海运的博客

FAT32分区无权限的概念，挂载后更改文件所有用户及权限时提示Permission denied，可通过挂载时修改参数指定umask和所有用户解决。

umask=000 #以777权限挂载
uid=1000 #指定用户
gid=1000 

挂载示例：

mount -t vfat -o umask=000 /dev/sda4 /mnt/

ifstat安装：

wget http://gael.roualland.free.fr/ifstat/ifstat-1.1.tar.gz
tar zxvf ifstat-1.1.tar.gz 
cd ifstat-1.1
./configure 
make
make install

使用参数：

-i #指定网卡
-a #显示所有网卡界面
-l #显示本地回环网卡
-t #状况显示时间
-T #显示详细统计

应用示例：

/usr/local/bin/ifstat -a -t -T
  Time            lo                 eth0               Total       
HH:MM:SS   KB/s in  KB/s out   KB/s in  KB/s out   KB/s in  KB/s out
19:39:44      0.00      0.00      0.81      0.33      0.81      0.33
19:39:45      0.00      0.00      0.06      0.17      0.06      0.17
19:39:46      0.00      0.00      0.06      0.17      0.06      0.17
19:39:47      0.00      0.00      0.76      0.17      0.76      0.17
19:39:48      0.00      0.00      0.09      0.22      0.09      0.22
19:39:49      0.00      0.00      0.06      0.17      0.06      0.17
19:39:50      0.00      0.00      0.76      0.17      0.76      0.17
19:39:51      0.00      0.00      0.12      0.17      0.12      0.17

Httping是一款类似于ping的http响应测试工具，可用于HTTP测试及监控。
安装：

wget http://www.vanheusden.com/httping/httping-1.5.3.tgz
tar zxvf httping-1.5.3.tgz 
cd httping-1.5.3
make install

使用参数：

-g url         url (e.g. -g http://localhost/)
-h hostname    hostname (e.g. localhost)
-p portnr      portnumber (e.g. 80)
-x host:port   hostname+portnumber of proxyserver
-c count       how many times to connect
-i interval    delay between each connect, can be only smaller than 1 if user is root
-t timeout     timeout (default: 30s)
-Z             ask any proxies on the way not to cache the requests
-Q             use a persistent connection. adds a 'C' to the output if httping had to reconnect
-6             use IPv6
-s             show statuscodes
-S             split time in connect-time and processing time
-G             do a GET request instead of HEAD (read the
               contents of the page as well)
-b             show transfer speed in KB/s (use with -G)
-B             like -b but use compression if available
-L x           limit the amount of data transferred (for -b)
               to 'x' (in bytes)
-X             show the number of KB transferred (for -b)
-l             connect using SSL
-z             show fingerprint (SSL)
-f             flood connect (no delays)
-a             audible ping
-m             give machine parseable output (see
               also -o and -e)
-o rc,rc,...   what http results codes indicate 'ok'
               coma seperated WITHOUT spaces inbetween
               default is 200, use with -e
-e str         string to display when http result code
               doesn't match
-I str         use 'str' for the UserAgent header
-R str         use 'str' for the Referer header
-r             resolve hostname only once (usefull when
               pinging roundrobin DNS: also takes the first
               DNS lookup out of the loop so that the first
               measurement is also correct)
-n warn,crit   Nagios-mode: return 1 when avg. response time
               >= warn, 2 if >= crit, otherwhise return 0
-N x           Nagios mode 2: return 0 when all fine, 'x'
               when anything failes
-y ip[:port]   bind to ip-address (and thus interface) [/port]
-q             quiet, only returncode
-A             Activate Basic authentication
-U Username    needed for authentication
-P Password    needed for authentication
-C cookie=value Add a cookie to the request
-V             show the version

应用示例：

httping -S -G -s -b -c 5 www.qq.com 
PING www.qq.com:80 (www.qq.com):
connected to 125.39.127.25:80 (285 bytes), seq=0 time=38.88+723.79=762.67 ms 200 OK 381KB/s
connected to 125.39.207.172:80 (285 bytes), seq=1 time=35.89+729.76=765.64 ms 200 OK 378KB/s
connected to 111.161.48.38:80 (285 bytes), seq=2 time=34.50+1231.31=1265.82 ms 200 OK 219KB/s
connected to 111.161.48.39:80 (285 bytes), seq=3 time=39.15+779.30=818.45 ms 200 OK 355KB/s
connected to 111.161.48.52:80 (285 bytes), seq=4 time=42.51+763.95=806.46 ms 200 OK 364KB/s
--- www.qq.com ping statistics ---
5 connects, 5 ok, 0.00% failed
round-trip min/avg/max = 762.7/883.8/1265.8 ms
Transfer speed: min/avg/max = 219/340/381 KB

Centos自带iptables TTL模块，IPID源码下载地址：http://bbs.chinaunix.net/thread-2102211-1-1.html

#https://www.haiyun.me
yum -y install kernel-devel
wget http://ftp.netfilter.org/pub/iptables/iptables-1.3.5.tar.bz2
tar jxvf iptables-1.3.5.tar.bz2
ln -s iptables-1.3.5 /usr/src/iptables

编译安装IPID：

cd iptables-ipid-2.1
sed -i 's/new_ipid\[i\]/new_ipid\[id\]/g' ipt_IPID.c
make
cp ipt_IPID.ko /lib/modules/2.6.18-308.11.1.el5/kernel/net/ipv4/netfilter/
chmod 744 /lib/modules/2.6.18-308.11.1.el5/kernel/net/ipv4/netfilter/ipt_IPID.ko
cp libipt_IPID.so /lib/iptables/
depmod -a
modprobe ipt_IPID

使用参数：

--ipid-pace [number] 设置每次增加的步调值，如果为0，则数据包的IPID字段应该为一个固定的值。
--ipid-choatic 0 设置随机IPID。0仅仅是填充参数作用。

应用示例：

iptables -t mangle -A PREROUTING  -i pppoe-wan -j TTL --ttl-inc 1
#限制2级路由
iptables -t mangle -A POSTROUTING -o pppoe-wan -j TTL --ttl-set 128
iptables -t mangle -A POSTROUTING -o pppoe-wan -j IPID --ipid-pace 1
#这样路由本机和下级电脑发的数据都修改TTL和IPID信息，修改TTL会导致tracert跟踪不正常。
#如需不影响路由本机tracert可在FORWARD链修改数据包信息

Centos查看当前内核、Iptables版本并下载相应源码：

#https://www.haiyun.me
uname -r
2.6.18-274.el5
cd /usr/src/kernels/
wget http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.18.tar.gz
iptables -V
iptables v1.3.5
wget http://ftp.netfilter.org/pub/iptables/iptables-1.3.5.tar.bz2

或下载Centos官方内核源码：

useradd test
su -l test
mkdir -p ~/rpmbuild/{BUILD,BUILDROOT,RPMS,SOURCES,SPECS,SRPMS}
echo '%_topdir %(echo $HOME)/rpmbuild' > ~/.rpmmacros
yum install rpm-build redhat-rpm-config unifdef
rpm -i http://vault.centos.org/5.7/os/SRPMS/kernel-2.6.18-274.el5.src.rpm
cd ~/rpmbuild/SPECS
rpmbuild -bp --target=$(uname -m) kernel.spec
cd ~/rpmbuild/BUILD/kernel*/linux*/ #源码所在目录

下载Layer7模块和规则文件：

wget http://sourceforge.net/projects/l7-filter/files/l7-filter%20kernel%20version/2.18/netfilter-layer7-v2.18.tar.gz
wget http://sourceforge.net/projects/l7-filter/files/Protocol%20definitions/2009-05-28/l7-protocols-2009-05-28.tar.gz

给内核打上Layer7补丁并编译模块：

tar zxvf linux-2.6.18.tar.gz 
tar zxvf netfilter-layer7-v2.18.tar.gz
cd linux-2.6.18
patch -p1 < ../netfilter-layer7-v2.18/for_older_kernels/kernel-2.6.18-2.6.19-layer7-2.9.patch
#查看READ文件根据内核版本选择相应的补丁
yum install -y ncurses-devel 
#安装ncurses库，编译内核需要
make oldconfig
#备份配置文件
make menuconfig
#进入内核编译选项

在以下菜单处理选择将layer7编译为模块：

Networking——Networking options--->Network packet filtering (replaces ipchains)--->Layer 7 match support (EXPERIMENTAL) 

编译内核模块：

#https://www.haiyun.me
make prepare
make modules_prepare
#创建外部模块所需文件，后续可直接编译指定模块
make M=net/ipv4/netfilter/
#仅编译防火墙相关模块

复制编译的layer7.ko模块至系统：

strip --strip-debug net/ipv4/netfilter/ipt_layer7.ko
cp net/ipv4/netfilter/ipt_layer7.ko /lib/modules/2.6.18-274.el5/kernel/net/ipv4/netfilter/
chmod 744 /lib/modules/2.6.18-274.el5/kernel/net/ipv4/netfilter/ipt_layer7.ko 
depmod -a

编译安装Iptables layer7模块：

tar jxvf iptables-1.3.5.tar.bz2 
cd iptables-1.3.5
patch -p1 < ../netfilter-layer7-v2.18/iptables-1.3-for-kernel-pre2.6.20-layer7-2.18.patch 
#给iptables打上layer7补丁，阅读README根据内核及Iptables版本选择相应的补丁
chmod +x extensions/.layer7-test 
make KERNEL_DIR=/usr/src/kernels/linux-2.6.18
make install KERNEL_DIR=/usr/src/kernels/linux-2.6.18

安装Layer7示例脚本：

tar -zxvf l7-protocols-2009-05-28.tar.gz
cd l7-protocols-2009-05-28
make install

应用示例：

modprobe ipt_layer7
/usr/local/sbin/iptables -A FORWARD -m layer7 --l7proto qq -j DROP