NAT-T invalid port number client VPN connection

During recent investigation of the router’s log file, I’ve spotted unusual behavior when one of the clients was trying connect using port 1030 and 1032 instead of 4500 for NAT Traversal.

VPN is set up with IKEv2 keys exchange on port 500 and IPSec NAT-T encapsulation on port 4500.
While this kind of issue never happened before, it seem that this change happened on a client endpoint or somewhere in-transit to client router.
This peer was authorized by VPN router and then killed 30 secs later (probably because it wasn’t able to transmit data over interface – Tx bytes were = 0 while there were some Rx packets).

At this point I’ve recommended to scan every machine in their network to see if they may have some kind of trojan/worm on their computers.
My question is how to prevent this kind of attack.

asp.net core – How to do functional test with blazor server page that contains a client connection to signalR hub

Lost as to how to perform functional test for a blazor server page that contains a signalR client hub connection.

So far I have tried spinning up a WebApplicationFactory(WAF) from the SUT Startup class. I then copy the required services from the WAF over into the services of the BUnit test context.

The issue comes when the Blazor server page tries to connect to the signalR hub provided by the WAF. A System.Net.Http.HttpRequestException: Connection refused exception occurs (see listings below). I think this is because the WAF is not using sockets, i.e. it offers an in-memory server??

How are others performing tests for a similar scenario with signalR and Blazor?

Test so far

  (Fact)
        public async Task Test_RendersImage()
        {
            // initialise BUnit with services from WebApplicationFactory
            InitialiseBUnitServices();

            // publish an mqtt message to trigger sending event from signalR to Blazor server page
            // this is triggering back-end services as expected
            await _Server.MqttClient.PublishAsync(CreateMessageFromStream(_Stream));
            await Task.Delay(3000);

            // request bUnit to render the client page and listen for data from signal R here
           // fails to connect to signalR hub here
            var cut = RenderComponent<WebApp.Pages.Index>();

            // output markup to check that client page rendered the incoming data
            _Output.WriteLine($"{cut.Markup}");

            // await CompletedTask to allow compilation of this async test stub 
            await Task.CompletedTask;
        }


        /// <summary>Create an mqtt message from stream</summary>
        private ManagedMqttApplicationMessage CreateMessageFromStream(MemoryStream stream)
        {
            const string Topic = "shinobi/group/monitor/trigger";

            var message = new MqttApplicationMessageBuilder()
                .WithTopic(Topic)
                .WithPayload(stream.ToArray())
                .Build();

            return new ManagedMqttApplicationMessageBuilder()
                .WithApplicationMessage(message)
                .Build();
        }

        private void InitialiseBUnitServices()
        {
            // get services from WebApplicationFactory and inject into bUnit
            var hubProxyFactory = _Server.Factory.Services.GetRequiredService<IHubProxyFactory>();
            var loggerDetectionConverter = _Server.Factory.Services.GetRequiredService<ILogger<MotionDetectionConverter>>();
            var loggerIndexPage = _Server.Factory.Services.GetRequiredService<ILogger<WebApp.Pages.Index>>();
            var loggerInfoConverter = _Server.Factory.Services.GetRequiredService<ILogger<MotionInfoConverter>>();
            var loggerJsonVisitor = _Server.Factory.Services.GetRequiredService<ILogger<JsonVisitor>>();
            var loggerRepository = _Server.Factory.Services.GetRequiredService<ILogger<MotionDetectionRepository>>();
            var navManager = _Server.Factory.Services.GetRequiredService<NavigationManager>();
            var repository = _Server.Factory.Services.GetRequiredService<IMotionDetectionRepository>();

            Services.AddSingleton(typeof(IHubProxyFactory), hubProxyFactory);
            Services.AddScoped<ILogger<MotionDetectionConverter>>(sp => loggerDetectionConverter);
            Services.AddScoped<ILogger<WebApp.Pages.Index>>(sp => loggerIndexPage);
            Services.AddScoped<ILogger<MotionInfoConverter>>(sp => loggerInfoConverter);
            Services.AddScoped<ILogger<JsonVisitor>>(sp => loggerJsonVisitor);
            Services.AddScoped<ILogger<IMotionDetectionRepository>>(sp => loggerRepository);
            Services.AddScoped<MockNavigationManager>(sp => new MockNavigationManager());
            Services.AddScoped<IMotionDetectionRepository>(sp => repository);
        }

Blazor Server Page

  protected override async Task OnAfterRenderAsync(bool firstRender)
        {
            if (firstRender)
            {
                /// <summary>
                /// Looks like abstract base class NavigationManager also needs a mock or sub class for unit testing.
                /// Cannot resolve RemoteNavigationManager from container, it is an internal class. So for mocking purposes have injected a subclass for bUnit tests.
                /// </summary>
                var hubUrl = NavigationManager.BaseUri.TrimEnd('/') + "/motionhub";
                hubUrl = "http://localhost:5000/motionhub"; // hard code url for now 
                try
                {
                    /// <summary> Using wrapper to allow unit testing!</summary>
                    Logger.LogInformation("Index.razor page is performing initial render, connecting to secondary signalR hub");
                    Logger.LogInformation($"hubUrl is {hubUrl}");
                    hubConnection = HubConnectionBuilder.Create(
                        hubUrl,
                        JsonConvertersFactory.CreateDefaultJsonConverters
                        (
                            LoggerMotionDetection,
                            LoggerMotionInfo,
                            LoggerJsonVisitor
                        )
                    );

                    hubConnection.On<MotionDetection>("ReceiveMotionDetection", ReceiveMessage);
                    hubConnection.Closed += CloseHandler;

                    Logger.LogInformation("Starting HubConnection");
                    await hubConnection.StartAsync();
                    Logger.LogInformation("Index Razor Page initialised, listening on signalR hub => " + hubUrl.ToString());
                }
                catch (Exception e)
                {
                    Logger.LogError(e, "Encountered exception => " + e);
                }
            }
        }
  Encountered exception => System.Net.Http.HttpRequestException: Connection refused
       ---> System.Net.Sockets.SocketException (61): Connection refused
         at System.Net.Http.ConnectHelper.ConnectAsync(String host, Int32 port, CancellationToken cancellationToken)
         --- End of inner exception stack trace ---
         at System.Net.Http.ConnectHelper.ConnectAsync(String host, Int32 port, CancellationToken cancellationToken)
         at System.Net.Http.HttpConnectionPool.ConnectAsync(HttpRequestMessage request, Boolean allowHttp2, CancellationToken cancellationToken)
         at System.Net.Http.HttpConnectionPool.CreateHttp11ConnectionAsync(HttpRequestMessage request, CancellationToken cancellationToken)
         at System.Net.Http.HttpConnectionPool.GetHttpConnectionAsync(HttpRequestMessage request, CancellationToken cancellationToken)
         at System.Net.Http.HttpConnectionPool.SendWithRetryAsync(HttpRequestMessage request, Boolean doRequestAuth, CancellationToken cancellationToken)
         at System.Net.Http.RedirectHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
         at Microsoft.AspNetCore.Http.Connections.Client.Internal.AccessTokenHttpMessageHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
         at Microsoft.AspNetCore.Http.Connections.Client.Internal.LoggingHttpMessageHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
         at System.Net.Http.HttpClient.FinishSendAsyncUnbuffered(Task`1 sendTask, HttpRequestMessage request, CancellationTokenSource cts, Boolean disposeCts)
         at Microsoft.AspNetCore.Http.Connections.Client.HttpConnection.NegotiateAsync(Uri url, HttpClient httpClient, ILogger logger, CancellationToken cancellationToken)
         at Microsoft.AspNetCore.Http.Connections.Client.HttpConnection.GetNegotiationResponseAsync(Uri uri, CancellationToken cancellationToken)
         at Microsoft.AspNetCore.Http.Connections.Client.HttpConnection.SelectAndStartTransport(TransferFormat transferFormat, CancellationToken cancellationToken)
         at Microsoft.AspNetCore.Http.Connections.Client.HttpConnection.StartAsyncCore(TransferFormat transferFormat, CancellationToken cancellationToken)
         at System.Threading.Tasks.ForceAsyncAwaiter.GetResult()
         at Microsoft.AspNetCore.Http.Connections.Client.HttpConnection.StartAsync(TransferFormat transferFormat, CancellationToken cancellationToken)
         at Microsoft.AspNetCore.Http.Connections.Client.HttpConnectionFactory.ConnectAsync(EndPoint endPoint, CancellationToken cancellationToken)
         at Microsoft.AspNetCore.Http.Connections.Client.HttpConnectionFactory.ConnectAsync(EndPoint endPoint, CancellationToken cancellationToken)
         at Microsoft.AspNetCore.SignalR.Client.HubConnection.StartAsyncCore(CancellationToken cancellationToken)
         at Microsoft.AspNetCore.SignalR.Client.HubConnection.StartAsyncInner(CancellationToken cancellationToken)
         at System.Threading.Tasks.ForceAsyncAwaiter.GetResult()
         at Microsoft.AspNetCore.SignalR.Client.HubConnection.StartAsync(CancellationToken cancellationToken)
         at WebApp.Pages.Index.OnAfterRenderAsync(Boolean firstRender) in /Users/simon/Development/Dotnet/CamFrontEnd/Src/WebApp/Pages/Index.razor.cs:line 167
      System.Net.Http.HttpRequestException: Connection refused
       ---> System.Net.Sockets.SocketException (61): Connection refused
         at System.Net.Http.ConnectHelper.ConnectAsync(String host, Int32 port, CancellationToken cancellationToken)
         --- End of inner exception stack trace ---
         at System.Net.Http.ConnectHelper.ConnectAsync(String host, Int32 port, CancellationToken cancellationToken)
         at System.Net.Http.HttpConnectionPool.ConnectAsync(HttpRequestMessage request, Boolean allowHttp2, CancellationToken cancellationToken)
         at System.Net.Http.HttpConnectionPool.CreateHttp11ConnectionAsync(HttpRequestMessage request, CancellationToken cancellationToken)
         at System.Net.Http.HttpConnectionPool.GetHttpConnectionAsync(HttpRequestMessage request, CancellationToken cancellationToken)
         at System.Net.Http.HttpConnectionPool.SendWithRetryAsync(HttpRequestMessage request, Boolean doRequestAuth, CancellationToken cancellationToken)
         at System.Net.Http.RedirectHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
         at Microsoft.AspNetCore.Http.Connections.Client.Internal.AccessTokenHttpMessageHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
         at Microsoft.AspNetCore.Http.Connections.Client.Internal.LoggingHttpMessageHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
         at System.Net.Http.HttpClient.FinishSendAsyncUnbuffered(Task`1 sendTask, HttpRequestMessage request, CancellationTokenSource cts, Boolean disposeCts)
         at Microsoft.AspNetCore.Http.Connections.Client.HttpConnection.NegotiateAsync(Uri url, HttpClient httpClient, ILogger logger, CancellationToken cancellationToken)
         at Microsoft.AspNetCore.Http.Connections.Client.HttpConnection.GetNegotiationResponseAsync(Uri uri, CancellationToken cancellationToken)
         at Microsoft.AspNetCore.Http.Connections.Client.HttpConnection.SelectAndStartTransport(TransferFormat transferFormat, CancellationToken cancellationToken)
         at Microsoft.AspNetCore.Http.Connections.Client.HttpConnection.StartAsyncCore(TransferFormat transferFormat, CancellationToken cancellationToken)
         at System.Threading.Tasks.ForceAsyncAwaiter.GetResult()
         at Microsoft.AspNetCore.Http.Connections.Client.HttpConnection.StartAsync(TransferFormat transferFormat, CancellationToken cancellationToken)
         at Microsoft.AspNetCore.Http.Connections.Client.HttpConnectionFactory.ConnectAsync(EndPoint endPoint, CancellationToken cancellationToken)
         at Microsoft.AspNetCore.Http.Connections.Client.HttpConnectionFactory.ConnectAsync(EndPoint endPoint, CancellationToken cancellationToken)
         at Microsoft.AspNetCore.SignalR.Client.HubConnection.StartAsyncCore(CancellationToken cancellationToken)
         at Microsoft.AspNetCore.SignalR.Client.HubConnection.StartAsyncInner(CancellationToken cancellationToken)
         at System.Threading.Tasks.ForceAsyncAwaiter.GetResult()
         at Microsoft.AspNetCore.SignalR.Client.HubConnection.StartAsync(CancellationToken cancellationToken)

authorization – Is oauth client credentials flow safer than basic authentication with username and password?

Assuming that both travel over the latest version of TLS, why should I use client credentials?

The obvious answer is:

  1. The access token will expire at some point
  2. The client id and secret will travel only once over the wire
  3. We can also use a refresh token, further strengthening the security

I argue that we could also make the username/password travel only once and share a session token that will too expire quite easily.

So in this scenario, is the refresh token the only reason to use it?

Cannot use tftp on a libvirt virtual client

I am running a Centos 8.2 (libvirt) virtual host with a Centos 7.7 client server.

<network>
  <name>default</name>
  <uuid>312ccbda-b0fa-46c0-b7bd-b403f9ef41cb</uuid>
  <forward mode='nat'>
<nat>
  <port start='1024' end='65535'/>
</nat>
  </forward>
  <bridge name='virbr0' stp='on' delay='0'/>
  <mac address='52:54:00:56:2b:57'/>
  <domain name='test.local'/>
  <ip address='192.168.122.1' netmask='255.255.255.0'>
  </ip>
</network>

When I try to tftp from the host 192.168.0.150 to my Satellite VM 192.168.0.99 it times-out:

tcpdump -i eth0 -vv port 69
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
13:02:48.170821 IP (tos 0x0, ttl 64, id 63332, offset 0, flags (DF), proto UDP (17), length 52)
xeon.persephone.local.56987 > foreman.test.local.tftp: (bad udp cksum 0x827b -> 0xc12c!) 24 RRQ “pxelinux.cfg” netascii
13:02:53.170908 IP (tos 0x0, ttl 64, id 65535, offset 0, flags (DF), proto UDP (17), length 52)
xeon.persephone.local.56987 > foreman.test.local.tftp: (bad udp cksum 0x827b -> 0xc12c!) 24 RRQ “pxelinux.cfg” netascii
13:02:58.171038 IP (tos 0x0, ttl 64, id 449, offset 0, flags (DF), proto UDP (17), length 52)
xeon.persephone.local.56987 > foreman.test.local.tftp: (bad udp cksum 0x827b -> 0xc12c!) 24 RRQ “pxelinux.cfg” netascii
13:03:03.171121 IP (tos 0x0, ttl 64, id 2081, offset 0, flags (DF), proto UDP (17), length 52)
xeon.persephone.local.56987 > foreman.test.local.tftp: (bad udp cksum 0x827b -> 0xc12c!) 24 RRQ “pxelinux.cfg” netascii
13:03:08.171191 IP (tos 0x0, ttl 64, id 4733, offset 0, flags (DF), proto UDP (17), length 52)
xeon.persephone.local.56987 > foreman.test.local.tftp: (bad udp cksum 0x827b -> 0xc12c!) 24 RRQ “pxelinux.cfg” netascii
^C
5 packets captured
5 packets received by filter
0 packets dropped by kernel

I need to run ftfpd on the Satellite server so I can provision new hosts

multithreading – Design suggestion for multi client to single server performance testing

I would like to test a c++ server which basically receives some simple JSON config files from client application via TCP socket and do some work according to the received config and return some JSON response (success or fail).

Now I want to test the performance of the server (how much time it takes to process a request) by connecting multiple test client applications (also a c++ app) to it and sending config files simultaneously.

enter image description here

As you can see above, I wanna run the test clients on one PC and sever on another PC. The result of this test will be a textual output (log file or console) request/response time of each client.

Should I build a single test client app and run it as multiple processes (multiple applications) or I need to build one parent Test app which emulates the functionality of the client app in a different threads?

I would like to scale my client applications count from 1 to 100.

Is there any test framework like Google-Test that has this functionality built-in?

architecture – How to share battle execution code between client and server?

We’re making an online turn-based game. There’s some logic that is executed in both client and server side. Here’s the pseudocode that shows how we share the code:

// Shared Code
class BattleExecutor {
  constructor(eventHandler)

  void ExecuteTurn(userInputs) {
    ......
    trigger events such as Move, Fire, TakeDamage
    ......
  }
}

// Server
new BattleExecutor(noOperationHandler)

// Client
class ClientEventHandler {
  // play Move, Fire, TakeDamage anime
}

new BattleExecutor(new ClientEventHandler())

In this design, the shared BattleExecutor has the logic of how game is played. Client code is just to play the anime for the events that triggered in BattleExecutor. Server needs the BattleExecutor to determine if user inputs are valid and to determine battle result (who won).

Now our problem is, think of this scenario, in one turn BattleExecutor triggers a Fire and a TakeDamage event within 1 millisecond. But in client side TakeDamage can only be played when Fire anime is done (bullet flying takes time). How to control the playing of events in client side?

The solution we’re considering is to add “Id” and “DependOnIds” property to Event class, meaning that BattleExecutor provides the information of “event A should happen after events B, C, D”. Client knows when anime of B, C, D is done playing, after which client starts playing anime of A. This solution looks a little messy to us, because BattleExecutor now needs to figure out the dependency of events which server doesn’t care about at all.

Is there any more elegant solution that can share battle execution code between client/server and allow client to control the playing of events correctly?

client – How to resolve eclair-node-gui-0.3.3-12ac145.jar getting CAPSULE EXCEPTION after java update to version 11.0.9.1?

I’ve been running Eclair node release eclair-node-gui-0.3.3-12ac145.jar smoothly for some time now on Ubuntu 18.04.5 LTS, but recently had an update to the java version i was using to the latest (?) through the software updater to java version 11.0.9.1.

This now causes the usual procedure i took to run the node –

open terminal –

cd Downloads

java -jar eclair-node-gui-0.3.3-12ac145.jar

  • to fail. The terminal gives me the following message:

CAPSULE EXCEPTION: Could not parse version: 11.0.9.1 while processing attribute Min-Update-Version: {} (for stack trace, run with -Dcapsule.log=verbose)
USAGE: java -jar eclair-node-gui-0.3.3-12ac145.jar

Actions:
capsule.version – Prints the capsule and application versions.
capsule.modes – Prints all available capsule modes.
capsule.jvms – Prints a list of all JVM installations found.
capsule.help – Prints this help message.

Options:
capsule.mode= – Picks the capsule mode to run.
capsule.reset – Resets the capsule cache before launching. The capsule to be re-extracted (if applicable), and other possibly cached files will be recreated.
capsule.log= (default: quiet) – Picks a log level. Must be one of none, quiet, verbose, or debug.
capsule.java.home= – Sets the location of the Java home (JVM installation directory) to use; If ‘current’ forces the use of the JVM that launched the capsule.
capsule.java.cmd= – Sets the path to the Java executable to use.
capsule.jvm.args= – Sets additional JVM arguments to use when running the application.

I have tried vainly to tease some information from the terminal by trying to paste some of the actions and options commands in ,in the form of, for example –

java capsule.version -jar eclair-node-gui-0.3.3-12ac145.jar

to be met with-

Error: Could not find or load main class capsule.version
Caused by: java.lang.ClassNotFoundException: capsule.version

and –

java capsule.reset -jar eclair-node-gui-0.3.3-12ac145.jar

Error: Could not find or load main class capsule.reset
Caused by: java.lang.ClassNotFoundException: capsule.reset

Would appreciate any advice on where i stand with resolving this problem.

Speed-up REST API call for client residing on a local network

I have a REST API server and client (both on Docker containers, if that matters) residing on the same local network. Each HTTP call to the API takes 500ms to 1 second. This is acceptable however as soon as the client makes 3 or more API requests for a single action, the slowness becomes noticeable. This is using local IP as endpoint btw.

Given that both client and API is just “local”, is there a way to speed this up (aside from client-side caching)?

sharepoint online – AADSTS7000215: Invalid client secret is provided

We are integrating with client’s SharePoint using SharePoint REST API. For this, the client has registered an add-in at their side using the appregnew.aspx and provided permissions to the Add in using appinv.aspx.

Now when I am trying to get the bearer token for using the tenant id and giving all other parameters in request body, I am getting the following error:

 "error": "invalid_client",
 "error_description": "AADSTS7000215: Invalid client secret is provided.rnTrace ID: 993e6c16 
  -68f3-4105-baf5-b08368de0700rnCorrelation ID: 59a5e402-1583-422b-8b62- 
    03b620eb72c1rnTimestamp: 2020-06-04 06:34:01Z"

The error message says the client secret is invalid but it is the same client secret that we got from the appregnew.aspx. Can someone help me with this error?

I am using postman to hit the URL and using the application/x-www-form-urlencoded for request body.

enter image description here