发布于2019的文章

Sep 19

一直更新记录吧,老了记性太差了。 :sad: :sad: :sad:

#强化随机熵
sudo apt install haveged

#开启 bbr
sudo nano /etc/sysctl.conf

net.core.default_qdisc = fq
net.ipv4.tcp_congestion_control = bbr

sudo sysctl -p

#shadowsocks offcial tweak
sudo nano /etc/sysctl.conf

# max open files
fs.file-max = 51200
# max read buffer
net.core.rmem_max = 67108864
# max write buffer
net.core.wmem_max = 67108864
# default read buffer
net.core.rmem_default = 65536
# default write buffer
net.core.wmem_default = 65536
# max processor input queue
net.core.netdev_max_backlog = 4096
# max backlog
net.core.somaxconn = 4096

# resist SYN flood attacks
net.ipv4.tcp_syncookies = 1
# reuse timewait sockets when safe
net.ipv4.tcp_tw_reuse = 1
# turn off fast timewait sockets recycling
net.ipv4.tcp_tw_recycle = 0
# short FIN timeout
net.ipv4.tcp_fin_timeout = 30
# short keepalive time
net.ipv4.tcp_keepalive_time = 1200
# outbound port range
net.ipv4.ip_local_port_range = 10000 65000
# max SYN backlog
net.ipv4.tcp_max_syn_backlog = 4096
# max timewait sockets held by system simultaneously
net.ipv4.tcp_max_tw_buckets = 5000
# turn on TCP Fast Open on both client and server side
net.ipv4.tcp_fastopen = 3
# TCP receive buffer
net.ipv4.tcp_rmem = 4096 87380 67108864
# TCP write buffer
net.ipv4.tcp_wmem = 4096 65536 67108864
# turn on path MTU discovery
net.ipv4.tcp_mtu_probing = 1

# for high-latency network
net.ipv4.tcp_congestion_control = hybla

# for low-latency network, use cubic instead
# net.ipv4.tcp_congestion_control = cubic

# for 4.9+
# net.ipv4.tcp_congestion_control = bbr

sudo vim /etc/security/limits.conf

* soft nofile 81920
* hard nofile 81920
www-data soft nofile 81920
www-data hard nofile 81920
root soft nofile 81920
root hard nofile 81920

sudo nano/etc/pam.d/common-session

session required pam_limits.so

#给予程序监听底端口权限
sudo setcap CAP_NET_BIND_SERVICE=+eip /usr/local/sbin/overture
sudo setcap CAP_NET_BIND_SERVICE=+eip /usr/local/bin/caddy

#ubuntu 允许所有进出站
sudo iptables -P INPUT ACCEPT
sudo iptables -P FORWARD ACCEPT
sudo iptables -P OUTPUT ACCEPT
sudo iptables -F
sudo netfilter-persistent save
sudo systemctl restart netfilter-persistent

#启用 rc.local
sudo nano /etc/systemd/system/rc-local.service

[Unit]
Description=/etc/rc.local Compatibility
ConditionPathExists=/etc/rc.local
[Service]
Type=forking
ExecStart=/etc/rc.local start
TimeoutSec=0
StandardOutput=tty
RemainAfterExit=yes
SysVStartPriority=99
[Install]
WantedBy=multi-user.target

printf '%s\n' '#!/bin/bash' 'exit 0' | sudo tee -a /etc/rc.local
sudo chmod +x /etc/rc.local
sudo systemctl enable rc-local
sudo systemctl start rc-local.service
sudo systemctl status rc-local.service

#改 DNS
sudo nano /etc/netplan/50-cloud-init.yaml

nameservers:
addresses: [8.8.8.8, 8.8..4.4]
addresses: [1.1.1.1, 1.0.0.1]

sudo netplan apply or sudo netplan --debug apply

Tags: , ,

Sep 18

申请见: 申请 Oracle Cloud 永久免费服务 + 300 美元试用额度,不过文中 SSH 有错误,创建实例的时候需要贴入生成的公匙,私匙用来在客户端登陆。

测试结果,可用度不高。 :roll: :roll: :roll:

2019-09-18_001233.jpg

Tags: , ,

Sep 16

Maximum Wan->Lan throughput:

RT-N16 without bcm_nat ~100-120Mbps
RT-N16 with bcm_nat ~ 170Mbps
RT-N66U/AC66u without bcm_nat ~240Mbps
RT-N66U/AC66u with bcm_nat ~320Mbps
RT-N18u/AC56u/AC68u without CTF ~330Mbps
RT-N18u/AC56u/AC68u with CTF ~600Mbps
R7000 without CTF ~410Mbps
R7000 with CTF ~950Mbps

but if you load CPU by any others services then throughput will be much lower. USB support is the most
aggravating CPU service. And it`s not samba/ftp/torrents only. Also if you have syslog/bw monitor/etc stored in USB device, then it also load CPU.


Sep 14

先看这个脚本:

#!/bin/bash
alias elog="logger -t $0 -s"
elog() {
    logger -t $0 -s "$@"
}
elog "hahahaha"
test123(){
    elog "i am in function!"
}
test123

运行后提示:

elog: command not found

如果换成 #!/bin/sh 则无问题:

#!/bin/sh
alias elog="logger -t $0 -s"
elog() {
    logger -t $0 -s "$@"
}
elog "hahahaha"
test123(){
    elog "i am in function!"
}
test123

执行后:

<13>Sep 14 11:59:48 /root/init.d/testme: hahahaha
<13>Sep 14 11:59:48 /root/init.d/testme: i am in function!

参考:Execute a passed alias inside a function?

Aliases are expanded when a command is read, not when it is executed. Therefore, an alias definition appearing on the same line as another command does not take effect until the next line of input is read. The commands following the alias definition on that line are not affected by the new alias. This behavior is also an issue when functions are executed. Aliases are expanded when a function definition is read, not when the function is executed, because a function definition is itself a compound command. As a consequence, aliases defined in a function are not available until after that function is executed. To be safe, always put alias definitions on a separate line, and do not use alias in compound commands.

修改为:(函数形式)

#!/bin/bash
elog() {
    logger -t $0 -s "$@"
}
elog "hahahaha"
test123(){
    elog "i am in function!"
}
test123

可行。 :roll: :roll: :roll:

再参考:Linux 环境中 alias 不生效问题

Tags: , , ,

Sep 13

Overture 自 1.5rc4 开始默认使用正则来匹配域名列表,这直接导致运行在路由器上的实例性能骤降。

以 Asus RT-AC68P 为例,在启用 gfwlistdnsmasq-china-list 后,使用默认的 regex-list 匹配方式:

"DomainFile": {
"Primary": "/opt/etc/chinalist",
"Alternative": "/opt/etc/gfwlist",
"Matcher": "regex-list"
}

查询境外网站的时间由几百毫秒(300~800ms)飙升到 1.2 秒,国内网站则因为有 chinaroute 的 IPNetworkFile 规则在先而不受影响。

把 Matcher 改为 "full-map", "suffix-tree", "full-list" (性能影响依次递增)可在单次 dig 查询下缓解这一现象,但是用 D-N-SPerf 做压力测试时,与取消 DomainFile.Matcher 相比,仍然急剧的体现出性能下降,Overture 的每秒查询能力由 300 次骤降到 40 次

所以在路由器上使用 Overture 1.5rc4+ 版本只做解毒用途,而且带机较多的情况下,建议关闭 DomainFile.Matcher,也就是把这两个文件置空。范例:(empty 为空文本文件)

"IPNetworkFile": {
"Primary": "/opt/etc/chinaroute",
"Alternative": "/opt/etc/empty"
},
"DomainFile": {
"Primary": "/opt/etc/empty",
"Alternative": "/opt/etc/empty",
"Matcher": "full-map"
}

2019-09-15 追加,暂时不要用 suffix-tree 匹配模式,有 Bug!无论域名文件是否为空,总会使用主 DNS 查询!

https://github.com/shawn1m/overture/issues/172


[1/8]  1 2 3 4 5 6 7 8 > ... »