PHP fopen() Tricks

The fopen() function in PHP allows one to read a remote file, or a web page. I recently added a feature in the logmon module to read and parse a remote syslog event definition page by its URL in the Cisco web space, such as this one documenting Cisco NX-OS events.

Here are two tricks that I have learned implementing the above feature. In my case, the server on which my code is run is on a subnet not NATted from the internal network to the outside, which means that I can not directly access an external website. There are two ways to work around this issue:

1. Use an IP address that is NATted or accessible from the outside;
2. Go through a proxy server.

Multi-Homed Server

Re-addressing a server may be a bit more involved especially in networking where IP addresses do get directly used a lot. However, a server may have more than one IP addresses. So if we add an IP address that is NATted or public, we can go back to work. To use a different IP address on the server for fopen(), one needs to use the forth parameter to fopen(): the $context.

Here is a little snippet of PHP code specifying source interface for fopen():

$srcip = '192.168.20.30';  // Assuming this is a NATted IP address
$context = stream_context_create
(
array
(
 'socket' => array
 (
  'bindto' => $srcip,
 )
)
);
($fn = fopen($url, "r", false, $context)) || die("Can not open '$url'\n\n");

while (!feof($fn)) {
echo fgetss($fn);
}

Proxy

Another way out of this problem is to use a proxy server that is accessible from the internal network. We do have a few of those deployed. To use one of them, we only need to make a simple change in how the $context is created in the example above:

$context = stream_context_create
(
array
(
 'http' => array
 (
  'proxy' => 'tcp://192.168.10.10:80' // The proxy server address and port
 ),
)
);

To DNS or not to DNS: That is a question!

Here at UMHS, some of our network devices, i.e., switches and routers are named in some sub-domains in the DNS system, which provides an easy way for people to access them on the command line. For example, it is much easier to remember some-clinic.switch.med.umich.edu than 192.168.129.18.

To name our devices in a consistent way across the board, we have to decide on a device naming convention -- That is likely a common practice for all IT teams out there managing a network of any size larger than one single building. However, that presented me with this issue: Do we continue with naming the devices in DNS or not?

There are multiple ways a device in the IP networking world may be identified, DNS name is one of them, IP address(es) is another. Yet another is the SNMP MIB object SNMPv2-MIB::sysName. They each serves a different purpose: a DNS name serves humans and an IP address serves machines. The sysName object, on the other hand, serves network management systems that talk to devices using the SNMP protocol.

To minimize conflict of interests in naming a device, it is probably the easiest to make a DNS name identical to the sysName on the device. However, I have seen in more than one organizations where device naming conventions factor location and IP address information into the sysName, which in Cisco IOS is configured using the hostname command. Adopting such a naming convention effectively renders the human readability of a DNS name close to that of IP addresses. Also, synchronizing the sysName values defined in devices and their DNS names take a lot of work to do right. Some times it is a task crossing team boundaries, which is not to say it is impossible but difficult to say the least. So many a time the DNS names are out of sync with the IP addresses of devices after they are upgraded or a network is renumbered. The Combination of those two factors probably explains why I have seen many of my colleagues access devices using their IP addresses directly rather than using their DNS names.

My thoughts are that, a device should be named just for human access. Therefore embedding location and IP address in device name may seem to be a good idea but defeats the purpose of a name. After all, there is a sysLocation object in the SNMPv2-MIB and DNS exists to translate a name to an IP address. What we really need is probably a simple utility which, when given a DNS name or an IP address of a device, produces the other information such as location or whether the device really is a router or a switch.

RegexPal: 一个很好用的正则表达式测试工具

RegexPal 是 Steven Levithan 用 JavaScript 写的一个正则表达式测试工具，用过一段时间，很不错，感觉应该介绍一下。

正则表达式是做各种文本处理常用的一种手法，最早在 Perl 语言里广泛使用，现在则在诸如 PHP、Python、Java，甚至 C/C++ 等许多语言里都经常遇到。但是要写一个正则表达式有时候不是一件很容易的事，除了试错似乎没有好的办法。

RegexPal 让你输入一个表达式和一段要分析的文本，然后以颜色标示出匹配的字段。

比如：

表达式：([\w\d\-\.]+)\s+last message repeated (\d+) times$

文本：10.20.30.40 last message repeated 2 times

PayPal: Almost a Complete Lie!

I believed PayPal's advertisement of "AS LOW AS $1.50 U.S. TO SEND $300 U.S. TO COUNTRIES ..." and their fee calculator told me that sending $450.00 to China costs $2.25.

Great!

It turns out, what they does not tell me is that, the recipient will have to pay to get the money, as your money only ends up in the recipient's PayPal account. To get the money into a bank account in China, it has to be done through money transfer, for which PayPal charges a fee of $35.00.

I call that "almost a complete lie!"

You can try it out here.