Jumbo Packets

Posted December 2, 2007 * Comments(0)

Last semester Professor Hesse and I discovered a that our e1000 gigabit ethernet cards were limited to 1500 bit packets. There are two network cards in the machines. One for the internal network that runs on gigabit, and one for the external which is 100 Mbit. To test the speed of the cards we just setup an ftp server and transferred an uncompressed GB of zeros from one machine to the other. First we did this on the 100Mbit, then on the Gigabit. Our results: 

100Mbit: 10.75MB/sec or 1024000 KB in 93 seconds
gigabit: 22.85 MB/sec or 1024000 KB in 43.8 seconds



Hmmmm, I thought gigabit was supposed to be about 10x faster with large amounts of data. Hesse hypothesized that perhaps the cpu couldn’t keep up with the bandwidth of the network. TCP packet headers have to be formed by the cpu every time you want to send data. Actually, there is something called TCP Segmentation Offload (TSO) that offloads this overhead from the cpu to the ethernet card. TSO was enabled. Still, perhaps the card couldn’t keep up? To check if TSO is enabled and enable it the following commands can be used.

# ethtool -k eth0
Offload parameters for eth0:
Cannot get device udp large send offload settings: Operation not supported
rx-checksumming: on
tx-checksumming: on
scatter-gather: on
tcp segmentation offload: off
udp fragmentation offload: off
generic segmentation offload: off
# ethtool -K eth0 tso on
# ethtool -k eth0
Offload parameters for eth0:
Cannot get device udp large send offload settings: Operation not supported
rx-checksumming: on
tx-checksumming: on
scatter-gather: on
tcp segmentation offload: on
udp fragmentation offload: off
generic segmentation offload: off



we tried increasing the nice value of the ftp process with the renice command. Nothing changed the results.

So I pulled the source code for the newest e1000 ethernet driver at the time (7.6.9.2) and found the code that sets the mtu value. There were some issues about 82573 cards having a power management capability that corrupted bits in packets. An eeprom bit had to be flipped to turn this off in older cards, but our cards appeared to be newer because the bit was already off. The only thing that was not allowing our ethernet cards to go above the 1500 bits was a simple if statement shown below:

if ((adapter->hw.device_id != E1000_DEV_ID_82573L) ||
    (eeprom_data & NVM_WORD1A_ASPM_MASK)) {
         if (max_frame > ETH_FRAME_LEN + ETHERNET_FCS_SIZE) {
                 DPRINTK(PROBE, ERR,
                         “Jumbo Frames not supported.\n”);
                        return -EINVAL;
         }
         break;
}



By removing this if statement, the safe guard is bypassed. The next problem was that the ftp program may have been the problem with benchmarking. To get around this we found a better tool, nttcp. The experiment showed a definite and significant increase in performance when raising the mtu and also that the ftp program must have been limiting the bandwidth.

In my next blog I’ll post the results and how to use the tcp benchmarking tool.

Dvorak

Posted November 11, 2007 * Comments(0)

I decided to learn the Dvorak keyboard layout. It’s kind of fun and getting accustomed to the new layout doesn’t take all that long.
First I had to save my current keyboard layout so I could switch back later:

xmodmap -pke > qwerty.pke
cp qwerty.pke dvorak.pke



Then I had to make a new layout by changing the keys in the file to match a dvorak keyboard. (self explanatory I hope.)

To switch between the layouts I used:

xmodmap dvorak.pke
xmodmap qwerty.pke



Of course, I’d prefer not to have to type this every time I want to switch, so I setup hotkeys in fluxbox (yes I use fluxbox) to switch for me.
In ~home/.fluxbox/keys I added the following lines:

Mod1 Shift 1 :ExecCommand xmodmap ~/.fluxbox/dvorak.pke
Mod1 Shift 2 :ExecCommand xmodmap ~/.fluxbox/qwerty.pke



Somehow my keyboard mode was changed. Your keyboard mode decides how the operating system will interpret the keys you press, whether they are interpreted for special sequences before being given to the program or not. When it was changed I lost the functionality of pressing Ctrl-Alt-Fn to switch to and from virtual terminals and to switch to and from X. To fix this I reset the mode to ascii mode like so:
kbd_mode -a

So now Alt-Shift-1 switches my keyboard layout in X to dvorak and Alt-Shift-2 to qwerty. However, this does not fix the keyboard layout used in a tty or GDM.
To switch in a tty I had to use the following commands:

loadkeys dvorak
loadkeys us



I also have a dual wide-screen LCD setup running on an nvidia 6800 GT. The closed-source graphical application that comes with the nvidia driver is nice, but doesn’t include all the features one might want. So the nvidia drivers also come with a few commands including nvidia-xconfig. With this command you can easily customize an xorg.conf file to suit your needs. A simple -rotate option allowed me to rotate one of the monitors 90 to the right. If you haven’t experienced it yet, I HIGHLY recommend you try using a wide screen the narrow way. Programming is amazing.

There are still some kinks in the X support for dual monitors though. For example, xrandr usually supports dynamic changing of screen resolution and orientation, but with dual monitor setups it’s static. The X server has to be restarted in order for any changes to be seen.

Buffer Overflows

Posted October 7, 2007 * Comments(0)

Bummer, I didn’t realize since 2004 or so AMD and Intel have put in place safeguards against buffer overflows in x86.
I was trying what’s called a “return-to-libc” attack where you write backwards through the stack all your instructions until you reach the EIP (execution instruction pointer) stored on the stack. The EIP points to the address of the next instruction to execute.

This is not possible because there is a NX (No eXecute for AMD or XD, eXecute Disable, in Intel) bit that specifies whether a location on the stack can be executed or not. On top of this there’s also stack canaries. Stack canaries are dummy values that are placed through out the stack that are watched. If a canary is destroyed, then a program has started to overwrite memory it doesn’t belong in.

Still, a very educational experience. I feel much more comfortable navigating the stack in assembly.

The way it SHOULD have worked is you place arguments for a function on the stack, you call the function which places the next address to execute (after the function is done) onto the stack, the function pushes the stack pointer on the stack, the frame pointer is set to equal the stack pointer, the function would normally execute like normal. But you have a character array of instructions you want to execute, you save them to the stack EBP - 8 (two positions). This overwrites that memory address with the next instruction to execute. Voila.

Oh, real quick.

`objdump -d` dumps the memory addresses, op codes, and equivalent assembly code of an executable to stdout.

`gcc -static` will prevent linking with shared libraries. This forces the code from functions in shared libraries to be included in the program. This is useful to see how certain functions accomplish what they are doing. For example, the execve function is a very simple functional that mostly just calls the execve system call with the parameters sent to it and checks for errors. That’s it.

In gdb, `disas <function name>` will show the assembly code for a function.

X Server Scheduler

Posted October 7, 2007 * Comments(0)

I’ve been looking for a thesis topic for a while and recently Eli Dow visited COSI for a career fair. During his short stay we discussed my ideas and he suggested looking at the X Server scheduler.

The Xorg server has a dix(device-independent X) scheduler, also called a dispatcher. This scheduler is independent from the process scheduler, and decides when requests from graphical applications should be satisfied.

Right now the scheduler appears to be 9 years old and makes decisions based on priorities. I get the impression that this could definitely be improved so I’m currently familiarizing myself with everything Xorg and it’s code as well as reading a paper about how the current scheduler was developed, written by Keith Packard.

More to come …

Buffer Overflows

Posted October 7, 2007 * Comments(0)

I’m working on creating a buffer overflow to better understand what some people go through to create exploits/malware.

Something strange I found: by default I couldn’t get a core dump for a segmentation fault. There are configuration files in /etc that control rules on core dumps. By default, core dumps are disabled in Fedora. I suppose they think if you’re smart enough to analyze a core dump, you’re smart enough to know how to enable them.

However, there is also a convenient command built into Bash called ulimit.
ulimit -a will display all the values and limits it imposes. The first listed is a limit on the size of coredumps.
ulimit -c 20 allows for 20mb core dumps. Perfect!

JAX-RPC sucks.

Posted August 3, 2007 * Comments(0)

no, really. It does.

bad bad bad!!
And HP thinks so too.

CIA

Posted July 31, 2007 * Comments(0)

I was recently browsing through the CIA site and noticed a library of unclassified articles. Very interesting. Had some good history lessons and gave me a better idea of what they do in the intelligence agency. Check it out.

CIA Library

Also, I heard on the news a while ago about North Korea agreeing to denuclearize in return for less isolation. This reminds me of a conversation I had with a foreign friend. He said that North Korea did not have a policy of isolationism, but was being isolated. Seems he was right. The US and others were afraid of the country. However, we are all dependent on one another and can’t survive alone. What does a child do when they are being ignored by parents? What happens when you have a country that’s being ignored? They do something extreme to get everyones’ attention.

Latest Interests

Posted July 31, 2007 * Comments(0)

Hmmmm, I haven’t written in a long time.

I suppose I’ll state my interests of late. Last Summer I became serious about exploring different ways of making money. There are lots: job, startup (website, business, whatever), real estate (rent or flip), equities and debts, and perhaps others that I’ve forgotten.

A job can be secure and will allow you to live a happy life … but, realistically, you won’t get rich.

A start up business would be great … if you had a great idea or didn’t mind not having a pay check for a few years.

Real estate can work well for a constant income or even getting rich off fixing up houses and selling them … but you better have spare time and make it your time consuming hobby, have money to buy a house, and know what you’re doing.

Debts, meaning bonds, savings, and such, are one possibility. Again, you won’t get rich off of them though, or at least not in this life time. They just grow too slowly, even though they are generally a secure investment. This is more of a college fund, retirement, fall back plan kind of investment.

Equities, buying shares in companies. For the average investor, the gains probably aren’t as great as a business or real estate, but still extremely respectable. Can be very risky if you don’t know what you’re doing. If you’re emotional, find something else to do with your time.

I decided a job and investing in stocks would be the right choice. So for the past year I’ve read some books and taken a class to help me on my way. I got lucky with the first few purchases I made. But this Summer a new colleague of mine decided to take me under his wing and teach me how to really invest. Things like, advantages/disadvantages between investment vehicles, industry analysis, research, which news sites to stay up-to-date with, the mechanics and pros/cons of investment strategies like shorting and options or dollar-cost averaging, specifics on banking systems, difference between growth and dividend investing, etc. Still not nearly where I want/will be, but much closer.

Also, Christino Tamon (professor at Clarkson University) has recently resparked my interest in Support Vector Machines, which are supposed to be better than neural networks.

Hmmmm.

Wargames!! (cont.)

Posted October 14, 2006 * Comments(0)

And the solution to my ncurses problem:

  • char *blah[4] = {”-i”,”-c”,”/usr/games/bin/braincurses”, NULL};
  • (void) execvp(”/bin/sh”, blah );


The problem was that ncurses requires a shell to run. First I tried execing to the ncurses program, which was my original blunder. Then, I was trying to run a program from a bash script without first starting some kind of shell. I thought the #!/bin/bash may load a bash shell to interpret commands. Wrong!

So now I’m loading a shell (/bin/sh which is linked to /bin/bash) with instructions to run the ncurses program.

Very very simple.

Now the problem is that Rouslan pointed out the games aren’t run on the LOGIN: prompt, but the query messages are. Like Help Games and List Games. The games are run after someone logs in with the username Joshua and Joshua asks the user if they want to play a game. *sigh* I don’t have an intelligent AI program.

Wargames!!

Posted October 10, 2006 * Comments(0)

I haven’t seen Wargames in years, but just this past weekend a few of us found a copy. My god, that is one great movie. Afterwards we started thinking about the COSI lab, and how it’s kind of dull (just computers and … computers). We could easily pull in a red beacon light, LED countdown display, intercoms, maybe a defcon light. And perhaaaaaps a WOPR shell.

You know, the shell that says “IDENTIFICATION NOT RECOGNIZED” on a false login. And is capable of accepting commands on the
“LOGON:” prompt. You know what I’m talking about.

Anways, I started hacking the initial login program. Apparently how this is how you login:
1. the init process reads /etc/inittab to find out what ttys a person wants and where to bring them up. This is all tied to run levels
2. In the /etc/inittab a getty program is specified, in my case “agetty”. There’s plenty of others though.
3. The agetty program displays a username prompt.
4. Once you type in your username, “agetty” execve’s to the “login” program, meaning the agetty process is now gone.
5. The login program prompts for a password, if you type this in wrong, then the login program asks for a username again.
6. If you type you username and password wrong again, the login program exits.
7. Since nothing is running on the current tty now, the agetty program is reloaded according to what the /etc/inittab file contained at system bootup.
8. Repeat.

So far I’ve just changed agetty a bit. No longer is the /etc/issue file or the hostname displayed before the username prompt. It was kind of neat printing text when the terminal settings were fixed. So when you \n to the next line, your place on that line is the same as it was on the previous line. You must us a \r to return to the beginning of the line. Like a typewriter. I also have ascii programs running properly from the login prompt which is simple enough. The problem I’m currently facing is that I can’t run ncurses programs. complains there’s no terminal or some such thing. I’m looking into it, shouldn’t be too hard.

Next Page »

Supporting: