Monitoring WAN status on OpenWRT using Alarm Pinger

Idea

I am connected to the Internet using wireless link which is sometime not very stable. I decided to monitor status of the link to make sure that I am aware of the problem. Initially i tried to monitor link with Monit or Nagios + fping, but results were not very good, this software is not designed for continues monitoring with very small interval. So I decided to find some alternatives.

About Alarm Pinger

I was using Alarm Pinger (apinger) with pfSense distribution — it was used to monitor WAN links to switch between them if needed.

Alarm Pinger (apinger) is a little tool which monitors various IP devices by simple ICMP echo requests. There are various other tools, that can do this, but most of them are shell or perl scripts, spawning many processes, thus much CPU-expensive, especially when one wants continuous monitoring and fast response on target failure. Alarm Pinger is a single program written in C, so it doesn’t need much CPU power even when monitoring many targets with frequent probes. Alarm Pinger supports both IPv4 and IPv6.

This tool supports multiply monitoring targets, external scripts, email notification, daemon mode. Only problem was that tool was not available as OpenWRT package. So i decided to port it.

OpenWRT port

After few tests I found, that code can be compiled with only few minor patches (autoconf related). You can grab Makefile for package from this pull request. Hopefully it will be integrated in the official packages feed soon. Update: port merged.
Port provides init.d script and sample configuration. In the feature I am also planning to make Luci integration to show link status from the web interface.

To buid package on Turris I would recommend to use my turris buildroot docker image.

## Service configuration

I am using very simple configuration to monitor status of the Wireless link using pings to the ISP gateway:

# we need to use root because "rainbow" tool fails to work from other uid. 
user "root"
group "root"

# status file with link quality information
status {
    file "/tmp/apinger.status"
    interval 1s
}
# command to run, with alarm type and reason
# if used with multiply targets %t needs to be added
alarm default {
    command on "/root/gateway.sh %A %r"
    command off "/root/gateway.sh %A %r"
}
# This alarm will be fired when target doesn't respond for 30 seconds.
alarm down "down" {
    time 30s
}
# This alarm will be fired when responses are delayed more than 80ms
# it will be canceled, when the delay drops below 50ms
alarm delay "delay" {
    delay_low 50ms
    delay_high 80ms
}
# This alarm will be fired when packet loss goes over 5%
# it will be canceled, when the loss drops below 3%
alarm loss "loss" {
    percent_low 3
    percent_high 5
}
target default {
    interval 1s
    avg_delay_samples 10
    avg_loss_samples 50
    avg_loss_delay_samples 20
    alarms "down","delay","loss"
}
# ISP Gateway host to monitor. You can define many targets in case of MultiWAN. 
target "1.2.3.4" {
    description "ISP Gateway"
}

Also I am using simple script to change WAN LED color in case of problems:

#!/bin/sh

DEF_COLOR=33FF33 # see https://gitlab.labs.nic.cz/turris/rainbow/blob/master/turris.c
WARNING_COLOR=FFFF00 # yellow
DOWN_COLOR=red
RAINBOW=/usr/bin/rainbow

logger "event: $@"
# read data from status file
STATUS=`grep  "Active alarms:" /tmp/apinger.status`

case "$@" in
"delay ALARM")
  touch /tmp/apinger.delay.flag
  ;;
"delay alarm canceled")
  rm -f /tmp/apinger.delay.flag
  ;;
"down ALARM")
  touch /tmp/apinger.down.flag
  ;;
"down alarm canceled")
  rm -f /tmp/apinger.down.flag
  ;;
"loss ALARM")
  touch /tmp/apinger.loss.flag
  ;;
"loss alarm canceled")
  rm -f /tmp/apinger.loss.flag
  ;;
esac
# link is down
if [ -e /tmp/apinger.down.flag ]; then
  ${RAINBOW} wan ${DOWN_COLOR}
  exit
fi
# loss or delay
if [ -e /tmp/apinger.loss.flag -o -e /tmp/apinger.delay.flag ]; then
  ${RAINBOW} wan ${WARNING_COLOR}
  exit
fi
# no active alarms found
${RAINBOW} wan ${DEF_COLOR}

This works pretty good – if line is down – WAN color is red, if it is unstable or congested – yellow. We can also monitor link status manually:

root@turris:~# cat /tmp/apinger.status
Fri Apr 10 12:39:24 2015

Target: 1.2.3.4
Description: ISP Gateway
Last reply received: #2876 Fri Apr 10 12:39:23 2015
Average delay: 3.247ms
Average packet loss: 0.0%
Active alarms: None
Received packets buffer: ################################################## ###################.

Todo

I am planning to extend functionality of the script with some cool features:

  • Integrate with Luci to show status in the web interface.
  • Add support for the failover switch to the LTE channel if link is down (and LTE dongle connected).
  • Enable rrdtools support provided by apinger.
Tagged , , , ,

How to watch youtube live stream using VLC (or other players)

I like to watch @hromadske.tv, which using Youtube to distribute live stream over Internet. I don`t like browser as player, because of many reasons, including:

  1. Stream will die if i need to restart/quit browser
  2. Google like to play with it (html5/swf changes, etc) and sometime it stops working or works buggy
  3. Sometime it is automatically switching to the 720p or 1080p and utilizing too much bandwidth without real need.
  4. VLC and other players supports Remote Control, advanced audio/video control, etc.

To watch live stream in VLC we will need to get stream format first. I am doing this using youtube-dl tool:
bash-3.2$ youtube-dl --list-formats https://www.youtube.com/watch?v=oHZKYHCDy9Q
oHZKYHCDy9Q: Downloading webpage
oHZKYHCDy9Q: Extracting video information
oHZKYHCDy9Q: Downloading formats manifest
oHZKYHCDy9Q: Downloading DASH manifest
[info] Available formats for oHZKYHCDy9Q:
format code extension resolution note
140 m4a audio only DASH audio 144k , m4a_dash container, aac @128k (48000Hz)
141 m4a audio only DASH audio 272k , m4a_dash container, aac @256k (48000Hz)
160 mp4 256x144 DASH video 124k , 15fps, video only
133 mp4 426x240 DASH video 258k , 30fps, video only
134 mp4 640x360 DASH video 616k , 30fps, video only
135 mp4 854x480 DASH video 1116k , 30fps, video only
136 mp4 1280x720 DASH video 2216k , 30fps, video only
137 mp4 1920x1080 DASH video 4141k , 30fps, video only
151 mp4 72p HLS
132 mp4 240p HLS
92 mp4 240p HLS
93 mp4 360p HLS
94 mp4 480p HLS
95 mp4 720p HLS
96 mp4 1080p HLS (best)

I found that HLS format works well with VLC. I will choose 480p (format 94) to use with VLC. It is possible to get URL using this command:
youtube-dl -f 94 -g https://www.youtube.com/watch?v=oHZKYHCDy9Q

Resulted URL can be played by VLC, ffplay from ffmpeg or QuickTime player. Also you can send it directly this way:
vlc youtube-dl -f 94 -g https://www.youtube.com/watch?v=oHZKYHCDy9Q

How to access Integrated Management Module on IBM System x3650 M3 server under FreeBSD

IBM System x3650 M3 server provides nice looking Integrated Management Module (IMM) GUI/CLI which can be accessed remotely (using dedicated network interface) or directly from host. In this short article I will describe how to do this from FreeBSD host machine.All tests were done with FreeBSD 10.1-RELEASE-p6 using GENERIC kernel.

  1. We will need to find virtual network card provided by IMM (RNDISCDC ETHER IBM):
    root@host /root]# usbconfig
    ugen0.1: <UHCI root HUB Intel> at usbus0, cfg=0 md=HOST spd=FULL (12Mbps) pwr=SAVE (0mA)
    ugen2.1: <EHCI root HUB Intel> at usbus2, cfg=0 md=HOST spd=HIGH (480Mbps) pwr=SAVE (0mA)
    ugen1.1: <UHCI root HUB Intel> at usbus1, cfg=0 md=HOST spd=FULL (12Mbps) pwr=SAVE (0mA)
    ugen4.1: <UHCI root HUB Intel> at usbus4, cfg=0 md=HOST spd=FULL (12Mbps) pwr=SAVE (0mA)
    ugen3.1: <UHCI root HUB Intel> at usbus3, cfg=0 md=HOST spd=FULL (12Mbps) pwr=SAVE (0mA)
    ugen6.1: <EHCI root HUB Intel> at usbus6, cfg=0 md=HOST spd=HIGH (480Mbps) pwr=SAVE (0mA)
    ugen5.1: <UHCI root HUB Intel> at usbus5, cfg=0 md=HOST spd=FULL (12Mbps) pwr=SAVE (0mA)
    ugen3.2: <RNDISCDC ETHER IBM> at usbus3, cfg=1 md=HOST spd=FULL (12Mbps) pwr=ON (100mA)
    In our case it is ugen3.2.
  2. This USB device supports 2 USB configuration – default (and active on boot) – RNDIS or alternate – CDC. FreeBSD works fine with CDC, so we need to switch this USB device to it:
    root@host /root]# usbconfig -d ugen3.2 set_config 1
    After this device should be detected by FreeBSD and dmesg should contain something like this:
    umodem0: at uhub4, port 2, addr 2 (disconnected)
    cdce0: on usbus3
    ue0: on cdce0
    ue0: Ethernet address: e6:1f:13:5e:ab:cd
  3. Now only thing left is to run dhclient on the new network interface:
    [root@host /root]# dhclient ue0
    DHCPREQUEST on ue0 to 255.255.255.255 port 67
    DHCPACK from 169.254.95.118
    bound to 169.254.95.120 -- renewal in 300 seconds.

    Here we can see that address of the IMM is 169.254.95.118. We can use it to connect with telnet or https to get IMM interface.
  4. Username should be admin, and password could be changed using “ipmitool” utility:
    [root@host /root]# ipmitool user set password 2

Thats it :) Using IMM you can manage your hardware, monitor server and do many other interesting things.

Tagged , , , ,

Asterisk g729 codec for the OpenWRT.

Today OpenWRT telephony maintainers committed codec_g729 to the feed. I am already using this package on my home router and it works pretty well. Binary packages should be available soon.

Tagged ,

Digium, WTF?

Today i visited Asterisk community forums and got this:

Information
You have been permanently banned from this board.
Please contact the Board Administrator for more information.
A ban has been issued on your username.

My last post was a answer in thread were someone was asking for g.729 codec for the ARM platform. I proposed to test my patch for the bcg729 codec and was permanently banned with all my posts deleted :)

Just in case:

  1. I am not implementing g.729 functionality and using open-source GPLv2 project bcg729 available in the net.
  2. You might have to pay royalty fees to the G.729 patent holders for using their algorithm.
  3. The G.729 codec from Digium is supported for use only on Linux x86 and x86_64 environments.

I already wrote mail to the board administrator, but i think they are just banning everyone with non-blob g.729 implementation. I would recommend them to spend some time for porting their solution to more platforms instead :)

Tagged , , , , ,

Using g.729 codec with Asterisk on Raspberry Pi (or other ARM device)

I decided to build home PBX based on Asterisk VoIP server running on my Raspberry Pi device. One of the reasons for this was ability to build cheap GSM gate for home use using chan_dongle. But one of the problems i have found was lack of g.729 codec for the Asterisk on ARM.

On Intel platform it is possible to use codecs from asterisk.hosting.lv or to buy commercial codec from Digium. Unfortunately its not the case for the ARM. So i decided to see if it possible to port some existing g.729 codec.

Project asterisk-g72x is only Open Source g.729 for Asterisk implementation i am aware of. Internally it is using 2 libraries:

  • IPP from Intel
  • Or ITU based reference code.

It is not possible to compile recent IPP versions on ARM and a lot of ASM code making porting of it problematic. ITU g.729 code is on a plain C, but is painfully slow. It compiles on ARM, but performance is terrible. Asterisk eating 100% of CPU on recoding and drops frames. So it was not an option. So i decided to find alternative codec. In the net i found 2 Open Source projects with g.729 implementation suitable for ARM

  1. Experimental version of G.729 codec for ARM device. It seems to be ITU source code with ARM assembler code for some operations.This code also using many global variables so is not ready for multi-thread software like asterisk without additional changes. Also there are issues open from 2011 without any reaction from developers.
  2. Bcg729. It is a software G729A encoder and decoder library written in C, developed by Belledonne Communications, the company supporting the Linphone project. It was written from scratch and is NOT a derivative work of ITU reference source code in any kind.

BCG 729 also supports concurrent channel encoding/decoding for multi-call applications such as Asterisk. I was able to adopt bcg729 for use with asterisk-g72x project, instead of slow ITU code. If you want to test it – use my BitBucker fork. I will post benchmarks later, but now i see about 15-20% CPU load on g.729 encoding with Asterisk, so it should be able to support 4-5 concurrent channels in time.

Tagged , , , , , ,

JVPN 0.7.0 released

JVPN is a Perl script to connect to the Juniper VPN with Host Checker enabled.
New version (0.7.0) adds host checker support, as well as some other features and bug fixes:

+ Added experimental code to run host checker from jvpn
+ Include LWP traffic dump in the debug output
+ Added sample script to restore original DNS settings after connect
+ Added experimental grid cards support
# fixed processing of last line w/o \n character in configuration file

Download location could be found in JVPN post.

Tagged , , ,

Percona XtraBackup FreeBSD port updated to the version 2.1.3

Version 2.1.3 adds some new functionality (including encryption) and also supports MySQL 5.6. Also, to support decompression of the compressed archives I decided to add qpress archiver to the ports tree. See http://www.freshports.org/databases/xtrabackup/ for the details. Please also make a note, that new versions support only MySQL 5.1 (with InnoDB plugin only), MySQL 5.5 and MySQL 5.6.

Tagged , ,

JVPN 0.6.1 released

JVPN is a Perl script to connect to the Juniper VPN with Host Checker enabled.
New version (0.6.1) adds ability to store password/token in configuration or to use external scripts to provide it. Also it adds ability to define custom URL and addressing issues with scripting support added in 0.6.0.
You can download it from JVPN post.

Tagged , , , , ,

Using RSA soft token from Linux

I already discussed RSA hard tokens and ability to OCR them. This time i would like to discuss RSA Soft Tokens support in Linux. Despite the fact that there is no official Linux support i found that it works perfectly. There are at least 3 ways to use them:

I am currently using options 3 and 2 and keeping one as backup.

  1. Using official Windows software in Wine. It installs and run just fine
  2. Using Android/Iphone application on mobile phone, you will need to covert the key using RSA token converter.
  3. Using non-official open-source Linux client – stoken. It has CLI and GUI (GTK2) versions, supports batch integration and works perfectly for me.

All tokens should show equal numbers. Below is a screenshot of native Windows client and stoken/stoken-gui.
tokens
I found that all options works perfectly for me, currently i am mostly using stoken CLI because it was easy to integrate it with JVPN tool. I will update jvpn nearest days to support external authenticators.

Tagged , ,
Follow

Get every new post delivered to your Inbox.

Join 356 other followers