Category Archives: Network

Ubuntu 18.04 ARM64 DPDK in VM (QEMU)

DPDK is a very popular infrastructure in high speed packet process domain, some applications will used the same architecture to process packet, like EPC.

For Ubuntu 18.04, it used dpdk 17.11, it not good for some other application like dpdk pktgen, but enough for testpmd and l3fwd test. here is some personal note for setup whole environment.

DPDK in QEMU archeticture
Read more »

Ubuntu PPPoE Server 架設

網路上找到的範例都有缺, 主要是缺 pppoe kernel module 的部份, 也不會很難, 在 Ubuntu 18.04 下需要上個 patch 修掉 compile bug.

Read more »

RSS Toeplitz Hash Calculation C Code

Toeplitz RSS(Receive Side Scaling) sample code 如下, 從 ODP Code 借來的

因為是測試用 code, 所以也不要太在乎語法什麼的
輸出可以正確的跑出 microsoft 網站的 sample

$ ./a.out
sip: 187.149.9.66   dip:80.100.142.161 sport:1766   dport:2794   hash: 51ccc178

目前的 code 會計算 4 個 IP
像是這樣

$ ./a.out
sip: 192.168.1.100  dip:10.0.0.100     sport:1000   dport:1000   hash: 8c2cb4f
sip: 193.168.1.100  dip:10.0.0.100     sport:1000   dport:1000   hash: ef1317e8
sip: 194.168.1.100  dip:10.0.0.100     sport:1000   dport:1000   hash: 5f061160
sip: 195.168.1.100  dip:10.0.0.100     sport:1000   dport:1000   hash: 2324d4ee

連檔名都叫 a.out 我真懶

#include <stdint.h>
#include <stdio.h>
#include <endian.h>
#include <string.h>
#include <arpa/inet.h>

/** rss data type */
typedef union {
uint8_t u8[40];
uint32_t u32[10];
} rss_key;

/** IPv4 tuple
*
*/
typedef struct thash_ipv4_tuple {
uint32_t src_addr;
uint32_t dst_addr;
union {
struct {
uint16_t sport;
uint16_t dport;
};
uint32_t sctp_tag;
};
} thash_ipv4_tuple_t;

/** Thash tuple union */
typedef union {
thash_ipv4_tuple_t v4;
//thash_ipv6_tuple_t v6;
} thash_tuple_t;
static const rss_key default_rss = {
.u8 = {
0x6d, 0x5a, 0x56, 0xda, 0x25, 0x5b, 0x0e, 0xc2,
0x41, 0x67, 0x25, 0x3d, 0x43, 0xa3, 0x8f, 0xb0,
0xd0, 0xca, 0x2b, 0xcb, 0xae, 0x7b, 0x30, 0xb4,
0x77, 0xcb, 0x2d, 0xa3, 0x80, 0x30, 0xf2, 0x0c,
0x6a, 0x42, 0xb7, 0x3b, 0xbe, 0xac, 0x01, 0xfa,
}
};

static inline
uint32_t thash_softrss(uint32_t *tuple, uint8_t len,
const rss_key key)
{
uint32_t i, j, ret = 0;

for (j = 0; j < len; j++) {
for (i = 0; i < 32; i++) {
if (tuple[j] & (1 << (31 – i))) {
ret ^= htobe32(((const uint32_t *)
key.u32)[j]) << i | (uint32_t)((uint64_t) (htobe32(((const uint32_t *)key.u32) [j + 1])) >> (32 – i));
}
}
}

return ret;
}
int main(int argc,char *argv[]){
thash_tuple_t tuple;
uint32_t hash;
uint32_t tuple_len;
struct in_addr ip_addr_s,ip_addr_d;
char str_s[15], str_d[15];

#if 0
tuple.v4.src_addr = (uint32_t) inet_addr(“66.9.149.187”);
tuple.v4.dst_addr = (uint32_t) inet_addr(“161.142.100.80”);
ip_addr_s.s_addr = tuple.v4.src_addr;
ip_addr_d.s_addr = tuple.v4.dst_addr;
tuple_len += 2;
tuple.v4.sport = htobe16(2794);
tuple.v4.dport = htobe16(1766);
tuple_len += 1;
#endif

for(int i=0;i<4;i++){
tuple_len = 0;
hash = 0;

tuple.v4.src_addr = (uint32_t) inet_addr(“192.168.1.100”);
tuple.v4.src_addr = be32toh(tuple.v4.src_addr);
tuple.v4.src_addr=tuple.v4.src_addr+i*4;
tuple.v4.src_addr = htobe32(tuple.v4.src_addr);
tuple.v4.dst_addr = (uint32_t) inet_addr(“10.0.0.100”);
ip_addr_s.s_addr = tuple.v4.src_addr;
ip_addr_d.s_addr = tuple.v4.dst_addr;
tuple_len += 2;
tuple.v4.sport = htobe16(1000);
tuple.v4.dport = htobe16(1000);
tuple_len += 1;

if (tuple_len){
tuple.v4.src_addr = be32toh(tuple.v4.src_addr);
tuple.v4.dst_addr = be32toh(tuple.v4.dst_addr);
tuple.v4.sctp_tag = be32toh(tuple.v4.sctp_tag);
hash = thash_softrss((uint32_t *)&tuple,
tuple_len, default_rss);
}

ip_addr_s.s_addr = htobe32(tuple.v4.src_addr);
ip_addr_d.s_addr = htobe32(tuple.v4.dst_addr);
strcpy(str_s,inet_ntoa(ip_addr_s));
strcpy(str_d,inet_ntoa(ip_addr_d));
printf(“sip: %-14s dip:%-14s sport:%-6d dport:%-6d hash: %x \n”,
str_s,str_d,
tuple.v4.sport,
tuple.v4.dport, hash);

}

return hash;
}

附帶一提, 如果在 Linux 下要修改 hash key . 可以用 ethtool 這個指令, ex:

$ ethtool -X enp5s0f4 hkey 6d:5a:6d:5a:6d:5a:6d:5a:6d:5a:6d:5a:6d:5a:6d:5a:6d:5a:6d:5a:6d:5a:6d:5a:6d:5a:6d:5a:6d:5a:6d:5a:6d:5a:6d:5a:6d:5a:6d:5a

ref.
Verifying the RSS Hash Calculation : 可以比對計算出是不是正確
Symmetric RSS : 有趣的文章, 提到原來的功能沒有辦法有效的 hash , 將所有的 key 都改 0x6d5a 就可以
Scalable TCP Session Monitoring with Symmetric Receive-side Scaling
Scaling in the Linux Networking Stack
odp_classification.c

Bind Zone Forward

如果有特定的 domain 要指向特定的 Server

這時候就要用 Zone Forward 指令

例如:

zone "subzone.mydns.example.com" {
  type forward;
  forwarders { 192.168.0.4; };
};

這樣就可以了

ref
How to properly configure BIND forward zone for an internal DNS server?
DNS BIND zone clause

[Gentoo][Linux] Hinet PPPoE IPv6 Dual Stack 設定

自從中研院 Tunnel Broker 因為硬碟壞掉終止服務, Hinet Tunnel Broker 一直斷線根本不能用.
己經很久沒有使用 IPv6 的服務.
前二天聽到 Kenduest Lee 說到 Hinet 光世代 PPPoE 有 IPv6 的服務, 立馬就跑去申請.
Read more »

[Linux] 限制時間上 Facebook

Facebook 花去太多時間, 所以在 Linux 上加了一條 Rule 限制自己
Read more »

Strongswan ipsec debug

可以在 runtime 下指令馬上更改 debug command,
# ipsec stroke loglevel ike 2
也可以寫在 ipsec.conf 內.
Read more »

NFS 碰到的怪問題

今天碰到的怪問題.

eth0: 1000 Mbps Full duplex, port 0
ADDRCONF(NETDEV_UP): eth0: link is not ready
ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready
IP-Config: Complete:
device=eth0, addr=10.102.81.59, mask=255.255.255.0, gw=10.102.81.1
host=10.102.81.59, domain=, nis-domain=(none)
bootserver=10.102.81.66, rootserver=10.102.81.66, rootpath=
VFS: Unable to mount root fs via NFS, trying floppy.
VFS: Cannot open root device “nfs” or unknown-block(2,0): error -6
Please append a correct “root=” boot option; here are the available partitions:

首先要在 bootargs 放上nfsrootdebug 參數找出真正的原因, 然後就會出現

ADDRCONF(NETDEV_UP): eth0: link is not ready
ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready
IP-Config: Complete:
device=eth0, addr=10.102.81.59, mask=255.255.255.0, gw=10.102.81.1
host=10.102.81.59, domain=, nis-domain=(none)
bootserver=10.102.81.66, rootserver=10.102.81.66, rootpath=
Root-NFS: nfsroot=/home/work/nfs/fusion.nfsvers=3
NFS: nfs mount opts=’vers=2,udp,rsize=4096,wsize=4096,nolock,addr=10.102.81.66′
NFS:   parsing nfs mount option ‘vers=2’
NFS:   parsing nfs mount option ‘udp’
NFS:   parsing nfs mount option ‘rsize=4096’
NFS:   parsing nfs mount option ‘wsize=4096’
NFS:   parsing nfs mount option ‘nolock’
NFS:   parsing nfs mount option ‘addr=10.102.81.66’
NFS: MNTPATH: ‘/home/work/nfs/fusion.nfsvers=3’
NFS: sending MNT request for 10.102.81.66:/home/work/nfs/fusion.nfsvers=3
NFS: MNT server returned result -13
NFS: unable to mount server 10.102.81.66, error -13

這個問題只要加上 nolock 參數就好了, 所以 nfsroot args 會長的像這樣

mem=512M root=/dev/nfs rw nfsroot=${serverip}:/nfs/fusion,nfsvers=3,nolock ip=${ipaddr}:${serverip}:${gatewayip}:255.255.255.0::eth0:off’

ref: Nfs root

[評] 特洛伊木馬已進駐台灣

原文 特洛伊木馬已進駐台灣

Read more »

蘋果日報被國家級駭客攻擊.

11/9號連不上水果日報了.

【請大家告訴大家】

《蘋果》被駭客強烈攻擊,一些報導、圖片可能無法正常觀看,目前工程師正緊急搶修中,造成不便深感抱歉!編編們仍會在社群上持續為大家帶來最新、最快的新聞!

        你可以透過以下管道發落最新消息:
<略>

剛好朋友在說是 DNS 的問題, 就順手幫水果查了一下水錶DNS

Read more »