分类归档: Windows

解决IE8下FlashSocket无法连接java websocket的问题

参考文章: iOS 与 Java 服务器之间 SSL 握手失败的解决:Cipher Suites

Flash socket在IE8下会使用TLSv1进行通信,且Cipher suites只有有限几项jre默认不支持的。 我服务端用的是Springboot+Tomcat Embed,开启debug之后会看到cipher suite不支持的异常:not found cipher suites in common。

IE8的Cipher Suites: 
Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)     
Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)     
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)    
Cipher Suite: TLS_RSA_WITH_RC4_128_SHA (0x0005)     
Cipher Suite: TLS_RSA_WITH_RC4_128_MD5 (0x0004)     
Cipher Suite: TLS_RSA_WITH_DES_CBC_SHA (0x0009)

而一般现在装的jdk/jre都是不包含这些的。


可以通过下载下面这个jar替换掉jre的lib/security目录下的两个jar包进行添加。

Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 8 Download http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html

添加完成之后需要在配置文件中 server.ssl.ciphers 加入,我下面列了一个比较全的,可以用这个替换。    

ciphers: TLS_ECDH_anon_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, 
TLS_ECDH_RSA_WITH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
TLS_KRB5_EXPORT_WITH_RC4_40_MD5, TLS_KRB5_EXPORT_WITH_RC4_40_SHA
TLS_KRB5_WITH_RC4_128_MD5, TLS_KRB5_WITH_RC4_128_SHA
TLS_DH_anon_WITH_AES_128_GCM_SHA256, TLS_DH_anon_WITH_AES_256_GCM_SHA384
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
TLS_RSA_WITH_RC4_128_MD5, TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_GCM_SHA384
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

Read: 170

在Windows/Linux下让程序指定出口IP地址

Windows/Unix* 系统都支持为一个网卡绑定多个IP地址,但是通常操作系统会根据路由表自动选择IP地址,应用程序使用哪个IP地址用户无法主动控制。本文分别讲解在Linux和Windows下为应用程序绑定指定IP地址的方法。

关于Windows如何选择IP地址可以参考这篇文章:《Source IP address selection on a Multi-Homed Windows Computer》

一、 如何让Linux下的程序指定使用的IP地址

英文原文:《BINDING APPLICATIONS TO A SPECIFIC IP》

作者Daniel Ryde采用了LD_PRELOAD进行HACK,为应用程序注入一个动态库bind.so,这个动态库中对bind和connect函数加钩子,程序建立socket连接前绑定指定的本地IP地址。

使用方法:

Hessian:bind/ $ BIND_ADDR="192.168.8.9" LD_PRELOAD=./bind.so YOUR_PROGRAME

程序源码见文末

编译方法:

Hessian:bind/ $ gcc -nostartfiles -fpic -shared bind.c -o bind.so -ldl -D_GNU_SOURCE
Hessian:bind/ $ strip bind.so

二、 如何让Windows下的程序指定使用的IP地址

在Windows实现这个功能要相对麻烦一些,博主没有找到十分简单的办法,找了很久才发现这个高大上的东西——ForceBindIP – Bind any Windows application to a specific interface

程序原理就不翻译了,反正也没源码,不过大体跟linux版本的实现是差不多的,不过这边还多挂了WSA函数的钩子,覆盖的更完全。因为只会注入目标程序,如果网络访问是目标程序fork出去的进程发起的则不会受影响。

ForceBindIP works in two stages – the loader, ForceBindIP.exe will load the target application in a suspended state. It will then inject a DLL (BindIP.dll) which loads WS2_32.DLL into memory and intercepts the bind(), connect(), sendto(), WSAConnect() and WSASendTo() functions, redirecting them to code in the DLL which verifies which interface they will be bound to and if not the one specified, (re)binds the socket. Once the function intercepts are complete, the target application is resumed. Note that some applications with anti-debugger / injection techniques may not work correctly when an injected DLL is present; for the vast majority of applications though this technique should work fine.

作者声明支持的系统版本有:Windows NT/2000/XP/2003.

作者测试过可用的软件: DC++, uTorrent, Quake II, Quake III, Diablo II, StarCraft, Internet Explorer, Mozilla Firefox, Google Earth, Infantry, Real Player, Unreal Tournament 2004 (requires -i), Outlook 2000 (requires -i).

不可用的软件: GetRight (anti-debugger / forking techniques), WinCVS (forks cvs.exe)

博主测试过在Windows7上无法正常工作。搜狗浏览器也不知道是什么原因没有效果。

使用方法:

ForceBindIP 1.2.3.4 c:fullpathtoapp.exe

还可以通过网卡GUID进行绑定,GUID可以从注册表中找到[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParametersInterfaces]

ForceBindIP {4FA65F75-7A5F-4BCA-A3A2-59824B2F5CA0} c:pathtoapp.exe

如果遇到程序崩溃或者什么意外情况可以尝试-i参数,这会让ForceBindIP等待目标程序进入它的消息循环后再注入DLL。

ForceBindIP -i 1.2.3.4 c:fullpathtoapp.exe

bind.c

/*
   Copyright (C) 2000  Daniel Ryde

   This library is free software; you can redistribute it and/or
   modify it under the terms of the GNU Lesser General Public
   License as published by the Free Software Foundation; either
   version 2.1 of the License, or (at your option) any later version.

   This library is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
   Lesser General Public License for more details.
*/

/*
   LD_PRELOAD library to make bind and connect to use a virtual
   IP address as localaddress. Specified via the enviroment
   variable BIND_ADDR.

   Compile on Linux with:
   gcc -nostartfiles -fpic -shared bind.c -o bind.so -ldl -D_GNU_SOURCE


   Example in bash to make inetd only listen to the localhost
   lo interface, thus disabling remote connections and only
   enable to/from localhost:

   BIND_ADDR="127.0.0.1" LD_PRELOAD=./bind.so /sbin/inetd


   Example in bash to use your virtual IP as your outgoing
   sourceaddress for ircII:

   BIND_ADDR="your-virt-ip" LD_PRELOAD=./bind.so ircII

   Note that you have to set up your servers virtual IP first.


   This program was made by Daniel Ryde
   email: daniel@ryde.net
   web:   http://www.ryde.net/

   TODO: I would like to extend it to the accept calls too, like a
   general tcp-wrapper. Also like an junkbuster for web-banners.
   For libc5 you need to replace socklen_t with int.
*/



#include <stdio.h>
#include <stdlib.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <dlfcn.h>
#include <errno.h>

int (*real_bind)(int, const struct sockaddr *, socklen_t);
int (*real_connect)(int, const struct sockaddr *, socklen_t);

char *bind_addr_env;
unsigned long int bind_addr_saddr;
unsigned long int inaddr_any_saddr;
struct sockaddr_in local_sockaddr_in[] = { 0 };

void _init (void)
{
	const char *err;

	real_bind = dlsym (RTLD_NEXT, "bind");
	if ((err = dlerror ()) != NULL) {
		fprintf (stderr, "dlsym (bind): %sn", err);
	}

	real_connect = dlsym (RTLD_NEXT, "connect");
	if ((err = dlerror ()) != NULL) {
		fprintf (stderr, "dlsym (connect): %sn", err);
	}

	inaddr_any_saddr = htonl (INADDR_ANY);
	if (bind_addr_env = getenv ("BIND_ADDR")) {
		bind_addr_saddr = inet_addr (bind_addr_env);
		local_sockaddr_in->sin_family = AF_INET;
		local_sockaddr_in->sin_addr.s_addr = bind_addr_saddr;
		local_sockaddr_in->sin_port = htons (0);
	}
}

int bind (int fd, const struct sockaddr *sk, socklen_t sl)
{
	static struct sockaddr_in *lsk_in;

	lsk_in = (struct sockaddr_in *)sk;
/*	printf("bind: %d %s:%dn", fd, inet_ntoa (lsk_in->sin_addr.s_addr),
		ntohs (lsk_in->sin_port));*/
        if ((lsk_in->sin_family == AF_INET)
		&& (lsk_in->sin_addr.s_addr == inaddr_any_saddr)
		&& (bind_addr_env)) {
		lsk_in->sin_addr.s_addr = bind_addr_saddr;
	}
	return real_bind (fd, sk, sl);
}

int connect (int fd, const struct sockaddr *sk, socklen_t sl)
{
	static struct sockaddr_in *rsk_in;
	
	rsk_in = (struct sockaddr_in *)sk;
/*	printf("connect: %d %s:%dn", fd, inet_ntoa (rsk_in->sin_addr.s_addr),
		ntohs (rsk_in->sin_port));*/
        if ((rsk_in->sin_family == AF_INET)
		&& (bind_addr_env)) {
		real_bind (fd, (struct sockaddr *)local_sockaddr_in, sizeof (struct sockaddr));
	}
	return real_connect (fd, sk, sl);
}

Read: 3060

在Windows下创建符号链接(软链接)

其实在windows 2000以上的操作系统中已经支持了软链接技术,微软称为:Junction(结合点),只不过系统并没有内置用来创建软链接的工具,需要我们自己下载。

下载地址:http://technet.microsoft.com/en-us/Sysinternals/Bb896768.aspx

创建软链接:

junction  LinkDirectory ExistingDirectory

例如:

junction d:\newdir c:\olddir

删除软链接

junction -d c:\Program-Files

参考资料:
http://tilt.lib.tsinghua.edu.cn/node/480

Read: 745

windows cmd 下看utf8文本

如何在DOS窗口中显示UTF-8字符

作者:终南   <li.zhongnan@hotmail.com>

在中文Windows系统中,如果一个文本文件是UTF-8编码的,那么在CMD.exe命令行窗口(所谓的DOS窗口)中不能正确显示文件中的内容。在默认情况下,命令行窗口中使用的代码页是中文或者美国的,即编码是中文字符集或者西文字符集。

如果想正确显示UTF-8字符,可以按照以下步骤操作:

1、打开CMD.exe命令行窗口

2、通过 chcp命令改变代码页,UTF-8的代码页为65001

chcp 65001

执行该操作后,代码页就被变成UTF-8了。但是,在窗口中仍旧不能正确显示UTF-8字符。

3、修改窗口属性,改变字体

在命令行标题栏上点击右键,选择”属性”->”字体”,将字体修改为True Type字体”Lucida Console”,然后点击确定将属性应用到当前窗口。

这时使用type命令就可以显示UTF-8文本文件的内容了:

type filename.txt

4、通过以上操作并不能完全解决问题,因为显示出来的内容有可能不完全。可以先最小化,然后最大化命令行窗口,文件的内容就完整的显示出来了。

Read: 1036

64位gvim for windows

A distribution point for Windows binaries for Vim, both Win32 and Win64.

http://code.google.com/p/vim-win3264/

—————————–

前天刚装了windows 7 x64

结果装上gvim之后发现右键菜单始终出不来,但是在我PC上(windows 7 x86)上又运行良好,于是猜测可能跟平台兼容性有关,果不其然就找到了这个东西。

Read: 124