httpress : web stress tool

httpress is an web benchmark tool which supports multi threads, SSL.

https://bitbucket.org/yarosla/httpress/overview

# cat /etc/fedora-release ;uname -ri Fedora release 19 (Schrödinger’s Cat) 3.11.1-200.fc19.x86_64 x86_64

download httpress from https://bitbucket.org/yarosla/httpress/overview

error, no ev.h header file.

# unzip yarosla-httpress-d8c968cead5a.zip # yum install libev-source libev-devel # yum install -y gnutls # make gcc -c -o obj/Release/httpress.o httpress.c -pthread -Wno-strict-aliasing -O2 -s -DWITH_SSL httpress.c:56:16: 致命的エラー: ev.h: そのようなファイルやディレクトリはありません #include <ev.h>                ^ コンパイルを停止しました。 make: *** [obj/Release/httpress.o] エラー 1 #

where is ev.h file?

# rpm -ql `rpm -qa | grep libev-source` | grep ev.h /usr/share/libev-source/ev.h

add path

# export C_INCLUDE_PATH=/usr/share/libev-source # make gcc -c -o obj/Release/httpress.o httpress.c -pthread -Wno-strict-aliasing -O2 -s -DWITH_SSL gcc -o bin/Release/httpress obj/Release/httpress.o -lev -lpthread -lgnutls # echo $? 0 # cd bin/Release/ [root@localhost Release]# pwd /home/hattori/yarosla-httpress-d8c968cead5a/bin/Release [root@localhost Release]# ls httpress [root@localhost Release]# ./httpress --help unkown option: -- httpress <options> <url>  -n num   number of requests     (default: 1)  -t num   number of threads      (default: 1)  -c num   concurrent connections (default: 1)  -k       keep alive             (default: no)  -q       no progress indication (default: no)  -z pri   GNUTLS cipher priority (default: NORMAL)  -h       show this help example: httpress -n 10000 -c 100 -t 4 -k http://localhost:8080/index.html

# ./httpress -n 1000 -c 100 -t 2 -k http://127.0.0.1 250 requests launched 500 requests launched 750 requests launched 1000 requests launched thread 2: 50 connect, 50 requests, 50 success, 0 fail, 230450 bytes, 15400 overhead thread 1: 56 connect, 950 requests, 908 success, 42 fail, 4184972 bytes, 278500 overhead TOTALS:  106 connect, 1000 requests, 958 success, 42 fail, 62 (12) real concurrency TRAFFIC: 4609 avg bytes, 306 avg overhead, 4415422 bytes, 293900 overhead TIMING:  0.114 seconds, 8361 rps, 40138 kbps, 12.0 ms avg req time

openvswitch ovsdbmonitor

ovsdbmonitor is a GUI tool for searching Open vSwitch database.

isntall ovsdbmonitor

# cat /etc/fedora-release ;uname -ri Fedora release 19 (Schrödinger’s Cat) 3.11.1-200.fc19.x86_64 x86_64 # yum install ovsdbmonitor

launch ovsdbmonitor

# ovsdbmonitor

File -> Preference

add IP address on which open vswitch has been installed and SSH password of root user.

File -> Netflow window

similar to ovs-dpctl dump-flow command.

[root@localhost ~]# ovs-dpctl dump-flows in_port(1),eth(src=00:24:a5:c0:45:50,dst=78:e7:d1:7f:84:b7),eth_type(0x0800),ipv4(src=173.194.70.120,dst=192.168.11.5,proto=6,tos=0,ttl=41,frag=no),tcp(src=443,dst=57923), packets:4, bytes:384, used:2.424s, flags:P., actions:2 in_port(1),eth(src=00:24:a5:c0:45:50,dst=01:00:5e:7f:ff:fa),eth_type(0x0800),ipv4(src=192.168.11.1,dst=239.255.255.250,proto=17,tos=0,ttl=4,frag=no),udp(src=1900,dst=1900), packets:3, bytes:1074, used:0.519s, actions:2

make sure that open vswitch running and you allow SSH access from root user.

# systemctl status openvswitch.service openvswitch.service - Open vSwitch Unit   Loaded: loaded (/usr/lib/systemd/system/openvswitch.service; enabled)   Active: active (exited) since 木 2013-10-03 23:15:53 JST; 54min ago Main PID: 1393 (code=exited, status=0/SUCCESS)   CGroup: name=systemd:/system/openvswitch.service 10月 03 23:15:53 localhost.localdomain systemd[1]: Starting Open vSwitch Uni... 10月 03 23:15:53 localhost.localdomain systemd[1]: Started Open vSwitch Unit. # egrep -i ^permit /etc/ssh/sshd_config PermitRootLogin yes

upgrade to Fedora 19 beta from Fedora 18

just referred to https://fedoraproject.org/wiki/Upgrading_Fedora_using_yum#Fedora_18_-.3E_Fedora_19_.28pre_release_branched.29

I would recommend that you try this in virtual environment , such as in VMware , Virtualbox and KVM etc. Because F19 is beta release as of now.

F18 is running within KVM.

on the F18 VM

[root@localhost ~]# cat /etc/fedora-release Fedora release 18 (Spherical Cow) [root@localhost ~]# rpm --import https://fedoraproject.org/static/FB4B18E6.txt [root@localhost ~]# yum update yum [root@localhost ~]# yum --releasever=19 distro-sync

reboot the VM.

after booting the OS.

I was able to upgrade to Fedora 19 beta :D

[root@localhost ~]# cat /etc/fedora-release Fedora release 19 (Schrödinger’s Cat) [root@localhost ~]# uname -ri 3.9.4-300.fc19.x86_64 x86_64

NSD3.2.15: query rate limiting

about NSD query rate limiting

http://www.nlnetlabs.nl/blog/2012/10/11/nsd-ratelimit/

[root@localhost ~]# cat /etc/fedora-release Fedora release 18 (Spherical Cow) [root@localhost ~]# uname -ri 3.8.8-202.fc18.x86_64 x86_64

install NSD over yum

[root@localhost ~]# yum install -y nsd

[root@localhost ~]# nsd -v NSD version 3.2.15 Written by NLnet Labs. Copyright (C) 2001-2011 NLnet Labs.  This is free software. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

configuration file

[root@localhost ~]# cd /etc/nsd/ [root@localhost nsd]# ls nsd.conf

seen from man “nsd.conf” , fedora’s nsd package has been compiled with --enable-ratelimit.

man nsd.conf

server option       rrl-size: <numbuckets>              This  option  gives  the size of the hashtable. Default 1000000.              More buckets use more memory, and reduce the chance of hash col‐              lisions.       rrl-ratelimit: <qps>              The max qps allowed (from one query source). Default 200 qps. If              set to 0 then it is disabled  (unlimited  rate),  also  set  the              whilelist-ratelimit  to  0  to disable ratelimit processing.  If              you set verbosity to 2 the blocked  and  unblocked  subnets  are              logged.   Blocked queries are blocked and some receive TCP fall‐              back replies.       rrl-whitelist-ratelimit: <qps>              The max qps for query  sorts  for  a  source,  which  have  been              whitelisted. Default 2000 qps. With the rrl-whitelist option you              can set specific queries to receive this qps  limit  instead  of              the normal limit.  With the value 0 the rate is unlimited. zone option       rrl-whitelist: <rrltype>              This  option  causes  queries of this rrltype to be whitelisted,              for this zone. They receive  the  whitelist-ratelimit.  You  can              give   multiple   lines,  each  enables  a  new  rrltype  to  be              whitelisted for the zone. Default has none whitelisted. The rrl‐              type  is  the  query  classification that the NSD RRL employs to              make different types not interfere with one another.  The  types              are  logged  in  the  loglines when a subnet is blocked (in ver‐              bosity 2).  The RRL classification types are:  nxdomain,  error,              referral, any, rrsig, wildcard, nodata, dnskey, positive, all.

nsd.conf

NSD is serving one zone “foo.com”

# egrep -v "#" nsd.conf | grep -v ^$ server: ip4-only: yes server-count: 1 pidfile: "/var/run/nsd/nsd.pid" database: /var/lib/nsd/nsd.db zone: name: "foo.com" zonefile: "/etc/nsd/zone_files/foo.com.db"

# dig @127.1 www.foo.com ; <<>> DiG 9.9.2-rl.028.23-P2-RedHat-9.9.2-10.P2.fc18 <<>> @127.1 www.foo.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37147 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;www.foo.com. IN A ;; ANSWER SECTION: www.foo.com. 60 IN A 127.0.0.1 ;; AUTHORITY SECTION: foo.com. 60 IN NS ns1.foo.com.foo.com. foo.com. 60 IN NS ns2.foo.com.foo.com.

configure rate limit.

# egrep -v "#" nsd.conf | grep -v ^$ server: hide-version: yes verbosity: 2 ip4-only: yes server-count: 1 pidfile: "/var/run/nsd/nsd.pid" rrl-ratelimit: 10 rrl-whitelist-ratelimit: 100 database: /var/lib/nsd/nsd.db zone: name: "foo.com" zonefile: "/etc/nsd/zone_files/foo.com.db" rrl-whitelist: nxdomain rrl-whitelist: nodata

when sending “www.foo.com a” query at 300 qps.

NSD blocked

Apr 26 02:38:54 localhost nsd[1797]: ratelimit block www.foo.com. type positive target 192.168.11.0/24 Apr 26 02:39:23 localhost nsd[1797]: ratelimit unblock www.foo.com. type positive target 192.168.11.0/24

as for whitelist query type ( “nxdomain” and ”nodate” ) , NSD will block query if qps is over 100.

[ when qps is under 100. NSD does not block ]

send 50 NXDOMAIN QPS

all queries succeed.

# dnsperf -s 192.168.11.42 -d query_list.txt -Q 50 -l 100 Statistics:  Queries sent:         500  Queries completed:    500 (100.00%)  Queries lost:         0 (0.00%)  Response codes:       NXDOMAIN 500 (100.00%)  Average packet size:  request 28, response 79  Run time (s):         10.000201  Queries per second:   49.998995  Average Latency (s):  0.000400 (min 0.000245, max 0.001611)  Latency StdDev (s):   0.000061

no logs

[ when qps is over 100. NSD blocked ]

send 200 NXDOMAIN QPS. NSD blocked.

# dnsperf -s 192.168.11.42 -d query_list.txt -Q 200 -l 10 Statistics:  Queries sent:         810  Queries completed:    610 (75.31%)  Queries lost:         200 (24.69%)  Response codes:       NXDOMAIN 610 (100.00%)  Average packet size:  request 28, response 63  Run time (s):         10.000159  Queries per second:   60.999030  Average Latency (s):  0.000431 (min 0.000094, max 0.002196)  Latency StdDev (s):   0.000257

NSD blocked.

Apr 26 02:41:47 localhost nsd[1797]: ratelimit block foo.com. type nxdomain(whitelisted) target 192.168.11.0/24

install backtrack linux 5 r3 within KVM

KVM host

[root@f18 ~]# libvirtd --version libvirtd (libvirt) 1.0.3 [root@f18 ~]# qemu-kvm --version QEMU emulator version 1.4.0, Copyright (c) 2003-2008 Fabrice Bellard [root@f18 ~]# cat /etc/fedora-release Fedora release 18 (Spherical Cow)

after I completed installing bt5 within KVM , I faced the following error.

error : no suitable mode found

error : unknown command ‘terminal’

vga=791 is deprecated.

To solve this , it seems that we may solve this by switching video model to cirrus.

So I tried to switch video model to cirrus via virt-manager , I faced another error.

XML error: ram attribute only supported for type of qxl

It was caused by the following bug.

Bug 920549 - error shows when changing video from qxl to other models

https://bugzilla.redhat.com/show_bug.cgi?id=920549

To solve this issue , edit the the xml file via “virsh edit” command.

virsh edit <VM name>

edit the following line:

form

<model type='qxl' ram='65536' vram='65536' heads='1'/>

to

<model type='cirrus' vram='65536' heads='1'/>

after switching video mode to cirrus , I am able to boot the BT5R3 within KVM successfully.