果然還是到了這一天,雖然總是有一天他們會看到,但是多多少少還是要設一道簡單的關卡
最簡單的是在路由器上設定 DNS ,畢竟誰都不喜歡在自己的手機電腦裝軟體吧
Category Archives: Network
自架 DNS 防成人內容
QEMU Network Problem When Run With Docker
如果 Docker 和 QEMU 同時執行時,QEMU 內部透過 tap interface bridge 到 host network 的網路會出不去
這個問題的原因是 Docker 起來之後,會將 iptables 的 packet forward 預設變成 DROP
這時可以在 Docker 起來的時候將 bridge interface 加到 iptables 規則內即可,首先編輯 systemd docker service
Ubuntu 18.04 ARM64 DPDK in VM (QEMU)
DPDK is a very popular infrastructure in high speed packet process domain, some applications will used the same architecture to process packet, like EPC.
For Ubuntu 18.04, it used dpdk 17.11, it not good for some other application like dpdk pktgen, but enough for testpmd and l3fwd test. here is some personal note for setup whole environment.

Ubuntu PPPoE Server 架設
網路上找到的範例都有缺, 主要是缺 pppoe kernel module 的部份, 也不會很難, 在 Ubuntu 18.04 下需要上個 patch 修掉 compile bug.
RSS Toeplitz Hash Calculation C Code
Toeplitz RSS(Receive Side Scaling) sample code 如下, 從 ODP Code 借來的
因為是測試用 code, 所以也不要太在乎語法什麼的
輸出可以正確的跑出 microsoft 網站的 sample
$ ./a.out sip: 187.149.9.66 dip:80.100.142.161 sport:1766 dport:2794 hash: 51ccc178 |
目前的 code 會計算 4 個 IP
像是這樣
$ ./a.out sip: 192.168.1.100 dip:10.0.0.100 sport:1000 dport:1000 hash: 8c2cb4f sip: 193.168.1.100 dip:10.0.0.100 sport:1000 dport:1000 hash: ef1317e8 sip: 194.168.1.100 dip:10.0.0.100 sport:1000 dport:1000 hash: 5f061160 sip: 195.168.1.100 dip:10.0.0.100 sport:1000 dport:1000 hash: 2324d4ee |
連檔名都叫 a.out 我真懶
#include <stdint.h>
#include <stdio.h>
#include <endian.h>
#include <string.h>
#include <arpa/inet.h>
/** rss data type */
typedef union {
uint8_t u8[40];
uint32_t u32[10];
} rss_key;
/** IPv4 tuple
*
*/
typedef struct thash_ipv4_tuple {
uint32_t src_addr;
uint32_t dst_addr;
union {
struct {
uint16_t sport;
uint16_t dport;
};
uint32_t sctp_tag;
};
} thash_ipv4_tuple_t;
/** Thash tuple union */
typedef union {
thash_ipv4_tuple_t v4;
//thash_ipv6_tuple_t v6;
} thash_tuple_t;
static const rss_key default_rss = {
.u8 = {
0x6d, 0x5a, 0x56, 0xda, 0x25, 0x5b, 0x0e, 0xc2,
0x41, 0x67, 0x25, 0x3d, 0x43, 0xa3, 0x8f, 0xb0,
0xd0, 0xca, 0x2b, 0xcb, 0xae, 0x7b, 0x30, 0xb4,
0x77, 0xcb, 0x2d, 0xa3, 0x80, 0x30, 0xf2, 0x0c,
0x6a, 0x42, 0xb7, 0x3b, 0xbe, 0xac, 0x01, 0xfa,
}
};
static inline
uint32_t thash_softrss(uint32_t *tuple, uint8_t len,
const rss_key key)
{
uint32_t i, j, ret = 0;
for (j = 0; j < len; j++) {
for (i = 0; i < 32; i++) {
if (tuple[j] & (1 << (31 – i))) {
ret ^= htobe32(((const uint32_t *)
key.u32)[j]) << i | (uint32_t)((uint64_t) (htobe32(((const uint32_t *)key.u32) [j + 1])) >> (32 – i));
}
}
}
return ret;
}
int main(int argc,char *argv[]){
thash_tuple_t tuple;
uint32_t hash;
uint32_t tuple_len;
struct in_addr ip_addr_s,ip_addr_d;
char str_s[15], str_d[15];
#if 0
tuple.v4.src_addr = (uint32_t) inet_addr(“66.9.149.187”);
tuple.v4.dst_addr = (uint32_t) inet_addr(“161.142.100.80”);
ip_addr_s.s_addr = tuple.v4.src_addr;
ip_addr_d.s_addr = tuple.v4.dst_addr;
tuple_len += 2;
tuple.v4.sport = htobe16(2794);
tuple.v4.dport = htobe16(1766);
tuple_len += 1;
#endif
for(int i=0;i<4;i++){
tuple_len = 0;
hash = 0;
tuple.v4.src_addr = (uint32_t) inet_addr(“192.168.1.100”);
tuple.v4.src_addr = be32toh(tuple.v4.src_addr);
tuple.v4.src_addr=tuple.v4.src_addr+i*4;
tuple.v4.src_addr = htobe32(tuple.v4.src_addr);
tuple.v4.dst_addr = (uint32_t) inet_addr(“10.0.0.100”);
ip_addr_s.s_addr = tuple.v4.src_addr;
ip_addr_d.s_addr = tuple.v4.dst_addr;
tuple_len += 2;
tuple.v4.sport = htobe16(1000);
tuple.v4.dport = htobe16(1000);
tuple_len += 1;
if (tuple_len){
tuple.v4.src_addr = be32toh(tuple.v4.src_addr);
tuple.v4.dst_addr = be32toh(tuple.v4.dst_addr);
tuple.v4.sctp_tag = be32toh(tuple.v4.sctp_tag);
hash = thash_softrss((uint32_t *)&tuple,
tuple_len, default_rss);
}
ip_addr_s.s_addr = htobe32(tuple.v4.src_addr);
ip_addr_d.s_addr = htobe32(tuple.v4.dst_addr);
strcpy(str_s,inet_ntoa(ip_addr_s));
strcpy(str_d,inet_ntoa(ip_addr_d));
printf(“sip: %-14s dip:%-14s sport:%-6d dport:%-6d hash: %x \n”,
str_s,str_d,
tuple.v4.sport,
tuple.v4.dport, hash);
}
return hash;
}
附帶一提, 如果在 Linux 下要修改 hash key . 可以用 ethtool 這個指令, ex:
$ ethtool -X enp5s0f4 hkey 6d:5a:6d:5a:6d:5a:6d:5a:6d:5a:6d:5a:6d:5a:6d:5a:6d:5a:6d:5a:6d:5a:6d:5a:6d:5a:6d:5a:6d:5a:6d:5a:6d:5a:6d:5a:6d:5a:6d:5a |
ref.
Verifying the RSS Hash Calculation : 可以比對計算出是不是正確
Symmetric RSS : 有趣的文章, 提到原來的功能沒有辦法有效的 hash , 將所有的 key 都改 0x6d5a 就可以
Scalable TCP Session Monitoring with Symmetric Receive-side Scaling
Scaling in the Linux Networking Stack
odp_classification.c
Bind Zone Forward
如果有特定的 domain 要指向特定的 Server
這時候就要用 Zone Forward 指令
例如:
zone "subzone.mydns.example.com" { type forward; forwarders { 192.168.0.4; }; }; |
這樣就可以了
ref
How to properly configure BIND forward zone for an internal DNS server?
DNS BIND zone clause
[Gentoo][Linux] Hinet PPPoE IPv6 Dual Stack 設定
自從中研院 Tunnel Broker 因為硬碟壞掉終止服務, Hinet Tunnel Broker 一直斷線根本不能用.
己經很久沒有使用 IPv6 的服務.
前二天聽到 Kenduest Lee 說到 Hinet 光世代 PPPoE 有 IPv6 的服務, 立馬就跑去申請.
Read more »
[Linux] 限制時間上 Facebook
Facebook 花去太多時間, 所以在 Linux 上加了一條 Rule 限制自己
Read more »Strongswan ipsec debug
可以在 runtime 下指令馬上更改 debug command,
# ipsec stroke loglevel ike 2
也可以寫在 ipsec.conf 內.
Read more »
NFS 碰到的怪問題
今天碰到的怪問題.
eth0: 1000 Mbps Full duplex, port 0
ADDRCONF(NETDEV_UP): eth0: link is not ready
ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready
IP-Config: Complete:
device=eth0, addr=10.102.81.59, mask=255.255.255.0, gw=10.102.81.1
host=10.102.81.59, domain=, nis-domain=(none)
bootserver=10.102.81.66, rootserver=10.102.81.66, rootpath=
VFS: Unable to mount root fs via NFS, trying floppy.
VFS: Cannot open root device “nfs” or unknown-block(2,0): error -6
Please append a correct “root=” boot option; here are the available partitions:
首先要在 bootargs 放上nfsrootdebug 參數找出真正的原因, 然後就會出現
ADDRCONF(NETDEV_UP): eth0: link is not ready
ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready
IP-Config: Complete:
device=eth0, addr=10.102.81.59, mask=255.255.255.0, gw=10.102.81.1
host=10.102.81.59, domain=, nis-domain=(none)
bootserver=10.102.81.66, rootserver=10.102.81.66, rootpath=
Root-NFS: nfsroot=/home/work/nfs/fusion.nfsvers=3
NFS: nfs mount opts=’vers=2,udp,rsize=4096,wsize=4096,nolock,addr=10.102.81.66′
NFS: parsing nfs mount option ‘vers=2’
NFS: parsing nfs mount option ‘udp’
NFS: parsing nfs mount option ‘rsize=4096’
NFS: parsing nfs mount option ‘wsize=4096’
NFS: parsing nfs mount option ‘nolock’
NFS: parsing nfs mount option ‘addr=10.102.81.66’
NFS: MNTPATH: ‘/home/work/nfs/fusion.nfsvers=3’
NFS: sending MNT request for 10.102.81.66:/home/work/nfs/fusion.nfsvers=3
NFS: MNT server returned result -13
NFS: unable to mount server 10.102.81.66, error -13
這個問題只要加上 nolock 參數就好了, 所以 nfsroot args 會長的像這樣
mem=512M root=/dev/nfs rw nfsroot=${serverip}:/nfs/fusion,nfsvers=3,nolock ip=${ipaddr}:${serverip}:${gatewayip}:255.255.255.0::eth0:off’
ref: Nfs root
近期留言