Kopi av kj?rende kode p? sunet-mp

Erstatter dragonlab

bin/killdump.sh

+#!/bin/sh
+
+source $HOME/dragonlab/etc/start.cfg
+
+id=`ps xa | grep ntx7 | grep mapidump | awk '{print $1}'`
+
+sudo kill $id 2>> $logpath/$date/error.log
+sudo chown $USER.$USER $logpath/$date/passive.pcap
+chmod 644  $logpath/$date/passive.pcap

bin/killtcpdump.sh

+#!/bin/bash
+
+id=`ps xa | grep "udp and (port 10001 or port 10002)" | grep tcpdump | awk '{print $1}'`
+
+kill $id
\ No newline at end of file

bin/ntp-jitter.sh

+#!/bin/bash
+
+source $HOME/dragonlab/etc/start.cfg
+
+> $logpath/$date/ntp.gz
+
+while true; do
+    syspeer="$(ntpq -n -p | grep '^[*o]')"
+    set - $syspeer
+    peer=$(echo $1 | sed s/\*//)
+    shift
+    offset=${8:-U}
+    jitter=${9:-U}
+    sec="$(date -u +%s)"
+    echo $sec $peer $jitter $offset | gzip -c >> $logpath/$date/ntp.gz
+    sleep 1
+done

bin/rrsync

+#!/usr/bin/perl
+# Name: /usr/local/bin/rrsync (should also have a symlink in /usr/bin)
+# Purpose: Restricts rsync to subdirectory declared in .ssh/authorized_keys
+# Author: Joe Smith <js-cgi@inwap.com> 30-Sep-2004
+# Modified by: Wayne Davison <wayned@samba.org>
+use strict;
+
+use Socket;
+use Cwd 'abs_path';
+use File::Glob ':glob';
+
+# You may configure these values to your liking.  See also the section
+# of options if you want to disable any options that rsync accepts.
+use constant RSYNC => '/usr/bin/rsync';
+use constant LOGFILE => 'rrsync.log';
+
+my $Usage = <<EOM;
+Use 'command="$0 [-ro] SUBDIR"'
+	in front of lines in $ENV{HOME}/.ssh/authorized_keys
+EOM
+
+our $ro = (@ARGV && $ARGV[0] eq '-ro') ? shift : '';	# -ro = Read-Only
+our $subdir = shift;
+die "$0: No subdirectory specified\n$Usage" unless defined $subdir;
+$subdir = abs_path($subdir);
+die "$0: Restricted directory does not exist!\n" if $subdir ne '/' && !-d $subdir;
+
+# The client uses "rsync -av -e ssh src/ server:dir/", and sshd on the server
+# executes this program when .ssh/authorized_keys has 'command="..."'.
+# For example:
+# command="rrsync logs/client" ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAzGhEeNlPr...
+# command="rrsync -ro results" ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAmkHG1WCjC...
+#
+# Format of the environment variables set by sshd:
+# SSH_ORIGINAL_COMMAND=rsync --server          -vlogDtpr --partial . ARG # push
+# SSH_ORIGINAL_COMMAND=rsync --server --sender -vlogDtpr --partial . ARGS # pull
+# SSH_CONNECTION=client_addr client_port server_port
+
+my $command = $ENV{SSH_ORIGINAL_COMMAND};
+die "$0: Not invoked via sshd\n$Usage"	unless defined $command;
+die "$0: SSH_ORIGINAL_COMMAND='$command' is not rsync\n" unless $command =~ s/^rsync\s+//;
+die "$0: --server option is not first\n" unless $command =~ /^--server\s/;
+our $am_sender = $command =~ /^--server\s+--sender\s/; # Restrictive on purpose!
+die "$0 -ro: sending to read-only server not allowed\n" if $ro && !$am_sender;
+
+### START of options data produced by the cull_options script. ###
+
+# These options are the only options that rsync might send to the server,
+# and only in the option format that the stock rsync produces.
+
+# To disable a short-named option, add its letter to this string:
+our $short_disabled = 's';
+
+our $short_no_arg = 'ACDEHIKLORSWXbcdgklmnoprstuvxz'; # DO NOT REMOVE ANY
+our $short_with_num = 'B'; # DO NOT REMOVE ANY
+
+# To disable a long-named option, change its value to a -1.  The values mean:
+# 0 = the option has no arg; 1 = the arg doesn't need any checking; 2 = only
+# check the arg when receiving; and 3 = always check the arg.
+our %long_opt = (
+  'append' => 0,
+  'backup-dir' => 2,
+  'bwlimit' => 1,
+  'checksum-seed' => 1,
+  'compare-dest' => 2,
+  'compress-level' => 1,
+  'copy-dest' => 2,
+  'copy-unsafe-links' => 0,
+  'daemon' => -1,
+  'delay-updates' => 0,
+  'delete' => 0,
+  'delete-after' => 0,
+  'delete-before' => 0,
+  'delete-delay' => 0,
+  'delete-during' => 0,
+  'delete-excluded' => 0,
+  'existing' => 0,
+  'fake-super' => 0,
+  'files-from' => 3,
+  'force' => 0,
+  'from0' => 0,
+  'fuzzy' => 0,
+  'iconv' => 1,
+  'ignore-errors' => 0,
+  'ignore-existing' => 0,
+  'inplace' => 0,
+  'link-dest' => 2,
+  'list-only' => 0,
+  'log-file' => 3,
+  'log-format' => 1,
+  'max-delete' => 1,
+  'max-size' => 1,
+  'min-size' => 1,
+  'modify-window' => 1,
+  'no-implied-dirs' => 0,
+  'no-r' => 0,
+  'no-relative' => 0,
+  'no-specials' => 0,
+  'numeric-ids' => 0,
+  'only-write-batch' => 1,
+  'partial' => 0,
+  'partial-dir' => 2,
+  'remove-sent-files' => $ro ? -1 : 0,
+  'remove-source-files' => $ro ? -1 : 0,
+  'safe-links' => 0,
+  'sender' => 0,
+  'server' => 0,
+  'size-only' => 0,
+  'skip-compress' => 1,
+  'specials' => 0,
+  'stats' => 0,
+  'suffix' => 1,
+  'super' => 0,
+  'temp-dir' => 2,
+  'timeout' => 1,
+  'use-qsort' => 0,
+);
+
+### END of options data produced by the cull_options script. ###
+
+if ($short_disabled ne '') {
+    $short_no_arg =~ s/[$short_disabled]//go;
+    $short_with_num =~ s/[$short_disabled]//go;
+}
+$short_no_arg = "[$short_no_arg]" if length($short_no_arg) > 1;
+$short_with_num = "[$short_with_num]" if length($short_with_num) > 1;
+
+my $write_log = -f LOGFILE && open(LOG, '>>', LOGFILE);
+
+chdir($subdir) or die "$0: Unable to chdir to restricted dir: $!\n";
+
+my(@opts, @args);
+my $in_options = 1;
+my $last_opt = '';
+my $check_type;
+while ($command =~ /((?:[^\s\\]+|\\.[^\s\\]*)+)/g) {
+  $_ = $1;
+  if ($check_type) {
+    push(@opts, check_arg($last_opt, $_, $check_type));
+    $check_type = 0;
+  } elsif ($in_options) {
+    push(@opts, $_);
+    if ($_ eq '.') {
+      $in_options = 0;
+    } else {
+      die "$0: invalid option: '-'\n" if $_ eq '-';
+      next if /^-$short_no_arg*(e\d*\.\w*)?$/o || /^-$short_with_num\d+$/o;
+
+      my($opt,$arg) = /^--([^=]+)(?:=(.*))?$/;
+      my $disabled;
+      if (defined $opt) {
+	my $ct = $long_opt{$opt};
+	last unless defined $ct;
+	next if $ct == 0;
+	if ($ct > 0) {
+	  if (!defined $arg) {
+	    $check_type = $ct;
+	    $last_opt = $opt;
+	    next;
+	  }
+	  $arg = check_arg($opt, $arg, $ct);
+	  $opts[-1] =~ s/=.*/=$arg/;
+	  next;
+	}
+	$disabled = 1;
+	$opt = "--$opt";
+      } elsif ($short_disabled ne '') {
+	$disabled = /^-$short_no_arg*([$short_disabled])/o;
+	$opt = "-$1";
+      }
+
+      last unless $disabled; # Generate generic failure
+      die "$0: option $opt has been disabled on this server.\n";
+    }
+  } else {
+    if ($subdir ne '/') {
+      # Validate args to ensure they don't try to leave our restricted dir.
+      s{//+}{/}g;
+      s{^/}{};
+      s{^$}{.};
+      die "$0: do not use .. in any path!\n" if m{(^|/)\\?\.\\?\.(\\?/|$)};
+    }
+    push(@args, bsd_glob($_, GLOB_LIMIT|GLOB_NOCHECK|GLOB_BRACE|GLOB_QUOTE));
+  }
+}
+die "$0: invalid rsync-command syntax or options\n" if $in_options;
+
+@args = ( '.' ) if !@args;
+
+if ($write_log) {
+  my ($mm,$hh) = (localtime)[1,2];
+  my $host = $ENV{SSH_CONNECTION} || 'unknown';
+  $host =~ s/ .*//; # Keep only the client's IP addr
+  $host =~ s/^::ffff://;
+  $host = gethostbyaddr(inet_aton($host),AF_INET) || $host;
+  printf LOG "%02d:%02d %-13s [%s]\n", $hh, $mm, $host, "@opts @args";
+  close LOG;
+}
+
+# Note: This assumes that the rsync protocol will not be maliciously hijacked.
+exec(RSYNC, @opts, @args) or die "exec(rsync @opts @args) failed: $? $!";
+
+sub check_arg
+{
+  my($opt, $arg, $type) = @_;
+  $arg =~ s/\\(.)/$1/g;
+  if ($subdir ne '/' && ($type == 3 || ($type == 2 && !$am_sender))) {
+    $arg =~ s{//}{/}g;
+    die "Do not use .. in --$opt; anchor the path at the root of your restricted dir.\n"
+      if $arg =~ m{(^|/)\.\.(/|$)};
+    $arg =~ s{^/}{$subdir/};
+  }
+  $arg;
+}

bin/start.sh

+#!/bin/bash
+
+source $HOME/dragonlab/etc/start.cfg
+
+if [ -e $logpath/pids ] 
+then
+    echo "Pid file already exists: $logpath/pids"
+    exit
+fi
+
+if [ ! -d $logpath/$date ]
+then
+  mkdir -p $logpath/$date
+fi
+
+$vmstat 2> /dev/null > /dev/null&
+echo "$!" > $logpath/pids
+
+#Start crude
+$crude -k | gzip -c > $logpath/$date/crude.gz 2> /dev/null&
+# $crude -k -6 -p10002 | gzip -c > $logpath/$date/crude_v6.gz 2> /dev/null&
+pidof $crude >> $logpath/pids
+
+#Start tcpdump
+#ok sudo $dump $logpath/$date/dump.pcap&
+
+#Start rude
+$rude -s $rudecfg  > /dev/null 2> /dev/null &
+echo "$!" >> $logpath/pids
+
+#Start traceroute
+for i in $tracetargets; do 
+    $trace $i 2> /dev/null > /dev/null&
+    echo "$!" >> $logpath/pids
+done
+for i in $tracetargets; do 
+    $tcptrace $i 2> /dev/null > /dev/null&
+    echo "$!" >> $logpath/pids
+done
+
+for i in $tracetargets6; do 
+    $trace6 $i 2> /dev/null > /dev/null&
+    echo "$!" >> $logpath/pids
+done
+
+#Start ntp jitter
+$ntp 2>/dev/null >/dev/null&
+echo "$!" >> $logpath/pids

bin/startdump.sh

+#!/bin/sh
+
+source $HOME/dragonlab/etc/start.cfg
+
+if [ ! -d $logpath/$date ]
+then
+  mkdir -p $logpath/$date
+fi
+
+sudo /usr/local/bin/mapidump -l 86400 -d ntx7 -w $logpath/$date/passive.pcap > /dev/null 2>> $logpath/$date/error.log &
+

bin/starttcpdump.sh

+#!/bin/bash
+
+if="eth2"
+
+/usr/sbin/tcpdump -i $if 'udp and (port 10001 or port 10002)' -w - 2> /dev/null | gzip -c > $1.gz

bin/stop.sh

+#!/bin/bash
+
+source $HOME/dragonlab/etc/start.cfg
+
+if [ ! -e $logpath/pids ] 
+then
+    echo "Pid file does not exist: $logpath/pids"
+    exit
+fi
+
+for i in $(cat $logpath/pids); do kill $i; done
+
+#ok sudo $HOME/dragonlab/bin/killtcpdump.sh
+
+rm $logpath/pids

bin/tcptrace.sh

+#!/bin/bash
+
+source $HOME/dragonlab/etc/start.cfg
+
+> $logpath/$date/tcptraceroute_$1.gz
+
+while true; do
+    date +%s | gzip -c >> $logpath/$date/tcptraceroute_$1.gz 
+    tcptraceroute -q 6 -n $1 2> /dev/null | gzip -c >> $logpath/$date/tcptraceroute_$1.gz 
+    sleep 120
+done

bin/trace.sh

+#!/bin/bash
+
+source $HOME/dragonlab/etc/start.cfg
+
+log=$logpath/$date/traceroute_$1
+
+( flock -n 9 || ( echo "=== could not start traceroute - locked $log.lock ===" ; exit 1 )
+  > $log.log
+
+  while true; do
+    date "+%s starttime %T" | gzip -c >> $log.gz
+#    date "+%s starttime %T"  >> $log.log
+    traceroute -q 6 -n $1 2> /dev/null | gzip -c >> $log.gz
+#    traceroute -q 6 -n $1 >> $log.log 2>> $log.err 
+    sleep 120
+  done
+) 9> $log.lock

bin/trace6.sh

+#!/bin/bash
+
+source $HOME/dragonlab/etc/start.cfg
+
+> $logpath/$date/traceroute_$1.gz
+
+while true; do
+    date +%s | gzip -c >> $logpath/$date/traceroute_$1.gz 
+    traceroute6 -n $1 2> /dev/null | gzip -c >> $logpath/$date/traceroute_$1.gz 
+    sleep 120
+done

bin/vmstat.sh

+#!/bin/bash
+
+source $HOME/dragonlab/etc/start.cfg
+
+vmstat | perl -e 'while(<>) { $utc=`date -u +%s`; chop $utc; print "$utc $_"; }' | gzip -c > $logpath/$date/vmstat.gz
+
+while true; do
+    sleep 1
+    vmstat | perl -e 'while(<>) { $utc=`date -u +%s`; chop $utc; print "$utc $_"; }' | tail -n1 | gzip -c >> $logpath/$date/vmstat.gz
+done

etc/authorized_keys

+from="158.38.62.70,2001:700:1::62:70,158.38.130.56,2001:700:0:4513::56",no-agent-forwarding,no-port-forwarding,no-pty,no-user-rc,no-X11-forwarding  ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDP/QWtrDhFDIYjrXasgiy+AOC0hU1Kv2WUqe21Kz6q8XQeZFpfW7i0mpifaXUmLZ3FdDUaIoFhAxOiaGao2b33DLEUeuc63oT7L/utr0hOH3XGgf9mmDw7zL4FbgPqno7K0dE+eawTIHLx6RtcIZ9HLiLEPMYqPAXA2589XUZjt5r5tMs9VHFb6aTp9AJDvkz1a2xmvgmaKNSvK5itpOhOkVeUxLHTa+taCcreYPAsKyatJDPJWHr7Ouj4x+c9WvmZXTvyVtpBcy1P0zmBACDK5ymGkCXdtd0V3TLYpafbAORaRc6sCyJFAw3jtlAPFkZniEz4Eyq7lHgpoXVmoJqt up@iou2

etc/id_rsa.pub

+ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAxTR9FRQzY2inSVjBoMtSD1xLsOMuH9F89xQlfWdDDVAVtSqLmuyJGb7Vz84u5/OCgUhDdscTmDsxyUxW9stNBQH0jUYhnpvT7jS9lwHTnKn8EzlzTM5w/TbTrqsQCz7bxR53K5gtv9azW82cNy58q4IoP9gAcEfpBs/i5tldR4AG7hUBHNCgrCwYrZCCvowfUDruFN4lbIn5196cL+scWAk+kOWe0z+KNmWlSEMpcb3TPyk9Jl8S3F5/WcNfpCN3IXCqmzPOVQfddMKNzrfMtIk7CCd1kmr1R6W6L5oweAoKKGGw3UqlpDmq2t9soV2uMEF8K95G2ahPUyOWfLt4HQ== arneos@cia.uninett.no

etc/rude.cfg

+START NOW
+
+#5000     2010 ON 3001 203.91.120.141:10001 CONSTANT 100 64
+#86390000 2010 OFF
+
+# ytelse1-auckland IPv4
+5000     2011 ON 3002 130.216.5.112:10001 CONSTANT 100 64
+86390000 2011 OFF
+
+# nte
+5000     2012 ON 3003 178.164.4.2:10001 CONSTANT 100 64
+86390000 2012 OFF
+
+# switch
+5000     2013 ON 3004 130.59.31.3:10001 CONSTANT 100 64
+86390000 2013 OFF
+
+#brasilia
+5000     2014 ON 3005 200.133.192.133:10001 CONSTANT 100 64
+86390000 2014 OFF
+
+#kobenhavn
+5000     2017 ON 3007 109.105.112.50:10001 CONSTANT 100 64
+86390000 2017 OFF
+
+#stockholm
+5000     2018 ON 3008 109.105.110.98:10001 CONSTANT 100 64
+86390000 2018 OFF
+
+
+
+

etc/start.cfg

+tracetargets="130.216.5.112 200.133.192.133 109.105.112.50 109.105.110.98 130.59.31.3 128.39.65.26 178.164.4.2 89.45.232.192"
+#tracetargets="130.216.5.112 178.164.4.2 130.59.31.3 200.133.192.133" # auckland nte switch
+#tracetargets6="2001:da8:217:1:2e0:81ff:fe31:cb34 2001:df0:0:2023:225:90ff:fe19:96ba" # china auckland
+#tracetargets6="2001:df0:0:2023:225:90ff:fe19:96ba" # auckland
+logpath="$HOME/dragonlab/data"
+rudecfg="$HOME/dragonlab/etc/rude.cfg"
+dump="$HOME/dragonlab/bin/starttcpdump.sh"
+trace="$HOME/dragonlab/bin/trace.sh"
+tcptrace="$HOME/dragonlab/bin/tcptrace.sh"
+trace6="$HOME/dragonlab/bin/trace6.sh"
+vmstat="$HOME/dragonlab/bin/vmstat.sh"
+ntp="$HOME/dragonlab/bin/ntp-jitter.sh"
+crude="$HOME/dragonlab/bin/crude"
+rude="$HOME/dragonlab/bin/rude"
+date=`env TZ=Europe/Oslo date  +%Y%m%d`
+

script/dragonlab-hent.sh

+#!/bin/bash
+# 
+# Master script for controlling probe traffic on test servers
+# To be installed in crontab at storage server with
+#     # m h  dom mon dow   command
+#     0 1 * * * <path-to-dragonlab>/dragonlab.sh
+    
+#
+export LANG=C
+export LC_ALL=C
+export DATA=/dynga/dragonlab/data
+
+if test $# -ge 1 ; then
+  yesterday="$1" ; shift
+else
+  yesterday=`date +%Y%m%d --date '1 days ago'`
+fi
+	
+ssh_cmd="ssh -4 -i $HOME/.ssh/up-iou2-key"
+
+# read and store list of mp's from stdin before anyone else does
+n=0
+while read line ; do
+  echo $line | egrep -q ^#
+  mps[$n]=$line
+  n=$(($n+1))
+done
+
+function hent {
+  account=$1
+  host=$2
+  mkdir -p $DATA/$host
+  rsync -e "$ssh_cmd" -tr -q --bwlimit=2048 --remove-source-files "$account:dragonlab/data/$yesterday" $DATA/$host/
+  $ssh_cmd $account "rmdir dragonlab/data/$yesterday"
+}
+
+for i in $(seq 0 $((${#mps[@]} -1 )) ) ; do
+  line=${mps[$i]}
+  echo $line | egrep -q ^#
+  if test $? -ne 0 ; then
+    set $line
+    name=$1
+    user=$2
+    dns=$3
+    ip=$4
+    hent $user@$ip $name
+  fi
+done
+
+exit 0
+
+# gammel kode
+hent up@ytelse1.uninett.no ytelse1
+hent aosl348@nevil-res3.itss.auckland.ac.nz auckland
+# hent olav@203.91.120.141 beijing
+hent arneos@178.164.4.2 nte
+hent kvittem@lumpi.switch.ch switch
+hent oak@200.133.192.133 brasilia
+hent olav@stockholm-mp stockholm-mp
+hent olav@copenhagen-mp copenhagen-mp
+

script/dragonlab-hent.sh~

+#!/bin/bash
+# 
+# Master script for controlling probe traffic on test servers
+# To be installed in crontab at storage server with
+#     # m h  dom mon dow   command
+#     0 1 * * * <path-to-dragonlab>/dragonlab.sh
+    
+#
+export LANG=C
+export LC_ALL=C
+export DATA=/dynga/dragonlab/data
+
+if test $# -ge 1 ; then
+  yesterday="$1" ; shift
+else
+  yesterday=`date +%Y%m%d --date '1 days ago'`
+fi
+	
+ssh_cmd="ssh -4 -i $HOME/.ssh/up-iou2-key"
+
+function hent {
+  account=$1
+  host=$2
+  mkdir -p $DATA/$host
+  rsync -e "$ssh_cmd" -tr -q --bwlimit=2048 --remove-source-files "$account:dragonlab/data/$yesterday" $DATA/$host/
+  $ssh_cmd $account "rmdir dragonlab/data/$yesterday"
+}
+
+while read line ; do
+  echo $line | egrep -q ^#
+  if test $? -ne 0 ; then
+    set $line
+    name=$1
+    user=$2
+    dns=$3
+    ip=$4
+    hent $user@$ip $name
+  fi
+done
+
+exit 0
+
+# gammel kode
+hent up@ytelse1.uninett.no ytelse1
+hent aosl348@nevil-res3.itss.auckland.ac.nz auckland
+# hent olav@203.91.120.141 beijing
+hent arneos@178.164.4.2 nte
+hent kvittem@lumpi.switch.ch switch
+hent oak@200.133.192.133 brasilia
+hent olav@stockholm-mp stockholm-mp
+hent olav@copenhagen-mp copenhagen-mp
+