golang http server tailing logs kubeapi proxy - go

Maybe anyone faced a similar problem. We have a kubeapi proxy which impersonates users using sso.
Kubectl tool works just fine with any commands unless you do tail -f
I do see that app data is coming back every 1-5 seconds, but to output it takes ~ 45 seconds.
We use http/server from standard go packages and our proxy is based of https://github.com/ericchiang/kube-oidc/issues
TCP Dump attached. Thanks

Related

WeeChat/irc - Tor Proxy

I dont think this is a very hard to solve problem, never the less I didnt find anything about it online. I am pretty new to irc/weechat and obviously dont want to leak my ip whenever i join a room. So I want to use a proxy, specifically tor. The thing is, everything I've tried didnt work out.
For clarity, I now my proxy does work, I tested it on firefox.
The things I did to connect an irc server to my proxy where the following:
add tor proxy (no username or password):
/proxy add torproxy socks5 <ip-address> 9050
set proxy on server:
/set irc.server.<server_name>.proxy torproxy
then just connect:
/connect <server_name>
and its always the same output:
irc: disconnecting from server
irc: reconnecting to server in 10 seconds
and after 10 seconds, the exact same output, but with 20 seconds, and the number just goes up
some parameters you might want to consider is that I dont run the proxy at localhost. Its a server in my lan, but i tested it on other computers and the proxy does work, so thats not the problem. Also I want to configure the proxy directly in weechat, and not use some system wide setting or something.
Thanks for your help!
You may need to disable SSL verification.
/set irc.server.<server_name>.ssl_verify off
Another factor to consider is that the server might not accept connections from tor. If the network has multiple servers, try connecting to a different one.

random ssl certification failure

I just setup a custom domain for an AWS API Gateway and set up CNAME entries in Google Domains to redirect to my API Gateway. After maybe 30 minutes of waiting I was able to use Chrome to do a simple GET request to my custom domain that properly forwarded to my API Gateway. I tested in Firefox and it worked fine too.
About 3-4 hours later I came back and tried making the same call using Python requests and it worked the first 3 times then failed.
SSLError: HTTPSConnectionPool(host='ids.references.app', port=443): Max retries exceeded with url: / (Caused by SSLError(SSLCertVerificationError("hostname '<my_custom_domain>' doesn't match '*.execute-api.us-east-2.amazonaws.com'")))
At first I thought this was a requests problem, but then I opened up Firefox and it didn't work as well. I tried Edge and the call worked. Then I went back to Python and it worked for a bit, then stopped working. I went back to Firefox and it no longer worked. Then I tried Edge and it no longer worked. Sprinkled in there I've tried Chrome and it has worked every time since it started working. (this order of events is from memory and may be slightly off).
Is this a known issue with updating DNS entries that you get some randomness when things first start until the DNS changes have fully propagated. How would I go about even tracking where the error is occurring? I think that's the most frustrating thing about this, it all seems like magic and there's no obvious point where you get something like server 1.2.3.4 says that cert_1 doesn't go with cert_2 and then later you see something like server 4.5.6.7 says cert_2 is all good (so it works). Would I need to install curl for Windows (Is is possible to make a cURL request and get the route that is taken (similar to traceroute)). Would this even matter though? What if curl was like Chrome, it always worked? Does requests have this functionality (bonus points if someone can show a requests solution)? What about Firefox or Chrome? Or could I use something like wireshark (yikes) that could somehow observe the whole system?
I'm using requests 2.25.1 and Python 3.8.5 on Windows 10 and I believe the latest versions of Edge and Firefox.

Windows 10 SNMP service not responding

I'm trying to get my head around SNMP for a project I'm working on. After I failed miserably getting it to work in my company's network, I set up a simple 3-device network to test things on, consisting of two Windows 10 PCs and a manageable switch between them.
I installed the optional feature "SNMP" on both PCs, made sure the service is running correctly and configured both services to accept SNMP queries from each other. I made sure to open up UDP port 161 in both PCs firewalls. Then I got the Net-SNMP binaries in order to use SNMPGET and SNMPWALK. As an alternative, I set up the SNMP extension for PHP through xampp (since I want to use PHP in my project once I get SNMP to work). Finally, I installed wireshark to monitor what exactly is going on and this is what I found:
When I try SNMPGET or SNMPWALK either through cmd or as a PHP command, I always get a timeout message. Wireshark is showing the get-next-request leaving one PC and arriving correctly on the other, so the network connection itself is working fine. But the receiving PC never sends a response. As I said, I'm pretty new to SNMP and I'm at a loss as to why this is happening. As I understand it, the optional feature for Windows 10 comes with its own SNMP agent, correct? If so, what could cause it to simply ignore an incoming request from a valid source IP?
The funny thing is that this even happens when I try to send an SNMP query to 127.0.0.1. I have no idea what I'm doing wrong...
Thanks to the comment of Lex Li, I was able to finally figure out which step I made a mistake with:
When setting up the SNMP service, under the security tab, I had to add 'public' as an accepted community name (with READ-ONLY rights). I figured since 'public' is sort of the standard read-only community, it would be accepted by default, which apparently it is not.
Alternatively, I guess I could have added my own communtiy name, but I didn't try that since I only want to read some values through SNMP anyways and read-only access is all I need for that.
Thank you very much Lex Li, I'm off to continue my project now!

Golang `pions` lib example issue

I've just started experimenting with WebRTC with Go and downloaded pions/webrtc library but I'am stuck with it's data-channels example.
As it written in docs I opened jsfiddle client example.
Then I'am running go run main.go command in the /go/src/github.com/pions/webrtc/examples/data-channels folder on my server to launch data-channel.
After that I copy Browser base64 Session Description from jsfiddle example and paste it into my terminal where data-channels go script is running and it generates Golang base64 Session Description code which I paste into jsfiddle example and then press Sart session button.
And it fails to establish connection :(
This is my jsfiddle example for client side:
And this is my server side go script:
What am I doing wrong?
Thanks for using pion-WebRTC (I am one of the developers!)
WebRTC uses a technology called ICE to allow peers to talk to each other. Two peers exchange IP addresses via the SDP (the text you pasted) then they attempt to communicate by sending small UDP packets between each other. Once two IP addresses successfully communicate via ICE the rest of the WebRTC steps can continue. For you this process is failing. I don't know how/why though. Firewalls, VPNs etc... all can cause problems.
You will have to debug and check different scenarios. I would try running the examples on your local PC. If that works then maybe try between a different server. A good tool to help here also is tcpdump that can show if UDP packets are arriving. I usually use tcpdump -i any udp and inbound
We also recently added IPv6 support, so might be worth trying from master and see if that helps at all! Hopefully this helps, but if you are still having issues feel free to ask more questions. We are also all available via our Slack Channel you can sign up here here and would be more then happy to chat!
I met similar problem, and I solved by
echo $BROWSER_SDP | ./main
BROWSER_SDP is the session description in your browser, main is the exe by go build main.go(you can rename exe by mv). This can make sure transfer SDP to the server, which is really important.
The detail

Specifying client IP on iperf

I am trying to study network traffic in my lab. I have 31 computers and would like to use all of them to simulate different traffic conditions. However, instead of logging into all 31 and running a command one by one on each machine, I would like to know if there is a shortcut.
My scenario: I want to investigate the affect on bandwidth when x number of computers are transmitting with a server. I have one server computer, and 30 available clients. Testing with two boxes is easy:
client: ./iperf -c -p
server: ./iperf -s -p
I'm trying to avoid running that client command on 30 computers at once. However, I don't know if iperf allows you to specify a CLIENT ip address...I was hoping I could just write a script and execute all 30 machines from one physical workstation.
Is this possible?
I just started using iperf so I may be completely wrong here, but I think the tests need to be initiated by the client... However this is not really an iperf related issue.
If you have ssh access to all the machines, you could setup a cron job that initiates the test, at different times, which could let you prepare scenarios with different loads and different users.
You could use clusterssh to manage a single window opening connections to multiple machines.
You can find it here on sourceforge
Hope it helps, it's kind of a late response.

Resources