Iptables port forwarding

  • First make sure, two server can ping to each other.
  • Turn on forwarding by editing /etc/sysctl.conf: change net.ipv4.ip_forward to 1
  • Turn off the iptables service by command service iptables stop
  • Normal port forwarding Aim: Connect b port on B server through a port on A server. Use bash to execute

    1
    2
    3
    4
    iptables -t nat -A PREROUTING -d A.A.A.A -p tcp --dport a -j DNAT --to-destination B.B.B.B:b
    iptables -t nat -A POSTROUTING -d B.B.B.B -p tcp --dport b -j SNAT --to B.B.B.B
    iptables -A FORWARD -o virbr0 -d B.B.B.B -p tcp --dport b -j ACCEPT
    iptables -A FORWARD -i virbr0 -s B.B.B.B -p tcp --sport b -j ACCEPT

    Reference Port forwarding in Centos

  • Ftp port forwarding

    • Load ftp module
      1
      2
      3
      modprobe iptable_nat
      modprobe ip_conntrack_ftp
      modprobe ip_nat_ftp
    • Aim connect 21 port on B through a port on A
      1
      2
      3
      iptables -t nat -A POSTROUTING -d B.B.B.B -p tcp --dport 21 -j MASQUERADE
      iptables -t nat -A PREROUTING -d A.A.A.A -p tcp --dport a -j DNAT --to-destination B.B.B.B:21
    • Save rules in iptable by service iptables save
    • Start iptable service by service iptables start

    Reference Ftp forwarding

SVN configuration

  • SNV is a centralized version control system.
  • SNV has a configuration file for each project to configure the access right for different developers.
  • Multiple Project configuration Sometime, use one configuration for all file is easier for management. We will use this method in this post.

    • Choose a directory as the root, for instance /opt/svn/repos/
    • Create the code repository by command svnadmin create /opt/svn/repos/project2
    • Configure access right

      • create account file passwd in /opt/svn/repos/ with the following:
        1
        2
        3
        [users]
        test1 = test1
        test2 = test2
      • create file authz with the following:

        1
        2
        3
        4
        5
        6
        7
        8
        9
        10
        11
        [aliases]
        [groups]
        admin = test1,test2
        [/]
        @admin = wr
        * =
        [project1:/]
        @admin = wr
        * = r

        This file presents admin group has test1 and test1 two users.

        Meanwhile, [/] part stands admin group has the write and read access right for all projects. [project1:/] stands admin group has the write and read access of project1 while other developers only have read access right.

      • Make project configuration point to the overall configuration Change /opt/svn/repos/project1/conf/svnserve.conf to the following:
        1
        2
        3
        4
        [general]
        password-db = ../../passwd
        authz-db = ../../authz
        [sasl]
        No blanks in front for all lines, otherwise, it will cause svnserve.conf: Option expected error.

EmguCV Errors

The common errors for configuring EmguCV could be:

  • Do not configure the OpenCv environment The EmguCV is only a C# wrapper for OpenCv, so we need to load OpenCv's libraries.

    We could:

    • add related OpenCv libraries to path
    • copy related OpenCv libraries to execution directory
    • configure execution directory in Visual Studio

    The three ways all aim the same thing, let EmguCV find OpenCv libraries.

    For example, I use the 2.4.2 EmguCV, so the libraries in Emgu\emgucv-windows-x64-gpu 2.4.2.1777\bin\x64\ are the needed OpenCv libraries.

  • Graphic card This problem is caused by non-nvidia machines.

    You can build a no-gpu version of EmguCV yourself, or just search for a nvcuda.dll and put in the execution directory.

    Please make sure you find the correct nvcuda.dll realted to your system (WindowsXp, Windows7 or Windows8)

  • .Net version 2.4.2 cannot run under .Net 4.5 project, it can run on .Net 4.0. Other versions are not tested.

Hope this could help some other people.

Additional resources: Official Help

Problems in downloading big file in WinRt

In my project, I find some problems in downloading big file in WinRt:

  • HttpConnection will be closed forcedly even when the download is not finish
  • The initial process will cost to much time

It is because I am not too familiar with the http headers. The solutions are:

  • For HttpConnection Change the KeepAlive to false

  • For initialization Use await client.SendAsync(request, HttpCompletionOption.ResponseHeadersRead) to indicate we only want the header first.

Comparison of Download Methods in WinRt

In WinRt C#, there are 3 methods for downloading files through http:

  • HttpClient
  • HttpWebRequest
  • BackgroundDownloader

There is a post in StackOverFlow : Download file in winrt, use HttpClient or HttpWebRequest or BackgroundDownloader?

The summary of this post could be:

  • HttpClient can change Range in http header, but it cannot get the process of the downloading
  • HttpWebRequest can get the process of the downloading, but it cannot change Range in http header
  • BackgroundDownloader can change Range in http header and get the process of the downloading Cookies, but it cannot change Cookies.

I think there might be some small problems in the post.

Anyway, in my project, I need to download file in multiple thread, so I need to

  • Change the Range in http header
  • Write the downloading data to one file

The BackgroundDownloader can only writing one file for one thread. So I decide to use HttpClient to implement my tool and handle the process manually.

PS: In HttpRequestMessage, use Headers.Add("Range", "XXX-XXX") to declare which part you want to downlaod.

Turn off Whitelist in Transmission

After using yum to install the transmission on Centos, the whitelist is turned on and only 127.0.0.1 can access to transmission.

This default setting is quite weird.

The error when you access it from remote will be:

1
2
3
4
5
6
7
8
9
403: Forbidden
Unauthorized IP Address.
Either disable the IP address whitelist or add your address to it.
If you're editing settings.json, see the 'rpc-whitelist' and 'rpc-whitelist-enabled' entries.
If you're still using ACLs, use a whitelist instead. See the transmission-daemon manpage for details.

You could add your ip address in the whitelist for remote access, however, the ip address will always change, so maybe turn off the whitelist is a better way.

Turn off transmission

1
/etc/init.d/transmission-daemon stop
You must turn off transmission before change the configuration, otherwise the changes will not work. # Change configuration of transmission First
1
vim /etc/init.d/transmission-daemon
Find TRANSMISSION_HOME, that's the file path of the configuration file, like
1
TRANSMISSION_HOME=/var/lib/transmission

Then

1
vim /var/lib/transmission/settings.json
Change "rpc-whitelist-enabled": true, to "rpc-whitelist-enabled": false,

Start transmission

1
/etc/init.d/transmission-daemon start

Lazy Page Allocation Implementation in xv6

This is my assignment in "Advanced Operating System" which ask me to implement Lazy Page Allocation manually in xv6 OS.

Lazy Page Allocation is only allocate memory when it is necessary.

Turn off page allocation in xv6

Change sys_sbrk() in sysproc.c to

1
2
3
4
5
6
7
8
9
10
11
12
13
int sys_sbrk(void)
{
int addr;
int n;
if(argint(0, &n) < 0)
return -1;
addr = proc->sz;
proc->sz += n;
//if(growproc(n) < 0)
// return -1;
return addr;
}

In this part, we returned the origin memory address as the result and comment the page allocation call.

Meanwhile, we increase the sz which is the way we cheat the process that it got the enough resources.

After the change, we could test in Terminal, the result shuold be:

1
pid 3 sh: trap 14 err 6 on cpu 0 eip 0x13ab addr 0x4004--kill proc

That's the evidence, the process do not get the resources it wanted so it cannot process.

Implement lazy page allocation

We need to use int mappages(pde_t pgdir, voidva, uint size, uint pa, int perm) from vm.c in trap.c to allocate memory, so we should not keep the function static.

After that, we use extern to declare the function in trap.c.

void trap(struct trapframe *tf) in trap.c is the function to handle the process of this interruption.

The default: part will handle the PAGEBREAK trap, we should add our implementation here:

1
2
3
4
5
6
7
8
9
10
char *mem;
uint a;
a = PGROUNDDOWN(rcr2());
uint newsz = proc->sz;
for(; a < newsz; a += PGSIZE){
mem = kalloc();
memset(mem, 0, PGSIZE);
mappages(proc->pgdir, (char*)a, PGSIZE, v2p(mem), PTE_W|PTE_U);
}
return;

rcr2() is the call to get the start memory address of this process, newsz is the cheated memory address (the amount of memory needed by the process).

There must be something I do not understand clearly ...

Add System Call to xv6

This is my assignment in "Advanced Operating System" which ask me to add a halt system call to xv6 OS.

The procedures are listed as:

Add implementation in kernel mode

add a function in sysproc.c:

1
2
3
4
5
6
7
int sys_halt(void)
{
char *p = "Shutdown";
for( ; *p; p++)
outb(0x8900, *p);
return 0;
}

This is the real implementation of halt.

Add interface in user mode

  • add the halt function to the user mode function list

    In syscall.h define SYS_halt

    1
    #define SYS_halt 22

    In syscall.c use 'extern int sys_halt(void);' to declare the existing function.

    Meanwhile, add [SYS_halt] sys_halt, to static int (*syscalls[])(void) in syscall.c to build the function map.

  • Add interface Add int halt(void); in user.h and SYSCALL(halt) in usys.S.

That's all.

My Kindle Paperwhite

I always want to get a Kindle, and now the Paperwhite has the backlight function, I cannot wait any more.

At first, I want to order one through Taobao, but all the stores need to wait until late November.

I do not want to wait any longer, so I start to search to onw in stock.

I finally find one which need 100 more RMB for stock, I think the price is reasonable and placed the order.

October 28th, I got my Kindle Paperwhite.

Read More