特色文章

Linux一键安装常见/最新内核脚本 锐速/BBRPLUS/BBR2 [1.3.2.71]

卸载内核

wget -N --no-check-certificate "https://github.000060000.xyz/tcp.sh" && chmod +x tcp.sh && ./tcp.sh

wget -N "https://github.000060000.xyz/tcp.sh" && chmod +x tcp.sh && ./tcp.sh

不卸载内核

wget -N --no-check-certificate "https://github.000060000.xyz/tcpx.sh" && chmod +x tcpx.sh && ./tcpx.sh

wget -N "https://github.000060000.xyz/tcpx.sh" && chmod +x tcpx.sh && ./tcpx.sh


锐速/bbr/bbrplus 对应的版本:

BBR
centos7    –   5.10.11
centos8    –    5.6.15
debian/ubuntu  –  5.10.11

BBRPLUS

centos7     –    4.14.129
debian/ubuntu    –   4.14.129

BBRPLUS新版号

centos7     –    4.14.182
debian/ubuntu    –   4.14.182

XANMOD

centos7     –    5.10.11
centos8     –    5.5.1
debian/ubuntu    –    5.10.11

BBR2合并到XANMOD

CLOUD – 仅限KVM

centos7     –   5.10.11
debian/ubuntu    –    5.10.11

锐速 不统计版本太杂

安装中提示Abort kernel removal? 选择No

更新记录

1.3.2.7
更新bbr的c7,c8,d9,d10 升级到5.5.3内核

1.3.2.8
更新bbr的c6,c7,c8,d8,d9,d10 升级到5.5.5内核

1.3.2.9
更新bbr,zen的c7,d10 升级到5.5.6内核
xanmod的c7,d10 升级到5.5.4内核
更新部分写法

1.3.2.10
xanmod的c7,d10 升级到5.5.6内核

1.3.2.11
两个版本可以互相切换

1.3.2.13
更新bbr c7,d10 升级到5.5.7内核
bbrplus降级到4.14.129 不再维护

1.3.2.14
修复debian/ubuntu bbrplus BUG
bbrplus安装方法和安装内核都和原作者一致了 我彻底甩锅

1.3.2.15
xanmod的c7,d10 升级到5.5.6内核 xanmod5
xanmod下载链接 改为onedrive 若有问题请反馈

1.3.2.17
bbr原版,xanmod,Zen内核c7,d10分别升级到5.5.8 均为onedrive链接

1.3.2.18
bbrplus4.14.173 centos7,debian10 均为onedrive链接

1.3.2.20
bbr原版,Zen内核c7,d10分别升级到5.5.10 均为onedrive链接  适配oracle centos7测试

1.3.2.21
bbr原版,c7,d10分别升级到5.6.0 均为onedrive链接

1.3.2.28
bbr原版升级到5.6.15 添加U20支持 均为onedrive链接

1.3.2.29
bbrplus新版升级到bbrplus4.14.182 均为onedrive链接

1.3.2.34 xanmod C7升级到5.7.2,debian及ubuntu用的官方编译的文件,没限制常用的debian和ubuntu版本,是否翻车自己测试,增加切换到秋水BBR功能

1.3.2.35 xanmod debian及ubuntu用的官方编译的文件5.7.3,这次直接用的官方的下载链接

1.3.2.36 更换锐速授权地址

1.3.2.37 xanmod更新到5.7.4,debian及ubuntu用的官方编译的文件,原版BBR centos用的elrepo版本

1.3.2.45 xanmod更新到5.8.10,原版BBR centos7更新到5.8.10,增加切换到一键DD脚本

1.3.2.51 去除centos6的支持,去除Zen内核,debian和ubuntu使用同一内核,增加fq_pie选项

1.3.2.53 添加johnrosen1的优化方案,去除默认优化方案的tcp_fastopen

1.3.2.56 注释net.ipv4.ip_forward

1.3.2.57 仅更新了可卸载版本,增加headers的卸载测试,应用了bbr原版和xanmod

1.3.2.59 大量调整优化代码,新的优化方案不再叠加并支持卸载,调整bbr启动,不会卸载优化

1.3.2.63 下架bbr2方案,等正式版本再考虑添加,不卸载内核版本添加官方稳定内核,官方最新内核,XANMOD官方内核,XANMOD官方高响应内核,debian官方cloud内核

1.3.2.68 XANMOD 5.10.9及以后内核支持BBR2 增加IPv6处理

无大内容更新见上面版本号对应关系 cloud内核XEN环境未测试,也无人反馈,测试cloud内核oracle efi环境无法启动

…….

怎么玩?

1.安装了内核重启后再开启相应加速再重启
2.或者安装内核后,接着开启bbr加速(失败的),这时候再重启,bbr会在重启后生效(前提是启动时候是安装的内核)

2020.6.14测试锐速是正常的


https://github.com/ylx2016/Linux-NetSpeed/releases
https://github.com/ylx2016/Linux-NetSpeed

查看真实队列?

tc -s qdisc show


赞助,捐助

支付宝

docker/containers images地址收集

https://jenkins.linuxcontainers.org/view/Images/

https://jenkins.linuxcontainers.org/view/Images/job/image-centos/architecture=amd64,release=8-Stream,variant=cloud/lastSuccessfulBuild/artifact/rootfs.tar.xz
https://jenkins.linuxcontainers.org/view/Images/job/image-centos/architecture=amd64,release=7,variant=cloud/lastSuccessfulBuild/artifact/rootfs.tar.xz
https://jenkins.linuxcontainers.org/view/Images/job/image-centos/architecture=amd64,release=8,variant=cloud/lastSuccessfulBuild/artifact/rootfs.tar.xz


https://jenkins.linuxcontainers.org/view/Images/job/image-debian/architecture=amd64,release=buster,variant=cloud/lastSuccessfulBuild/artifact/rootfs.tar.xz
https://jenkins.linuxcontainers.org/view/Images/job/image-debian/architecture=amd64,release=bullseye,variant=cloud/lastSuccessfulBuild/artifact/rootfs.tar.xz
https://jenkins.linuxcontainers.org/view/Images/job/image-debian/architecture=amd64,release=stretch,variant=cloud/lastSuccessfulBuild/artifact/rootfs.tar.xz

https://jenkins.linuxcontainers.org/view/Images/job/image-debian/architecture=amd64,release=sid,variant=cloud/lastSuccessfulBuild/artifact/rootfs.tar.xz


https://jenkins.linuxcontainers.org/view/Images/job/image-ubuntu/architecture=amd64,release=focal,variant=cloud/lastSuccessfulBuild/artifact/rootfs.tar.xz
https://jenkins.linuxcontainers.org/view/Images/job/image-ubuntu/architecture=amd64,release=bionic,variant=cloud/lastSuccessfulBuild/artifact/rootfs.tar.xz
https://jenkins.linuxcontainers.org/view/Images/job/image-ubuntu/architecture=amd64,release=groovy,variant=cloud/lastSuccessfulBuild/artifact/rootfs.tar.xz

https://us.images.linuxcontainers.org/images/
https://mirrors.tuna.tsinghua.edu.cn/lxc-images/images/centos/8-Stream/amd64/cloud/

vmare ROM添加ntfs/exfat的uefi支持驱动

FFS v1.0 下载
https://github.com/pbatard/ffs/releases

驱动下载
http://efi.akeo.ie/downloads/efifs-latest/x64/

UEFITool 不能用NE版本
https://github.com/LongSoft/UEFITool/releases

从下面路径复制原版ROM  EFI32.ROM EFI64.ROM
C:\Program Files (x86)\VMware\VMware Workstation\x64

执行 GenMod ntfs_ia32.efi 生成ffs文件,最后一步添加文件时需要保持ffs和efi文件在一起

UEFITool 加载ROM 下面路径Insert After and select 或者remove
UEFI Image → 8C8CE578-8A3D-4F1C-9935-896185C32DD3 → 20BC8AC9-94D1-4208-AB28-5D673FD73486 → EE4E5898-3914-4259-9D6E-DC7BD79403CF → Volume Image Section → 8C8CE578-8A3D-4F1C-9935-896185C32DD3, with GUID 961578FE-B6B7-44C3-AF35-6BC705CD2B1F

最后保存rom

centos6 新更新源

国外
sed -i "s/enabled=1/enabled=0/g" /etc/yum/pluginconf.d/fastestmirror.conf && mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.old && curl -k -o /etc/yum.repos.d/CentOS-Base.repo https://static.lty.fun/%E5%85%B6%E4%BB%96%E8%B5%84%E6%BA%90/SourcesList/Centos-6-Vault-Official.repo && yum install wget -y

国内
sed -i "s/enabled=1/enabled=0/g" /etc/yum/pluginconf.d/fastestmirror.conf && mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.old && curl -k -o /etc/yum.repos.d/CentOS-Base.repo https://www.xmpan.com/Centos-6-Vault-Aliyun.repo && yum install wget -y

debian8 新更新源

nano /etc/apt/sources.list
deb http://cdn-fastly.deb.debian.org/debian/ jessie main
deb-src http://cdn-fastly.deb.debian.org/debian/ jessie main

deb http://security.debian.org/ jessie/updates main
deb-src http://security.debian.org/ jessie/updates main

deb http://archive.debian.org/debian jessie-backports main
deb-src http://archive.debian.org/debian jessie-backports main

nano /etc/apt/apt.conf
Acquire::Check-Valid-Until "false";

apt-get install htop nano  -t jessie-backports
apt-get update && apt-get upgrade -t jessie-backports -y

Yankee Scalable-Reactive TCP

For Debian 8/Ubuntu 16 ONLY.

Linux-headers is required to get compilation done.
This module is supported in kernel version after 4.9 .

(Latest version – 2.2.1)

  1. export MOD=react_rc2
  2. apt-get install make gcc-4.9 -y
  3. wget -O ./tcp_$MOD.c
    https://gist.github.com/anonymous/27b7ea6e93acdd23b097ab1a399c1287/raw/00c318f613856ed400c556126b851d18369e936b/tcp_react_rc2.c
  4. echo “obj-m:=tcp_$MOD.o” > Makefile
  5. make -C /lib/modules/$(uname -r)/build M=`pwd` modules CC=”/usr/bin/gcc-4.9 -Ofast” &&
  6. insmod tcp_$MOD.ko &&
  7. sysctl -w net.ipv4.tcp_congestion_control=$MOD

复制代码

(Other optimization – Recommended)

  1. wget -qO-
    https://gist.github.com/anonymous/63ada7904c29d685575716c2f5302f06/raw/93eb01e62f3a4f22390b2200ddb709987f9ed201/sysctl.conf|sysctl
    -p –
  2. ulimit -SHn 10240000
  3. echo “$(cat /etc/security/limits.conf | grep -v -E ‘(soft|hard).*nofile’)” > /etc/security/limits.conf
  4. echo -e “*               soft    nofile           10240000\n* 
                 hard    nofile           10240000” >>
    /etc/security/limits.conf
  5. # setting fair queue
  6. export PATH_EXEC=/etc/init.d/tc-fq.sh
  7. cat>$PATH_EXEC<<‘EOF’
  8. sysctl net.core.default_qdisc=noqueue &&
  9. tc qdisc del dev eth0 root fq
  10. tc qdisc del dev eth0 root pfifo_fast
  11. tc qdisc del dev eth0 root red limit 42949672 avpkt 1000
  12. tc qdisc add dev eth0 root red limit 42949672 avpkt 1440 probability 0.01 bandwidth 1000Mbit min 187605 max 862816
  13. sysctl -w net.core.default_qdisc=red
  14. EOF
  15. chmod +x $PATH_EXEC
  16. $PATH_EXEC
  17. tc -s -d qdisc show
  18. echo “$(cat /etc/rc.local | grep -v -E ‘(‘$PATH_EXEC’)|(exit 0)’)” > /etc/rc.local
  19. echo -e “\n$PATH_EXEC\nexit 0” >> /etc/rc.local
/* React congestion control */

#include <linux/module.h>
#include <net/tcp.h>
#include <linux/win_minmax.h>

#define BW_SCALE 24

#define REACT_SCALE 8
#define REACT_UNIT (1 << REACT_SCALE)

#define REACT_INIT_CWND 25

#define DO_CONDITIONAL_OPT(a, b, c) ((c) ^ ((!(a) - 1) & ((b) ^ (c))))

#define REACT_MIN(a, b) DO_CONDITIONAL_OPT((a) < (b), a, b)
#define REACT_MAX(a, b) DO_CONDITIONAL_OPT((a) > (b), a, b)
#define REACT_MAX3(a, b, c) REACT_MAX(REACT_MAX(a, b), c)

#define REACT_SGN32(x) -(-((x) >> 31) | (-(x) >> 31))

/* window length of min_rtt filter (in sec): */
static const u32 react_min_rtt_win_sec = 10;

static const int react_high_gain = REACT_UNIT * 2885 / 1000 + 1;
static const int react_drain_gain = REACT_UNIT * 3 / 4;
static const int react_cwnd_gain = REACT_UNIT * 2;
static const int react_probe_gain = REACT_UNIT * 3 / 2;

static const u8 react_full_bw_cnt = 3;

/* sampling windows size react_grad used for smoothing moving: */
static unsigned int window __read_mostly = 4;
/* Window length of bw filter (in rounds): */
static unsigned int react_bw_rtts __read_mostly = 15;

module_param(window, int, 0444);
MODULE_PARM_DESC(window, "gradient window size (power of two <= 256)");
module_param(react_bw_rtts, uint, 0644);
MODULE_PARM_DESC(react_bw_rtts, "window length of bw filter (in rounds)");

struct cdg_minmax {
	union {
		struct {
			s32 min;
			s32 max;
		};
		u64 v64;
	};
};

enum react_state {
	CDG_UNKNOWN = 0,
	CDG_NONFULL = 1,
	CDG_FULL = 2
};

/* React congestion control block */
struct react {
	struct cdg_minmax rtt;
	struct cdg_minmax rtt_prev;
	struct cdg_minmax *gradients;
	struct cdg_minmax gsum;
	struct minmax bw;	/* Max recent delivery rate in pkts/uS << 24 */
	u32 cwnd_gain,
		pacing_gain,
		min_rtt_us,	        /* min RTT in min_rtt_win_sec window */
		rtt_seq,
		min_rtt_stamp,	        /* timestamp of min_rtt_us */
		next_rtt_delivered; /* scb->tx.delivered at end of round */
	u16 rtt_cnt;	    /* count of packet-timed rounds elapsed */
	u8  tail,
		state,
		full_bw_cnt;
	bool drain_queue,
		round_restart,
		packet_conservation;
};

static inline u32 react_max_bw(struct react *ca)
{
	return minmax_get(&ca->bw);
}

static inline u64 react_rate_bytes_per_sec(struct sock *sk, u64 rate, int gain)
{
	rate *= tcp_mss_to_mtu(sk, tcp_sk(sk)->mss_cache);
	rate *= gain;
	rate >>= REACT_SCALE;
	rate *= USEC_PER_SEC;
	return rate >> BW_SCALE;
}

static inline void react_set_pacing_rate(struct sock *sk, u64 bw, int gain)
{
	u64 rate = bw;

	rate = react_rate_bytes_per_sec(sk, rate, gain);
	rate = REACT_MIN(rate, sk->sk_max_pacing_rate);
	sk->sk_pacing_rate = REACT_MAX(rate, sk->sk_pacing_rate);
}

/* Find target cwnd. Right-size the cwnd based on min RTT and the
* estimated bottleneck bandwidth:
*
* cwnd = bw * min_rtt * gain = BDP * gain
*
* The key factor, gain, controls the amount of queue. While a small gain
* builds a smaller queue, it becomes more vulnerable to noise in RTT
* measurements (e.g., delayed ACKs or other ACK compression effects). This
* noise may cause BBR to under-estimate the rate.
*/

static u32 react_target_cwnd(struct sock *sk, struct react *ca, int gain)
{
	u64 w;
	u32 bw, cwnd;

	if (unlikely(ca->min_rtt_us == ~0U))	 /* no valid RTT samples yet? */
		return REACT_INIT_CWND;  /* be safe: cap at default initial cwnd */

	bw = react_max_bw(ca);

	w = (u64)bw * ca->min_rtt_us;

	cwnd = ((w * gain) >> (BW_SCALE + REACT_SCALE)) + 18;

	/* Reduce delayed ACKs by rounding up cwnd to the next even number. */
	cwnd = (cwnd + 1) & ~1U;

	return cwnd;
}

static inline void react_set_cwnd(struct sock *sk, const struct rate_sample *rs, int gain)
{
	struct tcp_sock *tp = tcp_sk(sk);
	struct react *ca = inet_csk_ca(sk);
	u32 cwnd = tp->snd_cwnd, target_cwnd;

	target_cwnd = DO_CONDITIONAL_OPT(ca->packet_conservation, REACT_MAX(cwnd, tcp_packets_in_flight(tp) + rs->acked_sacked), react_target_cwnd(sk, ca, gain));

	cwnd = REACT_MAX(target_cwnd, 4);

	tp->snd_cwnd = REACT_MIN(cwnd, tp->snd_cwnd_clamp);
	tp->rcv_ssthresh = TCP_INFINITE_SSTHRESH;
	tp->rcv_wnd = REACT_MAX(cwnd, tp->rcv_wnd);

	ca->packet_conservation = 0;
}


static void react_check_drain(struct sock *sk, const struct rate_sample *rs, struct react *ca)
{
	bool non_cong = (ca->state != CDG_FULL);

	if (!ca->drain_queue && !ca->round_restart) {
		struct tcp_sock *tp = tcp_sk(sk);
		u32 inflight = REACT_MIN(tcp_packets_in_flight(tp), rs->prior_in_flight);
		ca->cwnd_gain = DO_CONDITIONAL_OPT(non_cong, react_high_gain, react_cwnd_gain);
		if (inflight < tp->snd_cwnd)
			ca->pacing_gain = DO_CONDITIONAL_OPT(non_cong, react_high_gain, react_probe_gain);
		else
			ca->pacing_gain = DO_CONDITIONAL_OPT(non_cong, react_probe_gain, REACT_UNIT);
	}
	else if (ca->drain_queue && !ca->round_restart) {
		ca->cwnd_gain = react_high_gain;
		ca->pacing_gain = DO_CONDITIONAL_OPT(non_cong, REACT_UNIT, react_drain_gain);
		ca->state = CDG_UNKNOWN;
		ca->packet_conservation = 1;
	}
	ca->round_restart = 0;
}

/* We use the delay gradient as a congestion signal. */
static void react_grad(struct react *ca)
{
	s32 gmin = ca->rtt.min - ca->rtt_prev.min;
	s32 gmax = ca->rtt.max - ca->rtt_prev.max;

	if (ca->gradients) {
		ca->gsum.min += gmin - ca->gradients[ca->tail].min;
		ca->gsum.max += gmax - ca->gradients[ca->tail].max;
		ca->gradients[ca->tail].min = gmin;
		ca->gradients[ca->tail].max = gmax;
		ca->tail = (ca->tail + 1) & (window - 1);
		gmin = ca->gsum.min;
		gmax = ca->gsum.max;
	}

	gmin += 32;
	gmax += 32;

	if (gmin > 0 && gmax <= 0)
		ca->state = CDG_FULL;
	else if ((gmin > 0 && gmax > 0) || gmax < 0) {
		ca->state = CDG_NONFULL;
		ca->full_bw_cnt = 0;
	}
}

static void react_update_rtt_grad(struct sock *sk, const struct rate_sample *rs, struct react *ca)
{
	if (likely(rs->rtt_us)) {
		ca->rtt.min = REACT_MIN(DO_CONDITIONAL_OPT(ca->rtt.min > 0, ca->rtt.min, 1), rs->rtt_us);
		ca->rtt.max = REACT_MAX(ca->rtt.max, rs->rtt_us);
	}

	if (after(tcp_sk(sk)->snd_una, ca->rtt_seq + 1) && ca->rtt.v64) {
		if (ca->rtt_prev.v64)
			react_grad(ca);
		ca->rtt_seq = tcp_sk(sk)->snd_nxt;
		ca->rtt_prev = ca->rtt;
		ca->rtt.v64 = 0;
	}
}

static void react_update_min_rtt(struct sock *sk, const struct rate_sample *rs, struct react *ca)
{
	bool filter_expired;

	/* Track min RTT seen in the min_rtt_win_sec filter window: */
	filter_expired = after(tcp_time_stamp,
		ca->min_rtt_stamp + react_min_rtt_win_sec * HZ);
	if (rs->rtt_us >= 0 &&
		(rs->rtt_us <= ca->min_rtt_us || filter_expired)) {
		ca->min_rtt_us = rs->rtt_us;
		ca->min_rtt_stamp = tcp_time_stamp;
	}

	ca->drain_queue = (filter_expired || (ca->state == CDG_FULL && ca->full_bw_cnt >= react_full_bw_cnt));
}

static void react_update_bw(struct sock *sk, const struct rate_sample *rs, struct react *ca)
{
	u64 bw, bw_thresh;

	if (rs->delivered < 0 || rs->interval_us <= 0)
		return; /* Not a valid observation */

				/* See if we've reached the next RTT */
	if (!before(rs->prior_delivered, ca->next_rtt_delivered)) {
		ca->next_rtt_delivered = tcp_sk(sk)->delivered;
		ca->rtt_cnt++;
	}

	/* Divide delivered by the interval to find a (lower bound) bottleneck
	* bandwidth sample. Delivered is in packets and interval_us in uS and
	* ratio will be <<1 for most connections. So delivered is first scaled.
	*/
	bw = ((u64)rs->delivered << BW_SCALE);
	do_div(bw, rs->interval_us);

	bw_thresh = (((u64)react_max_bw(ca) >> 3) * 9);

	++ca->full_bw_cnt;
	if (bw >= bw_thresh) {
		ca->full_bw_cnt = 0;
		ca->state = CDG_UNKNOWN;
	}

	ca->full_bw_cnt = REACT_MIN(ca->full_bw_cnt, react_full_bw_cnt);

	/* If this sample is application-limited, it is likely to have a very
	* low delivered count that represents application behavior rather than
	* the available network rate. Such a sample could drag down estimated
	* bw, causing needless slow-down. Thus, to continue to send at the
	* last measured network rate, we filter out app-limited samples unless
	* they describe the path bw at least as well as our bw model.
	*
	* So the goal during app-limited phase is to proceed with the best
	* network rate no matter how long. We automatically leave this
	* phase when app writes faster than the network can deliver :)
	*/
	if (!rs->is_app_limited || bw >= react_max_bw(ca)) {
		/* Incorporate new sample into our max bw filter. */
		minmax_running_max(&ca->bw, react_bw_rtts, (u32)ca->rtt_cnt, bw);
	}
}


static inline void react_update_model(struct sock *sk, const struct rate_sample *rs, struct react *ca)
{
	react_update_bw(sk, rs, ca);
	react_update_min_rtt(sk, rs, ca);
	react_update_rtt_grad(sk, rs, ca);
	react_check_drain(sk, rs, ca);
}

static void react_main(struct sock *sk, const struct rate_sample *rs)
{
	struct react *ca = inet_csk_ca(sk);

	react_update_model(sk, rs, ca);

	react_set_cwnd(sk, rs, ca->cwnd_gain);
	react_set_pacing_rate(sk, react_max_bw(ca), ca->pacing_gain);
}

static void react_set_state(struct sock *sk, u8 new_state)
{
	struct react *ca = inet_csk_ca(sk);

	switch (new_state) {
	case TCP_CA_Loss:
		if (ca->state != CDG_FULL)
			/* Reset zero-window probe timer to push pending frames. */
			inet_csk_reset_xmit_timer(sk, ICSK_TIME_PROBE0,
				tcp_probe0_base(sk), TCP_RTO_MAX);
		ca->round_restart = 1;
		ca->pacing_gain = react_high_gain;
		ca->full_bw_cnt = 0;
		break;
	case TCP_CA_Recovery:
		if (ca->state != CDG_NONFULL) {
			ca->packet_conservation = 1;
			ca->next_rtt_delivered = tcp_sk(sk)->delivered;
		}
		break;
	default:
		break;
	}
}

static void react_init(struct sock *sk)
{
	struct react *ca = inet_csk_ca(sk);
	struct tcp_sock *tp = tcp_sk(sk);

	/* We silently fall back to window = 1 if allocation fails. */
	ca->gradients = kcalloc(window, sizeof(ca->gradients[0]),
		GFP_NOWAIT | __GFP_NOWARN);
	ca->rtt_seq = tp->snd_nxt;

	ca->min_rtt_stamp = tcp_time_stamp;
	ca->min_rtt_us = tcp_min_rtt(tp);

	ca->state = CDG_NONFULL;

	ca->full_bw_cnt = 0;

	ca->rtt_cnt = 0;
	ca->next_rtt_delivered = 0;

	ca->round_restart = 1;
	ca->packet_conservation = 0;

	ca->pacing_gain = react_high_gain;
	ca->cwnd_gain = react_high_gain;

	minmax_reset(&ca->bw, (u32)ca->rtt_cnt, 0);  /* init max bw to 0 */
}

static void react_cwnd_event(struct sock *sk, const enum tcp_ca_event ev)
{
	struct react *ca = inet_csk_ca(sk);
	struct cdg_minmax *gradients;

	switch (ev) {
	case CA_EVENT_TX_START:
		ca->state = CDG_NONFULL;
		ca->pacing_gain = react_high_gain;
		ca->cwnd_gain = react_high_gain;
		ca->round_restart = 1;
		break;
	case CA_EVENT_CWND_RESTART:
		gradients = ca->gradients;
		if (gradients)
			memset(gradients, 0, window * sizeof(gradients[0]));
		memset(ca, 0, sizeof(*ca));
		ca->state = CDG_UNKNOWN;
		ca->gradients = gradients;
		ca->rtt_seq = tcp_sk(sk)->snd_nxt;
		break;
	default:
		break;
	}
}

static u32 react_undo_cwnd(struct sock *sk)
{
	return tcp_sk(sk)->snd_cwnd;
}

static void react_release(struct sock *sk)
{
	struct react *ca = inet_csk_ca(sk);

	kfree(ca->gradients);
}

static u32 react_sndbuf_expand(struct sock *sk)
{
	return 3;
}

static u32 react_ssthresh(struct sock *sk)
{
	return TCP_INFINITE_SSTHRESH;
}

static struct tcp_congestion_ops react_cong_ops __read_mostly = {
	.flags = TCP_CONG_NON_RESTRICTED,
	.name = "react_rc2",
	.owner = THIS_MODULE,
	.init = react_init,
	.cong_control = react_main,
	.cwnd_event = react_cwnd_event,
	.release = react_release,
	.sndbuf_expand = react_sndbuf_expand,
	.undo_cwnd = react_undo_cwnd,
	.ssthresh = react_ssthresh,
	.set_state = react_set_state,
};

static int __init react_register(void)
{
	BUILD_BUG_ON(sizeof(struct react) > ICSK_CA_PRIV_SIZE);
	return tcp_register_congestion_control(&react_cong_ops);
}

static void __exit react_unregister(void)
{
	tcp_unregister_congestion_control(&react_cong_ops);
}

module_init(react_register);
module_exit(react_unregister);

MODULE_AUTHOR("Neal Cardwell <ncardwell@google.com>");
MODULE_AUTHOR("Yuchung Cheng <ycheng@google.com>");
MODULE_AUTHOR("Kenneth Klette Jonassen");
MODULE_LICENSE("Dual BSD/GPL");
MODULE_DESCRIPTION("TCP React");

from

https://www.hostloc.com/forum.php?mod=viewthread&tid=374117

dnscrypt-proxy

wget -O dnscrypt-proxy.sh https://raw.githubusercontent.com/ylx2016/reinstall/master/dnscrypt-proxy.sh && chmod +x dnscrypt-proxy.sh && ./dnscrypt-proxy.sh
dnsmasq_install=1
if [[ ${dnsmasq_install} == 1 ]]; then
  if [[ ! -d /etc/dnscrypt-proxy/ ]]; then
    mkdir /etc/dnscrypt-proxy/
  fi
ipv6_true="false"
block_ipv6="true"
if [[ -n ${myipv6} ]]; then
  ping -6 ipv6.google.com -c 2 || ping -6 2620:fe::10 -c 2
  if [[ $? -eq 0 ]]; then
    ipv6_true="true"
    block_ipv6="false"
  fi
fi
rm -rf /etc/dnscrypt-proxy/dnscrypt-proxy.toml
if [[ ! -d /var/log/dnscrypt-proxy/ ]]; then
    mkdir /var/log/dnscrypt-proxy/
fi    
cat > '/etc/dnscrypt-proxy/dnscrypt-proxy.toml' << EOF
#!!! Do not change these settings unless you know what you are doing !!!
listen_addresses = ['127.0.0.1:53','[::1]:53']
#user_name = 'nobody'
max_clients = 51200
ipv4_servers = true
ipv6_servers = $ipv6_true
dnscrypt_servers = true
doh_servers = true
require_dnssec = false
require_nolog = true
require_nofilter = true
#disabled_server_names = ['cisco', 'cisco-ipv6', 'cisco-familyshield']
force_tcp = false
timeout = 5000
keepalive = 30
lb_estimator = true
log_level = 2
use_syslog = true
log_file = '/var/log/dnscrypt-proxy/dnscrypt-proxy.log'
cert_refresh_delay = 86400
tls_disable_session_tickets = false
#tls_cipher_suite = [4865]
fallback_resolvers = ['1.1.1.1:53', '8.8.8.8:53']
ignore_system_dns = true
netprobe_timeout = 60
netprobe_address = '1.1.1.1:53'
# Maximum log files size in MB - Set to 0 for unlimited.
log_files_max_size = 1024
# How long to keep backup files, in days
log_files_max_age = 7
# Maximum log files backups to keep (or 0 to keep all backups)
log_files_max_backups = 0
block_ipv6 = false
## Immediately respond to A and AAAA queries for host names without a domain name
block_unqualified = true
## Immediately respond to queries for local zones instead of leaking them to
## upstream resolvers (always causing errors or timeouts).
block_undelegated = true
## TTL for synthetic responses sent when a request has been blocked (due to
## IPv6 or blacklists).
reject_ttl = 600
cache = true
cache_size = 4096
cache_min_ttl = 2400
cache_max_ttl = 86400
cache_neg_min_ttl = 60
cache_neg_max_ttl = 600
#[local_doh]
#
#listen_addresses = ['127.0.0.1:3001']
#path = "/dns-query"
#cert_file = "/etc/certs/${domain}_ecc/fullchain.cer"
#cert_key_file = "/etc/certs/${domain}_ecc/${domain}.key"
[query_log]
  file = '/var/log/dnscrypt-proxy/query.log'
  format = 'tsv'

#[blacklist]

  #blacklist_file = '/etc/dnscrypt-proxy/blacklist.txt'

[sources]
  ## An example of a remote source from https://github.com/DNSCrypt/dnscrypt-resolvers
  [sources.'public-resolvers']
  urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md', 'https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md']
  cache_file = 'public-resolvers.md'
  minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
  prefix = ''
  [sources.'opennic']
  urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/opennic.md', 'https://download.dnscrypt.info/dnscrypt-resolvers/v3/opennic.md']
  cache_file = 'opennic.md'
  minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
  prefix = ''
  ## Anonymized DNS relays
  [sources.'relays']
  urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/relays.md', 'https://download.dnscrypt.info/resolvers-list/v3/relays.md']
  cache_file = 'relays.md'
  minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
  refresh_delay = 72
  prefix = ''
EOF
rm -rf /etc/systemd/system/dnscrypt-proxy.service
  cat > '/etc/systemd/system/dnscrypt-proxy.service' << EOF
[Unit]
Description=DNSCrypt client proxy
Documentation=https://github.com/DNSCrypt/dnscrypt-proxy/wiki
After=network.target
Before=nss-lookup.target netdata.service
Wants=nss-lookup.target

[Service]
#User=nobody
NonBlocking=true
ExecStart=/usr/sbin/dnscrypt-proxy -config /etc/dnscrypt-proxy/dnscrypt-proxy.toml
ProtectHome=yes
ProtectControlGroups=yes
ProtectKernelModules=yes
CacheDirectory=dnscrypt-proxy
LogsDirectory=dnscrypt-proxy
RuntimeDirectory=dnscrypt-proxy
LimitNOFILE=51200
LimitNPROC=51200
Restart=on-failure
RestartSec=3s
[Install]
WantedBy=multi-user.target
EOF
systemctl daemon-reload
systemctl enable dnscrypt-proxy.service
clear
colorEcho ${INFO} "Install dnscrypt-proxy ing"
if [[ $(systemctl is-active dnsmasq) == active ]]; then
    systemctl stop dnsmasq
    systemctl disable dnsmasq
fi
dnsver=$(curl -s "https://api.github.com/repos/DNSCrypt/dnscrypt-proxy/releases/latest" | grep '"tag_name":' | sed -E 's/.*"([^"]+)".*/\1/')
curl -LO --progress-bar https://github.com/DNSCrypt/dnscrypt-proxy/releases/download/${dnsver}/dnscrypt-proxy-linux_x86_64-${dnsver}.tar.gz
tar -xvf dnscrypt-proxy-linux_x86_64-${dnsver}.tar.gz
rm dnscrypt-proxy-linux_x86_64-${dnsver}.tar.gz
cd linux-x86_64
cp -f dnscrypt-proxy /usr/sbin/dnscrypt-proxy
chmod +x /usr/sbin/dnscrypt-proxy
cd ..
rm -rf linux-x86_64
setcap CAP_NET_BIND_SERVICE=+eip /usr/sbin/dnscrypt-proxy
wget --no-check-certificate -P /etc/dnscrypt-proxy/ https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md -q --show-progress
wget --no-check-certificate -P /etc/dnscrypt-proxy/ https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/opennic.md -q --show-progress
wget --no-check-certificate -P /etc/dnscrypt-proxy/ https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/relays.md -q --show-progress
fi
chmod -R 755 /etc/dnscrypt-proxy/
clear
if [[ $dnsmasq_install -eq 1 ]]; then
            if [[ $dist = ubuntu ]]; then
                 systemctl stop systemd-resolved
                 systemctl disable systemd-resolved
             fi
            if [[ $(systemctl is-active dnsmasq) == active ]]; then
                systemctl stop dnsmasq
                systemctl disable dnsmasq
            fi
rm /etc/resolv.conf
touch /etc/resolv.conf
echo "nameserver 127.0.0.1" > '/etc/resolv.conf'
#echo "options edns0 single-request-reopen" > '/etc/resolv.conf'
#cat > '/etc/resolv.conf' << EOF
#nameserver 127.0.0.1
#options edns0 single-request-reopen
#EOF
        systemctl start dnscrypt-proxy
fi

#centos7 修改 /etc/sysconfig/network-scripts/ifcfg-eth0
#追加DNS1=127.0.0.1
#debian/Ubuntu  修改vim /etc/resolvconf/resolv.conf.d/head
#nameserver 127.0.0.1
#https://zhuanlan.zhihu.com/p/34027883
#方法2 https://imlonghao.com/17.html
#nano /etc/dhcp/dhclient-enter-hooks.d/nodnsupdate
###!/bin/sh
#make_resolv_conf(){
#    :
#}
#chmod +x /etc/dhcp/dhclient-enter-hooks.d/nodnsupdate
##
#

from https://github.com/johnrosen1

用alpine基于smartdns建立本地DNS服务器

因为是虚拟机下使用,下载虚拟机专用的镜像

https://alpinelinux.org/downloads/    Virtual板块下载86_64镜像

当前 http://dl-cdn.alpinelinux.org/alpine/v3.12/releases/x86_64/alpine-virt-3.12.1-x86_64.iso


创建虚拟机 当前alpine内核是5.4,虚拟机创建及初始化过程略过

apk update && apk upgrade && apk add sudo nano

下载并安装smartdns  from https://github.com/pymumu/smartdns

wget https://github.com/pymumu/smartdns/releases/download/Release33/smartdns.1.2020.09.08-2235.x86_64-linux-all.tar.gz
tar xvf smartdns.1.2020.09.08-2235.x86_64-linux-all.tar.gz && cd smartdns && chmod +x ./install && mkdir mkdir /etc/default && ./install -i
rc-service smartdns stop
mv /etc/smartdns/smartdns.conf /etc/smartdns/smartdns.conf.bak
nano /etc/smartdns/smartdns.conf
server-name smartdns
bind :53
bind-tcp :53
cache-size 1536
prefetch-domain yes
serve-expired yes
log-level info
server-tls 208.67.222.222:853   
#server-https https://dns.twnic.tw/dns-query   
server-tls 45.32.55.94:853   
server-https https://cloudflare-dns.com/dns-query   
server-https https://neatdns.ustclug.org/resolve   
server-https https://doh.dns.sb/dns-query   
server-https https://public.dns.iij.jp/dns-query   
server-https https://dns.rubyfish.cn/dns-query   
server-https https://dns.dns-over-https.com/dns-query   
server-https https://jp.tiar.app/dns-query   
server-https https://i.233py.com/dns-query   
server 223.5.5.5:53   
server 114.114.114.114:53   
conf-file /tmp/whitelist.conf
conf-file /tmp/blacklist.conf
ipset /tracker.publicbt.com/block
ipset /tracker.publicbt.com/b-
address /tracker.publicbt.com/-
address /publicbt.com/-
address /www.publicbt.com/-
address /*.publicbt.com/-

取消DHCP DNS自动覆盖

nano /usr/share/udhcpc/default.script
用#注释RESOLV_CONF="/etc/resolv.conf"

修改本地DNS为127.0.0.1

nano /etc/resolv.conf
nameserver 127.0.0.1

启动smartdns并测试

/usr/sbin/smartdns
测试
nslookup -querytype=ptr smartdns

开机启动,默认的服务没法启动,未知

/usr/sbin/smartdns

nano /etc/local.d/init_nextcloud.start
#!/bin/sh
/usr/sbin/smartdns
chmod +x /etc/local.d/init_nextcloud.start

rc-update add local

添加守护

apk add monit
mv /etc/monitrc /etc/monitrc.bak
nano /etc/monitrc
set daemon  10   #10s循环监控
set logfile syslog
check process smartdns with pidfile /var/run/smartdns.pid
start program = "/usr/sbin/smartdns" with timeout 10 seconds
stop program = "/usr/bin/killall smartdns" with timeout 10 seconds
chmod 0700 /etc/monitrc
测试守护配置
monit  -t
启动
rc-service monit start
monit start all
#忽略有个报错
添加启动
rc-update add monit 


wordpress处理cdnjs加载慢的问题

我这里用的是nginx替代字符串的方法,在appnode下仅供参考

location ~ ^/.+\.php(/|$) {
sub_filter '//cdnjs.cloudflare.com/ajax/libs' '//cdn.staticfile.org';
sub_filter '//cdn.datatables.net' '//cdn.staticfile.org/datatables';
sub_filter_once off;
........