I was asked, what is the correct way to drop privileges in Linux.
So here is a list of things I usually do, when implementing unprivileged sub process:

fork
in some cases you would also want to do these:

clear the environment(leave only the required variables)
close all file descriptors(except the ones you need)
clear memory regions that are [...]

Posted by HackMan
Dated: 10th July 2020
Filled Under: Uncategorized
Comments: Post the 1st one!

If you need to SNAT local processes over a specific interface(for example a tunnel) there are a few things you have to do and this artical describes the required steps.
= Sysctls =
net.ipv4.ip_forward=1
net.ipv4.conf.default.rp_filter=0
net.ipv4.conf.all.rp_filter=0
More specific, you need to disable the rp_filter over the interface you are receiving the traffic. For tunnels this usually is [...]

Posted by HackMan
Dated: 13th December 2019
Filled Under: Uncategorized
Comments: Post the 1st one!

At the office we have this joke, that the shortest program, that produces “Segmentation fault” is:

$ echo Segmentation fault (core dumped)
Segmentation fault (core dumped)

We had this joke, after a collegue of ours debugged that exact program for 20min, before he realized that it actually printed sefgault
However, one of the collegues decided to challenge [...]

Posted by HackMan
Dated: 4th November 2019
Filled Under: Uncategorized
Comments: Post the 1st one!

My new expensive toy just came to life

localhost#show version
Arista DCS-7050QX-32-F
Hardware version: 02.11
Serial number: JPE1523XXXX
System MAC address: 001c.73XX.XXXX

Software image version: 4.14.5FX.2
Architecture: i386
Internal build version: 4.14.5FX.2-2328441.4145FX2
Internal build ID: 5f369972-3e94-403c-aee9-dd4cfba34d46

Uptime: [...]

Posted by HackMan
Dated: 26th September 2017
Filled Under: Uncategorized
Comments: Post the 1st one!

If you want to do A/B split testing with nginx, you usually are directed to the split clients module.
However, most of us don’t have this module compiled into their nginx installations and this usually results in using our code to do the actual A/B spliting.
Here is how you can do that, without the addition of [...]

Posted by HackMan
Dated: 27th July 2017
Filled Under: Uncategorized
Comments: Post the 1st one!

I’m using bird on my routers for a few years now, and every time I setup a new router I add these shell functions to help me monitor and debug network issues:

function bgp_states {
for i in $(birdc show protocols|sed ’s/\s\+/|/g’|grep BGP); do
a=(${i//|/ })
[...]

Posted by HackMan
Dated: 5th April 2017
Filled Under: Uncategorized
Comments: Post the 1st one!

I was featured at PerlAdvent calendar 2016 with my article about controlling Linux Containers with Perl
The PerlAdvent calendar is a very nice way to countdown the days till Christmas

Posted by HackMan
Dated: 20th December 2016
Filled Under: Uncategorized
Comments: Post the 1st one!

Bird’s memory usage with 8 BGP sessions (6 of which full BGP tables):

root@sfgw:~# birdc show memory
BIRD 1.5.0 ready.
BIRD memory usage
Routing tables: 160 MB
Route attributes: 136 MB
ROA tables: 112 B
Protocols: 68 kB
Total: [...]

Posted by HackMan
Dated: 23rd February 2016
Filled Under: Networking, Technology, Uncategorized
Comments: Post the 1st one!

I finally decided to request full BGP tables from all of my ISPs, so I can easily change the preferred path to certain destinations.
However this meant that now I have to monitor both the state of the BGP sessions, but also the amount of routes that I receive from my neighbors.
Before my days with full [...]

Posted by HackMan
Dated: 19th February 2016
Filled Under: Linux General, Networking, Technology, Uncategorized
Comments: Post the 1st one!

Since I started using Linux::Unshare after I created my Linux::Setns I found that unshare was missing a few tests.
I added them and sent a patch to the current maintainer Boris Sukholitko. However a few days later he wrote to me that he is no longer maintaining the module and proposed that I should take over [...]

Posted by HackMan
Dated: 28th July 2014
Filled Under: Technology, Uncategorized
Comments: Post the 1st one!