存档

2010年1月 的存档

device lo left promiscuous mode

2010年1月28日 评论已被关闭

dmesg发现有一些这样的信息:

device lo left promiscuous mode
audit(1264387352.387:24): dev=lo prom=0 old_prom=256 auid=4294967295 ses=4294967295

发现是tcpdump 抓包导致,对系统并无大碍!

分类: linux 标签:

《网瘾战争》–看你妹

2010年1月24日 评论已被关闭

一口气看完了60多分钟的《网瘾战争》,真是有些感动。。。

我和其他热爱这个游戏的人一样
认真地挤着公交车上班
认真地消费着各式各样的食品
不管里面有没有不认识的化学成分
我们没有因为工资微薄而抱怨过
没有因为你们拿着从我微薄工资里扣的税
住着联体排屋而心理失衡过
在这一年里,我和其他热爱这个游戏的人一样
为水灾,为地震而痛心哭泣
为载人航天,为奥运会而加油喝彩
我们打心眼里,就不想我们在任何一个方面
落后于这个世界上的任何一个民族
而这一年里,却因为你们这些人
我们迟迟不能与地球上其他国家的玩家一起,一决高下
为了真心喜爱的游戏
我们委曲求全,我们被迫离开
我们冒着被封号的危险去美服欧服
他们骂我们是金币农民
我们顶着上万的延时去台服
他们说我们是大陆蝗虫
这些何其贬低的称谓
我们都在默默地承受
我们凭什么不能拥有每小时4毛钱的廉价娱乐?
就凭我在国服?
凭我是国服的魔兽玩家吗?
你们从小就对我灌输
金窝、银窝不如自己的狗窝
那现实呢?
你们已经让我只能暂住在自己的国家
难道我们精神上的家园
连暂住在自己的国家,都不行吗?

ps: youku视频已被河蟹!
土豆上的视频不知道还能撑多久?

分类: other 标签:

linux下支持https的压力测试工具

2010年1月24日 2 条评论

测试了linux下的几种压力测试工具,发现有些不支持https,先简单总结如下:

一、apache的ab工具

/home/webadm/bin/ab -c 50 -n 10000 https://2hei.net/mt/index.html
SSL not compiled in; no https support
看样子是说SSL没有编译进来,所以不支持https

二、apache的flood工具

http://httpd.apache.org/test/flood/

wget http://www.apache.org/dist/httpd/flood/flood-0.4.tar.gz

如果要支持https的话,需要添加如下的编译参数:–with-apr –with-apr-util –enable-ssl
具体代码也可以从svn获取。
不过我在编译的时候遇到一些问题,apr-util包在make的时候总是报错!

三、web-bench工具

http://freshmeat.net/projects/web-bench/

./webbench -c 20 -t 10 https://2hei.net/mt/index.html
Webbench – Simple Web Benchmark 1.5
Copyright (c) Radim Kolar 1997-2004, GPL Open Source Software.

Only HTTP protocol is directly supported, set –proxy for others.
明确提示了提示不支持https哦!

四、http_load工具,曾经的最爱,http测试的结果还很令人满意。

http://acme.com/software/http_load/
./http_load -rate 5 -seconds 10 urls
./http_load: unknown protocol – https://2hei.net/mt/index.html
吼吼,看来之前常用的http_load也不支持https

五、siege工具

http://www.joedog.org/index/siege-home

编译使之支持https
./configure –prefix=/home/2hei.net/siege –with-ssl=/usr/include/openssl

基本用法:
./siege
SIEGE 2.69
Usage: siege [options]
       siege [options] URL
       siege -g URL
Options:
  -V, –version           VERSION, prints version number to screen.
  -h, –help              HELP, prints this section.
  -C, –config            CONFIGURATION, show the current configuration.
  -v, –verbose           VERBOSE, prints notification to screen.
  -g, –get               GET, pull down headers from the server and display HTTP
                          transaction. Great for web application debugging.
  -c, –concurrent=NUM    CONCURRENT users, default is 10
  -u, –url=”URL”         Deprecated. Set URL as the last argument.
  -i, –internet          INTERNET user simulation, hits the URLs randomly.
  -b, –benchmark         BENCHMARK, signifies no delay for time testing.
  -t, –time=NUMm         TIME based testing where “m” is the modifier S, M, or H
                          no space between NUM and “m”, ex: –time=1H, one hour test.
  -r, –reps=NUM          REPS, number of times to run the test, default is 25
  -f, –file=FILE         FILE, change the configuration file to file.
  -R, –rc=FILE           RC, change the siegerc file to file.  Overrides
                          the SIEGERC environmental variable.
  -l, –log               LOG, logs the transaction to PREFIX/var/siege.log
  -m, –mark=”text”       MARK, mark the log file with a string separator.
  -d, –delay=NUM         Time DELAY, random delay between 1 and num designed
                          to simulate human activity. Default value is 3
  -H, –header=”text”     Add a header to request (can be many)
  -A, –user-agent=”text” Sets User-Agent in request

siege -c 20 -r 2 -f url
-c 20 并发20个用户
-r 2 重复循环2次
-f url 任务列表:URL列表

结论相当凑合,纵欲找到可以支持https压力测试的工具了。

六、httperf工具,来自hp的工具,不过已经n年没有更新了。

wget ftp://ftp.hpl.hp.com/pub/httperf/httperf-0.9.0.tar.gz

        $ mkdir build
        $ cd build
        $ SRCDIR/configure
        $ make
        $ make install

工具使用方法:
/usr/local/bin/httperf –help
Usage: httperf [-hdvV] [–add-header S] [–burst-length N] [–client N/N]
        [–close-with-reset] [–debug N] [–failure-status N]
        [–help] [–hog] [–http-version S] [–max-connections N]
        [–max-piped-calls N] [–method S] [–no-host-hdr]
        [–num-calls N] [–num-conns N] [–period [d|u|e]T1[,T2]]
        [–port N] [–print-reply [header|body]] [–print-request [header|body]]
        [–rate X] [–recv-buffer N] [–retry-on-failure] [–send-buffer N]
        [–server S] [–server-name S] [–session-cookies]
        [–ssl] [–ssl-ciphers L] [–ssl-no-reuse]
        [–think-timeout X] [–timeout X] [–uri S] [–verbose] [–version]
        [–wlog y|n,file] [–wsess N,N,X] [–wsesslog N,X,file]
        [–wset N,X]
如:
/usr/local/bin/httperf –server www.2hei.net \
   –port 443 –uri /mt/index.html \
   –rate 15 –num-conn 1000 \
   –num-call 1 –timeout 5

发现会有如下错误:
httperf: warning: open file limit > FD_SETSIZE; limiting max. # of open files to FD_SETSIZE
以下是解决办法:
# Edit /etc/security/limits.conf and add the line * hard nofile 65535 (or instead of * you can put the username of the user for whom you want to change the limit)
# Edit /usr/include/bits/typesizes.h and change #define __FD_SET_SIZE 1024 to #define __FD_SET_SIZE 65535 (in /usr/include/sys/select.h FD_SETSIZE is defined as __FD_SETSIZE)
重新编译即可。

实例测试如下:
/usr/local/bin/httperf –client=0/1 –ssl –server=www.2hei.net –port=443 –uri=/mt/index.html –rate=1 –num-conns=1000 –rate=50 –num-calls=1 –hog
httperf –hog –client=0/1 –server=www.2hei.net –port=443 –uri=/mt/index.html –rate=50 –send-buffer=4096 –rec
v-buffer=16384 –ssl –num-conns=1000 –num-calls=1
Maximum connect burst length: 1

Total: connections 1000 requests 1000 replies 1000 test-duration 33.758 s

Connection rate: 29.6 conn/s (33.8 ms/conn, <=394 concurrent connections)
Connection time [ms]: min 73.1 avg 6513.5 max 22013.1 median 5371.5 stddev 4176.3
Connection time [ms]: connect 5670.7
Connection length [replies/conn]: 1.000

Request rate: 29.6 req/s (33.8 ms/req)
Request size [B]: 80.0

Reply rate [replies/s]: min 26.6 avg 31.3 max 33.6 stddev 2.4 (6 samples)
Reply time [ms]: response 842.7 transfer 0.0
Reply size [B]: header 331.0 content 163.0 footer 2.0 (total 496.0)
Reply status: 1xx=0 2xx=1000 3xx=0 4xx=0 5xx=0

CPU time [s]: user 9.91 system 23.11 (user 29.4% system 68.5% total 97.8%)
Net I/O: 16.6 KB/s (0.1*10^6 bps)

Errors: total 0 client-timo 0 socket-timo 0 connrefused 0 connreset 0
Errors: fd-unavail 0 addrunavail 0 ftab-full 0 other 0

分类: linux, OpenSource 标签: , , ,

nginx authentication

2010年1月20日 评论已被关闭

今天配置nginx的basic authentication折腾了好半天,开始error_log一直报错:
no user/password was provided for basic authentication

我是按照nginx的wiki配置的:
location  /  {
  auth_basic            “Restricted”;
  auth_basic_user_file  htpasswd;
}

cat htpasswd
2hei:j3M4coizxFLDM

Since version 0.6.7 the filename path is relative to directory of nginx configuration file nginx.conf, but not to nginx prefix directory.

google了半天,发现了nginx作者Igor的一个回复:

Igor Sysoev
The HTTP Basic authentication works as following:
*) A browser requests a page without user/password.
*) A server response with 401 page, sending realm as well.
   At this stage the 401 code appears in access_log and the message
   “no user/password …” appears in error_log.
*) The browser shows a realm/login/password prompt.
*) If a user will press cancel, then the browser will show the received
   401 page.
*) If the user enters login/password, then the browser repeats the request
   with login/password.

Then until you will exit the browser, it will send these login/password
with all requests in protected hierarchy.

赞一个,牛人果然就是牛人!

经过提示找到了罪魁祸首是error_page的配置 401 403 404 /40x.html;

error_page 401 403 404 /40x.html;
实际上是由于40x.html文件并不存在导致的。把文件建好问题得以解决!

分类: OpenSource 标签:

[notice] child pid 19818 exit signal Bus error (7)

2010年1月7日 1 条评论

apache logs:
[Thu Dec 31 12:27:41 2009] [notice] child pid 19818 exit signal Bus error (7)

The first error “Bus Error” is caused by someones (possibly CGI) program crashing. A bus error happens when someone wrote a C program for Intel and re-compiled it for another processor like PPC or Mips that does not support misalligned memory access. Really all it means is someone is running buggy software on your server machine.
The second error could also be a CGI program that hangs longer than the server’s timeout, so its killed. Probably another buggy program.

That sounds like bad RAM or maybe a bad chassis. I would try and build something other the Apache and see if you get similar errors. If they persist then I would ask for a RAM swap to be done and check again. If that does not fix it then request a chassis swap.

There is a small chance this could be OS related if you are running a different Kernel release compared to the OS default or have many patches installed on it but I am leaning towards a hardware issue.

http://www.kernel.org/doc/man-pages/online/pages/man7/signal.7.html

Standard Signals

       Linux supports the standard signals listed below.  Several signal numbers are
       architecture-dependent, as indicated in the “Value” column.  (Where three
       values are given, the first one is usually valid for alpha and sparc, the
       middle one for ix86, ia64, ppc, s390, arm and sh, and the last one for mips.
       A – denotes that a signal is absent on the corresponding architecture.)

       First the signals described in the original POSIX.1-1990 standard.

       Signal     Value     Action   Comment

       ———————————————————————-
       SIGHUP        1       Term    Hangup detected on controlling terminal
                                     or death of controlling process
       SIGINT        2       Term    Interrupt from keyboard
       SIGQUIT       3       Core    Quit from keyboard
       SIGILL        4       Core    Illegal Instruction
       SIGABRT       6       Core    Abort signal from abort(3)
       SIGFPE        8       Core    Floating point exception
       SIGKILL       9       Term    Kill signal
       SIGSEGV      11       Core    Invalid memory reference
       SIGPIPE      13       Term    Broken pipe: write to pipe with no
                                     readers
       SIGALRM      14       Term    Timer signal from alarm(2)
       SIGTERM      15       Term    Termination signal
       SIGUSR1   30,10,16    Term    User-defined signal 1
       SIGUSR2   31,12,17    Term    User-defined signal 2
       SIGCHLD   20,17,18    Ign     Child stopped or terminated
       SIGCONT   19,18,25    Cont    Continue if stopped
       SIGSTOP   17,19,23    Stop    Stop process
       SIGTSTP   18,20,24    Stop    Stop typed at tty
       SIGTTIN   21,21,26    Stop    tty input for background process
       SIGTTOU   22,22,27    Stop    tty output for background process

       The signals SIGKILL and SIGSTOP cannot be caught, blocked, or ignored.

       Next the signals not in the POSIX.1-1990 standard but described in SUSv2 and
       POSIX.1-2001.

       Signal       Value     Action   Comment
       ——————————————————————–
       SIGBUS      10,7,10     Core    Bus error (bad memory access)
       SIGPOLL                 Term    Pollable event (Sys V).
                                       Synonym for SIGIO
       SIGPROF     27,27,29    Term    Profiling timer expired
       SIGSYS      12,-,12     Core    Bad argument to routine (SVr4)
       SIGTRAP        5        Core    Trace/breakpoint trap
       SIGURG      16,23,21    Ign     Urgent condition on socket (4.2BSD)
       SIGVTALRM   26,26,28    Term    Virtual alarm clock (4.2BSD)
       SIGXCPU     24,24,30    Core    CPU time limit exceeded (4.2BSD)
       SIGXFSZ     25,25,31    Core    File size limit exceeded (4.2BSD)

分类: OpenSource 标签:

使用apache的mod_rewrite模块进行端口重写且保留特殊接口

2010年1月7日 评论已被关闭

需求如下:
网站的apache开通80和443端口,整站强制使用https,把所有80端口的访问转到443,新增需求为要针对某个接口单独开放80端口(80、443均可访问),剩下其他接口保持原有规则。

配置一、
RewriteRule !^/TestServlet http://%{SERVER_NAME}/$1 [L,R=301] 是有问题的,$1并没取得匹配的部分。

根据apache文档,使用否字符以反转匹配模式时,匹配模式中不能使用分组的通配成分。由于模式不匹配而使分组的内容是空的,所以它是不可能实现的。 因此,如果使用了否定式匹配模式,那么后继的字符串中就不能使用$N。

配置二、
RewriteRule !^/TestServlet – [L,R=301]   生效。

apache文档说明:’-‘是一个特殊的替换串,意思是不替换。它可以用于仅仅匹配某些URL而无须替换的情况,比如,在发生替换前,允许以C(chain)标记连接的多个匹配模式同时起作用。

配置三、
    RewriteRule ^(.*)?$ https://%{SERVER_NAME}$1 [L,R=301]   原有将http重写为https的配置。
    所有访问http://2hei.net会转到https://2hei.net  

另外或许可行办法是配置apache的系统变量或者环境变量,凡是经过url重写的给变量一个特殊的标记,说明已经跳转,这样就不会出现循环跳转的现象了(没具体试过!)

实际中遇到的一个问题是apache进行url重写时,post方式提交的数据经过重写后数据会丢失,跳转后的url并没有收到post的数据,而访问跳转后的页面成了get方式。暴汗!

网上有人说使用 P参数,
RewriteRule ^(.*)?$ https://%{SERVER_NAME}$1 [L,R=301,P] ,实际试用了一下,纯属扯淡!

‘proxy|P'(强制为代理)
此标记使替换成分被内部地强制作为代理请求发送,并立即中断重写处理,然后把处理移交给mod_proxy模块。你必须确保此替换串是一个能够被mod_proxy处理的有效URI(比如以http://hostname开头),否则将得到一个代理模块返回的错误。使用这个标记,可以把某些远程成分映射到本地服务器域名空间,从而增强了ProxyPass指令的功能。
注意:要使用这个功能,必须已经启用了mod_proxy模块。

分类: OpenSource 标签: