Tag Archives: cox

[$] Willy’s memory-management to-do list

Post Syndicated from corbet original https://lwn.net/Articles/753078/rss

Matthew “Willy” Wilcox has been doing a fair amount of work in the
memory-management area recently. He showed up at the 2018 Linux Storage,
Filesystem, and Memory-Management Summit with a list of discussion topics
related to that work; it was enough to fill a plenary session with some
spillover into the memory-management track the next day. Some of his
topics were fairly straightforward; others look to be somewhat more
involved.

[$] The XArray data structure

Post Syndicated from corbet original https://lwn.net/Articles/745073/rss

Sometimes, a data structure proves to be inadequate for its intended task.
Other times, though, the problem may be somewhere else — in the API used to
access it, for example. Matthew Wilcox’s presentation during the 2018
linux.conf.au Kernel miniconf made the case that, for the kernel’s
venerable radix tree data structure, the
latter situation holds. His response is a new approach to an old data
structure that he is calling the “XArray”.

An honorary degree for Alan Cox

Post Syndicated from corbet original http://lwn.net/Articles/694974/rss

Congratulations are due to Alan Cox, who was awarded
an honorary degree
by Swansea University for his work with Linux.
Alan started working on Version 0. There were bugs and problems he
could correct. He put Linux on a machine in the Swansea University computer
network, which revealed many problems in networking which he sorted out;
later he rewrote the networking software. Alan brought to Linux software
engineering discipline: Linux software releases that were tested, corrected
and above all stable. On graduating, Alan worked at Swansea University, set
up the UK Linux server and distributed thousands of systems.

Sometimes techy details matter

Post Syndicated from Robert Graham original http://blog.erratasec.com/2016/03/sometimes-techy-details-matter.html

How terrorists use encryption is going to become central to the Cryptowars 2.0 debate. Both sides are going to cite the case of Reda Hame described in this NYTimes article. On one hand, it shows that terrorists do indeed use encryption. On the other hand, the terrorists used TrueCrypt, which can’t be stopped, no matter how many “backdoor” laws the police-state tries to pass.The problem with the NYTimes article is that the technical details are garbled. (Update: at the bottom, I correct them). Normally, that’s not a problem, because we experts can fill in the details using basic assumptions. But the technique ISIS used is bizarre, using TrueCrypt containers uploaded to a file-sharing site. This is a horrible way to pass messages — assumptions we make trying to fill in the blanks are likely flawed.Moreover, there is good reason to distrust the NYTimes article. Small details conflict with a similar article in the French newspaper Le Monde from January 6. Both articles are based on the same confession by Reda Hame from last August.For example, in discussing a training accident with a grenade, the NYTimes article says “Mr. Hame did not throw it far enough and was cut by shrapnel”. The Le Monde version says he tossed a stun grenade into a hut, then entered the hut, after which the grenade exploded. Stun grenades don’t have “shrapnel”. As the Le Monde article provides a direct quote, in the original French, it is more trustworthy:”J’ai jeté la grenade dans la maisonnette, j’ai entendu une petite explosion, je suis rentré dans la maison, j’ai tiré dans trois cibles, puis la grenade a explosé”Update: You would not throw a fragmentation grenade at a silhouette drawn on a wall, as the New York Times article describes. Throw it hard enough, and it just bounces back toward you. That’s not how it works. How it does work is how Le Monde describes, wait for the a stun grenade to go off before entering the room. The interrogation of Reda Hame lasted over 17 hours over multiple days, so you can imagine that at some point, he might have retold the story in a different way that might be closer to how the NYTimes describe it, thus accounting for the discrepancy. But this is doubtful, since this is not things work.This is just one example, there are several other discrepancies with Le Monde. If the reporter gets these types of details wrong, how can we trust her on getting details of TrueCrypt correct?For example, the reporter describes “a piece of paper showing his login credentials for TrueCrypt”, though a picture of TrueCrypt in the article shows the use of “keyfiles”. However, there’s no such thing as “login credentials for TrueCrypt”. It’s not a website or a computer, you don’t “login” to it. There’s no username. Instead, you have the passphrase to encrypt or decrypt the file. This is a perfectly fine detail to mess up in normal circumstances, because the average reader neither knows nor cares about the difference. But, since we techies are confused, and the reporter isn’t trustworthy about getting small details correct, the difference suddenly looms large. Maybe the reporter is confused about the difference between “login credentials” for TrueCrypt and login credentials for the file upload site.She then goes on to describe “he was to upload the encrypted message folder onto a Turkish commercial data storage site”. Again, the terminology “encrypted message folder” in confusing. We assume it means the encrypted volume file, or the encrypted container file.Also, what the heck is a “commercial data storage site”?? She goes on to tweet:65/ They were using a program like TrueCrypt and then uploading the encrypted folder onto a website like https://t.co/Fnx7sNrTWy— Rukmini Callimachi (@rcallimachi) March 29, 2016What does this mean “like dosya.co”? Is it that site, or another one?Also, that site is a “file sharing” site, not a “data storage” site. File sharing services are designed to share files, usually copyrighted materials like movies, music, porn, games, and ebooks. Data storage services like DropBox are designed for data storage. It’s an important detail, especially when you consider how intelligence services might be monitoring them for metadata.I’ve written up a brief post on how intelligence services can track down terrorists using this technique, from either already collected metadata, or monitoring with their “XKeyScore” system. But I have little faith I’ve understood the details correctly from the NYTimes article, so there’s a good chance my post is just nonsense.This isn’t an issue of being unnecessarily pedantic. I fully support the idea that reporters can use inelegant or “wrong” terminology in order to get the point across. The problem here is that I don’t think the reporter is getting the point across. I’m confused. Moreover, we know that the reporter has gotten other details wrong, when comparing similar passages with the Le Monde article, which directly quotes the subject.Update: And now I’ve read one of the original French documents where the subject describes what was on that slip of paper recovered from his apartment, and confirmed my suspicion that the NYTimes article got details wrong.The document I saw says the slip of paper had login details for the file sharing site, not a TrueCrypt password. Thus, when the NYTimes article says “TrueCrypt login credentials”, we should correct it to “file sharing site login credentials”, not “TrueCrypt passphrase”.The original French uses the word “boîte”, which matches the TrueCrypt term “container”. The original French didn’t use the words “fichier” (file), “dossier” (folder), or “répertoire” (directory). This makes so much more sense, and gives us more confidence we know what they were doing.The original French uses the term “site de partage”, meaning a “sharing site”, which makes more sense than a “storage” site.MOST importantly, according the subject, the login details didn’t even work. It appears he never actually used this method — he was just taught how to use it. He no longer remembers the site’s name, other than it might have the word “share” in its name. We see this a lot: ISIS talks a lot about encryption, but the evidence of them actually using it is scant.Update to this update: Runa Sandvik insists there are more than one pieces of paper in the story. Therefore, I could be talking about one piece of paper with “website login”, while the NYTimes article could be talking about another with “TrueCrypt password”:@ErrataRob @thegrugq @csoghoian @josephfcox @moltke Re our conversation this morning; there are multiple pieces of paper in this story.— Runa A. Sandvik (@runasand) April 1, 2016But the original article references only a single piece of paper, “in his bag a piece of paper showing his login credentials for TrueCrypt”. It’s very strange that they are now claiming there existed separate pieces of paper that contained the website login credentials not mentioned in the original story.She insists the reason for the bad technical terms was to make it more understandable to non-technical readers:@ErrataRob That phrase may have been used to make it more understandable to all the non-technical readers.— Runa A. Sandvik (@runasand) April 1, 2016This, of course, is bogus. Nobody thinks that non-technical readers will understand “TrueCrypt login credentials” easier than “TrueCrypt password”. Non-technical users understand “password” much better than “credentials”.Update: Somebody (@thegrugq) pointed out yet another discrepancy with a CNN story, describing the process of uploading to a file sharing site:NYTimes: “basically a dead inbox”CNN: “it operated like a dead letter drop”The original phrase in French was “une boîte aux lettres morte” (a box of dead letters). The correct translation is “dead drop” (or “dead letter drop”), not “dead inbox”. The word “boîte” can also refer to a person’s inbox, so it’s a reasonable error to make if you don’t understand this is a specific spycraft term and are attempting to just translate the words according to French vernacular.

Sometimes techy details matter

Post Syndicated from Robert Graham original http://blog.erratasec.com/2016/03/sometimes-techy-details-matter.html

How terrorists use encryption is going to become central to the Cryptowars 2.0 debate. Both sides are going to cite the case of Reda Hame described in this NYTimes article. On one hand, it shows that terrorists do indeed use encryption. On the other hand, the terrorists used TrueCrypt, which can’t be stopped, no matter how many “backdoor” laws the police-state tries to pass.The problem with the NYTimes article is that the technical details are garbled. (Update: at the bottom, I correct them). Normally, that’s not a problem, because we experts can fill in the details using basic assumptions. But the technique ISIS used is bizarre, using TrueCrypt containers uploaded to a file-sharing site. This is a horrible way to pass messages — assumptions we make trying to fill in the blanks are likely flawed.Moreover, there is good reason to distrust the NYTimes article. Small details conflict with a similar article in the French newspaper Le Monde from January 6. Both articles are based on the same confession by Reda Hame from last August.For example, in discussing a training accident with a grenade, the NYTimes article says “Mr. Hame did not throw it far enough and was cut by shrapnel”. The Le Monde version says he tossed a stun grenade into a hut, then entered the hut, after which the grenade exploded. Stun grenades don’t have “shrapnel”. As the Le Monde article provides a direct quote, in the original French, it is more trustworthy:”J’ai jeté la grenade dans la maisonnette, j’ai entendu une petite explosion, je suis rentré dans la maison, j’ai tiré dans trois cibles, puis la grenade a explosé”Update: You would not throw a fragmentation grenade at a silhouette drawn on a wall, as the New York Times article describes. Throw it hard enough, and it just bounces back toward you. That’s not how it works. How it does work is how Le Monde describes, wait for the a stun grenade to go off before entering the room. The interrogation of Reda Hame lasted over 17 hours over multiple days, so you can imagine that at some point, he might have retold the story in a different way that might be closer to how the NYTimes describe it, thus accounting for the discrepancy. But this is doubtful, since this is not things work.This is just one example, there are several other discrepancies with Le Monde. If the reporter gets these types of details wrong, how can we trust her on getting details of TrueCrypt correct?For example, the reporter describes “a piece of paper showing his login credentials for TrueCrypt”, though a picture of TrueCrypt in the article shows the use of “keyfiles”. However, there’s no such thing as “login credentials for TrueCrypt”. It’s not a website or a computer, you don’t “login” to it. There’s no username. Instead, you have the passphrase to encrypt or decrypt the file. This is a perfectly fine detail to mess up in normal circumstances, because the average reader neither knows nor cares about the difference. But, since we techies are confused, and the reporter isn’t trustworthy about getting small details correct, the difference suddenly looms large. Maybe the reporter is confused about the difference between “login credentials” for TrueCrypt and login credentials for the file upload site.She then goes on to describe “he was to upload the encrypted message folder onto a Turkish commercial data storage site”. Again, the terminology “encrypted message folder” in confusing. We assume it means the encrypted volume file, or the encrypted container file.Also, what the heck is a “commercial data storage site”?? She goes on to tweet:65/ They were using a program like TrueCrypt and then uploading the encrypted folder onto a website like https://t.co/Fnx7sNrTWy— Rukmini Callimachi (@rcallimachi) March 29, 2016What does this mean “like dosya.co”? Is it that site, or another one?Also, that site is a “file sharing” site, not a “data storage” site. File sharing services are designed to share files, usually copyrighted materials like movies, music, porn, games, and ebooks. Data storage services like DropBox are designed for data storage. It’s an important detail, especially when you consider how intelligence services might be monitoring them for metadata.I’ve written up a brief post on how intelligence services can track down terrorists using this technique, from either already collected metadata, or monitoring with their “XKeyScore” system. But I have little faith I’ve understood the details correctly from the NYTimes article, so there’s a good chance my post is just nonsense.This isn’t an issue of being unnecessarily pedantic. I fully support the idea that reporters can use inelegant or “wrong” terminology in order to get the point across. The problem here is that I don’t think the reporter is getting the point across. I’m confused. Moreover, we know that the reporter has gotten other details wrong, when comparing similar passages with the Le Monde article, which directly quotes the subject.Update: And now I’ve read one of the original French documents where the subject describes what was on that slip of paper recovered from his apartment, and confirmed my suspicion that the NYTimes article got details wrong.The document I saw says the slip of paper had login details for the file sharing site, not a TrueCrypt password. Thus, when the NYTimes article says “TrueCrypt login credentials”, we should correct it to “file sharing site login credentials”, not “TrueCrypt passphrase”.The original French uses the word “boîte”, which matches the TrueCrypt term “container”. The original French didn’t use the words “fichier” (file), “dossier” (folder), or “répertoire” (directory). This makes so much more sense, and gives us more confidence we know what they were doing.The original French uses the term “site de partage”, meaning a “sharing site”, which makes more sense than a “storage” site.MOST importantly, according the subject, the login details didn’t even work. It appears he never actually used this method — he was just taught how to use it. He no longer remembers the site’s name, other than it might have the word “share” in its name. We see this a lot: ISIS talks a lot about encryption, but the evidence of them actually using it is scant.Update to this update: Runa Sandvik insists there are more than one pieces of paper in the story. Therefore, I could be talking about one piece of paper with “website login”, while the NYTimes article could be talking about another with “TrueCrypt password”:@ErrataRob @thegrugq @csoghoian @josephfcox @moltke Re our conversation this morning; there are multiple pieces of paper in this story.— Runa A. Sandvik (@runasand) April 1, 2016But the original article references only a single piece of paper, “in his bag a piece of paper showing his login credentials for TrueCrypt”. It’s very strange that they are now claiming there existed separate pieces of paper that contained the website login credentials not mentioned in the original story.She insists the reason for the bad technical terms was to make it more understandable to non-technical readers:@ErrataRob That phrase may have been used to make it more understandable to all the non-technical readers.— Runa A. Sandvik (@runasand) April 1, 2016This, of course, is bogus. Nobody thinks that non-technical readers will understand “TrueCrypt login credentials” easier than “TrueCrypt password”. Non-technical users understand “password” much better than “credentials”.Update: Somebody (@thegrugq) pointed out yet another discrepancy with a CNN story, describing the process of uploading to a file sharing site:NYTimes: “basically a dead inbox”CNN: “it operated like a dead letter drop”The original phrase in French was “une boîte aux lettres morte” (a box of dead letters). The correct translation is “dead drop” (or “dead letter drop”), not “dead inbox”. The word “boîte” can also refer to a person’s inbox, so it’s a reasonable error to make if you don’t understand this is a specific spycraft term and are attempting to just translate the words according to French vernacular.

Node.JS module to access Cisco IOS XR XML interface

Post Syndicated from Delian Delchev original http://deliantech.blogspot.com/2015/03/nodejs-module-to-access-cisco-ios-xr.html

Hello to all,This is the early version of my module for Node.JS that allows configuring routers and retrieving information over Cisco IOS XR’s XML interface.The module is in its early phases – it still does not read IOS XR schema files and therefore decode the data (in JSON) in a little ugly way (too much arrays). I am planning to fix it, so there may be changes in the responses.Please see bellow the first version of the documentation I’ve set in the github:Module for Cisco XML API interface IOS XRThis is a small module that implements interface to Cisco IOS XR XML Interface.This module open an maintain TCP session to the router, sends requests and receive responses.InstallationTo install the module do something like that:npm install node-ciscoxmlUsageIt is very easy to use this module. See the methods bellow:Load the moduleTo load and use the module, you have to use a code similar to this:var cxml = require(‘node-ciscoxml’);var c = cxml( { …connect options.. });Module init and connect optionshost (default 127.0.0.1) – the hostname of the router where we’ll connectport (default 38751) – the port of the router where XML API is listeningusername (default guest) – the username used for authentication, if username is requested by the remote sidepassword (default guest) – the password used for authentication, if password is requested by the remote sideconnectErrCnt (default 3) – how many times it will retry to connect in case of an errorautoConnect (default true) – should it try to auto connect to the remote side if a request is dispatched and there is no open session alreadyautoDisconnect (default 60000) – how much milliseconds we will wait for another request before the tcp session to the remote side is closed. If the value is 0, it will wait forever (or until the remote side disconnects). Bear in mind autoConnect set to false does not assume autoDisconnect set to 0/false as well.userPromptRegex (default (Username|Login)) – the rule used to identify that the remote side requests for a usernamepassPromptRegex (default Password) – the rule used to identify that the remote side requests for a passwordxmlPromptRegex (default XML>) – the rule used to identify successful login/connectionnoDelay (default true) – disables the Nagle algorithm (true)keepAlive (default 30000) – enabled or disables (value of 0) TCP keepalive for the socketssl (default false) – if it is set to true or an object, then SSL session will be opened. Node.js TLS module is used for that so if the ssl points to an object, the tls options are taken from it. Be careful – enabling SSL does not change the default port from 38751 to 38752. You have to set it explicitly!Example:var cxml = require(‘node-ciscoxml’);var c = cxml( { host: ‘10.10.1.1’, port: 5000, username: ‘xmlapi’, password: ‘xmlpass’});connect methodThis method forces explicitly a connection. It could accept any options of the above.Example:var cxml = require(‘node-ciscoxml’);var c = cxml();c.connect( { host: ‘10.10.1.1’, port: 5000, username: ‘xmlapi’, password: ‘xmlpass’});The connect method is not necessary to be used. If autoConnect is enabled (default) the module will automatically open and close tcp connections when needed.Connect supports callback. Example:var cxml = require(‘node-ciscoxml’);cxml().connect( { host: ‘10.10.1.1’, port: 5000, username: ‘xmlapi’, password: ‘xmlpass’}, function(err) { if (!err) console.log(‘Successful connection’);});The callback may be the only parameter as well. Example:var cxml = require(‘node-ciscoxml’);cxml({ host: ‘10.10.1.1’, port: 5000, username: ‘xmlapi’, password: ‘xmlpass’}).connect(function(err) { if (!err) console.log(‘Successful connection’);});Example with SSL:var cxml = require(‘node-ciscoxml’);var fs = require(‘fs’);cxml({ host: ‘10.10.1.1’, port: 38752, username: ‘xmlapi’, password: ‘xmlpass’, ssl: { // These are necessary only if using the client certificate authentication key: fs.readFileSync(‘client-key.pem’), cert: fs.readFileSync(‘client-cert.pem’), // This is necessary only if the server uses the self-signed certificate ca: [ fs.readFileSync(‘server-cert.pem’) ] }}).connect(function(err) { if (!err) console.log(‘Successful connection’);});disconnect methodThis method explicitly disconnects a connection.sendRaw method.sendRaw(data,callback)Parameters:data – a string containing valid Cisco XML request to be sentcallback – function that will be called when a valid Cisco XML response is receivedExample:var cxml = require(‘node-ciscoxml’);var c = cxml({ host: ‘10.10.1.1’, port: 5000, username: ‘xmlapi’, password: ‘xmlpass’});c.sendRaw(‘<Request><GetDataSpaceInfo/></Request>’,function(err,data) { console.log(‘Received’,err,data);});sendRawObj method.sendRawObj(data,callback)Parameters:data – a javascript object that will be converted to a Cisco XML requestcallback – function that will be called with valid Cisco XML response converted to javascript objectExample:var cxml = require(‘node-ciscoxml’);var c = cxml({ host: ‘10.10.1.1’, port: 5000, username: ‘xmlapi’, password: ‘xmlpass’});c.sendRawObj({ GetDataSpaceInfo: ” },function(err,data) { console.log(‘Received’,err,data);});rootGetDataSpaceInfo method.rootGetDataSpaceInfo(callback)Equivalent to .sendRawObj for GetDataSpaceInfo commandgetNextSends getNext request with a specific id, so we can retrieve the rest of the previous operation if it has been truncated.id – the ID callback – the callback with the data (in js object format)Keep in mind next response may be truncated as well, so you have to check for IteratorID all the time.Example:var cxml = require(‘node-ciscoxml’);var c = cxml({ host: ‘10.10.1.1’, port: 5000, username: ‘xmlapi’, password: ‘xmlpass’});c.sendRawObj({ Get: { Configuration: {} } },function(err,data) { console.log(‘Received’,err,data); if ((!err) && data && data.Response.$.IteratorID) { return c.getNext(data.Response.$.IteratorID,function(err,nextData) { // .. code to merge data with nextData }); } // .. code});sendRequest methodThis method is equivalent to sendRawObj but it can automatically detect the need and resupply GetNext requests so the response is absolutley full. Therefore this method should be the preferred method for sending requests that expect very large replies.Example:var cxml = require(‘node-ciscoxml’);var c = cxml({ host: ‘10.10.1.1’, port: 5000, username: ‘xmlapi’, password: ‘xmlpass’});c.sendRequest({ GetDataSpaceInfo: ” },function(err,data) { console.log(‘Received’,err,data);});requestPath methodThis is a method equivalent to sendRequest but instead of an object, the request may be formatted in a simple path string. This metod is not very useful for complex requests. But its value is in the ability to simplify very much the simple requests. The response is in JavaScript objectExample:var cxml = require(‘node-ciscoxml’);var c = cxml({ host: ‘10.10.1.1’, port: 5000, username: ‘xmlapi’, password: ‘xmlpass’});c.requestPath(‘Get.Configuration.Hostname’,function(err,data) { console.log(‘Received’,err,data);});reqPathPath methodThis is the same method as requestPath, but the response is not an object, but a path array. The method supports optional filter, which has to be a RegExp object and all paths and values will be tested against it Only those returning true will be included in the response array.Example:var cxml = require(‘node-ciscoxml’);var c = cxml({ host: ‘10.10.1.1’, port: 5000, username: ‘xmlapi’, password: ‘xmlpass’});c.reqPathPath(‘Get.Configuration.Hostname’,/Hostname/,function(err,data) { console.log(‘Received’,data[0]); // The output should be something like // [ ‘Response(“MajorVersion”=”1″,”MinorVersion”=”0”).Get.Configuration.Hostname(“MajorVersion”=”1″,”MinorVersion”=”0”)’, ‘asr9k-router’ ] });This method could be very useful for getting simple responses and configurations.getConfig methodThis method requests the whole configuration of the remote device and return it as objectExample:c.getConfig(function(err,config) { console.log(err,config);});cliConfig methodThis method is quite simple, it executes a command(s) in CLI Configuration mode and return the response in JS Object. You have to know that any configuration change in IOS XR is not effective unless it is committed!Example:c.cliConfig(‘username testuserngroup operatorn’,function(err,data) { console.log(err,data); c.commit();});cliExec methodExecutes a command(s) in CLI Exec mode and return the response in JS Object.c.cliExec(‘show interfaces’,function(err,data) { console.log(err,data?data.Response.CLI[0].Exec[0]);});commit methodCommit the current configuration.Example:c.commit(function(err,data) { console.log(err,data);});lock methodLocks the configuration mode.Example:c.lock(function(err,data) { console.log(err,data);});unlock methodUnlocks the configuration mode.Example:c.unlock(function(err,data) { console.log(err,data);});Configure Cisco IOS XR for XML agentTo configure IOS XR for remote XML configuration you have to:Ensure you have *mgbl*** package installed and activated! Without it you will have no xml agentcommands!Enable the XML agent with a similar configuration:xml agent vrf default ipv4 access-list SECUREACCESS ! ipv6 enable session timeout 10 iteration on size 100000!You can enable tty and/or ssl agents as well!(Keep in mind – full filtering of the XML access has to be done by the control-plane management-plane command! The XML interface does not use VTYs!)You have to ensure you have correctly configured aaa as the xml agent uses default method for both authentication and authorization and that cannot be changed (last verified with IOS XR 5.3).You have to have both aaa authentication and authorization. If authorization is not set (aaa authorization default local or none), you may not be able to log in. And you shall ensure that both the authentication and authorization share the same source (tacacs+ or local).The default agent port is 38751 for the default agent and 38752 for SSL.DebuggingThe module uses “debug” module to log its outputs. You can enable the debugging by having in your code something like:require(‘debug’).enable(‘ciscoxml’);Or setting DEBUG environment to ciscoxml before starting the Node.JS

Node.JS module to access Cisco IOS XR XML interface

Post Syndicated from Delian Delchev original http://deliantech.blogspot.com/2015/03/nodejs-module-to-access-cisco-ios-xr.html

Hello to all,This is the early version of my module for Node.JS that allows configuring routers and retrieving information over Cisco IOS XR’s XML interface.The module is in its early phases – it still does not read IOS XR schema files and therefore decode the data (in JSON) in a little ugly way (too much arrays). I am planning to fix it, so there may be changes in the responses.Please see bellow the first version of the documentation I’ve set in the github:Module for Cisco XML API interface IOS XRThis is a small module that implements interface to Cisco IOS XR XML Interface.This module open an maintain TCP session to the router, sends requests and receive responses.InstallationTo install the module do something like that:npm install node-ciscoxmlUsageIt is very easy to use this module. See the methods bellow:Load the moduleTo load and use the module, you have to use a code similar to this:var cxml = require(‘node-ciscoxml’);var c = cxml( { …connect options.. });Module init and connect optionshost (default 127.0.0.1) – the hostname of the router where we’ll connectport (default 38751) – the port of the router where XML API is listeningusername (default guest) – the username used for authentication, if username is requested by the remote sidepassword (default guest) – the password used for authentication, if password is requested by the remote sideconnectErrCnt (default 3) – how many times it will retry to connect in case of an errorautoConnect (default true) – should it try to auto connect to the remote side if a request is dispatched and there is no open session alreadyautoDisconnect (default 60000) – how much milliseconds we will wait for another request before the tcp session to the remote side is closed. If the value is 0, it will wait forever (or until the remote side disconnects). Bear in mind autoConnect set to false does not assume autoDisconnect set to 0/false as well.userPromptRegex (default (Username|Login)) – the rule used to identify that the remote side requests for a usernamepassPromptRegex (default Password) – the rule used to identify that the remote side requests for a passwordxmlPromptRegex (default XML>) – the rule used to identify successful login/connectionnoDelay (default true) – disables the Nagle algorithm (true)keepAlive (default 30000) – enabled or disables (value of 0) TCP keepalive for the socketssl (default false) – if it is set to true or an object, then SSL session will be opened. Node.js TLS module is used for that so if the ssl points to an object, the tls options are taken from it. Be careful – enabling SSL does not change the default port from 38751 to 38752. You have to set it explicitly!Example:var cxml = require(‘node-ciscoxml’);var c = cxml( { host: ‘10.10.1.1’, port: 5000, username: ‘xmlapi’, password: ‘xmlpass’});connect methodThis method forces explicitly a connection. It could accept any options of the above.Example:var cxml = require(‘node-ciscoxml’);var c = cxml();c.connect( { host: ‘10.10.1.1’, port: 5000, username: ‘xmlapi’, password: ‘xmlpass’});The connect method is not necessary to be used. If autoConnect is enabled (default) the module will automatically open and close tcp connections when needed.Connect supports callback. Example:var cxml = require(‘node-ciscoxml’);cxml().connect( { host: ‘10.10.1.1’, port: 5000, username: ‘xmlapi’, password: ‘xmlpass’}, function(err) { if (!err) console.log(‘Successful connection’);});The callback may be the only parameter as well. Example:var cxml = require(‘node-ciscoxml’);cxml({ host: ‘10.10.1.1’, port: 5000, username: ‘xmlapi’, password: ‘xmlpass’}).connect(function(err) { if (!err) console.log(‘Successful connection’);});Example with SSL:var cxml = require(‘node-ciscoxml’);var fs = require(‘fs’);cxml({ host: ‘10.10.1.1’, port: 38752, username: ‘xmlapi’, password: ‘xmlpass’, ssl: { // These are necessary only if using the client certificate authentication key: fs.readFileSync(‘client-key.pem’), cert: fs.readFileSync(‘client-cert.pem’), // This is necessary only if the server uses the self-signed certificate ca: [ fs.readFileSync(‘server-cert.pem’) ] }}).connect(function(err) { if (!err) console.log(‘Successful connection’);});disconnect methodThis method explicitly disconnects a connection.sendRaw method.sendRaw(data,callback)Parameters:data – a string containing valid Cisco XML request to be sentcallback – function that will be called when a valid Cisco XML response is receivedExample:var cxml = require(‘node-ciscoxml’);var c = cxml({ host: ‘10.10.1.1’, port: 5000, username: ‘xmlapi’, password: ‘xmlpass’});c.sendRaw(‘<Request><GetDataSpaceInfo/></Request>’,function(err,data) { console.log(‘Received’,err,data);});sendRawObj method.sendRawObj(data,callback)Parameters:data – a javascript object that will be converted to a Cisco XML requestcallback – function that will be called with valid Cisco XML response converted to javascript objectExample:var cxml = require(‘node-ciscoxml’);var c = cxml({ host: ‘10.10.1.1’, port: 5000, username: ‘xmlapi’, password: ‘xmlpass’});c.sendRawObj({ GetDataSpaceInfo: ” },function(err,data) { console.log(‘Received’,err,data);});rootGetDataSpaceInfo method.rootGetDataSpaceInfo(callback)Equivalent to .sendRawObj for GetDataSpaceInfo commandgetNextSends getNext request with a specific id, so we can retrieve the rest of the previous operation if it has been truncated.id – the ID callback – the callback with the data (in js object format)Keep in mind next response may be truncated as well, so you have to check for IteratorID all the time.Example:var cxml = require(‘node-ciscoxml’);var c = cxml({ host: ‘10.10.1.1’, port: 5000, username: ‘xmlapi’, password: ‘xmlpass’});c.sendRawObj({ Get: { Configuration: {} } },function(err,data) { console.log(‘Received’,err,data); if ((!err) && data && data.Response.$.IteratorID) { return c.getNext(data.Response.$.IteratorID,function(err,nextData) { // .. code to merge data with nextData }); } // .. code});sendRequest methodThis method is equivalent to sendRawObj but it can automatically detect the need and resupply GetNext requests so the response is absolutley full. Therefore this method should be the preferred method for sending requests that expect very large replies.Example:var cxml = require(‘node-ciscoxml’);var c = cxml({ host: ‘10.10.1.1’, port: 5000, username: ‘xmlapi’, password: ‘xmlpass’});c.sendRequest({ GetDataSpaceInfo: ” },function(err,data) { console.log(‘Received’,err,data);});requestPath methodThis is a method equivalent to sendRequest but instead of an object, the request may be formatted in a simple path string. This metod is not very useful for complex requests. But its value is in the ability to simplify very much the simple requests. The response is in JavaScript objectExample:var cxml = require(‘node-ciscoxml’);var c = cxml({ host: ‘10.10.1.1’, port: 5000, username: ‘xmlapi’, password: ‘xmlpass’});c.requestPath(‘Get.Configuration.Hostname’,function(err,data) { console.log(‘Received’,err,data);});reqPathPath methodThis is the same method as requestPath, but the response is not an object, but a path array. The method supports optional filter, which has to be a RegExp object and all paths and values will be tested against it Only those returning true will be included in the response array.Example:var cxml = require(‘node-ciscoxml’);var c = cxml({ host: ‘10.10.1.1’, port: 5000, username: ‘xmlapi’, password: ‘xmlpass’});c.reqPathPath(‘Get.Configuration.Hostname’,/Hostname/,function(err,data) { console.log(‘Received’,data[0]); // The output should be something like // [ ‘Response(“MajorVersion”=”1″,”MinorVersion”=”0”).Get.Configuration.Hostname(“MajorVersion”=”1″,”MinorVersion”=”0”)’, ‘asr9k-router’ ] });This method could be very useful for getting simple responses and configurations.getConfig methodThis method requests the whole configuration of the remote device and return it as objectExample:c.getConfig(function(err,config) { console.log(err,config);});cliConfig methodThis method is quite simple, it executes a command(s) in CLI Configuration mode and return the response in JS Object. You have to know that any configuration change in IOS XR is not effective unless it is committed!Example:c.cliConfig(‘username testuserngroup operatorn’,function(err,data) { console.log(err,data); c.commit();});cliExec methodExecutes a command(s) in CLI Exec mode and return the response in JS Object.c.cliExec(‘show interfaces’,function(err,data) { console.log(err,data?data.Response.CLI[0].Exec[0]);});commit methodCommit the current configuration.Example:c.commit(function(err,data) { console.log(err,data);});lock methodLocks the configuration mode.Example:c.lock(function(err,data) { console.log(err,data);});unlock methodUnlocks the configuration mode.Example:c.unlock(function(err,data) { console.log(err,data);});Configure Cisco IOS XR for XML agentTo configure IOS XR for remote XML configuration you have to:Ensure you have *mgbl*** package installed and activated! Without it you will have no xml agentcommands!Enable the XML agent with a similar configuration:xml agent vrf default ipv4 access-list SECUREACCESS ! ipv6 enable session timeout 10 iteration on size 100000!You can enable tty and/or ssl agents as well!(Keep in mind – full filtering of the XML access has to be done by the control-plane management-plane command! The XML interface does not use VTYs!)You have to ensure you have correctly configured aaa as the xml agent uses default method for both authentication and authorization and that cannot be changed (last verified with IOS XR 5.3).You have to have both aaa authentication and authorization. If authorization is not set (aaa authorization default local or none), you may not be able to log in. And you shall ensure that both the authentication and authorization share the same source (tacacs+ or local).The default agent port is 38751 for the default agent and 38752 for SSL.DebuggingThe module uses “debug” module to log its outputs. You can enable the debugging by having in your code something like:require(‘debug’).enable(‘ciscoxml’);Or setting DEBUG environment to ciscoxml before starting the Node.JS

Kernel Hackers Panel

Post Syndicated from Lennart Poettering original http://0pointer.net/blog/projects/linuxcon-kernel-panel.html

At LinuxCon Europe/ELCE I had the chance to moderate the kernel hackers
panel with Linus Torvalds, Alan Cox, Paul McKenney and Thomas Gleixner on
stage
. I like to believe it went quite well, but check it out for yourself, as
a video recording is now available online:

For me personally I think the most notable topic covered was Control Groups,
and the clarification that they are something that is needed even though their
implementation right now is in many ways less than perfect. But in the end there is no
reasonable way around it, and much like SMP, technology that complicates things
substantially but is ultimately unavoidable.

Other videos from ELCE are online now, too.

Kernel Hackers Panel

Post Syndicated from Lennart Poettering original http://0pointer.net/blog/projects/linuxcon-kernel-panel.html

At LinuxCon Europe/ELCE I had the chance to moderate the kernel hackers
panel with Linus Torvalds, Alan Cox, Paul McKenney and Thomas Gleixner on
stage
. I like to believe it went quite well, but check it out for yourself, as
a video recording is now available online:

For me personally I think the most notable topic covered was Control Groups,
and the clarification that they are something that is needed even though their
implementation right now is in many ways less than perfect. But in the end there is no
reasonable way around it, and much like SMP, technology that complicates things
substantially but is ultimately unavoidable.

Other videos from ELCE are online now, too.

Kernel Hackers Panel

Post Syndicated from Lennart Poettering original http://0pointer.net/blog/projects/linuxcon-kernel-panel.html

At LinuxCon Europe/ELCE I had the chance to moderate the kernel hackers
panel with Linus Torvalds, Alan Cox, Paul McKenney and Thomas Gleixner on
stage
. I like to believe it went quite well, but check it out for yourself, as
a video recording is now available online:

For me personally I think the most notable topic covered was Control Groups,
and the clarification that they are something that is needed even though their
implementation right now is in many ways less than perfect. But in the end there is no
reasonable way around it, and much like SMP, technology that complicates things
substantially but is ultimately unavoidable.

Other videos from ELCE are online now, too.

Prague

Post Syndicated from Lennart Poettering original http://0pointer.net/blog/projects/linuxcon-europe.html

If you make it to Prague the coming week for the LinuxCon/ELCE/GStreamer/Kernel Summit/… superconference, make sure not to miss:

All of that at the Clarion Hotel. See you in Prague!

Prague

Post Syndicated from Lennart Poettering original http://0pointer.net/blog/projects/linuxcon-europe.html

If you make it to Prague the coming week for the LinuxCon/ELCE/GStreamer/Kernel Summit/… superconference, make sure not to miss:

The Linux Audio BoF with numerous Linux audio hackers, 5pm, on Sunday (23rd, i.e. today).

Latest
developments in PulseAudio
by Arun Raghavan. 4pm, on Tuesday, GStreamer
Summit

Linux
Kernel Developer Panel
, a shared session of LinuxCon and ELCE. Panelists
are Linus Torvalds, Alan Cox, Thomas Gleixner and Paul McKenney. Moderated by
yours truly. 9:30am, on Wednesday

systemd
Administration in the Enterprise
by Kay Sievers and yours truly. 4:15pm, on
Wednesday, LinuxCon

Integrating
systemd: Booting Userspace in Less Than 1 Second
by Koen Kooi. 11:15am, on
Friday, ELCE

All of that at the Clarion Hotel. See you in Prague!

Prague

Post Syndicated from Lennart Poettering original http://0pointer.net/blog/projects/linuxcon-europe.html

If you make it to Prague the coming week for the LinuxCon/ELCE/GStreamer/Kernel Summit/… superconference, make sure not to miss:

All of that at the Clarion Hotel. See you in Prague!