Network
Default Network
# brctl show
STP
bridge name bridge id enabled interfaces
docker0 8000.0242730dda4d no
pnet0 8000.566f4bf80108 no eth0
pnet1 8000.000000000000 no
pnet2 8000.000000000000 no
pnet3 8000.000000000000 no
pnet4 8000.000000000000 no
pnet5 8000.000000000000 no
pnet6 8000.000000000000 no
pnet7 8000.000000000000 no
pnet8 8000.000000000000 no
pnet9 8000.000000000000 no
pnet_nat 8000.000000000000 no
Network example Labs on running
# brctl show
STP
bridge name bridge id enabled interfaces
docker0 8000.0242730dda4d no
pnet0 8000.566f4bf80108 no eth0
pnet1 8000.000000000000 no
...
pnet_nat 8000.000000000000 no
vnet1_1 8000.5e89b0f3aaca no vunl11_35
vunl12_35
vnet1_10 8000.be1960846bc5 no vunl11_50
vunl13_50
vnet1_11 8000.9e3475a9c50e no vunl12_34
vunl14_34
vnet1_12 8000.226a4f0e634b no vunl12_50
vunl14_50
vnet1_13 8000.125d89294c8e no vunl10_16
vunl11_0
vunl1_16
vunl2_16
vunl3_16
vunl4_16
vunl5_16
vunl6_16
...
Link Quality - tc
# brctl show
bridge name bridge id STP enabled interfaces
vnet1_1 8000.264711a044df no vunl1_0
vunl2_0
# tc qdisc show
qdisc netem 8003: dev vunl1_0 root refcnt 2 limit 1000 delay 5.0ms 1.0ms loss 0.5% rate 10240Kbit
qdisc netem 8004: dev vunl2_0 root refcnt 2 limit 1000 delay 6.0ms 2.0ms loss 0.6% rate 20480Kbit
Process
Default Processes
# ps auxf | grep -v '\[' | awk '{ print substr($0, 1, 9) substr($0, 65) }'
USER COMMAND
root /sbin/init
root /lib/systemd/systemd-journald
root /sbin/lvmetad -f
root /lib/systemd/systemd-udevd
systemd+ /lib/systemd/systemd-timesyncd
systemd+ /lib/systemd/systemd-networkd
systemd+ /lib/systemd/systemd-resolved
root /usr/sbin/irqbalance --foreground
root /usr/lib/accountsservice/accounts-daemon
message+ /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
root /lib/systemd/systemd-logind
root php /opt/unetlab/scripts/cpulimit_daemon.php > /opt/unetlab/data/Logs/cpulimit.log 2>&1
root /usr/bin/python3 /usr/bin/networkd-dispatcher --run-startup-triggers
daemon /usr/sbin/atd -f
root /usr/bin/lxcfs /var/lib/lxcfs/
root /usr/lib/policykit-1/polkitd --no-debug
root ovsdb-server /etc/openvswitch/conf.db
-vconsole:emer
-vsyslog:err
-vfile:info
--remote=punix:/var/run/openvswitch/db.sock
--private-key=db:Open_vSwitch,SSL,private_key
--certificate=db:Open_vSwitch,SSL,certificate
--bootstrap-ca-cert=db:Open_vSwitch,SSL,ca_cert
--no-chdir
--log-file=/var/log/openvswitch/ovsdb-server.log
--pidfile=/var/run/openvswitch/ovsdb-server.pid
--detach
root ovs-vswitchd unix:/var/run/openvswitch/db.sock
-vconsole:emer
-vsyslog:err
-vfile:info
--mlockall
--no-chdir
--log-file=/var/log/openvswitch/ovs-vswitchd.log
--pidfile=/var/run/openvswitch/ovs-vswitchd.pid
--detach
root /usr/bin/python3 /usr/share/unattended-upgrades/unattended-upgrade-shutdown --wait-for-signal
root /bin/bash /opt/unetlab/html/store/app/Console/Commands/harddisk_alert
root \_ sleep 90
root /usr/local/sbin/guacd -p /var/run/guacd.pid
root /usr/bin/containerd
root /usr/sbin/qemu-ga --daemonize -m virtio-serial -p /dev/virtio-ports/org.qemu.guest_agent.0
root /usr/bin/ovs-testcontroller
--detach
--pidfile=/var/run/openvswitch/ovs-testcontroller.pid pssl:
--private-key=/etc/openvswitch-testcontroller/privkey.pem
--certificate=/etc/openvswitch-testcontroller/cert.pem
--ca-cert=/etc/openvswitch-testcontroller/cacert.pem
root /sbin/agetty -o -p -- \u --noclear tty1 linux
tomcat8 /usr/lib/jvm/default-java/bin/java
-Djava.util.logging.config.file=/var/lib/tomcat8/conf/logging.properties
-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
-Djava.awt.headless=true
-XX:+UseConcMarkSweepGC
-Djdk.tls.ephemeralDHKeySize=2048
-Djava.protocol.handler.pkgs=org.apache.catalina.webresources
-Dorg.apache.catalina.security.SecurityListener.UMASK=0027
-Dignore.endorsed.dirs=
-classpath /usr/share/tomcat8/bin/bootstrap.jar:/usr/share/tomcat8/bin/tomcat-juli.jar
-Dcatalina.base=/var/lib/tomcat8
-Dcatalina.home=/usr/share/tomcat8
-Djava.io.tmpdir=/tmp/tomcat8-tomcat8-tmp org.apache.catalina.startup.Bootstrap start
uml-net /usr/bin/uml_switch -unix /var/run/uml-utilities/uml_switch.ctl
root /usr/sbin/apache2 -k start
www-data \_ /usr/sbin/apache2 -k start
www-data \_ /usr/sbin/apache2 -k start
root /bin/bash /opt/unetlab/html/store/app/Console/Commands/harddisk_limit
root \_ sleep 60
root /bin/bash /opt/unetlab/html/store/app/Console/Commands/process_limit
root \_ sleep 30
root /lib/systemd/systemd --user
root \_ (sd-pam)
syslog /usr/sbin/rsyslogd -n
root /usr/sbin/cron -f
root \_ /usr/sbin/CRON -f
root \_ /bin/sh -c /usr/bin/php /opt/unetlab/html/store/artisan keepalive 2>&1
root \_ /usr/bin/php /opt/unetlab/html/store/artisan keepalive
mysql /usr/sbin/mysqld --daemonize --pid-file=/run/mysqld/mysqld.pid
Virtual Devices
Dynamips
# ps auxf | grep -v '\[' | awk '{ print substr($0, 1, 9) substr($0, 65) }'
USER COMMAND
unl1 /opt/unetlab/wrappers/iol_wrapper -D 1 -S 1 -P 30001 -t R1
-F /opt/unetlab/tmp/1/1/i86bi_linux-adventerprisek9-ms.154-1.T_AntiGNS3.bin
-d 0 -e 1 -s 0 -- -n 1024 -q -m 512 -c startup-config
unl1 \_ /opt/unetlab/wrappers/iol_wrapper ...
unl1 \_ sh -c LD_LIBRARY_PATH=/opt/unetlab/addons/iol/lib
/opt/...GNS3.bin
-e 1 -s 0 -n 1024 -q -m 512 -c startup-config 1
unl1 \_ /opt/...GNS3.bin ...
30001 은 Telnet 포트임. 웹 UI 에서 노드를 클릭하면, EVE-NG Client Pack이 로컬에서 다음 명령을 실행해 접속함
telnet pnet.kreonet.net 30001
VPC
Virtual PC Simulator
# ps auxf | grep -v '\[' | awk '{ print substr($0, 1, 9) substr($0, 65) }'
USER COMMAND
root /opt/vpcsu/bin/vpcs -m 15 -N VPC -i 1 -p 30015 -e -d vunl15_0
root \_ /opt/vpcsu/bin/vpcs -m 15 -N VPC -i 1 -p 30015 -e -d vunl15_0
30015 는 Telnet 포트임
# /opt/vpcsu/bin/vpcs -v Welcome to Virtual PC Simulator, version 1.0 (0.8c) Dedicated to Daling. Build time: Dec 31 2016 01:22:17 Copyright (c) 2007-2015, Paul Meng (mirnshi@gmail.com) All rights reserved.
Docker
# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
e671d651bc36 pnetlab/linux-desktop:latest "/start.sh bash" 23 minutes ago Up 23 minutes 80/tcp, 3389/tcp docker16
root@pnetlab:~# ps auxf | grep -v '\[' | awk '{ print substr($0, 1, 9) substr($0, 65) }'
USER COMMAND
root /usr/bin/containerd-shim-runc-v2 -namespace moby -id e671d651bc36 -address /run/containerd/containerd.sock
root \_ bash
root | \_ xrdp
root | \_ xrdp-sesman
root \_ /bin/bash
root sudo /opt/unetlab/wrappers/docker_wrapper -P 30016 -t Docker -p 16 -c /bin/bash
root \_ ...
root \_ ...
root \_ sh -c ssh root@localhost -i /root/.ssh/id_rsa_dy -o StrictHostKeyChecking=no
-tt 'export TERM=ansi&&docker -H=tcp://127.0.0.1:4243 exec -ti docker16 /bin/bash'
root \_ ...
docker_wrapper 는 웹 UI 에서 노드를 클릭하면 생성됨. docker의 interactive bash shell 을 telnet 30016 로 포워딩 함
QEMU
# ps auxf | grep -v '\[' | awk '{ print substr($0, 1, 15) substr($0, 65) }'
USER PID COMMAND
root 12974 /opt/qemu-2.12.0/bin/qemu-system-x86_64
-device virtio-net-pci,netdev=net0,mac=50:4c:ef:00:11:00
-netdev tap,id=net0,ifname=vunl17_0,script=no
-vnc :24117
-chardev socket,id=monitor,path=/opt/unetlab/tmp/1/17/monitor.sock,server,nowait
-monitor chardev:monitor
-smp 2
-m 4096
-name Linux
-uuid 5b2e66a0-df69-43d0-b36f-c6a1362d289d
-drive file=virtioa.qcow2,if=virtio,bus=0,unit=0,cache=none
-machine type=pc,accel=kvm
-vga virtio
-usbdevice tablet
-boot order=cd
# netstat -anp | grep 12974
tcp 0 0 0.0.0.0:30017 0.0.0.0:* LISTEN 12974/qemu-system-x
# ls -al /proc/12974/cwd
/proc/12974/cwd -> /opt/unetlab/tmp/1/17
# ls -al /opt/unetlab/tmp/1/17
30017는 VNC 포트임. QEMU 에뮬레이터에서 vnc 옵션이 :24117 인데, 이는 30017포트(5900+24117)로 해당 VM의 디스플레이를 VNC로 제공하겠다는 뜻임.
# man qemu-system-x86_64
-vnc display
host:d
TCP connections will only be allowed from host on display d.
By convention the TCP port is 5900+ d. Optionally, host can be omitted
in which case the server will accept connections from any host.
Files
Dynamips 는 이미지의 링크를 tmp 폴더에 생성하여 부팅
QEMU 는 디스크의 복사본을 tmp 폴더에 생성하여 부팅
VPC, docker 는 tmp 폴더에 wrapper.txt 만 생성하고 부팅
# tree /opt/unetlab/tmp
/opt/unetlab/tmp
└── 1
├── 1
│ ├── iourc -> /opt/unetlab/addons/iol/bin/iourc
│ ├── keepalive.pl -> /opt/unetlab/addons/iol/bin/keepalive.pl
│ ├── L2-ADVENTERPRISEK9-M-15.2-IRON-20151103.bin -> /opt/unetlab/addons/iol/bin/L2-ADVENTERPRISEK9-M-15.2-IRON-20151103.bin
│ ├── NETMAP
│ ├── nvram_00001
│ └── wrapper.txt
├── 21
│ └── wrapper.txt
├── 31
│ └── wrapper.txt
└── 41
├── monitor.sock
├── virtioa.qcow2
└── wrapper.txt
Code for launch emulators
# ls -1 /opt/unetlab/wrappers/ docker_wrapper dynamips_wrapper iol_wrapper iol_wrapper_telnet nsenter qemu_wrapper qemu_wrapper_telnet simple_forwarder unl_profile unl_wrapper # cd /opt/unetlab/html/devices/ # grep -Hrn _wrapper * docker/device_docker.php:339: $cmd = 'sudo /opt/unetlab/wrappers/docker_wrapper -P ' ... iol/device_iol.php:106: $cmd = '/opt/unetlab/wrappers/iol_wrapper '; qemu/device_qemu.php:597: $cmd = '/opt/unetlab/wrappers/qemu_wrapper_telnet -P ' ... qemu/device_qemu_wp.php:338: $cmd = '/opt/unetlab/wrappers/qemu_wrapper -T ' ...
Code Protection
Encrypted by ionCube
/opt/unetlab/html/api.php
<?php if(!extension_loaded('ionCube Loader'))... ?>
HR+cPwf3lkYwI0JFGrKgosEcR4IkYG9YmAJdBR+uMqvuG8fMuSMGbT47RAyjVFsriJV3hnBfI4Gs
# grep -Hrn extension_loaded..ionCube /opt/unetlab/html | wc -l 195
Unencrypted codes - https://github.com/pnetlab/pnetlab_main
DB
MySQL connection info
- id: pnetlab
- pw: pnetlab
- db: pnetlab_db
https://github.com/pnetlab/pnetlab_main/blob/main/includes/functions.php
Important Tables
# mysql -u pnetlab -p pnetlab_db Enter password: pnetlab Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 7019 Server version: 5.7.42-0ubuntu0.18.04.1 (Ubuntu) mysql> select * from control; +-------------------+---------------+ | control_name | control_value | +-------------------+---------------+ | ctrl_alive_key | QjZxcn... | | ctrl_default_mode | online | | ctrl_offline_mode | 1 | | ctrl_online_mode | 1 | | ctrl_version | 4.2.10 | +-------------------+---------------+ mysql> SELECT * FROM users; +-----+-------------------------+---------+-------------+------------+----------+---------+----------+------+-------------------------------+-------------+-------+---------+-------------+------+---------+-------------+ | pod | username | cookie | email | expiration | password | session | ip | role | folder | lab_session | html5 | license | online_time | note | offline | user_status | +-----+-------------------------+---------+-------------+------------+----------+---------+----------+------+-------------------------------+-------------+-------+---------+-------------+------+---------+-------------+ | 1 | John Doe_online_account | 89..... | john@ex.com | -1 | ........ | ....... | 10.0.0.5 | 0 | /Your labs from PNETLab Store | NULL | 1 | Um..... | 1723433643 | NULL | 0 | 1 | | 2 | admin | NULL | NULL | -1 | ........ | N | NULL | 0 | NULL | NULL | NULL | NULL | 1723433636 | NULL | 1 | 1 | +-----+-------------------------+---------+-------------+------------+----------+---------+----------+------+-------------------------------+-------------+-------+---------+-------------+------+---------+-------------+
Kernel Patch
장비를 연결하는 것을 리눅스 브릿지를 통해 구현함
리눅스 브릿지의 기본 동작을 에뮬레이션 상황에 맞게 변경
https://github.com/dainok/unetlab/blob/master/patch/linux-lts-utopic-3.16.0.patch
https://github.com/dainok/unetlab-kernel/blob/master/patches/transparent-bridge.patch