Archive

Category Archives for "Networking"

No way to parse integers in C

There are a few ways to attempt to parse a string into a number in the C standard library. They are ALL broken.

Leaving aside the wide character versions, and staying with long (skipping int, long long or intmax_t, these variants all having the same problem) there are three ways I can think of:

  1. atol()
  2. strtol() / strtoul()
  3. sscanf()

They are all broken.

What is the correct behavior, anyway?

I’ll start by claiming a common sense “I know it when I see it”. The number that I see in the string with my eyeballs must be the numerical value stored in the appropriate data type. “123” must be turned into the number 123.

Another criteria is that the WHOLE number must be parsed. It is not OK to stop at the first sign of trouble, and return whatever maybe is right. “123timmy” is not a number, nor is the empty string.

Failing to provide the above must be an error. Or at least as the user of the parser I must have the option to know if it happened.

First up: atol()

Input Output
123timmy 123
99999999999999999999999999999999 LONG_MAX
timmy 0
empty string 0
" " 0

No. All Continue reading

Network Automation with CUE – Introduction

In the past few years, network automation has made its way from a new and fancy way of configuring devices to a well-recognized industry practice. What started as a series of “hello world” examples has evolved into an entire discipline with books, professional certifications and dedicated career paths. It’s safe to say that today, most large-scale networks (>100 devices) are at least deployed (day 0) and sometimes managed (day 1+) using an automated workflow. However, at the heart of these workflows are the same exact principles and tools that were used in the early days. Of course, these tools have evolved and matured but they still have the same scope and limitations. Very often, these limitations are only becoming obvious once we hit a certain scale or complexity, which makes it even more difficult to replace them. The easiest option is to accept and work around them, forcing the square peg down the round hole. In this post, I’d like to propose an alternative approach to what I’d consider “traditional” network automation practices by shifting the focus from “driving the CLI” to the management of data. I believe that this adjustment will enable us to build automation workflows that are Continue reading

Counting individual characters on Linux

Determining how many characters are in a file is easy on the Linux command line: use the ls -l command.On the other hand, if you want to get a count of how many times each character appears in your file, you’re going to need a considerably more complicated command or a script. This post covers several different options.Counting how many times each character appears in a file To count how many of each character are included in a file, you need to string together a series of commands that will consider each character and use a sort command before it counts how many of each character are included.To do that, you can use a command like this one:To read this article in full, please click here

Counting individual characters on Linux

Determining how many characters are in a file is easy on the Linux command line: use the ls -l command.On the other hand, if you want to get a count of how many times each character appears in your file, you’re going to need a considerably more complicated command or a script. This post covers several different options.Counting how many times each character appears in a file To count how many of each character are included in a file, you need to string together a series of commands that will consider each character and use a sort command before it counts how many of each character are included.To do that, you can use a command like this one:To read this article in full, please click here

Day Two Cloud 169: Splitting Up Mono-Repositories In Infrastructure As Code

Today on the Day Two Cloud podcast we're going to talk with someone who was part of a DevOps teams deploying Infrastructure as Code (IaC) and applications in the public cloud. This project ran into challenges around scaling, the environments they needed to support, how to store certain artifacts, working with pipeline, and breaking up a monolithic repo into smaller repos and the repercussions of that decision.

The post Day Two Cloud 169: Splitting Up Mono-Repositories In Infrastructure As Code appeared first on Packet Pushers.

Day Two Cloud 169: Splitting Up Mono-Repositories In Infrastructure As Code

Today on the Day Two Cloud podcast we're going to talk with someone who was part of a DevOps teams deploying Infrastructure as Code (IaC) and applications in the public cloud. This project ran into challenges around scaling, the environments they needed to support, how to store certain artifacts, working with pipeline, and breaking up a monolithic repo into smaller repos and the repercussions of that decision.

Cisco issues fixes for active exploits of its Windows VPN clients

Cisco is offering software updates for two of its AnyConnect for Windows products it says are actively being exploited in the field.AnyConnect for Windows is security software package, in this case for Windows machines, that sets up VPN connectivity, provides access control and supports other endpoint security features. Cisco said AnyConnect products for MacOS, Linux are not affected.Cisco said its Cisco Product Security Incident Response Team (PSIRT) is aware that proof-of-concept exploit code is available for the vulnerability, which is described in this advisory.To read this article in full, please click here

Cisco issues fixes for active exploits of its Windows VPN clients

Cisco is offering software updates for two of its AnyConnect for Windows products it says are actively being exploited in the field.AnyConnect for Windows is security software package, in this case for Windows machines, that sets up VPN connectivity, provides access control and supports other endpoint security features. Cisco said AnyConnect products for MacOS, Linux are not affected.Cisco said its Cisco Product Security Incident Response Team (PSIRT) is aware that proof-of-concept exploit code is available for the vulnerability, which is described in this advisory.To read this article in full, please click here

History of Ethernet Encapsulations

Henk Smit conscientiously pointed out a major omission I made when summarizing Peter Paluch’s excellent description of how bits get parsed in network headers:

EtherType? What do you mean EtherType? There are/were 4 types of Ethernet encapsulation. Only one of them (ARPA encapsulation) has an EtherType. The other 3 encapsulations do not have an EtherType field.

What is he talking about? Time for another history lesson1.

Read more …

Partial Cloudflare outage on October 25, 2022

Partial Cloudflare outage on October 25, 2022
Partial Cloudflare outage on October 25, 2022

Today, a change to our Tiered Cache system caused some requests to fail for users with status code 530. The impact lasted for almost six hours in total. We estimate that about 5% of all requests failed at peak. Because of the complexity of our system and a blind spot in our tests, we did not spot this when the change was released to our test environment.  

The failures were caused by side effects of how we handle cacheable requests across locations. At first glance, the errors looked like they were caused by a different system that had started a release some time before. It took our teams a number of tries to identify exactly what was causing the problems. Once identified we expedited a rollback which completed in 87 minutes.

We’re sorry, and we’re taking steps to make sure this does not happen again.

Background

One of Cloudflare’s products is our Content Delivery Network, or CDN. This is used to cache assets for websites globally. However, a data center is not guaranteed to have an asset cached. It could be new, expired, or has been purged. If that happens, and a user requests that asset, our CDN needs Continue reading

Network observability: What it means to vendors and to you

As an industry analyst who focuses on network management, I make it my business to cut through hype and buzzwords. When vendors started talking about “network observability” last year, I found myself at an impasse. It seemed everyone had their own take on what this term means.Google network observability, and you will find an endless list of varying definitions. I recently read a blog that boiled it down to this: “Network monitoring is fault management. Network observability is performance management.”No! No, it is not!I decided to do something about this chaos. I talked to multiple network tool buyers and users, and I surveyed 402 IT stakeholders. I asked them to define network observability and explore what it means in the context of their network management tools and processes.To read this article in full, please click here

Palo commit and rollback

Palo Alto firewalls use the concept of a running config to hold the devices live configuration and the candidate config is copy of the running config where changes are made. A Commit operation causes the running config to be overwritten by the candidate config activating the changes.

Zero trust in the cloud: Best practices and potential pitfalls

Architecturally speaking, cloud-native applications are broken down into smaller components that are highly dynamic, distributed, and ephemeral. Because each of these components is communicating with other components inside or outside the cluster, this architecture introduces new attack vectors that are difficult to protect against using a traditional perimeter-based approach. A prudent way to secure cloud-native applications is to find a way to reduce the number of attack vectors, and this is where the principles of zero trust come into play.

With today’s multi-cloud and hybrid-cloud environments, networks are no longer restricted to a clear perimeter with clearly defined borders to defend—and cyber criminals are taking advantage of this fact by tricking users and systems into providing unauthorized access. While a lot of zero trust is focused on limiting access from users and devices, organizations are now also recognizing that in the world of distributed cloud-native applications, workloads themselves are communicating with each other and the same principles of zero trust need to be extended to cloud-native applications.

Because traditional security methods such as network firewalls rely on fixed network addresses, they are insufficient to protect dynamic, distributed, and ephemeral cloud-native workloads, which do not have fixed network addresses. They simply Continue reading

Finding and fixing typos on Linux

If you want to check a text file for typos, Linux can help.It has a couple of tools and a number of commands that can point out the errors including aspell and enchant, and I’ll share a script that I put together recently that looks for typos using the system's words file.Using aspell aspell is very clever tool that will point out typos and make it surprisingly easy to fix them. When used to make changes to a single file, it reverses the text and background colors to highlight misspelled words. You would start it with a command like this:$ aspell check myfile If aspell detects no typos, it simply exits. Otherwise, it will open with a display that contains the file text (or just the top lines depending on the length of the file) followed by a list of suggested replacement words and, below that, a list of the commands that you can run. The first typo (or suspected typo) will be displayed with the text and background colors reversed as shown below.To read this article in full, please click here

Finding and fixing typos on Linux

If you want to check a text file for typos, Linux can help.It has a couple of tools and a number of commands that can point out the errors including aspell and enchant, and I’ll share a script that I put together recently that looks for typos using the system's words file.Using aspell aspell is very clever tool that will point out typos and make it surprisingly easy to fix them. When used to make changes to a single file, it reverses the text and background colors to highlight misspelled words. You would start it with a command like this:$ aspell check myfile If aspell detects no typos, it simply exits. Otherwise, it will open with a display that contains the file text (or just the top lines depending on the length of the file) followed by a list of suggested replacement words and, below that, a list of the commands that you can run. The first typo (or suspected typo) will be displayed with the text and background colors reversed as shown below.To read this article in full, please click here

Email Routing leaves Beta

Email Routing leaves Beta
Email Routing leaves Beta

Email Routing was announced during Birthday Week in 2021 and has been available for free to every Cloudflare customer since early this year. When we launched in beta, we set out to make a difference and provide the most uncomplicated, more powerful email forwarding service on the Internet for all our customers, for free.

We feel we've met and surpassed our goals for the first year. Cloudflare Email Routing is now one of our most popular features and a top leading email provider. We are processing email traffic for more than 550,000 inboxes and forwarding an average of two million messages daily, and still growing month to month.

In February, we also announced that we were acquiring Area1. Merging their team, products, and know-how with Cloudflare was a significant step in strengthening our Email Security capabilities.

All this is good, but what about more features, you ask?

The team has been working hard to enhance Email Routing over the last few months. Today Email Routing leaves beta.

Also, we feel that this could be a good time to give you an update on all the new things we've been adding to the service, including behind-the-scenes and not-so-visible improvements.

Let’s Continue reading

1 254 255 256 257 258 3,347