For various reasons, I'm trying to get a Soft-ROCE setup working. The plan is to move to RDMA-capable hardware, later, but for now Soft ROCE is a good choice to get started. I've started with some tutorials on Infiniband APIs, and they mostly make sense. However, I haven't been able to get even a single transaction working in a loopback device.
I created an rxe device using the following command:
# rdma link add rxe_lo type rxe netdev lo
It seems to come up fine, but none of the utilities I run seem to do anything (rping, ibv_rc_pingpong, etc.).
With my loopback device, rping fails like this:
# rping -c -v -a 127.0.0.1
rdma_resolve_route: No such device
If I create Soft ROCE devices on two separate computers, and then run that over the network, rping at least works:
# rdma link add rxe_eno1 type rxe netdev eno1
# # do the same on different computer...
# rping -s -v -a 0.0.0.0
# rping -c -v -a 192.x.y.z # on other computer
Is this a futile attempt, or is there a technical reason why local loopbacks won't work with Soft RDMA? I tried this on an Ubuntu and Fedora system, with the same results.
Related
How to run IPMI tool from the openBMC romulus image. I was successful in running the Hello World program as per the tutorials. I want to run IPMI tool command from the romulus to the BMC of another server. Is there is any method of doing this? As ipmitool command is not included. Is there any way of including it in the romulus Image.
ipmitool is really meant to be used outside of the BMC to control it. So in most use cases you install the ipmitool package on your computer (sudo apt install ipmitool), and then use it to talk to the server.
i.e.:
ipmitool -I lanplus -U root -H <server> -P <password> chassis power status
If you're using QEMU, then I believe you need to hostfwd port 623 for this to work. I personally have not gotten ipmitool to talk to a QEMU session before though.
If you really want ipmitool in your BMC image, then you could add it as a RDEPENDS to the packagegroup file similar to what facebook does in https://github.com/openbmc/meta-facebook/blob/master/meta-tiogapass/recipes-fbtp/packagegroups/packagegroup-fb-apps.bb
Romulus does not have ipmitool in it OpenBMC firmware image, as do some other OpenBMC platforms; not all platforms have the SPI FLASH space supply many utilites. You can use ipmitool from a remote machine to a Romulus like below.
ipmitool -I lanplus -C 17 -p 623 -U root -H <server> -P <password> bmc info
or
ipmitool -I lanplus -C 17 -p 623 -U root -H <server> -P <password> raw 0x06 0x01
I chose to use -C 17 for cipher suite 17 as ipmitool defaults to cipher suite 3 and modern platforms have deprecated cipher suite 3 for security reasons.
Cipher suites 3 and 17 were last 2 suites that had any security strength, and 17 is the stronger (do not read that as strong) and now suite 3 is considered weak.
and here are the ipmitool commands:
usage: ipmitool [options...] <command>
-h This help
-V Show version information
-v Verbose (can use multiple times)
-c Display output in comma separated format
-d N Specify a /dev/ipmiN device to use (default=0)
-I intf Interface to use
-H hostname Remote host name for LAN interface
-p port Remote RMCP port [default=623]
-U username Remote session username
-f file Read remote session password from file
-z size Change Size of Communication Channel (OEM)
-S sdr Use local file for remote SDR cache
-D tty:b[:s] Specify the serial device, baud rate to use
and, optionally, specify that interface is the system one
-4 Use only IPv4
-6 Use only IPv6
-a Prompt for remote password
-Y Prompt for the Kg key for IPMIv2 authentication
-e char Set SOL escape character
-C ciphersuite Cipher suite to be used by lanplus interface
-k key Use Kg key for IPMIv2 authentication
-y hex_key Use hexadecimal-encoded Kg key for IPMIv2 authentication
-L level Remote session privilege level [default=ADMINISTRATOR]
Append a '+' to use name/privilege lookup in RAKP1
-A authtype Force use of auth type NONE, PASSWORD, MD2, MD5 or OEM
-P password Remote session password
-E Read password from IPMI_PASSWORD environment variable
-K Read kgkey from IPMI_KGKEY environment variable
-m address Set local IPMB address
-b channel Set destination channel for bridged request
-t address Bridge request to remote target address
-B channel Set transit channel for bridged request (dual bridge)
-T address Set transit address for bridge request (dual bridge)
-l lun Set destination lun for raw commands
-o oemtype Setup for OEM (use 'list' to see available OEM types)
-O seloem Use file for OEM SEL event descriptions
-N seconds Specify timeout for lan [default=2] / lanplus [default=1] interface
-R retry Set the number of retries for lan/lanplus interface [default=4]
Interfaces:
open Linux OpenIPMI Interface [default]
lan IPMI v1.5 LAN Interface
lanplus IPMI v2.0 RMCP+ LAN Interface
serial-terminal Serial Interface, Terminal Mode
serial-basic Serial Interface, Basic Mode
Commands:
raw Send a RAW IPMI request and print response
i2c Send an I2C Master Write-Read command and print response
spd Print SPD info from remote I2C device
lan Configure LAN Channels
chassis Get chassis status and set power state
power Shortcut to chassis power commands
event Send pre-defined events to MC
mc Management Controller status and global enables
sdr Print Sensor Data Repository entries and readings
sensor Print detailed sensor information
fru Print built-in FRU and scan SDR for FRU locators
gendev Read/Write Device associated with Generic Device locators sdr
sel Print System Event Log (SEL)
pef Configure Platform Event Filtering (PEF)
sol Configure and connect IPMIv2.0 Serial-over-LAN
tsol Configure and connect with Tyan IPMIv1.5 Serial-over-LAN
isol Configure IPMIv1.5 Serial-over-LAN
user Configure Management Controller users
channel Configure Management Controller channels
session Print session information
dcmi Data Center Management Interface
nm Node Manager Interface
sunoem OEM Commands for Sun servers
kontronoem OEM Commands for Kontron devices
picmg Run a PICMG/ATCA extended cmd
fwum Update IPMC using Kontron OEM Firmware Update Manager
firewall Configure Firmware Firewall
delloem OEM Commands for Dell systems
shell Launch interactive IPMI shell
exec Run list of commands from file
set Set runtime variable for shell and exec
hpm Update HPM components using PICMG HPM.1 file
ekanalyzer run FRU-Ekeying analyzer using FRU files
ime Update Intel Manageability Engine Firmware
vita Run a VITA 46.11 extended cmd
lan6 Configure IPv6 LAN Channels
I have built the linux system for my RPi3 using buildroot. It boots properly and I can access the wired connection properly. However, I am stuck with enabling the wlan.
Here is what I have done so far.
Built the filesystem using buildroot:
make raspberrypi3_defconfig
make
After booting linux successfully I followed this link to enable wlan.
As the author of the post mentions, I had to select some of the wireless related packages by running make linux-menuconfig. But when I did run it, these packages were already selected.
I then ran make menuconfig and selected wpa_supplicant and other packages.
Now, when I boot the RPi3, wlan0 is not listed when I run ifconfig -a. I googled it a bit and found that there should be folder named wlan0 under /sys/class/net/. But I can only find eth0 and lo
Kindly guide me on how to get the wlan working. dmesg log is posted here
If you are using Buildroot, make sure you have selected BR2_PACKAGE_RPI_WIFI_FIRMWARE.
Also you have to manual load the wifi kernel module:
# modprobe brcmfmac
After that, you can confirm wlan0 with
# ifconfig -a
You could also configure Buildroot to build udev as /dev management option, in this case, WiFi kernel module will be loaded automatically.
Even after changing the group and ownership of tcpdump to user mode, I still get the following error:
tcpdump -i eth0
tcpdump: eth0: You don't have permission to capture on that device
(socket: Operation not permitted)
ls -la /usr/sbin/tcpdump
-rwxr-x--- 1 user1 user1 830920 Apr 24 21:28 /usr/sbin/tcpdump
I know it is not good to drop the permission of tcpdump from root to user but for ease of use in my case, I would like to be able to use it from user level.
I took the hint from:
"tcpdump -w 1.pcap" works, but "tcpdump -C 100 -w 1.pcap" - permission denied
and installed AppArmor as I am using Ubuntu 12.04 LTS.
And did:
sudo aa-complain /usr/sbin/tcpdump
Still I get the same error msg. If I use "-Z" with the tcpdump command, I can drop the privileges and run tcpdump but not otherwise.
Is there a way out?
Thanks
libpcap (which tcpdump is based on) require admin privilege to set your interface into promiscuous mode. There is nothing you can do about it, the kernel won't let you/tcpdump/libpcap do that, period.
What you can do is use tcpdump without promiscuous mode, but that will severely limit its functionality: you will only see traffic directed explicitly to/from your machine, as opposed to everything that's seen on the wire, which is usually what you want to to (and is why using promisc mode is the default). In order to do that, use this tcpdump option:
--no-promiscuous-mode
Don't put the interface into promiscuous mode. Note that the
interface might be in promiscuous mode for some other reason;
hence, `-p' cannot be used as an abbreviation for `ether host
{local-hw-addr} or ether broadcast'.
For more info on promiscuous mode:
http://en.wikipedia.org/wiki/Promiscuous_mode
I quote:
Many operating systems require superuser privileges to enable
promiscuous mode.
In Linux, at the low level, this is done by setting the IFF_PROMISC flag on the netdevice via a SIOCSIFFLAGS ("set flag") ioctl. And as you can see here:
http://man7.org/linux/man-pages/man7/netdevice.7.html
... "Setting the active flag word is a privileged operation", and "using it requires an effective user ID of 0 or the CAP_NET_ADMIN capability. If this is not the case, EPERM will be returned."
So another direction may be to give your "userjoe" account the CAP_NET_ADMIN rights, but I would advice against this. Security wise it's not better, if not worst, than to be part of the sudo'ers and explictly sudo when you need to.
I am running snort on windows to sniff single interface. I wanted to sniff two interface with snort and I learned I have fire same command twice for different interface.
Now i want run it as service and i used this command`
c:\snort\bin\snort.exe /SERVICE /INSTALL -i 1 -l c:\snort\log -c c:\snort\etc\snort.conf
This will create a service for Snort .
So, how to run snort as service for multiple interface ?
Any help will be appreciated.
I'm not all that familiar with Snort on windows, but if you're able to do it, it should work similar to Linux. You would have to bridge the interfaces (windows 7 steps) and use the bridge with the -i. If you bridge your 2 interfaces and then run "snort -W" and see the bridge show up, you should just be able to use that to sniff on both interfaces. I have never tested this though, but in theory it should work.
Usage: [options]
Options:
--help, -h Show this help message and exit.
--server=SERVER The server to use to determine the latest
-s SERVER SDK version.
--address=ADDRESS The address of the interface on the local machine
-a ADDRESS to bind to (or 0.0.0.0 for all interfaces).
--port=PORT The port number to bind to on the local machine.
-p PORT
--sdk_root=DIR Overrides where the SDK is located.
--disable_update_check Disable the check for newer SDK versions.
--generated_dir=DIR Set the directory where generated files are created.
--jvm_flag=FLAG Pass FLAG as a JVM argument. May be repeated to
supply multiple flags.
I had come across similar problem while working with Google App Engine for Python-loalhost was not getting its connection established.
$fuser -k 8080/tcp
Try this in terminal/command prompt and restart localhost.
It worked for me. Hope it works for you also. Good luck!