Skip to content

Instantly share code, notes, and snippets.

@spiarh
spiarh / tc mirroring.md
Created June 19, 2023 12:49 — forked from mcastelino/tc mirroring.md
Using tc redirect to connect a virtual machine to a container network

Connecting a veth device to tap

  • veth device from CNI/CNM plugin: eth0
  • tap device that connects to the VM: tap0

Redirecting traffic between the two devices

tc qdisc add dev eth0 ingress
tc filter add dev eth0 parent ffff: protocol all u32 match u8 0 0 action mirred egress redirect dev tap0

Keybase proof

I hereby claim:

  • I am spiarh on github.
  • I am spiarh (https://keybase.io/spiarh) on keybase.
  • I have a public key whose fingerprint is 0E48 FE7E CBF8 48A8 D1E7 66B1 3D0B 8542 94E0 8BC8

To claim this, I am signing this object:

@spiarh
spiarh / asd.py
Created August 29, 2022 19:07 — forked from LiveOverflow/asd.py
C Application Firewall
import struct
import socket
s = socket.socket()
s.connect(('127.0.0.1', 1337))
r = s.recv(1024)
s.send("%p,%p,%p\n")
while ',' not in r:
r = s.recv(1024)
start_buf = int(r.split(',')[1], 16)-9
@spiarh
spiarh / killbutmakeitlooklikeanaccident.sh
Created July 20, 2022 15:23 — forked from moyix/killbutmakeitlooklikeanaccident.sh
Script to inject an exit(0) syscall into a running process. NB: only x86_64 for now!
#!/bin/bash
gdb -p "$1" -batch -ex 'set {short}$rip = 0x050f' -ex 'set $rax=231' -ex 'set $rdi=0' -ex 'cont'
@spiarh
spiarh / main.go
Created March 21, 2022 09:54 — forked from enricofoltran/main.go
A simple golang web server with basic logging, tracing, health check, graceful shutdown and zero dependencies
package main
import (
"context"
"flag"
"fmt"
"log"
"net/http"
"os"
"os/signal"
@spiarh
spiarh / awk_netstat.sh
Created September 21, 2021 21:20 — forked from staaldraad/awk_netstat.sh
AWK to get details from /proc/net/tcp and /proc/net/udp when netstat and lsof are not available
# Gawk version
# Remote
grep -v "rem_address" /proc/net/tcp | awk '{x=strtonum("0x"substr($3,index($3,":")-2,2)); for (i=5; i>0; i-=2) x = x"."strtonum("0x"substr($3,i,2))}{print x":"strtonum("0x"substr($3,index($3,":")+1,4))}'
# Local
grep -v "rem_address" /proc/net/tcp | awk '{x=strtonum("0x"substr($2,index($2,":")-2,2)); for (i=5; i>0; i-=2) x = x"."strtonum("0x"substr($2,i,2))}{print x":"strtonum("0x"substr($2,index($2,":")+1,4))}'
# No Gawk
# Local
grep -v "rem_address" /proc/net/tcp | awk 'function hextodec(str,ret,n,i,k,c){
@spiarh
spiarh / exec.go
Created July 7, 2021 06:55 — forked from hichihara/exec.go
Golang exec command unit test
package main
import (
"fmt"
"os/exec"
"strconv"
"strings"
)
var execCommand = exec.Command

1 to 3 masters

Cluster state:

1 master: master01.fqdn 2 workers: worker01.fqdn, worker01.fqdn

A couple of nginx pods are running.

Goal:

@spiarh
spiarh / README.md
Created June 19, 2020 15:04 — forked from detiber/README.md
Using CFSSL as an external CA for kubeadm

CFSSL as an external CA for non-ha kubeadm intialized clusters

Using cfssl to Create an External CA Infrastructure

Install cfssl

# This requires an existing Go environment with GOPATH set
go get -u github.com/cloudflare/cfssl/cmd/...
---
apiVersion: apps/v1
kind: Deployment
metadata:
generation: 1
labels:
app: source-ip-app
name: source-ip-app
namespace: default
spec: