Category Archives: Network

Ubuntu PPPoE Server 架設

網路上找到的範例都有缺, 主要是缺 pppoe kernel module 的部份, 也不會很難, 在 Ubuntu 18.04 下需要上個 patch 修掉 compile bug.

Read more »

RSS Toeplitz Hash Calculation C Code

Toeplitz RSS(Receive Side Scaling) sample code 如下, 從 ODP Code 借來的

因為是測試用 code, 所以也不要太在乎語法什麼的
輸出可以正確的跑出 microsoft 網站的 sample

$ ./a.out
sip: 187.149.9.66   dip:80.100.142.161 sport:1766   dport:2794   hash: 51ccc178

目前的 code 會計算 4 個 IP
像是這樣

$ ./a.out
sip: 192.168.1.100  dip:10.0.0.100     sport:1000   dport:1000   hash: 8c2cb4f
sip: 193.168.1.100  dip:10.0.0.100     sport:1000   dport:1000   hash: ef1317e8
sip: 194.168.1.100  dip:10.0.0.100     sport:1000   dport:1000   hash: 5f061160
sip: 195.168.1.100  dip:10.0.0.100     sport:1000   dport:1000   hash: 2324d4ee

連檔名都叫 a.out 我真懶

#include <stdint.h>
#include <stdio.h>
#include <endian.h>
#include <string.h>
#include <arpa/inet.h>

/** rss data type */
typedef union {
uint8_t u8[40];
uint32_t u32[10];
} rss_key;

/** IPv4 tuple
*
*/
typedef struct thash_ipv4_tuple {
uint32_t src_addr;
uint32_t dst_addr;
union {
struct {
uint16_t sport;
uint16_t dport;
};
uint32_t sctp_tag;
};
} thash_ipv4_tuple_t;

/** Thash tuple union */
typedef union {
thash_ipv4_tuple_t v4;
//thash_ipv6_tuple_t v6;
} thash_tuple_t;
static const rss_key default_rss = {
.u8 = {
0x6d, 0x5a, 0x56, 0xda, 0x25, 0x5b, 0x0e, 0xc2,
0x41, 0x67, 0x25, 0x3d, 0x43, 0xa3, 0x8f, 0xb0,
0xd0, 0xca, 0x2b, 0xcb, 0xae, 0x7b, 0x30, 0xb4,
0x77, 0xcb, 0x2d, 0xa3, 0x80, 0x30, 0xf2, 0x0c,
0x6a, 0x42, 0xb7, 0x3b, 0xbe, 0xac, 0x01, 0xfa,
}
};

static inline
uint32_t thash_softrss(uint32_t *tuple, uint8_t len,
const rss_key key)
{
uint32_t i, j, ret = 0;

for (j = 0; j < len; j++) {
for (i = 0; i < 32; i++) {
if (tuple[j] & (1 << (31 – i))) {
ret ^= htobe32(((const uint32_t *)
key.u32)[j]) << i | (uint32_t)((uint64_t) (htobe32(((const uint32_t *)key.u32) [j + 1])) >> (32 – i));
}
}
}

return ret;
}
int main(int argc,char *argv[]){
thash_tuple_t tuple;
uint32_t hash;
uint32_t tuple_len;
struct in_addr ip_addr_s,ip_addr_d;
char str_s[15], str_d[15];

#if 0
tuple.v4.src_addr = (uint32_t) inet_addr(“66.9.149.187″);
tuple.v4.dst_addr = (uint32_t) inet_addr(“161.142.100.80″);
ip_addr_s.s_addr = tuple.v4.src_addr;
ip_addr_d.s_addr = tuple.v4.dst_addr;
tuple_len += 2;
tuple.v4.sport = htobe16(2794);
tuple.v4.dport = htobe16(1766);
tuple_len += 1;
#endif

for(int i=0;i<4;i++){
tuple_len = 0;
hash = 0;

tuple.v4.src_addr = (uint32_t) inet_addr(“192.168.1.100″);
tuple.v4.src_addr = be32toh(tuple.v4.src_addr);
tuple.v4.src_addr=tuple.v4.src_addr+i*4;
tuple.v4.src_addr = htobe32(tuple.v4.src_addr);
tuple.v4.dst_addr = (uint32_t) inet_addr(“10.0.0.100″);
ip_addr_s.s_addr = tuple.v4.src_addr;
ip_addr_d.s_addr = tuple.v4.dst_addr;
tuple_len += 2;
tuple.v4.sport = htobe16(1000);
tuple.v4.dport = htobe16(1000);
tuple_len += 1;

if (tuple_len){
tuple.v4.src_addr = be32toh(tuple.v4.src_addr);
tuple.v4.dst_addr = be32toh(tuple.v4.dst_addr);
tuple.v4.sctp_tag = be32toh(tuple.v4.sctp_tag);
hash = thash_softrss((uint32_t *)&tuple,
tuple_len, default_rss);
}

ip_addr_s.s_addr = htobe32(tuple.v4.src_addr);
ip_addr_d.s_addr = htobe32(tuple.v4.dst_addr);
strcpy(str_s,inet_ntoa(ip_addr_s));
strcpy(str_d,inet_ntoa(ip_addr_d));
printf(“sip: %-14s dip:%-14s sport:%-6d dport:%-6d hash: %x \n",
str_s,str_d,
tuple.v4.sport,
tuple.v4.dport, hash);

}

return hash;
}

附帶一提, 如果在 Linux 下要修改 hash key . 可以用 ethtool 這個指令, ex:

$ ethtool -X enp5s0f4 hkey 6d:5a:6d:5a:6d:5a:6d:5a:6d:5a:6d:5a:6d:5a:6d:5a:6d:5a:6d:5a:6d:5a:6d:5a:6d:5a:6d:5a:6d:5a:6d:5a:6d:5a:6d:5a:6d:5a:6d:5a

ref.
Verifying the RSS Hash Calculation : 可以比對計算出是不是正確
Symmetric RSS : 有趣的文章, 提到原來的功能沒有辦法有效的 hash , 將所有的 key 都改 0x6d5a 就可以
Scalable TCP Session Monitoring with Symmetric Receive-side Scaling
Scaling in the Linux Networking Stack
odp_classification.c

Bind Zone Forward

如果有特定的 domain 要指向特定的 Server

這時候就要用 Zone Forward 指令

例如:

zone "subzone.mydns.example.com" {
  type forward;
  forwarders { 192.168.0.4; };
};

這樣就可以了

ref
How to properly configure BIND forward zone for an internal DNS server?
DNS BIND zone clause

[Gentoo][Linux] Hinet PPPoE IPv6 Dual Stack 設定

自從中研院 Tunnel Broker 因為硬碟壞掉終止服務, Hinet Tunnel Broker 一直斷線根本不能用.
己經很久沒有使用 IPv6 的服務.
前二天聽到 Kenduest Lee 說到 Hinet 光世代 PPPoE 有 IPv6 的服務, 立馬就跑去申請.
Read more »

[Linux] 限制時間上 Facebook

Facebook 花去太多時間, 所以在 Linux 上加了一條 Rule 限制自己
Read more »

Strongswan ipsec debug

可以在 runtime 下指令馬上更改 debug command,
# ipsec stroke loglevel ike 2
也可以寫在 ipsec.conf 內.
Read more »

NFS 碰到的怪問題

今天碰到的怪問題.

eth0: 1000 Mbps Full duplex, port 0
ADDRCONF(NETDEV_UP): eth0: link is not ready
ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready
IP-Config: Complete:
device=eth0, addr=10.102.81.59, mask=255.255.255.0, gw=10.102.81.1
host=10.102.81.59, domain=, nis-domain=(none)
bootserver=10.102.81.66, rootserver=10.102.81.66, rootpath=
VFS: Unable to mount root fs via NFS, trying floppy.
VFS: Cannot open root device “nfs" or unknown-block(2,0): error -6
Please append a correct “root=" boot option; here are the available partitions:

首先要在 bootargs 放上nfsrootdebug 參數找出真正的原因, 然後就會出現

ADDRCONF(NETDEV_UP): eth0: link is not ready
ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready
IP-Config: Complete:
device=eth0, addr=10.102.81.59, mask=255.255.255.0, gw=10.102.81.1
host=10.102.81.59, domain=, nis-domain=(none)
bootserver=10.102.81.66, rootserver=10.102.81.66, rootpath=
Root-NFS: nfsroot=/home/work/nfs/fusion.nfsvers=3
NFS: nfs mount opts=’vers=2,udp,rsize=4096,wsize=4096,nolock,addr=10.102.81.66′
NFS:   parsing nfs mount option ‘vers=2’
NFS:   parsing nfs mount option ‘udp’
NFS:   parsing nfs mount option ‘rsize=4096’
NFS:   parsing nfs mount option ‘wsize=4096’
NFS:   parsing nfs mount option ‘nolock’
NFS:   parsing nfs mount option ‘addr=10.102.81.66’
NFS: MNTPATH: ‘/home/work/nfs/fusion.nfsvers=3’
NFS: sending MNT request for 10.102.81.66:/home/work/nfs/fusion.nfsvers=3
NFS: MNT server returned result -13
NFS: unable to mount server 10.102.81.66, error -13

這個問題只要加上 nolock 參數就好了, 所以 nfsroot args 會長的像這樣

mem=512M root=/dev/nfs rw nfsroot=${serverip}:/nfs/fusion,nfsvers=3,nolock ip=${ipaddr}:${serverip}:${gatewayip}:255.255.255.0::eth0:off’

ref: Nfs root

[評] 特洛伊木馬已進駐台灣

原文 特洛伊木馬已進駐台灣

Read more »

蘋果日報被國家級駭客攻擊.

11/9號連不上水果日報了.

【請大家告訴大家】

《蘋果》被駭客強烈攻擊,一些報導、圖片可能無法正常觀看,目前工程師正緊急搶修中,造成不便深感抱歉!編編們仍會在社群上持續為大家帶來最新、最快的新聞!

        你可以透過以下管道發落最新消息:
<略>

剛好朋友在說是 DNS 的問題, 就順手幫水果查了一下水錶DNS

Read more »

自幹 dyndns

之前好像免費的 dyndns 都收的差不多了, 好像很久沒有人提了.
今天心情還不錯, 就來架設自己的 dyndns.
主要可以參考這二篇

[分享] 用 BIND 架設 DDNS Server 提供 DDNS 服務
動態 DNS 設定技巧
Read more »