IBSS merge it could happen that a beacon in the transmit queue gets stuck - the transmission gets never triggered. Until the transmit queue gets purged the card ceases to transmit forever. One way to purge the transmit buffer is to perform manually a
 iwlist ath0 scan 

Note that this helps only for a while until the next beacon gets stuck in the transmit buffer!

The emission of beacons in IBSS mode

Every ~100 ms (default settings) someone in the ad-hoc cell has to send a beacon to reveal the presence of the ad-hoc cell to other WiFi devices. There is a mechanism to avoid that multiple beacons get send redundantly by multiple nodes which are part of the same ad-hoc cell. After the last beacon has been send WiFI cards calculate a time that is 100ms ± random jitter in the future and wait whether another ad-hoc node sends a beacon before their own timer reaches this value. If another node sends the beacon before their own emission is triggered they discard the beacon. Otherwise they send the beacon.

The "stuck beacon" occurs when a shift of the MAC clock in the card occurs due to the process of an attempted "IBSS merge". In order to separate different wireless cells on MAC level they identify themselves by transmitting a IBSS-ID (I simply call them Cell-ID). In accesspoint mode the Cell-ID is identical with the MAC address of the accesspoints WiFI card. In ad-hoc mode there is no master node. Hence the developers of 802.11 thought there must be a process to negotiate and merge the IBSS-ID between nodes.

The process of an "IBSS merge"

If you configure your WiFi card to operate in ad-hoc mode on channel 1 with the ESSID "village-telco-adhoc-mesh" and activate the interface, your card will listen on the channel to see if beacons are transmitted for that ESSID. In case there are no beacons your card generates a random Cell-ID and starts to send beacons containing timestamps according to its own MAC timer and the Cell-ID. Now someone else does exactly the same with another WiFi card, while being not in range of the transmissions. The card is configured to use the same ESSID and channel in ad-hoc mode. Because the card doesn't receive any beacons for the ESSID after start up it also generates a new random Cell-ID and starts to send beacons.

Imagine that both cards are used in mobile devices that move around. At one point both cards receive each others beacons. Since both cards use the same ESSID they should be in the same wireless cell. However their Cell-IDs are different so they belong to different wireless networks until they agree to merge to one Cell-ID and drop the other. In order to decide to which Cell-ID they have to merge, the cards compare their time stamps. The older time stamp wins. So the card with the younger time stamp switches to the other Cell-ID and adjusts its MAC timer to the time stamp which it has received in the beacon. Beacons issued by this card from now on will contain the older time stamp.

This way multiple wireless cells consisting of multiple ad-hoc nodes configured with the same channel and ESSID can merge to one big wireless cell. In Berlin the Freifunk community mesh network is a single wireless ad-hoc cell operating on channel 10 with the ESSID "". This single ad-hoc cell is nearly as big on roof level as the city of Berlin and it consists of ~550 wireless interfaces on average - mostly routers, but also laptops and PCs.

The phenomenon of IBSS-ID cell splits

The ad-hoc mode has been widely neglected by chipset manufacturers and driver developers. Implementing ad-hoc mode is much more complicated than implementing station mode (accesspoint client). As a matter of fact if WiFi would have started only with ad-hoc mode as basic mode of operation we wouldn't miss anything. Ad-hoc mode means the capability that everyone in range can talk to everyone (multipoint to multipoint) while access point mode means everyone can only talk to the access point - only the accesspoint can talk to everone (point to multipoint). Who needs a communication mode where all can only talk to one and via one, while there is a mode available where everyone can talk to everyone? The simple functionality of an Accesspoint (DHCP, DNS relay) can also be performed by an ad-hoc station. There is only one reason why you shouldn't run an accesspoint in ad-hoc mode: Most devices that you want to connect to it have a buggy implementation of the ad-hoc mode, they simply don't work at all or are unreliable. What is worse: Even if most nodes in your network are operating properly according to the specs of 802.11, it takes a single buggy device to mess up your network!

A buggy device can do all kind of nasty things like:

  • Send wrong time stamps after merging to the Cell-ID..
  • Not merging at all.
  • Send the right time stamp but with the wrong Cell-ID.

The result of false timestamps are IBSS-ID cell-splits, WiFi card lock-ups, intermittent operation. That is the situation when beacons with different timestamps and the same Cell-ID are in the air, which results in timestamps that are jumping forth and back. Or you have different Cell-IDs that carry the same time stamp. Or the time stamp tells your card that the Cell is now running since 500000 years - so there is an overflow in the counter and the MAC timer starts from zero.

At Freifunk we have learned that in such a environment you have to use some tricks to get around - otherwise your wireless card (or the whole operating system) will crash, you have multiple little ad-hoc cells that don't talk to each other instead of a single one.

I have compiled a recent version of the iwl3945 driver for a Intel 802.11abg with verbose debugging options enabled. This is what dmesg tells me when I try to connect to the Freifunk mesh:

[ 1655.102233] RX beacon SA=00:0b:6b:20:22:fe BSSID=02:ca:ff:ee:ba:be TSF=0x0 BCN=0xffff95d81ca98181 diff=116719550365311 @338775
[ 1655.102241] eth1: beacon TSF higher than local TSF - IBSS merge with BSSID 02:ca:ff:ee:ba:be
[ 1655.102249] phy1: Removed STA 00:0b:6b:20:22:fe
[ 1655.102254] phy1: Removed STA 00:80:48:52:ff:9e
[ 1655.102260] phy1: Removed STA 00:14:bf:3d:4d:12
[ 1655.103464] phy1: Adding new IBSS station 00:80:48:52:ff:9e (dev=eth1)
[ 1655.103468] phy1: Allocated STA 00:80:48:52:ff:9e
[ 1655.103472] phy1: Inserted STA 00:80:48:52:ff:9e
[ 1655.104592] phy1: Adding new IBSS station 00:14:bf:3d:4d:12 (dev=eth1)
[ 1655.104604] phy1: Allocated STA 00:14:bf:3d:4d:12
[ 1655.104610] phy1: Inserted STA 00:14:bf:3d:4d:12
[ 1655.105331] phy1: HW CONFIG: freq=2457
[ 1655.105821] phy1: Adding new IBSS station 00:0b:6b:20:22:fe (dev=eth1)
[ 1655.105826] phy1: Allocated STA 00:0b:6b:20:22:fe
[ 1655.105829] phy1: Inserted STA 00:0b:6b:20:22:fe
[ 1655.105847] RX beacon SA=00:80:48:52:ff:9e BSSID=02:ca:ff:ee:ba:be TSF=0x0 BCN=0xffff95d81ca981ed diff=116719550365203 @338776
[ 1655.105852] eth1: beacon TSF higher than local TSF - IBSS merge with BSSID 02:ca:ff:ee:ba:be
[ 1655.105856] phy1: Removed STA 00:0b:6b:20:22:fe
[ 1655.105859] phy1: Removed STA 00:14:bf:3d:4d:12
[ 1655.105861] phy1: Removed STA 00:80:48:52:ff:9e
[ 1655.106818] phy1: HW CONFIG: freq=2457
[ 1655.107303] phy1: Adding new IBSS station 00:80:48:52:ff:9e (dev=eth1)
[ 1655.107308] phy1: Allocated STA 00:80:48:52:ff:9e
[ 1655.107312] phy1: Inserted STA 00:80:48:52:ff:9e
[ 1655.107326] RX beacon SA=00:14:bf:3d:4d:12 BSSID=02:ca:ff:ee:ba:be TSF=0x0 BCN=0xffff95d81ca9d368 diff=116719550344344 @338776
[ 1655.107330] eth1: beacon TSF higher than local TSF - IBSS merge with BSSID 02:ca:ff:ee:ba:be
[ 1655.107334] phy1: Removed STA 00:80:48:52:ff:9e
[ 1655.108068] phy1: Destroyed STA 00:0b:6b:20:22:fe
[ 1655.108293] phy1: HW CONFIG: freq=2457
[ 1655.108772] phy1: Adding new IBSS station 00:14:bf:3d:4d:12 (dev=eth1)
[ 1655.108778] phy1: Allocated STA 00:14:bf:3d:4d:12
[ 1655.108782] phy1: Inserted STA 00:14:bf:3d:4d:12
[ 1655.118298] phy1: Destroyed STA 00:80:48:52:ff:9e
[ 1655.120046] phy1: Destroyed STA 00:14:bf:3d:4d:12
[ 1655.121053] phy1: Destroyed STA 00:0b:6b:20:22:fe
[ 1655.122713] phy1: Destroyed STA 00:14:bf:3d:4d:12
[ 1655.124048] phy1: Destroyed STA 00:80:48:52:ff:9e
[ 1655.124865] phy1: Destroyed STA 00:80:48:52:ff:9e
[ 1655.156680] phy1: Adding new IBSS station 00:80:48:52:ff:9e (dev=eth1)
[ 1655.156693] phy1: Allocated STA 00:80:48:52:ff:9e
[ 1655.156699] phy1: Inserted STA 00:80:48:52:ff:9e
[ 1655.205880] RX beacon SA=00:80:48:52:ff:9e BSSID=02:ca:ff:ee:ba:be TSF=0x0 BCN=0xffff95d81cab11ef diff=116719550262801 @338801
[ 1655.205893] eth1: beacon TSF higher than local TSF - IBSS merge with BSSID 02:ca:ff:ee:ba:be
[ 1655.205901] phy1: Removed STA 00:80:48:52:ff:9e
[ 1655.205906] phy1: Removed STA 00:14:bf:3d:4d:12
[ 1655.207037] phy1: Destroyed STA 00:80:48:52:ff:9e
[ 1655.207316] phy1: Adding new IBSS station 00:14:bf:3d:4d:12 (dev=eth1)
[ 1655.207324] phy1: Allocated STA 00:14:bf:3d:4d:12
[ 1655.207330] phy1: Inserted STA 00:14:bf:3d:4d:12
[ 1655.207965] phy1: HW CONFIG: freq=2457
[ 1655.208477] phy1: Adding new IBSS station 00:80:48:52:ff:9e (dev=eth1)
[ 1655.208482] phy1: Allocated STA 00:80:48:52:ff:9e
[ 1655.208485] phy1: Inserted STA 00:80:48:52:ff:9e
[ 1655.208504] RX beacon SA=00:14:bf:3d:4d:12 BSSID=02:ca:ff:ee:ba:be TSF=0x0 BCN=0xffff95d81cab64ba diff=116719550241606 @338802
[ 1655.208509] eth1: beacon TSF higher than local TSF - IBSS merge with BSSID 02:ca:ff:ee:ba:be

As you can see the card is merging, disassociating and merging five times within 0,106 seconds with a wireless ad-hoc cell it has already merged to long ago. Every time it gets another false timestamp it assumes that it is merging to a new IBSS-ID. The driver is purging it's MAC table from known stations, waiting to populate it again. No wonder I don't get more than 2-3 ICMP messages through.

The first trick is a non-standard hack: We fix the Cell-ID, rather than letting the cards negotiate one. We have modified the Madwifi driver and tricked the Broadcom driver to ignore any attempt to change the Cell-ID. "My Cell-ID is 02:CA:FF:EE:BA:BE - period." You can set the Cell-ID with the command:

 iwconfig ath0 ap 02:CA:FF:EE:BA:BE (or whatever you like best as a Cell-ID that is easy to remember) 

But still currently the Atheros cards try to synchronize their MAC timers, which results in race conditions of the software and the stuck beacon problem. There is now a workaround which will be added to Madwifi in OpenWRT and the Villagetelco firmware. With a trick we will make the cards ignore all attempts to shift the MAC timer - we just tell the hardware of the WiFi card that we are in accesspoint mode, which stops the card from trying to synchronize the MAC timer. Actually we don't need to synchronize the MAC timers in the hardware at all - this is better done in software, in the driver running on the host CPU of your PC.

Problem solved!

The problems with stuck beacons and race conditions triggered by MAC timer skews/attempted IBSS merges are fixed now in the Openwrt Kamikaze development trunk, in Kamikaze 8.09_RC1 and our Villagetelco development repository. Both IBSS mode and Pseudo-IBSS mode (a.k.a. Ad-hoc demo mode or Ahdemo mode, for short) are working fine now. I was running the DIR-300 for several days in the Freifunk mesh cloud without any issues.

The trick is to load the binary HAL for accesspoint mode upon initialization of the WiFi interface, rather than the HAL for IBSS mode. In accesspoint mode the card does not try to synchronize its MAC clock with any other wireless device in the cell - hence this functionality is missing in the HAL. In IBSS mode ('real' ad-hoc mode) this is done in software on the host system now, if you create the IBSS VAP (Virtual Access-Point) with the option nosbeacon:

 wlanconfig ath0 create wlandev wifi0 wlanmode adhoc nosbeacon 

Erroneous TSF timestamps received with beacons don't cause race conditions anymore. Pseudo-IBSS mode doesn't depend on sending beacons anyway, however there have been issues with this mode before.

Both modes have been tested in the Freifunk mesh cloud in Berlin without any stability problems for 72 hours each.

There is one problem however with TSF timestamps generated on the host CPU: The software generated timestamps are not as precise as the timestamps from the cards MAC clock, and they never will be. The communication between the Madwifi driver in the Linux kernel and the WiFi card is not real-time, and so there will be always lags that vary. It has been observed that this little TSF deviants confused devices with Broadcom chipsets, such as the Linksys WRT54GL: They were still working but they stopped sending beacons.

Apart from that Atheros devices with Madwifi operating in Ahdemo mode and Broadcom based devices with their closed-source driver operating in 'real' IBSS mode, work together nicely in the ~500 node community mesh that we use here in Berlin.

Personal comment: I have replaced the WiFi card in my Asus EEE PC 901 with a Atheros 802.11abg card and use it in the mesh about 15 hours every day - and I'm completely happy with it. I'm using the Madwifi driver sources from our Villagetelco repository on my PC.

'Real' Ad-Hoc (IBSS) mode versus Ah-Demo (Pseudo-IBSS) mode

As has been explained earlier on this page the 'Real' Ad-Hoc (IBSS) mode is complex and not usable in a large scale mesh ad-hoc cell. However there has always been the non-standard Ahdemo mode, which is not widely known. Ahdemo mode was (and maybe still is) popular amongst people setting up wireless long shots. The first world records of wireless long shots were achieved with Lucent/Orinoco 801.11b PCMCIA cards.

Ahdemo mode is supported only by a few chipsets and drivers, namely old Lucent Orinoco, Intersil Prism chipsets generation 2, 2.5, 3 (all 802.11b only) and Madwifi. However it is not guaranteed that the forementioned chipsets and their respective drivers will interoperate with each other in Ahdemo mode.

In Ahdemo mode cards don't send any beacons, and hence there is no process of IBSS merges. A Ahdemo cell doesn't reveal its presence to other wireless networks - because this detection works by receiving beacons. Usually the Cell-ID of Ahdemo cells is 00:00:00:00:00:00 but the Madwifi driver can utilize a fixed Cell-ID, that can be configured with the iwconfig option to fix the Cell-ID which has already been shown earlier on this page:

 iwconfig ath0 ap 02:CA:FF:EE:BA:BE 

Atheros cards with Madwifi driver operating in Ahdemo mode and Atheros cards with Madwifi driver operating in real Adhoc mode have no problems communicating with each other, as long as all cards use the same fixed Cell-ID.

In competition with another wireless network operating/colliding on the same channel the Madwifi Ahdemo mode is losing more throughput than Madwifi Ad-Hoc mode. If a Madwifi Ahdemo cell doesn't compete for the same channel with another network the Ahdemo performance is slightly better than in Adhoc mode. The reason is that Adhoc beacons are send at basic (slowest) rate and hence consume airtime which is reducing the channel capacity.

There is another advantage of Ahdemo: It is possible to configure a Madwifi interface to operate as accesspoint VAP and ahdemo VAP at the same time. The RO.B.I.N. and Nightwing firmware for Atheros AP51 based devices are using this capability. They use the Ahdemo VAP to create the mesh as a backbone and the accesspoint to give client access. This is a interesting concept but not in the scope of the Villagetelco project - since we are using the mesh only for telephony.

Example how to set up Madwifi VAPs

Here a brief instruction how to set up three VAPs (1 Ahdemo, 1 Master, 1 Monitor). A monitor VAP is mandatory to do advanced 802.11 traffic analysis.

wlanconfig ath0 destroy (if you already had a VAP instance running)
wlanconfig ath0 create wlandev wifi0 wlanmode ahdemo
wlanconfig ath1 create wlandev wifi0 wlanmode sta
wlanconfig ath2 create wlandev wifi0 wlanmode monitor

Recommended tools for 802.11 MAC analysis

You can use the monitor VAP to receive raw 802.11 packets, which will include 802.11 MAC, Radiotap or Prism headers for advanced 802.11 analysis. The Rolls-Royce of traffic monitoring software is Wireshark. The Porsche for mesh analysis is Horst [1]. Horst was designed to debug MAC problems of WiFi mesh networks. Also Kismet [2] should be mentioned at this point, of course.

Stay tuned!

Cheers elektra

December 10, 2009

use vim to auto format your code/document

Load your code/document, and make sure the filetype is what you what. (use :set to see what filetype is set to).

Turn indent on, and then do "gg=G".

For example, to autoformat a xml file.

1) :set filetype=xml
2) :filetype indent on
3) gg=G

December 8, 2009

Linux command to find which dynamic library defines the function getaddrinfo

find /lib /usr/lib -name '*.so*' -exec nm --dynamic --demangle --defined-only --print-file-name {} \; | grep getaddrinfo

busybox root bootstrap

echo root:x:0:0:root:/root:/bin/sh > /etc/passwd
chmod 755 /etc/passwd
touch /etc/shadow

now run login -f root, then you can use adduser to add other users

December 7, 2009

public DNS server

  • Google (Unfiltered)
  • Global Cyber Alliance (Filters malicious content)
  • Cloudflare
  • Level 3 Communications
This is a list of public DNS server

December 2, 2009

development environment of VS2008 Express

To Get started using command line, do this:

1. Copy file c:\program files\Visual Studio 9.0\common7\tools\vsvars32.bat to your directory such as c:\tools
2. run c:\tools\vsvars32. This sets up the environment variables, most importantly $PATH
3. use "vcbuild" to build VC project or solutions. You can also use "msbuild" which is want vcbuild calls.

VCBUILD Command Line

The VCBUILD tool uses the following command line syntax to build Visual C++ projects and solutions.

VCBUILD [options] [project | solution] [config | $ALL]



Build options. For more information, see VCBUILD Options.

VCBUILD also reads options from the VCBUILD_DEFAULT_OPTIONS environment variable.


The name of a project file.

If the project parameter is not specified and only one .vcproj file is in the directory, the project specified by the .vcproj file is built.


The name of a solution file.


The name of a project configuration to build; for example, DEBUG.

If no configuration is specified, and the VCBUILD_DEFAULT_CFG environment variable is set, the configuration it specifies is built. If it is not set, all configurations are built.


A symbolic name that means build all configurations.


To cancel the build process, press CTRL+C or CTRL+BREAK.


VCBUILD has the following options:



/clean (VCBUILD)

Specifies outputting only clean build outputs.


Specifies prefixing error lines that are outputted to stdin, stdout, stderr with the string argument.


Specifies creating an import library for a DLL configuration.


Specifies prefixing information lines that are outputted to stdin, stdout, stderr with the string argument.


Specifies performing a link without building sources.


Specifies using file as the build log.


Specifies printing commands and response file to the screen.


Specifies the number of concurrent builds to run.


Displays error and warning messages without colorization.


Specifies not generating an import library.


Specifies that .NET Framework 3.5 will be used for all assembly references when upgrading a CLR project from a previous version of Visual Studio.


Specifies performing pass 0 (MIDL) of Build.exe.


Specifies performing pass 1 (compile) of Build.exe (implies /implib).


Specifies to perform pass 2 (link) of Build.exe (implies /noimplib).


Only builds configurations for the given platform.

/rebuild (VCBUILD)

Specifies cleaning build outputs and then performs a build.


Logs the time it takes to complete the build.


Upgrades the project file to the latest supported format.


Uses the environment variables for PATH, INCLUDE, LIBS, and LIBPATH.


Prefixes warning lines with a user-defined string.

November 10, 2009

Use objdump to do library depency check

Generally, things that are trying to determine shared library
dependencies should use something like objdump, not ldd:

objdump -p $f | awk '/ NEEDED / { print $2 }'

November 6, 2009

bash history autocomplete

Add the following to your .bashrc file.

# make bash autocomplete with up arrow
bind '"\e[A":history-search-backward'
bind '"\e[B":history-search-forward'

A good tcp serial port server on Linux: remserial

This Linux Serial port (RS232) server is simple and works great. check it out.

remserial at

Another good one is ser2net. Project page in source forge:

Yet another one: serproxy at
this one supports Windows too.

November 4, 2009

Linux process view: top and htop

htop is a nice program to view linux processes, an alternative and simpler top.

November 3, 2009

Fix IP Phone for Gizmo

You may want to test first by dialing *0# and you will get one of two recordings.

1. You are behind the router that uses a NAT. You may experience call completion problems behind this router:
2. You are behind the SIP compatible router. You are now ready to make free world-wide calls to other SIP phones...:

From Boatman on the Gizmo forum: Suggested settings for ATAs behind one or more NAT routers.

(under SIP tab)
Handle_VIA_received: yes
Handle_VIA_rport: yes
Insert_VIA_received: yes
Insert_VIA_rport: yes
Substitute_VIA_Addr: yes
Send_Resp_To_Src_Port: yes
STUN_Enable: yes
NAT_Keep_Alive_Intvl: 179

(under Line_1 and Line_2 tabs)
NAT_Mapping_Enable: yes
NAT_Keep_Alive_Enable: yes
NAT_Keep_Alive_Msg: 0000 <-- sometimes just leaving this blank works
NAT_Keep_Alive_Dest: $PROXY
Register Expires: 3600

Sometimes it's preferable to configure the ATA to work without stun. This optional configuration is less easily
portable but allows phone service to continue no matter if the stun server is working.
If you want to do this perform the following steps.

1. Forward the SIP ports and the RTP port range from the router to the ATA.
2. Set "STUN Enable:" no
3. Set "NAT Keep Alive Enable:" no
4. In order for the ATA to know it's public IP address, make sure the ATA is registered with at least one SIP registrar, or enter your public IP address in "EXT IP:".

When done dial *0 or *0# to check that your RTP contact address is correct.


October 15, 2009

Understand Linux /proc/meminfo

>MemTotal: 123748 kB
Total memory available to the memory manager (i.e. guest size minus some
fixed amount used for the kernel image itself and some boot-time allocated

>MemFree: 9864 kB
Memory currently not allocated to any use by the MM. (This figure should
generally be low, because except for a small emergency reserve Linux tends
to always put all available memory to some use ...)

>Buffers: 38572 kB
>Cached: 30692 kB
Memory currently allocated to hold data backed by files. This included
pages currently memory-mapped as well as pages still cached from recent
accesses. The distinction between 'buffers' and 'cached' is becoming more
and more pointless; as a rule of thumb you can say file meta-data (e.g.
inodes, directories, indirect lists, ...) count as 'buffers', while the
actual file 'payload' data counts as 'cached'.

>SwapCached: 1196 kB
Similar to the above, but refers to anonymous memory that has already been
allocated a swap slot, but is currently present in memory anyway (because
it is still in the process of being swapped out, or because it is still
being cached on swap after having been swapped in).

>Active: 70428 kB
>Inactive: 15916 kB
The sum of these two corresponds to all memory under control of the page
replacement algorithm (i.e. anonymous pages plus page/swap cache ('buffers'
+ 'cached' + 'swap cache')). The distinction active vs. inactive refers to
the method the page replacement algorithm uses to decide when to swap pages
out; the basic idea is that a page goes from 'active' to 'inactive' state
after it hasn't been used for some time, and if an 'inactive' page
continues to remain unused from some more time, it'll get swapped out.

>HighTotal: 0 kB
>HighFree: 0 kB
This refers to 'high memory', which isn't used on zSeries.

>LowTotal: 123748 kB
>LowFree: 9864 kB
This is equivalent to MemTotal/MemFree as we don't have 'high memory' on

>SwapTotal: 50296 kB
Total size of all currently active swap devices/files.

>SwapFree: 37820 kB
Currently unused swap space.

>Dirty: 324 kB
Among the active/inactive pages, how many are 'dirty' (i.e. would need to
be paged out before they can be reused for other purposes).

>Writeback: 0 kB
Among the active/inactive pages, how many are currently in the process of
being written out to swap / backing store.

>Mapped: 35128 kB
Pages currenly mapped into user space (included both anonymous memory and
memory-mapped files).

>Slab: 15044 kB
Pages used by the kernel memory pool ('slab') allocator. For details about
slab pool allocation, see /proc/slabinfo

>Committed_AS: 224580 kB
Total user address space used by memory mappings. This is the amount of
memory you would need if all anonymous memory and memory-mapped files in
all user processes were present in memory at the same time, nothing swapped
out or still resident on backing store.

>PageTables: 1348 kB
Memory used by the kernel to hold (hardware) page tables.

>VmallocTotal: 1957887 kB
Total address space range available to the kernel's vmalloc area. This is
a region in the kernel address space used by the kernel to allocate large
areas of kernel memory that need not be backed by physically contiguous
pages. It is used e.g. for loadable kernel modules.
>VmallocUsed: 5848 kB
Portion of the vmalloc area that is currently used.
>VmallocChunk: 1951975 kB
Largest single contiguous chunk of address space currently available in the
vmalloc area.

October 13, 2009

The list of linux compatible (native driver, not ndis driver) usb wireless sticks

The list of linux compatible (native driver, not ndis driver) usb wireless sticks:

The ones available to purchase from bestbuy or Frys:


p54usb Belkin F5D7050 ver 1000 0x0707 0xee06

ar9170 Netgear WNDA3100 0x0846 0x9010


p54usb Netgear WG111 0x0846 0x4220

zd1211rw Belkin F5D7050 v.4000 050d 705c

zd1211rw Linksys WUSBF54G 13b1 001e

zd1211rw Linksys WUSBF54G 13b1 0024

zd1211rw MyEssentials G USB Adapter 050d 705c

ar9170 Netgear WN111 v2 0x0846 0x9001

September 28, 2009

gawk command to telnet into a tcp server and issue a command

#!/usr/bin/gawk -f
printf("showconfig\n") |& cmd;
printf("bye\n") |& cmd;
while ( (cmd |& getline) >0){
print $0;

September 14, 2009

awk binary editing

Gawk is powerful. Learn it when you are young!

To use awk to edit a binary file, you can simply do this:

gawk -F "" 'BEGIN{RS="/nuclear power is good/"}{printf("%s",substr($0,1,5) "\x81" substr($0,7))}' 1.out > aa

-F"" tells awk to treat every character as a field
RS="/nuclear power is good/" tells awk to use this string as the row/record separator. Since this string does not exist in your binary file (if by a weird chance it does, change it to another random string), awk will treat all file as one single record.

Now you have the entire binary file as a string in $0, just use your string functions to do substitutions and changes. In the example above, I changed the character at offset 6 to hex 0x81.

Is this wonderful?

September 10, 2009

awk script for processing comma seperated files

This script remove leading and trailing spaces of each line,
and the field separator is any amount of space, tab mixed with one comma (of course you can also use = or other symbols).

#!/usr/bin/awk -f

FS=" *, *"
gsub(/^[ \t]+|[ \t]+$/, "");
print "===="

August 31, 2009

unbrick TEW-652BRP router

TEW-652BRP is one of the cheapest 11N wireless routers (availabe around $30). It can be flashed with Dlink DIR-615 firmware and openwrt firmware.

The bootloader is u-boot, and it has a built-in web server for firmware upgrade. To unbrick/upgrade, following these steps:

1. unplug power
2. hold reset button using a pin
3. plug power back while holding the reset button
4. wait around 20-30s.
5. You should see the STATUS LED (the one next to power) blink slowly. This is the indication that the device is in u-boot web server mode
6. Set your PC IP address to The router IP address is
7. Browse to, upload the firmware. The firmware is required to use dlink hardware ID (ending with .2)
8. Wait until it is 100% finished (indicated on the screen), and then wait another 30s, and repower the router (it does NOT reboot automatically).
9. That's it. The default Dlink firmware IP address is

August 25, 2009

trace inter-process communication

"strace" and "lsof" are two very powerful tools to debug running processes in a Linux system.

Use "lsof -p PID" to find out the socket/fifos a process is using
Use "lsof -p PID -Pn" to have lsof show ip and port number instead of names

Use [ strace -p 24846 -ewrite,read -s 1024 -xx 2>&1 | grep -E "^write\(7|^read\(6" ] to trace the real-time read/write of the process

August 14, 2009

Set the sort order of file open dialog

Set the order you wish to see using Windows Explorer, hold Ctrl and press
the Close button on the window. The sorting order for the Open/Save dialog
should be changed :-)

I wish this is documented somewhere by the guys in Redmond.

August 5, 2009

ASUS Restore firmware /unbrick

ASUS WL-500gP V2 is a great router. One of good things is you can always unbrick it.

To unbrick it. unplug it, hold on the "restore" button, plug power, and wait for 5 seconds, the power LED should go into slow blinking. This shows that the box is in recovery mode.

Connect a PC to a LAN port, and make sure you disable all other network connections on the PC you are using to flash. This is the key!!

Set you PC Ethernet IP to You will NOT be able to ping That is OKAY.

Now fire up the ASUS Firmware Restoration utility (came with your box in the CD or downloadable from ASUS website in Utilties), and load the firmware.

Regardless whether your firmware is good or bad, you can always use this method to reflash the box.

DD-WRT sets the NVRAM password. I had to restore the firmware to ASUS firmware and press RESTORE button for more than 10 seconds, and reboot to erase the NVRAM password. Then I reflash my box to tomato firware.

VMWare Player hidden vmnetcfg

2/28/2003 Update:

In VMWare Player 5 you need to:
go to the vmware-directory and run in elevated cmd.exe-box

rundll32.exe vmnetui.dll VMNetUI_ShowStandalone

Original Post:

I like VMWare player for its stability but wanted to have more control on the network configuration. For example, I wanted to configure which physical network card to map to the bridged network in vmware player. I dug around the internet but did not find any. Fortunately when scanning through the EXE files installed by VMWare Player I found what I was looking for: vmnetcfg.exe.

So simply go to the following directory in your Windows and run "vmnetcfg"

C:\Program Files\VMware\VMware Player>vmnetcfg

And you should see a window popping up where you can configured all network configurations.

I think the configurations are saved to somewhere in the registry. After changing my bridged network map, and rebooted my virtual Linux, the bridged network worked great.

You can also changed DHCP settings, NAT settings (port forwarding on both TCP and UDP), and all kinds of other interesting things. Be sure to check it out if you use vmware player.

This is the screenshot:

August 3, 2009

Change Linux Ethernet Speed and Duplex

Task: Change the speed and duplex settings

Setup eth0 negotiated speed with mii-tool
Disable autonegotiation, and force the MII to either 100baseTx-FD, 100baseTx-HD, 10baseT-FD, or 10baseT-HD:# mii-tool -F 100baseTx-HD
# mii-tool -F 10baseT-HD
Setup eth0 negotiated speed with ethtool# ethtool -s eth0 speed 100 duplex full
# ethtool -s eth0 speed 10 duplex half
To make these settings permanent you need to create a shell script and call from /etc/rc.local (Red Hat) or if you are using Debian create a script into the directory /etc/init.d/ directory and run update-rc.d command to update the script.

Read man page of mii-tool and ethtool for more information.


July 29, 2009

enable multiple dummy ethernet interfaces in Linux

To get my dummy interfaces, just do this:
 modprobe dummy numdummies=5

July 22, 2009

How can I force a reload of an image from the server if the image already exists in the browser's cache?

Q416 How can I force a reload of an image from the server if the image already exists in the browser's cache?

By adding a different search string value after the image href. The following reloads the image from the server every 10 seconds:

<---script language="JavaScript">
function reloadImage() {
var now = new Date();
if (document.images) {
document.images.myImageName.src = 'picture.gif?' + now.getTime();
setTimeout('reloadImage()',10000); //-->


June 29, 2009

Measure TCP Throughput using netcat (nc)

netcat (nc) is installed on almost all Linux computers. So when you do not have tools such as iperf available for TCP throughput testing, try the way of doing it with netcat.

On machine A, do :

nc -v -v -l -n -p 2222 >/dev/null

For redhat or Fedora Core do this instead:

nc -v -v -l -n 2222 >/dev/null

On machine B do:
time yes|nc -v -v -n 2222 >/dev/null

Now wait 30 seconds, and hit Ctrl-C on machine B, and you shoud get something like this:
sent 87478272, rcvd 0
real 0m9.993s
user 0m2.075s
sys 0m0.939s

Now calculate the throughput
87478272 * 8 / 9.993 (the nubmer above after real)

You can use python as a calculator to do this. :-)

Now that's pretty easy, isn't it?

June 10, 2009

tcpdump "received by filter"

When you use tcpdump on Linux, and do not see all the packets you are expecting, and get something like this:

10 packets captured
100 packets received by filter
0 packets dropped by kernel

Make sure you use "tcpdump -Nn ...". This disables tcpdump name lookup, and makes tcpdump much faster/real-time. It took me some time to find this out. Hope this helps.

June 4, 2009

How to change stored Network Printer Credentials

Try running on the problematic PC (XP), from the start/run box:
rundll32.exe keymgr.dll, KRShowKeyMgr
This should open the password management console. If your saved share is present, you should be able to delete it.
The following article outlines in detail

May 7, 2009

Virtualbox, Ubuntu, Change Screen Resolution

After installing the guest package, Ubuntu 9.04 still does not show the right screen resolution.

Then do this:

At the terminal type this

sudo dpkg-reconfigure -phigh xserver-xorg

and log out, and log back in.

Now your screen resolution is the same as your window size. Just maximize your window or go full screen to get the max screen resolution

April 21, 2009

Struct sockaddr and friends


include <netinet/in.h>

// All pointers to socket address structures are often cast to pointers
// to this type before use in various functions and system calls:

struct sockaddr {
unsigned short sa_family; // address family, AF_xxx
char sa_data[14]; // 14 bytes of protocol address

// IPv4 AF_INET sockets:

struct sockaddr_in {
short sin_family; // e.g. AF_INET, AF_INET6
unsigned short sin_port; // e.g. htons(3490)
struct in_addr sin_addr; // see struct in_addr, below
char sin_zero[8]; // zero this if you want to

struct in_addr {
unsigned long s_addr; // load with inet_pton()

April 1, 2009

vim marks


You can set marks within your documents to jump quickly between different positions of a document or even many documents.

Vim automatically sets various marks like

* {0-9} are the last 10 positions of closed files (0 the last, 1 the last but one)
* <> are the left and right position of marked texts
* ( and ) are the start or end of the current sentence
* { and } are the start or end of the current paragraph
* [ and ] are the first or last character of the last yanked or changed text
* . position of the last change
* ' or ` position before the last jump
* " position before the last exit of the file (local to a file)
* ^ position of the last insert-stop

To set a manual mark, use m{a-zA-Z} (m followed by either a,b..z or A,B,..Z), and to jump to one of the marks (manual or automatic) you can choose between ' and `

* ' ...sets the cursor to the first non-blank character in the marked line
* ` ...sets the cursor to the exact position where the mark was set

There is a little difference between lower-case and upper-case characters:

* {a-z} are local to a file
* {A-Z} are stored and available over sessions (associated with a file)

You can use L for your work-log and T for your time-table for example, and quickly update the information there.

For example you can jump to the last known position of a file before it was closed by typing `" (it’s easy to configure Vim to do it automatically at start).

To get a list of all marks Vim knows about type :marks. To delete marks use :delmarks (:delmarks a b c removes marks a and b and c, to delete all marks use :delmarks!).

More tips at

March 30, 2009

Fix Debian Problem: W: There is no public key available for the following key IDs

When you do an "apt-get" on Debian, you get:

W: There is no public key available for the following key IDs:

To fix this problem, just run this:

sudo apt-get install debian-archive-keyring

March 20, 2009

google search tips 1

Typically google will display page with the "searched text" either in the page or in referring pages.

To only show pages with the search phrases in them, start your search with "allintext:"

Other possible web search options are:

March 19, 2009

GNU Screen Reference

screen Quick Reference

Getting in

start a new screen session: screen
.. with session name: screen -S
attach to a running session: screen -r
.. to session with name: screen -r
the “ultimate attach”: screen -dRR (Attaches to a screen session. If the session is attached elsewhere, detaches that other display. If no session exists, creates one. If multiple sessions exist, uses the first one.)

Escape key

All screen commands are prefixed by an escape key, by default C-a (that's Control-a, sometimes written ^A). To send a literal C-a to the programs in screen, use C-a a.

Getting out

detach: C-a d
detach and logout (quick exit): C-a D D
exit screen: exit all of the programs in screen.
force-exit screen: C-a C-\ (not recommended)


See help: C-a ? (lists keybindings)

Window Management

create new window: C-a c
change to last-visited active window: C-a C-a (commonly used to flip-flop between two windows)
change to window by number: C-a (only for windows 0 to 9)
change to window by number or name: C-a '
change to next window in list: C-a n or C-a
change to previous window in list: C-a p
see window list: C-a ” (allows you to select a window to change to)
show window bar C-a w (if you don't have window bar)
close current window: Close all applications in the current window (including shell)
kill current window: C-a k (not recommended)
rename current window: C-a A

Split screen

split display: C-a S
jump to next display region: C-a tab
remove current region: C-a X
remove all regions but the current one: C-a Q


redraw window: C-a C-l
enter copy mode: C-a [ (also used for viewing scrollback buffer)
paste: C-a ]
monitor window for activity: C-a M
monitor window for silence: C-a _
enter digraph: C-a C-v
lock (password protect) display: C-a x
enter screen command: C-a :

Disable screensaver in registry

At times, there is need to disable screensaver on Windows but the option is disabled on the Background windows. Use the following option in Registry to do it:

HKEY_CURRENT_USER\Control Panel\Desktop\screensaveactive

process binary data with gawk

In times, there is need for gawk to process binary data, such as dumping the content of a binary file (mimicking od or xxd), or dump the content of a binary packet. The following script comes handy for this purpose.

#!/usr/bin/gawk -f
for (i = 0; i <>
d[sprintf("%c", i)]=i;
for (i=1;i<=NF;i++){
printf("%02X ",d[$i]);
if (count%16==0)
printf("0A ");
if (count%16==0)

March 9, 2009

California Limited Liability Company Fee

LLCs are subject to an $800 annual tax if they are doing business in California or have articles of organization accepted, or a certificate of registration issued by the California Secretary of State. The annual tax is prepaid for the privilege of doing business in California, and is due and payable on or before the 15th day of the 4th month after the beginning of the taxable year. The annual tax must be paid for each taxable year until the appropriate papers are filed.

In addition to the annual $800 tax, every California LLC must pay a fee based on total annual income. The LLC fee is due on or before the 15th day of the 4th month after the close of the LLC’s taxable year. The California Franchise Tax Board has a booklet containing much of what one needs to know about LLCs. For taxable years beginning on or after January 1, 2002, use the following chart to compute the fee:

If total annual income is equal to or over – but not over –

$250,000 to $499,999 the fee is $900
$500,000 to $999,999 the fee is $2,500
$1,000,000 to $4,999,999 the fee is $6,000
$5,000,000 and over the fee is $11,790

If the California Franchise Tax Board (FTB) determines multiple LLCs were formed for the primary purpose of reducing fees, the LLC’s total income from all sources that are reportable to California could include the aggregate total income of all commonly controlled LLC members. “Commonly controlled” means control of more than 50% of the capital interests or profit interests of the taxpayer and any other LLC or partnership by the same persons.

January 27, 2009

Install IE6 on Debian using ies4linux

1) Login as root and do:

apt-get update
apt-get install wine libxxf86dga1 libxxf86vm1 cabextract

2) Logout and login with a user account. Download and install IEs4Linux:

tar zxvf ies4linux-latest.tar.gz
cd ies4linux-*

Do not run ./ies4linux,because the GUI version is not stable. Instead , run

./ies4linux --no-gui --install-corefonts

It is important to have the --install-corefonts option, otherwise some webpage does not display correctly.

January 14, 2009


To do one-way streaming of a MP3 file:

vlc test.mp3 --mtu=120 :sout="#duplicate{dst=std{access=udp,dst=}}"

or simple version:
vlc test.mp3 --sout udp:

To use non-GUI interface

vlc -I rc test.mp3 --mtu=120 :sout="#duplicate{dst=std{access=udp,dst=}}"

To hear the music:
vlc udp://@
vlc udp://@
vlc udp://@:1234 (1234 is the default port)

VLC command line examples (test with version 0.9.8a)

Good Links
---------------- (Command line module syntax) (Codec Matrix)


To receive a UDP streaming on the interface with a udp port of 3000

vlc udp://

a shorter version:

vlc udp://@:3000

If the udp port if the default port used by VLC (port 1234), this can be even shorter:

vlc udp://

To receive from a RTSP address, use:
vlc rtsp://URL

same goes for http, ftp or mms streaming url, and a SDP file.


vlc input_stream --sout "#module1{option1=parameter1{parameter-option1},option2=parameter2}:module2{option1=...,option2=...}:..."

You may also use the following syntax :
% vlc input_stream --sout-module1-option1=... --sout-module1-option2=... --sout-module2-option1=... --sout-module2-option2=... ...

The stream output also offers a simplified syntax, with which you can only you use the standard module main options:
% vlc input_stream --sout access/mux:url
where access, mux and url are as defined in the options of the -standard- module.

input_stream: any address usable by the RECEIVE&PLAY section above, so it can be RTP:// or HTTP:// or UDP:// ,etc

-I dummy
Disables the graphical interface
Quit VLC after transcoding

Streaming Modules Discription

-- standard(std), allows to send the stream via an access output module: for example, UDP, file, HTTP, ... You will probably want to use this module at the end of your chains.


-- transcode, is used to transcode (decode and re-encode the stream using a different codec and/or bitrate) the audio and the video of the input stream. If the input or output access method doesn't allow pace control (network, capture devices), this done "on the fly", in real time. This can require quite a lot of CPU power, depending on the parameters set. Other streams, such as files and disks are transcoded as fast as the system allows it.


-- duplicate, allows you to create a second chain, where the stream will be handled in an independent way.

dst= (Any of the stream output module described earlier, such as standard,transcode,etc can be used as parameter of this option)

-- display, allows you to display the input stream, as VLC would normally do. Used with the duplicate module, this allows you to monitor the stream while processing it.

-- rtp, streams over RTP (one UDP port for each elementary stream). This module also allows RTSP support.
port=port number (must be an even number)
port-video= port number (must be an even number)
port-audio= port number (must be an even number)
mux= ,This option allows to set the encapsulation method used to send the stream. See mux= options of the standard module for a description of the available method. Only ts is possible for RTP streams. By default, each elementary stream is sent as a separate RTP media, i.e. no encapsulation is done.

-- To record from microphone and send out using udp
vlc --mtu=120 dshow:// :dshow-vdev="none" :dshow-adev="" :sout=#transcode{acodec=mp4a,ab=24,channels=1}:duplicate{dst=std{access=udp,mux=ts,dst=:1234}}

vlc --mtu=120 dshow:// :dshow-vdev="none" :dshow-adev="" :sout=#transcode{acodec=mp4a,ab=24,channels=1}:std{access=udp,mux=ts,dst=:1234}

or (record a-law wav file, somehow there is a lot of noise)
vlc dshow:// :dshow-vdev="none" :dshow-adev="" --dshow-audio-channels=1 --dshow-audio-samplerate=8000 --dshow-audio-bitspersample=8 :sout=#transcode{acodec=alaw,ab=64,channels=1}:std{dst=c:\temp\abc.wav,mux=wav,access=file}

-- To stream a wav file as G711 alaw. Note that VLC is sensitive to the input format. To stream G711, the input file has to be 8000 samples per second, 8bit.
vlc.exe c:\tools\record\national_anthem.wav --sout "#transcode{acodec=alaw,ab=64,scale=1,channels=1,ar=8000}:rtp{dst=,port-audio=1250}"

January 6, 2009

scp with automatic password input

I know I should use certificate to automate this, but sometimes we do need to do scp with a password and it would be nice to automate it. Here Document does work. We need "expect" utility to do it. Here is an example:

#!/usr/bin/expect -f

# trick to pass in command-line args to spawn
#eval spawn scp $argv
eval spawn scp hcw root@

expect "password: $"
send "yourpassword\n"

# wait for regular shell prompt before quitting
# probably a better way using 'wait'
expect "$ $"

January 1, 2009

Camera Hack with Google

(These camera hacks, are mostly security cameras) Airports, Car Parks, Colleges, Back Gardens, Traffic Cams etc.

(These camera hacks, are mostly) Private Web Cams etc.

(These camera hacks, are mostly security cameras) Car Parks, Colleges etc live webcams
(Brings up a huge list of Web Cams from around the world, you just have to pick one)

(Thses are Network Cameras)

intitle:"snc-rz30 home"
(These cameras are mostly security cameras, shops, car parks)

intitle:"WJ-NT104 Main"
(These cameras are mostly security cameras, shops, car parks)

inurl:LvAppl intitle:liveapplet
(These camera hacks, are mostly security cameras) Car Parks, Colleges etc

intitle:"Live View / - AXIS"
(These camera hacks, are mostly security cameras) Car Parks, Colleges etc

inurl:indexFrame.shtml "Axis Video Server"
(These camera hacks, are mostly security cameras) Car Parks, Colleges etc

intitle:Axis 2400 video server
(These camera hacks, are mostly security cameras) Car Parks, Colleges, Clubs, Bars etc.

(These camera hacks, are mostly security cameras) Car Parks, Colleges etc.

intitle:"Live View / - AXIS" | inurl:view/view.shtml
(These camera hacks, are mostly security cameras) Car Parks, Colleges etc.

(Thses are Network Cameras)

(These camera hacks, are mostly security cameras) Parks, Bird Tables etc.

(These camera hacks, are mostly security cameras) you will have to keep refreshing these..

(These camera hacks, are mostly security cameras) Car Parks, Colleges, Clubs, Bars etc.
allintitle:"Network Camera NetworkCamera" (Thses are Network Cameras)

intitle:axis intitle:"video server"
(These camera hacks, are mostly security cameras) Car Parks, Colleges, Clubs, Bars, Ski slope etc.

intitle:"EvoCam" inurl:"webcam.html"
(These camera hacks, are mostly security cameras) From europe etc.

intitle:"Live NetSnap Cam-Server feed"
(Thses are Network Cameras) Private and Non Private Web Camera.

inurl:indexFrame.shtml Axis
(These camera hacks, are mostly security cameras) Car Parks, Colleges etc.

(These camera hacks, are mostly security cameras) Pet shop, Colleges etc.

intitle:snc-z20 inurl:home/
(These camera hacks, are mostly security cameras) Swimming pool, and more.

intitle:snc-cs3 inurl:home/
(These camera hacks, are mostly security cameras) Swimming pool, and more.