Category: tools

Categories
conferences tools

Yocto Project Summit 2023.11

Last week, we participated in the Yocto Project Summit 2023.11, held online from November 28 to 30, with several interesting presentations regarding the Yocto Project itself and various use cases.

Marta Rybczynska led two sessions. The first one explained the procedure for submitting fixes for known security issues to the Yocto Projects, CVE (Common Vulnerability Enumeration) fixes. Developers can learn about them from multiple sources, like the runs of cve-check. In “stable” branches, the fix usually requires the backport of an upstream patch. Most of the submission process is the same as for any other bug, but there are small but significant differences to accommodate the cve-check tool. The developer should name the patch based on the CVE number and add a “CVE:” tag inside with that information. Marta has also shared submission hints like the usage of devtool if the original upstream patch does not apply and requires modifications. Refer to the slides below; the video link will be posted when available.

YPS-2023-11-Rybczynska-How-to-submit-a-CVE-fix-v2Download

The second session concentrated on the changes in the Yocto Project security area in 2023, with the important impact of the founding of the Sovereign Tech Fund.

Do you know that it has a security team now? The project also recommends that all layers have a SECURITY.md file with information for security researchers to contact the right people in case of a security issue.

Marta also explained the work in progress. CVE synchronization work aims to avoid duplication of work when fixing CVE issues. A team is looking into the usage of SRTool for triage. A proof-of-concept implementation of the upcoming SPDX3 standard is in the works, too.

Everyone can participate in all those security initiatives; you can check slides for pointers to wiki pages and discussions.

Slides from this session are available, too.

YPS2023-11-Rybczynska-YP-Security-Now-and-Future-v2Download
Categories
tools

Useful Linux network commands

Last updated: September 17, 2021.

Those using Linux for a long time remember that networking was configured using ifconfig and route. Those two commands are still available in some distributions, but they have disappeared in others. In addition, a number of other tools appeared. For example, NetworkManager became de facto standard of the network management service.

Let us cover a number of useful networking commands. You should replace the parts marked with <> with your own configuration. For example, <ifce> may be eth0 in your configuration. The $ sign marks your prompt.

Basic networking

Basic networking operations include showing available interfaces, their addresses and configuration options; it also includes routing.

Showing all interfaces with their addresses

You can show all interfaces with their status, and assigned addresses using one of the two commands (the second one is the abbreviated version):
$ ip addr show
$ ip a

It is an equivalent of (older) ifconfig or ifconfig -a.

Setting addresses

The commands for adding and deleting network addresses are quite similar. With ip they have the following form:
$ ip addr add <address> dev <ifce>
$ ip addr del <address>/<prefix> dev <ifce>

In the delete command, you can still (in 2021) specify the address without a prefix, but you will get a warning message.

They are equivalents of older:
$ ifconfig <ifce> add <address>
$ ifconfig <ifce> del <address>

Setting up MTU

In some cases we might want to change the MTU (Maximum Transmission Unit) value, giving the maximum size of a datagram packet in the network. With ip the command is:
$ ip link set dev <ifce> mtu <mtu_value>
It is an equivalent of:
$ ifconfig <ifce> mtu <mtu_value>

Setting interfaces up and down

If we want temporarily disable an interface and stop receiving packets, we put the interface “down”. It will start receiving packets again when we move it back “up”. You can change the state of the interface using commands like:

$ ip link set <ifce> down
$ ip link set <ifce> up

They are equivalents of older:
$ ifconfig <ifce> down
$ ifconfig <ifce> up

Showing routing

If you want to show the routing information of the host, use the following command:
$ ip route show
It is an equivalent of the older route command:
$ route -a
or

$ route

Adding a default gateway

The default gateway points to the gateway to be used if there are no other matches in the routing table. Usually it will be your external interface. To set up the default gateway use:

$ ip route add default via <gateway_ip>
It is an equivalent of:
$ route add default gw <gateway_ip>

Adding and removing routes

If you’d like to learn more about the routing concepts, you can read the introduction guide (using route-based commands).

The command to add and remove a route look like:

$ ip route add <network>/<mask> via <gateway_ip> dev <ifce>
$ ip route del <network>/<mask> via <gateway_ip> dev <ifce>

We can also start typing the beginning of the command, for example ip route del <network>/<mask>

The commands using route were:

$ route add -net <network>/<mask> gw <gateway_ip> <ifce>

$ route del -net <network>/<mask> gw <gateway_ip> <ifce>

Getting packet statistics

In Linux there are a number of ways to get statistics about received and sent packets. We can obtain them using the following commands:
$ ip -s link
$ cat /proc/net/dev
You can also look into individual files with the interface statistics, for example the number of received bytes is available in /sys/class/net/<ifce>/statistics/rx_bytes. To show the value you can run:
$ cat /sys/class/net/<ifce>/statistics/rx_bytes

All of them can replace packet statistics of ifconfig or netstat -i

NetworkManager

NetworkManager is a tool configuring automatically all types of network, included in most distributions. It has a number of graphical frontends, but also a handy command-line tool, nmcli.

Making an interface unmanaged

In a typical configuration NetworkManager will be taking care of all network interfaces of your system. Sometimes we need more control, for example to set up an IP address manually for testing. To do this, we need to put the interface in the unmanaged mode for NetworkManager. This commands allows us to manually handle addresses and routing of an interface. If an interface stays in managed mode, NetworkManager will reapply its configuration and manual changes may disappear.

$ nmcli device set <ifce> managed no

This command will take effect only until a reboot or restarting NetworkManager. It is also possible to permanently move an interface into unmanaged mode. In this case, change /etc/NetworkManager/conf.d/99-unmanaged-devices.conf or /etc/NetworkManager/NetworkManager.conf and add the following:

[keyfile]
unmanaged-devices=interface-name:<ifce>

You can learn more about configuration of NetworkManager from the documentation.

Verifying status of interfaces in NetworkManager

If you need to check the high level status of devices (names, connected or not), the NetworkManager command is:

$ nmcli device status

Checking detailed status in NetworkManager

NetworkManager allows also to check all detailed information about system network interfaces, including the IP addresses, DNS, routing, MTU. The command is:

$ nmcli device show

Categories
tools

Time zones: How time changes on Linux

During the time period when we change time from the winter one to the summer one (or the other way around), millions of Linux devices do the switch automatically. How is it possible, when you know that the change happens in different places in the world at different dates? Learn how the time zone database works on Linux and how to check how the time changes anywhere in the world.

The source of the solution is the timezone database (with tools), which you can download from ftp://ftp.iana.org/tz/releases/ The database describes how much time at each location is offset from the GMT time, and when it changes. Then the Linux system uses this data to adjust the displayed time.

You can check your current time zone by looking into /etc/timezone, which contains the user-readable name. For example:
$ cat /etc/timezone
Europe/Paris

The machine-readable data is somewhere else. On Debian, you can find it in /etc/localtime, which is a symbolic link to the correct file. For example:
$ ls -l /etc/localtime
lrwxrwxrwx 1 root root 32 Feb 12 09:29 /etc/localtime ->
/usr/share/zoneinfo/Europe/Paris

You can dump the dates of the time change using the zdump tool (filter the year, otherwise the output will be long):
$ zdump -v /etc/localtime|grep 2021
/etc/localtime Sun Mar 28 00:59:59 2021 UT = Sun Mar 28 01:59:59 2021
CET isdst=0 gmtoff=3600
/etc/localtime Sun Mar 28 01:00:00 2021 UT = Sun Mar 28 03:00:00 2021
CEST isdst=1 gmtoff=7200
/etc/localtime Sun Oct 31 00:59:59 2021 UT = Sun Oct 31 02:59:59 2021
CEST isdst=1 gmtoff=7200
/etc/localtime Sun Oct 31 01:00:00 2021 UT = Sun Oct 31 02:00:00 2021
CET isdst=0 gmtoff=3600

The output contains the moment the time changes, the binary flag if this time
is DST (daylight savings time), and the offset to GMT (in seconds).

With the same tool you can also check the time changes for any other place,
for example:

$ zdump -v /usr/share/zoneinfo/Antarctica/South_Pole |grep 2021
/usr/share/zoneinfo/Antarctica/South_Pole Sat Apr 3 13:59:59 2021 UT
= Sun Apr 4 02:59:59 2021 NZDT isdst=1 gmtoff=46800
/usr/share/zoneinfo/Antarctica/South_Pole Sat Apr 3 14:00:00 2021 UT
= Sun Apr 4 02:00:00 2021 NZST isdst=0 gmtoff=43200
/usr/share/zoneinfo/Antarctica/South_Pole Sat Sep 25 13:59:59 2021 UT
= Sun Sep 26 01:59:59 2021 NZST isdst=0 gmtoff=43200
/usr/share/zoneinfo/Antarctica/South_Pole Sat Sep 25 14:00:00 2021 UT
= Sun Sep 26 03:00:00 2021 NZDT isdst=1 gmtoff=46800

If you want to display time in your program, the system libraries do the conversion automatically. For example, in C the function to use is localtime(). You can learn more from the function’s manual page or from https://man7.org/linux/man-pages/man3/localtime.3.html