当使用WSL的过程中访问WSL系统以外目录时候出现一些奇奇怪怪问题 通常就是WSL对于NTFS分区的目录权限问题。

使用 mount -l 查看,可能长这样

[root@wsl] mount -l
rootfs on / type lxfs (rw,noatime)
none on /dev type tmpfs (rw,noatime,mode=755)
sysfs on /sys type sysfs (rw,nosuid,nodev,noexec,noatime)
proc on /proc type proc (rw,nosuid,nodev,noexec,noatime)
devpts on /dev/pts type devpts (rw,nosuid,noexec,noatime,gid=5,mode=620)
none on /run type tmpfs (rw,nosuid,noexec,noatime,mode=755)
none on /run/lock type tmpfs (rw,nosuid,nodev,noexec,noatime)
none on /run/shm type tmpfs (rw,nosuid,nodev,noatime)
none on /run/user type tmpfs (rw,nosuid,nodev,noexec,noatime,mode=755)
binfmt_misc on /proc/sys/fs/binfmt_misc type binfmt_misc (rw,relatime)
cgroup on /sys/fs/cgroup type tmpfs (rw,relatime,mode=755)
cgroup on /sys/fs/cgroup/devices type cgroup (rw,relatime,devices)
C:\ on /mnt/c type drvfs (rw,noatime,uid=0,gid=0,case=off)
D:\ on /mnt/d type drvfs (rw,noatime,uid=0,gid=0,case=off)

可以看到 C:\D:\ 加载状况是这样的。这种情况下代表所有目录均以root权限进行访问。在使用sshgit等工具的时候有可能会因为一些权限问题导致意外情况发生。

解决办法很简单,通过DrvFs让WSL可以支持NTFS分区增加文件metadata信息:

  1. 挂载配置
echo '[automount]
enabled = true
root = /mnt/
options = "metadata,umask=22,fmask=11"
mountFsTab = false' > /etc/wsl.conf
  1. PowerShell中重启WSL服务
Restart-Service LxssManager

开启NAT转发

firewall-cmd --permanent --zone=public --add-masquerade

本机到本机

firewall-cmd --permanent --zone=public --add-forward-port=port=80:proto=tcp:toport=8080
firewall-cmd --permanent --zone=public --add-service=http

本机到其他机器

firewall-cmd --permanent --zone=public --add-forward-port=port=80:proto=tcp:toport=8080:toaddr=192.168.0.2
firewall-cmd --permanent --zone=public --add-port=80/tcp

重新加载应用

firewall-cmd --reload

只允许指定IP连入指定端口

firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="192.168.0.2" port protocol="tcp" port="80" accept'

只允许指定IP段连入指定端口范围

firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="192.168.0.0/24" port protocol="tcp" port="80-8080" accept'

Linux 常用网络优化

# 发送 KeepAlive 消息的间隔 1200=2分钟
sysctl -w net.ipv4.tcp_keepalive_time=1200
# IP端口重用
sysctl -w net.ipv4.tcp_tw_reuse=1

配置

sysctl -w net.ipv4.ip_forward=1 # 启用IP转发功能
sysctl -p # 立即生效
echo "net.ipv4.ip_forward=1" >> /usr/lib/sysctl.d/50-default.conf
iptables -t nat -A POSTROUTING -j MASQUERADE

添加端口转发脚本 portforward.sh

#!/bin/bash
# $1=listen port
# $2=connect address and port example:111.111.111.111:2222
iptables -t nat -A PREROUTING -p tcp -i eno1 --dport $1 -j DNAT --to $2

想要添加端口的时候只要这么用就好

./portforward.sh 22 111.111.111.111:22

仅需一条命令

grep "Failed password for root" /var/log/secure | awk '{print $11}' | sort | uniq -c | sort -nr | more

结果类似下面这样:

 4377 103.41.124.18
 4368 103.41.124.65
 3900 62.210.178.226
 2214 103.41.124.33
  409 62.210.142.105
  404 115.231.222.45
  152 122.225.97.91
   95 122.225.109.205
   81 109.195.69.233
   42 74.52.105.154
   21 87.106.184.62
   21 87.106.1.211
   21 82.165.154.23
   21 69.64.64.62
   21 67.226.156.239
   21 61.40.192.52
   21 60.213.190.98
   21 27.251.179.130
   21 222.77.190.33
   21 211.172.219.251
   21 210.249.105.10
   15 220.194.46.36
   12 203.184.128.106
    1 60.190.71.52
    1 193.104.41.58

这样我们就可以很清楚的了解有谁在尝试破解我们的密码了,之后做个相关安全策略就可以简单防治了

今天给一台CentOS系统安装openssl-devel时,出现了如下信息:

[root@centos]# yum install -y openssl-devel
Loaded plugins: fastestmirror, security
Repository updates is listed more than once in the configuration
Repository centosplus is listed more than once in the configuration
Repository contrib is listed more than once in the configuration
Repository extras is listed more than once in the configuration
Loading mirror speeds from cached hostfile
 * base: mirrors.tuna.tsinghua.edu.cn
 * extras: mirrors.tuna.tsinghua.edu.cn
 * updates: mirrors.tuna.tsinghua.edu.cn
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package openssl-devel.x86_64 0:1.0.1e-16.el6_5.14 will be installed
--> Processing Dependency: krb5-devel for package: openssl-devel-1.0.1e-16.el6_5.14.x86_64
--> Running transaction check
---> Package krb5-devel.x86_64 0:1.10.3-15.el6_5.1 will be installed
--> Processing Dependency: libselinux-devel for package: krb5-devel-1.10.3-15.el6_5.1.x86_64
--> Processing Dependency: libcom_err-devel for package: krb5-devel-1.10.3-15.el6_5.1.x86_64
--> Processing Dependency: keyutils-libs-devel for package: krb5-devel-1.10.3-15.el6_5.1.x86_64
--> Running transaction check
---> Package keyutils-libs-devel.x86_64 0:1.4-4.el6 will be installed
---> Package libcom_err-devel.x86_64 0:1.41.12-18.el6 will be installed
---> Package libselinux-devel.x86_64 0:2.0.94-5.3.el6_4.1 will be installed
--> Processing Dependency: libselinux = 2.0.94-5.3.el6_4.1 for package: libselinux-devel-2.0.94-5.3.el6_4.1.x86_64
--> Processing Dependency: libsepol-devel >= 2.0.32-1 for package: libselinux-devel-2.0.94-5.3.el6_4.1.x86_64
--> Processing Dependency: pkgconfig(libsepol) for package: libselinux-devel-2.0.94-5.3.el6_4.1.x86_64
--> Running transaction check
---> Package libselinux.i686 0:2.0.94-5.3.el6_4.1 will be installed
--> Processing Dependency: libdl.so.2(GLIBC_2.1) for package: libselinux-2.0.94-5.3.el6_4.1.i686
--> Processing Dependency: libdl.so.2(GLIBC_2.0) for package: libselinux-2.0.94-5.3.el6_4.1.i686
--> Processing Dependency: libdl.so.2 for package: libselinux-2.0.94-5.3.el6_4.1.i686
--> Processing Dependency: libc.so.6(GLIBC_2.8) for package: libselinux-2.0.94-5.3.el6_4.1.i686
--> Processing Dependency: ld-linux.so.2(GLIBC_2.3) for package: libselinux-2.0.94-5.3.el6_4.1.i686
--> Processing Dependency: ld-linux.so.2 for package: libselinux-2.0.94-5.3.el6_4.1.i686
---> Package libsepol-devel.x86_64 0:2.0.41-4.el6 will be installed
--> Running transaction check
---> Package glibc.i686 0:2.12-1.132.el6_5.2 will be installed
--> Processing Dependency: libfreebl3.so(NSSRAWHASH_3.12.3) for package: glibc-2.12-1.132.el6_5.2.i686
--> Processing Dependency: libfreebl3.so for package: glibc-2.12-1.132.el6_5.2.i686
--> Running transaction check
---> Package nss-softokn-freebl.i686 0:3.14.3-10.el6_5 will be installed
--> Finished Dependency Resolution
Error:  Multilib version problems found. This often means that the root
       cause is something else and multilib version checking is just
       pointing out that there is a problem. Eg.:

         1\. You have an upgrade for libselinux which is missing some
            dependency that another package requires. Yum is trying to
            solve this by installing an older version of libselinux of the
            different architecture. If you exclude the bad architecture
            yum will tell you what the root cause is (which package
            requires what). You can try redoing the upgrade with
            --exclude libselinux.otherarch ... this should give you an error
            message showing the root cause of the problem.

         2\. You have multiple architectures of libselinux installed, but
            yum can only see an upgrade for one of those arcitectures.
            If you don't want/need both architectures anymore then you
            can remove the one with the missing update and everything
            will work.

         3\. You have duplicate versions of libselinux installed already.
            You can use "yum check" to get yum show these errors.

       ...you can also use --setopt=protected_multilib=false to remove
       this checking, however this is almost never the correct thing to
       do as something else is very likely to go wrong (often causing
       much more problems).

       Protected multilib versions: libselinux-2.0.94-5.3.el6_4.1.i686 != libselinux-2.0.94-5.3.0.1.el6.centos.plus.x86_64
 You could try using --skip-broken to work around the problem
 You could try running: rpm -Va --nofiles --nodigest

最后在一个日文的网站上找到了解决办法:

yum install --enablerepo=centosplus openssl-devel

参考:http://blog.urban-theory.net/2014/06/16/openssl-devel-install-fails-on-centos-with-docker

通过终端(terminal)命令安装

sudo add-apt-repository ppa:webupd8team/sublime-text-2
sudo apt-get update
sudo apt-get install sublime-text

通过解压官网安装包安装

  1. 将下载的tar.bz2文件解压
tar xf Sublime Text 2.0.1 x64.tar.bz2
  1. 将解压后的文件夹移动到应用程序文件夹
sudo mv Sublime Text 2 /opt/
  1. 设置terminal快速启动命令
sudo ln -s /opt/Sublime Text 2/sublime_text /usr/bin/sublime
  1. 在桌面创建快捷方式
sudo sublime /usr/share/applications/sublime.desktop
  1. 将下面的代码保存进去
[Desktop Entry]
Version=1.0
Name=Sublime Text 2
# Only KDE 4 seems to use GenericName, so we reuse the KDE strings.
# From Ubuntu's language-pack-kde-XX-base packages, version 9.04-20090413.
GenericName=Text Editor
Exec=sublime
Terminal=false
Icon=/opt/Sublime Text 2/Icon/48x48/sublime_text.webp
Type=Application
Categories=TextEditor;IDE;Development
X-Ayatana-Desktop-Shortcuts=NewWindow

[NewWindow Shortcut Group]
Name=New Window
Exec=sublime -n
TargetEnvironment=Unity

貌似安装sublime3的时候会自动创建快速启动命令,所以如果安装的是3就不用再手动设置了

摘抄自原文:http://my.oschina.net/rc6688/blog/162043#OSC_h2_4

在Linux 2.6.33.6中,源文件在:/usr/src/kernels/2.6.33.6/include/linux/skbuff.h

struct sk_buff在2.6.18中的定义:

struct sk_buff {
        /* These two members must be first. */
        struct sk_buff          *next;
        struct sk_buff          *prev;

        struct sock             *sk;
        struct skb_timeval      tstamp;
        struct net_device       *dev;
        struct net_device       *input_dev;

        union {
                struct tcphdr   *th;
                struct udphdr   *uh;
                struct icmphdr  *icmph;
                struct igmphdr  *igmph;
                struct iphdr    *ipiph;
                struct ipv6hdr  *ipv6h;
                unsigned char   *raw;
        } h;

        union {
                struct iphdr    *iph;
                struct ipv6hdr  *ipv6h;
                struct arphdr   *arph;
                unsigned char   *raw;
        } nh;

        union {
                unsigned char   *raw;
        } mac;

        struct  dst_entry       *dst;
        struct  sec_path        *sp;
        /*
         * This is the control buffer. It is free to use for every
         * layer. Please put your private variables there. If you
         * want to keep them across layers you have to do a skb_clone()
         * first. This is owned by whoever has the skb queued ATM.
         */
        char                    cb[48];

        unsigned int            len,
                                data_len,
                                mac_len,
                                csum;
        __u32                   priority;
        __u8                    local_df:1,
                                cloned:1,
                                ip_summed:2,
                                nohdr:1,
                                nfctinfo:3;
        __u8                    pkt_type:3,
                                fclone:2,
#ifndef CONFIG_XEN
                                ipvs_property:1;
#else
                                ipvs_property:1,
                                proto_data_valid:1,
                                proto_csum_blank:1;
#endif
        __be16                  protocol;

        void                    (*destructor)(struct sk_buff *skb);
#ifdef CONFIG_NETFILTER
        struct nf_conntrack     *nfct;
#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
       struct sk_buff          *nfct_reasm;
#endif
#ifdef CONFIG_BRIDGE_NETFILTER
        struct nf_bridge_info   *nf_bridge;
#endif
        __u32                   nfmark;
#endif /* CONFIG_NETFILTER */
#ifdef CONFIG_NET_SCHED
        __u16                   tc_index;       /* traffic control index */
#ifdef CONFIG_NET_CLS_ACT
        __u16                   tc_verd;        /* traffic control verdict */
#endif
#endif
#ifdef CONFIG_NET_DMA
        dma_cookie_t            dma_cookie;
#endif
#ifdef CONFIG_NETWORK_SECMARK
        __u32                   secmark;
#endif

        /* These elements must be at the end, see alloc_skb() for details.  */
        unsigned int            truesize;
        atomic_t                users;
        unsigned char           *head,
                                *data,
                                *tail,
                                *end;
        /* Extra stuff at the end to avoid breaking abi */
#ifndef __GENKSYMS__
        int                      peeked;
#endif
};

struct sk_buff在2.6.33中的定义:

struct sk_buff {
        /* These two members must be first. */
        struct sk_buff          *next;
        struct sk_buff          *prev;

        ktime_t                 tstamp;

        struct sock             *sk;
        struct net_device       *dev;

        /*
         * This is the control buffer. It is free to use for every
         * layer. Please put your private variables there. If you
         * want to keep them across layers you have to do a skb_clone()
         * first. This is owned by whoever has the skb queued ATM.
         */
        char                    cb[48] __aligned(8);

        unsigned long           _skb_dst;
#ifdef CONFIG_XFRM
        struct  sec_path        *sp;
#endif
        unsigned int            len,
                                data_len;
        __u16                   mac_len,
                                hdr_len;
        union {
                __wsum          csum;
                struct {
                        __u16   csum_start;
                        __u16   csum_offset;
                };
        };
        __u32                   priority;
        kmemcheck_bitfield_begin(flags1);
        __u8                    local_df:1,
                                cloned:1,
                                ip_summed:2,
                                nohdr:1,
                                nfctinfo:3;
        __u8                    pkt_type:3,
                                fclone:2,
                                ipvs_property:1,
                                peeked:1,
                                nf_trace:1;
        __be16                  protocol:16;
        kmemcheck_bitfield_end(flags1);

        void                    (*destructor)(struct sk_buff *skb);
#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
        struct nf_conntrack     *nfct;
        struct sk_buff          *nfct_reasm;
#endif
#ifdef CONFIG_BRIDGE_NETFILTER
        struct nf_bridge_info   *nf_bridge;
#endif

        int                     skb_iif;
#ifdef CONFIG_NET_SCHED
        __u16                   tc_index;       /* traffic control index */
#ifdef CONFIG_NET_CLS_ACT
        __u16                   tc_verd;        /* traffic control verdict */
#endif
#endif

        kmemcheck_bitfield_begin(flags2);
        __u16                   queue_mapping:16;
#ifdef CONFIG_IPV6_NDISC_NODETYPE
        __u8                    ndisc_nodetype:2;
#endif
        kmemcheck_bitfield_end(flags2);

        /* 0/14 bit hole */

#ifdef CONFIG_NET_DMA
        dma_cookie_t            dma_cookie;
#endif
#ifdef CONFIG_NETWORK_SECMARK
        __u32                   secmark;
#endif
        union {
                __u32           mark;
                __u32           dropcount;
        };

        __u16                   vlan_tci;

        sk_buff_data_t          transport_header;
        sk_buff_data_t          network_header;
        sk_buff_data_t          mac_header;
        /* These elements must be at the end, see alloc_skb() for details.  */
        sk_buff_data_t          tail;
        sk_buff_data_t          end;
        unsigned char           *head,
                                *data;
        unsigned int            truesize;
        atomic_t                users;
};

有了以上定义的话,我们就可以做类似如下定义来使我们的驱动支持多内核了:

struct sk_buff *new_skb;
#if LINUX_VERSION_CODE <= KERNEL_VERSION(2,6,18)
new_skb->mac.raw = (unsigned char *)new_eth_p;
#else
new_skb->mac_header = (unsigned char *)new_eth_p;
#endif

参考:http://www.linuxquestions.org/questions/linux-kernel-70/struct-sk_buff-differs-in-2-6-18-and-2-6-33-kernel-882507/

Linux使用gcc编译使用zlib库的代码时,使用 -lz 来链接(link) zlib 库。

否则就会出现类似 undefined reference to `deflateInit_’ 的错误

当调用tcpdump时,出现错误:tcpdump: USB link-layer type filtering not implemented

原因

说明系统可能有多块网卡共存。

需要指定工作网卡才能开始截包,使用参数举例

[root@centos]# tcpdump -i eth0 udp port 53

在实际使用中例子中“eth0”“udp”“53”等参数,要根据实际需要来进行修改。 虽然一般单网卡默认名称应该是eth0,但也有其他情况。实际中要使用ifconfig查看自己需要使用的网卡。

RSS 订阅