Shabbir Ahmed: January 2013

Thursday, January 31, 2013

TP-Link, openwrt, openflow bro-ids and usb flash mounting

OpenWRT, OpenFlow and bro-ids on TP-Link TL-WR1043ND

I was given a task to mount USB Flash on tp-link router, here's how I did. here you can find detailed information about this hardware.

AR7132 rev 2 24Kc V7.4 400 Mhz
32MB RAM
8MB Flash
4 x 1 port Athros ( RealTek RTL8366RB 5-port Gigabit switch w/ vlan support)
Wireless: Atheros AR9103 2.4ghz 802.11bgn
1 WAN port
USB: Yes 1 x 2.0 (OHCI platform; device name 1-1)
12V DC

The development platform I used is ubuntu vm on virtualbox.
lets start the build process:

Building the image

apt-get install build-essential binutils flex bison autoconf gettext texinfo sharutils subversion libncurses5-dev ncurses-term zlib1g-dev gawk

mkdir ~/ofwrt
cd ~/ofwrt

svn co svn://svn.openwrt.org/openwrt/trunk/

cd trunk/

sudo ./scripts/feeds update -a

sudo ./scripts/feeds install -a

cd ~/ofwrt/

git clone git://gitosis.stanford.edu/openflow-openwrt

cd ~/ofwrt/trunk/packages/

ln -s ~/ofwrt/openflow-openwrt/openflow-1.0/

cd ~/ofwrt/trunk/

ln -s ~/ofwrt/openflow-openwrt/openflow-1.0/files

cd ~/ofwrt/

make menuconfig

Select your platform for Target System (Atheros AR71xx) Target System (Atheros AR7xxx/AR9xxx) --->
Target Profile (TP-LINK TL-WR1043N/ND) --->
Kernel modules --->

Filesystems --->

<*> kmod-fs-vfat..................................... VFAT filesystem

--- kmod-usb-core............................................ Support

<*> kmod-usb-ohci............................... Support for OHCI
<*> kmod-usb-serial-option................... Support for Option
<*> kmod-usb-storage..................................... USB Storage
<M> kmod-usb-storage-extras.................... Extra drivers for usb-storage
<*> kmod-usb-uhci............................... Support for UHCI controllers
<*> kmod-usb2................................... Support for USB2 controllers
<*> kmod-usb-uhci............................... Support for UHCI controllers

Save & Quit
I could not find few of the lines in menuconfig thats why I added them manually.
cd trunk
vi .config
uncomment the following lines and put =y at the end

CONFIG_PACKAGE_kmod-nls-base=y
CONFIG_PACKAGE_kmod-nls-cp437=y

Select OpenFlow package under network
Select tc package under network
Select kmod-tun under Kernel Modules->Network Support
in Target Images -> select [ ] ramdisk --->
Save and Exit

Add support for queueing :
make kernel_menuconfig
Under Networking Support->Networking options->QoS and/or fair queueing select Hierarchical Token Bucket (HTB)
Save and Exit

Build the image

makeV=99

Upgrading the Router

1. ssh or telnet the router copy 'openwrt-ar71xx-generic-tl-wr1043nd-v1-squashfs-sysupgrade.bin' file from your development system to your tp-link.

2. populate your /etc/sysupgrade.conf

add file and directory names where which you want to preserve during upgrade, i have added /etc/config/ only to save my network configurations.

3. sysupgrade -v /tmp/openwrt-ar71xx-generic-tl-wr1043nd-v1-squashfs-sysupgrade.bin

After the upgrade the router will reboot with new image. For more information on upgrade visit here

Mounting the USB Flash:

before mounting verify usb kernel support,

lsmod | grep usb

lsmod | grep vfat

lsmod | grep nls

if any of the above are missing you can add them using insmod kmod-fs-fat (example)

if all the above modules are present go ahead

mkdir -p /mnt/usb # directory where Flash should be mounted.

mount -t vfat /dev/sda1 /mnt/usb

ls /mnt/usb # here you should be able to see all the files on flash.

Mounting flash on startup

vi /etc/config/fstab

config 'mount'
      option 'device' '/dev/sda1'
      option 'options' 'rw,sync'
      option 'enabled_fsck' '0'
      option 'enabled' '1'
      option 'target' '/mnt/share'

And to make the fstab settings effective in current session run:

/etc/init.d/fstab start

To make the fstab settings effective after every reboot run:

/etc/init.d/fstab enable

start the openflow service...

http://www.openflow.org/wk/index.php/OpenFlow_1.0_for_OpenWRT

Tuesday, January 29, 2013

IOS hardware inventory script

Once i was asked to create an excel file of the hardware inventory, one way was to telnet each router execute few commands and manually copy paste the lines to excel file but this was a clerical job so i made a script that collects all this information from the IOS devices.

Prerequests:

Linux machine with Perl installed
apt-get install net-snmp (debian)
yum install net-snmp (redhat based)
input.txt (a simple IP address list of the devices)
set the correct snmp to variable $snmpro="your_comm";
result.csv will generate the output file with all the required serial numbers and card details.
Put all the files in same directory

Troubleshooting:

perl -v

check if perl installed, if perl is install it will prompt the version of perl install otherwise perl is not installed.

snmpget -v2c -c public IP_Address 1.3.6.1.4.1.9.2.1.3.0

provide the correct community and IP address of snmp agent, it should return the host-name of the agent. otherwise you can paste your problem on this blog and ill try my level best to reply ASAP.

vi inventory.pl
open your fav editor and paste the code in the code section.

Execution:
perl scriptname.pl # perl inventory.pl

Some important and Usefull OIDs:

iso.3.6.1.2.1.47.1.1.1.1.11.1 motherboard oid
iso.3.6.1.2.1.47.1.1.1.1.11.21 device
iso.3.6.1.2.1.47.1.1.1.1.13.1 device name
1.3.6.1.2.1.47.1.1.1.1.11 serial numbers
1.3.6.1.2.1.47.1.1.1.1.13 names
1.3.6.1.4.1.9.2.1.3.0 hostname

#!/usr/bin/perl
$snmpro="public"; 
$rtrlist="input.txt";


open (RTR, "input.txt") || die "Can't open $rtrlist file";
open (LOG, ">result.csv") || die "Can't open $workingdir/RESULT file";
open (ERR1, ">err.log") || die "Can't open $workingdir/RESULT file";

while (<RTR>) {
  #print $_;
  chomp($rtr="$_");
  $snmpget=`snmpget -v2c -c $snmpro $rtr 1.3.6.1.4.1.9.2.1.3.0`;
   
  if ($snmpget =~ /Timeout/) { print ERR1 "cant open $rtr\n"; print "can't open $rtr.\n"; } else 
  {
  @str = split (/\=/,$snmpget);
  @hostname = split (/ /,$str[1]);
  print $hostname[2];
  chomp($hostname[2]);
   
 }


  @snmpname = `snmpwalk -v2c -c $snmpro $rtr 1.3.6.1.2.1.47.1.1.1.1.13`;
  @snmpserial = `snmpwalk -v2c -c $snmpro $rtr 1.3.6.1.2.1.47.1.1.1.1.11`;
  $line_num=0;
  foreach (@snmpname) {
        chomp ($_);
        @name = split (/\=/,$_);
        @name1= split (/ /,$name[1]);
        if($name1[2]) {
        chomp($snmpserial[$line_num]);
        @serial1= split (/\=/,$snmpserial[$line_num]);
        @serial = split (/ /,$serial1[1]);
        print $name1[2]."=".$serial[2]."\n";
        print LOG $rtr.",".$hostname[2].",".$name1[2],$serial[2]."\n";
        }
        
    
    $line_num++;
  }
  #print @snmpname;
  #print @snmpserial; 
  #printf LOG ("%-12.12s; %-30.30s; %-25.25s; %-12.12s\n", $RTR, $LOC, $CON, $SIN);

  }
close (RTR);
close (LOG);
close (ERR1);

DOS batch file auto ftp files

This script uploads files msg.txt and on a specified interval from an ftp client (this computer) to an FTP server on MS windows platforms.

rem display whats going on when this script runs.
@echo on

rem ftp is a MS command line FTP protocol client used to upload/download files rem via FTP protocol, -s specifies the ftp commands to be executed from ftp.src

ftp -v -s:"ftp.src"
rem then the batch file it is calling looks like this:

rem truncate/empty the msg.txt after upload.
echo. 2>msg.txt

rem log "what happpens" every time the script is execute to a file called sms.log
echo %TIME% >> sms.log

SRC.TXT

rem src.txt could be any text file that holds ftp commands
src.txt

open 10.1.4.65 rem ftp server's IP address.
username
password

rem filename to upload and command/
put msg.txt
put src.txt

rem quit after above commands are executed.
quit

To automate this process or schedule it to run on a specific time.

Start->accessories-system tools->task scheduler

Saturday, January 26, 2013

OpenFlow, OpenWRT and bro-ids on rb450g

OpenWRT, OpenFlow and bro-ids on Routerboard 450g

This small form factor board has a capacity to be used as enterprise CPE, no other hardware in this class has this much of RAM, CPU or flash storage (which are used for SOHO devices), where advance security features, routing features could be used.

AR7161 680MHz Atheros CPU, could turbo boost to 800 Mghz
256MB RAM
512MB built-in NAND flash and a microSD slot, you can also boot RB from microSD if you are using bootloader ver 3.02.
4 x 1 port Athros ( AR8316 Switch )
1 WAN port
10-24V DC
for more details you can check http://routerboard.com/RB450g and http://wiki.openwrt.org/toh/mikrotik/rb450g

OpenWrt is described as a Linux distribution for embedded devices. Instead of trying to create a single, static firmware, OpenWrt provides a fully writable filesystem with package management. This frees you from the application selection and configuration provided by the vendor and allows you to customize the device through the use of packages to suit any application. For developer, OpenWrt is the framework to build an application without having to build a complete firmware around it; for users this means the ability for full customization, to use the device in ways never envisioned.

My intention to port openwrt to routerboard 450G was to play and learn openflow protocol and learn new things about it about it.

The development platform I used is ubuntu vm on virtualbox.
lets start the build process:

Building the image

apt-get install build-essential binutils flex bison autoconf gettext texinfo sharutils subversion libncurses5-dev ncurses-term zlib1g-dev gawk

mkdir ~/ofwrt
cd ~/ofwrt

svn co svn://svn.openwrt.org/openwrt/trunk/

cd trunk/

sudo ./scripts/feeds update -a

sudo ./scripts/feeds install -a

cd ~/ofwrt/

git clone git://gitosis.stanford.edu/openflow-openwrt

cd ~/ofwrt/trunk/packages/

ln -s ~/ofwrt/openflow-openwrt/openflow-1.0/

cd ~/ofwrt/trunk/

ln -s ~/ofwrt/openflow-openwrt/openflow-1.0/files

cd ~/ofwrt/

Apply Patch to kernel for making a larger parition on the NAND to fit the bigger kernel in

vi target/linux/ar71xx/files/drivers/mtd/nand/rb4xx_nand.c

locate the lines:

From:

 



   {
      .name   = "kernel",
      .offset = (256 * 1024),
      .size   = (4 * 1024 * 1024) - (256 * 1024),
    },
To:

    {
        .name   = "kernel",
        .offset = (256 * 1024),
        .size   = (8 * 1024 * 1024) - (256 * 1024),
    },

 or you can also download the patch here and apply,

make menuconfig

Select your platform for Target System (Atheros AR71xx)

Select OpenFlow package under network
Select tc package under network
Select kmod-tun under Kernel Modules->Network Support
in Target Images -> select [ ] ramdisk --->
Save and Exit

Add support for queueing :

make kernel_menuconfig
Under Networking Support->Networking options->QoS and/or fair queueing select Hierarchical Token Bucket (HTB)
Save and Exit

Build the image

makeV=99 # to speed up compilation on multicore systems,

ionice -c 3 nice -n 20 make -j 2 #for quad-core CPU put -j 3

make sure internet is accessible from this machine this process will download neccessary source code if missing otherwise the process will not complete.

Flashing the Router

You need a tftp and dhcp server. I used tftpd32 it has built-in dhcp and tftp server, copy 'openwrt-ar71xx-nand-vmlinux-initramfs.elf' file from trunk/bin/ to tftp root directory,
and set the tftpd32 like this,

attached rb450g to your computer's serial port, on the boot menu select boot options-> Ethernet then nand flash, boot protocol -> dhcp

press 'x' on the main menu.

the router board will successfully boot from the ethernet, as the router is booted, make neccessary network configuration, e.g. connect ethernet (switch port to your computer, assign your computer the ip address 192.168.1.2/24) after succesful connectivity.

Here you need to run the build process again and create an image that could be installed on the router, for this

access the machine where you were building from the source, locate to trunk directory

cd ~/ofwrt/trunk/
make menuconfig
under Target Images --->
uncheck ramdisk --->
make V=99

come back to your machine install babyftp or any other ftp or http server.

copy files 'openwrt-ar71xx-nand-vmlinux-lzma.elf' and 'openwrt-ar71xx-nand-rootfs.tar.gz' from trunk/bin/ar71xx/ to your ftp|http root.

come to openwrt shell on rb450g, type the following command,

wget2nand ftp://192.168.1.xxx/
wget2nand will automatically download the required files and burn them onto flash. If every thing goes successful it will prompt a success msg and ask you to reboot. simply reboot the device and it will give you access to openwrt shell runnning on rb450g.

next is to install openflow package you compiled to openwrt, download the package openflow_1.0.0-1_ar71xx.ipk and install via

opkg install openflow_1.0.0-1_ar71xx.ipk

start the openflow service...

/etc/init.d/openflow start

root@OpenWrt:~# /etc/init.d/openflow start
eth1.1
Configuring OpenFlow switch for out-of-band control
No need for further configuration for out-of-band control
Jan 25 12:52:24|00001|vlog|INFO|opened log file /var/log/ofprotocol.log
Jan 25 12:52:24|00002|secchan|INFO|OpenFlow reference implementation version 1.0.0
Jan 25 12:52:24|00003|secchan|INFO|OpenFlow protocol version 0x01
Jan 25 12:52:24|00004|secchan|WARN|new management connection will receive asynchronous messages
Jan 25 12:52:24|00005|rconn|INFO|unix:/var/run/dp0.sock: connecting...
Jan 25 12:52:24|00006|rconn|INFO|tcp:192.168.1.2:6633: connecting...
Jan 25 12:52:24|00007|rconn|INFO|unix:/var/run/dp0.sock: connected

root@OpenWrt:~# ps | grep of
3 root 0 SW [ksoftirqd/0]
1355 root 1268 S ofdatapath punix:/var/run/dp0.sock -i eth1.1 --no-lo
1371 root 1068 S ofprotocol unix:/var/run/dp0.sock tcp:192.168.1.2:66
1373 root 1500 S grep of

if you have successfully installed the package, both daemons ofdatapath and pfprotcol must be running.

lets install bro-ids

setup up your routerboard to internet access and execute the following command,

wget http://sysnet.org.pk/upload/rc_shrimpFiles/openwrt-bro.tar.gz

it will download and install dependencies.

thats all! i will upload a working lab in which

http://wiki.openwrt.org/doc/howto/buildroot.exigence

http://www.openflow.org/wk/index.php/OpenFlow_1.0_for_OpenWRT