I am trying to connect a grpc-c++ client to a grpc-c++ server. I already have a grpc-java client connected with working TLS so the server should be functioning correctly.
However inside grpc-java there is a method when building a channel named 'overrideAuthority'. From the documentation the method
"Overrides the authority used with TLS and HTTP virtual hosting. It does not change what host is actually connected to. Is commonly in the form host:port."
I was attempting to find something similar for the c++ client. However, so far all I have found is a function named set_authority() on the grpc::ClientContext as well as two options used with grpc_channel_args which are GRPC_ARG_DEFAULT_AUTHORITY and GRPC_SSL_TARGET_NAME_OVERRIDE_ARG.
None of these seem to have any effect on the authority at all. The server will always reject the connection with the error
No match found for server name: 0.0.0.0.
P.S. I am aware that I can add it to the common name on the certificate (and I will if I need to). However, if possible I would like to follow the same pattern as the grpc-java client.
GRPC_SSL_TARGET_NAME_OVERRIDE_ARG is the right channel arg. Please take a look at some of the tests https://github.com/grpc/grpc/blob/470a3066c74abc7c2a0a2cab3b35000b27b51af1/test/core/end2end/fixtures/h2_ssl.cc#L133
https://github.com/grpc/grpc/blob/470a3066c74abc7c2a0a2cab3b35000b27b51af1/test/cpp/end2end/xds/xds_end2end_test.cc#L1348
Additionally, if I remember correctly, this log just serves as a warning and does not result in disconnections. Please collect some more verbose logs https://github.com/grpc/grpc/blob/master/TROUBLESHOOTING.md. That might give more hints as to what's going on here.
Related
I have an Ubuntu VM installed on a client's VMware system. Recently, the client's IT informed us that his firewall has been detecting consistent potential port scans to our VM's internal IP address (coming from 87.238.57.227). He asked if this was part of a known package update process on our VM.
He sent us a firewall output where we can see several instances of the port scan, but there are also instances of our Ubuntu VM trying to communicate back to the external server on port 37258 (this is dropped by the firewall).
Based on a google lookup, the hostname of the external IP address is "feris.postgresql.org", with the ASN pointing to a European company called Redpill-Linpro. As far as I can tell, they offer IT consulting services, specializing in open source software (like PostgreSQL, which is installed on our VM). I have never heard of them before though and have no idea why our VM would be communicating with them or vice-versa. I'm also not sure if I'm interpreting the IP lookup information correctly: https://ipinfo.io/87.238.57.227
I'm looking for a way to confirm or disprove that this is just our VM pinging for a standard postgres update. If that's the case I'd like to restrict this behaviour. We would prefer to do these types of updates manually and limit the communication outside of the VM to what is strictly necessary for the functionality of our application.
Update
I sent an email to Redpill's abuse account. They responded quickly saying that the server should not be port scanning anyone and if it appears that way, something is wrong.
The server is part of a cluster of machines that serves apt.postgresql.org among other postgres download sites. I don't think we have anything like ansible or puppet installed that would automatically check for updates but I will look into that to make sure. I'm wondering if Ubuntu reaching out to update the MOTD with the number of available packages would explain why our VM is trying to reach out to the external postgres server?
The abuse rep said in any case there should only be outgoing connections from the VM, not incoming. He asked for some additional info so I will keep communicating with him and try to update this post accordingly
My communication with the client's IT dropped off so I did not get a definitive answer on this, but I'll provide some new details:
I reached out to the abuse email for Redpill-Linpro. He got back to me and confirmed the server corresponding to the detected IP address is part of a cluster that hosts postgres download sites, including apt.postgresql.org. He was surprised to learn we had detected a port scan from their server and seems eager to figure out why that is happening.
He asked if the client IT could pass along some necessary info for them to set up tracking on that server. But the client IT never got back to me. I think he was satisfied that it wasn't malicious and stopped pursuing it.
Here's one of the messages the abuse rep sent me that may be relevant:
That does look a lot like the tcp to the apt download server yes. It's
strange that your firewall reports that many incoming connections, but
they could be fallout from some connection tracking that's not
operating as intended. The timing appears to be matching up more or
less perfectly. And there should definitely not be any ping-back
connections from it.
Since you appear to be using the http version of the server (and not https) bringing the data in cleartext, they should be able to just
dump the TCP connection contents and verify exactly what it does. But
I bet they are going to see a number of http requests initiated by the
apt client that is checking for updates.
I am trying to document a server and replicate its setup done by another person. Server is running Play Framework which also acts as a reverse proxy to MediaWiki running on Apache on the same server on a port that is not open externally on the server.
The Play Framework routes requests to the Media Wiki Server using ScalaWS. When I check the request it creates a request by using the server domain with the Apache port and the media wiki file.
In the real server it is working fine but in the test deployment it fails to reach mediawiki. It works if in the test deployment I open the Apache port externally.
So Somehow the request to the local server running internally on the machine needs to be accessed without routing the request externally. How can this be done? If anyone can give some quick tips or things I can check or even explain how this may be working, that would really help save me some time.
The /etc/hosts file had the wrong domain defined. Fixing that fixed the problem.
Excuse me. I speak poor English.
I am trying to create a network proxy programming with sock5 protocol. But I have no way to learn it, I can't figure out how a proxy programming works especially the followings:
What is the difference and association between socks5 and the Shadowsocks ?
Can I set a the network proxy configure in macOs instead of using swift or oc ?
such as enabling this check button(socks5 proxy) and filling the specific configure using a language instead of swift or oc:
configure
Once I set the option on macOs in the Question 2,what kind of data will the programming get if it listening the network?
e.g. will the macOs automatically forward the all new TCP connections to 127.0.0.1:1086 and automatically make the connections confirm to the socks5 request standard?
If so, why the final processing programming (transmit the datas to the real remote proxy-server) can make a successful connection? Instead of a forever loop(a.programming create a socket to remote proxy-server -> b. macOs automatically forward it to 127.0.0.1:1086 and make the connection confirm to the socks5 request standard -> a.)
Is it called as a proxy-client? or local proxy-server? what is the job of it. Why do I set a proxy address as a local one instead of a direct remote server?
Why when I setting a fake socks5 option in macOs network proxy options, a UDP programming can still work successfully?
If you can UNDERSTAND CHINESE:
Chinese language
The follow answers are based on my own experience and opinion.
1、socks5 is an Internet protocol that exchanges network packets between a client and server through a proxy server. Sockes
while Shadowsocks is a software use this protocol.
2 、Yes,you can. Install a Shaowsocks don't need any
Programming language, actually it like installing a EXE file on Windows or pkg on MacOS, it's just a software.
3、Socks5 is an Internet protocol like a language between two computer.
The software's message run on you computer will be "translated" by Shadowsocks.
Those translated message will be sent to the remote service (also run a Shadowsocks) then the service can send message to those "blocked" Webs' services.
4、The remote service can be called an proxy service.The local don't do anything except be "translated" by Shadowsocks. Look this picture.
5、The QQ don't use the port 1080, Shadowsocks need a fixed port to "translate" message.
I am working with the BlueZ libraries for managing the bluetooth stack under linux. I am trying to open a socket that should connect with a specific service whose UUID is known. I have successfully tried to open sockets between a server and a client following the examples here:
http://people.csail.mit.edu/albert/bluez-intro/c404.html
where it is also described how to explore services in a remote host; however, what I cannot figure out is how to specify the UUID while connecting the socket. This is something quite straightforward on other contexts, as it happens when using Android libraries; however, with BlueZ I haven't found examples on the web.
Thanks for the help!
Stefano
-- added some details in a reply... don't know if it's right or not; if not, sorry
thanks for your help!
In my post I said I wanted to connect a socket with a specified UUID since I had in mind a function like createRfcommSocketToServiceRecord as can be found in:
http://developer.android.com/reference/android/bluetooth/BluetoothDevice.html#createRfcommSocketToServiceRecord%28java.util.UUID%29
which returns a socket given a certain UUID. I am developing two softwares, one being the client and the other the server, therefore it's a service I am creating, not a standard one. I publish such service on the server with a specified UUID, and I would like to connect to it from the client. The server is running fine, since with an android platform, exploiting the mentioned createRfcommSocketToServiceRecord method, I am able to connect to the server with the right service.
The example you posted is very clear as well, but unfortunately it is in Python, while (I forgot to point out) I am using Bluez as a C library. I am able to exploit the SDP and inspect services on a remote server; however, when it is the time of setting up the socket, I don't see how to specify the port. I thought about the rc_channel, but as far as I understood it is the bluetooth channel (ranging from 1 to 11 or something similar). Could you please point out Where I should be able to specify the port while creating the socket in the client? And where am I able to find the right port in the complex structure the sdp is dealing with? -- referred to:
http://people.csail.mit.edu/albert/bluez-intro/x604.html
Thanks again for the help!
You don't connect sockets by UUID. You use a socket to connect to remote device and browse its SDP to discover the UUIDs it offers, and map that to a socket port. Here's an example of this process using PyBluez, python wrappers above BlueZ
http://people.csail.mit.edu/albert/bluez-intro/x290.html
Setup:
I have client C connecting to server S
Both C and S are on the same machine
In C the server address is hardcoded to 127.0.0.1. Likewise, in S the client address is hardcoded to 127.0.0.1
Problem:
I want to be able to sniff the traffic between the client and the server.
Due to the configuration, I cannot move the client nor the server to different locations (the address are hardcoded)
Installing the loopback interface and using tools like Wireshark+WinPcap doesn't lead anywhere (was actually already known but was worth a try)
RawCap, suggested in another topic, doesn't work. IP 127.0.0.1 is listed, but does not record any traffic.
Using rinetd to route the traffic elsewhere, as suggested here doesn't work (cannot bind on 127.0.0.1)
Not interested in using a HTTP local proxy, such as Fiddler, because I'd like to capture also other protocols
Two commercial tools work, specifically CommView and Local Network Monitor, which means it must be possible to do that ;)
How can I do to capture the traffic?
Any pointer on functions I should use or documentation I should read?
Thanks!
Basically you need to write a TDI filter driver to achieve that... for some pointers see:
http://msdn.microsoft.com/en-us/library/windows/hardware/ff565685%28v=vs.85%29.aspx
http://msdn.microsoft.com/en-us/library/windows/hardware/ff563317%28v=VS.85%29.aspx
Another option is to write a WinSock LSP.
BEWARE
Since Windows 8 it is strongly encouraged to use WFP (Windows Filtering Platform) for this sort of thing...
Although it might be more cost-effective to just use/buy an existing solution - esp. if you are not a very experienced driver developer...
Use RawCap, which can solve your concerns, see this