Error during nfq_open() - iptables

I'm trying to set up an nfq listener based on This bit of code:
main (int argc, char **argv)
{
struct nfq_handle *h;
struct nfq_q_handle *qh;
struct nfnl_handle *nh;
int fd;
int rv;
char buf[4096] __attribute__ ((aligned));
printf ("opening library handle\n");
h = nfq_open ();
if (!h)
{
fprintf (stderr, "error during nfq_open()\n");
exit (1);
}
...
I have the following iptables rule set:
NFQUEUE udp -- 0.0.0.0/0 192.168.50.0/24 udp dpt:10000 NFQUEUE num 5061
But running the program always gives: Error during nfq_open()
Is there something incorrect with my IPtables rule? I used the following command:
/sbin/iptables -A FORWARD --protocol udp --dport 10000 -j NFQUEUE --queue-num 5061 -d 192.168.50.0/24
Thanks.

Please add "-t" switch with the table name "nat|filter|mangle" in which you want to add rule.

This won't be an issue with the iptables command at all. I would guess that you are not running the program as root, which is required to use NFQUEUE.

Related

Prevent CUDA-enabled MPI from checking for CUDA devices

The OpenMPI 4.0.5 on our cluster is built with CUDA support, but I want to benchmark pnetcdf without needing CUDA for that. Since I want to do a number of test runs that I can start on like 1/4th of a node and my tests won't make use of the GPUs I wanted to ask if there is a way to suppress the MPI check for CUDA devices. Because when I simply obtain a SLURM allocation without GPUs, I get lots of errors from that alone.
These errors come from hwloc, and can be suppressed with HWLOC_HIDE_ERRORS=1 but I'd like to know if there is a more specific method.
Steps to reproduce:
frontend$ salloc -n 16 -t 8:00:00 -A k20200
node$ exec bash -l
node$ module load gcc openmpi
node$ mpicc -o /tmp/hello ~/usr/src/helloworld_mpi.c
node$ srun -n 1 /tmp/hello
CUDA: Failed to get number of devices with cudaGetDeviceCount(): no CUDA-capable device is detected
Hello world!, I'm rank 0 of 1!
node$ HWLOC_HIDE_ERRORS=1 srun -n 1 /tmp/hello
Hello world!, I'm rank 0 of 1!
node$ logout
The example code used above is the following but any program without CUDA use is equally useful in this exercise
#include <stdio.h>
#include <stdlib.h>
#include <mpi.h>
#define xmpi(rc) \
do { \
int err = (rc); \
if (err != MPI_SUCCESS) { \
char msg[MPI_MAX_ERROR_STRING + 1]; \
int msg_len; \
\
if (MPI_Error_string(err, msg, &msg_len) \
== MPI_SUCCESS){ \
msg[msg_len] = '\0'; \
\
fprintf(stderr, \
"Problem in MPI call: %d = %s\n", \
err, msg); \
MPI_Abort(MPI_COMM_WORLD, 1); \
} \
} \
} while (0)
int
main(int argc, char *argv[])
{
xmpi(MPI_Init(&argc, &argv));
int rank, size;
xmpi(MPI_Comm_rank(MPI_COMM_WORLD, &rank));
xmpi(MPI_Comm_size(MPI_COMM_WORLD, &size));
printf("Hello world!, I'm rank %d of %d!\n", rank, size);
xmpi(MPI_Finalize());
return EXIT_SUCCESS;
}

How to select fields in a non-uniform file using different delimiters?

I'm having trouble writing a one-liner that will select out the numbers between the parentheses, wrap it in double quotes, insert a comma, then select all the text after "USER_RULE: " up to the next double quote.
Here is a small sample of my file:
#213(1547485175) pass in quick on igb0 inet proto udp from <MGMT_HOSTS:1> to <UNRAID_IP:1> port = http keep state label "USER_RULE: Local Mgmt Services"
#174(1548683908) block return in quick on ALL_LAN inet proto tcp from <LOCAL_NETWORKS:7> to <LOCAL_BROADCAST:8> label "USER_RULE: Local Broadcast Noise"
#157(1547555119) block return in log quick on ALL_LAN inet from ! <NO_PFBLOCKER:1> to <pfB_BAD_IP_v4:55258> label "USER_RULE: pfb_Bad_IP (outbound)"
#137(1547478025) pass in quick on igb0 inet proto tcp from 192.168.1.0/24 to (self:13) port = ssh flags S/SA keep state label "USER_RULE: Anti-Lockout"
#386(1548774638) pass in quick on igb0.10 route-to (ovpnc1 10.20.48.141) inet proto udp from <MOBILE_DEVICES:5> to ! <PRIVATE_NETWORKS:3> port = https keep state label "USER_RULE: Policy Route" tag NO_WAN_EGRESS
Here's my expected output:
"1547485175",Local Mgmt Services
"1548683908",Local Broadcast Noise
"1547555119",pfb_Bad_IP (outbound)
"1547478025",Anti-Lockout
"1548774638",Policy Route
I've tried various combinations of awk, sed, and grep and I can get sort of the output I want. I just can't nail it. I'll spare you my ugly failed attempts.
$ sed 's/[^(]*(\([^)]*\).*"USER_RULE: *\([^"]*\).*/"\1",\2/' file
"1547485175",Local Mgmt Services
"1548683908",Local Broadcast Noise
"1547555119",pfb_Bad_IP (outbound)
"1547478025",Anti-Lockout
"1548774638",Policy Route
Could you please try following(It is always recommended to add your effort in your post so kindly do so as we all are here to learn).
awk '
BEGIN{
s1="\""
OFS=","
}
match($0,/\([^\)]*/){
val=substr($0,RSTART+1,RLENGTH-1)
}
match($0,/USER_RULE[^"]*/){
print s1 val s1,substr($0,RSTART+11,RLENGTH-11)
}' Input_file
Output will be as follows.
"1547485175",Local Mgmt Services
"1548683908",Local Broadcast Noise
"1547555119",pfb_Bad_IP (outbound)
"1547478025",Anti-Lockout
"1548774638",Policy Route
# File a.awk:
BEGIN { q = "\"" }
{ idx = index($0, "USER_RULE:")
rule = substr($0, idx + 11)
idx = index(rule, q) - 1
print q substr($0, 6, 10) q "," substr(rule, 1, idx)
}
Run:
$ awk -f a.awk file
"1547485175",Local Mgmt Services
"1548683908",Local Broadcast Noise
"1547555119",pfb_Bad_IP (outbound)
"1547478025",Anti-Lockout
"1548774638",Policy Route

Run busybox netcat in background script?

Note, I have looked at Using netcat/cat in a background shell script (How to avoid Stopped (tty input)? ), but it doesn't seem to apply to my case. I'm using the netcat (nc) that comes with busybox, and none of the workarounds I've found seem to work for me. Also, there is no -d option, nor are there any -q options.
I'm trying to use netcat to receive a file in a shell script, and this script is in a background process that apparently doesn't have a stdin. I have tried several different approaches, but none seem to work. Here's what I've tried:
nc -l -p 8888 > file returns the instant the remote sender connects, dropping the connection early.
nc -l -p 8888 < /dev/null > file does the same.
echo -n | nc -l -p 8888 > file does the same.
tail -f /dev/null | nc -l -p 8888 > file will receive the file, but it doesn't quit when the file transfer is finished.
I'm running out of ideas. Is this version of netcat fundamentally broken?
Well, it's been days, and nobody had an answer, so I had to roll my own. Below is the code, in case it's useful to anyone.
#include <signal.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <netinet/ip.h>
#include <ctype.h>
#include <errno.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/uio.h>
#include <unistd.h>
void bail(const char *s)
{
perror(s);
exit(-1);
}
int listen_socket;
struct sockaddr_in my_addr;
void setup_socket(int port)
{
int er;
listen_socket = socket(AF_INET, SOCK_STREAM, 0);
if (listen_socket < 0) bail("socket");
int on=1;
er = setsockopt(listen_socket, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on));
if (er < 0) bail("setsockopt");
memset(&my_addr, 0, sizeof(my_addr));
my_addr.sin_family = AF_INET;
my_addr.sin_port = htons(port);
my_addr.sin_addr.s_addr = htonl(INADDR_ANY);
er = bind(listen_socket, (struct sockaddr *)&my_addr,
(socklen_t)sizeof(struct sockaddr_in));
if (er < 0) bail("bind");
er = listen(listen_socket, 1);
if (er < 0) bail("listen");
}
int listen_wait()
{
socklen_t len = sizeof(struct sockaddr_in);
int s = accept(listen_socket, (struct sockaddr *)&my_addr, &len);
if (s < 0) bail("accept");
return s;
}
char buf[1024];
int main(int argc, char *argv[])
{
int port = 8888;
int sock;
int tryagain;
if (argc>1) {
port = atoi(argv[1]);
}
setup_socket(port);
sock = listen_wait();
do {
int i = read(sock, buf, 1024);
tryagain = (errno==EAGAIN);
if ((i<1) && (!tryagain)) {
shutdown(sock, 2);
close(sock);
return 0;
}
if (i>0) {
fwrite(buf, 1, i, stdout);
}
} while (1);
return 0;
}
This will do the trick
sleep 99999 | nc -l -p 8888 > file

Getting CPU info from Process ID

If anyone could please help me out, that would be great :)
This seems to be a tough one. Starting from the process ID, I need to be able to grab:
How much CPU the process is taking up in %
How long the process has been using the CPU
This needs to be written in Cocoa/ Objective-C or C. It also needs to work on Tiger through Snow Leopard.
Thanks!
A crude way would be to spawn of a popen command and grab some output from ps.
Ie like this:
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
void get_process_info(int pid) {
char ps_cmd[256];
sprintf(ps_cmd, "ps -O %%cpu -p %d", pid); // see man page for ps
FILE *fp = popen(ps_cmd, "r");
if (fp) {
char line[4096];
while (line == fgets(line, 4096, fp)) {
if (atoi(line) == pid) {
char dummy[256];
char cpu[256];
char time[256];
// PID %CPU TT STAT TIME COMMAND
// 32324 0,0 s001 S+ 0:00.00 bc
sscanf(line, "%s %s %s %s %s", dummy, cpu, dummy, dummy, time);
printf("%s %s\n", cpu, time); // you will need to parse these strings
pclose(fp);
return;
}
}
pclose(fp);
}
}
int main() {
get_process_info(32324);
return 0;
}

Calling fgets() on popen() of 'ssh' is flushing the beginning of stdin of the calling process (ptty issue)

I have now whittled this down to a minimal test case. Thus far I have been able to determine that this is an issue related to pseudo-terminals which come about with the pipe of ssh. Adding the '-t -t' to the ssh call improved things, in that now, it takes a second call to fgets() to cause the issue. I suspect that the stderr output of the ssh command somehow works into the issue, for now I have redirected stderr to stdout in the ssh code to execute. I do wonder if the "tcgetattr: Invalid argument" error is part of the problem, but am not sure how to get rid of that. It seems to come from the -t -t being present. I believe the -t -t is moving in the right direction, but I have to set up the pseudo terminal for stderr somehow and perhaps the test will work properly?
The Makefile:
test:
gcc -g -DBUILD_MACHINE='"$(shell hostname)"' -c -o test.o test.c
gcc -g -o test test.o
.PHONY: clean
clean:
rm -rf test.o test
The test.c source file:
#include <unistd.h>
#include <string.h>
#include <stdio.h>
int
main(int argc, char *argv[])
{
const unsigned int bufSize = 32;
char buf1[bufSize];
char buf2[bufSize];
int ssh = argv[1][0] == 'y';
const char *cmd = ssh ? "ssh -t -t " BUILD_MACHINE " \"ls\" 2>&1" : "ls";
FILE *fPtr = popen(cmd, "r");
if (fPtr == NULL) {
fprintf(stderr,"Unable to spawn command.\n");
perror("popen(3)");
exit(1);
}
printf("Command: %s\n", cmd);
if (feof(fPtr) == 0 && fgets(buf2, bufSize, fPtr) != NULL) {
printf("First result: %s\n", buf2);
if (feof(fPtr) == 0 && fgets(buf2, bufSize, fPtr) != NULL) {
printf("Second result: %s\n", buf2);
int nRead = read(fileno(stdin), buf1, bufSize);
if (nRead == 0) {
printf("???? popen() of ssh consumed the beginning of stdin ????\n");
} else if (nRead > 0) {
if (strncmp("The quick brown fox jumped", buf1, 26) != 0) {
printf("??? Failed ???\n");
} else {
printf("!!!!!!! Without ssh popen() did not consume stdin !!!!!!!\n");
}
}
}
}
}
This shows it running the passing way:
> echo "The quick brown fox jumped" | ./test n
Command: ls
First result: ARCH.linux_26_i86
Second result: Makefile
!!!!!!! Without ssh popen() did not consume stdin !!!!!!!
This shows it running the failing way:
> echo "The quick brown fox jumped" | ./test y
Command: ssh -t -t hostname "ls" 2>&1
First result: tcgetattr: Invalid argument
Second result: %backup%~ gmon.out
???? popen() of ssh consumed the beginning of stdin ????
Okay, I have got this working finally. The secret was to supply /dev/null as the input to my ssh command as follows from the test case above:
const char *cmd
= ssh ? "ssh -t -t " BUILD_MACHINE " \"ls\" 2>&1 < /dev/null" : "ls";
However, while the code works correctly, I get a nasty message which apparently I can ignore for my purposes (although I'd like to make the message go away):
tcgetattr: Inappropriate ioctl for device