— Monitor BGP routes

Posted by & filed under Uncategorized.

BGPmon can monitor your prefixes and alert you in case of a ‘interesting’ path change. Recently this has received quite some attention. Specifically after the Youtube hijack and the demo given at defcon. Path changes can be of different kinds, such as more specifics, change of aspath, change of origin AS, Transit AS or any combination of this. BGPmon classifies these changes in types. This software was written over the course of 1.5 years, mainly for private use. However given the more widespread interest I decided to make it available everyone interested.

nginx Load Balancer

Posted by & filed under Server Admin.

nginx [engine x] is a HTTP and reverse proxy server, as well as a mail proxy server written by Igor Sysoev. It has been running for more than five years on many heavily loaded Russian sites including Rambler ( According to Netcraft nginx served or proxied 4.70% busiest sites in April 2010. Here are some of success stories: FastMail.FM,

Linux Citrix CLient — Trust Thawte CA

Posted by & filed under Uncategorized.

I recently installed the Citrix client on my new Ubuntu 10.10 laptop.

It was giving me a error that the Thawte cert wasnt trusted.

This fixed it:

nate@nate-laptop:~$ wget
nate@nate-laptop:~$ unzip
nate@nate-laptop:~$ sudo cp -v Thawte\ Root\ Certificates/thawte\ Server\ CA/Thawte\ Server\ CA.cer /usr/lib/ICAClient/keystore/cacerts/
`Thawte Root Certificates/thawte Server CA/Thawte Server CA.cer' -> `/usr/lib/ICAClient/keystore/cacerts/Thawte Server CA.cer'

Ext4Yii Framework

Posted by & filed under Programming.

The Ext4Yii Framework is a professional PHP Yii extension which provides server-side ExtJS functionality.

It is a template parsing system, capable of rendering embedded XML templates into ExtJS JavaScript components.

IP – CIDR Conversion

Posted by & filed under PHP, Programming.

When writing the tools and website for the DNS Whitelisting project,, I had to deal with a lot of IP calculation: data is stored in CIDR format, eg “” to indicate a single IP address, “” for a range of to and so on. RFC 1878 explains this notation in some detail.

Storing the dotted quad notation of an IP address would be pretty inefficient – the string is 15 characters long (four times up to three digits plus three dots), while it is technically just a “nice” display of a 32bit number. Additionally, comparing IP addresses (eg “is this address within a given range”) is a lot easier when done on the numeric representation since we can just use simple numeric comparison. In any case we need a way to convert between these two representations.

The CIDR notation itself is somewhat difficult to deal with – most humans will not be easily able to always know that the range “” has “” as it’s last IP address. We therefore also need a way to transform between CIDR and range notation. Unfortunately we need to do this in multiple environments, eg directly within the database (for certain batch jobs), in PHP (for regular backend operations) and in JavaScript (to avoid a server roundtrip on each transformation for the human reader).

Luckily, MySQL has two functions to convert from dotted quad notation (“”) to the corresponding decimal (2130706433), namely inet_aton and inet_ntoa (in case you wonder, that’s ascii to numeric and vice versa). The Miscellaneous Functions chapter of the MySQL reference has the details.
select inet_aton(‘’); and select inet_ntoa(2130706433); do all the byte twiddling for us. Note that this also works for insert and update statements, eg insert into … inet_aton(‘’) …. The network mask (the “32” in “”) can be stored as a regular integer.

Now that we know how to transform (2130706433, 32) into (, 32), how do we transform a range (, 29) into human readable “ to”? There we need to do some calculations of our own. If we have a network mask of /32, this means just one single host. A mask of /24 indicates 255 addresses, a /16 gives 65535 and a /8 gives 16777215 addresses. Yes, that has something to do with a number series involving a power of 2 and a “minus 1”, or to be more exact:
last IP = first IP + (2^(32-mask)) – 1

In MySQL, this would translate into the following for (, 29):
select inet_ntoa(inet_aton(‘’) + (pow(2, (32-29))-1));

We can apply the same logic to PHP as well. In PHP the functions to convert between dotted quad and numeric are called long2ip and ip2long (see the PHP Reference). The translation for (, 29) would thus be:
$lastip = $firstip + pow(2, (32-$mask)) – 1;

Note the peculiarity of the long numerical type in PHP and how to get around that – the german de.comp.lang.php.* FAQ shows a workaround:
JavaScript / ECMAScript

Unfortunately, JavaScript does not contain something similar to “inet_aton” or “ip2long”, so we have to build our own:

function ip2long(ip) {
var ips = ip.split(‘.’);
var iplong = 0;
with (Math) {
iplong = ips0*pow(256,3)+ips1*pow(256,2)+ips2*pow(256,1)+ips3*pow(256,0)
return iplong;

function long2ip(l) {

with (Math) {
var ip1 = floor(l/pow(256,3));
var ip2 = floor((l%pow(256,3))/pow(256,2));
var ip3 = floor(((l%pow(256,3))%pow(256,2))/pow(256,1));
var ip4 = floor((((l%pow(256,3))%pow(256,2))%pow(256,1))/pow(256,0));
return ip1 + ‘.’ + ip2 + ‘.’ + ip3 + ‘.’ + ip4;

And the same power of two-thing to calculate the “last IP”:

function lastIP(ip, mask) {
return ip + (Math.pow(2, (32 – mask))-1);

Bonus points

Dealing with user input is maybe the single most important security issue in web applications. We must therefore take care that we only pass proper IP addresses to any backend function. The easiest way to do this is through a regular expression – after all, we know exactly how a dotted quad representation of an IP address should look like (four times up to three digits, separated by dots). Thus the (Perl style) regex should look like


Validation of the numeric representation is of course trivial. In PHP:
if (!(is_numeric($ip)) { kaboom; }

It is a good idea to always trim() user input before validation or processing (if leading/trailing whitespace is not significant).

Configure Xymon Client (BBWin)

Posted by & filed under Server Admin.

I periodically need to configure BBWin clients for our Xymon monitoring system.

Config Steps:
–>Install BBWin Client
–>Copy bbwin/etc/bbwin.cfg from an existing install
–>Set HKLM/Software/BBWin/hostname
–>Start Service

Kick off a test alert with Xymon

Posted by & filed under Server Admin.

If you want to test how your alert configuration handles a specific host, you can run xymond_alert in test mode – you give it a hostname and servicename as input, and it will go through the configuration and tell you which rules match and who gets an alert.


osiris:~ $ cd server/
osiris:~/server $ ./bin/xymoncmd xymond_alert –test cpu
Matching host:service:page ‘’ against rule line 109:Matched
*** Match with ‘HOST=*’ ***
Matching host:service:page ‘’ against rule line 110:Matched
*** Match with ‘MAIL REPEAT=2 RECOVERED COLOR=red’ ***
Mail alert with command ‘mail -s “XYmon [12345] is RED”

BigBrother is slightly different:
$ bbcmd hobbitd_alert –test conn

Both can optionally be appended with a duration to meet any requirements:

dev@monitor:/usr/lib/hobbit/server/bin$ bbcmd hobbitd_alert --test conn --duration=501
2011-07-08 10:37:05 Using default environment file /usr/lib/hobbit/client/etc/hobbitserver.cfg
00013395 2011-07-08 10:37:05 send_alert state Paging
00013395 2011-07-08 10:37:05 Matching host:service:page '' against rule line 26
00013395 2011-07-08 10:37:05 Failed 'HOST=$INTIDEAS' (hostname not in include list)
00013395 2011-07-08 10:37:05 Matching host:service:page '' against rule line 39
00013395 2011-07-08 10:37:05 *** Match with 'HOST=*' ***

The hobbitd_alert and xymond_alert (depending on if it is xymon or bb) command calls the module:

Update 07/25/18: The Xymon syntax is a bit off, it should be:

/usr/lib/xymon/server/bin/xymoncmd xymond_alert --test ntp.redacted.local ntp --duration=400 --color=red

See… for additional details on the parameters.

Built new monitor server today

Posted by & filed under Uncategorized.

Yesterday much to my dismay monitor.tnsc failed. I came into the DC and found the disk to be failing. Panic mode… I backed up critical config files, rebooted and prayed it would last the night. It did fortunately.

Now I have acquired a nice new server, quad core, 6gb ram, 15k SAS drives, the works. It’s badass. Never seen a linux box boot so fast.

-Ubuntu Server 10.10
-Xymon 4.3.0-beta2
-rsyslog (
-Log Analyzer (

I plan on installing Cacti/migrating client data, install ntop for monitoring flows from the core routers, etc.

Handy IP Related Regexp

Posted by & filed under Programming.





Bufferbloat etc

Posted by & filed under Networking.

Bufferbloat is present in all of the broadband technologies, cable, DSL and FIOS alike. And bufferbloat is present in other parts in the Internet as well.

Interesting article:…

Also + == Cool graphs!

Troubleshooting Network issues
Netalyzer –…
Measurementlab –…

Free Fonts for Commercial Use

Posted by & filed under Uncategorized.

Free fonts have met their match. We know how hard it is to find quality freeware that is licensed for commercial work. We’ve done the hard work, hand-selecting these typefaces and presenting them in an easy-to-use format.

HTML5 Boilerplate Template

Posted by & filed under Programming, Web Development.

HTML5 Boilerplate is the professional badass’s base HTML/CSS/JS template for a fast, robust and future-proof site.

After more than two years in iterative development, you get the best of the best practices baked in: cross-browser normalization, performance optimizations, even optional features like cross-domain Ajax and Flash. A starter apache .htaccess config file hooks you the eff up with caching rules and preps your site to serve HTML5 video, use @font-face, and get your gzip zipple on.

Boilerplate is not a framework, nor does it prescribe any philosophy of development, it’s just got some tricks to get your project off the ground quickly and right-footed.