Linux/UNIX Pipes File Descriptors, and Process Substitution

Linux/UNIX Pipes File Descriptors, and Process Substitution

  • POSIX Shell – A logical container providing an environment and a set of commands to interact with a UNIX and/or UNIX-like system.
    Examples include: sh(Bourne shell), bash, ash, csh, etc.
  • Pipe – a unidirectional connection between two processes utilized for inter-process communications.
  • File Descriptor (fd) – A dynamically created, locally significant and non-persistent file representation of a FIFO buffer which can be connected to a pipe, or by default to the parent process’ standard input, output, and error buffers. As an example, a (virtual) terminal’s input device (keyboard, mouse, etc.) and output device (display).
  • Process substitution – Allows the POSIX shell user the ability create scripted constructs that mimic functional and/or imperative programming syntax in-line.

Every interactive process on startup within a POSIX shell is attached dynamically to three pipes local to its memory space. Standard Input(0), Standard Output(1), and Standard Error(2). If the POSIX system supports file descriptors they are then created and attached to the pipes at ‘/dev/fd/’.

Name Abbrev. File Symbols
standard input stdin /dev/fd/0 < or <<
standard output stdout /dev/fd/1 1> or 1>>
standard error stderr /dev/fd/2 2> or 2>>

POSIX Shell Plumbing

The POSIX (Bourne) shell and its derivatives provides the ability to utilize various symbols to plumb processes together by their file descriptors.

Symbol Name _Symbol_Syntax_ ________Function________
pipe { block } | { block } attach stdout of left script block
to  stdin of right script block
success
exec
cmd && { block } if cmd exits with success (0)
then execute block
failure
exec
cmd || { block } if cmd exits with error (not 0)
then execute block
write
file
{ block } #>file attach /dev/fd/#
of left script block to file
and overwrite with bytestream
write
fd
{ block } #>&? attach /dev/fd/#
of left script block to /dev/fd/?
and overwrite with bytestream
append { block } #>>file attach /dev/fd/#
of left script block to file
and append bytestream
close
stdout
#>&- close /dev/fd/#
(no # specified defaults to stdout)
read
file
{ block } <file attach stdin of left script block
to file and read bytestream
read
until
{ block } <&? attach stdin of left script block
to /dev/fd/? and read bytstream
read
until
{ block } <<word attach stdin of left script block
to stdin of proc
and read until word
close stdin <&- close stdin

Process Substitution

The POSIX shell also provides the ability to perform inline substitution utilizing two methods:

_Symbol_
Name
Symbol_Syntax ________Function________
sub-shell exec ( block ) execute process proc without environment persistance
sub-block exec { block; } execute proc resulting inline at location within script with evnironment persistance

…for examples see below

Continue reading

Using TCL to provide WoL Services from a Cisco Router

This exceptional bit of code provided by Jónatan Þór Jónasson is a masterpiece. It provides the ability to send Wake On Lan commands out the local interfaces of a router to WakeUp a device. You will need a device that supports UDP Sockets, so you have to be running 15.0+ firmware.

Found this at ipSpace by Ivan Pepelnjak

ROUTER# tclsh
ROUTER(tclsh)#

proc WakeOnLan {broadcastAddr macAddr} {
     set net [binary format H* [join [split $macAddr -:] ""]]
     set pkt [binary format c* {0xff 0xff 0xff 0xff 0xff 0xff}]

     for {set i 0} {$i < 16} {incr i} {
        append pkt $net
     }

     # Open UDP and Send the Magic Paket.
     set udpSock [udp_open]
     fconfigure $udpSock -translation binary \
          -remote [list $broadcastAddr 4580] \
          -broadcast 1
     puts $udpSock $pkt
     flush $udpSock;
     close $udpSock
}

ROUTER(tclsh)# WakeOnLan 255.255.255.255 000f13cd80a1

Rolling a Domain Password

So I get extremely frustrated having to change my password every 60 days because the security department has this belief that somehow that is going to prevent the nightmare at Sony from coming down upon our company. Without getting too deep into the politics around security I am a firm believer that it is far better for people to have a password that is highly complex and never changes or better yet high entropy and very simple to remember as opposed to forced rotations of passwords. My reasoning is simple. If I were a hacker and I got your password, I wouldn’t wait 60 days to use it. I would own you in the immediate… as in right now.  Continue reading

Cisco Telepresence Content Server: Windows Media Services Multicast and QoS

Tags

, , ,

So we have been working diligently to resolve an issue in relation to a vendor deployed Cisco Telepresence Show and Share setup. We ended up with through the troubleshooting process with two requirements. Basically what we were seeing was if the access port attached to the receiver was configured or negotiated at 100Mbps as opposed to Gigabit that the video stream would not play with any measure of predictability.

When everyone would go home or be out for lunch, the stream would play okay, but when the switch became even slightly busy, the video would most of the time not even provide a single key-frame and hence no video. Keep in mind that this was a 768kbps stream, so it was insane to think this could actually be the switch causing the issue.

With Auto-QoS defaults, we were dropping around 500 packets in 10 seconds. We actually forced this work by modifying marking the multicast traffic generated at the server on the server’s access switch and by modifying the output buffers for QoS on the client attached 2960S Access Switch. This required giving 70% of the buffer to the priority Queue, making sure CS5 marked traffic was getting inserted into the Priority Queue, and setting the thresholds for the priority queue to allow oversubsciption at 3200%.

Continue reading

Followup: DNS Lookup and Ping in Excel

Steve asked on my previous posting in regards to DNS Lookup in Excel if forward lookup could be done. (Find the IP Address from the Hostname). Believe it or not I one up your request. How about DNS Forward and Reverse lookup as well as Ping!

  1. Press Alt-F11 in Excel to get to the VBA screen.
  2. Right click on the Project View
  3. Click Add Module
  4. Add the following snippet.
  5. Use: GetHostname("4.2.2.1") in any Excel cell.
    or
    Use:
    GetIpAddress("www.google.com") in any Excel cell.
    or
    Use: Ping("4.2.2.1") in any Excel cell.

Continue reading

DS3/T3 Circuit Testing from the IOS Controller CLI

Bert Testing

loopback local

Puts the locally attached DSU (Internal to the Router) in Loop. This allows the testing of the local Card for errors with the line driver or modulator

loopback remote

Requests a loopback from the remote DSU. This allows the testing of the full circuit up to the DSU at the far end.

loopback network

Sets the local controller to loop towards the network allowing the far end to run test patterns across the entire path.

Testing Examples:

controller t3 1/0 !-- test the local hardware
 loopback local
 !
 bert pattern 0s interval 1
 do show controller t1 0/0
 !
 bert pattern 1s interval 1
 do show controller t1 0/0
 !
 bert pattern alt-0-1 interval 1
 do show controller t1 0/0
 !
 no loopback

controller t3 1/0 !-- test to the remote DSU.
 loopback remote
 bert pattern 0s interval 1
 do show controller t3 1/0
 !
 bert pattern 1s interval 1
 do show controller t3 1/0
 !
 bert pattern alt-0-1 interval 1
 do show controller t3 1/0
 !
 no loopback

controller t3 1/0 !-- allow the far end to perform end-to-end testing.
 loopback network
 !
 !-- WAIT FOR TESTING AT FAR END TO COMPLETE..
 !
 no loopback
!
end

Circuit Locating

You can transmit endpoint location information across a circuit using the ANSI Maintenance Description Set. The following example shows how this is specified:

Circuit Labeling Example:

controller t3 1/0 !-- Identification notation transmited via ANSI MDL Frames
 mdl string eic RouterA     !-- Equiptment ID Code
 mdl string fic 0x01        !-- Frame ID Code
 mdl string generator gen-1 !-- Generator Number in MDL Test Signal Message
 mdl string lic OKC         !-- Location ID Code
 mdl string pfi DT          !-- Facility ID Code
 mdl string port 1-0        !-- Port Number in MDL Idle Signal Message
 mdl string unit 2          !-- Unit Code
 !
 mdl transmit test-signal
!
end

Viewing example at far end of circuit:

show controllers t3 1/0

Results:
T3 1/0 is up.
  Applique type is Subrate T3
  Transmitter is sending AIS.
  Receiver has no alarms.
  MDL transmission is enabled
     EIC: Router-B, LIC: TUL, FIC: FO, UNIT: 1
  Far-End MDL Information Received
     EIC: Router-A, LIC: OKC, FIC: DT, UNIT: 1
  FEAC code received: No code is being received
  Framing is C-BIT Parity, Line Code is B3ZS, Clock Source is Line
  Data in current interval (30 seconds elapsed):
     0 Line Code Violations, 0 P-bit Coding Violation
     0 C-bit Coding Violation, 0 P-bit Err Secs
     0 P-bit Severely Err Secs, 0 Severely Err Framing Secs
     0 Unavailable Secs, 0 Line Errored Secs
     0 C-bit Errored Secs, 0 C-bit Severely Errored Secs
!
end

Securing Industrial Automation Networks – Part 1: Lingo and Regulation

Tags

, , , , , , , ,

We are currently working on a project to implement a security design around our Industrial Automation Networks in the Field. These range from gas measurement shacks with a single valve all the way up to multi-train gas processing plants. Post the StuxNet incident and the 60 minutes airing that notified the nation of the great dangers in exposing our vital infrastructure to the internet, there have been several regulatory commssions who have or are currently working on updating thier requirements around securing this vital infrastructure. Our goal is to beat them to the punch and be prepared for the worst while doing our Control Technicians a favor or two in providing them further isolation from the Enterprise.

In 2002 FISMA (Federal Information Security Management Act) kicked off a lot of these regulations by requiring each government entity to develop requirements to protect their perspective systems from cyber attack. Due to this, government agencies have become more and more aware of the threats imposed by networked system access to critical systems. In my opinion, this eyeopening will spark the proposal of additional regulation to protect these critical systems. In this first article, I’ll cover some common terms and we’ll note some regulatory bodies and any specific regulations already identified… Continue reading