work smart !!

- auth 설정

vi /etc/mail/sendmail.mc

 

DAEMON_OPTIONS(`Family=inet,  Name=MTA-v4, Port=smtp, Addr=0.0.0.0')dnl

DAEMON_OPTIONS(`Family=inet,  Name=MSP-v4, Port=submission, M=Ea, Addr=0.0.0.0')dnl

TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl

 

m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf

 

apt-get install sasl2-bin

 

saslauthd -a pam

 

vi /etc/default/saslauthd

START=yes

 

useradd 아이디

passwd 아이디

 

- relay 설정

vi /etc/mail/access

makemap -v hash /etc/mail/access.db < /etc/mail/access

service sendmail restart

 

relay 설정이 auth설정 보다 우선해 relay 설정되어있는 client는 auth 없이 접속 가능

리눅스의 사실상 기본 패키지인 iproute안에는 tc(Traffic Control)이라는 명령어가 포함되어 있습니다.

이 명령어를 사용하여 네트워크 스위치의 도움 없이도 자체적으로 자신의 이더넷 속도를 제한 할 수 있습니다.

이는 보통 네트워크에서 말하는 QOS(Quality Of Service)와 비슷한 기능을 제공합니다.

하지만 저비용으로 고효율을 낼 수 있다는 점에서 매우 괜찮은 방법인듯 합니다.

1) 요구 사항
- iproute RPM 패키지가 설치되어있어야 함
- 리눅스 커널의 iproute 파트의 Traffic Control 옵션(Netlink포함)이 활성화 되어있어야 함.
- 리눅스 커널 2.4버젼 이후의 경우 기본적으로 대부분의 Traffic Control 옵션이 활성화 되어있음.

2) 시스템 명령어 추가
- shaping이라는 명령을 추가합니다.

$ vi /etc/init.d/shaping

- 다음의 소스코드를 입력합니다.

#!/bin/bash
#  tc uses the following units when passed as a parameter.
#  kbps: Kilobytes per second 
#  mbps: Megabytes per second
#  kbit: Kilobits per second
#  mbit: Megabits per second
#  bps: Bytes per second 
#       Amounts of data can be specified in:
#       kb or k: Kilobytes
#       mb or m: Megabytes
#       mbit: Megabits
#       kbit: Kilobits
#  To get the byte figure from bits, divide the number by 8 bit
#
 
# tc명령어의 위치를 입력합니다.
TC=/sbin/tc
 
# 대역폭을 제한하기 위한 이더넷 인터페이스를 지정합니다.
IF=eth0
 
# 다운로드 속도 제한
DNLD=15mbit
 
# 업로드 속도 제한
UPLD=15mbit
 
# 속도 제한을 적용할 호스트의 IP 주소
IP=123.123.123.123
 
# Filter options for limiting the intended interface.
U32="$TC filter add dev $IF protocol ip parent 1:0 prio 1 u32"
 
start() {
# We'll use Hierarchical Token Bucket (HTB) to shape bandwidth.
# For detailed configuration options, please consult Linux man
# page.
    $TC qdisc add dev $IF root handle 1: htb default 30
    $TC class add dev $IF parent 1: classid 1:1 htb rate $DNLD
    $TC class add dev $IF parent 1: classid 1:2 htb rate $UPLD
    $U32 match ip dst $IP/32 flowid 1:1
    $U32 match ip src $IP/32 flowid 1:2
# The first line creates the root qdisc, and the next two lines
# create two child qdisc that are to be used to shape download 
# and upload bandwidth.
#
# The 4th and 5th line creates the filter to match the interface.
# The 'dst' IP address is used to limit download speed, and the 
# 'src' IP address is used to limit upload speed.
}
 
stop() {
# Stop the bandwidth shaping.
    $TC qdisc del dev $IF root
}
 
restart() {
# Self-explanatory.
    stop
    sleep 1
    start
}
 
show() {
# Display status of traffic control status.
    $TC -s qdisc ls dev $IF
}
 
case "$1" in
  start)
    echo -n "Starting bandwidth shaping: "
    start
    echo "done"
    ;;
  stop)
    echo -n "Stopping bandwidth shaping: "
    stop
    echo "done"
    ;;
  restart)
    echo -n "Restarting bandwidth shaping: "
    restart
    echo "done"
    ;;
  show)
    echo "Bandwidth shaping status for $IF:"
    show
    echo ""
    ;;
  *)
    pwd=$(pwd)
    echo "Usage: tc.bash {start|stop|restart|show}"
    ;;
esac
 
exit 0

- 실행 권한을 주고 실행해 봅니다.

$ chmod 755 /etc/init.d/shaping
$ /etc/init.d/shaping start

3) 결과 확인

- 빨간선을 기준으로 왼쪽이 기존의 상황이고 오른쪽이 트래픽 제한을 한 이후 입니다.
- 기존의 경우 엄청나게 들쭉 날쭉한 것을 알 수 있습니다.
- 오른쪽의 경우 강제로 제한이 걸리면서 둥글게 트래픽이 뭉개지는 것을 볼 수 있습니다.
- 제한을 건 속도에 정확하게 제한이 걸리는것으로 보이지는 않습니다.
- 테스트를 거치면서 IDC상황에 맞게 설정하시면 될것 같습니다.

 

출처 : http://theeye.pe.kr

Traffic Control with Linux Command Line tool, "tc"


By Scott Seong

Denial of service attacks are major nuisance for web hosts, and as a web host you'll have to take every measure to protect your resources from DoS attacks. Our APF, BFD, DDoS and RootKit article describes Linux utilities available to protect from DDoS attack, and also explains installation procedures. This article supplements above article by providing means to control traffic (bandwidth shaping) with Linux "tc" command so that no single machine can waste the entire network bandwidth.

What is Traffic Shaping?

Traffic Shaping (a.k.a Bandwidth Shaping or Packet Shaping) is an attempt to control network traffic by prioritizing network resources and guarantee certain bandwidth based on predefined policy rules. Traffic shaping uses concepts of traffic classification, policy rules, queue disciplines and quality of service (QoS).

Why implement Traffic Shaping?

Network bandwidth is an expensive resource that is being shared among many parties of an organization, and some applications require guaranteed bandwidth and priority. Traffic shaping lets you (1) control network services, (2) limit bandwidths and (3) guarantee Quality Of Service (QoS). Intelligently managed traffic shaping improves network latency, service availablity and bandwidth utilization.

What is Queue Discipline?

A queue discipline (qdisc) is rules that determine the order in which arrivals are serviced. Immagine standing in a restraurant to be seated, and waiting in an emergency room to be serviced by a physician. They both have people waiting in a queue that needs to be serviced, but have different strategies for clearing them.

Restaurants typically use first-in-first-out (FIFO) strategy with an exception when tables with number of seats do not exist for large number of customers. Customers are generally serviced in the order that they've arrived in the queue, or when the table with number of seats available. On the other hand, emergency queue requires different strategy. Regardless of order in which patients arrive, someone in a critical condition requires most attention and then someone with urgent condition. This is just examples of how queues are handled in the real life scenarios, but traffic shaping requires a lot more disciplines (rules) for clearing traffic queues.

Software Requirements

• Linux RPM package called 'iproute' is required.
• Traffic control options (including netlink support) have to enabled on the kernel build in order for certain parts of 'iproute' to function.
• Linux kernels version 2.4 (and above) have most traffic control options turned on as a default. To explore your configuration, try running the following commands. If you can see the command responses below, you have a basic configuration setup.

# ip link list
1: lo:  mtu 16436 qdisc noqueue 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0:  mtu 1500 qdisc pfifo_fast qlen 1000
    link/ether 00:06:5b:8d:13:a0 brd ff:ff:ff:ff:ff:ff
# ip address show
1: lo:  mtu 16436 qdisc noqueue 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0:  mtu 1500 qdisc pfifo_fast qlen 1000
    link/ether 00:06:5b:8d:13:a0 brd ff:ff:ff:ff:ff:ff
    inet 216.3.128.12/24 brd 216.3.128.255 scope global eth0
    inet6 fe80::206:5bff:fe8d:13a0/64 scope link 
       valid_lft forever preferred_lft forever
# ip route show
216.3.128.0/24 dev eth0  proto kernel  scope link  src 
216.3.128.12 default via 216.3.128.1 dev eth0 

Bandwidth Management (Traffic Control)

Linux kernel 2.2 (and above) provides bandwidth management functionality compatible to high-end (dedicated) hardware solution. Linux does offer bandwidth management capability with tc command-line utility, with iptables and iproute2 packages.

We've written a small bash shell script to automate bandwidth shaping function on a linux machine. The downloadable source code is used to limit bandwidth of an interface, both inbound and outbound to 1mbit each. You may modify this script how ever you desire to customize your bandwidth shaping requirements.

#!/bin/bash
#
#  tc uses the following units when passed as a parameter.
#  kbps: Kilobytes per second 
#  mbps: Megabytes per second
#  kbit: Kilobits per second
#  mbit: Megabits per second
#  bps: Bytes per second 
#       Amounts of data can be specified in:
#       kb or k: Kilobytes
#       mb or m: Megabytes
#       mbit: Megabits
#       kbit: Kilobits
#  To get the byte figure from bits, divide the number by 8 bit
#

#
# Name of the traffic control command.
TC=/sbin/tc

# The network interface we're planning on limiting bandwidth.
IF=eth0             # Interface

# Download limit (in mega bits)
DNLD=1mbit          # DOWNLOAD Limit

# Upload limit (in mega bits)
UPLD=1mbit          # UPLOAD Limit

# IP address of the machine we are controlling
IP=216.3.128.12     # Host IP

# Filter options for limiting the intended interface.
U32="$TC filter add dev $IF protocol ip parent 1:0 prio 1 u32"

start() {

# We'll use Hierarchical Token Bucket (HTB) to shape bandwidth.
# For detailed configuration options, please consult Linux man
# page.

    $TC qdisc add dev $IF root handle 1: htb default 30
    $TC class add dev $IF parent 1: classid 1:1 htb rate $DNLD
    $TC class add dev $IF parent 1: classid 1:2 htb rate $UPLD
    $U32 match ip dst $IP/32 flowid 1:1
    $U32 match ip src $IP/32 flowid 1:2

# The first line creates the root qdisc, and the next two lines
# create two child qdisc that are to be used to shape download 
# and upload bandwidth.
#
# The 4th and 5th line creates the filter to match the interface.
# The 'dst' IP address is used to limit download speed, and the 
# 'src' IP address is used to limit upload speed.

}

stop() {

# Stop the bandwidth shaping.
    $TC qdisc del dev $IF root

}

restart() {

# Self-explanatory.
    stop
    sleep 1
    start

}

show() {

# Display status of traffic control status.
    $TC -s qdisc ls dev $IF

}

case "$1" in

  start)

    echo -n "Starting bandwidth shaping: "
    start
    echo "done"
    ;;

  stop)

    echo -n "Stopping bandwidth shaping: "
    stop
    echo "done"
    ;;

  restart)

    echo -n "Restarting bandwidth shaping: "
    restart
    echo "done"
    ;;

  show)

    echo "Bandwidth shaping status for $IF:"
    show
    echo ""
    ;;

  *)

    pwd=$(pwd)
    echo "Usage: tc.bash {start|stop|restart|show}"
    ;;

esac

exit 0

The above script has been tested on Centos 4.x system and (Linux AS 2.x) versions. There is also another utility called tcng, which supposely simplify the arcane tc configuration. If you have comments or suggestions on the above script, please contact feedback@topwebhosts.org.

For detailed explanation of Linux Advanced Routing & Traffic Control HOWTO, please visit http://www.lartc.org website. The above HOWTO also describes method for preventing SYN Floods and ICMP DDoS.

 

출처 : http://www.topwebhosts.org/tools/traffic-control.php

 

이런저런 연유로 SVN Server에 직접 접근은 불가능하고 mount를 이용해 file로 접근 가능한 방법을 찾아야만 하는 상황이 생겼다.

그래서 사용하게 된 방법이 SVN mirroring.

미러링에도 여러가지 방법이 있으나 그 중에서 svnsync를 사용하기로 했고 아래처럼 해서 성공.

원격에 있는 SVN 저장소를 $REPO라고 가정하고

로컬에 미러링할 경로를 $MIRROR라고 하자.

1. 우선 빈 저장소를 하나 생성한다.

svnadmin create $MIRROR

2. 오류없이 생성되었다면 $MIRROR/hooks 경로에 pre-revprop-change 라는 파일을 하나 생성한다.

hook에 가보면 임시 파일도 있으니 이용해도 되고 exit 0; 으로 종료되는 파일을 생성해줘도 된다.

pre-revprop-change 라는 파일은 revision 정보가 바뀔 때 실행되는 파일로 보이는데 svnsync 자체를 제한한다거나 하는 용도로 이용 가능.

예를 들어 아래와 같은 내용을 추가해두면 svnsync를 userA 이외에는 사용 못하게 할 수 있다.

(userA가 아닌 경우 실행시 메세지를 출력하고 1을 리턴하면서 실패로 종료됨)

#!/bin/sh
USER=”$3″
if [ "$USER" = "userA" ]; then exit 0; fi
echo “Only the userA user can change revprops” >&2
exit 1

3. 그 이후에 실행 권한을 부여한다.

chmod +x $MIRROR/hooks/pre-revprop-change

4. 그 다음은 svnsync 초기화 작업. (원격 SVN 저장소와의 초기화)

svnsync init –username userA file://$MIRROR $REPO

5. 마지막으로 동기화하라고 아래처럼 명령을 내리면 원격 저장소에 있는 내용과 동기화를 하게 된다.

svnsync sync file://$MIRROR

문제 중 하나는 sync 명령을 내릴 때만 동기화를 하지 자동으로 동기화를 진행하지는 않는다는건데

post-commit을 이용해 commit 발생시 동기화를 시키도록 스크립트를 만들던지 크론탭 등의 스케줄러를 이용하는 방법을 이용해야 할 것으로 보임.

 

출처 : http://blurblah.net/

Garrett helped write svnsync as part of Subversion 1.4, but I wasn’t able to find any documentation for it, other than passing –help.

svnsync is a one way replication system for Subversion. It allows you to create a read-only replica of a repository over any RA layer (including http, https, svn, svn+ssh).

First, lets setup the initial sync. We have two repositories, I will skip the details of svnadmin create. For the remote access to the replica repository, I used svnserve, and I added a user with full write access. The destination repository should be completely empty before starting.

So, to make this easier, I am going to put the repository URIs into enviroment variables:

$ export FROMREPO=svn://svn.example.com/
$ export TOREPO=svn://dest.example.com/

Because the svnsync is allowed to rewrite anything on the TOREPO, we need to make sure the commit hooks are configured to allow our ‘svnsync’ user to do anything it wants.

On the server hosting TOREPO, I ran this:

$ echo "#!/bin/sh" > hooks/pre-revprop-change
$ chmod 755 hooks/pre-revprop-change

Now we are ready to setup the sync:

$ svnsync init ${TOREPO} ${FROMREPO}

This will prompt you for the username, password, and also sets several revision properties on the $TOREPO, for revision zero. It doesn’t actually copy any of the data yet. To list the properties that it created, run:

$ svn proplist --revprop -r 0 ${TOREPO}

  svn:sync-from-uuid
  svn:sync-last-merged-rev
  svn:date
  svn:sync-from-url

$ svn propget svn:sync-from-url --revprop -r 0 ${TOREPO}

  svn://svn.example.com/

So all the knowledge about what we are syncing from is stored at the destination repository. No state about this sync is stored in the source repository.

We are now ready to begin copying data:

$ svnsync --non-interactive sync ${TOREPO}

And if everything is setup correctly, you will start replicating data.

Except, I suck. And the first thing I did was hit control+c. I figured this is a cool replication system, so I just ran the sync command from above again, and got this:

$ svnsync --non-interactive sync ${TOREPO}

Failed to get lock on destination repos, currently held by 'svn.example.com:0e4e0d98-631d-0410-9a00-9320a90920b3'
Failed to get lock on destination repos, currently held by 'svn.example.com:0e4e0d98-631d-0410-9a00-9320a90920b3'
Failed to get lock on destination repos, currently held by 'svn.example.com:0e4e0d98-631d-0410-9a00-9320a90920b3'
Failed to get lock on destination repos, currently held by 'svn.example.com:0e4e0d98-631d-0410-9a00-9320a90920b3'
Failed to get lock on destination repos, currently held by 'svn.example.com:0e4e0d98-631d-0410-9a00-9320a90920b3'
Failed to get lock on destination repos, currently held by 'svn.example.com:0e4e0d98-631d-0410-9a00-9320a90920b3'
Failed to get lock on destination repos, currently held by 'svn.example.com:0e4e0d98-631d-0410-9a00-9320a90920b3'
Failed to get lock on destination repos, currently held by 'svn.example.com:0e4e0d98-631d-0410-9a00-9320a90920b3'
Failed to get lock on destination repos, currently held by 'svn.example.com:0e4e0d98-631d-0410-9a00-9320a90920b3'
Failed to get lock on destination repos, currently held by 'svn.example.com:0e4e0d98-631d-0410-9a00-9320a90920b3'
svnsync: Couldn't get lock on destination repos after 10 attempts

Oh snap. I guess its not so easy to restart after an aborted sync.

I started debugging, and found that svnsync kept its lock state in a special property in revision zero again.

So, To fix this, we can safely just delete this lock:

$ svn propdelete svn:sync-lock --revprop -r 0  ${TOREPO}

Now running sync again works! Hurrah!

After the sync finishes, we will want to keep the replica up to date.

I personally set a ‘live’ sync, but it is also possible to use a crontab or other scheduling method to invoke sync whenever you want.

To setup a live sync, on the FROMREPO server, I appended this to my hooks/post-commit file:

svnsync --non-interactive sync svn://dest.example.com/ &

You will want to make sure that the user-running subversion (and the hook script) has a cached copy of the authentication info for the destination repository.

Unfortunately, the post-commit hook won’t catch everything, so we also need to added this to the post-revprop-change hook:

svnsync --non-interactive copy-revprops  svn://dest.example.com/ ${REV} &

This will help propagate things like editing svn:log messages.

And there you go, thats the path I took to mirror one of my repositories onto another machine.

 

출처 : http://journal.paul.querna.org/articles/2006/09/14/using-svnsync/

 

C 언어 , 자바 자료형 비교

 

1.  C 언어

 

구분	자료형	범위	바이트
정수형	char unsigned char	-128 ~ 127 0 ~ 255	1(8) 1(8)
	short int long unsigned short unsigned int unsigned long	-32768 ~ 32767 -2,147,483,648 ~ 2,147,483,647 -2,147,483,648 ~ 2,147,483,647 0~65535 0~4,294,967,295 0~4,294,967,295	2(16) 4(32) 4(32) 2(16) 4(32) 4(32)
실수형	float double	8.4X10-37 ~ 3.4X1038 2.2X10-308 ~ 1.8X10308	4(32) 8(64)
나열형	enum	정수를 대신하여 사용하는 별명, int형의 크기
무치형	void	실제 자료는 없음을 명시적으로 선언

 

 

2. 자바

 

이름	타입	저장 가능한 범위	크기(바이트)
int	정수	-2^31 ~ 2^31 - 1	4
char	문자	0 ~ 65536(?)	2
double	실수	-2^63 ~ 2^63 - 1	8
boolean	논리(참 or 거짓)	범위는 없구 true아니면false만 가능	1
long	정수	-2^63 ~ 2^63 - 1	8
float	실수	-2^31 ~ 2^31 - 1	4
byte	문자(?)	0 ~ 65536(?)	1
short	정수	-2^15 ~ 2^15 - 1	2

byte(1), char(2), int(4), long(8), float(4), double(8), boolean(1)

// 자바 byte 1바이트 표현 범위는 -128 ~ 127
// c++ char 1바이트 표현 범위는 -128 ~ 127 자바와 동일 함.

자바에서는 char 가 유니코드 임으로 2byte 를 차지 함.

즉 c에서 char 를 자바에서 사용할 때는 byte 를 사용하면 됨.

c에서 unsigned char 는 자바에서 사용할 때는 byte&0xFF

 

http://www.cyworld.com/he4722/9197001

Endian - 메모리 저장 순서를 규정

cpu마다 메모리에 데이터를 저장시킬 때 방식이 다르다.
Intel x86 같은 경우에는 Little-endian 방식을 채택, Sun, 모토로라계열은 Big-endian 방식을 채택하였다.

Little/Big-Endian의 차이는 논리적 메모리 공간에 그 메모리 폭(어떤 메모리건 논리적 메모리 공간의 폭은 모두 1 Byte)을 넘어서는 Data를 저장할 때 발생한다. 예를들어 0A0B라는 Word Size의 Hexadecimal 데이터를 11000H의 메모리에 저장한다고 해보자.
위에 그림에서 알 수 있듯이 1 Byte 단위로 끊었을 때,

하위 데이터인 0B가 하위 메모리 공간인 11000H에 저장된다. 하나의 메모리 공간(1 Byte)을 다 채웠으므로 다음 주소로 넘어가서,
상위 데이터인 0A가 상위 메모리 공간인 11001H에 저장된다.

이것이 Little-endian이다.

Big-endian은 반대로

상위 데이터인 0A가 하위 메모리 공간인 11000H에 저장된다. 하나의 메모리 공간(1 Byte)을 다 채웠으므로 다음 주소로 넘어가서,
하위 데이터인 0B가 상위 메모리 공간인 11001H에 저장된다.

한마디로 말하자면, 위와 같은 방식으로 논리적 메모리 공간에 저장되는 데이터의 순서 차이일 뿐이다.

- Little Endian : 가독성이 좋고, 대소 비교가 빠르다.
- Big Endian : 산술연산이 빠르다

사족으로 이 방식이나 CPU의 종류에 따라 stack에 push, pop하는 방식(Stack Pointer를 증가시키고 감소시키고하는 방식) 또한 다르다
논리적 메모리 공간 / 물리적 메모리 공간에 대해서 정리할 것.

 

출처 : http://micol.tistory.com/