系统设置中:
route.all-resources = true
openfire 所有系统属性
https://community.igniterealtime.org/docs/DOC-1061
系统设置中:
route.all-resources = true
openfire 所有系统属性
https://community.igniterealtime.org/docs/DOC-1061
iptables -A INPUT -p udp --dport 53 -m state --state NEW -m recent --set --name DNSQF --rsource iptables -A INPUT -p udp --dport 53 -m state --state NEW -m recent --update --seconds 1 --hitcount 15 --name DNSQF --rsource -j DROP iptables -A INPUT -p udp --dport 53 -m string --from 30 --to 50 --algo bm --hex-string '|01780a7869707a65727373636303636f6d00|' -j DROP -m comment --comment "DROP DNS Q ANY Name: x.xipzersscc.com" iptables -A INPUT -p udp --dport 53 -m string --from 30 --to 60 --algo bm --hex-string '|057064646f7303636f6d00|' -j DROP -m comment --comment "DROP DNS Q pddos.com" iptables -A INPUT -p udp --dport 53 -m string --from 30 --to 50 --algo bm --hex-string '|09686363666f72756d73026e6c0000ff|' -j DROP -m comment --comment "DROP DNS Q ANY hccforums.nl" iptables -A INPUT -p udp --dport 53 -m string --from 30 --to 54 --algo bm --hex-string '|0973617665726f61647302727500|' -j DROP -m comment --comment "DROP DNS Q saveroads.ru" iptables -A INPUT -p udp --dport 53 -m string --from 30 --to 54 --algo bm --hex-string '|0948697a62756c6c6168026d6500|' -j DROP -m comment --comment "DROP DNS Q Hizbullah.me" iptables -A INPUT -p udp --dport 53 -m string --from 32 --to 44 --algo bm --hex-string '|076765726461723302727500|' -j DROP -m comment --comment "DROP DNS Q gerdar3.ru" iptables -A INPUT -p udp --dport 53 -m string --from 32 --to 56 --algo bm --hex-string '|77777705677839313103636f6d00|' -j DROP -m comment --comment "DROP DNS Q www.gx911.com" iptables -A INPUT -p udp --dport 53 -m string --from 32 --to 56 --algo bm --hex-string '|777777053939397170036e657400|' -j DROP -m comment --comment "DROP DNS Q www.999qp.net" iptables -A INPUT -p udp --dport 53 -m string --from 32 --to 40 --algo bm --hex-string '|03646f6303676f7600|' -j DROP -m comment --comment "DROP DNS Q doc.gov"
最近拿到这问题觉得非常简单
grep -wvf file1 file2
可后来发现两个文件都非常大的时候会出现内存用完的情况。正准备自己写程序来解决这问题时,突然发现万能的awk
awk '{print $0}' bailing.txt good.txt |sort |uniq -u >no_new_bailing.txt
/* * Banner Grab Copyright 2013 Regents of the University of Michigan * * Licensed under the Apache License, Version 2.0 (the "License"); you may not * use this file except in compliance with the License. You may obtain a copy * of the License at http://www.apache.org/licenses/LICENSE-2.0 */ #include <sys/socket.h> #include <netinet/in.h> #include <arpa/inet.h> #include "logger.h" #include <event2/event.h> #include <event2/buffer.h> #include <event2/bufferevent.h> #include <event2/bufferevent_ssl.h> #include <getopt.h> #include <stdio.h> #include <stdlib.h> #include <string.h> #include <errno.h> #include <ulimit.h> #define MAX_BANNER_LEN 1024 #define BASE64_ALPHABET "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/" struct config { uint16_t port; int connect_timeout; // how long to wait for connecting (seconds) int read_timeout; // how long to wait once connected for the banner (seconds) int current_running; int max_concurrent; struct event_base *base; struct bufferevent *stdin_bev; int stdin_closed; enum {FORMAT_HEX, FORMAT_BASE64, FORMAT_ASCII} format; char *send_str; long send_str_size; struct stats_st { int init_connected_hosts; // Number of hosts we have even tried to connect to int connected_hosts; // # hosts that picked up int conn_timed_out; // # hosts that timed out during connection int read_timed_out; // # hosts that connected, but sent no data (banner) int timed_out; // # hosts that timed out at all (conn_timed_out+read_timed_out)? int completed_hosts; // # hosts that presented a banner } stats; char *findstr; }; struct state { struct config *conf; uint32_t ip; enum {CONNECTING, CONNECTED, RECEIVED} state; }; void stdin_readcb(struct bufferevent *bev, void *arg); void print_status(evutil_socket_t fd, short events, void *arg) { struct event *ev; struct config *conf = arg; struct event_base *base = conf->base; struct timeval status_timeout = {1, 0}; ev = evtimer_new(base, print_status, conf); evtimer_add(ev, &status_timeout); (void)fd; (void)events; //log_info("banner-grab-tcp", "(%d/%d in use) - Totals: %d inited, %d connected, %d conn timeout, %d read timeout %d completed", // conf->current_running, conf->max_concurrent, // conf->stats.init_connected_hosts, // conf->stats.connected_hosts, conf->stats.conn_timed_out, // conf->stats.read_timed_out, conf->stats.completed_hosts); } void decrement_cur_running(struct state *st) { struct config *conf = st->conf; conf->current_running--; //log_debug("banner-grab-tcp", "done, down to %d", // conf->current_running); if (evbuffer_get_length(bufferevent_get_input(conf->stdin_bev)) > 0) { stdin_readcb(conf->stdin_bev, conf); } free(st); if (conf->stdin_closed && conf->current_running == 0) { // Done log_info("banner-grab-tcp", "done"); print_status(0, 0, conf); exit(0); } } void connect_cb(struct bufferevent *bev, short events, void *arg) { struct state *st = arg; struct config *conf = st->conf; struct in_addr addr; addr.s_addr = st->ip; FILE *fpbailing; if (events & BEV_EVENT_CONNECTED) { struct timeval tv = {st->conf->read_timeout, 0}; //log_debug("banner-grab-tcp", "%s connected", inet_ntoa(addr)); // Send data if (conf->send_str) { struct evbuffer *evout = bufferevent_get_output(bev); // HACK!!! TODO: make some messy parser that replaces ${IP} with IP etc // and allow null characters evbuffer_add_printf(evout, conf->send_str, inet_ntoa(addr), inet_ntoa(addr), inet_ntoa(addr), inet_ntoa(addr)); } // Change from connect timeout to read timeout bufferevent_set_timeouts(bev, &tv, &tv); // Update state/stats st->state = CONNECTED; st->conf->stats.connected_hosts++; } else { if (st->state == CONNECTED) { // Print out that we just didn't receive data printf("%s X\n", inet_ntoa(addr)); fflush(stdout); st->conf->stats.read_timed_out++; } else { st->conf->stats.conn_timed_out++; } fpbailing=fopen("bailing.txt","a+"); fputs(strcat(inet_ntoa(addr),"\n"),fpbailing); fclose(fpbailing); //log_debug("banner-grab-tcp", "%s bailing..", inet_ntoa(addr)); bufferevent_free(bev); st->conf->stats.timed_out++; decrement_cur_running(st); } } // Grab these bytes, and close the connection. // Even if we don't need to read any bytes, // we have to have this so that libevent thinks we have // a read event, so that it can timeout TCP connects // (as a read timeout) void read_cb(struct bufferevent *bev, void *arg) { struct evbuffer *in = bufferevent_get_input(bev); struct state *st = arg; size_t len = evbuffer_get_length(in); struct in_addr addr; addr.s_addr = st->ip; char *pfind ="php"; FILE *fpgood; //log_debug("banner-grab-tcp", "read_cb for %s", inet_ntoa(addr)); if (len > MAX_BANNER_LEN) { len = MAX_BANNER_LEN; } if (len > 0) { // Grab the banner unsigned int i; unsigned char *buf = malloc(len+1); st->state = RECEIVED; if (!buf) { log_fatal("banner-grab-tcp", "cannot alloc %d byte buf", len+1); return; } evbuffer_remove(in, buf, len); //printf("%s ", inet_ntoa(addr)); if (st->conf->format == FORMAT_ASCII) { // Ascii buf[len] = '\0'; pfind=st->conf->findstr; if(strstr(buf,pfind)){ printf("%s ", inet_ntoa(addr)); printf("%s\n",buf); fpgood=fopen("result.txt","a+"); fputs(strcat(inet_ntoa(addr),"\n"),fpgood); fclose(fpgood); } //printf("%s\n", buf); } else if (st->conf->format == FORMAT_HEX) { // Hex output for (i=0; i<len; i++) { printf("%02x", buf[i]); } printf("\n"); } else if (st->conf->format == FORMAT_BASE64) { // Base64 int i=0; char out[4] = {0,0,0,0}; while (i < len) { uint32_t value = 0; value += (i < len) ? buf[i++] << 16 : 0; value += (i < len) ? buf[i++] << 8 : 0; value += (i < len) ? buf[i++] : 0; out[0] = BASE64_ALPHABET[(value >> 18) & 0x3F]; out[1] = BASE64_ALPHABET[(value >> 12) & 0x3F]; out[2] = BASE64_ALPHABET[(value >> 6) & 0x3F]; out[3] = BASE64_ALPHABET[(value ) & 0x3F]; if (i < len) { printf("%c%c%c%c", out[0], out[1], out[2], out[3]); } } if (len > 0) { switch (len % 3) { case 1: out[2] = '='; case 2: out[3] = '='; default: break; } printf("%c%c%c%c\n", out[0], out[1], out[2], out[3]); } } fflush(stdout); free(buf); st->conf->stats.completed_hosts++; } bufferevent_free(bev); decrement_cur_running(st); } void grab_banner(struct state *st) { struct sockaddr_in addr; struct bufferevent *bev; struct timeval read_to = {st->conf->connect_timeout, 0}; addr.sin_family = AF_INET; addr.sin_port = htons(st->conf->port); addr.sin_addr.s_addr = st->ip; //log_debug("banner-grab-tcp", "connect %s:%d", // inet_ntoa(addr.sin_addr), st->conf->port); bev = bufferevent_socket_new(st->conf->base, -1, BEV_OPT_CLOSE_ON_FREE); bufferevent_set_timeouts(bev, &read_to, &read_to); bufferevent_setcb(bev, read_cb, NULL, connect_cb, st); bufferevent_enable(bev, EV_READ); st->state = CONNECTING; st->conf->stats.init_connected_hosts++; if (bufferevent_socket_connect(bev, (struct sockaddr *)&addr, sizeof(addr)) < 0) { log_warn("banner-grab-tcp", "could not connect socket %d (%d open) %d %d", bufferevent_getfd(bev), st->conf->current_running, errno, ENFILE); perror("connect"); bufferevent_free(bev); decrement_cur_running(st); return; } } void stdin_eventcb(struct bufferevent *bev, short events, void *ptr) { struct config *conf = ptr; if (events & BEV_EVENT_EOF) { log_debug("banner-grab-tcp", "received EOF; quitting after buffer empties"); conf->stdin_closed = 1; if (conf->current_running == 0) { log_info("banner-grab-tcp", "done"); print_status(0, 0, conf); exit(0); } } } void stdin_readcb(struct bufferevent *bev, void *arg) { struct evbuffer *in = bufferevent_get_input(bev); struct config *conf = arg; //log_debug("banner-grab-tcp", "stdin cb %d < %d ?", // conf->current_running, conf->max_concurrent); while (conf->current_running < conf->max_concurrent && evbuffer_get_length(in) > 0) { char *ip_str; size_t line_len; char *line = evbuffer_readln(in, &line_len, EVBUFFER_EOL_LF); struct state *st; if (!line) break; log_debug("banner-grab-tcp", "line: %s", line); ip_str = line; /* port_str = strstr(line, ":") + 1; if (!port_str) port_str = strstr(line, " ") + 1; if (!port_str) break; *(port_str-1) = '\0'; port = atoi(port_str); */ //printf("scanning %s:%d\n", ip conf->current_running++; st = malloc(sizeof(*st)); st->conf = conf; st->ip = inet_addr(ip_str); grab_banner(st); } } int main(int argc, char *argv[]) { struct event_base *base; struct event *status_timer; struct timeval status_timeout = {1, 0}; int c; struct option long_options[] = { {"concurrent", required_argument, 0, 'c'}, {"port", required_argument, 0, 'p'}, {"conn-timeout", required_argument, 0, 't'}, {"read-timeout", required_argument, 0, 'r'}, {"verbosity", required_argument, 0, 'v'}, {"format", no_argument, 0, 'f'}, {"data", required_argument, 0, 'd'}, {0, 0, 0, 0}, {"key", required_argument, 0, 'k'} }; struct config conf; int ret; FILE *fp; log_init(stderr, LOG_INFO, 0, "banner-grab"); ret = ulimit(4, 1000000); // Allow us to open 1 million fds (instead of 1024) if (ret < 0) { log_fatal("banner-grab-tcp", "cannot set ulimit"); perror("ulimit"); exit(1); } base = event_base_new(); conf.base = base; // buffer stdin as an event conf.stdin_bev = bufferevent_socket_new(base, 0, BEV_OPT_DEFER_CALLBACKS); bufferevent_setcb(conf.stdin_bev, stdin_readcb, NULL, stdin_eventcb, &conf); bufferevent_enable(conf.stdin_bev, EV_READ); // Status timer status_timer = evtimer_new(base, print_status, &conf); evtimer_add(status_timer, &status_timeout); // Defaults conf.max_concurrent = 1; conf.current_running = 0; memset(&conf.stats, 0, sizeof(conf.stats)); conf.connect_timeout = 4; conf.read_timeout = 4; conf.stdin_closed = 0; conf.format = FORMAT_BASE64; conf.send_str = NULL; // Parse command line args while (1) { int option_index = 0; c = getopt_long(argc, argv, "c:p:t:r:v:f:d:k:", long_options, &option_index); if (c < 0) { break; } switch (c) { case 'c': conf.max_concurrent = atoi(optarg); break; case 'p': conf.port = atoi(optarg); break; case 'k': conf.findstr=optarg; break; case 't': conf.connect_timeout = atoi(optarg); break; case 'r': conf.read_timeout = atoi(optarg); break; case 'v': if (atoi(optarg) >= 0 && atoi(optarg) <= 5) { log_init(stderr, atoi(optarg), 0, "banner-grab"); } break; case 'f': if (strcmp(optarg, "hex") == 0) { conf.format = FORMAT_HEX; } else if (strcmp(optarg, "base64") == 0) { conf.format = FORMAT_BASE64; } else if (strcmp(optarg, "ascii") == 0) { conf.format = FORMAT_ASCII; } else { log_fatal("banner-grab-tcp", "Unknown format '%s'; use 'hex', 'base64', or 'ascii'", optarg); } break; case 'd': fp = fopen(optarg, "r"); if (!fp) { log_error("banner-grab-tcp", "Could not open send data file '%s':", optarg); perror("fopen"); exit(-1); } fseek(fp, 0L, SEEK_END); conf.send_str_size = ftell(fp); fseek(fp, 0L, SEEK_SET); //assert(conf.send_str_size < 10000); // jumbo frames? conf.send_str = malloc(conf.send_str_size+1); if (!conf.send_str) { log_fatal("banner-grab-tcp", "Could not malloc %d bytes", conf.send_str_size+1); } if (fread(conf.send_str, conf.send_str_size, 1, fp) != 1) { log_fatal("banner-grab-tcp", "Couldn't read from send data file '%s':", optarg); } conf.send_str[conf.send_str_size] = '\0'; fclose(fp); break; case '?': printf("Usage:\n"); printf("\t%s [-c max_concurrency] [-t connect_timeout] [-r read_timeout] \n\t" "[-v verbosity=0-5] [-d send_data_file] [-f ascii|hex|base64] -p port\n", argv[0]); exit(1); default: log_info("banner-grab-tcp", "hmmm.."); break; } } log_info("banner-grab-tcp", "Using port %d with max_concurrency %d, %d s conn timeout, %d s read timeout", conf.port, conf.max_concurrent, conf.connect_timeout, conf.read_timeout); event_base_dispatch(base); return 0; }
使用方法 加上-k “xxx” 就行了。 匹配的结果保存在result.txt文件中
今天没事编译forge-socket时出现的对‘unlock_file’未定义的引用 错误
cd zmap/examples/forge-socket mkdir forge-socket-utl cd forge-socket-utl git clone https://github.com/ewust/forge_socket/ cd forge_socket make insmod forge_socket.ko cp forge_socket.h ../../ cd ../../ make
这时出现了
root@xxx-All-Series:~/soft/zmap/zmap-master/examples/forge-socket# make cc -I../../lib/ -I../../forge_socket -Wall -g -O2 -fstack-protector-all --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -fPIC forge-socket.o xalloc.o logger.o -o forge-socket -lpcap -levent -levent_extra -lm -Wl,-Bsymbolic-functions -Wl,-z,relro,-z,now logger.o:在函数‘LogLogVA’中: /home/xxx/soft/zmap/zmap-master/examples/forge-socket/../../lib/logger.c:99:对‘unlock_file’未定义的引用 /home/xxx/soft/zmap/zmap-master/examples/forge-socket/../../lib/logger.c:67:对‘lock_file’未定义的引用
初看下应该是make文件中少了一个包含文件
查看Makefile文件
CFLAGS+=-I../../lib/ -I../../forge_socket -Wall LDFLAGS+=-lpcap -levent -levent_extra -lm VPATH=../../lib/ # from dpkg-buildflags --get CFLAGS, but use stack-protector-all and fPIC GCCHARDENING=-g -O2 -fstack-protector-all --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -fPIC # from gpkg-buildflags --get LDFLAGS, + -z,now LDHARDENING=-Wl,-Bsymbolic-functions -Wl,-z,relro,-z,now CFLAGS+=$(GCCHARDENING) LDFLAGS+=$(LDHARDENING) all: forge-socket forge-socket: forge-socket.o xalloc.o logger.o $(CC) $(CFLAGS) $^ -o $@ $(LDFLAGS) clean: rm -f forge-socket *.o
然后grep “unlock_file” ./ -r 发现 unlock_file函数是在 lockfd.h 这个文件中声明的。 赶紧在Makefile中
forge-socket: forge-socket.o xalloc.o logger.o
改为
forge-socket: forge-socket.o xalloc.o logger.o lockfd.o
然后 解决问题。
Cobar是关系型数据的分布式处理系统,它可以在分布式的环境下像传统数据库一样为您提供海量数据服务 前生为Amoeba
其它同类中的还有Atlas,TDDL
PFQ 是一个支持多语言的网络框架,主要用于 Linux 操作系统下进行高效的包捕获和传输,适用于多核处理器系统中的网络监控框架。
PFQ 专门为多核处理器而优化,包括对多个硬件队列的网络设备优化,支持任意网络设备驱动,并提供一个脚本用来加速和优化对设备数据的获取。
该框架可用来开发高性能的应用,使用 C、C++11 和 Haskell 。此外 PFQ 还包含一个纯函数语言 PFQ/lang 。
PFQ/lang 灵感来自于 Haskell 可以用来创建运行在内核空间中网络设备驱动之上的小应用程序,例如用来创建高效的桥接程序、端口镜像、简单防火墙和网络均衡器等等。
完全无锁和非堵塞架构
预先分配 Socket 缓冲池
兼容绝大多数网络设备驱动
Rx and Tx 10-Gbit line-rate (14,8Mpps), 基于 Intel ixgbe vanilla 驱动
透明的支持核心线程,用于异步包交换
通过 socket 组并发监控多线程应用
通过随机化哈希和固定分类进行 Per-group 包管理
Per-group Berkeley 和 VLAN 过滤器.
内核中用于包处理的函数化引擎: PFQ/lang v4.x.
为 C、C++11-14 和 Haskell 语言提供用户空间库
PFQ/lang as eDLS for C++11-14 and Haskell language.
加速的 pcap 库用于包捕获和传输
pfqd, 用来配置和并行化多实例传统应用的守护进程.
pfq-omatic, 用来动态加速 vanilla 驱动的脚本
I/O user<->kernel 共享内存 基于 HugePages
PFQ 的性能高度依赖于所运行的硬件环境。在至强处理器、Intel 82599 10G 控制器上,PFQ 每秒可处理约 1480 万的数据包(2 或者 3 核心线程),详细配置请看 Intel processors.
<?php
function list_days($year_start,$year_end){
if($year_end<$year_start){
return array();
}
$result=array();
for($year=$year_start;$year<=$year_end;$year=$year+1){
for($month=1;$month<=12;$month=$month+1){
$day_nums=cal_days_in_month(CAL_GREGORIAN,$month,$year);
for($day=1;$day<=$day_nums;$day=$day+1){
$tmp=$year."-".$month."-".$day;
$now=date("Y-m-d",time());
$times=date("Y-m-d",strtotime($tmp));
$result[]=$times;
if($times==$now){
break 3;
}
}
}
}
return $result;
}
function list_month($year_start,$year_end){
if($year_end<$year_start){
return array();
}
$result=array();
for($year=$year_start;$year<=$year_end;$year=$year+1){
for($month=1;$month<=12;$month=$month+1){
$tmp=$year."-".$month;
$now=date("Y-m",time());
$times=date("Y-m",strtotime($tmp));
$result[]=$times;
if($times==$now){
break 2;
}
}
}
return $result;
}
$day_month=list_month(2013,2016);
$day_list=list_days(2013,2016);
var_dump($day_month);
?>