kk Blog —— 通用基础


date [-d @int|str] [+%s|"+%F %T"]
netstat -ltunp

vpn

方案一

client —– xor;drop —-> hongkong(squid) ———–> server

方案二

client —– xor;drop —-> guangzhou(squid) —– xor;drop;icmp+mss —–> hongkong(squid) ———> server

squid

icmp

有些时候client和hongkong之间能够ping通,但是tcp就是不通,全被丢弃了,这时需要方案二。

client 和 squid 之间不好使用icmp,因为client大都是在NAT后面,主动发起的icmp能通,但被动的请求进不来。这时需要加上guangzhou中间节点

mss

为了加icmp头,需要减少TCP_MSS。

xor

drop: 丢弃异常reset、fin等包。

通过web,实现跨平台随时随地购买使用

购买CVM

脚本购买CVM

web购买CVM:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="viewport" content="width=device-width,minimum-scale=1.0,maximum-scale=1.0,user-scalable=no"/>
<meta name="MobileOptimized" content="320">
<meta name="format-detection" content="telephone=no">
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">

<!DOCTYPE html>
<html>
<head>
	<title>proxy</title>
</head>
<body>

<?php
	$region = "hk";
	if (isset($_GET['region']))
		$region = $_GET['region'];
	$count = "0";
	if (isset($_GET['count']))
		$count = $_GET['count'];
?>
<form action="index.php" method="get">
<input name="region" value="<?php echo $region; ?>" style="width:100px">
<input name="count" value="0" style="width:100px">
<input class="submit" type="submit" value="创建">
</form>
<?php
	$cmd = "python CVM.py $region $count";

	echo date("Y-m-d H:i:s") . " " . $cmd;
	echo "</br><br>";

	exec($cmd);

	if (filesize("show.log") > 0) {
		$myfile = fopen("show.log", "r");
		echo fread($myfile, filesize("show.log"));
		fclose($myfile);
	}
?>
</body>
</html>

web配置cache_peer, 方案二中的guangzhou才需要

cachemgr.cgi 没找到接口,可惜

填写 IP
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="viewport" content="width=device-width,minimum-scale=1.0,maximum-scale=1.0,user-scalable=no"/>
<meta name="MobileOptimized" content="320">
<meta name="format-detection" content="telephone=no">
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">

<!DOCTYPE html>
<html>
<head>
	<title>squid</title>
</head>
<body>

<?php
	$up = "";
	if (isset($_GET['up']))
		$up = $_GET['up'];
?>
<form action="squid.php" method="get">
<input name="up" value="<?php echo $up; ?>" style="width:200px">
<input class="submit" type="submit" value="更新">
</form>
<?php

	echo date("Y-m-d H:i:s");
	echo "</br><br>";

	if (strlen($up) > 3 && strlen($up) < 128) {
		$myfile = fopen("squid.log", "w");
		fwrite($myfile, $up . " up.com\n");
		fclose($myfile);
	}
	$myfile = fopen("squid.log", "r");
	echo fread($myfile, filesize("squid.log"));
	fclose($myfile);
?>
</body>
</html>
刷新squid
1
2
3
4
5
6
7
8
9
10
11
12
# */1 * * * * cd /var/www/html/; /var/www/html/squid.sh
# */1 * * * * sleep 30; cd /var/www/html/; /var/www/html/squid.sh
# chown -R www-data:www-data ../html/
cat /etc/hosts | grep up.com > hosts_tmp
diff hosts_tmp squid.log > /dev/null
if [ $? -eq 0 ]; then exit; fi

cat /etc/hosts | grep -v up.com > hosts
cat squid.log >> hosts 
cp hosts /etc/

/usr/sbin/squid -k reconfigure -f /root/squid/squid.conf

skb 数据异或

skb 数据异或,可以改进成单独的option

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
diff --git a/run.sh b/run.sh
index 138e664..0eb5286 100755
--- a/run.sh
+++ b/run.sh
@@ -19,3 +19,4 @@ echo 10000 > /proc/sys/net/tcp/digest/digest_err_retry
 echo 0 > /proc/sys/net/ipv4/tcp_timestamps # for mptcp+digest
 
 echo 0 > /proc/sys/net/tcp/mss_adjust
+echo 0 > /proc/sys/net/tcp/digest/digest_xor
diff --git a/src/4.15.18/tcp_ipv4.c b/src/4.15.18/tcp_ipv4.c
index b1b5c9d..b94ba6e 100644
--- a/src/4.15.18/tcp_ipv4.c
+++ b/src/4.15.18/tcp_ipv4.c
@@ -1848,6 +1848,12 @@ int tcp_v4_rcv(struct sk_buff *skb)
  th = (const struct tcphdr *)skb->data;
  iph = ip_hdr(skb);
 
+ if (digest_xor && digest_skb_check(NULL, NULL, skb, 0) != 0) {
+     int idx = 0;
+     skb->ip_summed = CHECKSUM_UNNECESSARY;
+     skb_change_bits(skb, th->doff * 4, skb->len - th->doff * 4, &idx);
+ }
+
 lookup:
  sk = __inet_lookup_skb(&tcp_hashinfo, skb, __tcp_hdrlen(th), th->source,
                 th->dest, sdif, &refcounted);
diff --git a/src/4.15.18/tcp_ipv6.c b/src/4.15.18/tcp_ipv6.c
index 3e27967..e975356 100644
--- a/src/4.15.18/tcp_ipv6.c
+++ b/src/4.15.18/tcp_ipv6.c
@@ -1619,6 +1619,12 @@ int tcp_v6_rcv(struct sk_buff *skb)
  th = (const struct tcphdr *)skb->data;
  hdr = ipv6_hdr(skb);
 
+ if (digest_xor && digest_skb_check(NULL, NULL, skb, 0) != 0) {
+     int idx = 0;
+     skb->ip_summed = CHECKSUM_UNNECESSARY;
+     skb_change_bits(skb, th->doff * 4, skb->len - th->doff * 4, &idx);
+ }
+
 lookup:
  sk = __inet6_lookup_skb(&tcp_hashinfo, skb, __tcp_hdrlen(th),
              th->source, th->dest, inet6_iif(skb), sdif,
diff --git a/src/4.15.18/tcp_output.c b/src/4.15.18/tcp_output.c
index dab8703..f766ff4 100644
--- a/src/4.15.18/tcp_output.c
+++ b/src/4.15.18/tcp_output.c
@@ -1118,6 +1118,9 @@ static int __tcp_transmit_skb(struct sock *sk, struct sk_buff *skb,
      oskb = skb;
 
      tcp_skb_tsorted_save(oskb) {
+         if (digest_xor)
+             skb = skb_copy(oskb, gfp_mask);
+         else
          if (unlikely(skb_cloned(oskb)))
              skb = pskb_copy(oskb, gfp_mask);
          else
@@ -1264,6 +1267,13 @@ static int __tcp_transmit_skb(struct sock *sk, struct sk_buff *skb,
      sk_nocaps_add(sk, NETIF_F_GSO_MASK);
 
      merge = !(tcb->tcp_flags & TCPHDR_SYN);
+
+     if (digest_xor) {
+         int idx = 0;
+         skb_change_bits(skb, tcp_header_size, skb->len - tcp_header_size, &idx);
+         skb->ip_summed = CHECKSUM_NONE;
+         skb->csum = skb_checksum(skb, tcp_header_size, skb->len - tcp_header_size, 0);
+     }
  }
 
  tcp_options_write((__be32 *)(th + 1), tp, &opts, skb, merge);
@@ -3122,6 +3132,9 @@ int __tcp_retransmit_skb(struct sock *sk, struct sk_buff *skb, int segs)
      struct sk_buff *nskb;
 
      tcp_skb_tsorted_save(skb) {
+         if (digest_xor)
+             nskb = skb_copy(skb, GFP_ATOMIC);
+         else
          nskb = __pskb_copy(skb, MAX_TCP_HEADER, GFP_ATOMIC);
          err = nskb ? tcp_transmit_skb(sk, nskb, 0, GFP_ATOMIC) :
                   -ENOBUFS;
diff --git a/src/digest_core.c b/src/digest_core.c
index 54af869..50840b1 100644
--- a/src/digest_core.c
+++ b/src/digest_core.c
@@ -419,9 +419,106 @@ out:
  return 0;
 }
 
+
+int digest_xor = 0;
+unsigned char MY_XOR[65536];
+
+int __skb_change_bits(unsigned char *from, int len, int *idx)
+{
+ int i;
+ for (i = 0; i < len; i ++) {
+     *(from + i) ^= MY_XOR[*idx];
+     *idx = *idx + 1;
+ }
+ return 0;
+}
+
+int skb_change_bits(struct sk_buff *skb, int offset, int len, int *idx)
+{
+ int start = skb_headlen(skb);
+ struct sk_buff *frag_iter;
+ int i, copy;
+
+ if (offset > (int)skb->len - len)
+     goto fault;
+
+ /* Copy header. */
+ if ((copy = start - offset) > 0) {
+     if (copy > len)
+         copy = len;
+     // skb_copy_from_linear_data_offset(skb, offset, to, copy);
+     __skb_change_bits(skb->data + offset, copy, idx);
+     if ((len -= copy) == 0)
+         return 0;
+     offset += copy;
+ }
+
+ for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) {
+     int end;
+     skb_frag_t *f = &skb_shinfo(skb)->frags[i];
+
+     WARN_ON(start > offset + len);
+
+     end = start + skb_frag_size(f);
+     if ((copy = end - offset) > 0) {
+         u32 p_off, p_len, copied;
+         struct page *p;
+         u8 *vaddr;
+
+         if (copy > len)
+             copy = len;
+
+#if LINUX_VERSION_CODE > KERNEL_VERSION(4, 0, 0)
+         skb_frag_foreach_page(f,
+                       f->page_offset + offset - start,
+                       copy, p, p_off, p_len, copied) {
+             vaddr = kmap_atomic(p);
+             //memcpy(to + copied, vaddr + p_off, p_len);
+             __skb_change_bits(vaddr + p_off, p_len, idx);
+             kunmap_atomic(vaddr);
+         }
+#else
+         vaddr = kmap_atomic(skb_frag_page(f));
+         __skb_change_bits(vaddr + f->page_offset + offset - start, copy, idx);
+         kunmap_atomic(vaddr);
+#endif
+
+         if ((len -= copy) == 0)
+             return 0;
+         offset += copy;
+     }
+     start = end;
+ }
+
+ skb_walk_frags(skb, frag_iter) {
+     int end;
+
+     WARN_ON(start > offset + len);
+
+     end = start + frag_iter->len;
+     if ((copy = end - offset) > 0) {
+         if (copy > len)
+             copy = len;
+         if (skb_change_bits(frag_iter, offset - start, copy, idx))
+             goto fault;
+         if ((len -= copy) == 0)
+             return 0;
+         offset += copy;
+     }
+     start = end;
+ }
+
+ if (!len)
+     return 0;
+
+fault:
+ return -EFAULT;
+}
+
+
 int digest_init(void)
 {
  int ret;
+ int i;
+ unsigned long int next = 1;
+ for (i = 0; i < 65536; i ++) {
+     next = next * 2 + 1; // TODO
+     MY_XOR[i] = next % 251;
+ }
 
  ret = digest_trace_init();
  if (ret) {
diff --git a/src/digest_core.h b/src/digest_core.h
index 007628c..3ba8c80 100644
--- a/src/digest_core.h
+++ b/src/digest_core.h
@@ -79,6 +79,8 @@ extern atomic_t digest_trace_head_num;
 extern atomic_t digest_trace_free_num;
 extern int digest_trace_log_total;
 
+extern int digest_xor;
+
 extern atomic64_t digest_current, digest_total1, digest_total2, digest_drop_total;
 extern atomic64_t digest_drop_connect;
 
diff --git a/src/digest_sysctl.c b/src/digest_sysctl.c
index 27adfa3..3bfe0ae 100644
--- a/src/digest_sysctl.c
+++ b/src/digest_sysctl.c
@@ -478,6 +478,13 @@ static struct ctl_table digest_sysctl_table[] = {
      .mode = 0644,
      .proc_handler = digest_trace_show_handler,
  },
+ {
+     .procname = "digest_xor",
+     .data = &digest_xor,
+     .maxlen = sizeof(int),
+     .mode = 0644,
+     .proc_handler = proc_dointvec
+ },
  {}
 };

MPTCP sched

1
2
3
4
5
$ git grep mptcp_register_scheduler net/mptcp/
net/mptcp/mptcp_blest.c:        if (mptcp_register_scheduler(&mptcp_sched_blest))
net/mptcp/mptcp_redundant.c:    if (mptcp_register_scheduler(&mptcp_sched_red))
net/mptcp/mptcp_rr.c:   if (mptcp_register_scheduler(&mptcp_sched_rr))
net/mptcp/mptcp_sched.c:int mptcp_register_scheduler(struct mptcp_sched_ops *sched)

blest

redundant

rr

MPTCP cong

不设置时,默认的就是cubic

1
2
3
4
5
6
$ git grep tcp_congestion_ops net/mptcp/
net/mptcp/mctcp_desync.c:static struct tcp_congestion_ops mctcp_desync = {
net/mptcp/mptcp_balia.c:static struct tcp_congestion_ops mptcp_balia = {
net/mptcp/mptcp_coupled.c:static struct tcp_congestion_ops mptcp_ccc = {
net/mptcp/mptcp_olia.c:static struct tcp_congestion_ops mptcp_olia = {
net/mptcp/mptcp_wvegas.c:static struct tcp_congestion_ops mptcp_wvegas __read_mostly = {

desync

balia

ccc

olia

wvegas

MPTCP pm

https://www.cnblogs.com/fenglt/p/8570343.html

http://www.doc88.com/p-2354903996876.html

1
2
3
4
5
6
$ git grep mptcp_register_path_manager net/
net/mptcp/mptcp_binder.c:       if (mptcp_register_path_manager(&binder))
net/mptcp/mptcp_fullmesh.c:     ret = mptcp_register_path_manager(&full_mesh);
net/mptcp/mptcp_ndiffports.c:   if (mptcp_register_path_manager(&ndiffports))
net/mptcp/mptcp_netlink.c:      ret = mptcp_register_path_manager(&mptcp_nl_pm_ops);
net/mptcp/mptcp_pm.c:int mptcp_register_path_manager(struct mptcp_pm_ops *pm)

fullmesh

两边IP都会建连,即建立 n*m 条连接

IP查看 cat /proc/net/mptcp_fullmesh

ndiffports 两边只在一组IP上建立多条连接。

1
2
echo ndiffports > /proc/sys/net/mptcp/mptcp_path_manager
echo 5 > /sys/module/mptcp_ndiffports/parameters/num_subflows # 总共建5条,即额外再建4条

netlink

通过genetlink和应用层交互,在应用层实现pm功能。

binder

将松散源路由(Loose Source and Record Routing, LSRR)选项添加到MPTCP,以确保MPTCP子流使用所有可用网关,即采用LSRR分发子流的数据包。Binder路径管理算法允许用户终端设备从网关直接获得更高的网络吞吐量,而不需要进行任何修改,可用图a和b谁明其工作原理。理论上,只有在网络中设置了LSRR选项,才能使其B>0,从而使得Binder路径管理算法发挥良好效果。

松散源路由:允许相邻两个IP地址之间跳过多个网络。

通俗解释:发送端指明了流量或者数据包必须经过的IP地址清单,但如果需要,也可以经过一些其他的地址。换句话说,不用考虑数据包经过的确切地址,只要它经过这些地址就可以。