AWS 提供 VPC Traffic Mirroring 的功能

以前在機房可以在 switch 上用 port mirror 看流量內容找問題,現在在 AWS 上也提供類似的功能 VPC Traffic Mirroring:「New – VPC Traffic Mirroring – Capture & Inspect Network Traffic」。

所以所有以前在傳統機房使用 switch 的技術,都可以在 AWS 上重新發展出來,所以不算太意外的是第一波就有一堆 partner 提供服務,或是一些公司提供經驗。

另外 AWS 的 VPC Traffic Mirroring 比以前 switch 的 port mirror 更彈性,可以把整個網路當來源,或是指定特定的 ENI 當來源:

Mirror Source – An AWS network resource that exists within a particular VPC, and that can be used as the source of traffic. VPC Traffic Mirroring supports the use of Elastic Network Interfaces (ENIs) as mirror sources.

然後除了可以打到 ENI 上,也可以打到 NLB 上:

Mirror Target – An ENI or Network Load Balancer that serves as a destination for the mirrored traffic. The target can be in the same AWS account as the Mirror Source, or in a different account for implementation of the central-VPC model that I mentioned above.


Mirror Filter – A specification of the inbound or outbound (with respect to the source) traffic that is to be captured (accepted) or skipped (rejected). The filter can specify a protocol, ranges for the source and destination ports, and CIDR blocks for the source and destination. Rules are numbered, and processed in order within the scope of a particular Mirror Session.

然後有判斷 session 的能力 (看這邊的敘述,應該就是指 stateful connection?):

Traffic Mirror Session – A connection between a mirror source and target that makes use of a filter. Sessions are numbered, evaluated in order, and the first match (accept or reject) is used to determine the fate of the packet. A given packet is sent to at most one target.


VPC Traffic Mirroring is available now and you can start using it today in all commercial AWS Regions except Asia Pacific (Sydney), China (Beijing), and China (Ningxia). Support for those regions will be added soon. You pay an hourly fee (starting at $0.015 per hour) for each mirror source; see the VPC Pricing page for more info.

在 command line 上操作的 Termshark

看到 Termshark 這個專案,程式碼在 gcla/termshark

類似於 tshark 使用 CLI,但操作介面會比 tshark 友善不少,從說明可以看出來是透過 tshark 分析:

Note that tshark is a run-time dependency, and must be in your PATH for termshark to function. Version 1.10.2 or higher is required (approx 2013).

PHP-CS-Fixer 1.0 出版!

PHP-CS-Fixer 正式釋出 1.0 版:「PHP CS Fixer finally reaches version 1.0」。

原作者提到了之前的版本以 regular expression 為底,而這三個月有了大改變,現在的版本是以 token 來判斷:

The current stable version of PHP-CS-Fixer was released in August 2014 and it is still based on regular expressions, two years after the first public release. But in the last three months, things got crazy mainly because of Dariusz Ruminski. He did a great job at rewriting everything on top of a parser based on the PHP tokens, helped by 21 other contributors.


php-cs-fixer fix /path --level=psr2

這樣會把目錄下的所有 .php 檔都清過一次。目錄的部份也可以用檔名,表示只處理一個檔案。

檢查程式碼是否符合 PSR-2 的工具:PHP_CodeSniffer (phpcs)

PHP_CodeSniffer 是套檢查 PHP 程式碼是否符合規範的工具。

WordPress 3.8.1 的 index.php 跑 PSR-2 測試。

想要測試的人可以用 Vagrant 安裝測試,我用 Docker 弄了老半天弄不起來,就跑去用 Vagrant 測試了...

(話說回來,Vagrant 與 Docker 真的是測試的神器,反正要弄一個 Ubuntu 平台上測試就是拿這兩個東西出來測...)

由於系統內的 PHP_CodeSniffer 不一定夠新,舉例來說,Ubuntu 12.04 的 php-codesniffer 只有 1.1.0,而掃 PSR-1 的程式出現在 1.3.5,PSR-2 出現在 1.4.0

安裝 c9s 所維護的 phpbrew 通常是還蠻常見的選擇。裝完後再用 pear install PHP_CodeSniffer 裝進去就有 phpcs 可以用了。

phpcs 預設是用 PEAR standard,可以指定 --standard=PSR2 強迫他使用 PSR-2 規則:

phpcs --standard=PSR2 foo.php

也可以直接強迫換成 PSR-2,然後再看設定有沒有改成功:

phpcs --config-set default_standard PSR2
phpcs --config-show


phpcs foo/