发布时间:December 16, 2019 // 分类: // 2 Comments
dnsmasq最新版本2.80增加了指定域名返回空的选项,通过此可以过滤ipv6查询:
#所有com域名禁止ipv6查询
server=/com/8.8.8.8
address=/com/::
#所有域名过滤ipv6查询
server=/#/8.8.8.8
address=/#/::dnsmasq 2.78版本可使用此patch过滤ipv6 aaaa查询。
https://github.com/flyinprogrammer/dnsmasq-alpine-docker
unbound过滤ipv6见:
https://www.haiyun.me/archives/1303.html
https://discourse.pi-hole.net/t/solved-disable-aaaa-response-for-a-given-domain/13143
http://www.thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html
http://www.thekelleys.org.uk/dnsmasq/CHANGELOG
发布时间:December 16, 2019 // 分类: // No Comments
交叉编译环境配置,使用PandoraBox提供的SDK:
apt install build-essential -y
wget https://downloads.pangubox.com/pandorabox/18.10/targets/ralink/mt7621/PandoraBox-SDK-ralink-mt7621_gcc-5.5.0_uClibc-1.0.x.Linux-x86_64.tar.xz
tar xf PandoraBox-SDK-ralink-mt7621_gcc-5.5.0_uClibc-1.0.x.Linux-x86_64.tar.xz
mv PandoraBox-SDK-ralink-mt7621_gcc-5.5.0_uClibc-1.0.x.Linux-x86_64 PandoraBox
export STAGING_DIR=/root/PandoraBox/staging_dir/
export PKG_CONFIG_PATH=/root/PandoraBox/staging_dir/target-mipsel_1004kc+dsp_uClibc-1.0.x/usr/lib/pkgconfig/
export PATH=$PATH:/root/PandoraBox/staging_dir/toolchain-mipsel_1004kc+dsp_gcc-5.5.0_uClibc-1.0.x/bin/
export CC=mipsel-openwrt-linux-gcc
export RANLIB=mipsel-openwrt-linux-ranlib
export AR=mipsel-openwrt-linux-ar
export LD=mipsel-openwrt-linux-ld潘多拉SDK自带openssl版本为1.1.0,为使用tls1.3编译安装最新版openssl1.1.1:
wget https://www.openssl.org/source/openssl-1.1.1d.tar.gz
tar zxvf openssl-1.1.1d.tar.gz
./config no-asm shared --prefix=/usr/local/openssl-mipsel
sed -i 's/-m64//g' Makefile
make && make install编译smartdns:
git clone https://github.com/pymumu/smartdns.git
cd smartdns/src/
CFLAGS=-I/usr/local/openssl-mipsel/include/ LDFLAGS=-L/usr/local/openssl-mipsel/lib/ make
#不额外安装openssl,使用sdk自带的openssl
#CFLAGS=-I/root/PandoraBox/staging_dir/target-mipsel_1004kc+dsp_uClibc-1.0.x/usr/include/ LDFLAGS=-L/root/PandoraBox/staging_dir/target-mipsel_1004kc+dsp_uClibc-1.0.x/usr/lib/ make静态编译包含openssl,修改Makefile:
ifeq ($(STATIC), yes)
LDFLAGS += -Wl,-dn -lssl -lcrypto -Wl,-dy -lpthread -ldl -lc -lgcc_eh
#LDFLAGS += -Wl,-dn -lssl -lcrypto -Wl,-dy,--whole-archive -lpthread -Wl,--no-whole-archive -ldl -lc -lgcc_eh静态编译:
STATIC=yes CFLAGS=-I/usr/local/openssl-mipsel/include/ LDFLAGS=-L/usr/local/openssl-mipsel/lib/ make 如果以非root运行smartdns且使用ping测速,需设置cap_net_raw,不然不能发送icmp ping:
#setcap cap_net_raw+eip /usr/local/bin/smartdns
#cap_net_bind_service允许非root监听53端口,ipset需要cap_net_admin权限
setcap cap_net_bind_service,cap_net_raw,cap_net_admin=+eip /usr/local/bin/smartdns或直接使用systemd:
AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW由于使用静态编译openssl1.1文件较大,不使用tls1.3可使用自带的openssl1.0动态编译:
CFLAGS=-I/root/PandoraBox/staging_dir/target-mipsel_1004kc+dsp_uClibc-1.0.x/usr/include/ LDFLAGS=-L/root/PandoraBox/staging_dir/target-mipsel_1004kc+dsp_uClibc-1.0.x/usr/lib/ make参考:
https://www.boris1993.com/linux/allow-non-root-process-to-bind-low-numbered-ports.html
发布时间:December 14, 2019 // 分类: // 2 Comments
安装编译环境
yum install -y ncurses-devel make gcc bc bison flex elfutils-libelf-devel openssl-devel rpm-build
yum install -y dpkg-dev #生成deb包依赖ubuntu下:
apt install build-essential libncurses-dev flex bison openssl libssl-dev dkms libelf-dev libudev-dev libpci-dev libiberty-dev autoconf下载4.14版内核:
wget https://cdn.kernel.org/pub/linux/kernel/v4.x/linux-4.14.158.tar.xz
tar xf linux-4.14.158.tar.xzpatch:
diff -urN aa/include/net/inet_connection_sock.h bb/include/net/inet_connection_sock.h
--- aa/include/net/inet_connection_sock.h 2019-12-14 17:07:48.190502969 +0800
+++ bb/include/net/inet_connection_sock.h 2019-12-14 17:08:06.373215456 +0800
@@ -136,8 +136,8 @@
} icsk_mtup;
u32 icsk_user_timeout;
- u64 icsk_ca_priv[88 / sizeof(u64)];
-#define ICSK_CA_PRIV_SIZE (11 * sizeof(u64))
+ u64 icsk_ca_priv[112 / sizeof(u64)];
+#define ICSK_CA_PRIV_SIZE (14 * sizeof(u64))
};
#define ICSK_TIME_RETRANS 1 /* Retransmit timer */
diff -urN aa/net/ipv4/Makefile bb/net/ipv4/Makefile
--- aa/net/ipv4/Makefile 2019-12-14 17:09:40.204731772 +0800
+++ bb/net/ipv4/Makefile 2019-12-14 17:09:47.147621995 +0800
@@ -44,7 +44,7 @@
obj-$(CONFIG_INET_UDP_DIAG) += udp_diag.o
obj-$(CONFIG_INET_RAW_DIAG) += raw_diag.o
obj-$(CONFIG_NET_TCPPROBE) += tcp_probe.o
-obj-$(CONFIG_TCP_CONG_BBR) += tcp_bbr.o
+obj-$(CONFIG_TCP_CONG_BBR) += tcp_bbrplus.o
obj-$(CONFIG_TCP_CONG_BIC) += tcp_bic.o
obj-$(CONFIG_TCP_CONG_CDG) += tcp_cdg.o
obj-$(CONFIG_TCP_CONG_CUBIC) += tcp_cubic.o
diff -urN aa/net/ipv4/tcp_output.c bb/net/ipv4/tcp_output.c
--- aa/net/ipv4/tcp_output.c 2019-12-14 17:08:48.488549518 +0800
+++ bb/net/ipv4/tcp_output.c 2019-12-14 17:08:55.061445594 +0800
@@ -1834,6 +1834,7 @@
return !after(end_seq, tcp_wnd_end(tp));
}
+EXPORT_SYMBOL(tcp_snd_wnd_test);
/* Trim TSO SKB to LEN bytes, put the remaining data into a new packet
* which is put after SKB on the list. It is very much like下载tcp_bbrplus源码:
wget -P net/ipv4/ https://raw.githubusercontent.com/cx9208/bbrplus/master/tcp_bbrplus.c打开编译选项并开启编译bbr为模块:
make menuconfig禁用签名调试:
scripts/config --disable MODULE_SIG
scripts/config --disable DEBUG_INFO编译内核生成centos rpm或ubuntu deb包,注意如果使用make rpm-pkg则每次编译前会先clean,如果重复编译会很慢!
make binrpm-pkg -j4
make bindeb-pkg -j4 开启bbrplus:
echo "net.core.default_qdisc=fq" >> /etc/sysctl.conf
echo "net.ipv4.tcp_congestion_control=bbrplus" >> /etc/sysctl.conf
sysctl -pubuntu系统禁止更新内核:
for pkg in $(dpkg -l|awk '/linux-(generic|headers|image|libc|modules)/{print $2}');do
echo $pkg;
apt-mark hold $pkg;
done20210102更新:
由于4.14内核过于老旧,新系统使用会出现兼容性问题,且新内核bbr也一直在更新优化,建议下载安装最新的内核使用。
centos安装最新内核方法:https://www.haiyun.me/archives/1139.html
ubuntu安装最新内核方法:https://www.haiyun.me/archives/1344.html
查看指定内核版本的bbr更新状态:
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/log/net/ipv4/tcp_bbr.c?h=v5.10.4
查看ubuntu内核源码bbr更新状态:
https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/focal/log/net/ipv4/tcp_bbr.c?h=Ubuntu-5.4.0-59.65
参考:
https://github.com/cx9208/bbrplus
https://blog.csdn.net/dog250/article/details/80629551
发布时间:December 14, 2019 // 分类: // No Comments
选择要下载的内核版本,https://kernel.ubuntu.com/~kernel-ppa/mainline/
cd /tmp
wget https://kernel.ubuntu.com/~kernel-ppa/mainline/v5.10.4/amd64/linux-headers-5.10.4-051004-generic_5.10.4-051004.202012301142_amd64.deb
wget https://kernel.ubuntu.com/~kernel-ppa/mainline/v5.10.4/amd64/linux-headers-5.10.4-051004_5.10.4-051004.202012301142_all.deb
wget https://kernel.ubuntu.com/~kernel-ppa/mainline/v5.10.4/amd64/linux-image-unsigned-5.10.4-051004-generic_5.10.4-051004.202012301142_amd64.deb
wget https://kernel.ubuntu.com/~kernel-ppa/mainline/v5.10.4/amd64/linux-modules-5.10.4-051004-generic_5.10.4-051004.202012301142_amd64.deb
apt install ./linux-*.deb
rm -rf ./linux-*.deb查看内核顺序,从0开始,如果包含在submenu内,则写上级次序加下级次序,如1>5。
grep menuentry /boot/grub/grub.cfg修改默认启动内核,/etc/default/grub:
GRUB_DEFAULT="1>5"更新grub:
update-grub