这两天给******开了台vps,试用投票下来,最后决定是用Linode,然后vps的话,显然很大的一个用途就是应付gfw了,我用shadowsocks,于是乎折腾了一下优化,这里记录一下。
为了优化,我们拥塞控制算法最好是采用hybla,而内核不自带,所以我们需要自己来编译(Digital Ocean可以不用编译,只要加载一下就好)。
-
查看机器内核版本:
uname -r
我的机器显示为:
4.0.4-x86_64-linode57
-
在https://www.kernel.org/pub/linux/kernel下载相同版本的源码:
mkdir kernel cd kernel wget https://www.kernel.org/pub/linux/kernel/v3.0/linux-3.11.6.tar.gz tar xzvf linux-3.11.6.tar.gz
-
安装以下内核编译工具,不然会编译失败:
CentOS and Fedora yum update && yum install -y ncurses-devel make gcc Ubuntu and Debian sudo apt-get install -y build-essential libncurses5-dev
-
配置内核编译文件,导出官方的配置文件再修改增加
hybla htcp模块:cd linux-3.11.6 zcat /proc/config.gz > .config
编辑
.config文件,查找CONFIG_TCP_CONG_CUBIC=y,要编译hybla模块在下面一行增加CONFIG_TCP_CONG_HYBLA=y,要编译htcp模块在下面一行增加CONFIG_TCP_CONG_HTCP=y,两个都要的话,都添加在下面,然后编译:make
耐心等待编译内核完成,单核编译大约需15分钟
-
修改编译模块的
Makefilecd net/ipv4/ mv Makefile Makefile.old vim Makefile
需要
hybla的话修改Makefile改成:# Makefile for tcp_hybla.ko obj-m := tcp_hybla.o KDIR := ../.. PWD := $(shell pwd) default: $(MAKE) -C $(KDIR) SUBDIRS=$(PWD) modules
需要
htcp的替换下关键词就好 -
开始编译模块
cd ../.. make modules
-
测试加载模块
cd net/ipv4 insmod ./tcp_hybla.ko sysctl net.ipv4.tcp_available_congestion_control
如果加载成功,会显示:
net.ipv4.tcp_available_congestion_control = cubic reno hybla
-
设置开机自动加载模块
首先将我们需要开机自动加载的模块复制到
/lib/modules/4.0.4-x86_64-linode57/kernel/net/ipv4sudo mkdir -p /lib/modules/4.0.4-x86_64-linode57/kernel/net/ipv4 sudo cp -a ~/kernel/linux-4.0.4/net/ipv4/tcp_hybla.ko /lib/modules/4.0.4-x86_64-linode57/kernel/net/ipv4
然后由于我是Ubuntu,所以直接修改
/etc/modules,再最后加入tcp_hybla即可。
至此,我们就已经将hybla算法添加好了,接下来开始修改配置:
-
首先修改
/etc/security/limits.conf,在最后加入:* soft nofile 51200 * hard nofile 51200
-
然后执行:
ulimit -n 51200 # 其实我执行的:ulimit -n unlimited
-
然后修改
/etc/sysctl.conf,在最后加入:# max open files fs.file-max = 51200 # max read buffer net.core.rmem_max = 67108864 # max write buffer net.core.wmem_max = 67108864 # default read buffer net.core.rmem_default = 65536 # default write buffer net.core.wmem_default = 65536 # max processor input queue net.core.netdev_max_backlog = 4096 # max backlog net.core.somaxconn = 4096 # resist SYN flood attacks net.ipv4.tcp_syncookies = 1 # reuse timewait sockets when safe net.ipv4.tcp_tw_reuse = 1 # turn off fast timewait sockets recycling net.ipv4.tcp_tw_recycle = 0 # short FIN timeout net.ipv4.tcp_fin_timeout = 30 # short keepalive time net.ipv4.tcp_keepalive_time = 1200 # outbound port range net.ipv4.ip_local_port_range = 10000 65000 # max SYN backlog net.ipv4.tcp_max_syn_backlog = 4096 # max timewait sockets held by system simultaneously net.ipv4.tcp_max_tw_buckets = 5000 # turn on TCP Fast Open on both client and server side net.ipv4.tcp_fastopen = 3 # TCP receive buffer net.ipv4.tcp_rmem = 4096 87380 67108864 # TCP write buffer net.ipv4.tcp_wmem = 4096 65536 67108864 # turn on path MTU discovery net.ipv4.tcp_mtu_probing = 1 # for high-latency network net.ipv4.tcp_congestion_control = hybla # for low-latency network, use cubic instead # net.ipv4.tcp_congestion_control = cubic
然后执行:
sudo sysctl -p
是配置生效
-
最后设置好shadowsocks的配置文件,启动即可:
{ "server": "::", "server_port": 8888, "password": "your password", "timeout": 300, "method": "rc4-md5", "fast_open": true }sudo ssserver -c /etc/shadowsocks.json -d start --user nobody