Automatically creating reverse DNS PTR from an IPv6 zone file

If you are like me, you don’t want to create the PTR by hand. I saw several articles online, but nothing remotely good (http://strugglers.net/~andy/blog/2012/11/29/converting-an-ipv6-address-to-its-reverse-zone-in-perl/ is recreating Net::IP)

So I created a perl script where you just update the domain name and the IPv6 prefix

#!/usr/bin/perl

# Copyright (c) Guylhem http://guylhem.net, 2014

use Data::Dumper;

use warnings;

use strict;

use Net::IP;

my $domain = “.yourdomain.com”;

my $prefix = “2001:470:8:1000”;

my $subnet = “/64”;

my @slaves = (“ns2.whatever.net”, “ns3.whatever.net”, “ns4.whatever.net”, “ns5.whatever.net”);

unless ( scalar @ARGV == 1 ) {

    die “Usage:\n\t$0 named-zone.txt\n”;

}

my $zone_file = $ARGV[0];

open( ZONE_FD, “<$zone_file” ) or die( “Can’t read zone file ” . $zone_file . ” !\n”

 );

my @records;

while (my $line = <ZONE_FD>) {

    chomp $line;

    if ($line =~ /AAAA/) {

     if ($line =~ /$prefix/) {

      (my $name = $line) =~ s/(\s+|\t+).*//;

      (my $host = $name) =~ s/.*.//;

      my $fqdn = $host . $domain;

      (my $aaaa = $line) =~ s/.*$prefix/$prefix/;

      my $ip = new Net::IP($aaaa) or die (Net::IP::Error());

      my $raaa=$ip->reverse_ip();

      my @new = ($fqdn . “.”, $raaa);

      push (@records, \@new);

     } #fi

    } #fi

} #while

close (ZONE_FD);

my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime();

$year += 1900;

my $month = sprintf(“%02d”, $mon);

my $day = sprintf(“%02d”, $mday);

# number of seconds / 86400 = maximum 1000 at midnight.

my $stamp = 3600*$hour + 60*$min;

# Alternative: add warning about not running that at midgnigh

if ($stamp == 86400) { $stamp=86399 };

# We keep 3 numbers of the ratio

my $relstamp = sprintf(“%03d”, 1000*($stamp/(24*3600)));

my $prefixip = new Net::IP($prefix . “::” . $subnet) or die (Net::IP::Error());

my $rprefix = $prefixip->reverse_ip();

print $rprefix . “\t86400\tIN\tSOA\tns1$domain. hostmaster$domain. (\n”;

print “\t\t\t\t” . $year . $month . $day . $relstamp . “\t;serial\n”;

print “\t\t\t\t10800\t;systematic refresh 3h

\t\t\t\t1800\t;retry on refresh fail 30 min

\t\t\t\t604800\t;expire on secondary 1 week

\t\t\t\t86400 )\t;minimum TTL 1 day\n”;

print “$rprefix\t86400\tIN\tNS\tns1$domain.\n”;

foreach my $slave (@slaves) {

     print “$rprefix\t86400\tIN\tNS\t$slave.\n”;

}

foreach my $record (@records) {

     print @$record[1] . “\t86400\tIN\tPTR\t@$record[0]\n”;

}

To run that automatically when there is a change, add to your crontab:

#!/bin/bash

DATE=$(date -u +”%Y-%m-%d-%H_%M_%S”)

/etc/named/createptr.pl /etc/named/db.yourdomain.com | uniq > /etc/named/db.2001_470_8_1000.new

grep PTR /etc/named/db.2001_470_8_1000 > /tmp/$DATE-db.2001_470_8_1000

grep PTR /etc/named/db.2001_470_8_1000.new > /tmp/$DATE-db.2001_470_8_1000.new

if ! cmp /tmp/$DATE-db.2001_470_8_1000 /tmp/$DATE-db.2001_470_8_1000.new >/dev/null 2>&1

then

  mv /etc/named/db.2001_470_8_1000.new /etc/named/db.2001_470_8_1000

  /usr/sbin/rndc reload

else

  rm /etc/named/db.2001_470_8_1000.new

fi

rm /tmp/$DATE-db.2001_470_8_1000.new

rm /tmp/$DATE-db.2001_470_8_1000

OSX removing IPv6 addresses from openvpn

Recently, I tried to set up Viscosity.app to do VPN, and found one interesting bug : the interface is configured with IPv4 and IPv6 addresses, but a few seconds later OSX removes the IPv6 addresses!

Apparently, this is a long know bug, with the first references being in 2004 (10 years ago!!) on the archive.org copy of afp548.com in  https://web.archive.org/web/20050316003941/http://www.afp548.com/article.php?story=20041015131913324 :

"There is another agent, however, that drives Unix admins into fits. The Kernel Event Monitor (KEM) waits for kernel events that tell it that an interface has gone down. When this happens it informs configd which interface has gone down. Configd then re-reads its config from the preference.plist file and sends out the new settings to the configuration agents which make sure the interfaces are configured they way they should be. This then triggers the IPMA which redoes the routing table according to the new information.


And that is what trips up the admins. They use their traditional methods of configuring an interface and use ifconfig to make it so. This works great. Until, for whatever reason, the KEM tells Configd things have changed. Configd then reverts everything back to whatever is held in the preference.plist file. This cheeses Unix admins off.”

Indeed, that’s a problem - especially since there’s nothing in preference.plist to fix.

There is no know workaround either (cf http://apple.stackexchange.com/questions/98467/preventing-osx-from-removing-ipv6-from-a-tap-interface suggestion to use “ipconfig set tapN AUTOMATIC-V6” that does not work)

While I was still investigating, I was suggested the following by Viscosity support :

I’d recommend turning off Viscosity’s “Accept IPv6 Router Advertisements” option if it is on (under Preferences->Advanced). If this option is on it’s probable Mac OS X is trying to configure IPv6 on the tap adapter itself and overriding any OpenVPN settings. Mac OS X/configd will not attempt to do automatic IPv6 configuration on a layer-3 (TUN) adapter.

Another thing to try is to turn off DNS support for the connection (under the Networking tab when editing the connection). Obviously  in most cases this is less than ideal, but if it solves the issue it may help identify where the problem lies.

I’d also recommend adding a small “route-delay” to the connection, as occasionally OpenVPN may attempt to configure a TAP interface before it is ready. You can do this by adding the command “route-delay 10” (without quotes) under the Advanced tab for your connection.

Finally, as a work-around, you can try enabling IPv6 router advertisements on the router of your remote VPN network and allow the TAP interface to auto-configure itself rather than have OpenVPN manually attempt to do so.

Of course, nothing of that works, the 2nd was already turned off, and the 3rd only delays the routes.

The first doesn’t do anything, because the problem is due to the interface itself.

If when tap0 appears you try to do a ifconfig, you will see the correct IPv6 addresses, which are then removed by configd and its minions.

The statement “Mac OS X/configd will not attempt to do automatic IPv6 configuration on a layer-3 (TUN) adapter” is wrong.

I could ascertain that when I tried tun mode : apparently the interface type is set differently in the tun driver, which causes arp_client_init to fail and configd to stop trying to remove the ipv6 address. In syslog:

2014-07-11 3:30:05.240 PM configd[18]: arp_client_init(tun0): unsupported network type
2014-07-11 3:30:05.240 PM configd[18]: MANUAL tun0: arp_client_init failed
2014-07-11 3:30:05.244 PM configd[18]: IPConfiguration: failed to start link-local service on tun0, invalid operation

Look at http://sourceforge.net/p/tuntaposx/code/ci/master/tree/tuntap/src/tap/tap.cc line 100 :

this->family_name = TAP_FAMILY_NAME;
this->family = IFNET_FAMILY_ETHERNET;
this->type = IFT_ETHER

Now look at http://sourceforge.net/p/tuntaposx/code/ci/master/tree/tuntap/src/tun/tun.cc line 55:

this->family_name = TUN_FAMILY_NAME;
this->family = IFNET_FAMILY_TUN;
this->type = IFT_OTHER;

It’s not that OSX won’t attempt to do automatic IPv6 configuration on a layer-3 (TUN) adapter - it will try, but fail, and therefore give up.

The real fix would be to pass the tap address to OSX configuration layer to prevent it from removing it, which is almost impossible, since in “networksetup” command line tool the tap0 interface is not considered as “hardware” - and therefore the information can’t be stored.

There might be a possibility with “scutil”, if the tap0 entry can be populated when tap0 is up and before configd decides to remove things, but it would require passing some commands with the right timing, which can only be done by inspecting viscosity source code, which I don’t have.

tunnelblick had the exact same problem (http://code.google.com/p/tunnelblick/issues/detail?id=116) and had to resort to tricks, so I also used a dirty trick : an applescript that runs when the interface is up that’s basically reading the correct ip and route from the syslog and restores them.

— add to /etc/sudoers:

— yourusername ALL=(ALL) NOPASSWD: /sbin/ifconfig

— yourusername ALL=(ALL) NOPASSWD: /sbin/route

set ifconfig to do shell script “grep `pgrep openvpn` /var/log/system.log | grep ifconfig |grep inet6 |sed -e ‘s/.*\/sbin/\/sbin/g’ -e ‘s/^/sudo /g’”

set route to do shell script “grep `pgrep openvpn` /var/log/system.log|grep route |grep \/56 |sed -e ‘s/.*(/route add -inet6 /g’ -e ‘s/->.*)//g’ -e ‘s/dev/-interface/g’ -e ‘s/^/sudo /g’”

do shell script ifconfig

do shell script route

Ugly.

Viscosity, please run some scutil command as soon as tap0 comes up.

IPv6 tunnel on OSX while travelling


I need IPv6. I have it at home - not when I travel.

Let’s look at several different options, depending on how “cooperative” the ISP you are using is:

A) Tunnelbroker, from http://dice.neko-san.net/2012/02/creating-a-6in4-router-using-mac-os-x-10-7/

If you can be pinged on the IPv4 address and are behind a router that passes on protocol-41, then configure this IPV4 in your tunnelbroker account and do:

sysctl -w net.inet6.ip6.forwarding=1
ifconfig gif0 tunnel LOCALIPV4ADDRESS TUNNELIPV4ENDPOINT
ifconfig gif0 inet6 TUNNELCLIENTIPV6ADDRESS TUNNELSERVERIPV6ADDRESS prefixlen 128
route -n add -inet6 default TUNNELSERVERIPV6ADDRESS
ifconfig en0 inet6 LOCALIPV6ADDRESS prefixlen 64

For example, with:
Tunnel info from HE:
Server IPv4 Address: 216.66.80.26
Server IPv6 Address: 2001:470:1f08:f23a::1/64
Client IPv6 Address: 2001:470:1f08:f23a::2/64

Local IPv4 router address: 10.233.0.8
Local IPv6 /48 network assigned by HE: 2001:470:f23f::/48

Then do:
ifconfig gif0 tunnel 10.233.0.8 216.66.80.26
ifconfig gif0 inet6 2001:470:1f08:f23a::2 2001:470:1f08:f23a::1 prefixlen 128
route -n add -inet6 default 2001:470:1f08:f23a::1
ifconfig en0 inet6 2001:470:f23f::3e07:54ff:fe10:b870 prefixlen 64

If you want to pass IPv6 information to other systems, use rtadvd.

If you want to update the dynamic IPv4, use wget or curl with http://ipv4.tunnelbroker.net/ipv4_end.php

If your IPv4 changes, i.e. if you are assigned a dynamic IPv4 by your ISP instead of a static one, just create a simple script and do as before:

# Instead of using your username as $USER, get the userid on top of the page
HEUSER=fb3f06c821388858cafe95cea2489533
HEPASS=420cc447758fe38e9df69a3a17c77c22
HETUNNEL=123456
NEW_IP=`curl -s “http://www.networksecuritytoolkit.org/nst/cgi-bin/ip.cgi”`
# curl https://$USER:$HEPASS@tunnelbroker.net/nic/update?hostname=$HETUNNEL&myip=$NEW_IP
curl -k -s “https://ipv4.tunnelbroker.net/ipv4_end.php?ip=$NEW_IP&pass=$HEPASS&apikey=$HEUSER&tid=$HETUNNEL”

The password can be a tunnel specific password set in the advanced tab.

B) If you can’t use tunnelbroker, because you can’t be pinged, or if proto 41 is filtered

Some ISP filter ICMP ping. Apple time capsule is famous to only allow ICMP ping on its public IP if “Enable default host” in NAT is an existing IP address that does respond to ping

If you’re in that situation, or if proto 41 is filtered, you are out out luck. There are others thing, like teredo, but chances are they will also be blocked - and they’re not that good to begging with!

Your best bet may be to use freenet6 or aiccu/sixxs.net. Creating a login on sixxs.net is too complicated and too long, so I suggest you use freenet6 instead - your login will be working within minutes, and if you don’t want to spend a minute doing that, there’s also an anonymous mode (!!)

NB: In case of “Operation not permitted”, during your ping6 tests check the firewall :
sudo ip6fw show
65535 0 0 allow ipv6 from any to any

Compiling nginx with ipv6 support

If you try to recompile nginx, even if you say —with-ipv6, it might fail to add IPv6 code.

Even worse - nginx -V will report the —with-ipv6 compilation flag, while if you check the build process you will see : “AF_INET6 not found”

It happened to me when I tried to compile with Werror, which treated warning as errors even during the ./configure!

Solution : CFLAGS=”-O2” ./configure …

Installing Mathematica to the raspberry pi with GPG package check

Installing Mathematica to the raspberry pi gives GPG errors

root@raspberry:~# cat /etc/apt/sources.list
(…)
# Wolfram Research, Inc. APT Repository (for WolframEngine)
deb http://repository.wolfram.com/raspbian/ stable non-free

So when you run:

apt-get update ; apt-get upgrade

You get the following problem:

W: GPG error: http://repository.wolfram.com stable Release: The following signatures couldn’t be verified because the public key is not available: NO_PUBKEY 574FA74E5CBB4222

The solution is to run:

apt-key adv —keyserver http://repository.wolfram.com/raspbian/raspbian@wolfram.com.gpg.pub-key —recv-keys 574FA74E5CBB4222

Before you install Mathematica with:

sudo apt-get install wolfram-engine mathematica-fonts

Source: http://www.raspberrypi.org/forums/viewtopic.php?f=66&t=74700

Running qemu with tap0 and nat under OSX 10.9 Maverick

Running qemu with full network access for the virtual host under OSX can be a problem - especially under Maverick

For example see http://superuser.com/questions/596095/how-do-i-bridge-a-connection-from-wi-fi-to-tap-on-mac-os-x-for-the-emulator-qe

The proper way to do it is :

1) Install qemu from rudix on https://code.google.com/p/rudix/downloads/detail?name=qemu-1.6.0-1.pkg

2) Get TunnelBlick 3.4beta26 from https://code.google.com/p/tunnelblick/wiki/DownloadsEntry?tm=2#Tunnelblick_Beta_Release

3) Install the tap and tun kext contained in tunnelblick beta by mounting the dmg then:

cd /Volumes/Tunnelblick/Tunnelblick.app/Contents/Resources

cp -r tap* tun* /Library/Extensions

4) (make sure to remove the old modules as explained on http://tuntaposx.sourceforge.net/faq.xhtml : not just kextunload but rm -fr them, a reboot might be necessary if the latter doesn’t work)

5) As root, configure the proper tap link and up/down scripts :

ln -sf /dev/tap0 /dev/tap

echo “#!/bin/bash

sysctl -w net.inet.ip.forwarding=1

sysctl -w net.link.ether.inet.proxyall=1

sysctl -w net.inet.ip.fw.enable=1

ifconfig bridge0 create

ifconfig bridge0 addm en0 addm tap0

ifconfig bridge0 up

natd -interface en0

ipfw add divert natd ip from any to any via en0

" > /etc/qemu-ifup

chmod +x /etc/qemu-ifup

echo “#!/bin/bash

#ipfw del 00100

ipfw del `ipfw list | grep “ip from any to any via en0”|sed -e ‘s/ .*//g’`

killall -9 natd

sysctl -w net.inet.ip.forwarding=0

sysctl -w net.link.ether.inet.proxyall=0

sysctl -w net.inet.ip.fw.enable=1

ifconfig bridge0 deletem en0 deletem tap0

ifconfig bridge0 down

ifconfig bridge0 destroy” > /etc/qemu-ifdown

6) start qemu, for example with a raspberry image (after commenting out the first line of /etc/ld.preload.conf:

qemu-system-arm -kernel kernel-qemu -cpu arm1176 -m 256 -M versatilepb -no-reboot -serial stdio -append “root=/dev/sda2 panic=1 rootfstype=ext4 rw” -hda /dev/disk2 -net nic -net tap,ifname=tap0

7) set up the proper ip on OSX :

ifconfig tap0 10.0.0.2

8) finally, set up the default route in the host vm:

ifconfig eth0 10.0.0.3

route add default gw 10.0.0.2


The above requires that en0 is your outgoing interface (ex: my wifi card on a macbook air)  - obviously you can adapt that to other scenarios.

Compiling libsureelec examples on OSX

install rudix’s autoconf, automake and libtool, then after running the autogen.sh (configure, make etc) type:

cd examples

gcc -Wall -I../ -o sureelec_test2 sureelec_test2.c ../.libs/libsureelec.dylib -lreadline

EFI boot on a MacPro 3.1

Apparently it is possible to boot Windows 7 and Windows 8 in pure EFI ( http://forums.macrumors.com/showthread.php?t=696523&page=19 ) even if Windows 8 makes it even easier ( http://blog.thedeltaflyer.com/2013/01/dual-booting-windows-8-and-mountain-lion-natively-using-efi/ )

All I want is a motion-interpolation video player, such as SVP (http://www.svp-team.com/) - and there is none under OSX.

If I can’t get good performances with a VM, maybe I’ll add a dual boot !

Changing the color of icons from OSX Terminall

And the answer is :


sudo xattr -wx com.apple.FinderInfo 0000000000000000000C00000000000000000000000000000000000000000000 the-file-you-want-to-turn-red

red: C
orange: F
yellow: B
green: 5
blue: 9
violett: 7
grey: 3

To clear the label again, either use 0 as a value or run sudo xattr -d com.apple.FinderInfo /Applications/Utilities.

As mentionned on http://apple.stackexchange.com/questions/55838/how-to-set-label-color-for-utilities-folder-in-lion

Caution: This will wipe out any other FinderInfo value there might be set for the target file/directory already. For the Utilities folder this shouldn’t be an issue but it might for others.

 

Adding custom mp3 ringtones, alarms and notifications to my Android Nexus

It will be a long process, so let’s take for granted that you have the mp3 file you want, and that it is already less than 30 seconds long.

First, unless you want it to play only once, you need to convert it to OGG (try http://www.online-convert.com/) and add the following tags : ANDROID_LOOP (set that to true) and TITLE (set that to the ringtone name). A good app for that is Tag.app for OSX.

Then you need to move the resulting OGG file to the sdcard in Ringtones/ (alternatively, some people suggest using media/audio/ringtones along with media/audio/alarms and media/audio/notifications)

After that, several people mentioned you need to reboot (or run some ScanMedia app such as com.dcd.scanmedia to update the database), but on my nexus that does not work.

Everytime I add some new file, I have to clear Media Storage app data, then update the database, then reboot (again), unless I want to loose your default ringtones as reported on http://forum.xda-developers.com/showthread.php?t=2244198

It seems to me like a bug, since I had to do that for the ringtone first, then the alarm, then the notifications - updating the database and rebooting without clearing Media Storage app data did *NOT* work.

Anyway, you may finally enjoy your mp3 tune. Not exactly quick or user-friendly, but it works.