unexport/i.go
package unexport
var i int
func init() {
i = 2
}
main.go
package main
import (
"fmt"
_ "unsafe"
_ "unexport"
)
//go:linkname I unexport.i
var I int
func main() {
fmt.Println(I)
}
package main
import (
"fmt"
"github.com/alangpierce/go-forceexport"
)
func main() {
var timeNow func() (int64, int32)
err := forceexport.GetFunc(&timeNow, "time.now")
if err != nil {
// Handle errors if you care about name possibly being invalid.
fmt.Println(err)
}
// Calls the actual time.now function.
sec, nsec := timeNow()
fmt.Printf("%v %v", sec, nsec)
}
Original publication: 2007-10-01
Last update: 2016-02-14
Repost from https://blog.wains.be/2007/2007-10-01-tcpdump-advanced-filters/
In this article, I will explain how to use tcpdump to:
I usually type tcpdump -n -i eth1 -s 1600
before my filter but I won't do that throughout the article. -n
prevents DNS lookups, -i
specifies the interface and -s
specifies the size of the packets (default is 65536 bytes). Be careful if you use -s 0
because depending on the version, you might be capturing 64K or full-lenght packets.
All commands are typed as root.
Feel free to contact me f
Using a firewall is as much about making intelligent policy decisions as it is about learning the syntax. Firewalls like iptables
are capable of enforcing policies by interpreting rules set by the administrator. However, as an administrator, you need to know what types of rules make sense for your infrastructure.
While other guides focus on the commands needed to get up and running, in this guide, we will discuss some of the decisions you will have to make when implementing a firewall. These choices will affect how your firewall behaves, how locked down your server is, and how it will respond to various conditions that are likely to occur from time to time. We will be using iptables
as an example to discuss specifics, but most of the actual decisions will be relevant regardless of the tools used.
When constructing a firewall, one of the fundamental decisions that you must make
Iptables is a firewall that plays an essential role in network security for most Linux systems. While many iptables tutorials will teach you how to create firewall rules to secure your server, this one will focus on a different aspect of firewall management: listing and deleting rules.
In this tutorial, we will cover how to do the following iptables tasks:
Note: When working with firewalls, take care not to lock yourself out of your own server by blocking SSH traffic (port 22, by default). If you lose access due to your firewall settings, you may need to connect to it via the console to fix your access. Once you are connected via the console, you can change your firewall rules to allow SSH access (or allow all traffic). If your saved fir
Iptables is the software firewall that is included with most Linux distributions by default. This cheat sheet-style guide provides a quick reference to iptables commands that will create firewall rules are useful in common, everyday scenarios. This includes iptables examples of allowing and blocking various services by port, network interface, and source IP address.
DROP
incoming traffic, through the default input policy, and you want to selectively allow traffic inEver get the dreaded error:
Virtual memory exhausted: Cannot allocate memory
With the first iterations of Raspberry Pi the Model A comes with 256mb of memory. While the Raspberry Pi B comes with a modest 512mb of memory. For most applications this amount of memory is actually quiet a bit. As soon as you start compiling your own binaries this amount starts to seem dismal.
Insert reason why swap on flash-based memory is bad here.
The Raspbian distribution comes with a 100mb swapfile. This is actually a bit on the small side. A general rule of thumb is swapfile size should be about twice as much as the available RAM on the machine. In the examples below I have a Raspberry Pi B+. So the amount of swap I use is 1024mb.
We will change the configuration in the file /etc/dphys-swapfile :
sudo nano /etc/dphys-swapfile
The default value in Raspbian is:
CONF_SWAPSIZE=100
We will
Using Docker on Raspberry Pi provides many different benefits (most explained here in French). However when developing new containers, it may require much more CPU and RAM power to build them or even to compile the binaries in armhf format. So this blog post describes how to create an ARM v7 image based on QEMU emulating an ARM Cortex-15 chip with 2Gb of RAM running Debian 8 Jessie.
Why Debian 8 Jessie ?
Simply because the embedded kernel is preconfigured for Docker (see the required modules there). I'll probably use HypriotOS in the future but for now that's good enough and i use the Docker packages directly built by Hypriot anyway.
Why not emulating the Raspberry Pi ?
Simply because the performances are really really bad and it is limited to 256Mb of RAM. I tried multiple times but it is really too slow so i preferred to switch to a different emulator but keeping the same CPU architecture.
Why only a Cort
# ...
git commit -am "0" # got hash hash0
# ...
git commit -am "1" # got hash hash1
# ...
git commit -am "2" # got hash hash2
# ...
git commit -am "3" # got hash hash3
git reset --hard hash0
git reset --soft hash3
git commit -am 'Reverted 1 2 3'
git submodule add [-b <branch>]<repository> [<path>]
git submodule init
git submodule update
git config -f .git/config --remove-section submodule.$submodulepath
git config -f .gitmodules --remove-section submodule.$submodulepath
git rm --cached $submodulepath
rm -rf $submodulepath
rm -rf .git/modules/$submodulepath
When you do git submodule add, it only adds it to .gitmodules
, but once you did git submodule init, it added to .git/config
.
So if you wish to remove the modules, but be able to restore it quickly, then do just this:
git rm --cached $submodulepath
git config -f .git/config --remove-section submodule.$submodulepath
It is a good idea to do git rebase HEAD first and git commit at the end, if you put this in a script.
传输层安全协议(Transport Layer Security,缩写:TLS),及其前身安全套接层(Secure Sockets Layer,缩写:SSL)是一种安全协议,目的是为互联网通信提供安全及数据完整性保障。
SSL包含记录层(Record Layer)和传输层,记录层协议确定了传输层数据的封装格式。传输层安全协议使用X.509认证,之后利用非对称加密演算来对通信方做身份认证,之后交换对称密钥作为会谈密钥(Session key)。这个会谈密钥是用来将通信两方交换的数据做加密,保证两个应用间通信的保密性和可靠性,使客户与服务器应用之间的通信不被攻击者窃听。
本文并没有提供一个TLS的深度教程,而是提供了两个Go应用TLS的简单例子,用来演示使用Go语言快速开发安全网络传输的程序。
- 1994年早期,NetScape公司设计了SSL协议(Secure Sockets Layer)的1.0版,但是未发布。
- 1994年11月,NetScape公司发布SSL 2.0版,很快发现有严重漏洞。
- 1996年11月,SSL 3.0版问世,得到大规模应用。
- 1999年1月,互联网标准化组织ISOC接替NetScape公司,发布了SSL的升级版TLS 1.0版。
- 2006年4月和2008年8月,TLS进行了两次升级,分别为TLS 1.1版和TLS 1.2版。最新的变动是2011年TLS 1.2的修订版。
- 现在正在制定 tls 1.3。
首先我们创建私钥和证书。
使用了”服务端证书”可以确保服务器不是假冒的。
1、 生成服务器端的私钥
openssl genrsa -out server.key 2048
2、 生成服务器端证书
openssl req -new -x509 -key server.key -out server.pem -days 2048
除了”服务端证书”,在某些场合中还会涉及到”客户端证书”。所谓的”客户端证书”就是用来证明客户端访问者的身份。
比如在某些金融公司的内网,你的电脑上必须部署”客户端证