Tuesday, December 8, 2015

How to use Docker

Docker
Docker offical webiste: https://www.docker.com/
Setup Docker
Prepare fresh version of CentOS, I am using CentOS 6.7.
Update the yum rep.
> rpm -iUvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
> yum update -y
 
Install Docker
> yum -y install docker-io

Pull some image of container, I am going to use CentOS container.
To pull the latest (CentOs 7)
>  docker pull centos
Or
> docker pull centos:centos6

Check which container images are installed:
> docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             VIRTUAL SIZE
centos              centos6             3bbbf0aca359        2 weeks ago         190.6 MB
centos              latest              ce20c473cd8a        2 weeks ago

Run docker from image:
> docker run -i -t centos:centos6 /bin/bash
Note: this creates a container from image (you can see the ContainerID as hostname)

List containers:
>docker ps
>docker ps -a (To List all Containers running/stopped)

Stop/Start/Remove container:
>docker start ContainerID
>docker stop ContainerID
>docker rm ContainerID
 
Re-connect to Container
>docker attach ContainerID
Or
>docker exe -it ContainerID bash

Run docker container In Background:
> docker run -itd --name cs1 --net=none --hostname=cs1.csteam.net -v /csdata/cs1:/csdata/cs1:rw -v /root/.ssh:/root/.ssh:rw --privileged=true centos:centos6 /bin/bash
To exit Docker console:
Ctrl+P => Ctrl+Q

Networking

For following steps, you need to install pipework script.
#sudo bash -c "curl https://raw.githubusercontent.com/jpetazzo/pipework/master/pipework > /usr/local/bin/pipework"
#sudo chmod +x /usr/local/bin/pipework

If you want to set IP address for container with DHCP. Then you don't need the next section. Setting DHCP settings is easier:
#pipework eth0 ContainerID dhclient
How to expose container with Private IP address from local network: MacVLan method
Host type is easy to setup(-net=host) but the container uses the same network interfaces and can not have their own IP address. That is why, we will use bridged network.
Easier way to setup bridged network is to use "pipework" script that automatizes the procedure.
Install pipework.
>sudo bash -c "curl https://raw.githubusercontent.com/jpetazzo/pipework/master/pipework > /usr/local/bin/pipework"
>sudo chmod +x /usr/local/bin/pipework

Install dependencies:
>yum -y install bridge-utils net-tools
Note:
If your host server is CentOS 6, then you need to upgrade iproute rpm to support "ip netns" command.
Download RPM from:
https://repos.fedorapeople.org/repos/openstack/EOL/openstack-havana/epel-6/iproute-2.6.32-130.el6ost.netns.2.x86_64.rpm
(or iproute-2.6.32-130.el6ost.netns.2.x86_64.rpm)
>rpm -Uvh iproute-2.6.32-130.el6ost.netns.2.x86_64.rpm

Creating bridge(suppose that your Host's Ip=10.40.198.150 on eth0):
>ip addr del 10.40.198.150/24 dev eth0
>ip link add link eth0 dev eth0m type macvlan mode bridge
>ip link set eth0m up
>ip addr add 10.40.198.150/24 dev eth0m
>route add default gw 10.40.198.1
>service network restart
You need to wait for few minutes till the settings get applied.
And, Finally assign $CID container the new private(local) IP :
>pipework eth0 $CID 10.40.198.155/24@10.40.198.1
Done!
you can ping from other local PC, ping 10.40.198.155

How to remove unused virtual network:
>ifconfig br0 down
>brctl delbr br0

Saving Container as Image:
>docker commit $CID myimage:newcs

Thursday, November 26, 2015

NAT Traversal or how to make P2P on Android

Many of us used BitTorrent(or uTorrent) to download files on internet in a short time. Their download speed is high due to Peer-to-peer technology. That means, rather than downloading file from server, we are getting the file from another computer.
But how two computers that have a local IP and are behind NAT, how they can connect each other?
For that, NAT Traversal methodologies come for help.
Note that there are mainly 2 types of NAT:
Symmetrical(complex NATs:carrier-grade NAT) and Full (home network or small enterprises).
let us consider Full NATs first.

Methodologies of NAT traversal are:
UPnP - old and hardware oriented method
NAT-PMP (later succeeded by PCP)- introduced by Apple, also hardware oriented(i.e: not all routers have it, and even if it had, it is turned off by default)
UDP Punching  - this is done by STUN which uses public server to discover NAT public IP & port
TCP Punching -  similar to UDP punching but more complicated

Symmetrical NATs are a big issue. They are hard to be punched as they changed router ports randomly. So there is a tiny chance to establish connection.
There are some approaches which can help, but practically difficult to implement:
"Large Scale Symmetric NAT Traversal with Two Stage Hole Punching":
https://drive.google.com/file/d/0B1IimJ20gG0SY2NvaE4wRVVMbG8/view
Fortunately, Symmetrical NATs are being used only in security restricted areas, and are getting less popular because people are understanding how P2P is important.

So, how we can practically make P2P connection on Android.
I found 2 ways, one to use libraries (harder) and another WebRTC(easier).
Libraries:
https://github.com/jitsi/ice4j
https://github.com/htwg/UCE

WebRTC:
As you know, webRTC uses p2p and internally it has ICE(that combines STUN and TURN) protocol to establish p2p connection.
This option is easier to use because webrtc library takes care of future updates and it is a new cool standard.
https://github.com/pchab/AndroidRTC


References:
http://stackoverflow.com/questions/9656198/java-udp-hole-punching-example-connecting-through-firewall?rq=1
https://en.wikipedia.org/wiki/STUN
https://en.wikipedia.org/wiki/UDP_hole_punching
http://chimera.labs.oreilly.com/books/1230000000545/ch04.html
http://stackoverflow.com/questions/12359502/udp-hole-punching-not-going-through-on-3g?rq=1
Theory: http://www.bford.info/pub/net/p2pnat/index.html#SECTION00040000000000000000
Tutorial on ice4j: http://blog.sharedmemory.fr/en/2014/06/22/gsoc-2014-ice4j-tutorial/

Monday, November 23, 2015

How to sniff Http port with Python


Recently, I have been interested in sniffing Http requests/responses which are passing through 80/8080 port.
This is helpful when you want to trace if there are some data outgoing from your PC without your knowledge.
Sniffing(or monitoring) is a popular way to observe http requests.
Anyways, I decided to choose Python for programming, because it is easier, portable, and extensible.
There are tons of libraries for Python.
The next library that i want to introduce is called "scapy"
You install it like this:
>pip install scapy

Then, here is the simple HTTP sniffer:

#!/usr/bin/python
from scapy.all import *

def http_header(packet):
        http_packet=str(packet)
        if http_packet.find('GET'):
                return GET_print(packet)

def GET_print(packet1):
    ret = "***************************************GET PACKET****************************************************\n"
    ret += "\n".join(packet1.sprintf("{Raw:%Raw.load%}\n").split(r"\r\n"))
    ret += "*****************************************************************************************************\n"
    return ret

sniff(iface='eth0', prn=http_header, filter="tcp port 80")

If you run this script, it will show all GET HTTP request going through port 80.
you can modify this to sniff POST requests and etc.
Also, there is "scapy-http" library which helps you to parse http requests more easily.
Have fun!

Monday, March 16, 2015

CDN company trends

CDNetworks holds a strong position in Japan's market as we see in the trend analysis chart.

Google trends Link

MaxCDN is growing quickly due to its open source modifiable Bootstrap UI for users.

If we compare MaxCDN with CDNetworks, we can see it here: