IP Lookup tool

This tool is to retreive ip addresses for a given hostname. This isn’t very new, but I noticed that if you need to refresh ip without wanting or able to call ipconfig /flushdns, you can still refresh the ip’s for the given hostname.

It also has an option to return the ip address that is used to indicate a hostname is either invalid or could not be found.

getip.exe

(free, freeware, no spyware, use for whatever you want, unlicensed, win32 console exe optimized for i586)

hobby multi-isp serving routing scheme revisited

After my last two posts about multi-isp serving over 2 routers, some time has went by and one of my isp’s dsl-modem slash router changed and went ballistic with fixed settings. They decided that nobody ever wants a different subnet from 192.168.2.0/24, and therefor dump everything else to the outside interface. This didn’t only make a router inbetween very much needed (since I didn’t want to change my local network besides a /16 mask), it also made my network a lot more complicated.

Since the router would ditch everything going to 192.168.0.0, I decided to connect the secondary network interfaces (that happened to be configured to 192.168.2.0 as well) to the network as the serving interface. However, as usual this doesn’t matter when it comes to outgoing traffic. Anything it considers outside its network is send to the default interface instead, eventhough the incoming packets came from the other interface.

At some moment of clarity, I found that I could split up 192.168.2.0 into 2 networks as well, namely in this case (since the isp’s dsl-router has its local ip set fixed to 192.168.2.254) into networks 192.168.2.128/25 and 192.168.2.0/25. This allowed everything beneath 192.168.2.128 to be sent to the internal network, and everything above, including the dsl-router, to belong to the other side.

Basically like this:

The trivial stuff

interface FastEthernet0/0
 ip address 192.168.2.130 255.255.255.128
 ip access-group defaultallin in
 ip mask-reply
 ip nat inside
 ip route-cache flow
 duplex auto
 speed auto
 no cdp enable
!
interface FastEthernet0/1
 ip address 192.168.2.101 255.255.255.128
 ip access-group defaultallout out
 ip mask-reply
 no ip redirects
 ip nat outside
 ip route-cache flow
 duplex auto
 speed auto
!
ip classless
ip route 0.0.0.0 0.0.0.0 FastEthernet0/0 192.168.2.254
ip route 192.168.0.0 255.255.255.0 FastEthernet0/1
ip route 192.168.2.0 255.255.255.128 FastEthernet0/1
!
ip access-list extended defaultallin
 permit ip any any
ip access-list extended defaultallout
 permit ip any any

Note: default interface setting “no ip proxy-arp” is negated and thus on.

The headache stuff, yet in the end not that hard

The normal way of NAT is to e.g. “ip nat inside source list 1 interface FastEthernet0/0 overload”, to replace the source ip, with the ip of interface fa0/0, if the packet is permitted by list 1.
Where list 1 is often casually defined as “access-list 1 permit any”, allowing everything to be translated.

A line like “ip nat inside source static tcp 192.168.0.10 80 interface FastEthernet0/0 80″ is often used to change the destination ip/port to 192.168.0.10 if a packet arrives at the external interface fa0/0 on port 80.

In this particular case, we still want a “normal” NAT source ip translation from the inside to the outside (because we need to force our server to not send traffic to the default gateway), but not All traffic, since we still want to use the other ISP for regular Internet traffic when we fancy such a thing. Unfortunately a standard access-list doesn’t allow us to be very specific unless we want to define the source. Since the source ip could be anything (because the traffic is coming from the Internet), we can’t use a standard ACL.

We can however use a Extended ACL, which allows to be specific about the Destination IP and portnumber, which goes as followed:

ip nat inside source list ourspecialnat interface FastEthernet0/0 overload
!
ip access-list extended ourspecialnat
 permit tcp any host 192.168.2.2 eq www

And there you have it. A specific permission for destination 192.168.2.2 port=80, to be translated. Now all we need to do is to set a portforward from our ISP’s dsl-router from port 80 to 192.168.2.2. It routes traffic inside because the ip matches its 192.168.2.0/24 network, and our special nat router makes sure the packets are sent and received via  the same route due to obscuring the source ip.

PS. Perhaps it should be noted that this is just a funny exploit in search of better solutions. Most of the time you will want to know the actual IP address a visitor of your website is using, and not get a local IP instead. Chances are however that setting up either your server or your network to remember which route they should be going (with an IPv4 NAT-ted network) is considerably more difficult. When no traffic is translated in the first place (like for example when you have a large number of IPv4 addresses or a couple of IPv6 addresses), there wouldn’t be an issue of rejecting source/destination mismatches, because they would always be the same.

db component chain

If you want to connect visual components like grids or editboxes to a dataset, you’d expect things to be a bit straightforward, like for example:

DBGrid -> DataSource -> SQLQuery -> DBConnection

Unfortunately, when it comes to db components, this chain will result in a “Operation not allowed on a unidirectional dataset” error. Which would make a tiny bit of sense if you want to make the Grid editable, but even when you switch off every possible property off to edit the grid, the error will still come up.

If you’re like me, you’d probably just put a StringGrid on your form and loop over the SQLQuery to show all the data. That does however take a lot more writing code for something that should be quite easy to do.

Aparantly, this is the way to do chain the components to be able to link your things together:

Short: Happy undocumented quirks

Description of AdjustWindowRectEx() on MSDN:

The AdjustWindowRect function calculates the required size of the window rectangle, based on the desired client-rectangle size. The window rectangle can then be passed to the CreateWindow function to create a window whose client area is the desired size.

Description of GetWindowRect() on MSDN:

The GetClientRect function retrieves the coordinates of a window’s client area. The client coordinates specify the upper-left and lower-right corners of the client area. Because client coordinates are relative to the upper-left corner of a window’s client area, the coordinates of the upper-left corner are (0,0).

You would think that these functions are eachothers counterpart, you give a clientrectangle to AdjustWindowRectEx(), say (200×200) and you’ll get something like 214×234 if you have the Vista look active on your window. When you set your window to those dimensions with for example SetWindowPos(), and afterwards you check the size with GetClientRect(), you’ll get 212×232. This works the same with other themes, and if you copy-paste a screenshot into MS Paint, you’ll be able to measure the same 212×232 while the outside of the window is the exact given 214×234 – properly set by SetWindowPos().

The dirty ugly solution of course is to add 2 pixels to whatever you get back from AdjustWindowRectEx() – but surely someone at Microsoft is supposed to Test these functions?

RECT size;
size.left	= myWindowObj->x;
size.top	= myWindowObj->y;
size.right	= size.left + myWindowObj->w;
size.bottom	= size.top + myWindowObj->h;

AdjustWindowRectEx( &size, GetWindowLong(hWND, GWL_STYLE), FALSE, GetWindowLong(hWND, GWL_EXSTYLE) );
SetWindowPos( hWND, NULL, myWindowObj->x, myWindowObj->y, size.right - size.left + 2, size.bottom - size.top + 2, SWP_NOZORDER | SWP_NOACTIVATE );

Probability

*** I’m not a mathematician, the explanation here is probably crap, so have a look on the internet on factorials and sets.

A friend of mine asked me today if I had a script lying around to produce anagrams. After saying no and secretly checking what the heck an anagram was again, I started thinking about what it reminded me of.

My thoughts diverged on the symbol “!”, which is used in probability to calculate what your chance might be when you eliminate your previous results from the equation. So for example if you have a set of [1,2,3,4,5,6] – after rolling 3 with a dice, the set will become [1,2,4,5,6] so you can’t roll 3 again.

Anagrams are a combination of a set of predefined characters, and then mixed around. And while you might think you’ll have 6^6 possibilities, you actually have less, because you can’t use more of the same characters that are available.

Say for example you have a word of “abc”, you can make “acb”, but you can’t make “aab”, because you only have 1 “a”. Thus in the example of [1,2,3,4,5,6] you actually have 6! possibilities. We can write 6! as 6*5*4*3*2*1 = 720 possibilities.

And the rewrite of 6! is exactly what made me think of this simple algorithm:

procedure factorWord( const sBeginning: string; const sWord: string; const lstPermutations: TStrings );
var
  i, c: integer;
begin
  c := Length( sWord );

  if c = 0 then
  begin
    lstPermutations.Add( sBeginning );
  end;

  for i := 1 to c do
  begin
    factorWord( sBeginning + sWord[i], Copy( sWord, 1, i - 1 ) + Copy( sWord, i + 1 ), lstPermutations );
  end;
end;

 

You’ll initially call it for example with factorWord( ”, Edit1.Text, Memo1.Lines ); and you’ll end up with all the possible anagrams. The function works recursively on 2 sets, one that defines the entire set (Edit1.Text), and one thats starts out empty. With every recursion the possibilities of new characters to add gets smaller, while the anagram is filled with the same amount of characters in a different order, and is added to the stringlist when the recursionpath ends up with 0 remaining characters.

The biggest problem however of making anagrams is that there are simply too much possibilities when you go over about 6 characters. The worst of it, and this is after some code rewrites to append the words to a file occasionally to avoid an out-of-memory error, is that a word with 14 characters will make your textfile about the size of 2.4GB until a file streaming error occurs…

14! = 87178291200 lines, multiplied by “14 byte anagrams plus 2 bytes for the crlf”, you’ll end up with 1394852659200 bytes which amounts to 1299GB of data.

Have fun storing that on your desktop pc…

Search cmp to 0

Search: optimization “cmp eax,0″

You don’t have to compare EAX to 0 to know it’s 0, just make sure the item in EAX is edited last, with any opcode that you see in your cpu manual with the appendage that it modifies the ZF. That’s a fancy flag that says a value you just put in a register is zero.

Any mathematical, bitwise or just plain MOV into a register, modifies the Zero flag. Skip the CMP and just use either JZ (jump if zero) or JNZ (jump if not zero) to see if the zero flag is set and jump somewhere accordingly.

Search query #92385295

It was nice to read someone around the Internet is googling for “optimize code int a = b * 4″.

Of course, most people would think that it shouldn’t be optimized at all, and you’re sort of right, most compilers will optimize this simple piece of code.

But should you want to do it by yourself, there are two nice ways of doing this.

Before I start, I truly hope no compiler will translate this to a MUL opcode, it will eat your cpu-time like pacman when you have the code inside a loop.

The number 4 is awesome, why? Because it’s a multiple of 2. The extra options you instantly get for both division and multiplication when using a multiple of 2 are the opcodes SHR and SHL. Those commands just simply shift all the bits inside a register to the left or to the right. This effectively means that with a simple and fast opcode you can divide by using SHR (div 2 per bit) and multiply by using SHL (mul 2 per bit).

The problem of SHL and SHR is that not every programming language supports direct translation to these opcodes. In C/C++ however you can use “a = b << 2;” for the equivalent of  ”a = b * 4;”, and in Delphi you can use “a := b shl 2;” (I think).

Some other languages do have a bitwise shift function, but they use the rotation shift opcodes (ROL and ROR), which prepends or appends any bits that might’ve fallen off of the other side of your limits. These aren’t the functions you’ll be looking for when multiplying (and dare I say they rarely have any use in the real world).

A slight hickup about SHL and SHL is that some very very old CPU’s didn’t support shifting by more than 1 bit. But you’ll have trouble finding them old pre-486 cpu’s that didn’t.

So yeah, multiplying by 4 is fun. On the other hand, if you have to use odd numbers like 3 and 5, the only option you could consider is using addition instead of multiplication. I doubt however that you’ll get much speed out of that nowadays, unless you’re recursively/iteratively multiplying previous results like in this post.

So there it is, needing to multiple or divide by 2 – use bitwise opcodes.

Yes, I was wrong

… you can’t make traffic go one way for one port, and another way for some other port.

Why? Because you’re most likely stuck with switched traffic that only sends traffic down one cable when it figures out a certain network-address is connected to that cable.

However, I did manage to subtract one router out of the equation with the wondrous discovery of selective NAT. Aparantly you can change the default source 0.0.0.0 ACL to a specific per port list. The ip’s and ports that don’t match the ACL won’t be translated. Which is exactly what I was looking for.

This does require that with every port forward from your isp’s router to be added to the ACL of the 2nd router, but that won’t be that much of a problem.

And when your internet breaks down…

… you start connecting that console link again and start typing to get that other internet connection to work.

In this post I explained I had made a network of 3 routers so that my web-/database-/whatnot-server was able to serve over

2 different external IP’s via 2 different ISP’s (one broadband, one dsl). It had a hickup however in that the 2nd ISP couldn’t be used for normal Internet surfing etc. This was because it has a NAT configuration upside down to avoid the default-router issue.

So now I have connected a 4th router to do normal routing between the internal 192.168.0.0 network and the other network 192.168.2.0 to get to the router that connects to the dsl isp (still following?)

It proved to be quite simple (feel a bit silly to use the router for such easy work). It just routes to and from both network interfaces, with the

exception that it blocks all traffic to and from the server (because that one should use the other router with the upside down NAT configuration).

And then it just works. (well, you need to manually set the gateway of your client ofc.) I could probably make the server be able to connect to the other isp as well as long as I make sure the proper ports are blocked… But that’s stuff for at a later time.

insert into education (info) values (:thispost)

Check your input data before inserting it into an SQL Query.

The issue of SQL-Injection has been raised since like 5 years ago, and still there are people who keep ignoring it.

If you’re using PHP to query your database, make sure you’re not inserting crap first.

The easiest things you can do, and you can make it pretty complicated, are the following:

Check integers and ID’s given by the user

    if ( !is_numeric( $userinteger ) ) {
       return false;
    }

Don’t just insert strings, escape them

    $sql = "select * from users where username=':user' and password=SHA1(':pass')";
    $sql = str_replace( ":user", mysql_real_escape_string($user), $sql );
    $sql = str_replace( ":pass", mysql_real_escape_string($pass), $sql );
    $res = mysql_query( $sql );

And stop using MD5.