Category Archives: Network

QEMU Network Problem When Run With Docker

如果 Docker 和 QEMU 同時執行時,QEMU 內部透過 tap interface bridge 到 host network 的網路會出不去

這個問題的原因是 Docker 起來之後,會將 iptables 的 packet forward 預設變成 DROP

這時可以在 Docker 起來的時候將 bridge interface 加到 iptables 規則內即可,首先編輯 systemd docker service

Read more »

Ubuntu 18.04 ARM64 DPDK in VM (QEMU)

DPDK is a very popular infrastructure in high speed packet process domain, some applications will used the same architecture to process packet, like EPC.

For Ubuntu 18.04, it used dpdk 17.11, it not good for some other application like dpdk pktgen, but enough for testpmd and l3fwd test. here is some personal note for setup whole environment.

DPDK in QEMU archeticture
Read more »

Ubuntu PPPoE Server 架設

網路上找到的範例都有缺, 主要是缺 pppoe kernel module 的部份, 也不會很難, 在 Ubuntu 18.04 下需要上個 patch 修掉 compile bug.

Read more »

RSS Toeplitz Hash Calculation C Code

Toeplitz RSS(Receive Side Scaling) sample code 如下, 從 ODP Code 借來的

因為是測試用 code, 所以也不要太在乎語法什麼的
輸出可以正確的跑出 microsoft 網站的 sample

$ ./a.out
sip: 187.149.9.66   dip:80.100.142.161 sport:1766   dport:2794   hash: 51ccc178

目前的 code 會計算 4 個 IP
像是這樣

$ ./a.out
sip: 192.168.1.100  dip:10.0.0.100     sport:1000   dport:1000   hash: 8c2cb4f
sip: 193.168.1.100  dip:10.0.0.100     sport:1000   dport:1000   hash: ef1317e8
sip: 194.168.1.100  dip:10.0.0.100     sport:1000   dport:1000   hash: 5f061160
sip: 195.168.1.100  dip:10.0.0.100     sport:1000   dport:1000   hash: 2324d4ee

連檔名都叫 a.out 我真懶

#include <stdint.h>
#include <stdio.h>
#include <endian.h>
#include <string.h>
#include <arpa/inet.h>

/** rss data type */
typedef union {
uint8_t u8[40];
uint32_t u32[10];
} rss_key;

/** IPv4 tuple
*
*/
typedef struct thash_ipv4_tuple {
uint32_t src_addr;
uint32_t dst_addr;
union {
struct {
uint16_t sport;
uint16_t dport;
};
uint32_t sctp_tag;
};
} thash_ipv4_tuple_t;

/** Thash tuple union */
typedef union {
thash_ipv4_tuple_t v4;
//thash_ipv6_tuple_t v6;
} thash_tuple_t;
static const rss_key default_rss = {
.u8 = {
0x6d, 0x5a, 0x56, 0xda, 0x25, 0x5b, 0x0e, 0xc2,
0x41, 0x67, 0x25, 0x3d, 0x43, 0xa3, 0x8f, 0xb0,
0xd0, 0xca, 0x2b, 0xcb, 0xae, 0x7b, 0x30, 0xb4,
0x77, 0xcb, 0x2d, 0xa3, 0x80, 0x30, 0xf2, 0x0c,
0x6a, 0x42, 0xb7, 0x3b, 0xbe, 0xac, 0x01, 0xfa,
}
};

static inline
uint32_t thash_softrss(uint32_t *tuple, uint8_t len,
const rss_key key)
{
uint32_t i, j, ret = 0;

for (j = 0; j < len; j++) {
for (i = 0; i < 32; i++) {
if (tuple[j] & (1 << (31 – i))) {
ret ^= htobe32(((const uint32_t *)
key.u32)[j]) << i | (uint32_t)((uint64_t) (htobe32(((const uint32_t *)key.u32) [j + 1])) >> (32 – i));
}
}
}

return ret;
}
int main(int argc,char *argv[]){
thash_tuple_t tuple;
uint32_t hash;
uint32_t tuple_len;
struct in_addr ip_addr_s,ip_addr_d;
char str_s[15], str_d[15];

#if 0
tuple.v4.src_addr = (uint32_t) inet_addr(“66.9.149.187”);
tuple.v4.dst_addr = (uint32_t) inet_addr(“161.142.100.80”);
ip_addr_s.s_addr = tuple.v4.src_addr;
ip_addr_d.s_addr = tuple.v4.dst_addr;
tuple_len += 2;
tuple.v4.sport = htobe16(2794);
tuple.v4.dport = htobe16(1766);
tuple_len += 1;
#endif

for(int i=0;i<4;i++){
tuple_len = 0;
hash = 0;

tuple.v4.src_addr = (uint32_t) inet_addr(“192.168.1.100”);
tuple.v4.src_addr = be32toh(tuple.v4.src_addr);
tuple.v4.src_addr=tuple.v4.src_addr+i*4;
tuple.v4.src_addr = htobe32(tuple.v4.src_addr);
tuple.v4.dst_addr = (uint32_t) inet_addr(“10.0.0.100”);
ip_addr_s.s_addr = tuple.v4.src_addr;
ip_addr_d.s_addr = tuple.v4.dst_addr;
tuple_len += 2;
tuple.v4.sport = htobe16(1000);
tuple.v4.dport = htobe16(1000);
tuple_len += 1;

if (tuple_len){
tuple.v4.src_addr = be32toh(tuple.v4.src_addr);
tuple.v4.dst_addr = be32toh(tuple.v4.dst_addr);
tuple.v4.sctp_tag = be32toh(tuple.v4.sctp_tag);
hash = thash_softrss((uint32_t *)&tuple,
tuple_len, default_rss);
}

ip_addr_s.s_addr = htobe32(tuple.v4.src_addr);
ip_addr_d.s_addr = htobe32(tuple.v4.dst_addr);
strcpy(str_s,inet_ntoa(ip_addr_s));
strcpy(str_d,inet_ntoa(ip_addr_d));
printf(“sip: %-14s dip:%-14s sport:%-6d dport:%-6d hash: %x \n”,
str_s,str_d,
tuple.v4.sport,
tuple.v4.dport, hash);

}

return hash;
}

附帶一提, 如果在 Linux 下要修改 hash key . 可以用 ethtool 這個指令, ex:

$ ethtool -X enp5s0f4 hkey 6d:5a:6d:5a:6d:5a:6d:5a:6d:5a:6d:5a:6d:5a:6d:5a:6d:5a:6d:5a:6d:5a:6d:5a:6d:5a:6d:5a:6d:5a:6d:5a:6d:5a:6d:5a:6d:5a:6d:5a

ref.
Verifying the RSS Hash Calculation : 可以比對計算出是不是正確
Symmetric RSS : 有趣的文章, 提到原來的功能沒有辦法有效的 hash , 將所有的 key 都改 0x6d5a 就可以
Scalable TCP Session Monitoring with Symmetric Receive-side Scaling
Scaling in the Linux Networking Stack
odp_classification.c

Bind Zone Forward

如果有特定的 domain 要指向特定的 Server

這時候就要用 Zone Forward 指令

例如:

zone "subzone.mydns.example.com" {
  type forward;
  forwarders { 192.168.0.4; };
};

這樣就可以了

ref
How to properly configure BIND forward zone for an internal DNS server?
DNS BIND zone clause

[Gentoo][Linux] Hinet PPPoE IPv6 Dual Stack 設定

自從中研院 Tunnel Broker 因為硬碟壞掉終止服務, Hinet Tunnel Broker 一直斷線根本不能用.
己經很久沒有使用 IPv6 的服務.
前二天聽到 Kenduest Lee 說到 Hinet 光世代 PPPoE 有 IPv6 的服務, 立馬就跑去申請.
Read more »

[Linux] 限制時間上 Facebook

Facebook 花去太多時間, 所以在 Linux 上加了一條 Rule 限制自己

Read more »

Strongswan ipsec debug

可以在 runtime 下指令馬上更改 debug command,
# ipsec stroke loglevel ike 2
也可以寫在 ipsec.conf 內.
Read more »

NFS 碰到的怪問題

今天碰到的怪問題.

eth0: 1000 Mbps Full duplex, port 0
ADDRCONF(NETDEV_UP): eth0: link is not ready
ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready
IP-Config: Complete:
device=eth0, addr=10.102.81.59, mask=255.255.255.0, gw=10.102.81.1
host=10.102.81.59, domain=, nis-domain=(none)
bootserver=10.102.81.66, rootserver=10.102.81.66, rootpath=
VFS: Unable to mount root fs via NFS, trying floppy.
VFS: Cannot open root device “nfs” or unknown-block(2,0): error -6
Please append a correct “root=” boot option; here are the available partitions:

首先要在 bootargs 放上nfsrootdebug 參數找出真正的原因, 然後就會出現

ADDRCONF(NETDEV_UP): eth0: link is not ready
ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready
IP-Config: Complete:
device=eth0, addr=10.102.81.59, mask=255.255.255.0, gw=10.102.81.1
host=10.102.81.59, domain=, nis-domain=(none)
bootserver=10.102.81.66, rootserver=10.102.81.66, rootpath=
Root-NFS: nfsroot=/home/work/nfs/fusion.nfsvers=3
NFS: nfs mount opts=’vers=2,udp,rsize=4096,wsize=4096,nolock,addr=10.102.81.66′
NFS:   parsing nfs mount option ‘vers=2’
NFS:   parsing nfs mount option ‘udp’
NFS:   parsing nfs mount option ‘rsize=4096’
NFS:   parsing nfs mount option ‘wsize=4096’
NFS:   parsing nfs mount option ‘nolock’
NFS:   parsing nfs mount option ‘addr=10.102.81.66’
NFS: MNTPATH: ‘/home/work/nfs/fusion.nfsvers=3’
NFS: sending MNT request for 10.102.81.66:/home/work/nfs/fusion.nfsvers=3
NFS: MNT server returned result -13
NFS: unable to mount server 10.102.81.66, error -13

這個問題只要加上 nolock 參數就好了, 所以 nfsroot args 會長的像這樣

mem=512M root=/dev/nfs rw nfsroot=${serverip}:/nfs/fusion,nfsvers=3,nolock ip=${ipaddr}:${serverip}:${gatewayip}:255.255.255.0::eth0:off’

ref: Nfs root

[評] 特洛伊木馬已進駐台灣

原文 特洛伊木馬已進駐台灣

Read more »