December 29, 2016

debian/ubuntu snmp has lots of "error on subcontainer ‘ia_addr’ insert (-1)" reports in /var/log/syslog

Modifying /etc/defaults/snmpd and setting "-Lsd" to "-LS6d" in SNMPDOPTS and TRAPDOPTS hides the error message (as suggested by http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559109).

Or you can use  `sed -i "s|-Lsd|-LS6d|" /etc/default/snmpd`  to fix the problem.

November 30, 2016

solve kvm soft lockup

       

Update: setting to jiffies on my guest seems to be the most stable (no lockups yet in the last 24 hours)

Original Post:
I googled around and by adding clocksource=jiffies to my kernel i fixed it. Instead of jiffies you could also try "pit". This is for the guest OS. You can also use kvm-clock if that is available to you. To check, run the following commands and see whether kvm-clock is available


# cat /sys/devices/system/clocksource/clocksource0/available_clocksource 
tsc hpet acpi_pm jiffies 
# cat /sys/devices/system/clocksource/clocksource0/current_clocksource 
tsc

Some people say that the best option for a precise clock on the guest is to use the kvm-clock source (pvclock) which is synchronized with clock's host.

There are also reports of disabling C-states in the BIOS.

November 16, 2016

gvim set size and color scheme

put this in ~/_vimrc:

set lines=51 columns=200
winpos 56 56
colorscheme desert

November 4, 2016

batteries, material, voltage

Carbon zinc - non-reversible, 1.5v

Alkaline - non-reversible (basically, but some reversibility can be forced) 1.5 v

NiCd - reversible - 1.2v nominal, 1.35v fully charged, 0.9v discharged

NiMH - reversible - 1.2 v nominal, 1.35 - 1.4v fully charged, 1.0 v discharged

Lead Acid - reversible, 2.0v discharged, 2.3v charged

Lithium Polymer - reversable - 3.7v nominal, 4.2v fully charged, 3.0 discharged

Lithium Ion (LiFePO4) - reversable - 3.3v nominal, 3.6v fully charged, 2.8v discharged  

October 11, 2016

hexdump is awesome

It can dump binary with any specified format

hexdump -e '"optional-start" iterations/number_of_bytes "format" "optional-ending"'

Example 1:
  hexdump -e '16/1 "%02X " "\n"' x.bin
dumps 16 bytes in a row one-byte-at-a-time, and then adds line return at the row.
To add an offset to each line in the format of 0x0000:
  hexdump -e '"0x%04_ax " 16/1 "%02X "  "\n"'
Example 2:
  hexdump -e '"[" 12/1 "%02 " "]\n"' x.bin

dumps 12 bytes in a row with [ in the beginning and ] at the end.


October 6, 2016

Increasing a KVM Virtual Machine Disk when using LVM and ext4

Scenario: I am running several virtual machine guests using QEMU/KVM. Both the host and guest operating systems are Ubuntu 12.04 LTS. The guests are raw images (as opposed to QEMU qcow2 or disk partitions). My instructions for setting up the virtual machines are here. One of the guests image is stored on the host as:
sgordon@host:~$ ls -lhs /var/vm/
total 14G
14G -rwxr-xr-x 1 libvirt-qemu kvm 20G May 18 14:26 it.img
Currently the image is allocated 20GB of space. But note that as Linux ext4 file systems support sparse files, it only takes up 14GB on the disk, as the guest is only using 14GB of the 20GB space available. (The -s option for ls shows the actual size). In the guest virtual machine I am using LVM and ext4 filesystems.
My goal is to increase the size of the guests hard disk, i.e. increase the raw image size. In this case I will increase it from 20GB to 45GB. Mathew Branwell gives a detailed description of the steps involved. I've basically copied his instructions, with some minor changes to resizing the guest image. In summary the steps are:
  1. On the host: Increase the size of the guests image
  2. On the guest: Increase the disk partition
  3. On the guest: Increase the LVM physical and logical volumes
  4. On the guest: Increase the file system size
Note that these steps only apply for increasing the size. Decreasing the size is a bit different and has greater potential of data loss.

Guest: Shutdown the Guest Virtual Machine

Before getting started, lets just summarise some details about the guest, in particular the LVM Physical Volumes, Logical Volumes and filesystems. Note that in the examples guest is shown in the prompt indicating the commands are run in the guest (as opposed to the host).
sgordon@guest:~$ sudo pvs
  PV         VG   Fmt  Attr PSize  PFree
  /dev/vda5  vmit lvm2 a-   19.81g    0 
sgordon@guest:~$ sudo lvs
  LV   VG   Attr   LSize Origin Snap%  Move Log Copy%  Convert
  home vmit -wi-ao 5.84g                                      
  root vmit -wi-ao 4.66g                                      
  tmp  vmit -wi-ao 4.66g                                      
  var  vmit -wi-ao 4.66g  
sgordon@guest:~$ df -h
Filesystem             Size  Used Avail Use% Mounted on
/dev/mapper/vmit-root  4.7G  1.8G  2.7G  40% /
udev                   728M  4.0K  728M   1% /dev
tmpfs                  293M  264K  293M   1% /run
none                   5.0M     0  5.0M   0% /run/lock
none                   732M     0  732M   0% /run/shm
/dev/vda1              189M   24M  155M  14% /boot
/dev/mapper/vmit-tmp   4.7G  198M  4.3G   5% /tmp
/dev/mapper/vmit-var   4.7G  1.3G  3.2G  28% /var
/dev/mapper/vmit-home  5.9G  2.5G  3.1G  45% /home
The first step is to shutdown the guest virtual machine:
sgordon@guest:~$ sudo shutdown -P now

Broadcast message from sgordon@guest
 (/dev/pts/0) at 14:51 ...

The system is going down for power off NOW!

Host: Increase the Virtual Machine Image Size

Now resize the image on the host machine:
sgordon@host:~$ sudo qemu-img resize /var/vm/guest.img +25G
Image resized.
This increases the guest image file by 25GB. To check:
sgordon@host:~$ ls -lhs /var/vm/
total 14G
14G -rwxr-xr-x 1 root root 45G May 18 14:53 guest.img
Now start and login to the guest for the remaining steps:
sgordon@host$ sudo virsh start guest
Domain it started
sgordon@host$ ssh guest

Guest: Increase the Partition Size

First on the guest we need to increase the partition sizes using fdisk:

sgordon@guest:~$ sudo fdisk /dev/vda

Command (m for help): 
fdisk takes single letter commands as described in the help. Using the command p to print the current partitions:
Command (m for help): p

Disk /dev/vda: 48.3 GB, 48318382080 bytes
16 heads, 63 sectors/track, 93622 cylinders, total 94371840 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x00079e72

   Device Boot      Start         End      Blocks   Id  System
/dev/vda1   *        2048      391167      194560   83  Linux
/dev/vda2          393214    41940991    20773889    5  Extended
/dev/vda5          393216    41940991    20773888   8e  Linux LVM
Note that my disk (/dev/vda) is 48.3GB, but my partitions are only using 20GB (20773888 blocks).
Be careful! Your partitions will be different from mine. Use the devices/sizes for your partitions in the following examples. I have an initial boot partion on /dev/vda1 followed by an extended partition with Linux LVM.
I want to increase the size of the Extended and Linux LVM partitions by first deleting them and then creating new ones of the same type but different size. Note the device names and system/IDs in your partition table.
To delete partitions use the d command and specifiy the partition number (2 and 5 in my case):
Command (m for help): d
Partition number (1-5): 5

Command (m for help): d
Partition number (1-5): 2

Command (m for help): p

Disk /dev/vda: 48.3 GB, 48318382080 bytes
16 heads, 63 sectors/track, 93622 cylinders, total 94371840 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x00079e72

   Device Boot      Start         End      Blocks   Id  System
/dev/vda1   *        2048      391167      194560   83  Linux
Now lets create new partitions. I will use the same structure as before but use the entire disk. Use the n command:
Command (m for help): n
Partition type:
   p   primary (1 primary, 0 extended, 3 free)
   e   extended
Select (default p): e
Partition number (1-4, default 2): 2
First sector (391168-94371839, default 391168): <ENTER> 
Using default value 391168
Last sector, +sectors or +size{K,M,G} (391168-94371839, default 94371839): <ENTER>
Using default value 94371839
I create a new extended partition number 2 using the default first and last sectors. I also need to create the second new logical partition:
Command (m for help): n
Partition type:
   p   primary (1 primary, 1 extended, 2 free)
   l   logical (numbered from 5)
Select (default p): l
Adding logical partition 5
First sector (393216-94371839, default 393216): <ENTER> 
Using default value 393216
Last sector, +sectors or +size{K,M,G} (393216-94371839, default 94371839): <ENTER>
Using default value 94371839
I also need to specify the type of the logical partition, i.e. Linux LVM. From the original partition table the Id of the Linux LVM system is 8e:
Command (m for help): t
Partition number (1-5): 5
Hex code (type L to list codes): 8e
Changed system type of partition 5 to 8e (Linux LVM)
The resulting partition table follows. Note that is is the same structure as the original table but the size of the last two partitions (/dev/vda2 and /dev/vda5) have changed from 20GB to about 45GB.
Command (m for help): p

Disk /dev/vda: 48.3 GB, 48318382080 bytes
16 heads, 63 sectors/track, 93622 cylinders, total 94371840 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x00079e72

   Device Boot      Start         End      Blocks   Id  System
/dev/vda1   *        2048      391167      194560   83  Linux
/dev/vda2          391168    94371839    46990336    5  Extended
/dev/vda5          393216    94371839    46989312   8e  Linux LVM
If your partition table is correct then the last step is to write those changes:
Command (m for help): w
The partition table has been altered!

Calling ioctl() to re-read partition table.

WARNING: Re-reading the partition table failed with error 16: Device or resource busy.
The kernel still uses the old table. The new table will be used at
the next reboot or after you run partprobe(8) or kpartx(8)
Syncing disks.
sgordon@guest:~$
Note the warning: you need to reboot for the new partition table to be read:
sgordon@guest:~$ sudo shutdown -r now
Broadcast message from sgordon@it
 (/dev/pts/0) at 15:15 ...

The system is going down for reboot NOW!

Guest: Increase the LVM Physical and Logical Volume Sizes

Note that this step only applies if you are using LVM.
After rebooting and logging back in, we need to update LVM. First note the current size of the Physical Volume. On my guest virtual machine I have one physical volume:
sgordon@guest:~$ sudo pvs
  PV         VG   Fmt  Attr PSize  PFree
  /dev/vda5  vmit lvm2 a-   19.81g    0 
We need to resize the physical volume:
sgordon@guest:~$ sudo pvresize /dev/vda5
  Physical volume "/dev/vda5" changed
  1 physical volume(s) resized / 0 physical volume(s) not resized
sgordon@guest:~$ sudo pvs
  PV         VG   Fmt  Attr PSize  PFree 
  /dev/vda5  vmit lvm2 a-   44.81g 25.00g
The physical volume now takes the full space of 45GB, and there is 25GB free. We will extend the Logical Volumes to use that extra 25GB. In my case I have four logical volumes: home, root, tmp and var (and the correpending directories are mount to them). In this case I want to increase the size of the home and var volumes by 15GB and 10GB, respectively. I will use lvextend which requires you to specify the logical volume relative to the volume group.
sgordon@guest:~$ sudo vgs
  VG   #PV #LV #SN Attr   VSize  VFree 
  vmit   1   4   0 wz--n- 44.81g 25.00g
The name of my volume group is vmit. So now lets extend the two logical volumes:
sgordon@guest:~$ sudo lvextend -L +15G /dev/vmit/home
  Extending logical volume home to 20.84 GiB
  Logical volume home successfully resized
sgordon@guest:~$ sudo lvextend -L +10G /dev/vmit/var
  Extending logical volume var to 14.66 GiB
  Logical volume var successfully resized
The result, as shown below, is the volume group now has no space free and the home>/kbd> and var logical volumes are now 21GB and 15GB, respectively.
sgordon@guest:~$ sudo vgs
  VG   #PV #LV #SN Attr   VSize  VFree
  vmit   1   4   0 wz--n- 44.81g    0 
sgordon@guest:~$ sudo lvs
  LV   VG   Attr   LSize  Origin Snap%  Move Log Copy%  Convert
  home vmit -wi-ao 20.84g                                      
  root vmit -wi-ao  4.66g                                      
  tmp  vmit -wi-ao  4.66g                                      
  var  vmit -wi-ao 14.66g                                      

Guest: Increase the Filesystem Sizes

The last step is to grow the filesystems to use the entire logical volume. Currently the filesystems sizes are still the original sizes, as shown below.
sgordon@guest:~$ df -h
Filesystem             Size  Used Avail Use% Mounted on
/dev/mapper/vmit-root  4.7G  1.8G  2.7G  40% /
udev                   728M  4.0K  728M   1% /dev
tmpfs                  293M  252K  293M   1% /run
none                   5.0M     0  5.0M   0% /run/lock
none                   732M     0  732M   0% /run/shm
/dev/vda1              189M   24M  155M  14% /boot
/dev/mapper/vmit-tmp   4.7G  198M  4.3G   5% /tmp
/dev/mapper/vmit-var   4.7G  1.3G  3.2G  28% /var
/dev/mapper/vmit-home  5.9G  2.5G  3.1G  45% /home
In my case I am using ext4 filesystems and using resize2fs I can increase their size online, that is, while they're mounted. If you have a different filesystem (or possibly older kernel) online resizing may not be possible; you may need to unmount the filesystems first.
sgordon@guest:~$ sudo resize2fs /dev/vmit/home
resize2fs 1.42 (29-Nov-2011)
Filesystem at /dev/vmit/home is mounted on /home; on-line resizing required
old_desc_blocks = 1, new_desc_blocks = 2
Performing an on-line resize of /dev/vmit/home to 5463040 (4k) blocks.
The filesystem on /dev/vmit/home is now 5463040 blocks long.

sgordon@guest:~$ sudo resize2fs /dev/vmit/var
resize2fs 1.42 (29-Nov-2011)
Filesystem at /dev/vmit/var is mounted on /var; on-line resizing required
old_desc_blocks = 1, new_desc_blocks = 1
Performing an on-line resize of /dev/vmit/var to 3842048 (4k) blocks.
The filesystem on /dev/vmit/var is now 3842048 blocks long.
Note that the resize takes some time. Finally, check the new sizes:
sgordon@guest:~$ df -h
Filesystem             Size  Used Avail Use% Mounted on
/dev/mapper/vmit-root  4.7G  1.8G  2.7G  40% /
udev                   728M  4.0K  728M   1% /dev
tmpfs                  293M  252K  293M   1% /run
none                   5.0M     0  5.0M   0% /run/lock
none                   732M     0  732M   0% /run/shm
/dev/vda1              189M   24M  155M  14% /boot
/dev/mapper/vmit-tmp   4.7G  198M  4.3G   5% /tmp
/dev/mapper/vmit-var    15G  1.3G   13G   9% /var
/dev/mapper/vmit-home   21G  2.5G   18G  13% /home
I now have a 15GB /var filesystem and a 21GB /home filesystem.


Source: https://sandilands.info/sgordon/increasing-kvm-virtual-machine-disk-using-lvm-ext4

September 23, 2016

Where to download broadcom Netgear R7000 toolchain binary

The toolchain file is hndtools-arm-linux-2.6.36-uclibc-4.5.3.tar.bz2

Download URL: https://sourceforge.net/projects/nvg599.arris/files/

This tarball also contains the Broadcom code drop bcm963xx_4.06L.03_consumer_release.tar.gz, which was created using Broadcom's source code redistribution process, bcm47xx.tar.bz2 which is the 5GHz code, hndtools-arm-linux-2.6.36-uclibc-4.5.3.tar.bz2, which is the toolchain for the 5Ghz code, and axis.tar.bz2 which is the code that runs on the main SOC.

September 20, 2016

vim matching IP address

\(\d\+\.\)\{3\}\d\{1,3\}

September 15, 2016

configure linux strongswan vpn client

1. generate a vpn client cert, and its private key
2. /etc/ipsec.conf
conn %default
    keyexchange=ikev2
    dpdaction=clear
    dpddelay=300s
    rekey=no
    ikelifetime=24h
    lifetime=24h

conn iosIKE2
     keyexchange=ikev2
     left=%defaultroute
     leftcert=vpncert.cert
     leftsourceip=%config
     right=vpnserver.myserver.com
     rightid=%any
     rightsubnet=0.0.0.0/0
     leftauth=rsa
     rightauth=rsa
     rekey=no
     reauth=no
     dpdtimeout=30
     dpdaction=hold
     auto=start

/etc/strongswan.conf : add logging
charon {
        load_modular = yes
        plugins {
                include strongswan.d/charon/*.conf
        }
    filelog {
        /var/log/charon.log {
            # add a timestamp prefix
            time_format = %b %e %T
            # prepend connection name, simplifies grepping
            ike_name = yes
            # overwrite existing files
            append = no
            # increase default loglevel for all daemon subsystems
            #default = 1
            # flush each line to disk
            flush_line = yes
        }
        }
}

/etc/ipsec.secrets:
: RSA vpncert.key

Then 
copy the cert file to /etc/ipsec.d/certs
copy the CA certs file to /etc/ipsec.d/cacerts, one CA cert per file
copy the private key file to /etc/ipsec.d/private

use ipsec start to start
check file /var/log/charon.log to see logs
ipsec stop to stop 
ipsec status  (or statusall) to status.

The above will make the linux client computer not accessible locally.
If you need split tunnel, add the following:
ip rule add from all pref 100 table 100
ip route add 192.168.140.0/24 dev eth0 table 100

192.168.140.0 is your local subnet
eth0 is your local network interface.

September 8, 2016

How to use curl with a specific network interface

The goal is to direct curl's request to a specific interface, for example, tun0.

Assume tun0 has the IPv4 address of 192.168.15.2. Below is the command line:

mycurl --dns-ipv4-addr 192.168.15.2 --dns-interface tun0 --interface tun0 -4  www.yahoo.com

The default "curl" program in Debian/Ubuntu is not (as is Ubuntu 14.04) compiled with the lib-ares library, which is required for the above arguments to work. You will need to download the lib-ares library first (hosted by curl project), compile it, and then compile your own curl binary.  To configure curl to use your newly installed lib-ares lib, do this:

./configure --enable-ares=/usr/local/

"-4" argument is to tell curl to only use IPv4 IP. Otherwise it will wait for the IPv6 DNS resolving result, which for many sites may not be available and therefore causing curl to hang.

September 6, 2016

tmux start multiple windows

put this in a shell script:

tmux new-session -s main -n workspace -d
tmux neww -t main:1 -n local bash
tmux neww -t main:2 -n local bash
tmux neww -t main:3 -n gw 'mosh gw'
tmux neww -t main:4 -n git 'mosh git'
tmux neww -t main:5 -n download 'mosh download'
tmux attach -t main

September 2, 2016

C operator priority: Shift is lesser than +/-

int main(){
        unsigned char buf[2];
        int x;
        buf[0]=0xF0;
        buf[1]=0xA5;
        x=buf[0]<<8+buf[1];
        printf("x=%08x\n",x);
}


The above code returns wrong values (not 0xF0A5). You need to add parenthesis around the shift operator: 

x=(buf[0]<<8)+buf[1];

Or use multiplication

x=buf[0]*256+buf[1];

August 31, 2016

Linux route and rule

1. There are 3 default route tables: local, main, and default
2. Their priority and selector is defined by "rules".  use "ip rule list" to see the priority and selector of each table.

$ ip rule list
0:      from all lookup local
32766:  from all lookup main
32767:  from all lookup default

by default, local has highest priority (0). default has lowest priority (it's usually empty). main has next to lowest priority. You can all three tables match "from all" packets. So table local consulted first, then table main, then table default.  

$ ip route show table default
(return nothing)
$ ip route show table main
default via 192.168.140.2 dev eth0
(this is the default gateway)

Routing tables goes by number 1-255.  You can find the names at  /etc/iproute2/rt_tables

255 local
254 main
253 default
0 unspec

You can add your own table number like
100 mytable

or you can just use a number if you like.

You can add selector to specify which table should be consulted (or not). For example, you can use 
ip rule add from 10.0.0.0/24 table mytable    OR 
ip rule add to 10.0.0.0/24  OR
ip rule add iif eth0 OR
ip rule add oif eth2 OR
ip rule add fwmark MARK 

ip rule help gives you all the list

Then use "ip route add default via 10.0.0.1 dev eth1 table mytable" to add a default gateway rule to this table. "via ..." "dev ..." just tells the kernel how to route it.  

July 25, 2016

nildb: a memory-efficient key/value database


https://github.com/tiebingzhang/nildb

NIL Key/Value database

NILDB is about the simplest key/value store you'll ever see, anywhere. It's written in plain vanilla C using only the standard string and FILE I/O functions, and should port to just about anything with a disk or something that acts like one.

NILDB is based on KISSDB, with significant update to reduce file size and improve efficiency, and also added the capability to delete entries.

It stores keys and values of fixed length in a stupid-simple file format based on fixed-size hash tables. If a hash collision occurrs, a link list is created and the entry is appended to the database. You can add, update, lookup and delete.

Features:
  • Tiny
  • Almost zero memory footprint
  • Very space-efficient on disk
  • Pretty respectably fast, especially given its simplicity
  • 64-bit file size limit is 2^64 bytes, and 2^32 offset limit between the same hashed entries.
  • Ports to anything with a C compiler and stdlib/stdio
  • Public domain
  • Works cross big-endian and little-endian system.
Limitations:
  • Fixed-size keys and values, must recreate and copy to change any init size parameter (Although can be adapted to varied value size easily)
  • No search for subsets of keys/values
  • No indexes
  • No transactions
  • No special recovery features if a database gets corrupted
  • No built-in thread-safety (guard it with a mutex in MT code)
  • No built-in caching of data (use filesystem cache)
Alternative key/value stores and embedded databases:
  • KISSDB The base of this project, uses multiple hash tables instead of just one
  • MDB uses mmap() and is very fast (not quite as tiny/simple/portable)

NILDB is in the public domain as according to the Creative Commons Public Domain Dedication.

June 23, 2016

text to speech and speech to text

text to speech:
 - Mary Text to Speech (Open source): http://mary.dfki.de/index.html
 - https://www.ivona.com/
 - http://neospeech.com/ (Better voice than ivona)

speech to text:

-  Kaldi open source: http://kaldi-asr.org/

-  Comparing Open-Source Speech Recognition Toolkits - Suendermann:  http://suendermann.com/su/pdf/oasis2014.pdf

-  Microsoft Bing Voie Recognition https://datamarket.azure.com/dataset/bing/speechrecognition, and code example: https://github.com/keedio/bing-speech-to-text-example

-  Google speech api

- AT&T Speech api, code: https://github.com/jsgoecke/attspeech (closing)

- Pocket Sphinx (CMU)

- HTK?

June 22, 2016

ubuntu 16.04 dnamsq only local working

in /etc/init.d/dnsmasq, comment out the following line:

DNSMASQ_OPTS="$DNSMASQ_OPTS --local-service"

June 14, 2016

golang serving dynamic and static files

http://www.alexedwards.net/blog/serving-static-sites-with-go


package main

import (
        "fmt"
        "net/http"
)

func index_handler(w http.ResponseWriter, r *http.Request) {
        fmt.Fprintf(w, "<html><body>Hi world.<img src=\"/img/kitten.jpg\"></body></html>")
}

func main() {
        fmt.Println("Running...")
        http.Handle("/img/", http.StripPrefix("/img/",http.FileServer(http.Dir("public/img"))))
        http.Handle("/js/",  http.StripPrefix("/js/", http.FileServer(http.Dir("public/js" ))))
        http.Handle("/css/", http.StripPrefix("/css/",http.FileServer(http.Dir("public/css"))))
        http.HandleFunc("/", index_handler)
        http.ListenAndServe(":9000", nil)
}

Use tshark to display captured conversations

tshark  -r c:\temp\4g2.pcap -q -N "CdnN" "-zconv,udp,!udp.port==53" -zconv,tcp

June 6, 2016

use fswebcam to script webcam picture capturing

 create a config file, use:
nano ~/.fswebcam.conf

The contents of my config file are listed below...

device /dev/video0
input 0
loop 15
skip 20
background
resolution 320x240
set brightness=60%
set contrast=13%
top-banner
font /usr/share/fonts/truetype/msttcorefonts/arial.ttf
title "EvilEye cam-O-tron"
timestamp "%d-%m-%Y %H:%M:%S (%Z)"
jpeg 95
save /home/user/pictures/viewcam.jpg
palette MJPEG

Check the fswebcam MAN page for the full range of commands and options. I'm just using those that are relevant to my particular installation.

June 1, 2016

Reset lost password of Windows 2008 R2


The process is simple:

1) Boot Ubuntu 12.04
2) Open the Disk Utility and mount the partition that contains the Windows OS on it (make note of the partition name).  Let us call this “PartName” for now.
3) Open the Terminal application and cd to /media/PartName (where PartName is the name of the Windows partition).
4) cd to Windows/System32      (you are in Ubuntu, so case matters, check the case)
5) cp Utilman.exe Utilman.exe.bak
6) cp cmd.exe Utilman.exe
7) Power off, remove your Ubuntu disk and boot Windows.
8) At the login prompt, press <windows-key>+U
(this will bring up a cmd.exe window running with administrator level privileges)
9) net user <username> <new password> (eg. net user Administrator Pwned123!)

You have just the password for the Administrator account.  Type ‘exit’ to exit the command prompt, and since you are at the login screen, feel free to press CTRL+ALT+DEL and log in.

Don’t forget to open a command prompt window, navigate to c:\windows\system32, and copy Utilman.exe.bak Utilman.exe.  Otherwise, you have left the server open to anyone who walks up and presses <windows-key>+U.  Although it still won’t stop them from doing what I did.

Source: https://joeweaverwindgap.wordpress.com/2013/08/04/how-to-reset-windows-server-2008-r2-domain-controllerdomain-administrator-account-password/

May 12, 2016

meaing of strspn and strcspn

strspn(char * hay, char *charlist)
Search for a "span" of string that contains entirely of characters in the charlist. spn stands for "span", probably.

strcspn(char* hay, char *charlist)
Search for a "complimentary span", i.e. a span that has no characters from the charlist.

strpbrk(char *hay, char *charlist)
"Pointer Break", search in hay for the first occurrance of any char from charlist.

http://computer-programming-forum.com/17-c-language/f794ce6a769ce761.htm

May 9, 2016

Example code of IPv4 and IPv6 using FREEBIND and IP_TRANSPARENT socket options to send packets using a non-local IP address



http://lists.openwall.net/netdev/2011/11/02/4

Use  IP_PKTINFO to  set the source IP address if you do not bind it to a particular address.

http://man7.org/linux/man-pages/man7/ip.7.html

Date: Tue, 1 Nov 2011 17:57:07 -0700
From: Maciej Żenczykowski <zenczykowski@...il.com>
To: Linux NetDev <netdev@...r.kernel.org>
Subject: On IP_FREEBIND and IPv6...

Short summary:
  IPV6 + IP_FREEBIND doesn't work the way IPV4 + IP_FREEBIND does.
  The native IPv6 bind path ignores 'freebind', but honours 'transparent'.
  The native and dual-stack IPv4 bind paths honour both.

Does anyone know if this was a (security?) feature?  Or is this just a bug?

I'll follow this up with a patch to support freebind for v6 bind (and
another one for v6 udp sendmsg).
Unless I hear some compelling story about why stuff is the way it is.

---

Please find test program source later on.

It basically does:
   for test_mode in {native_ipv4, ipv4_on_ipv6_socket, native_ipv6} do:
       create a udp socket
       set IP_FREEBIND=1
       set IP_TRANSPARENT=1 (will fail if not root, ignore failure)
       bind socket to an IP address we don't own (one of: 1.2.3.4,
::FFFF:1.2.3.4, 2001:4860:DEAD:CAFE::6006:13) [fails without root for
native ipv6]
       send a packet to another IP address (one of: 5.6.7.8,
::FFFF:5.6.7.8, 2001:4860:DEAD:BEEF::6006:13)

Running it generates:

$ ./test
setsockopt(TRANSPARENT=1): Operation not permitted [requires root]
setsockopt(TRANSPARENT=1): Operation not permitted [requires root]
setsockopt(TRANSPARENT=1): Operation not permitted [requires root]
bind(): Cannot assign requested address [native ipv6 bind does not
honour IP_FREEBIND, does honour IP{,V6}_TRANSPARENT]
$ sudo ./test
<no errors, everything succeeds, including bind native ipv6>

While running tcpdump shows:
# tcpdump -s 1555 -n -nn -i eth0 port 11111 or port 22222

>From ./a [ie. with IP_FREEBIND=1, IP_TRANSPARENT=0]:

IP 1.2.3.4.11111 > 5.6.7.8.22222: UDP, length 6 [native IPv4]
IP 1.2.3.4.11111 > 5.6.7.8.22222: UDP, length 6 [dual stack IPv4 on IPv6 socket]
IP6 [machines_true_ipv6_address].51912 >
2001:4860:dead:beef::6006:13.22222: UDP, length 6 [native IPv6, wrong
source since bind failed]

>From sudo ./a [ie. with IP_FREEBIND=1, IP_TRANSPARENT=1]:

IP 1.2.3.4.11111 > 5.6.7.8.22222: UDP, length 6 [native IPv4]
IP 1.2.3.4.11111 > 5.6.7.8.22222: UDP, length 6 [dual stack IPv4 on IPv6 socket]
IP6 2001:4860:dead:cafe::6006:13.vce >
2001:4860:dead:beef::6006:13.22222: UDP, length 6 [native IPv6]

This seems to prove that IP_TRANSPARENT requires root - this is as
expected, while IP_FREEBIND does not require root - again as expected.
However, as apparent above, we are successfully spoofing outgoing
source address on IPv4 UDP (whether native IPv4 or dual-stack IPv4
doesn't matter),
but there doesn't seem to be a way to do this with native IPv6.

ie. the native IPv6 bind path ignores the "freebind" setting, but does
honour the "transparent", while the IPv4 code paths honour both.

- Maciej

---
#include <string.h>
#include <stdio.h>

#include <sys/types.h>
#include <sys/socket.h>

#include <netinet/in.h>
#include <arpa/inet.h>

#define NATIVE_IPv4 0
#define DUAL_STACK  1
#define NATIVE_IPv6 2

int main(int argc, char const * argv[], char const * envp[]) {
  struct sockaddr_in saddr4, daddr4;
  struct sockaddr_in6 saddr6, daddr6;
  int fd, rv, v, mode;

  for (mode = 0; mode <= 2; ++mode) {

    if (mode == NATIVE_IPv4) {
      fd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
      if (fd < 0) perror("socket(IPv4 UDP)");
    } else {
      fd = socket(AF_INET6, SOCK_DGRAM, IPPROTO_UDP);
      if (fd < 0) perror("socket(IPv6 UDP)");
    }

    v = 1;
    rv = setsockopt(fd, SOL_IP, IP_FREEBIND, &v, sizeof(v));
    if (rv < 0) perror("setsockopt(FREEBIND=1)");

    v = 1;
    rv = setsockopt(fd, SOL_IP, IP_TRANSPARENT, &v, sizeof(v));
    if (rv < 0) perror("setsockopt(TRANSPARENT=1)");

    if (mode == NATIVE_IPv4) {
      memset(&saddr4, 0, sizeof(saddr4));
      memset(&daddr4, 0, sizeof(daddr4));
      saddr4.sin_family = AF_INET;
      daddr4.sin_family = AF_INET;
      saddr4.sin_port = htons(11111);
      daddr4.sin_port = htons(22222);
      inet_pton(AF_INET, "1.2.3.4", &saddr4.sin_addr.s_addr);
      inet_pton(AF_INET, "5.6.7.8", &daddr4.sin_addr.s_addr);

      rv = bind(fd, (struct sockaddr const *)&saddr4, sizeof(saddr4));
      if (rv < 0) perror("bind()");

      rv = sendto(fd, "Hello!", 6, 0, (struct sockaddr const
*)&daddr4, sizeof(daddr4));
      if (rv < 0) perror("write");
    } else {
      memset(&saddr6, 0, sizeof(saddr6));
      memset(&daddr6, 0, sizeof(daddr6));
      saddr6.sin6_family = AF_INET6;
      daddr6.sin6_family = AF_INET6;
      saddr6.sin6_port = htons(11111);
      daddr6.sin6_port = htons(22222);
      //saddr6.sin6_flowinfo = 0;
      //daddr6.sin6_flowinfo = 0;
      if (mode == DUAL_STACK) {
        inet_pton(AF_INET6, "::FFFF:1.2.3.4", &saddr6.sin6_addr);
        inet_pton(AF_INET6, "::FFFF:5.6.7.8", &daddr6.sin6_addr);
      } else {
        inet_pton(AF_INET6, "2001:4860:DEAD:CAFE::6006:0013",
&saddr6.sin6_addr);
        inet_pton(AF_INET6, "2001:4860:DEAD:BEEF::6006:0013",
&daddr6.sin6_addr);
      }
      //saddr6.sin6_scope_id = 0;
      //daddr6.sin6_scope_id = 0;

      rv = bind(fd, (struct sockaddr const *)&saddr6, sizeof(saddr6));
      if (rv < 0) perror("bind()");

      rv = sendto(fd, "Hello!", 6, 0, (struct sockaddr const
*)&daddr6, sizeof(daddr6));
      if (rv < 0) perror("write");
    }

    rv = close(fd);
    if (rv < 0) perror("close");
  }

  return 0;
}
--


BELOW is my adapted version:

#include <string.h>
#include <stdio.h>

#include <sys/types.h>
#include <sys/socket.h>

#include <netinet/in.h>
//#include <linux/in.h>
#include <arpa/inet.h>

#define NATIVE_IPv4 0
#define DUAL_STACK  1
#define NATIVE_IPv6 2

#if 1
#if !defined(IP_FREEBIND)
#define IP_FREEBIND 15
#endif /* !IP_FREEBIND */
#if !defined(IP_TRANSPARENT)
#define IP_TRANSPARENT 19
#endif /* !IP_TRANSPARENT */
#endif

#define IPV6_TRANSPARENT        75

int main(int argc, char const * argv[], char const * envp[]) {
        struct sockaddr_in saddr4, daddr4;
        struct sockaddr_in6 saddr6, daddr6;
        int fd, rv, v, mode;

        for (mode = 2; mode <= 2; ++mode) {

                if (mode == NATIVE_IPv4) {
                        fd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
                        if (fd < 0) perror("socket(IPv4 UDP)");
                } else {
                        fd = socket(AF_INET6, SOCK_DGRAM, IPPROTO_UDP);
                        if (fd < 0) perror("socket(IPv6 UDP)");
                }

                v = 1;
                rv = setsockopt(fd, SOL_IP, IP_FREEBIND, &v, sizeof(v));
                if (rv < 0) perror("setsockopt(FREEBIND=1)");

                if (mode == NATIVE_IPv4) {
                        v = 1;
                        rv = setsockopt(fd, SOL_IP, IP_TRANSPARENT, &v, sizeof(v));
                        if (rv < 0) perror("setsockopt(TRANSPARENT=1)");
                }else{
                        v = 1;
                        rv = setsockopt(fd, SOL_IPV6, IPV6_TRANSPARENT, &v, sizeof(v));
                        if (rv < 0) perror("setsockopt ipv6 (TRANSPARENT=1)");
                }

                if (mode == NATIVE_IPv4) {
                        memset(&saddr4, 0, sizeof(saddr4));
                        memset(&daddr4, 0, sizeof(daddr4));
                        saddr4.sin_family = AF_INET;
                        daddr4.sin_family = AF_INET;
                        saddr4.sin_port = htons(11111);
                        daddr4.sin_port = htons(22222);
                        inet_pton(AF_INET, "1.2.3.4", &saddr4.sin_addr.s_addr);
                        inet_pton(AF_INET, "5.6.7.8", &daddr4.sin_addr.s_addr);

                        rv = bind(fd, (struct sockaddr const *)&saddr4, sizeof(saddr4));
                        if (rv < 0) perror("bind()");

                        rv = sendto(fd, "Hello!", 6, 0, (struct sockaddr const
                                                *)&daddr4, sizeof(daddr4));
                        if (rv < 0) perror("write");
                } else {
                        memset(&saddr6, 0, sizeof(saddr6));
                        memset(&daddr6, 0, sizeof(daddr6));
                        saddr6.sin6_family = AF_INET6;
                        daddr6.sin6_family = AF_INET6;
                        saddr6.sin6_port = htons(11111);
                        daddr6.sin6_port = htons(22222);
                        //saddr6.sin6_flowinfo = 0;
                        //daddr6.sin6_flowinfo = 0;
                        if (mode == DUAL_STACK) {
                                inet_pton(AF_INET6, "::FFFF:1.2.3.4", &saddr6.sin6_addr);
                                inet_pton(AF_INET6, "::FFFF:5.6.7.8", &daddr6.sin6_addr);
                        } else {
                                inet_pton(AF_INET6, "2001:4860:DEAD:CAFE::6006:0013",
                                                &saddr6.sin6_addr);
                                inet_pton(AF_INET6, "2001:4860:DEAD:BEEF::6006:0013",
                                                &daddr6.sin6_addr);
                        }
                        //saddr6.sin6_scope_id = 0;
                        //daddr6.sin6_scope_id = 0;

                        rv = bind(fd, (struct sockaddr const *)&saddr6, sizeof(saddr6));
                        if (rv < 0) perror("bind()");

                        rv = sendto(fd, "Hello!", 6, 0, (struct sockaddr const
                                                *)&daddr6, sizeof(daddr6));
                        if (rv < 0) perror("write");
                }

                rv = close(fd);
                if (rv < 0) perror("close");
        }

        return 0;

April 28, 2016

customize golang tls listener

How ListenAndServeTLS works in Golang

  1. it creates a struct of http.Server type, and then calls the server.ListenAndServe method
  2. http.server.ListenAndServeTLS
    1. clone server.TLSConfig
    2. if tls config has no certs OR a certfile is specified, load certs
    3. create a TLS socket that listens on the TCP port
    4. call server.Serve using that socket
  3. Server.serve
    1. Accept the new connection, returns http.conn
    2. http.conn.serve()


The customize this, one could write his own function like this:

   srv := &Server{Addr: addr, Handler: handler}
    addr := srv.Addr
    if addr == "" {
        addr = ":https"
    }
    config := cloneTLSConfig(srv.TLSConfig)
    if config.NextProtos == nil {
        config.NextProtos = []string{"http/1.1"}
    }

    if len(config.Certificates) == 0 || certFile != "" || keyFile != "" {
        var err error
        config.Certificates = make([]tls.Certificate, 1)
        config.Certificates[0], err = tls.LoadX509KeyPair(certFile, keyFile)
        if err != nil {
            return err
        }
    }

    ln, err := net.Listen("tcp", addr)
    if err != nil {
        return err
    }

    tlsListener := tls.NewListener(tcpKeepAliveListener{ln.(*net.TCPListener)}, config)
    return srv.Serve(tlsListener)



April 22, 2016

ipset netlink data structure

header:
\x4c\x00 \x00\x00 total length
\x09\x06 type=09 CMD_ADD \x05\x02 flags:0x0205 request/ack/return-all-matching
\xbb\x83\x1a\x57 seq
\x00\x00\x00\x00 port id

extra header
\x02\x00\x00\x00

payload, in the form of Leng-Type-Value
(len and type are 2 bytes, len includes itself and type. 0 Padded to 4-byte alignment)
Type flags:
   0x80: NEST structure
   0x40: Network Order

\x05\x00 \x01\x00 \x06 \x00\x00\x00 PROTOCOL=6
\x0a\x00 \x02\x00 \x70\x61\x69\x72\x31\x00\x00\x00 SETNAME=pair1
\x24\x00 \x07\x80 IPSET_ATTR_DATA
\x0c\x00 \x01\x80\ IPSET_ATTR_IP
x08\x00\x01\x40\x02\x02\x02\x02 IPV4 2.2.2.2
\x0c\x00\x14\x80 IPSET_ATTR_IP2
\x08\x00\x01\x40 \x04\x04\x04\x04 IP 4.4.4.4
\x08\x00\x09\x40 \x00\x00\x00\x00 IPSTE_ATTR_LINENO 0, network order


== update on 12/13/2018
enum ipset_cmd {
    IPSET_CMD_NONE,
    IPSET_CMD_PROTOCOL, /* 1: Return protocol version */
    IPSET_CMD_CREATE,   /* 2: Create a new (empty) set */
    IPSET_CMD_DESTROY,  /* 3: Destroy a (empty) set */
    IPSET_CMD_FLUSH,    /* 4: Remove all elements from a set */
    IPSET_CMD_RENAME,   /* 5: Rename a set */
    IPSET_CMD_SWAP,     /* 6: Swap two sets */
    IPSET_CMD_LIST,     /* 7: List sets */
    IPSET_CMD_SAVE,     /* 8: Save sets */
    IPSET_CMD_ADD,      /* 9: Add an element to a set */
    IPSET_CMD_DEL,      /* 10: Delete an element from a set */
    IPSET_CMD_TEST,     /* 11: Test an element in a set */
    IPSET_CMD_HEADER,   /* 12: Get set header data only */
    IPSET_CMD_TYPE,     /* 13: Get set type */
    IPSET_MSG_MAX,      /* Netlink message commands */

    /* Commands in userspace: */
    IPSET_CMD_RESTORE = IPSET_MSG_MAX, /* 14: Enter restore mode */
    IPSET_CMD_HELP,     /* 15: Get help */
    IPSET_CMD_VERSION,  /* 16: Get program version */
    IPSET_CMD_QUIT,     /* 17: Quit from interactive mode */

    IPSET_CMD_MAX,

    IPSET_CMD_COMMIT = IPSET_CMD_MAX, /* 18: Commit buffered commands */
};

command level attributes:
IPSET_ATTR_PROTOCOL,    /* 1: Protocol version */
IPSET_ATTR_SETNAME, /* 2: Name of the set */
IPSET_ATTR_TYPENAME,    /* 3: Typename */
IPSET_ATTR_SETNAME2 = IPSET_ATTR_TYPENAME, /* Setname at rename/swap */
IPSET_ATTR_REVISION,    /* 4: Settype revision */
IPSET_ATTR_FAMILY,  /* 5: Settype family */
IPSET_ATTR_FLAGS,   /* 6: Flags at command level */
IPSET_ATTR_DATA,    /* 7: Nested attributes */
IPSET_ATTR_ADT,     /* 8: Multiple data containers */
IPSET_ATTR_LINENO,  /* 9: Restore lineno */
IPSET_ATTR_PROTOCOL_MIN, /* 10: Minimal supported version number */

Nested attributes:
/* CADT specific attributes */
IPSET_ATTR_IP = IPSET_ATTR_UNSPEC + 1,
IPSET_ATTR_IP_FROM = IPSET_ATTR_IP,
IPSET_ATTR_IP_TO,   /* 2 */
IPSET_ATTR_CIDR,    /* 3 */
IPSET_ATTR_PORT,    /* 4 */
IPSET_ATTR_PORT_FROM = IPSET_ATTR_PORT,
IPSET_ATTR_PORT_TO, /* 5 */
IPSET_ATTR_TIMEOUT, /* 6 */
IPSET_ATTR_PROTO,   /* 7 */
IPSET_ATTR_CADT_FLAGS,  /* 8 */
IPSET_ATTR_CADT_LINENO = IPSET_ATTR_LINENO, /* 9 */
/* Reserve empty slots */
IPSET_ATTR_CADT_MAX = 16, 0x10
/* Create-only specific attributes */
IPSET_ATTR_GC,              //0x11
IPSET_ATTR_HASHSIZE,        //0x12
IPSET_ATTR_MAXELEM,         //0x13
IPSET_ATTR_NETMASK,         //0x14
IPSET_ATTR_PROBES,          //0x15
IPSET_ATTR_RESIZE,          //0x16
IPSET_ATTR_SIZE,            //0x17
/* Kernel-only */
IPSET_ATTR_ELEMENTS,
IPSET_ATTR_REFERENCES,
IPSET_ATTR_MEMSIZE,
__IPSET_ATTR_CREATE_MAX,


set type family list:
NFPROTO_UNSPEC =  0, //can be used to include both v4 and v6
NFPROTO_IPV4   =  2,
NFPROTO_ARP    =  3,
NFPROTO_BRIDGE =  7,
NFPROTO_IPV6   = 10,
NFPROTO_DECNET = 12,

#define NLA_F_NESTED        (1 << 15)
#define NLA_F_NET_BYTEORDER (1 << 14)


* strace version 4.23 and upper parses netlink messages. However, the parsing cannot seem to be disabled. You will need the lower version to output hex instead of parsing it.

=== cmd: ipset create filtered hash:ip,port,ip timeout 60

check type is supported?

sendto(3, {{len=56, type=NFNL_SUBSYS_IPSET<<8|IPSET_CMD_TYPE, flags=NLM_F_REQUEST, seq=1544742655, pid=0}, {nfgen_family=AF_INET, version=NFNETLINK_V0, res_id=htons(0), 
[{{nla_len=5, nla_type=0x1}, "\x06"}, protocol version
 {{nla_len=20, nla_type=0x3}, "\x68\x61\x73\x68\x3a\x69\x70\x2c\x70\x6f\x72\x74\x2c\x69\x70\x00"},  type name
 {{nla_len=5, nla_type=0x5}, "\x02"}, type family, 2 is ipv4
 ]}, 56, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 56
recvmsg(3, {msg_name={sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, msg_namelen=12, msg_iov=[{iov_base={{len=72, type=NFNL_SUBSYS_IPSET<<8|IPSET_CMD_TYPE, flags=0, seq=1544742655, pid=23011}, {nfgen_family=AF_INET, version=NFNETLINK_V0, res_id=htons(0), [{{nla_len=5, nla_type=NFNETLINK_V1}, "\x06"}, {{nla_len=20, nla_type=0x3}, "\x68\x61\x73\x68\x3a\x69\x70\x2c\x70\x6f\x72\x74\x2c\x69\x70\x00"}, {{nla_len=5, nla_type=0x5}, "\x02"}, {{nla_len=5, nla_type=0x4}, "\x05"}, {{nla_len=5, nla_type=0xa}, "\x00"}]}, iov_len=256}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 72

sendto(3, {{len=92, type=NFNL_SUBSYS_IPSET<<8|IPSET_CMD_CREATE, flags=NLM_F_REQUEST|NLM_F_ACK|0x600, seq=1544742656, pid=0}, {nfgen_family=AF_INET, version=NFNETLINK_V0, res_id=htons(0), [
{{nla_len=5, nla_type=NFNETLINK_V1}, "\x06"}, 
{{nla_len=13, nla_type=0x2}, "\x66\x69\x6c\x74\x65\x72\x65\x64\x00"},  set name "filterd"
{{nla_len=20, nla_type=0x3}, "\x68\x61\x73\x68\x3a\x69\x70\x2c\x70\x6f\x72\x74\x2c\x69\x70\x00"},  "hash:ip,port,ip"
{{nla_len=5, nla_type=0x4}, "\x05"},  revision is 5? seems wrong
{{nla_len=5, nla_type=0x5}, "\x02"}, ipv4
{{nla_len=12, nla_type=NLA_F_NESTED|0x7}, "\x08\x00\x06\x40\x00\x00\x00\x3c"} len=8, type=6 (timeout), net-order, 60s
]}, 92, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 92
recvmsg(3, {msg_name={sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, msg_namelen=12, msg_iov=[{iov_base={{len=36, type=NLMSG_ERROR, flags=0, seq=1544742656, pid=23011}, {error=0, msg={len=92, type=NFNL_SUBSYS_IPSET<<8|IPSET_CMD_CREATE, flags=NLM_F_REQUEST|NLM_F_ACK|0x600, seq=1544742656, pid=0}}}, iov_len=4096}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 36




=== cmd: ipset create filtered1 hash:ip,port,ip timeout 60

sendto(3, "\x38\x00\x00\x00\x0d\x06\x01\x00\x22\xe7\x12\x5c\x00\x00\x00\x00\x02\x00\x00\x00\x05\x00\x01\x00\x06\x00\x00\x00\x14\x00\x03\x00\x68\x61\x73\x68\x3a\x69\x70\x2c\x70\x6f\x72\x74\x2c\x69\x70\x00\x05\x00\x05\x00\x02\x00\x00\x00", 56, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 56
recvmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"\x48\x00\x00\x00\x0d\x06\x00\x00\x22\xe7\x12\x5c\x3c\x5b\x00\x00\x02\x00\x00\x00\x05\x00\x01\x00\x06\x00\x00\x00\x14\x00\x03\x00\x68\x61\x73\x68\x3a\x69\x70\x2c\x70\x6f\x72\x74\x2c\x69\x70\x00\x05\x00\x05\x00\x02\x00\x00\x00\x05\x00\x04\x00\x05\x00\x00\x00\x05\x00\x0a\x00\x00\x00\x00\x00", 256}], msg_controllen=0, msg_flags=0}, 0) = 72

sendto(3, "\x5c\x00\x00\x00\x02\x06\x05\x06\x23\xe7\x12\x5c\x00\x00\x00\x00\x02\x00\x00\x00\x05\x00\x01\x00\x06\x00\x00\x00\x0e\x00\x02\x00\x66\x69\x6c\x74\x65\x72\x65\x64\x31\x00\x00\x00\x14\x00\x03\x00\x68\x61\x73\x68\x3a\x69\x70\x2c\x70\x6f\x72\x74\x2c\x69\x70\x00\x05\x00\x04\x00\x05\x00\x00\x00\x05\x00\x05\x00\x02\x00\x00\x00\x0c\x00\x07\x80\x08\x00\x06\x40\x00\x00\x00\x3c", 92, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 92

decoded message:
\x5c\x00\x00\x00 length
\x02\x06 , 0x0602: 0x06 is NFNL_SUBSYS_IPSET, 0x02 is IPSET_CMD_CREATE
#define NFNL_SUBSYS_NONE        0
#define NFNL_SUBSYS_CTNETLINK       1
#define NFNL_SUBSYS_CTNETLINK_EXP   2
#define NFNL_SUBSYS_QUEUE       3
#define NFNL_SUBSYS_ULOG        4
#define NFNL_SUBSYS_OSF         5
#define NFNL_SUBSYS_IPSET       6
#define NFNL_SUBSYS_ACCT        7
#define NFNL_SUBSYS_CTNETLINK_TIMEOUT   8
#define NFNL_SUBSYS_CTHELPER        9
#define NFNL_SUBSYS_COUNT       10

\x05\x06, NLM flags: 0x0605: create | excl | ack |request
/* Flags values */
#define NLM_F_REQUEST       1   /* It is request message.   */
#define NLM_F_MULTI     2   /* Multipart message, terminated by NLMSG_DONE */
#define NLM_F_ACK       4   /* Reply with ack, with zero or error code */
#define NLM_F_ECHO      8   /* Echo this request        */
#define NLM_F_DUMP_INTR     16  /* Dump was inconsistent due to sequence change */
/* Modifiers to GET request */
#define NLM_F_ROOT  0x100   /* specify tree root    */
#define NLM_F_MATCH 0x200   /* return all matching  */
#define NLM_F_ATOMIC    0x400   /* atomic GET       */
#define NLM_F_DUMP  (NLM_F_ROOT|NLM_F_MATCH)
/* Modifiers to NEW request */
#define NLM_F_REPLACE   0x100   /* Override existing        */
#define NLM_F_EXCL  0x200   /* Do not touch, if it exists   */
#define NLM_F_CREATE    0x400   /* Create, if it does not exist */
#define NLM_F_APPEND    0x800   /* Add to end of list       */

\x23\xe7\x12\x5c :seq number
\x00\x00\x00\x00 : port id
\x02\x00\x00\x00 : extra header

\x05\x00 \x01\x00\ x06 length is 5, type is 1, value is 6
\x00\x00\x00, padded to multipe of 4 bytes
\x0e\x00 \x02\x00 \x66\x69\x6c\x74 \x65\x72\x65\x64 \x31\x00\x00\x00, length is 14, type is 2,i.e. set name, name is "filtered1"
\x14\x00 \x03\x00 \x68\x61\x73\x68\x3a\x69\x70\x2c\x70\x6f\x72\x74\x2c\x69\x70\x00
\x05\x00\x04\x00\x05\x00\x00\x00: revision 5
\x05\x00\x05\x00\x02\x00\x00\x00: family 2
\x0c\x00\x07\x80 \x08\x00\x06\x40\x00\x00\x00\x3c, nested attributes, timeout value, networker order of 0x3c

recvmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"\x24\x00\x00\x00\x02\x00\x00\x00\x23\xe7\x12\x5c\x3c\x5b\x00\x00\x00\x00\x00\x00\x5c\x00\x00\x00\x02\x06\x05\x06\x23\xe7\x12\x5c\x00\x00\x00\x00", 4096}], msg_controllen=0, msg_flags=0}, 0) = 36


==cmd: ipset create torlistv6 hash:ip family inet6 hashsize 2048 maxelem 65536
sendto(3, {{len=48, type=NFNL_SUBSYS_IPSET<<8|IPSET_CMD_TYPE, flags=NLM_F_REQUEST, seq=1544745557, pid=0}, {nfgen_family=AF_INET, version=NFNETLINK_V0, res_id=htons(0), [{{nla_len=5, nla_type=NFNETLINK_V1}, "\x06"}, {{nla_len=12, nla_type=0x3}, "\x68\x61\x73\x68\x3a\x69\x70\x00"}, {{nla_len=5, nla_type=0x5}, "\x02"}]}, 48, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 48
recvmsg(3, {msg_name={sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, msg_namelen=12, msg_iov=[{iov_base={{len=64, type=NFNL_SUBSYS_IPSET<<8|IPSET_CMD_TYPE, flags=0, seq=1544745557, pid=19683}, {nfgen_family=AF_INET, version=NFNETLINK_V0, res_id=htons(0), [
{{nla_len=5, nla_type=NFNETLINK_V1}, "\x06"}, 
{{nla_len=12, nla_type=0x3}, "\x68\x61\x73\x68\x3a\x69\x70\x00"}, 
{{nla_len=5, nla_type=0x5}, "\x02"}, 
{{nla_len=5, nla_type=0x4}, "\x04"}, 
{{nla_len=5, nla_type=0xa}, "\x00"}]}, iov_len=256}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 64

sendto(3, {{len=92, type=NFNL_SUBSYS_IPSET<<8|IPSET_CMD_CREATE, flags=NLM_F_REQUEST|NLM_F_ACK|0x600, seq=1544745558, pid=0}, {nfgen_family=AF_INET, version=NFNETLINK_V0, res_id=htons(0), [
{{nla_len=5, nla_type=NFNETLINK_V1}, "\x06"}, 
{{nla_len=14, nla_type=0x2}, "\x74\x6f\x72\x6c\x69\x73\x74\x76\x36\x00"}, 
{{nla_len=12, nla_type=0x3}, "\x68\x61\x73\x68\x3a\x69\x70\x00"}, 
{{nla_len=5, nla_type=0x4}, "\x04"}, 
{{nla_len=5, nla_type=0x5}, "\x0a"}, 
{{nla_len=20, nla_type=NLA_F_NESTED|0x7}, "\x08\x00\x12\x40\x00\x00\x08\x00\x08\x00\x13\x40\x00\x01\x00\x00"}
\x08\x00\x12\x40 \x00\x00\x08\x00, hashsize 0x800
\x08\x00\x13\x40 \x00\x01\x00\x00, maxelem 0x10000
]}, 92, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 92
recvmsg(3, {msg_name={sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, msg_namelen=12, msg_iov=[{iov_base={{len=36, type=NLMSG_ERROR, flags=0, seq=1544745558, pid=19683}, {error=0, msg={len=92, type=NFNL_SUBSYS_IPSET<<8|IPSET_CMD_CREATE, flags=NLM_F_REQUEST|NLM_F_ACK|0x600, seq=1544745558, pid=0}}}, iov_len=4096}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 36