Skip to content

Stefan’s Blog

  • 5 min read

Using VRF (Virtual Routing and Forwarding) on Linux

It isn’t uncommon on linux systems to have muliple (layer 3, i.e. with IP addresses, not counting the loopback device) network interfaces. For example your main interface (with the default route) and a docker bridge. Or you run a firewall between a public network and one or many internal networks (perhaps as tagged VLAN interfaces).

But in rather rare scenarios you need multiple default routes: for example a separate management access in case someone attacks your main interface or it breaks due to other reasons. Or you want to provide a service to different networks (which are not connected directly) from the same host.

  • 7 min read

debian stretch: upgrade 32-bit to 64-bit

There are various reasons why one would prefer 64-bit over 32-bit (or not); basically it is about improved ABI (passing arguments in registers), bigger register (can be faster) versus higher memory usage (because pointers are twice as big). In some corner cases you want 64-bit to be able to use more memory in your programs (32-bit kernels can often handle more than 4G memory, but 32-bit userspace programs can’t).

  • 1 min read

systemd: allow normal process to bind to privileged port

Sometimes services are started by systemd with already dropped privileges, for example inspircd.service starts as irc user.

Such services cannot bind to priliged ports (< 1024) usually - in this case I needed it to listen to port 443 though (additionally to some high port) to allow users behind special firewall configurations to connect to the server.

The solution is to add the following to the service (for example by running systemctl edit inspircd.service):

[Service]
AmbientCapabilities=CAP_NET_BIND_SERVICE
  • 2 min read

Type punning with unions

TLDR: don’t use unions for type punning; always use memcpy.

Sometimes you might want to reinterpret a value of one type as value of another type. For example you might have an integer parameter, but you know that it actually contains a float value.

  • 4 min read

Fix ssh command quoting

SSH only takes a simple string as command to send to the remote end 1. In other words, ssh has to concatenate all arguments with a space as separator.