September 23, 2016

Where to download broadcom Netgear R7000 toolchain binary

The toolchain file is hndtools-arm-linux-2.6.36-uclibc-4.5.3.tar.bz2

Download URL: https://sourceforge.net/projects/nvg599.arris/files/

This tarball also contains the Broadcom code drop bcm963xx_4.06L.03_consumer_release.tar.gz, which was created using Broadcom's source code redistribution process, bcm47xx.tar.bz2 which is the 5GHz code, hndtools-arm-linux-2.6.36-uclibc-4.5.3.tar.bz2, which is the toolchain for the 5Ghz code, and axis.tar.bz2 which is the code that runs on the main SOC.

September 20, 2016

vim matching IP address

\(\d\+\.\)\{3\}\d\{1,3\}

September 15, 2016

configure linux strongswan vpn client

1. generate a vpn client cert, and its private key
2. /etc/ipsec.conf
conn %default
    keyexchange=ikev2
    dpdaction=clear
    dpddelay=300s
    rekey=no
    ikelifetime=24h
    lifetime=24h

conn iosIKE2
     keyexchange=ikev2
     left=%defaultroute
     leftcert=vpncert.cert
     leftsourceip=%config
     right=vpnserver.myserver.com
     rightid=%any
     rightsubnet=0.0.0.0/0
     leftauth=rsa
     rightauth=rsa
     rekey=no
     reauth=no
     dpdtimeout=30
     dpdaction=hold
     auto=start

/etc/strongswan.conf : add logging
charon {
        load_modular = yes
        plugins {
                include strongswan.d/charon/*.conf
        }
    filelog {
        /var/log/charon.log {
            # add a timestamp prefix
            time_format = %b %e %T
            # prepend connection name, simplifies grepping
            ike_name = yes
            # overwrite existing files
            append = no
            # increase default loglevel for all daemon subsystems
            #default = 1
            # flush each line to disk
            flush_line = yes
        }
        }
}

/etc/ipsec.secrets:
: RSA vpncert.key

Then 
copy the cert file to /etc/ipsec.d/certs
copy the CA certs file to /etc/ipsec.d/cacerts, one CA cert per file
copy the private key file to /etc/ipsec.d/private

use ipsec start to start
check file /var/log/charon.log to see logs
ipsec stop to stop 
ipsec status  (or statusall) to status.

The above will make the linux client computer not accessible locally.
If you need split tunnel, add the following:
ip rule add from all pref 100 table 100
ip route add 192.168.140.0/24 dev eth0 table 100

192.168.140.0 is your local subnet
eth0 is your local network interface.

September 8, 2016

How to use curl with a specific network interface

The goal is to direct curl's request to a specific interface, for example, tun0.

Assume tun0 has the IPv4 address of 192.168.15.2. Below is the command line:

mycurl --dns-ipv4-addr 192.168.15.2 --dns-interface tun0 --interface tun0 -4  www.yahoo.com

The default "curl" program in Debian/Ubuntu is not (as is Ubuntu 14.04) compiled with the lib-ares library, which is required for the above arguments to work. You will need to download the lib-ares library first (hosted by curl project), compile it, and then compile your own curl binary.  To configure curl to use your newly installed lib-ares lib, do this:

./configure --enable-ares=/usr/local/

"-4" argument is to tell curl to only use IPv4 IP. Otherwise it will wait for the IPv6 DNS resolving result, which for many sites may not be available and therefore causing curl to hang.

September 6, 2016

tmux start multiple windows

put this in a shell script:

tmux new-session -s main -n workspace -d
tmux neww -t main:1 -n local bash
tmux neww -t main:2 -n local bash
tmux neww -t main:3 -n gw 'mosh gw'
tmux neww -t main:4 -n git 'mosh git'
tmux neww -t main:5 -n download 'mosh download'
tmux attach -t main

September 2, 2016

C operator priority: Shift is lesser than +/-

int main(){
        unsigned char buf[2];
        int x;
        buf[0]=0xF0;
        buf[1]=0xA5;
        x=buf[0]<<8+buf[1];
        printf("x=%08x\n",x);
}


The above code returns wrong values (not 0xF0A5). You need to add parenthesis around the shift operator: 

x=(buf[0]<<8)+buf[1];

Or use multiplication

x=buf[0]*256+buf[1];