The Imaginary Part

Tracking ipv4/ipv6 usage

February 8, 2010 – 16:29

I discovered earlier today that through my trial ipv6 access I am using mostly ipv6 to access Google services. This made me wonder: just how much of my home network's communication with the outside world is through ipv6 compared with ipv4?

I don't have any results yet, but this is how I'm measuring it using Debian Linux.

Network traffic in the Linux kernel is managed through the tool iptables. Conveniently there are completely separate tables for ipv4 and ipv6 so I don't have to do anything to separate those. There are several chains which packets traverse depending on where they came from, where they're going and whether or not they're being routed on behalf another computer.

The chains of interest are INPUT, FORWARD and OUTPUT on the default table. INPUT receives all packets destined for this particular computer, FORWARD receives all packets which are being ferried on behalf of other computers (in my case, sharing Internet access with NAT) and OUTPUT receives all packets being sent from this particular computer, not on behalf of anyone else. By default all of these will simply allow the packets to pass unmolested.

What I've done is create four custom chains: ipv4_input_ppp0, ipv4_forward_in, ipv4_forward_out and ipv4_output_ppp0. They don't actually do anything, which permits the packets to continue onward, but iptables will keep track of how much traffic travels through each rule, both as a number of packets and in bytes.

Here is some output from "iptables -x -n -v -L" with these chains set up:

Chain INPUT (policy ACCEPT 617 packets, 92499 bytes) pkts bytes target prot opt in out source destination 41 5511 ipv4_input_ppp0 all -- ppp0 * 0.0.0.0/0 0.0.0.0/0

Chain FORWARD (policy ACCEPT 46173 packets, 28090499 bytes) pkts bytes target prot opt in out source destination 21742 10919366 ipv4_forward_out all -- * ppp0 0.0.0.0/0 0.0.0.0/0 24431 17171133 ipv4_forward_in all -- * eth0 0.0.0.0/0 0.0.0.0/0

Chain OUTPUT (policy ACCEPT 487 packets, 113453 bytes) pkts bytes target prot opt in out source destination 61 4783 ipv4_output_ppp0 all -- * ppp0 0.0.0.0/0 0.0.0.0/0

The rules are set up to use iptables' built in filtering capability. The ipv4_input_ppp0 rule will only collect packets which have an "in" interface of "ppp0". This means that packets from me sshing to my router from my LAN will not be counted. ipv4_output_ppp0 is handled the same way.

Similarly the destination interface is used to differentiate between incoming and outgoing traffic which is being forwarded by my router doing its router job, leading to counts in ipv4_forward_in and ipv4_forward_out.

This means we have direct byte counts which we can pull out of iptables and add together to get total incoming and outgoing ipv4 traffic. To make the information easier to process the counts can be zeroed at any time by running "iptables -Z".

The ipv6 setup is exactly the same except you use the tool ip6tables instead.

Here's my configuration for datalogging. I use the following in my firewall script which is run on boot to set up the chains and rules:

iptables -F iptables -X

iptables -N ipv4_input_ppp0 iptables -N ipv4_forward_in iptables -N ipv4_forward_out iptables -N ipv4_output_ppp0

iptables -A INPUT -i ppp0 -j ipv4_input_ppp0 iptables -A FORWARD -o ppp0 -j ipv4_forward_out iptables -A FORWARD -o eth0 -j ipv4_forward_in iptables -A OUTPUT -o ppp0 -j ipv4_output_ppp0

iptables -Z

ip6tables -F ip6tables -X

ip6tables -N ipv6_input_ppp0 ip6tables -N ipv6_forward_out ip6tables -N ipv6_forward_in ip6tables -N ipv6_output_ppp0

ip6tables -A INPUT -i ppp0 -j ipv6_input_ppp0 ip6tables -A FORWARD -o eth0 -j ipv6_forward_in ip6tables -A FORWARD -o ppp0 -j ipv6_forward_out ip6tables -A OUTPUT -o ppp0 -j ipv6_output_ppp0

ip6tables -Z

Then I run this script every day at midnight from root's crontab:

#!/bin/bash

iptables -Z

ip6tables -Z

ipv4_in=`echo "$ipv4_input_ppp0 + $ipv4_forward_in" | bc` ipv4_out=`echo "$ipv4_forward_out + $ipv4_output_ppp0" | bc` ipv6_in=`echo "$ipv6_input_ppp0 + $ipv6_forward_in" | bc` ipv6_out=`echo "$ipv6_forward_out + $ipv6_output_ppp0" | bc`

echo "$ipv4_in $ipv4_out $ipv6_in $ipv6_out" >> /var/log/traffic/ip

By TK | Posted in Posts | Tagged ipv6, linux | Comments (0)

Effective Anti-Filter Protest

December 23, 2009 – 22:20

Currently the protest against Senator Conroy's Internet filter is happening in a vacuum. This vacuum is occupied by thousands upon thousands of outraged Internet-savvy computer users. Unfortunately these people constitute only a small percentage of the overall voting population of Australia, and not all of them are prepared to vote based only on an Internet filtering policy. Where I live, the newspaper does not even cover the Internet filtering as a news item.

It has been shown clearly that appealing directly to the politicians responsible for the poor policy is not effective. We need to engage more with the general public, not only to raise awareness, but to make them realise how the filter could potentially affect them and show how futile it ultimately will be.

Enough Twitter. More Facebook? More real life, person-to-person interaction about this issue. "Hey, did you hear about that Internet filter? Dumb idea, huh? Hah, no, it won't help block child pornography..." You get the idea.

Protestors have succumbed to another problem -- factual inaccuracy. Nothing kills you faster in politics. In this article which Stephen Conroy wrote for Crikey he correctly blasts inaccurate reporting.

Keep up, people, we're no longer facing a heuristic filter which will cause massive slowdowns. Yes, the blacklist filter has only been trialed against 8 Mbit/s instead of 100 Mbit/s fibre, but pattern matching against 10000 URLs is not a large technological hurdle. ISPs can and will do that quickly in order to retain their competitive low-latency advantage.

It took them a couple of days, but nocleanfeed.com have updated their information page to reflect the most recent announcements, so that should be a good source of information. Furthermore, to encourage my own less technical friends to understand the issue I have developed my own more concise guide, The Australian Internet Filter And You, which I hope to use convince people that this filter is a bad idea. Please let me know if there are any factual errors in it; I would like to keep it up-to-date for as long as is required for this debate.

Go forth and spread the word amongst the people who wouldn't normally care! Goodness knows the media isn't doing it for us.

By TK | Posted in Posts | Tagged internet, it, nocleanfeed | Comments (0)

Twitter vs Me

December 9, 2009 – 22:13

Twitter has hated me for the last few days. I was getting consistent errors about exceeding my API rate limit when I haven't even been running any clients. Just in case I changed my password and now I'm getting inconsistent errors telling me that my account has been locked from excessive bad logins. Again, not running any clients.

Either I've recently become a Twitter celebrity without becoming aware of it and somebody somewhere is trying to crack my account, or Twitter hates me. Yeah, I'm going with the hate option. Never assume malice where stupidity will suffice.

So what's my response to all this? Shall I jump up and down and complain that the (free) Twitter service is not working and that I desperately need my constant intravenous flow of tweets to operate? It doesn't sound particularly elegant. Shall I make a declaration that Twitter fails in general and ragequit and try to delete my account? Tempting, but not incredibly rational or practical.

Instead, ironically, I've announced on Facebook that I won't be reading Twitter for a while. And that gives me a little bit of leeway to experiment. For Twitter has become a reasonably large time sink.

When you first deal with Twitter it's easy to fall into a naïve mindset that to prevent your list of tweets being full of crud you don't care about you just have to be careful who you follow. Unfortunately the reality is that perfectly nice and normal people, such as my friends and me, when given an environment like Twitter will fill it with all kinds of garbage. Alongside all the useful stuff you actually care about hearing from your friends. The signal to noise ratio is just bad because community expectations for usefulness of tweet content are not high.

The concept of flirting with the idea of not using Twitter for a while seems a little strange given that we all got along perfectly fine without it. All the same, it forms an inlet and an outlet in your brain which were nowhere near as active before -- an inlet for "I wonder what's been happening in my friends' lives lately" and an outlet for "heh, I just found/thought this thing which is kind of cool/annoying/I feel like sharing".

Previously those outlets had less opportunity to be exercised but they were invigorated by Twitter. When you stop using the service the outlets remain for a while. When I first started having difficulty with my API rate limiting my first desire was to post about it on Twitter. It gets into your BRAIN.

In hindsight I think those outlets were doing just fine before. I shouldn't have to think about what my friends -- or at least those connected to the Internet all day -- are doing at every hour, and I certainly shouldn't be sharing my random thoughts at a rate of several per day. Because they just ain't that good. If there's one thing the Internet is good at, it's showing you just how unoriginal you truly are.

Heck, I haven't even been reading Twitter properly lately. There's just too much crud. I'd never get anything done if I was notified every time a new tweet comes in, and it's something like a chore to read through the backlog a couple of times a day. It's not that the tweets aren't relevant to me or even that they aren't interesting -- they just aren't relevant or interesting enough. We have to draw a line, folks.

So is the correct response to not read Twitter at all? Beats me, but the Twitter website's failure to let me log in seems as good a reason as any to find out. I could go and play with identi.ca but I'd probably end up in a similar problem one day.

I just don't like micro-blogging in principle. I like using big words when they mean precisely what I want to express. The amount of time it takes me to fit what I want to say into 140 characters is significant, as is the amount of semantic intent I have to lose in the process.

Yet Twitter is fun. But it's not, lately. And now it's not working for me. So it can bugger off for a while.

Did I mention I like email? I like getting email from real people. Also phone calls. Just not at 4:20AM like the most recent phone call I got, please.

By TK | Posted in Posts | Tagged social networking, twitter | Comments (1)

SLIP and slattach

November 19, 2009 – 15:11

After some experimenting I've managed to get a semi-permanent 115kb/s SLIP connection between my main Debian server and a 486 running BSD. By semi-permanent, I mean as soon as there's a power cycle I'm going to have to run out with a laptop with DHCP server, a crossover cable and some patience to make it work again.

Here's a bit of odd behaviour from the BSD machine shown from /var/log/messages:

Nov 20 03:08:33 cogline slattach[644]: SIGHUP on /dev/ttyd0 (sl-1); exiting

This occurs when I run slattach -s 115200 /dev/ttyd0 with nothing attached to the port, or when the other computer is connected and has been running slattach for "a while" (a minute or two?). Debian slattach has no difficulty running with the serial port in any condition, and if it's started reasonably soon before the BSD slattach, everything is fine.

Unfortunately this kind of problem makes it difficult to set up computers that will automatically negotiate a SLIP connection when they first turn on. I configured the BSD system to run slattach and the required ifconfig command on boot and it never works.

Normally SIGHUP is used to indicate that the carrier has dropped and a redial is necessary. The BSD slattach code reveals that the above message is simply what the SIGHUP handler does when no redial command is set, presumably before the interface has finished initialising because the "unit" is still "sl-1" instead of "sl0". I'm using a null modem cable so it makes sense that the carrier will go down when nothing is attached, but that doesn't explain the failure when both are running for a while.

Curious. Stay tuned, I might learn something.

By TK | Posted in Posts | Tagged bsd, linux, networking, slip | Comments (0)

Native PPP IPv6 in Debian

November 10, 2009 – 22:59

My ISP has been doing a lot of work in the IPv6 department recently and amongst all their IPv6 offerings they have just started a trial for ADSL customers to run a dual IPv4/IPv6 PPP connection. They also run a broker to provide an IPv6 tunnel over IPv4, but this native solution is much neater.

Here's how I've set it up on my home Debian server so that it will provide IPv6 addresses to my home network:

Add +ipv6 to /etc/ppp/peers/dsl-provider
I had to change the username in dsl-provider and in /etc/ppp/chap-secrets to use a different hostname, as this is how Internode knows you want to connect to the IPv6 trial server.
Start the DSL connection with "pon dsl-provider", resulting in a connection ppp0 which has both an IPv4 internet address, and a local fe80:: IPv6 address
Ensure eth0 has a local IPv6 address too, using ifconfig. I was messing about and lost it, and got it back by resetting with ifdown eth0; ifup eth0
Now to get a real IPv6 prefix you need an IPv6 DHCP client. At Internode's suggestion I installed the WIDE client (package wide-dhcpv6-client in Debian). The given working configuration for a PPP connection ppp0 and local ethernet connection eth0 is placed in /etc/wide-dhcpv6/dhcp6c.conf as follows:
interface ppp0 { send ia-pd 0; script "/etc/wide-dhcpv6/dhcp6c-script"; };id-assoc pd { prefix-interface eth0 { sla-id 0; sla-len 4; }; };
When you install the WIDE DHCPv6 client it starts automatically, with an non-useful config. Restart it with invoke-rc.d wide-dhcpv6-client restart. Hopefully now an "ifconfig" will show that you have successfully attached a 2001:: prefix address to your eth0 interface.
Add a default route -- this doesn't happen automatically. Run the command:
route --inet6 add default dev ppp0
This will add a default route through the gateway on your PPP connection.
At this point there is working IPv6 connectivity on the local machine. It can be tested with "ping6 ipv6.google.com":
# ping6 ipv6.google.com PING ipv6.google.com(tx-in-x68.1e100.net) 56 data bytes 64 bytes from tx-in-x68.1e100.net: icmp_seq=1 ttl=56 time=171 ms 64 bytes from tx-in-x68.1e100.net: icmp_seq=2 ttl=56 time=172 ms
To set up advertising of addresses and routing I referred to Martin Krafft's excellent IPv6 with Debian documentation. In summary, the configuration I had to do was to set /proc/sys/net/ipv6/conf/all/forwarding to 1, which can be made permanent by setting it in /etc/sysctl.conf, and to set up radvd.
radvd (which is also the name of the package) will provide IPv6 addresses from the allocated /64 prefix to hosts on the local network. Install the package. I set my /etc/radvd.conf to the following, which uses the prefix I was allocated, as found from ifconfig:
interface eth0 { AdvSendAdvert on; AdvLinkMTU 1280; prefix 2001:44b8:7c90:be0::/64 { AdvOnLink on; AdvAutonomous on; }; };
Now other machines with IPv6 support which are connected via the eth0 interface should be allocated an address and will be able to access the IPv6 Internet too.

I have a fun ISP who gives me toys to play with. :)

By TK | Posted in Posts | Tagged debian, ipv6, linux | Comments (0)

More Pun Theory

October 30, 2009 – 20:52

I have a hypothesis regarding the comparison of the ability of punning folk.

Amongst those who pun actively, everybody is able to produce bad puns to a similar level of ability. It becomes instinctive enough to search for puns that you can come up with poor (often self-referential) puns virtually on demand.

This means that if you are to compare two people by how bad their puns are, the only observable criterion is the point of equilibrium each person chooses between high frequency of jokes and having any friends. The people who seem to not say the bad puns are just restraining themselves more effectively.

Truly good puns do require some level of skill in my opinion. Unfortunately I don't think of them very often.

By TK | Posted in Posts | Tagged puns, science | Comments (2)

Function Plotting in Inkscape

September 29, 2009 – 13:11

Today I found myself needing to draw both a sine wave and a triangle wave accurately for a diagram in Inkscape. It turns out that all the required functionality is included, but you have to do a little work yourself. Here are my findings...

The tool is called Function Plotter and can be found under Effects | Render | Function Plotter...

Sine Wave

The sinusoid is easy to do.

Draw a rectangle with the rectangle tool, select it, then open the Function Plotter.
Check the "Multiply x-range by 2*pi" box so the end x-value represents how many periods you want.
Adjust the y values of the top and bottom of your rectangle---if your sine wave has a peak value of 1 and you want it to take up the whole box, use +/- 1 here.
Make sure that "use polar coordinates" is unchecked.
Choose enough sample points to get a good looking sine wave. It evaluates your function at various points and makes an interpolating path. In this case I got a reasonable looking sine-wave with only 8 samples.
Put "sin(x)" into the Function area and click Apply.

Your rectangle will turn into a sine wave, like this:

Triangle Wave

You can't make a triangle wave directly, but it can be built up from simpler functions.

Draw a rectangle which will contain the triangle wave.
Set the end x-value to the total number of peaks you want.
Set the bottom y-value to 0.0 and the top y-value to 1.0.
Choose a large-ish number of samples. You'll probably want at least 25 per peak. This is necessary to get tight corners on your triangle wave because Inkscape tries to smooth out lines between your points.
Make sure that both the "multiply by 2*pi" and "use polar coordinates" options are unchecked.
Put "-2*fabs(fmod(x,1)-0.5)+1" into the Function area and click Apply.

Your rectangle will become a triangle wave like this one:

Conclusion

Inkscape's function plotter is very powerful for drawing paths conforming to shapes which you can define mathematically. The "Functions" tab in the Function Plotter gives a list of the available functions. Have a play with it.

By TK | Posted in Posts | Tagged inkscape, maths | Comments (0)

Now I’m Cool Again

September 27, 2009 – 22:47

So I bought a new mobile phone. The few months I spent without one have been excellent. For the first time since I first got a phone back in 2004 my electronic communications have been entirely on my terms. It is satisfying to know that you can go about your business doing exactly what you want, knowing that your email inbox and IRC logs are happily collecting everybody's calls for your attention for you to peruse in your own time.

As nice as independence from pestering is, I'm fully aware that phones are useful things so I'm back on the bandwagon. I wrote some time ago (while my old phone was still working) about why I didn't want an Apple iPhone, back when they were the revolutionary new toy and the cool widget to get. The same reasons hold true today---it's expensive, the contracts expect fairly extensive use, the phone comes locked and needs jailbreaking to do interesting things, you can only install applications from their sanctioned App Store, you can only run one app at a time, and there's the pervading sense that for things to work smoothly you ought to be using other Apple products too.

I bought a Nokia E63. It is the new baby brother to the E71, coming in a thicker plastic case instead of metal and lacking a GPS. I bought it for $AU320 delivered from eBay and it's working a treat.

Clearly it has a fairly small screen for modern so-called "smartphones", and with all those buttons it doesn't have a touch screen. If you're thinking that this makes it not very useful for web browsing, you'd be right.

I like it anyway, because these are the reasons I chose this model:

QWERTY keyboard! Hell yes! It was only a matter of time before I had an aneurysm from trying to write SMSes with a numeric keypad. The physical keys feel nice and have a nice response too.
Great battery life
Easy to buy it not locked to any phone company
Installs apps from anywhere by URL, and runs several at the same time
It's very happy to talk to my IMAPS mail server
Lots of free software available for Symbian S60, its operating system
Reasonable price
Favourable reviews on the 'net
Played with one belonging to a friend, who also thought it was pretty good

Things like playing MP3s, web browsing, taking pictures on the built-in camera or using GPS software are not features that interest me in a phone. It's a good thing too, because this phone is not exceptional for any of those.

The thing I'm happy about here is that I actually took the time to evaluate my own values and needs before buying one of these fancy new phones. I highly recommend doing that.

If you want to you can contact me by phone or SMS again. I still reserve the right to ignore it for indeterminate periods of time if I feel like it though.

By TK | Posted in Posts | Tagged iphone, nokia, phone | Comments (0)

Starcraft II, LANs and FOSS

August 24, 2009 – 20:18

By now it's common knowledge amongst Starcraft fans awaiting the release of Starcraft II that offline LAN support has been officially dropped from the game, citing warm fuzzy reasons like better-integrated community interaction or something which equally fails to hide the fact that they're worried about things like Hamachi and piracy at LANs causing them to lose revenue. Nobody's been fooled, and reports would suggest that they're trying to make a sucky idea suck at little as possible while still being a pain in the arse.

But is it that sucky an idea? It sure is for me. I think it sucks for a couple of reasons:

I play Starcraft at LANs where there is no Internet connection. Battle.net authentication of any sort is simply going to be impossible.
In principle, as a paying customer I am having my flexibility in how I want to play the game restricted because they're worried about the people who don't pay for the game. I consider that counter-productive and immoral.

The game is a long way out yet so I'm not going to make any definitive statements yet, but I'll probably buy the game anyway. Despite the fact that I don't like some of the things they're doing the game should still be of high quality and I'll pay for that and play it under the restrictions imposed.

I even suspect that these measures will be fairly effective in reducing piracy. Emulating an entire authenticated battle.net server and convincing the game to use it is like making a fake Steam server---it's not a small task and will take a lot of time and effort from the cracking community. Hacking direct LAN support into a game specifically designed not to have it will probably take even more effort.

Unfortunately my only way of protesting these measures is to not buy the game. Yet I think I will anyway. I'm damn sure that hundreds of thousands of others will too, particularly in countries where Internet is ubiquitous (including the Starcraft capital of the world, South Korea).

So Blizzard is not going to change a damn thing. They still get rich and they reassure their stakeholders that they're taking measures to prevent piracy. Those measures might even work, at the risk of pissing off some fraction of their userbase.

Blizzard wants to make a buck out of its games. They're making the game so they make the rules. If you don't like that you have a choice. You can either not buy the game, or you can buy it and implicitly accept what you're getting yourself into. By extension, if you do choose to buy the game you don't have the right to complain about restrictions you knew were going to be there.

If you want a game to support features not motivated by commercial interests you have to build one without commercial constraints. That means free and open source software. Do any of the existing RTS projects measure up to Starcraft II? Almost certainly not. In the FPS area some are up there with the commercial guys (Nexuiz and Urban Terror, for example).

If you want to be more constructive, find, contribute to or make some free games.

Just remember: actions speak louder than words. A vocal minority is just that. Vocal.

By TK | Posted in Posts | Tagged foss, games, lan, starcraft | Comments (0)

On Doing It Wrong

August 19, 2009 – 18:28

I'm not one to give up on a bad idea if I think I have half a chance of making it work for a while. So it was that today I fixed my dipole with a new questionable strain relief design (click for larger version):

Yes indeedy. So far it hasn't broken. Reception on 80m isn't awesome but that's probably because it's more of a 10m or 20m dipole and that it's still not all that high. It may come down when it rains or when the wind blows around the branch to which it's attached. Not shown in the above diagram is the 10 loops of coax which form the air-core balun.

Sometime I'll make one properly. Honest. But for the meantime, I'm on HF again! \o/

By TK | Posted in Posts | Tagged antenna, dipole, radio | Comments (0)

The Imaginary Part

Tracking ipv4/ipv6 usage

Effective Anti-Filter Protest

SLIP and slattach

Native PPP IPv6 in Debian

More Pun Theory

Function Plotting in Inkscape

Now I’m Cool Again

Starcraft II, LANs and FOSS

On Doing It Wrong

Pages

Recent Posts

Archives

Search

Friends

RSS Feeds

Meta