grep IPV6 /boot/config-`uname -r`
CONFIG_IPV6=m
lsmod |grep ipv6
ipv6 331253 3 ib_ipoib,rdma_cm,ib_core
cat /sys/module/ipv6/parameters/autoconf
1(此处为生效值)
cat /sys/module/ipv6/parameters/disable
1(此处为生效值)
cat /sys/module/ipv6/parameters/disable_ipv6
0(此处为生效值)
modinfo ipv6
filename: /lib/modules/3.10.0_3-0-0-17/kernel/net/ipv6/ipv6.ko
alias: net-pf-10
license: GPL
description: IPv6 protocol stack for Linux
author: Cast of dozens
rhelversion: 7.2
depends:
intree: Y
vermagic: 3.10.0_3-0-0-17 SMP mod_unload
parm: disable:Disable(此处为默认值) IPv6 module such that it isnon-functional (int)
parm: disable_ipv6:Disable(此处为默认值) IPv6 on all interfaces(int)
parm: autoconf:Enable(此处为默认值) IPv6 address autoconfigurationon all interfaces (int)
1. cat << EOF >> /etc/modprobe.d/ipv6.conf
options ipv6 disable=0
EOF
2. reboot
1. vim /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE="eth0"
HWADDR=e4:3d:1a:1f:40:1e
BOOTPROTO="static"
IPADDR="10.81.76.141"
NETMASK="255.255.255.192"
ONBOOT="yes"
IPV6INIT=yes (是否开机启用IPV6地址)
IPV6_AUTOCONFI=no (是否使用IPV6地址的自动配置)
IPV6ADDR=240c:4044:1204:1303:c282:a7ff:ad3c:6b06 (IPV6地址)
IPV6DEFAULTGW=240c:4044:1204:1300::defa (IPV6地址网关)
2. service network restart
1.只处理目的ip属于当前网卡的arp请求,其他arp请求直接丢弃
sysctl -w net.ipv4.conf.all.arp_ignore=1
2.选择最优的arp源IP
sysctl -w net.ipv4.conf.all.arp_announce=2
3.只处理反向路由指向接收网卡的报文
sysctl -w net.ipv4.conf.all.rp_filter=1
4.增加策略路由,假设eth0/1在同一个网段
ip route add 0.0.0.0/0 dev eth0 table 1
ip route add 0.0.0.0/0 dev eth1 table 2
ip rule add from eth0-ip table 1
ip rule add from eth1-ip table 2
参见:https://www.kernel.org/doc/Documentation/networking/ip-sysctl.txt
arp_ignore - INTEGER
Define different modes for sending replies in response to
received ARP requests that resolve local target IP addresses:
0 - (default): reply for any local target IP address, configured
on any interface
1 - reply only if the target IP address is local address
configured on the incoming interface
2 - reply only if the target IP address is local address
configured on the incoming interface and both with the
sender's IP address are part from same subnet on this interface
3 - do not reply for local addresses configured with scope host,
only resolutions for global and link addresses are replied
4-7 - reserved
8 - do not reply for all local addresses
The max value from conf/{all,interface}/arp_ignore is used
when ARP request is received on the {interface}
arp_announce - INTEGER
Define different restriction levels for announcing the local
source IP address from IP packets in ARP requests sent on
interface:
0 - (default) Use any local address, configured on any interface
1 - Try to avoid local addresses that are not in the target's
subnet for this interface. This mode is useful when target
hosts reachable via this interface require the source IP
address in ARP requests to be part of their logical network
configured on the receiving interface. When we generate the
request we will check all our subnets that include the
target IP and will preserve the source address if it is from
such subnet. If there is no such subnet we select source
address according to the rules for level 2.
2 - Always use the best local address for this target.
In this mode we ignore the source address in the IP packet
and try to select local address that we prefer for talks with
the target host. Such local address is selected by looking
for primary IP addresses on all our subnets on the outgoing
interface that include the target IP address. If no suitable
local address is found we select the first local address
we have on the outgoing interface or on all other interfaces,
with the hope we will receive reply for our request and
even sometimes no matter the source IP address we announce.
The max value from conf/{all,interface}/arp_announce is used.
Increasing the restriction level gives more chance for
receiving answer from the resolved target while decreasing
the level announces more valid sender's information.
rp_filter - INTEGER
0 - No source validation.
1 - Strict mode as defined in RFC3704 Strict Reverse Path
Each incoming packet is tested against the FIB and if the interface
is not the best reverse path the packet check will fail.
By default failed packets are discarded.
2 - Loose mode as defined in RFC3704 Loose Reverse Path
Each incoming packet's source address is also tested against the FIB
and if the source address is not reachable via any interface
the packet check will fail.
Current recommended practice in RFC3704 is to enable strict mode
to prevent IP spoofing from DDos attacks. If using asymmetric routing
or other complicated routing, then loose mode is recommended.
The max value from conf/{all,interface}/rp_filter is used
when doing source validation on the {interface}.
Default value is 0. Note that some distributions enable it
in startup scripts.
linux收到arp请求后的处理流程如下:
代码参考:https://github.com/torvalds/linux/blob/master/net/ipv4/arp.c
arp_rcv-->arp_process-->ip_route_input_noref-->ip_route_input_slow-->
fib_validate_source(rp_filter参数生效)-->arp_ignore(arp_ignore参数生效)-->
arp_filter(arp_filter参数生效)
1.由代码可知,arp模块的处理逻辑是与ip路由紧密相关的。
2.icmp及tcp/udp的处理都需要经过ip路由的入向和出向匹配的,此处就需要rp_filter参数(入向)及策略路由(出向)的支持。
由于DPDK的优化中,使用特定cpu指令集获取更高的并发性能,作为其特性之一,比如SSE(Stream SIMD Extensions),用于完成向量化操作,提升性能。这就会导致:如果编译环境使用的cpu与运行环境不同,就会出现Illegal Instruction的coredump问题。如何解决呢?交叉编译。
make config T=x86_64-native-linuxapp-gcc && make -j
说明:T = ARCH-MACHINE-EXECENV-TOOLCHAIN,针对不同的cpu架构,可以通过修改第二个参数MACHINE,完成交叉编译,默认为native(自动探测本机架构)。
cat config/defconfig_x86_64-native-linuxapp-gcc
#include "common_linuxapp"
CONFIG_RTE_MACHINE="native"
CONFIG_RTE_ARCH="x86_64"
CONFIG_RTE_ARCH_X86_64=y
CONFIG_RTE_TOOLCHAIN="gcc"
CONFIG_RTE_TOOLCHAIN_GCC=y
cat mk/machine/native/rte.vars.mk
MACHINE_CFLAGS = -march=native
SSE42_SUPPORT=$(shell $(CC) -march=native -dM -E - </dev/null | grep SSE4_2)
ifeq ($(SSE42_SUPPORT),)
CPU_SSE42_SUPPORT = $(shell grep SSE4\.2 /var/run/dmesg.boot 2>/dev/null)
ifneq ($(CPU_SSE42_SUPPORT),)
MACHINE_CFLAGS = -march=corei7
endif
endif
ls mk/machine
atm default hsw ivb native nhm snb wsm
#查看cpu型号
cat /proc/cpuinfo |grep "model name"|head -1
model name : Intel(R) Xeon(R) CPU E5-2620 0 @ 2.00GHz
#登录网站查看
ark.intel.com
Intel® Xeon® Processor E5 Family
Code Name Products formerly Sandy Bridge EP
Vertical Segment Server
Processor Number E5-2620
cp config/defconfig_x86_64-native-linuxapp-gcc config/defconfig_x86_64-snb-linuxapp-gcc
vim config/defconfig_x86_64-snb-linuxapp-gcc
CONFIG_RTE_MACHINE="native" ===> CONFIG_RTE_MACHINE="snb"
#查看平台在gcc对应的march
gcc -c -Q -march=native --help=target | grep march
-march=core2
cp -rf mk/machine/ivb mk/machine/snb
vim mk/machine/snb/rte.vars.mk
MACHINE_CFLAGS = -march=core-avx-i ===> MACHINE_CFLAGS = -march=core2
make config T=x86_64-snb-linuxapp-gcc && make -j
1.加载自己的配置文件,默认/etc/ansible/ansible.cfg;
2.查找对应的主机配置文件,找到要执行的主机或者组,默认/etc/ansible/hosts;
3.加载自己对应的模块文件,默认command;
4.通过ansible将模块或命令生成对应的临时py文件(python脚本), 并将该文件传输至远程服务器;
5.对应执行用户的家目录的.ansible/tmp/XXX/XXX.PY文件;
6.给文件 +x 执行权限;
7.执行并返回结果;
8.删除临时py文件,sleep 0退出;
可以参考官方文档
#主控端安装ansible(yum方式)
yum install -y epel-release //安装epel源
yum install ansible -y
#主控端安装ansible(pip方式)
yum install python-pip
python -m pip install --upgrade "pip < 21.0"
pip install ansible
pip install paramiko PyYAML Jinja2 httplib2 six
#主控端生成ssh-key
ssh-keygen -t rsa -C "xxx@xxx.com"
#公钥推送给受控端
ssh-copy-id user@host
默认配置路径/etc/ansible/anible.cfg
格式为ini,支持分组,默认路径/etc/ansible/hosts,可通过-i指定其他路径
cat /etc/ansible/hosts
[dev]
abc.host1
abc.host2
[test]
test.host1
test.host2
#命令格式
ansible -i ${hosts文件} ${hosts中的section名称} -m {功能模块} -a {模块参数}
ansible-doc -l //列出已安装的模块,按q退出
ansible-doc -s shell //列出shell模块的描述信息和操作动作
#测试某个section连通性
ansible -i /etc/ansible/hosts dev -m ping (hosts文件在标准路径,可以省略)
#某个主机执行shell命令
ansible abc.host1 -m shell -a "pwd"
#指定hosts的所有主机创建test01用户
ansible -i ./hosts all -m user -a 'name="test01"'
#将文件copy到test分组
ansible test -m copy -a 'src=/etc/fstab dest=/opt/fstab owner=root mode=640'
#dev分组创建一个文件
ansible dev -m file -a "path=/opt/test state=touch"
#test分支执行脚本
ansible test -m script -a "test.sh"
1.pip安装时,需要版本对应,参考文档
#pip for 2.7
curl -O https://bootstrap.pypa.io/pip/2.7/get-pip.py
python get-pip.py
#pip for 3.4
curl -O https://bootstrap.pypa.io/pip/3.4/get-pip.py
python get-pip.py
#pip for 3.5
curl -O https://bootstrap.pypa.io/pip/3.5/get-pip.py
python get-pip.py
#pip for latest
curl -O https://bootstrap.pypa.io/pip/get-pip.py
python get-pip.py
2.批量推送公钥
cat updateAuthorizedKey.sh
#!/bin/sh
#usage: bash ./updateAuthorizedKey.sh /etc/ansible/hosts
HOSTS_FILE=$1
grep -qxF 'StrictHostKeyChecking no' /root/.ssh/config || echo 'StrictHostKeyChecking no' >> /root/.ssh/config
function for_hosts(){
for i in `cat $1`
do
if [[ $i == \#* || $i == \[* || !($i == *\.*) ]]
then
echo $i
else
ssh-copy-id -i ~/.ssh/id_rsa.pub $i
fi
done
}
for_hosts $HOSTS_FILE
生成自己的公私钥
ssh-keygen -t rsa -C "zhaotao19860@qq.com" -f ~/.ssh/id_rsa.zhaotao19860
配置config文件,指定用户密钥。
touch ~/.ssh/config
chmod 644 ~/.ssh/config
vi ~/.ssh/config
Host github.com
User zhaotao19860
IdentityFile ~/.ssh/id_rsa.zhaotao19860
(git clone ssh://zhaotao19860@github.com就会用~/.ssh/id_rsa.zhaotao19860来认证)
将生成的SSH公钥复制到github上
cat ~/.ssh/id_rsa.zhaotao19860.pub
下载最新的发布版本
cd /usr/src/
wget https://mirrors.edge.kernel.org/pub/software/scm/git/git-2.32.0.tar.gz
tar -xf git-2.32.0.tar.gz
安装依赖
yum install curl-devel expat-devel gettext-devel openssl-devel zlib-devel gcc perl-ExtUtils-MakeMaker
删除旧版本
yum remove git
解决编译过程中可能出现的openssl编译出错的问题,找到openssl位置
which openssl
如果仍旧不对,需要尝试/usr/local/openssl
配置及编译
cd git-2.32.0
autoconf
./configure --prefix=/usr/local/git --with-openssl=/usr/bin/openssl
make all
make install
添加到系统path路径
ln -s /usr/local/git/bin/git /usr/bin/git
升级man手册
cd /usr/src/
wget https://mirrors.edge.kernel.org/pub/software/scm/git/git-manpages-2.32.0.tar.gz
tar -xf git-manpages-2.32.0.tar.gz
cd git-manpages-2.32.0
cp man1/* /usr/local/share/man/man1/
cp man5/* /usr/local/share/man/man5/
cp man7/* /usr/local/share/man/man7/
vscode:开源、免费、支持多种开发语言、支持本地及远程调试、支持git集成、支持github集成、不支持的都可以通过插件支持。
官网:https://code.visualstudio.com/
远程调试:https://zhaotao19860.github.io/tools/2021/02/25/tools-vscode-remote-debug/
gdb:https://zhaotao19860.github.io/tools/2021/02/26/tools-vscode-gdb/
git-scm:官方出品,包括命令行和gui两种接口,并包含了mingw(可使用linux命令了),做到了装一个用多个的效果。
git官网:https://git-scm.com/
git-lfs官网:https://git-lfs.github.com/
git-debug:https://zhaotao19860.github.io/tools/2021/02/18/tools-git-debug/
git-rebase:https://zhaotao19860.github.io/tools/2021/02/19/tools-git-rebase/
git-basic:https://zhaotao19860.github.io/tools/2021/02/21/tools-git-basic/
git-lfs:https://zhaotao19860.github.io/tools/2021/02/20/tools-git-lfs/
Everything:快速搜索文件名及目录名。
官网:https://everything.en.softonic.com/
mobaxterm:提供免费的版本,并支持多tab页,及密码记忆功能,够用了。
官网:https://mobaxterm.mobatek.net/
notepad++:免费,好用的文本编辑器。
官网:https://notepad-plus-plus.org/
bandizip:部分免费的,但特别好用的压缩软件,不过现在有广告了。
官网:https://cn.bandisoft.com/
chrome:无用多说。
官网:https://www.google.com/chrome/
Dism++:开源、免费、功能强大。
官网:https://www.chuyu.me/zh-Hans/
typora:免费、小巧、好用。
官网:https://www.typora.io/
joplin:开源、免费、小巧、好用、功能强大,支持windows/linux/mac/iphone/android。
官网:https://joplinapp.org/
使用说明:https://zhaotao19860.github.io/tools/2021/02/22/tools-joplin/
draw.io:免费、支持图例较多。
在线官网:https://app.diagrams.net/
离线安装:https://github.com/jgraph/drawio-desktop/releases
wireshark:免费、支持协议丰富。
官网:https://www.wireshark.org/download.html
VirtualBox:免费、够用。
官网:https://www.virtualbox.org/
有道:免费、够用。
官网:https://www.youdao.com/
pktgen-dpdk是由intel团队成员将内核版本的pktgen移植到dpdk之上的版本,与dpdk同步版本更新最积极,目前使用的是20.11版本。
moongen是由个人开发和维护的版本,dpdk使用的是17.08,已经有3年没有更新了。
t-rex是由设备厂商思科维护的版本,社区活跃,版本更新迅速,dpdk目前已经可以兼容最新的21.02。
warp17是由设备厂商Juniper维护的版本,社区不是很活跃,版本较慢,dpdk目前使用的19.11。
golang中数据库的实现方式为:database/sql提供公共的数据库操作接口,具体的数据库驱动由各个数据库自己实现,比如go-sql-driver/mysql,关系图如下:
图片来源:https://draveness.me/golang/docs/part4-advanced/ch09-stdlib/golang-database-sql/
1. 三次握手建立 TCP 连接。
2. 建立 MySQL 连接,也就是认证阶段。
服务端 -> 客户端:发送握手初始化包 (Handshake Initialization Packet)。
客户端 -> 服务端:发送验证包 (Client Authentication Packet)。
服务端 -> 客户端:认证结果消息。
3. 认证通过之后,客户端开始与服务端之间交互,也就是命令执行阶段。
客户端 -> 服务端:发送命令包 (Command Packet)。
服务端 -> 客户端:发送回应包 (OK Packet, or Error Packet, or Result Set Packet)。
4. 断开 MySQL 连接。
客户端 -> 服务器:发送退出命令包。
5. 四次握手断开 TCP 连接。
引用:https://gohalo.me/post/mysql-protocol.html
响应报文采用统一格式,如下:
+-------------------+--------------+---------------------------------------------------+
| 3 Bytes | 1 Byte | N Bytes |
+-------------------+--------------+---------------------------------------------------+
|<= length of msg =>|<= sequence =>|<==================== data =======================>|
|<============= header ===========>|<==================== body =======================>|
说明:
- 3字节:报文长度;
- 1字节:序号,每次客户端发起请求时,序号值都会从 0 开始计算。当一个请求由多个响应报文组成时,用来确定报文顺序,如果接收报文失序,则报错。
- N字节:具体数据部分。
引用:https://gohalo.me/post/mysql-protocol.html
响应报文包含三种:OK报文, Error报文, Result Set报文,下面主要说明最复杂的ResultSet报文:
说明: 图表包含了sql请求的所有响应情况,其中最左边方框+EOF/ERR报文就表示一个完整的ResultSet报文,主要包括五组报文:
- ResultSetHeaderPacket:结果集头报文,包含列的个数信息,报文个数=1;
- ColumnsPackets:列说明报文,包含每个列的具体说明,报文个数=column_count;
- EOFPacket:表示列说明报文结束,报文个数=1;
- RowsPackets:行内容报文,包含一行的具体内容,报文个数=row_num;
- EOFPacket/ERRPacket:表示整个Result Set报文的结束,报文个数=1;
参考:https://dev.mysql.com/doc/internals/en/com-query-response.html#packet-ProtocolText::Resultset
01 00 00 01 01|27 00 00 02 03 64 65 66 00 00 00 .....'....def...
11 40 40 76 65 72 73 69 6f 6e 5f 63 6f 6d 6d 65 .@@version_comme
6e 74 00 0c 08 00 1c 00 00 00 fd 00 00 1f 00 00| nt..............
05 00 00 03 fe 00 00 02 00|1d 00 00 04 1c 4d 79 ..............My
53 51 4c 20 43 6f 6d 6d 75 6e 69 74 79 20 53 65 SQL Community Se
72 76 65 72 20 28 47 50 4c 29|05 00 00 05 fe 00 rver (GPL)......
00 02 00 ...
说明: 包含5种报文:
length = 01 00 00, sequence_id = 01(ResultSetHeaderPacket)
length = 27 00 00, sequence_id = 02(ColumnsPackets)
catalog = 03 64 65 66 (“def”)
schema = 00 (“”)
table = 00 (“”)
org_table = 00 (“”)
name = 11 40 40 76 65 72 73 69 6f 6e 5f 63 6f 6d 6d 65 6e 74 (“@@version_comment”)
org_name = 00 (“”)
filler_1 = 0c
character_set = 08 00 (latin1_swedish_ci)
column_length = 1c 00 00 00 (28)
column_type = fd (Protocol::MYSQL_TYPE_VAR_STRING)
flags = 00 00
decimals = 1f (127)
filler_2 00 00
length = 05 00 00, sequence_id = 03(EOFPacket)
fe (EOF indicator)
warning_count = 00 00 (0)
status_flags = 02 00 (Protocol::StatusFlags = SERVER_STATUS_AUTOCOMMIT )
length = 05 00 00, sequence_id = 04(RowsPackets)
(ProtocolText::ResultsetRow)
1c 4d 79 53 51 4c 20 43 6f 6d 6d 75 6e 69 74 79 20 53 65 72 76 65 72 20 28 47 50 4c 29 (length = 28, string = “MySQL Community Server (GPL)”)
length = 05 00 00, sequence_id = 05(EOFPacket)
fe (EOF indicator)
warning_count = 00 00 (0)
status_flags = 02 00 (Protocol::StatusFlags = SERVER_STATUS_AUTOCOMMIT )
参考:https://dev.mysql.com/doc/internals/en/protocoltext-resultset.html
接口调用:db.Query ===> db.QueryContext ===> db.query ===> db.conn(获取连接) ===> db.queryDC ===> db.ctxDriverQuery ===>
driver调用:driver.QueryContext ===> driver.query ===> driver.writeCommandPacketStr(发送sql请求) ===> driver.readResultSetHeaderPacket(读取并解析ResultSetHeaderPacket) ===> driver.readColumns(读取并解析ColumnsPackets) <===> until EOFPacket(读到EOF报文表示列解析完成).
接口调用:rows.Next ===> rows.nextLocked
driver调用:rows.Next ===> rows.readRow ===> rows.readRowPacket(读取并解析RowsPackets) <===> until EOFPacket((读到EOF报文表示行解析完).
接口调用:rows.Scan ===> convertAssignRows(将数据库行转为golang内部结构体).
2019.2.1为第一次共识的截止时间,此次共识主要解决授权服务器对edns的支持不符合协议引入的两个问题:
主要包括三个协议的对齐:
RFC1035 - DNS基础协议;
RFC2671 - EDNS0定义;
RFC6891 - EDNS0更新;
主要包括以下两个方面:
以下开源递归服务器的新版本将不提供兼容:
授权服务器的开源实现,基本都是遵循协议的,比如Bind/Knot dns/Powerdns等,当各DNS服务提供商基本都有自己实现的版本,以下服务商已明确支持: