海运的博客

此内容被密码保护

发布时间:December 15, 2019 // 分类: // No Comments

请输入密码访问

编译ubuntu/centos内核bbrplus

发布时间:December 14, 2019 // 分类: // 2 Comments

安装编译环境

yum install -y ncurses-devel make gcc bc bison flex elfutils-libelf-devel openssl-devel rpm-build
yum install -y dpkg-dev #生成deb包依赖

ubuntu下:

apt install build-essential libncurses-dev flex bison openssl libssl-dev dkms libelf-dev libudev-dev libpci-dev libiberty-dev autoconf

下载4.14版内核:

wget https://cdn.kernel.org/pub/linux/kernel/v4.x/linux-4.14.158.tar.xz
tar xf linux-4.14.158.tar.xz

patch:

diff -urN aa/include/net/inet_connection_sock.h bb/include/net/inet_connection_sock.h
--- aa/include/net/inet_connection_sock.h       2019-12-14 17:07:48.190502969 +0800
+++ bb/include/net/inet_connection_sock.h       2019-12-14 17:08:06.373215456 +0800
@@ -136,8 +136,8 @@
        } icsk_mtup;
        u32                       icsk_user_timeout;
 
-       u64                       icsk_ca_priv[88 / sizeof(u64)];
-#define ICSK_CA_PRIV_SIZE      (11 * sizeof(u64))
+       u64                       icsk_ca_priv[112 / sizeof(u64)];
+#define ICSK_CA_PRIV_SIZE      (14 * sizeof(u64))
 };
 
 #define ICSK_TIME_RETRANS      1       /* Retransmit timer */
diff -urN aa/net/ipv4/Makefile bb/net/ipv4/Makefile
--- aa/net/ipv4/Makefile        2019-12-14 17:09:40.204731772 +0800
+++ bb/net/ipv4/Makefile        2019-12-14 17:09:47.147621995 +0800
@@ -44,7 +44,7 @@
 obj-$(CONFIG_INET_UDP_DIAG) += udp_diag.o
 obj-$(CONFIG_INET_RAW_DIAG) += raw_diag.o
 obj-$(CONFIG_NET_TCPPROBE) += tcp_probe.o
-obj-$(CONFIG_TCP_CONG_BBR) += tcp_bbr.o
+obj-$(CONFIG_TCP_CONG_BBR) += tcp_bbrplus.o
 obj-$(CONFIG_TCP_CONG_BIC) += tcp_bic.o
 obj-$(CONFIG_TCP_CONG_CDG) += tcp_cdg.o
 obj-$(CONFIG_TCP_CONG_CUBIC) += tcp_cubic.o
diff -urN aa/net/ipv4/tcp_output.c bb/net/ipv4/tcp_output.c
--- aa/net/ipv4/tcp_output.c    2019-12-14 17:08:48.488549518 +0800
+++ bb/net/ipv4/tcp_output.c    2019-12-14 17:08:55.061445594 +0800
@@ -1834,6 +1834,7 @@
 
        return !after(end_seq, tcp_wnd_end(tp));
 }
+EXPORT_SYMBOL(tcp_snd_wnd_test);
 
 /* Trim TSO SKB to LEN bytes, put the remaining data into a new packet
  * which is put after SKB on the list.  It is very much like

下载tcp_bbrplus源码:

wget -P net/ipv4/ https://raw.githubusercontent.com/cx9208/bbrplus/master/tcp_bbrplus.c

打开编译选项并开启编译bbr为模块:

make menuconfig

禁用签名调试:

scripts/config --disable MODULE_SIG
scripts/config --disable DEBUG_INFO

编译内核生成centos rpm或ubuntu deb包,注意如果使用make rpm-pkg则每次编译前会先clean,如果重复编译会很慢!

make binrpm-pkg -j4
make bindeb-pkg -j4 

开启bbrplus:

echo "net.core.default_qdisc=fq" >> /etc/sysctl.conf
echo "net.ipv4.tcp_congestion_control=bbrplus" >> /etc/sysctl.conf
sysctl -p

ubuntu系统禁止更新内核:

for pkg in $(dpkg -l|awk '/linux-(generic|headers|image|libc|modules)/{print $2}');do 
echo $pkg; 
apt-mark hold $pkg;
done

20210102更新:
由于4.14内核过于老旧,新系统使用会出现兼容性问题,且新内核bbr也一直在更新优化,建议下载安装最新的内核使用。
centos安装最新内核方法:https://www.haiyun.me/archives/1139.html
ubuntu安装最新内核方法:https://www.haiyun.me/archives/1344.html
查看指定内核版本的bbr更新状态:
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/log/net/ipv4/tcp_bbr.c?h=v5.10.4
查看ubuntu内核源码bbr更新状态:
https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/focal/log/net/ipv4/tcp_bbr.c?h=Ubuntu-5.4.0-59.65
参考:
https://github.com/cx9208/bbrplus
https://blog.csdn.net/dog250/article/details/80629551

ubuntu更换指定版本内核

发布时间:December 14, 2019 // 分类: // No Comments

选择要下载的内核版本,https://kernel.ubuntu.com/~kernel-ppa/mainline/

cd /tmp
wget https://kernel.ubuntu.com/~kernel-ppa/mainline/v5.10.4/amd64/linux-headers-5.10.4-051004-generic_5.10.4-051004.202012301142_amd64.deb
wget https://kernel.ubuntu.com/~kernel-ppa/mainline/v5.10.4/amd64/linux-headers-5.10.4-051004_5.10.4-051004.202012301142_all.deb
wget https://kernel.ubuntu.com/~kernel-ppa/mainline/v5.10.4/amd64/linux-image-unsigned-5.10.4-051004-generic_5.10.4-051004.202012301142_amd64.deb
wget https://kernel.ubuntu.com/~kernel-ppa/mainline/v5.10.4/amd64/linux-modules-5.10.4-051004-generic_5.10.4-051004.202012301142_amd64.deb
apt install ./linux-*.deb
rm -rf ./linux-*.deb

查看内核顺序,从0开始,如果包含在submenu内,则写上级次序加下级次序,如1>5。

grep  menuentry /boot/grub/grub.cfg

修改默认启动内核,/etc/default/grub:

GRUB_DEFAULT="1>5"

更新grub:

update-grub

dnsporxy自定义edns ip地址补丁

发布时间:December 12, 2019 // 分类: // No Comments

转发解析主函数为Resolve,调用replyFromCache进行edns处理。

diff -urN -x .git dnsproxy/main.go dnsproxy-mod/main.go
--- dnsproxy/main.go    2019-12-12 15:41:28.962196992 +0800
+++ dnsproxy-mod/main.go        2019-12-12 15:46:45.248460512 +0800
@@ -72,6 +72,8 @@
        // Use EDNS Client Subnet extension
        EnableEDNSSubnet bool `long:"edns" description:"Use EDNS Client Subnet extension" optional:"yes" optional-value:"true"`
 
+       EDNSAddr string `long:"ednsaddr" description:"Send EDNS Client Address"`
+
        // Print DNSProxy version (just for the help)
        Version bool `long:"version" description:"Prints the program version"`
 }
@@ -146,6 +148,7 @@
 // createProxyConfig creates proxy.Config from the command line arguments
 func createProxyConfig(options Options) proxy.Config {
        listenIP := net.ParseIP(options.ListenAddr)
+       ednsIP := net.ParseIP(options.EDNSAddr)
        if listenIP == nil {
                log.Fatalf("cannot parse %s", options.ListenAddr)
        }
@@ -166,6 +169,7 @@
                RefuseAny:                options.RefuseAny,
                AllServers:               options.AllServers,
                EnableEDNSClientSubnet:   options.EnableEDNSSubnet,
+               EDNSAddr:                 ednsIP,
        }
 
        if options.Fallbacks != nil {
diff -urN -x .git dnsproxy/proxy/proxy_cache.go dnsproxy-mod/proxy/proxy_cache.go
--- dnsproxy/proxy/proxy_cache.go       2019-12-12 15:41:28.970197100 +0800
+++ dnsproxy-mod/proxy/proxy_cache.go   2019-12-12 15:40:14.297190512 +0800
@@ -10,11 +10,11 @@
 // Get response from general or subnet cache
 // Return TRUE if response is found in cache
 func (p *Proxy) replyFromCache(d *DNSContext) bool {
-       if p.cache == nil {
-               return false
-       }
 
        if !p.Config.EnableEDNSClientSubnet {
+               if p.cache == nil {
+                       return false
+               }
                val, ok := p.cache.Get(d.Req)
                if ok && val != nil {
                        d.Res = val
@@ -31,11 +31,15 @@
        if mask == 0 {
                // Set EDNS Client-Subnet data
                var clientIP net.IP
-               switch addr := d.Addr.(type) {
-               case *net.UDPAddr:
-                       clientIP = addr.IP
-               case *net.TCPAddr:
-                       clientIP = addr.IP
+               if p.Config.EDNSAddr != nil {
+                       clientIP = p.Config.EDNSAddr
+               } else {
+                       switch addr := d.Addr.(type) {
+                       case *net.UDPAddr:
+                               clientIP = addr.IP
+                       case *net.TCPAddr:
+                               clientIP = addr.IP
+                       }
                }
 
                if clientIP != nil && isPublicIP(clientIP) {
diff -urN -x .git dnsproxy/proxy/proxy.go dnsproxy-mod/proxy/proxy.go
--- dnsproxy/proxy/proxy.go     2019-12-12 15:41:28.970197100 +0800
+++ dnsproxy-mod/proxy/proxy.go 2019-12-12 14:09:50.799051551 +0800
@@ -120,6 +120,7 @@
        // We store these responses in general cache (without subnet)
        //  so they will never be used for clients with public IP addresses.
        EnableEDNSClientSubnet bool
+       EDNSAddr               net.IP // ECS IP used in request
 
        CacheEnabled   bool // cache status
        CacheSizeBytes int  // Cache size (in bytes). Default: 64k

注意:未开启edns时,客户端使用edns也可以转发,但是如果同个域名有缓存带不带edns返回的结果都相同
https://github.com/AdguardTeam/dnsproxy

diff制作补丁及patch打补丁

发布时间:December 12, 2019 // 分类: // No Comments

diff -urN  dnsproxy dnsproxy-new/ -x .git > dns.patch
#-x排除目录

应用补丁:

cd dnsproxy 
patch -p1 < dns.patch 
#复制粘贴的patch文件使用 
patch --ignore-whitespace -p1 < dns.patch 
分类
最新文章
最近回复
  • spartan2: https://dashboard.hcaptcha.com/welcome_accessib...
  • 海运: 应该能,在购买页面先手工跳过cf机器验证,后续一定时间内不更换ip应该不会再次验证。
  • spartan: 大佬斯巴达开启了CF的机器识别验证,请问插件能自动跳过吗? 另外这个脚本有没有简单使用说明,新...
  • vincent: 膜拜大佬
  • 海运: proxy-header或proxy_protocol
  • liangjw: 如果是 内部调用 或者 中间存在 代理 而上一个代理又在内网 ,那怎么处理来自代理私有IP?
  • chainofhonor: 感谢,用dnsmasq设置自动判断BIOS和UEFI成功了
  • 海运: 不好意思,这个是很多年前的,现在也许已经不适用,我现在也不用多线了。
  • CQ: -m state --state NEW 替换成-m conntrack --ctstate NEW
  • CQ: 你好,我入站已经成功分流,但是不知道出站怎么设置,PREROUTING替换成POSTROUTI...