Skip to content

Instantly share code, notes, and snippets.

Avatar
🐞

Rahul Jadhav nyrahul

🐞
View GitHub Profile
@nyrahul
nyrahul / cilium-quick-cmds.sh
Last active Aug 18, 2021
cilium quick notes for dev VM
View cilium-quick-cmds.sh
# -------[ Cilium installation on GKE ]---------
NATIVE_CIDR="$(gcloud container clusters describe "cluster-core-backend" --zone "us-central1-c" --format 'value(clusterIpv4Cidr)')"
# with hubble-relay
helm install cilium cilium/cilium --version 1.9.6 \
--namespace kube-system \
--set nodeinit.enabled=true \
--set nodeinit.reconfigureKubelet=true \
--set nodeinit.removeCbrBridge=true \
--set cni.binPath=/home/kubernetes/bin \
@nyrahul
nyrahul / cdump.sh
Created Apr 16, 2021
tcpdump for pod controlled by cilium
View cdump.sh
#!/bin/bash
# Usage: $0 <pod> [tcpdump-filter]
[[ "$1" == "" ]] && echo "Usage: $0 <pod> [tcpdump-filter]" && exit 1
ep_id=`kubectl get cep -A -o jsonpath="{.items[?(@.metadata.name==\"$1\")].status.id}"`
iface=`cilium endpoint get $ep_id -o jsonpath="{[*].status.networking.interface-name}"`
shift
@nyrahul
nyrahul / ssh-port-fwd
Last active May 31, 2021
ssh port forwarding
View ssh-port-fwd
ssh -L 6060:127.0.0.1:6060 vagrant@192.168.34.11
golang pprof tool by default starts the pprof web server on localhost:6060. My pprof was running inside a VM and I needed to access the web server from the host. I could ssh to the VM. Thus I needed to enable port-forwarding on the host to the VM (remote).
ssh -L 6060:127.0.0.1:6060 vagrant@192.168.34.11
| | | |-------v------------|
| | | \--------------- remote ssh user@hostname
| | |
| | \--------- remote port to forward
| |
@nyrahul
nyrahul / BUILD_BUG_ON.c
Created Mar 13, 2021
Compile time check to validate structure size
View BUILD_BUG_ON.c
#include <stdio.h>
#define BUILD_BUG_ON(condition) ((void)sizeof(char[1 - 2 * !!(condition)]))
int main(void)
{
struct t {
int x;
int y;
int z;
@nyrahul
nyrahul / ssh-pushkey
Last active May 10, 2021
ssh password less login: Add my pub key to .ssh/authorized_keys
View ssh-pushkey
# Generate ssh keys
ssh-keygen -t rsa
# Add my pub key as an authorized key on the remote host rahul@vbox20
cat ~/.ssh/id_rsa.pub | ssh rahul@vbox20 'mkdir -p .ssh && cat >> .ssh/authorized_keys'
@nyrahul
nyrahul / dig-container.sh
Created Jan 13, 2021
Map the container syscall events using sysdig
View dig-container.sh
#!/bin/bash
ignore_evts="futex switch clock_gettime io_getevents sched_getaffinity getrusage nanosleep rt_sigaction rt_sigprocmask ioctl sched_yield sigreturn times"
declare -A map
[[ "$1" == "" ]] && echo "Need container name as input" && exit 1
[[ $UID -ne 0 ]] && echo "Need to exec as root" && exit 1
[[ ! -x "$(which jq)" ]] && echo "Need jq command (try, apt install jq)" && exit 1
[[ ! -x "$(which sysdig)" ]] && echo "Need sysdig command (try, apt install sysdig)" && exit 1
@nyrahul
nyrahul / idspoof.py
Created Dec 31, 2020
Spoofing Cilium identity value in vxlan tunneled mode
View idspoof.py
#! /usr/bin/env python
# Aim of this script is to send a vxlan tunneled HTTP request with spoofed
# identity and pass through the authz checks implemented in cilium-ebpf.
# Configuration you need to set correct:
# 1. The target pod address (dip, dport) to which you want to make unauthorized access
# 2. The source identity (identity = 8849 below) to spoof. Use `cilium identity
# list` to check valid identity values.
# 3. The target node's vxlan IP address (vxlan_ip) and port (vxlan_port = 8472
@nyrahul
nyrahul / gitswitch.sh
Last active Dec 22, 2020
Switch all the remotes from https to git
View gitswitch.sh
#!/bin/bash
# Switch all the remotes from https to git
# e.g, https://github.com/username/reponame.git -> git@github.com:username/reponame.git
switch4remote()
{
url=`git remote get-url $1`
[[ ! $url =~ ^https ]] && echo "Remote [$1] might be on git already" && return 0
path=`echo $url | sed -Ene 's#https://github.com/(.*)#\1#p'`
View perf-show-syscall-stats
❯ sudo perf stat -e 'syscalls:sys_enter_*' iperf -c localhost 2>&1 | awk '$1 != 0'
------------------------------------------------------------
Client connecting to localhost, TCP port 5001
TCP window size: 2.50 MByte (default)
------------------------------------------------------------
[ 3] local 127.0.0.1 port 41332 connected with 127.0.0.1 port 5001
[ ID] Interval Transfer Bandwidth
[ 3] 0.0-10.0 sec 66.0 GBytes 56.7 Gbits/sec
Performance counter stats for 'iperf -c localhost':
@nyrahul
nyrahul / log_timestamp_perf.c
Created May 27, 2020
Measures impact of fancy timestamps in logging
View log_timestamp_perf.c
/*
gtd format: ss:usec ... raw time of day format .. difficult to read ..
whitefield format: ss:ms .. eases timestamp reading cuz ms format used
cooja format: hh:mm:ss.ms ... most easiest to read
./a.out 7 // show sample test of all timestamps with print
./a.out 1 1 // perf-test gettimeofday only
./a.out 2 1 // perf-test whitefield style
./a.out 4 1 // perf-test cooja style