tag:blogger.com,1999:blog-29376802678489476742024-02-23T00:11:48.289+08:00Tech黑手 - 工作雜記髒圳嘎http://www.blogger.com/profile/17184209061223272557noreply@blogger.comBlogger387125tag:blogger.com,1999:blog-2937680267848947674.post-53755893749658957252023-06-26T10:47:00.003+08:002023-06-26T10:47:44.887+08:00How to use simple speedtest in RaspberryPi CLI<p> <br /><br /></p><p>pi@ChunchaiRPI2:/tmp $ <span style="color: red;"> wget -O speedtest-cli https://raw.githubusercontent.com/sivel/speedtest-cli/master/speedtest.py</span></p><p>--2023-06-26 10:43:47-- https://raw.githubusercontent.com/sivel/speedtest-cli/master/speedtest.py</p><p>Resolving raw.githubusercontent.com (raw.githubusercontent.com)... 185.199.111.133, 185.199.109.133, 185.199.110.133, ...</p><p>Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|185.199.111.133|:443... connected.</p><p>HTTP request sent, awaiting response... 200 OK</p><p>Length: 65334 (64K) [text/plain]</p><p>Saving to: ‘speedtest-cli’</p><p><br /></p><p>speedtest-cli 100%[=====================================================================================================================>] 63.80K --.-KB/s in 0.08s</p><p><br /></p><p>2023-06-26 10:43:48 (849 KB/s) - ‘speedtest-cli’ saved [65334/65334]</p><p><br /></p><p>pi@ChunchaiRPI2:/tmp $ <span style="color: red;">sudo chmod +x speedtest-cli</span></p><p>pi@ChunchaiRPI2:/tmp $ <span style="color: red;">./speedtest-cli --simple</span></p><p>Ping: 7.342 ms</p><p>Download: 301.20 Mbit/s</p><p>Upload: 251.35 Mbit/s</p><p>pi@ChunchaiRPI2:/tmp $</p><div><br /></div>髒圳嘎http://www.blogger.com/profile/17184209061223272557noreply@blogger.com1tag:blogger.com,1999:blog-2937680267848947674.post-68777629768514000932023-06-20T14:42:00.006+08:002023-06-20T14:42:51.058+08:00How to decompile dtb file (Device Tree)<p>dtc -I dtb -O dts -o devicetree.dts devicetree.dtb</p><p><br /></p><p>$ sudo apt-get install device-tree-compiler</p><p><br /></p><p>$ dtc -I dtb -O dts test.dtb > test.dts</p><p>$ dtc -I dts -O dtb test.dts > test.dtb</p><p><br /></p><p> </p><p><br /></p><p>reference: https://forum.digilentinc.com/topic/2427-how-to-decompile-dtb-file/</p><p><br /></p><p><br /></p><p>Device Tree, reference:</p><p>Device Tree(一):背景介绍 http://www.wowotech.net/device_model/why-dt.html</p><p>Device Tree(二):基本概念 http://www.wowotech.net/device_model/dt_basic_concept.html</p><p>Device Tree(三):代码分析 http://www.wowotech.net/device_model/dt-code-analysis.html</p><p>Device Tree(四):文件结构解析 http://www.wowotech.net/device_model/dt-code-file-struct-parse.html</p>髒圳嘎http://www.blogger.com/profile/17184209061223272557noreply@blogger.com0tag:blogger.com,1999:blog-2937680267848947674.post-56961438722559036592023-06-01T12:18:00.001+08:002023-06-01T12:18:18.708+08:00HGU – Supported Service Scenarios<p><span style="font-size: xx-small;">From https://halny.com/knowledge-base/hgu-supported-service-scenarios/</span></p><p><span style="font-size: xx-small;"><br /></span></p><p><span style="background-color: white; color: #6a6a6a; font-family: "Source Sans Pro"; font-size: 14px;">HGU mode allows to flow multiple traffic classes across VEIP.</span><br style="background-color: white; box-sizing: border-box; color: #6a6a6a; font-family: "Source Sans Pro"; font-size: 14px;" /><span style="background-color: white; color: #6a6a6a; font-family: "Source Sans Pro"; font-size: 14px;">All UNI interfaces are belonged to one VEIP and it cannot be controlled by OMCI.</span><br style="background-color: white; box-sizing: border-box; color: #6a6a6a; font-family: "Source Sans Pro"; font-size: 14px;" /><span style="background-color: white; color: #6a6a6a; font-family: "Source Sans Pro"; font-size: 14px;">This non-OMCI part can be controlled by Web and Auto provisioning.</span><br style="background-color: white; box-sizing: border-box; color: #6a6a6a; font-family: "Source Sans Pro"; font-size: 14px;" /><span style="background-color: white; color: #6a6a6a; font-family: "Source Sans Pro"; font-size: 14px;">Most OLT vendors support dual stack:</span><br style="background-color: white; box-sizing: border-box; color: #6a6a6a; font-family: "Source Sans Pro"; font-size: 14px;" /><span style="background-color: white; color: #6a6a6a; font-family: "Source Sans Pro"; font-size: 14px;">– IP-HOST #1 -> MGMT (WEB, XML provisioning) – configure by OMCI (from OLT)</span><br style="background-color: white; box-sizing: border-box; color: #6a6a6a; font-family: "Source Sans Pro"; font-size: 14px;" /><span style="background-color: white; color: #6a6a6a; font-family: "Source Sans Pro"; font-size: 14px;">– VEIP (non-OMCI : INTERNET, VoIP, IPTV services) – configure by ONT WEB or provisioning</span></p><p><span style="font-size: xx-small;"><br /></span></p><p><span style="font-size: xx-small;"></span></p><div class="separator" style="clear: both; text-align: center;"><span style="font-size: xx-small;"><br /></span></div><h4 class="has-text-align-center wp-block-heading" data-id="articleTOC_0" style="background-color: white; box-sizing: border-box; color: #383838; font-family: Poppins; font-size: 16px; line-height: 22px; margin-bottom: 0px; margin-top: 0px; text-align: center;">1.Bridge mode – only INTERNET:1-4/WIFI + MGMT</h4><figure class="wp-block-image size-large" style="background-color: white; box-sizing: border-box; color: #6a6a6a; font-family: "Source Sans Pro"; font-size: 14px; height: auto; margin: 2em 0px; max-width: 100%;"><img alt="" class="wp-image-7066" decoding="async" height="420" sizes="(max-width: 954px) 100vw, 954px" src="https://halny.com/wp-content/uploads/2020/05/Obraz12.png" srcset="https://halny.com/wp-content/uploads/2020/05/Obraz12.png 954w, https://halny.com/wp-content/uploads/2020/05/Obraz12-300x132.png 300w, https://halny.com/wp-content/uploads/2020/05/Obraz12-768x338.png 768w" style="border: 0px; box-sizing: border-box; height: auto; max-width: 100%; vertical-align: bottom;" width="954" /></figure><figure class="wp-block-image size-large" style="background-color: white; box-sizing: border-box; color: #6a6a6a; font-family: "Source Sans Pro"; font-size: 14px; height: auto; margin: 2em 0px; max-width: 100%;"><h4 class="has-text-align-center wp-block-heading" data-id="articleTOC_1" style="box-sizing: border-box; color: #383838; font-family: Poppins; font-size: 16px; line-height: 22px; margin-bottom: 0px; margin-top: 0px; text-align: center;">2.Bridge mode – INTERNET:1-4/WIFI, VoIP Interface + MGMT</h4><figure class="wp-block-image size-large" style="box-sizing: border-box; height: auto; margin: 2em 0px; max-width: 100%;"><img alt="" class="wp-image-7067" decoding="async" height="537" loading="lazy" sizes="(max-width: 920px) 100vw, 920px" src="https://halny.com/wp-content/uploads/2020/05/Obraz13.png" srcset="https://halny.com/wp-content/uploads/2020/05/Obraz13.png 920w, https://halny.com/wp-content/uploads/2020/05/Obraz13-300x175.png 300w, https://halny.com/wp-content/uploads/2020/05/Obraz13-768x448.png 768w" style="border: 0px; box-sizing: border-box; height: auto; max-width: 100%; vertical-align: bottom;" width="920" /></figure><h4 class="has-text-align-center wp-block-heading" data-id="articleTOC_2" style="box-sizing: border-box; color: #383838; font-family: Poppins; font-size: 16px; line-height: 22px; margin-bottom: 0px; margin-top: 0px; text-align: center;">3.Bridge mode – INTERNET:1-2/WIFI, IPTV:3-4, VoIP Interface + MGMT</h4><figure class="wp-block-image size-large" style="box-sizing: border-box; height: auto; margin: 2em 0px; max-width: 100%;"><img alt="" class="wp-image-7068" decoding="async" height="462" loading="lazy" sizes="(max-width: 790px) 100vw, 790px" src="https://halny.com/wp-content/uploads/2020/05/Obraz14.png" srcset="https://halny.com/wp-content/uploads/2020/05/Obraz14.png 790w, https://halny.com/wp-content/uploads/2020/05/Obraz14-300x175.png 300w, https://halny.com/wp-content/uploads/2020/05/Obraz14-768x449.png 768w" style="border: 0px; box-sizing: border-box; height: auto; max-width: 100%; vertical-align: bottom;" width="790" /></figure><h4 class="has-text-align-center wp-block-heading" data-id="articleTOC_3" style="box-sizing: border-box; color: #383838; font-family: Poppins; font-size: 16px; line-height: 22px; margin-bottom: 0px; margin-top: 0px; text-align: center;">4.Router mode – only INTERNET:1-4/WIFI + MGMT</h4><figure class="wp-block-image size-large" style="box-sizing: border-box; height: auto; margin: 2em 0px; max-width: 100%;"><img alt="" class="wp-image-7069" decoding="async" height="451" loading="lazy" sizes="(max-width: 1024px) 100vw, 1024px" src="https://halny.com/wp-content/uploads/2020/05/Obraz15-1024x451.png" srcset="https://halny.com/wp-content/uploads/2020/05/Obraz15-1024x451.png 1024w, https://halny.com/wp-content/uploads/2020/05/Obraz15-300x132.png 300w, https://halny.com/wp-content/uploads/2020/05/Obraz15-768x338.png 768w, https://halny.com/wp-content/uploads/2020/05/Obraz15.png 1122w" style="border: 0px; box-sizing: border-box; height: auto; max-width: 100%; vertical-align: bottom;" width="1024" /></figure><h4 class="has-text-align-center wp-block-heading" data-id="articleTOC_4" style="box-sizing: border-box; color: #383838; font-family: Poppins; font-size: 16px; line-height: 22px; margin-bottom: 0px; margin-top: 0px; text-align: center;">5.Router mode – INTERNET:1-4/WIFI, VoIP Interface + MGMT</h4><figure class="wp-block-image size-large" style="box-sizing: border-box; height: auto; margin: 2em 0px; max-width: 100%;"><img alt="" class="wp-image-7070" decoding="async" height="522" loading="lazy" sizes="(max-width: 892px) 100vw, 892px" src="https://halny.com/wp-content/uploads/2020/05/Obraz16.png" srcset="https://halny.com/wp-content/uploads/2020/05/Obraz16.png 892w, https://halny.com/wp-content/uploads/2020/05/Obraz16-300x176.png 300w, https://halny.com/wp-content/uploads/2020/05/Obraz16-768x449.png 768w" style="border: 0px; box-sizing: border-box; height: auto; max-width: 100%; vertical-align: bottom;" width="892" /></figure><h4 class="has-text-align-center wp-block-heading" data-id="articleTOC_5" style="box-sizing: border-box; color: #383838; font-family: Poppins; font-size: 16px; line-height: 22px; margin-bottom: 0px; margin-top: 0px; text-align: center;">6.Router mode – INTERNET:1-2/WIFI, IPTV:3-4, VoIP + MGMT</h4><figure class="wp-block-image size-large" style="box-sizing: border-box; height: auto; margin: 2em 0px; max-width: 100%;"><img alt="" class="wp-image-7071" decoding="async" height="482" loading="lazy" sizes="(max-width: 822px) 100vw, 822px" src="https://halny.com/wp-content/uploads/2020/05/Obraz17.png" srcset="https://halny.com/wp-content/uploads/2020/05/Obraz17.png 822w, https://halny.com/wp-content/uploads/2020/05/Obraz17-300x176.png 300w, https://halny.com/wp-content/uploads/2020/05/Obraz17-768x450.png 768w" style="border: 0px; box-sizing: border-box; height: auto; max-width: 100%; vertical-align: bottom;" width="822" /></figure></figure><p></p>髒圳嘎http://www.blogger.com/profile/17184209061223272557noreply@blogger.com0tag:blogger.com,1999:blog-2937680267848947674.post-49101333268120783452023-06-01T12:15:00.003+08:002023-06-01T12:18:54.269+08:00SFU – Supported Service Scenarios<p><span style="font-size: xx-small;">From: https://halny.com/knowledge-base/sfu-supported-service-scenarios/</span></p><div id="eckb-article-content-body" style="box-sizing: border-box; color: #6a6a6a; font-family: "Source Sans Pro"; font-size: 14px; width: 749.594px;"><div class="codeless-content" data-codeless="true" style="box-sizing: border-box;"><h4 class="has-text-align-center wp-block-heading" data-id="articleTOC_0" style="box-sizing: border-box; color: #383838; font-family: Poppins; font-size: 16px; letter-spacing: 0px; line-height: 22px; margin-bottom: 0px; margin-top: 0px; text-align: center;"><br /></h4><h4 class="has-text-align-center wp-block-heading" data-id="articleTOC_0" style="box-sizing: border-box; color: #383838; font-family: Poppins; font-size: 16px; letter-spacing: 0px; line-height: 22px; margin-bottom: 0px; margin-top: 0px; text-align: center;">1.Access mode – only Internet</h4><div class="wp-block-image" style="box-sizing: border-box; margin: 0px 0px 1em;"><figure class="aligncenter size-large" style="box-sizing: border-box; clear: both; display: table; float: none; margin: 0em auto;"><img alt="" class="wp-image-7230" decoding="async" height="126" sizes="(max-width: 602px) 100vw, 602px" src="https://halny.com/wp-content/uploads/2020/05/image-6.png" srcset="https://halny.com/wp-content/uploads/2020/05/image-6.png 602w, https://halny.com/wp-content/uploads/2020/05/image-6-300x63.png 300w" style="border: 0px; box-sizing: border-box; height: auto; max-width: 100%; vertical-align: bottom;" width="602" /></figure></div><h4 class="has-text-align-center wp-block-heading" data-id="articleTOC_1" style="box-sizing: border-box; color: #383838; font-family: Poppins; font-size: 16px; letter-spacing: 0px; line-height: 22px; margin-bottom: 0px; margin-top: 0px; text-align: center;">2.Access mode – only IPTV</h4><div class="wp-block-image" style="box-sizing: border-box; margin: 0px 0px 1em;"><figure class="aligncenter size-large" style="box-sizing: border-box; clear: both; display: table; float: none; margin: 0em auto;"><img alt="" class="wp-image-7231" decoding="async" height="126" loading="lazy" sizes="(max-width: 731px) 100vw, 731px" src="https://halny.com/wp-content/uploads/2020/05/image-7.png" srcset="https://halny.com/wp-content/uploads/2020/05/image-7.png 731w, https://halny.com/wp-content/uploads/2020/05/image-7-300x52.png 300w" style="border: 0px; box-sizing: border-box; height: auto; max-width: 100%; vertical-align: bottom;" width="731" /></figure></div><h4 class="has-text-align-center wp-block-heading" data-id="articleTOC_2" style="box-sizing: border-box; color: #383838; font-family: Poppins; font-size: 16px; letter-spacing: 0px; line-height: 22px; margin-bottom: 0px; margin-top: 0px; text-align: center;">3.Transparent mode – Internet, IPTV, VoIP</h4><div class="wp-block-image" style="box-sizing: border-box; margin: 0px 0px 1em;"><figure class="aligncenter size-large" style="box-sizing: border-box; clear: both; display: table; float: none; margin: 0em auto;"><img alt="" class="wp-image-7234" decoding="async" height="440" loading="lazy" sizes="(max-width: 961px) 100vw, 961px" src="https://halny.com/wp-content/uploads/2020/05/image-8.png" srcset="https://halny.com/wp-content/uploads/2020/05/image-8.png 961w, https://halny.com/wp-content/uploads/2020/05/image-8-300x137.png 300w, https://halny.com/wp-content/uploads/2020/05/image-8-768x352.png 768w" style="border: 0px; box-sizing: border-box; height: auto; max-width: 100%; vertical-align: bottom;" width="961" /></figure></div><h4 class="has-text-align-center wp-block-heading" data-id="articleTOC_3" style="box-sizing: border-box; color: #383838; font-family: Poppins; font-size: 16px; letter-spacing: 0px; line-height: 22px; margin-bottom: 0px; margin-top: 0px; text-align: center;">4.VLAN translation – rBSA</h4><div class="wp-block-image" style="box-sizing: border-box; margin: 0px 0px 1em;"><figure class="aligncenter size-large" style="box-sizing: border-box; clear: both; display: table; float: none; margin: 0em auto;"><img alt="" class="wp-image-7242" decoding="async" height="440" loading="lazy" sizes="(max-width: 961px) 100vw, 961px" src="https://halny.com/wp-content/uploads/2020/05/image-9.png" srcset="https://halny.com/wp-content/uploads/2020/05/image-9.png 961w, https://halny.com/wp-content/uploads/2020/05/image-9-300x137.png 300w, https://halny.com/wp-content/uploads/2020/05/image-9-768x352.png 768w" style="border: 0px; box-sizing: border-box; height: auto; max-width: 100%; vertical-align: bottom;" width="961" /></figure></div><h4 class="has-text-align-center wp-block-heading" data-id="articleTOC_4" style="box-sizing: border-box; color: #383838; font-family: Poppins; font-size: 16px; letter-spacing: 0px; line-height: 22px; margin-bottom: 0px; margin-top: 0px; text-align: center;">5.802.1q in 802.1q Begin/End of Tunnel</h4><div class="wp-block-image" style="box-sizing: border-box; margin: 0px 0px 1em;"><figure class="aligncenter size-large" style="box-sizing: border-box; clear: both; display: table; float: none; margin: 0em auto;"><img alt="" class="wp-image-7289" decoding="async" height="440" loading="lazy" sizes="(max-width: 961px) 100vw, 961px" src="https://halny.com/wp-content/uploads/2020/05/Service-scenario-QinQ-tunnel-beginend.jpg" srcset="https://halny.com/wp-content/uploads/2020/05/Service-scenario-QinQ-tunnel-beginend.jpg 961w, https://halny.com/wp-content/uploads/2020/05/Service-scenario-QinQ-tunnel-beginend-300x137.jpg 300w, https://halny.com/wp-content/uploads/2020/05/Service-scenario-QinQ-tunnel-beginend-768x352.jpg 768w" style="border: 0px; box-sizing: border-box; height: auto; max-width: 100%; vertical-align: bottom;" width="961" /></figure></div><h4 class="has-text-align-center wp-block-heading" data-id="articleTOC_5" style="box-sizing: border-box; color: #383838; font-family: Poppins; font-size: 16px; letter-spacing: 0px; line-height: 22px; margin-bottom: 0px; margin-top: 0px; text-align: center;">6.Transparent 802.1q in 802.1q</h4><figure class="wp-block-image size-large" style="box-sizing: border-box; height: auto; margin: 2em 0px; max-width: 100%;"><img alt="" class="wp-image-7290" decoding="async" height="440" loading="lazy" sizes="(max-width: 961px) 100vw, 961px" src="https://halny.com/wp-content/uploads/2020/05/Service-scenario-Transparent-QinQ.jpg" srcset="https://halny.com/wp-content/uploads/2020/05/Service-scenario-Transparent-QinQ.jpg 961w, https://halny.com/wp-content/uploads/2020/05/Service-scenario-Transparent-QinQ-300x137.jpg 300w, https://halny.com/wp-content/uploads/2020/05/Service-scenario-Transparent-QinQ-768x352.jpg 768w" style="border: 0px; box-sizing: border-box; height: auto; max-width: 100%; vertical-align: bottom;" width="961" /></figure><h4 class="has-text-align-center wp-block-heading" data-id="articleTOC_6" style="box-sizing: border-box; color: #383838; font-family: Poppins; font-size: 16px; letter-spacing: 0px; line-height: 22px; margin-bottom: 0px; margin-top: 0px; text-align: center;">7.OSE/MdO</h4><figure class="wp-block-image size-large" style="box-sizing: border-box; height: auto; margin: 2em 0px; max-width: 100%;"><img alt="" class="wp-image-7291" decoding="async" height="437" loading="lazy" sizes="(max-width: 981px) 100vw, 981px" src="https://halny.com/wp-content/uploads/2020/05/Service-scenario-OSE-MdO.jpg" srcset="https://halny.com/wp-content/uploads/2020/05/Service-scenario-OSE-MdO.jpg 981w, https://halny.com/wp-content/uploads/2020/05/Service-scenario-OSE-MdO-300x134.jpg 300w, https://halny.com/wp-content/uploads/2020/05/Service-scenario-OSE-MdO-768x342.jpg 768w" style="border: 0px; box-sizing: border-box; height: auto; max-width: 100%; vertical-align: bottom;" width="981" /></figure></div></div>髒圳嘎http://www.blogger.com/profile/17184209061223272557noreply@blogger.com0tag:blogger.com,1999:blog-2937680267848947674.post-19023456004204971052023-06-01T12:09:00.005+08:002023-06-01T12:09:48.918+08:00OMCI協議二層功能的模型選擇<p><span style="background-color: white; box-sizing: border-box; outline: 0px; overflow-wrap: break-word; vertical-align: inherit;"><span style="font-size: xx-small;">From:https://blog.csdn.net/JIANGXIN04211/article/details/48294645<br /></span><br /><span style="color: #333333; font-family: -apple-system, SF UI Text, Arial, PingFang SC, Hiragino Sans GB, Microsoft YaHei, WenQuanYi Micro Hei, sans-serif, SimHei, SimSun;">我們知道有兩種大的二層功能,即MAC橋以及802.1p映射。</span></span><span style="background-color: white; box-sizing: border-box; color: #333333; font-family: -apple-system, "SF UI Text", Arial, "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei", "WenQuanYi Micro Hei", sans-serif, SimHei, SimSun; font-size: 16px; outline: 0px; overflow-wrap: break-word; vertical-align: inherit;">MAC橋是IEEE 802.1D描述的,有許多的特性,可以基於MAC地址透明轉發(True bridging)或VLAN characteristics(利用VLAN filter)。</span><span style="background-color: white; box-sizing: border-box; color: #333333; font-family: -apple-system, "SF UI Text", Arial, "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei", "WenQuanYi Micro Hei", sans-serif, SimHei, SimSun; font-size: 16px; outline: 0px; overflow-wrap: break-word; vertical-align: inherit;">而映射功能描述了一個用戶側實體到1到8個網絡側流標記的關係。</span><span style="background-color: white; box-sizing: border-box; color: #333333; font-family: -apple-system, "SF UI Text", Arial, "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei", "WenQuanYi Micro Hei", sans-serif, SimHei, SimSun; font-size: 16px; outline: 0px; overflow-wrap: break-word; vertical-align: inherit;">那種映射與只利用VLAN標記中pbit字段作為VLAN filters的MAC橋是相等的。</span></p><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: -apple-system, "SF UI Text", Arial, "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei", "WenQuanYi Micro Hei", sans-serif, SimHei, SimSun; font-size: 16px; line-height: 24px !important; margin: 0px 0px 16px; outline: 0px; overflow-wrap: break-word; overflow: auto hidden; padding: 0px;"><br style="box-sizing: border-box; outline: 0px; overflow-wrap: break-word;" /></p><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: -apple-system, "SF UI Text", Arial, "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei", "WenQuanYi Micro Hei", sans-serif, SimHei, SimSun; font-size: 16px; line-height: 24px !important; margin: 0px 0px 16px; outline: 0px; overflow-wrap: break-word; overflow: auto hidden; padding: 0px;"><span style="box-sizing: border-box; outline: 0px; overflow-wrap: break-word; vertical-align: inherit;"><span style="box-sizing: border-box; outline: 0px; overflow-wrap: break-word; vertical-align: inherit;">那兩種基本二層服務能組合實現各種連接要求。</span><span style="box-sizing: border-box; outline: 0px; overflow-wrap: break-word; vertical-align: inherit;">有三種大的基本模式:</span></span></p><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: -apple-system, "SF UI Text", Arial, "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei", "WenQuanYi Micro Hei", sans-serif, SimHei, SimSun; font-size: 16px; line-height: 24px !important; margin: 0px 0px 16px; outline: 0px; overflow-wrap: break-word; overflow: auto hidden; padding: 0px;"><span style="box-sizing: border-box; outline: 0px; overflow-wrap: break-word; vertical-align: inherit;">N:1 bridging多個用戶端口在同一個橋中,而只有一個網絡服務</span></p><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: -apple-system, "SF UI Text", Arial, "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei", "WenQuanYi Micro Hei", sans-serif, SimHei, SimSun; font-size: 16px; line-height: 24px !important; margin: 0px 0px 16px; outline: 0px; overflow-wrap: break-word; overflow: auto hidden; padding: 0px;"><span style="box-sizing: border-box; outline: 0px; overflow-wrap: break-word; vertical-align: inherit;">1:M mapping基於pbit來將一個用戶端口映射成多個網絡側服務</span></p><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: -apple-system, "SF UI Text", Arial, "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei", "WenQuanYi Micro Hei", sans-serif, SimHei, SimSun; font-size: 16px; line-height: 24px !important; margin: 0px 0px 16px; outline: 0px; overflow-wrap: break-word; overflow: auto hidden; padding: 0px;"><span style="box-sizing: border-box; font-weight: 700; outline: 0px; overflow-wrap: break-word;"><span style="box-sizing: border-box; color: red; margin: 0px; outline: 0px; overflow-wrap: break-word; padding: 0px;">1:P filtering</span></span><span style="box-sizing: border-box; outline: 0px; overflow-wrap: break-word; vertical-align: inherit;"> 基於非pbit的VLAN信息來將單一的用戶端口映射成多個網絡側服務</span></p><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: -apple-system, "SF UI Text", Arial, "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei", "WenQuanYi Micro Hei", sans-serif, SimHei, SimSun; font-size: 16px; line-height: 24px !important; margin: 0px 0px 16px; outline: 0px; overflow-wrap: break-word; overflow: auto hidden; padding: 0px;"><span style="box-sizing: border-box; outline: 0px; overflow-wrap: break-word; vertical-align: inherit;"><span style="box-sizing: border-box; outline: 0px; overflow-wrap: break-word; vertical-align: inherit;">除了以上三個基本可能外,也有四種複雜的組合。</span><span style="box-sizing: border-box; outline: 0px; overflow-wrap: break-word; vertical-align: inherit;">即:</span></span></p><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: -apple-system, "SF UI Text", Arial, "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei", "WenQuanYi Micro Hei", sans-serif, SimHei, SimSun; font-size: 16px; line-height: 24px !important; margin: 0px 0px 16px; outline: 0px; overflow-wrap: break-word; overflow: auto hidden; padding: 0px;"><span style="box-sizing: border-box; outline: 0px; overflow-wrap: break-word; vertical-align: inherit;">N:M bridging mapping顧名思義,N個用戶端口在一個橋中先橋轉發然後</span><a name="OLE_LINK2" style="box-sizing: border-box; color: #336699; cursor: pointer; margin: 0px; outline: none; overflow-wrap: break-word; padding: 0px;" target="_blank"></a><a name="OLE_LINK1" style="box-sizing: border-box; color: #336699; cursor: pointer; margin: 0px; outline: none; overflow-wrap: break-word; padding: 0px;" target="_blank">再進行基於</a><span style="box-sizing: border-box; outline: 0px; overflow-wrap: break-word; vertical-align: inherit;">pbit的映射。</span></p><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: -apple-system, "SF UI Text", Arial, "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei", "WenQuanYi Micro Hei", sans-serif, SimHei, SimSun; font-size: 16px; line-height: 24px !important; margin: 0px 0px 16px; outline: 0px; overflow-wrap: break-word; overflow: auto hidden; padding: 0px;"><span style="box-sizing: border-box; outline: 0px; overflow-wrap: break-word; vertical-align: inherit;">1:MP map-filtering 一個用戶端口做filtering以及mapping</span></p><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: -apple-system, "SF UI Text", Arial, "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei", "WenQuanYi Micro Hei", sans-serif, SimHei, SimSun; font-size: 16px; line-height: 24px !important; margin: 0px 0px 16px; outline: 0px; overflow-wrap: break-word; overflow: auto hidden; padding: 0px;"><span style="box-sizing: border-box; outline: 0px; overflow-wrap: break-word; vertical-align: inherit;">N:P bridging-filtering N個用戶端口在一個橋中先橋轉發然後再進行基於非pbit的VLAN信息的映射</span></p><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: -apple-system, "SF UI Text", Arial, "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei", "WenQuanYi Micro Hei", sans-serif, SimHei, SimSun; font-size: 16px; line-height: 24px !important; margin: 0px 0px 16px; outline: 0px; overflow-wrap: break-word; overflow: auto hidden; padding: 0px;"><span style="box-sizing: border-box; outline: 0px; overflow-wrap: break-word; vertical-align: inherit;">N:MP bridging-map-filtering顯而易見。</span></p><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: -apple-system, "SF UI Text", Arial, "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei", "WenQuanYi Micro Hei", sans-serif, SimHei, SimSun; font-size: 16px; line-height: 24px !important; margin: 0px 0px 16px; outline: 0px; overflow-wrap: break-word; overflow: auto hidden; padding: 0px;"><span style="box-sizing: border-box; outline: 0px; overflow-wrap: break-word; vertical-align: inherit;"><span style="box-sizing: border-box; outline: 0px; overflow-wrap: break-word; vertical-align: inherit;">系統性地,tag filtering發生在接近MAC橋而不是tagging操作的部位。</span><span style="box-sizing: border-box; outline: 0px; overflow-wrap: break-word; vertical-align: inherit;">如下順序:</span></span></p><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: -apple-system, "SF UI Text", Arial, "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei", "WenQuanYi Micro Hei", sans-serif, SimHei, SimSun; font-size: 16px; line-height: 24px !important; margin: 0px 0px 16px; outline: 0px; overflow-wrap: break-word; overflow: auto hidden; padding: 0px;"><span style="box-sizing: border-box; font-weight: 700; outline: 0px; overflow-wrap: break-word;"><span style="box-sizing: border-box; color: red; margin: 0px; outline: 0px; overflow-wrap: break-word; padding: 0px;">ANI—Tag operation—Tag filtering—Bridging—Tag filtering—Tag operation—UNI</span></span></p><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: -apple-system, "SF UI Text", Arial, "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei", "WenQuanYi Micro Hei", sans-serif, SimHei, SimSun; font-size: 16px; line-height: 24px !important; margin: 0px 0px 16px; outline: 0px; overflow-wrap: break-word; overflow: auto hidden; padding: 0px;"><span style="box-sizing: border-box; outline: 0px; overflow-wrap: break-word; vertical-align: inherit;"><span style="box-sizing: border-box; outline: 0px; overflow-wrap: break-word; vertical-align: inherit;">許多公司實現了非802.1p模型而採用最簡單的bridging模型,而最簡單一種是每個用戶端在一個Bridge中。</span><span style="box-sizing: border-box; outline: 0px; overflow-wrap: break-word; vertical-align: inherit;">1:P模型被採用。</span><span style="box-sizing: border-box; outline: 0px; overflow-wrap: break-word; vertical-align: inherit;">如果是多端口的CPE設備(一般由Interworking模塊,如Broadlight chip與交換Switch模塊,如Broadcom switch組成),那塊switch chip每個用戶口有個port VLAN(每個端口不一樣),為了區隔彼此。</span><span style="box-sizing: border-box; outline: 0px; overflow-wrap: break-word; vertical-align: inherit;">對於Untag流需要映射pbit的話可以採用管理對象(ID:171 Extended VLAN Tagging operation configuration data)屬性來達到要求。</span></span></p><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: -apple-system, "SF UI Text", Arial, "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei", "WenQuanYi Micro Hei", sans-serif, SimHei, SimSun; font-size: 16px; line-height: 24px !important; margin: 0px 0px 16px; outline: 0px; overflow-wrap: break-word; overflow: auto hidden; padding: 0px;"> </p><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: -apple-system, "SF UI Text", Arial, "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei", "WenQuanYi Micro Hei", sans-serif, SimHei, SimSun; font-size: 16px; line-height: 24px !important; margin: 0px 0px 16px; outline: 0px; overflow-wrap: break-word; overflow: auto hidden; padding: 0px;"><span style="box-sizing: border-box; outline: 0px; overflow-wrap: break-word; vertical-align: inherit;">參考:G.984.4 Section 8.2.2</span></p>髒圳嘎http://www.blogger.com/profile/17184209061223272557noreply@blogger.com0tag:blogger.com,1999:blog-2937680267848947674.post-75053246987175312002023-04-10T23:34:00.004+08:002023-04-10T23:35:42.805+08:00secure boot(三)secure boot的签名和验签方案<p><span style="font-size: x-small;">From:<a href="https://cloud.tencent.com/developer/article/2182626?from=article.detail.2182624&areaSource=106000.1&traceId=6TuiWB62dtuJGznPqWlJ1" target="_blank">https://cloud.tencent.com/developer/article/2182626?from=article.detail.2182624&areaSource=106000.1&traceId=6TuiWB62dtuJGznPqWlJ1</a></span><br /><br /></p><h2 id="%E7%AE%80%E4%BB%8B" name="%E7%AE%80%E4%BB%8B" style="background-color: white; box-sizing: border-box; font-family: "pingfang SC", "helvetica neue", arial, "hiragino sans gb", "microsoft yahei ui", "microsoft yahei", simsun, sans-serif; font-size: 16px; line-height: 26px; list-style: inherit; margin: 16px 0px 8px; padding: 0px; white-space: pre-wrap;"><strong style="box-sizing: border-box; list-style: inherit;">简介</strong> </h2><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: "pingfang SC", "helvetica neue", arial, "hiragino sans gb", "microsoft yahei ui", "microsoft yahei", simsun, sans-serif; font-size: 14px; list-style: inherit; margin: 0px 0px 8px; min-height: 24px; padding: 0px; white-space: pre-wrap;">FIT 格式支持存储镜像的hash值,并且在加载镜像时会校验hash值。这可以保护镜像免受破坏,但是,它并不能保护镜像不被替换。</p><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: "pingfang SC", "helvetica neue", arial, "hiragino sans gb", "microsoft yahei ui", "microsoft yahei", simsun, sans-serif; font-size: 14px; list-style: inherit; margin: 0px 0px 8px; min-height: 24px; padding: 0px; white-space: pre-wrap;">而如果对hash值使用私钥签名,在加载镜像时使用公钥验签则可以保护镜像不被替换。因此,公钥必须保存在一个绝对安全的地方。</p><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: "pingfang SC", "helvetica neue", arial, "hiragino sans gb", "microsoft yahei ui", "microsoft yahei", simsun, sans-serif; font-size: 14px; list-style: inherit; margin: 0px 0px 8px; min-height: 24px; padding: 0px; white-space: pre-wrap;">接下来的内容要求大家了解一些密码学的内容,之前也介绍过一些,可以看这篇文章</p><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: "pingfang SC", "helvetica neue", arial, "hiragino sans gb", "microsoft yahei ui", "microsoft yahei", simsun, sans-serif; font-size: 14px; list-style: inherit; margin: 0px 0px 8px; min-height: 24px; padding: 0px; white-space: pre-wrap;"><a href="https://mp.weixin.qq.com/s?__biz=Mzg5ODUxNDMxMA==&mid=2247491414&idx=1&sn=bc37745718e2f6e271505209de24e515&chksm=c06033bff717baa9370c8ef2c2c517065e6816f0f14a0406cd51a711c1c56632108c1815871e&token=1171270122&lang=zh_CN&scene=21#wechat_redirect" rel="nofollow noopener noreferrer" style="box-sizing: border-box; color: #00a4ff; list-style: inherit; text-decoration-line: none;" target="_blank"><strong style="box-sizing: border-box; list-style: inherit;">secure boot (一)FIT Image</strong></a></p><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: "pingfang SC", "helvetica neue", arial, "hiragino sans gb", "microsoft yahei ui", "microsoft yahei", simsun, sans-serif; font-size: 14px; list-style: inherit; margin: 0px 0px 8px; min-height: 24px; padding: 0px; white-space: pre-wrap;"><a href="https://mp.weixin.qq.com/s?__biz=Mzg5ODUxNDMxMA==&mid=2247491435&idx=1&sn=7661390f96472a714e92c81d51295b8b&chksm=c0603382f717ba94549f55d92e9153ff2f312d78b7891527738e99dace65c0290e7bb6895054&token=1171270122&lang=zh_CN&scene=21#wechat_redirect" rel="nofollow noopener noreferrer" style="box-sizing: border-box; color: #00a4ff; list-style: inherit; text-decoration-line: none;" target="_blank"><strong style="box-sizing: border-box; list-style: inherit;">secure boot (二)基本概念和框架</strong></a></p><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: "pingfang SC", "helvetica neue", arial, "hiragino sans gb", "microsoft yahei ui", "microsoft yahei", simsun, sans-serif; font-size: 14px; list-style: inherit; margin: 0px 0px 8px; min-height: 24px; padding: 0px; white-space: pre-wrap;">secure boot签名的大致流程:</p><ul class="ul-level-0" style="background-color: white; box-sizing: border-box; color: #333333; font-family: "pingfang SC", "helvetica neue", arial, "hiragino sans gb", "microsoft yahei ui", "microsoft yahei", simsun, sans-serif; font-size: 14px; list-style: none; margin: 0px 0px 16px; padding: 0px; white-space: pre-wrap;"><li style="box-sizing: border-box; list-style: none; margin: 0px 0px 4px; padding: 0px 0px 0px 18px; position: relative;">计算镜像的hash值</li><li style="box-sizing: border-box; list-style: none; margin: 0px 0px 4px; padding: 0px 0px 0px 18px; position: relative;">利用私钥对hash值签名</li><li style="box-sizing: border-box; list-style: none; margin: 0px 0px 4px; padding: 0px 0px 0px 18px; position: relative;">签名结果存在FIT Image 中。</li></ul><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: "pingfang SC", "helvetica neue", arial, "hiragino sans gb", "microsoft yahei ui", "microsoft yahei", simsun, sans-serif; font-size: 14px; list-style: inherit; margin: 0px 0px 8px; min-height: 24px; padding: 0px; white-space: pre-wrap;">secure boot验签的大致流程:</p><ul class="ul-level-0" style="background-color: white; box-sizing: border-box; color: #333333; font-family: "pingfang SC", "helvetica neue", arial, "hiragino sans gb", "microsoft yahei ui", "microsoft yahei", simsun, sans-serif; font-size: 14px; list-style: none; margin: 0px 0px 16px; padding: 0px; white-space: pre-wrap;"><li style="box-sizing: border-box; list-style: none; margin: 0px 0px 4px; padding: 0px 0px 0px 18px; position: relative;">读取FIT Image</li><li style="box-sizing: border-box; list-style: none; margin: 0px 0px 4px; padding: 0px 0px 0px 18px; position: relative;">获得pubkey</li><li style="box-sizing: border-box; list-style: none; margin: 0px 0px 4px; padding: 0px 0px 0px 18px; position: relative;">从FIT Image 提取签名</li><li style="box-sizing: border-box; list-style: none; margin: 0px 0px 4px; padding: 0px 0px 0px 18px; position: relative;">计算镜像的hash</li><li style="box-sizing: border-box; list-style: none; margin: 0px 0px 4px; padding: 0px 0px 0px 18px; position: relative;">使用公钥验签获得hash值,与计算得到的hash值进行对比</li></ul><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: "pingfang SC", "helvetica neue", arial, "hiragino sans gb", "microsoft yahei ui", "microsoft yahei", simsun, sans-serif; font-size: 14px; list-style: inherit; margin: 0px 0px 8px; min-height: 24px; padding: 0px; white-space: pre-wrap;">签名是由mkimage工具完成的,验签由uboot完成。</p><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: "pingfang SC", "helvetica neue", arial, "hiragino sans gb", "microsoft yahei ui", "microsoft yahei", simsun, sans-serif; font-size: 14px; list-style: inherit; margin: 0px 0px 8px; min-height: 24px; padding: 0px; white-space: pre-wrap;"></p><div class="separator" style="clear: both; text-align: center;"><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEgLPEhXRm2XujYdDkXcG0YWP0SePpe0Z-lSk5b_xBH80btjGh9cd2cGGF-ina2_4ZpenYiqBV38Ae2y8VFk0NvSnUIgobG5wAav5NO81NgobrQMxWRO8whQej8FgGsjGUuurSbTBJK9H7qEygB0Lug076ywRgNCIKNmoADuLKSI4diDZGUGKxUUt3vJ" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="128" data-original-width="1080" height="70" src="https://blogger.googleusercontent.com/img/a/AVvXsEgLPEhXRm2XujYdDkXcG0YWP0SePpe0Z-lSk5b_xBH80btjGh9cd2cGGF-ina2_4ZpenYiqBV38Ae2y8VFk0NvSnUIgobG5wAav5NO81NgobrQMxWRO8whQej8FgGsjGUuurSbTBJK9H7qEygB0Lug076ywRgNCIKNmoADuLKSI4diDZGUGKxUUt3vJ=w589-h70" width="589" /></a></div><br /></div><br /><br /><p></p><figure style="background-color: white; box-sizing: border-box; color: #333333; font-family: "pingfang SC", "helvetica neue", arial, "hiragino sans gb", "microsoft yahei ui", "microsoft yahei", simsun, sans-serif; font-size: 14px; list-style: inherit; margin: 16px 0px; white-space: pre-wrap;"><div class="image-block" style="box-sizing: border-box; list-style: inherit; margin: 0px; padding: 0px;"><span style="box-sizing: border-box; list-style: inherit;"><div style="box-sizing: border-box; list-style: inherit; margin: 0px; padding: 0px; position: relative; text-align: center;"><br /></div></span></div></figure><h2 id="%E7%AD%BE%E5%90%8D%E7%AE%97%E6%B3%95" name="%E7%AD%BE%E5%90%8D%E7%AE%97%E6%B3%95" style="background-color: white; box-sizing: border-box; font-family: "pingfang SC", "helvetica neue", arial, "hiragino sans gb", "microsoft yahei ui", "microsoft yahei", simsun, sans-serif; font-size: 16px; line-height: 26px; list-style: inherit; margin: 16px 0px 8px; padding: 0px; white-space: pre-wrap;"><strong style="box-sizing: border-box; list-style: inherit;">签名算法</strong> </h2><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: "pingfang SC", "helvetica neue", arial, "hiragino sans gb", "microsoft yahei ui", "microsoft yahei", simsun, sans-serif; font-size: 14px; list-style: inherit; margin: 0px 0px 8px; min-height: 24px; padding: 0px; white-space: pre-wrap;">原则上讲,任何合适的算法都可以用来签名和验签。在uboot中,目前只支持一类算法:SHA&RSA。</p><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: "pingfang SC", "helvetica neue", arial, "hiragino sans gb", "microsoft yahei ui", "microsoft yahei", simsun, sans-serif; font-size: 14px; list-style: inherit; margin: 0px 0px 8px; min-height: 24px; padding: 0px; white-space: pre-wrap;">RSA 算法使用提前准备好的公钥就可以完成验签,验签相关的代码量也很少。在验签时,RSA只是在FDT中提取必要的数据进行校验。</p><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: "pingfang SC", "helvetica neue", arial, "hiragino sans gb", "microsoft yahei ui", "microsoft yahei", simsun, sans-serif; font-size: 14px; list-style: inherit; margin: 0px 0px 8px; min-height: 24px; padding: 0px; white-space: pre-wrap;">当然也可以在uboot中添加合适的算法,如果有其他签名算法(如DSA),可以直接替换<code style="background-color: #f3f5f9; border-radius: 0px; box-sizing: border-box; color: #0abf5b; display: inline-block; font-family: Consolas, "Liberation Mono", Menlo, Courier, "Microsoft Yahei", monospace; line-height: 20px; list-style: inherit; margin-left: 10px; margin-right: 10px; overflow-wrap: break-word; padding: 0px 12px; word-break: normal;">rsa.c</code>,并在<code style="background-color: #f3f5f9; border-radius: 0px; box-sizing: border-box; color: #0abf5b; display: inline-block; font-family: Consolas, "Liberation Mono", Menlo, Courier, "Microsoft Yahei", monospace; line-height: 20px; list-style: inherit; margin-left: 10px; margin-right: 10px; overflow-wrap: break-word; padding: 0px 12px; word-break: normal;">image-sig.c</code>中添加对应算法即可。</p><h3 id="%E5%88%9B%E5%BB%BARSA-key%E5%92%8C%E8%AF%81%E4%B9%A6" name="%E5%88%9B%E5%BB%BARSA-key%E5%92%8C%E8%AF%81%E4%B9%A6" style="background-color: white; box-sizing: border-box; font-family: "pingfang SC", "helvetica neue", arial, "hiragino sans gb", "microsoft yahei ui", "microsoft yahei", simsun, sans-serif; font-size: 14px; line-height: 24px; list-style: inherit; margin: 16px 0px 8px; padding: 0px; white-space: pre-wrap;"><strong style="box-sizing: border-box; list-style: inherit;">创建RSA key和证书</strong></h3><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: "pingfang SC", "helvetica neue", arial, "hiragino sans gb", "microsoft yahei ui", "microsoft yahei", simsun, sans-serif; font-size: 14px; list-style: inherit; margin: 0px 0px 8px; min-height: 24px; padding: 0px; white-space: pre-wrap;">openssl 创建一副2048的密钥对:</p><div class="developer-code-block" style="background-color: white; box-sizing: border-box; color: #333333; font-family: "pingfang SC", "helvetica neue", arial, "hiragino sans gb", "microsoft yahei ui", "microsoft yahei", simsun, sans-serif; font-size: 14px; list-style: inherit; margin: 0px; padding: 0px; position: relative; white-space: pre-wrap;"><pre class="prism-token token line-numbers language-javascript" style="background: rgb(80, 85, 107); border-radius: 3px; box-sizing: border-box; color: #cccccc; counter-reset: linenumber 0; font-family: Consolas, Monaco, "Andale Mono", "Ubuntu Mono", monospace; hyphens: none; line-height: 1.5; list-style: inherit; margin-bottom: 0.5em; margin-top: 0.5em; overflow-wrap: normal; overflow: auto; padding: 1em 1em 1em 3.8em; position: relative; tab-size: 4; word-break: normal; word-spacing: normal;" tabindex="0"><code class="language-javascript" style="background: transparent; border-radius: 0px; box-sizing: border-box; color: inherit; display: block; font-family: Consolas, Monaco, "Andale Mono", "Ubuntu Mono", monospace; hyphens: none; line-height: 1.5; list-style: inherit; margin-left: 0px; margin-right: 10px; overflow-wrap: break-word; padding: 0px; position: relative; tab-size: 4; vertical-align: baseline; white-space: inherit; word-break: normal; word-spacing: normal;">$ openssl genpkey <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">-</span>algorithm <span class="token constant" style="box-sizing: border-box; color: #f8c555; list-style: inherit;">RSA</span> <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">-</span>out keys<span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">/</span>dev<span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">.</span>key <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">-</span>pkeyopt rsa_keygen_bits<span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">:</span><span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">2048</span> <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">-</span>pkeyopt rsa_keygen_pubexp<span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">:</span><span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">65537</span>
<span aria-hidden="true" class="line-numbers-rows" style="border-right: 1px solid rgb(153, 153, 153); box-sizing: border-box; left: -3.8em; letter-spacing: -1px; list-style: inherit; pointer-events: none; position: absolute; top: 0px; user-select: none; width: 3em;"><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span></span></code></pre><button class="copy" style="background-color: #697191; border-color: initial; border-radius: 0.5em; border-style: none; border-width: initial; color: white; cursor: pointer; font-family: "Pingfang SC", "STHeiti Light", "helvetica neue", "hiragino sans gb", arial, "microsoft yahei ui", "microsoft yahei", simsun, sans-serif; font-size: 0.8em; list-style: inherit; margin: 0px; opacity: 0; padding: 0px 0.5em; position: absolute; right: 0.2em; top: 0.3em; transition: opacity 0.3s ease-in-out 0s; z-index: 10;">复制</button></div><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: "pingfang SC", "helvetica neue", arial, "hiragino sans gb", "microsoft yahei ui", "microsoft yahei", simsun, sans-serif; font-size: 14px; list-style: inherit; margin: 0px 0px 8px; min-height: 24px; padding: 0px; white-space: pre-wrap;">创建包含pubkey的证书:</p><div class="developer-code-block" style="background-color: white; box-sizing: border-box; color: #333333; font-family: "pingfang SC", "helvetica neue", arial, "hiragino sans gb", "microsoft yahei ui", "microsoft yahei", simsun, sans-serif; font-size: 14px; list-style: inherit; margin: 0px; padding: 0px; position: relative; white-space: pre-wrap;"><pre class="prism-token token line-numbers language-javascript" style="background: rgb(80, 85, 107); border-radius: 3px; box-sizing: border-box; color: #cccccc; counter-reset: linenumber 0; font-family: Consolas, Monaco, "Andale Mono", "Ubuntu Mono", monospace; hyphens: none; line-height: 1.5; list-style: inherit; margin-bottom: 0.5em; margin-top: 0.5em; overflow-wrap: normal; overflow: auto; padding: 1em 1em 1em 3.8em; position: relative; tab-size: 4; word-break: normal; word-spacing: normal;" tabindex="0"><code class="language-javascript" style="background: transparent; border-radius: 0px; box-sizing: border-box; color: inherit; display: block; font-family: Consolas, Monaco, "Andale Mono", "Ubuntu Mono", monospace; hyphens: none; line-height: 1.5; list-style: inherit; margin-left: 0px; margin-right: 10px; overflow-wrap: break-word; padding: 0px; position: relative; tab-size: 4; vertical-align: baseline; white-space: inherit; word-break: normal; word-spacing: normal;">$ openssl req <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">-</span>batch <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">-</span><span class="token keyword" style="box-sizing: border-box; color: #cc99cd; list-style: inherit;">new</span> <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">-</span>x509 <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">-</span>key keys<span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">/</span>dev<span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">.</span>key <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">-</span>out keys<span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">/</span>dev<span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">.</span>crt
<span aria-hidden="true" class="line-numbers-rows" style="border-right: 1px solid rgb(153, 153, 153); box-sizing: border-box; left: -3.8em; letter-spacing: -1px; list-style: inherit; pointer-events: none; position: absolute; top: 0px; user-select: none; width: 3em;"><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span></span></code></pre><button class="copy" style="background-color: #697191; border-color: initial; border-radius: 0.5em; border-style: none; border-width: initial; color: white; cursor: pointer; font-family: "Pingfang SC", "STHeiti Light", "helvetica neue", "hiragino sans gb", arial, "microsoft yahei ui", "microsoft yahei", simsun, sans-serif; font-size: 0.8em; list-style: inherit; margin: 0px; opacity: 0; padding: 0px 0.5em; position: absolute; right: 0.2em; top: 0.3em; transition: opacity 0.3s ease-in-out 0s; z-index: 10;">复制</button></div><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: "pingfang SC", "helvetica neue", arial, "hiragino sans gb", "microsoft yahei ui", "microsoft yahei", simsun, sans-serif; font-size: 14px; list-style: inherit; margin: 0px 0px 8px; min-height: 24px; padding: 0px; white-space: pre-wrap;">查看pubkey的值:</p><div class="developer-code-block" style="background-color: white; box-sizing: border-box; color: #333333; font-family: "pingfang SC", "helvetica neue", arial, "hiragino sans gb", "microsoft yahei ui", "microsoft yahei", simsun, sans-serif; font-size: 14px; list-style: inherit; margin: 0px; padding: 0px; position: relative; white-space: pre-wrap;"><pre class="prism-token token line-numbers language-javascript" style="background: rgb(80, 85, 107); border-radius: 3px; box-sizing: border-box; color: #cccccc; counter-reset: linenumber 0; font-family: Consolas, Monaco, "Andale Mono", "Ubuntu Mono", monospace; hyphens: none; line-height: 1.5; list-style: inherit; margin-bottom: 0.5em; margin-top: 0.5em; overflow-wrap: normal; overflow: auto; padding: 1em 1em 1em 3.8em; position: relative; tab-size: 4; word-break: normal; word-spacing: normal;" tabindex="0"><code class="language-javascript" style="background: transparent; border-radius: 0px; box-sizing: border-box; color: inherit; display: block; font-family: Consolas, Monaco, "Andale Mono", "Ubuntu Mono", monospace; hyphens: none; line-height: 1.5; list-style: inherit; margin-left: 0px; margin-right: 10px; overflow-wrap: break-word; padding: 0px; position: relative; tab-size: 4; vertical-align: baseline; white-space: inherit; word-break: normal; word-spacing: normal;">$ openssl rsa <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">-</span><span class="token keyword" style="box-sizing: border-box; color: #cc99cd; list-style: inherit;">in</span> keys<span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">/</span>dev<span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">.</span>key <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">-</span>pubout
<span aria-hidden="true" class="line-numbers-rows" style="border-right: 1px solid rgb(153, 153, 153); box-sizing: border-box; left: -3.8em; letter-spacing: -1px; list-style: inherit; pointer-events: none; position: absolute; top: 0px; user-select: none; width: 3em;"><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span></span></code></pre><button class="copy" style="background-color: #697191; border-color: initial; border-radius: 0.5em; border-style: none; border-width: initial; color: white; cursor: pointer; font-family: "Pingfang SC", "STHeiti Light", "helvetica neue", "hiragino sans gb", arial, "microsoft yahei ui", "microsoft yahei", simsun, sans-serif; font-size: 0.8em; list-style: inherit; margin: 0px; opacity: 0; padding: 0px 0.5em; position: absolute; right: 0.2em; top: 0.3em; transition: opacity 0.3s ease-in-out 0s; z-index: 10;">复制</button></div><h3 id="%E7%BB%91%E5%AE%9A%E8%AE%BE%E5%A4%87%E6%A0%91" name="%E7%BB%91%E5%AE%9A%E8%AE%BE%E5%A4%87%E6%A0%91" style="background-color: white; box-sizing: border-box; font-family: "pingfang SC", "helvetica neue", arial, "hiragino sans gb", "microsoft yahei ui", "microsoft yahei", simsun, sans-serif; font-size: 14px; line-height: 24px; list-style: inherit; margin: 16px 0px 8px; padding: 0px; white-space: pre-wrap;"><strong style="box-sizing: border-box; list-style: inherit;">绑定设备树</strong></h3><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: "pingfang SC", "helvetica neue", arial, "hiragino sans gb", "microsoft yahei ui", "microsoft yahei", simsun, sans-serif; font-size: 14px; list-style: inherit; margin: 0px 0px 8px; min-height: 24px; padding: 0px; white-space: pre-wrap;">在FIT Image的签名节点中需要添加以下 属性,签名节点与哈希节点处于同一级别,被称为<code style="background-color: #f3f5f9; border-radius: 0px; box-sizing: border-box; color: #0abf5b; display: inline-block; font-family: Consolas, "Liberation Mono", Menlo, Courier, "Microsoft Yahei", monospace; line-height: 20px; list-style: inherit; margin-left: 10px; margin-right: 10px; overflow-wrap: break-word; padding: 0px 12px; word-break: normal;">signature@1, signature@2</code>等。</p><ul class="ul-level-0" style="background-color: white; box-sizing: border-box; color: #333333; font-family: "pingfang SC", "helvetica neue", arial, "hiragino sans gb", "microsoft yahei ui", "microsoft yahei", simsun, sans-serif; font-size: 14px; list-style: none; margin: 0px 0px 16px; padding: 0px; white-space: pre-wrap;"><li style="box-sizing: border-box; list-style: none; margin: 0px 0px 4px; padding: 0px 0px 0px 18px; position: relative;">algo: 算法名称</li><li style="box-sizing: border-box; list-style: none; margin: 0px 0px 4px; padding: 0px 0px 0px 18px; position: relative;">key-name-hint:用来签名的key。密钥对必须存放在单独的文件夹(mkimage 使用-k 参数指定),私钥被命名为 <code style="background-color: #f3f5f9; border-radius: 0px; box-sizing: border-box; color: #0abf5b; display: inline-block; font-family: Consolas, "Liberation Mono", Menlo, Courier, "Microsoft Yahei", monospace; line-height: 20px; list-style: inherit; margin-left: 10px; margin-right: 10px; overflow-wrap: break-word; padding: 0px 12px; word-break: normal;"><name>.key</code>,证书命名为<code style="background-color: #f3f5f9; border-radius: 0px; box-sizing: border-box; color: #0abf5b; display: inline-block; font-family: Consolas, "Liberation Mono", Menlo, Courier, "Microsoft Yahei", monospace; line-height: 20px; list-style: inherit; margin-left: 10px; margin-right: 10px; overflow-wrap: break-word; padding: 0px 12px; word-break: normal;"><name>.crt</code>。</li></ul><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: "pingfang SC", "helvetica neue", arial, "hiragino sans gb", "microsoft yahei ui", "microsoft yahei", simsun, sans-serif; font-size: 14px; list-style: inherit; margin: 0px 0px 8px; min-height: 24px; padding: 0px; white-space: pre-wrap;">镜像被签名后,以下这些属性都会被自动强制添加:</p><ul class="ul-level-0" style="background-color: white; box-sizing: border-box; color: #333333; font-family: "pingfang SC", "helvetica neue", arial, "hiragino sans gb", "microsoft yahei ui", "microsoft yahei", simsun, sans-serif; font-size: 14px; list-style: none; margin: 0px 0px 16px; padding: 0px; white-space: pre-wrap;"><li style="box-sizing: border-box; list-style: none; margin: 0px 0px 4px; padding: 0px 0px 0px 18px; position: relative;">value: 签名后的值(RSA-2048 占256 bytes)</li></ul><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: "pingfang SC", "helvetica neue", arial, "hiragino sans gb", "microsoft yahei ui", "microsoft yahei", simsun, sans-serif; font-size: 14px; list-style: inherit; margin: 0px 0px 8px; min-height: 24px; padding: 0px; white-space: pre-wrap;">以下这些属性是可选的:</p><ul class="ul-level-0" style="background-color: white; box-sizing: border-box; color: #333333; font-family: "pingfang SC", "helvetica neue", arial, "hiragino sans gb", "microsoft yahei ui", "microsoft yahei", simsun, sans-serif; font-size: 14px; list-style: none; margin: 0px 0px 16px; padding: 0px; white-space: pre-wrap;"><li style="box-sizing: border-box; list-style: none; margin: 0px 0px 4px; padding: 0px 0px 0px 18px; position: relative;">timestamp:签名的时间</li><li style="box-sizing: border-box; list-style: none; margin: 0px 0px 4px; padding: 0px 0px 0px 18px; position: relative;">signer-name:签名者的名字(例如mkimage)</li><li style="box-sizing: border-box; list-style: none; margin: 0px 0px 4px; padding: 0px 0px 0px 18px; position: relative;">signer-version:签名的版本(例如"2013.01")</li><li style="box-sizing: border-box; list-style: none; margin: 0px 0px 4px; padding: 0px 0px 0px 18px; position: relative;">comment:签名者或者镜像的额外信息</li><li style="box-sizing: border-box; list-style: none; margin: 0px 0px 4px; padding: 0px 0px 0px 18px; position: relative;">sign-images:签名镜像的列表</li><li style="box-sizing: border-box; list-style: none; margin: 0px 0px 4px; padding: 0px 0px 0px 18px; position: relative;">hashed-nodes:签名者签名的节点列表,一般是包含节点完整路径的字符串。例如:</li></ul><div class="developer-code-block" style="background-color: white; box-sizing: border-box; color: #333333; font-family: "pingfang SC", "helvetica neue", arial, "hiragino sans gb", "microsoft yahei ui", "microsoft yahei", simsun, sans-serif; font-size: 14px; list-style: inherit; margin: 0px; padding: 0px; position: relative; white-space: pre-wrap;"><pre class="prism-token token line-numbers language-javascript" style="background: rgb(80, 85, 107); border-radius: 3px; box-sizing: border-box; color: #cccccc; counter-reset: linenumber 0; font-family: Consolas, Monaco, "Andale Mono", "Ubuntu Mono", monospace; hyphens: none; line-height: 1.5; list-style: inherit; margin-bottom: 0.5em; margin-top: 0.5em; overflow-wrap: normal; overflow: auto; padding: 1em 1em 1em 3.8em; position: relative; tab-size: 4; word-break: normal; word-spacing: normal;" tabindex="0"><code class="language-javascript" style="background: transparent; border-radius: 0px; box-sizing: border-box; color: inherit; display: block; font-family: Consolas, Monaco, "Andale Mono", "Ubuntu Mono", monospace; hyphens: none; line-height: 1.5; list-style: inherit; margin-left: 0px; margin-right: 10px; overflow-wrap: break-word; padding: 0px; position: relative; tab-size: 4; vertical-align: baseline; white-space: inherit; word-break: normal; word-spacing: normal;">hashed<span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">-</span>nodes <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">=</span> <span class="token string" style="box-sizing: border-box; color: #7ec699; list-style: inherit;">"/"</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">,</span> <span class="token string" style="box-sizing: border-box; color: #7ec699; list-style: inherit;">"/configurations/conf@1"</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">,</span> <span class="token string" style="box-sizing: border-box; color: #7ec699; list-style: inherit;">"/images/kernel@1"</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">,</span>
<span class="token string" style="box-sizing: border-box; color: #7ec699; list-style: inherit;">"/images/kernel@1/hash@1"</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">,</span> <span class="token string" style="box-sizing: border-box; color: #7ec699; list-style: inherit;">"/images/fdt@1"</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">,</span>
<span class="token string" style="box-sizing: border-box; color: #7ec699; list-style: inherit;">"/images/fdt@1/hash@1"</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
<span aria-hidden="true" class="line-numbers-rows" style="border-right: 1px solid rgb(153, 153, 153); box-sizing: border-box; left: -3.8em; letter-spacing: -1px; list-style: inherit; pointer-events: none; position: absolute; top: 0px; user-select: none; width: 3em;"><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span></span></code></pre><button class="copy" style="background-color: #697191; border-color: initial; border-radius: 0.5em; border-style: none; border-width: initial; color: white; cursor: pointer; font-family: "Pingfang SC", "STHeiti Light", "helvetica neue", "hiragino sans gb", arial, "microsoft yahei ui", "microsoft yahei", simsun, sans-serif; font-size: 0.8em; list-style: inherit; margin: 0px; opacity: 0; padding: 0px 0.5em; position: absolute; right: 0.2em; top: 0.3em; transition: opacity 0.3s ease-in-out 0s; z-index: 10;">复制</button></div><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: "pingfang SC", "helvetica neue", arial, "hiragino sans gb", "microsoft yahei ui", "microsoft yahei", simsun, sans-serif; font-size: 14px; list-style: inherit; margin: 0px 0px 8px; min-height: 24px; padding: 0px; white-space: pre-wrap;">以下是一个待签名镜像的its配置。</p><div class="developer-code-block" style="background-color: white; box-sizing: border-box; color: #333333; font-family: "pingfang SC", "helvetica neue", arial, "hiragino sans gb", "microsoft yahei ui", "microsoft yahei", simsun, sans-serif; font-size: 14px; list-style: inherit; margin: 0px; padding: 0px; position: relative; white-space: pre-wrap;"><pre class="prism-token token line-numbers language-javascript" style="background: rgb(80, 85, 107); border-radius: 3px; box-sizing: border-box; color: #cccccc; counter-reset: linenumber 0; font-family: Consolas, Monaco, "Andale Mono", "Ubuntu Mono", monospace; hyphens: none; line-height: 1.5; list-style: inherit; margin-bottom: 0.5em; margin-top: 0.5em; overflow-wrap: normal; overflow: auto; padding: 1em 1em 1em 3.8em; position: relative; tab-size: 4; word-break: normal; word-spacing: normal;" tabindex="0"><code class="language-javascript" style="background: transparent; border-radius: 0px; box-sizing: border-box; color: inherit; display: block; font-family: Consolas, Monaco, "Andale Mono", "Ubuntu Mono", monospace; hyphens: none; line-height: 1.5; list-style: inherit; margin-left: 0px; margin-right: 10px; overflow-wrap: break-word; padding: 0px; position: relative; tab-size: 4; vertical-align: baseline; white-space: inherit; word-break: normal; word-spacing: normal;"><span class="token regex" style="box-sizing: border-box; color: #7ec699; list-style: inherit;"><span class="token regex-delimiter" style="box-sizing: border-box; list-style: inherit;">/</span><span class="token regex-source language-regex" style="box-sizing: border-box; list-style: inherit;">dts-v1</span><span class="token regex-delimiter" style="box-sizing: border-box; list-style: inherit;">/</span></span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
<span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">/</span> <span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">{</span>
description <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">=</span> <span class="token string" style="box-sizing: border-box; color: #7ec699; list-style: inherit;">"Chrome OS kernel image with one or more FDT blobs"</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
#address<span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">-</span>cells <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">=</span> <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;"><</span><span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">1</span><span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">></span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
images <span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">{</span>
kernel@<span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">1</span> <span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">{</span>
data <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">=</span> <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">/</span>incbin<span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">/</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">(</span><span class="token string" style="box-sizing: border-box; color: #7ec699; list-style: inherit;">"test-kernel.bin"</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">)</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
type <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">=</span> <span class="token string" style="box-sizing: border-box; color: #7ec699; list-style: inherit;">"kernel_noload"</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
arch <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">=</span> <span class="token string" style="box-sizing: border-box; color: #7ec699; list-style: inherit;">"sandbox"</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
os <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">=</span> <span class="token string" style="box-sizing: border-box; color: #7ec699; list-style: inherit;">"linux"</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
compression <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">=</span> <span class="token string" style="box-sizing: border-box; color: #7ec699; list-style: inherit;">"none"</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
load <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">=</span> <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;"><</span><span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x4</span><span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">></span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
entry <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">=</span> <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;"><</span><span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x8</span><span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">></span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
kernel<span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">-</span>version <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">=</span> <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;"><</span><span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">1</span><span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">></span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
signature@<span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">1</span> <span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">{</span>
algo <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">=</span> <span class="token string" style="box-sizing: border-box; color: #7ec699; list-style: inherit;">"sha1,rsa2048"</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
key<span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">-</span>name<span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">-</span>hint <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">=</span> <span class="token string" style="box-sizing: border-box; color: #7ec699; list-style: inherit;">"dev"</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
<span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">}</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
<span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">}</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
fdt@<span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">1</span> <span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">{</span>
description <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">=</span> <span class="token string" style="box-sizing: border-box; color: #7ec699; list-style: inherit;">"snow"</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
data <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">=</span> <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">/</span>incbin<span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">/</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">(</span><span class="token string" style="box-sizing: border-box; color: #7ec699; list-style: inherit;">"sandbox-kernel.dtb"</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">)</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
type <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">=</span> <span class="token string" style="box-sizing: border-box; color: #7ec699; list-style: inherit;">"flat_dt"</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
arch <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">=</span> <span class="token string" style="box-sizing: border-box; color: #7ec699; list-style: inherit;">"sandbox"</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
compression <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">=</span> <span class="token string" style="box-sizing: border-box; color: #7ec699; list-style: inherit;">"none"</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
fdt<span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">-</span>version <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">=</span> <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;"><</span><span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">1</span><span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">></span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
signature@<span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">1</span> <span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">{</span>
algo <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">=</span> <span class="token string" style="box-sizing: border-box; color: #7ec699; list-style: inherit;">"sha1,rsa2048"</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
key<span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">-</span>name<span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">-</span>hint <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">=</span> <span class="token string" style="box-sizing: border-box; color: #7ec699; list-style: inherit;">"dev"</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
<span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">}</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
<span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">}</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
<span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">}</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
configurations <span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">{</span>
<span class="token keyword" style="box-sizing: border-box; color: #cc99cd; list-style: inherit;">default</span> <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">=</span> <span class="token string" style="box-sizing: border-box; color: #7ec699; list-style: inherit;">"conf@1"</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
conf@<span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">1</span> <span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">{</span>
kernel <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">=</span> <span class="token string" style="box-sizing: border-box; color: #7ec699; list-style: inherit;">"kernel@1"</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
fdt <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">=</span> <span class="token string" style="box-sizing: border-box; color: #7ec699; list-style: inherit;">"fdt@1"</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
<span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">}</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
<span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">}</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
<span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">}</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
<span aria-hidden="true" class="line-numbers-rows" style="border-right: 1px solid rgb(153, 153, 153); box-sizing: border-box; left: -3.8em; letter-spacing: -1px; list-style: inherit; pointer-events: none; position: absolute; top: 0px; user-select: none; width: 3em;"><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span></span></code></pre><button class="copy" style="background-color: #697191; border-color: initial; border-radius: 0.5em; border-style: none; border-width: initial; color: white; cursor: pointer; font-family: "Pingfang SC", "STHeiti Light", "helvetica neue", "hiragino sans gb", arial, "microsoft yahei ui", "microsoft yahei", simsun, sans-serif; font-size: 0.8em; list-style: inherit; margin: 0px; opacity: 0; padding: 0px 0.5em; position: absolute; right: 0.2em; top: 0.3em; transition: opacity 0.3s ease-in-out 0s; z-index: 10;">复制</button></div><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: "pingfang SC", "helvetica neue", arial, "hiragino sans gb", "microsoft yahei ui", "microsoft yahei", simsun, sans-serif; font-size: 14px; list-style: inherit; margin: 0px 0px 8px; min-height: 24px; padding: 0px; white-space: pre-wrap;">以下是配置项签名后的its文件。</p><div class="developer-code-block" style="background-color: white; box-sizing: border-box; color: #333333; font-family: "pingfang SC", "helvetica neue", arial, "hiragino sans gb", "microsoft yahei ui", "microsoft yahei", simsun, sans-serif; font-size: 14px; list-style: inherit; margin: 0px; padding: 0px; position: relative; white-space: pre-wrap;"><pre class="prism-token token line-numbers language-javascript" style="background: rgb(80, 85, 107); border-radius: 3px; box-sizing: border-box; color: #cccccc; counter-reset: linenumber 0; font-family: Consolas, Monaco, "Andale Mono", "Ubuntu Mono", monospace; hyphens: none; line-height: 1.5; list-style: inherit; margin-bottom: 0.5em; margin-top: 0.5em; overflow-wrap: normal; overflow: auto; padding: 1em 1em 1em 3.8em; position: relative; tab-size: 4; word-break: normal; word-spacing: normal;" tabindex="0"><code class="language-javascript" style="background: transparent; border-radius: 0px; box-sizing: border-box; color: inherit; display: block; font-family: Consolas, Monaco, "Andale Mono", "Ubuntu Mono", monospace; hyphens: none; line-height: 1.5; list-style: inherit; margin-left: 0px; margin-right: 10px; overflow-wrap: break-word; padding: 0px; position: relative; tab-size: 4; vertical-align: baseline; white-space: inherit; word-break: normal; word-spacing: normal;"><span class="token regex" style="box-sizing: border-box; color: #7ec699; list-style: inherit;"><span class="token regex-delimiter" style="box-sizing: border-box; list-style: inherit;">/</span><span class="token regex-source language-regex" style="box-sizing: border-box; list-style: inherit;">dts-v1</span><span class="token regex-delimiter" style="box-sizing: border-box; list-style: inherit;">/</span></span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
<span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">/</span> <span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">{</span>
description <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">=</span> <span class="token string" style="box-sizing: border-box; color: #7ec699; list-style: inherit;">"Chrome OS kernel image with one or more FDT blobs"</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
#address<span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">-</span>cells <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">=</span> <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;"><</span><span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">1</span><span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">></span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
images <span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">{</span>
kernel@<span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">1</span> <span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">{</span>
data <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">=</span> <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">/</span>incbin<span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">/</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">(</span><span class="token string" style="box-sizing: border-box; color: #7ec699; list-style: inherit;">"test-kernel.bin"</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">)</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
type <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">=</span> <span class="token string" style="box-sizing: border-box; color: #7ec699; list-style: inherit;">"kernel_noload"</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
arch <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">=</span> <span class="token string" style="box-sizing: border-box; color: #7ec699; list-style: inherit;">"sandbox"</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
os <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">=</span> <span class="token string" style="box-sizing: border-box; color: #7ec699; list-style: inherit;">"linux"</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
compression <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">=</span> <span class="token string" style="box-sizing: border-box; color: #7ec699; list-style: inherit;">"lzo"</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
load <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">=</span> <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;"><</span><span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x4</span><span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">></span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
entry <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">=</span> <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;"><</span><span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x8</span><span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">></span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
kernel<span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">-</span>version <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">=</span> <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;"><</span><span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">1</span><span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">></span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
hash@<span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">1</span> <span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">{</span>
algo <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">=</span> <span class="token string" style="box-sizing: border-box; color: #7ec699; list-style: inherit;">"sha1"</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
<span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">}</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
<span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">}</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
fdt@<span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">1</span> <span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">{</span>
description <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">=</span> <span class="token string" style="box-sizing: border-box; color: #7ec699; list-style: inherit;">"snow"</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
data <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">=</span> <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">/</span>incbin<span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">/</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">(</span><span class="token string" style="box-sizing: border-box; color: #7ec699; list-style: inherit;">"sandbox-kernel.dtb"</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">)</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
type <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">=</span> <span class="token string" style="box-sizing: border-box; color: #7ec699; list-style: inherit;">"flat_dt"</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
arch <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">=</span> <span class="token string" style="box-sizing: border-box; color: #7ec699; list-style: inherit;">"sandbox"</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
compression <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">=</span> <span class="token string" style="box-sizing: border-box; color: #7ec699; list-style: inherit;">"none"</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
fdt<span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">-</span>version <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">=</span> <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;"><</span><span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">1</span><span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">></span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
hash@<span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">1</span> <span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">{</span>
algo <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">=</span> <span class="token string" style="box-sizing: border-box; color: #7ec699; list-style: inherit;">"sha1"</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
<span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">}</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
<span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">}</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
<span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">}</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
configurations <span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">{</span>
<span class="token keyword" style="box-sizing: border-box; color: #cc99cd; list-style: inherit;">default</span> <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">=</span> <span class="token string" style="box-sizing: border-box; color: #7ec699; list-style: inherit;">"conf@1"</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
conf@<span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">1</span> <span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">{</span>
kernel <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">=</span> <span class="token string" style="box-sizing: border-box; color: #7ec699; list-style: inherit;">"kernel@1"</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
fdt <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">=</span> <span class="token string" style="box-sizing: border-box; color: #7ec699; list-style: inherit;">"fdt@1"</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
signature@<span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">1</span> <span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">{</span>
algo <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">=</span> <span class="token string" style="box-sizing: border-box; color: #7ec699; list-style: inherit;">"sha1,rsa2048"</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
key<span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">-</span>name<span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">-</span>hint <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">=</span> <span class="token string" style="box-sizing: border-box; color: #7ec699; list-style: inherit;">"dev"</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
sign<span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">-</span>images <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">=</span> <span class="token string" style="box-sizing: border-box; color: #7ec699; list-style: inherit;">"fdt"</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">,</span> <span class="token string" style="box-sizing: border-box; color: #7ec699; list-style: inherit;">"kernel"</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
<span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">}</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
<span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">}</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
<span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">}</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
<span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">}</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
<span aria-hidden="true" class="line-numbers-rows" style="border-right: 1px solid rgb(153, 153, 153); box-sizing: border-box; left: -3.8em; letter-spacing: -1px; list-style: inherit; pointer-events: none; position: absolute; top: 0px; user-select: none; width: 3em;"><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span></span></code></pre><button class="copy" style="background-color: #697191; border-color: initial; border-radius: 0.5em; border-style: none; border-width: initial; color: white; cursor: pointer; font-family: "Pingfang SC", "STHeiti Light", "helvetica neue", "hiragino sans gb", arial, "microsoft yahei ui", "microsoft yahei", simsun, sans-serif; font-size: 0.8em; list-style: inherit; margin: 0px; opacity: 0; padding: 0px 0.5em; position: absolute; right: 0.2em; top: 0.3em; transition: opacity 0.3s ease-in-out 0s; z-index: 10;">复制</button></div><h2 id="pubkey%E7%9A%84%E5%AD%98%E5%82%A8" name="pubkey%E7%9A%84%E5%AD%98%E5%82%A8" style="background-color: white; box-sizing: border-box; font-family: "pingfang SC", "helvetica neue", arial, "hiragino sans gb", "microsoft yahei ui", "microsoft yahei", simsun, sans-serif; font-size: 16px; line-height: 26px; list-style: inherit; margin: 16px 0px 8px; padding: 0px; white-space: pre-wrap;"><strong style="box-sizing: border-box; list-style: inherit;">pubkey的存储</strong> </h2><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: "pingfang SC", "helvetica neue", arial, "hiragino sans gb", "microsoft yahei ui", "microsoft yahei", simsun, sans-serif; font-size: 14px; list-style: inherit; margin: 0px 0px 8px; min-height: 24px; padding: 0px; white-space: pre-wrap;">为了校验签名后的镜像,必须把pubkey存放在可信赖的位置。将pubkey存在镜像中是不安全的,很容易被破解。一般我们将其存放在uboot的FDT中(CONFIG_OF_CONTROL)。</p><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: "pingfang SC", "helvetica neue", arial, "hiragino sans gb", "microsoft yahei ui", "microsoft yahei", simsun, sans-serif; font-size: 14px; list-style: inherit; margin: 0px 0px 8px; min-height: 24px; padding: 0px; white-space: pre-wrap;">pubkey应该作为一个子节点存放在<code style="background-color: #f3f5f9; border-radius: 0px; box-sizing: border-box; color: #0abf5b; display: inline-block; font-family: Consolas, "Liberation Mono", Menlo, Courier, "Microsoft Yahei", monospace; line-height: 20px; list-style: inherit; margin-left: 10px; margin-right: 10px; overflow-wrap: break-word; padding: 0px 12px; word-break: normal;">/signature</code>节点中。节点中要加上以下特性:</p><ul class="ul-level-0" style="background-color: white; box-sizing: border-box; color: #333333; font-family: "pingfang SC", "helvetica neue", arial, "hiragino sans gb", "microsoft yahei ui", "microsoft yahei", simsun, sans-serif; font-size: 14px; list-style: none; margin: 0px 0px 16px; padding: 0px; white-space: pre-wrap;"><li style="box-sizing: border-box; list-style: none; margin: 0px 0px 4px; padding: 0px 0px 0px 18px; position: relative;">algo:算法名称</li><li style="box-sizing: border-box; list-style: none; margin: 0px 0px 4px; padding: 0px 0px 0px 18px; position: relative;">key-name-hint: 签名使用的key的名称</li><li style="box-sizing: border-box; list-style: none; margin: 0px 0px 4px; padding: 0px 0px 0px 18px; position: relative;">required: 校验某配置所使用的公钥</li></ul><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: "pingfang SC", "helvetica neue", arial, "hiragino sans gb", "microsoft yahei ui", "microsoft yahei", simsun, sans-serif; font-size: 14px; list-style: inherit; margin: 0px 0px 8px; min-height: 24px; padding: 0px; white-space: pre-wrap;">除此之外,每个算法都有一些必要的特性。RSA算法中,以下特性必须被添加:</p><ul class="ul-level-0" style="background-color: white; box-sizing: border-box; color: #333333; font-family: "pingfang SC", "helvetica neue", arial, "hiragino sans gb", "microsoft yahei ui", "microsoft yahei", simsun, sans-serif; font-size: 14px; list-style: none; margin: 0px 0px 16px; padding: 0px; white-space: pre-wrap;"><li style="box-sizing: border-box; list-style: none; margin: 0px 0px 4px; padding: 0px 0px 0px 18px; position: relative;">rsa,num-bits:key的位数</li><li style="box-sizing: border-box; list-style: none; margin: 0px 0px 4px; padding: 0px 0px 0px 18px; position: relative;">rsa,modulus:N,多字节的整数</li><li style="box-sizing: border-box; list-style: none; margin: 0px 0px 4px; padding: 0px 0px 0px 18px; position: relative;">rsa,exponent:E,64位的无符号整数</li><li style="box-sizing: border-box; list-style: none; margin: 0px 0px 4px; padding: 0px 0px 0px 18px; position: relative;">rsa,r-squared:<code style="background-color: #f3f5f9; border-radius: 0px; box-sizing: border-box; color: #0abf5b; display: inline-block; font-family: Consolas, "Liberation Mono", Menlo, Courier, "Microsoft Yahei", monospace; line-height: 20px; list-style: inherit; margin-left: 10px; margin-right: 10px; overflow-wrap: break-word; padding: 0px 12px; word-break: normal;">(2^num-bits)^2</code></li><li style="box-sizing: border-box; list-style: none; margin: 0px 0px 4px; padding: 0px 0px 0px 18px; position: relative;">rsa,n0-inverse:<code style="background-color: #f3f5f9; border-radius: 0px; box-sizing: border-box; color: #0abf5b; display: inline-block; font-family: Consolas, "Liberation Mono", Menlo, Courier, "Microsoft Yahei", monospace; line-height: 20px; list-style: inherit; margin-left: 10px; margin-right: 10px; overflow-wrap: break-word; padding: 0px 12px; word-break: normal;">-1 / modulus[0] mod 2^32</code></li></ul><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: "pingfang SC", "helvetica neue", arial, "hiragino sans gb", "microsoft yahei ui", "microsoft yahei", simsun, sans-serif; font-size: 14px; list-style: inherit; margin: 0px 0px 8px; min-height: 24px; padding: 0px; white-space: pre-wrap;">下面看一个例子,以下是一个uboot.dtb存放RSA的例子。RSA key被mkimage打包在u-boot.dtb和u-boot-spl.dtb中,然后它们再被打包进u-boot.bin和u-boot-spl.bin。</p><div class="developer-code-block" style="background-color: white; box-sizing: border-box; color: #333333; font-family: "pingfang SC", "helvetica neue", arial, "hiragino sans gb", "microsoft yahei ui", "microsoft yahei", simsun, sans-serif; font-size: 14px; list-style: inherit; margin: 0px; padding: 0px; position: relative; white-space: pre-wrap;"><pre class="prism-token token line-numbers language-javascript" style="background: rgb(80, 85, 107); border-radius: 3px; box-sizing: border-box; color: #cccccc; counter-reset: linenumber 0; font-family: Consolas, Monaco, "Andale Mono", "Ubuntu Mono", monospace; hyphens: none; line-height: 1.5; list-style: inherit; margin-bottom: 0.5em; margin-top: 0.5em; overflow-wrap: normal; overflow: auto; padding: 1em 1em 1em 3.8em; position: relative; tab-size: 4; word-break: normal; word-spacing: normal;" tabindex="0"><code class="language-javascript" style="background: transparent; border-radius: 0px; box-sizing: border-box; color: inherit; display: block; font-family: Consolas, Monaco, "Andale Mono", "Ubuntu Mono", monospace; hyphens: none; line-height: 1.5; list-style: inherit; margin-left: 0px; margin-right: 10px; overflow-wrap: break-word; padding: 0px; position: relative; tab-size: 4; vertical-align: baseline; white-space: inherit; word-break: normal; word-spacing: normal;"><span class="token literal-property property" style="box-sizing: border-box; color: #f8c555; list-style: inherit;">ubuntu</span><span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">:</span><span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">~</span><span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">/</span>uboot<span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">-</span>nextdev$ fdtdump u<span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">-</span>boot<span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">.</span>dtb <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">|</span> less
<span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">/</span>dts<span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">-</span>v1<span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">/</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
<span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">...</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">.</span>
<span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">/</span> <span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">{</span>
#address<span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">-</span>cells <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">=</span> <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;"><</span><span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x00000001</span><span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">></span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
#size<span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">-</span>cells <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">=</span> <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;"><</span><span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x00000001</span><span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">></span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
compatible <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">=</span> <span class="token string" style="box-sizing: border-box; color: #7ec699; list-style: inherit;">"rockchip,rv1126-evb"</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">,</span> <span class="token string" style="box-sizing: border-box; color: #7ec699; list-style: inherit;">"rockchip,rv1126"</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
model <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">=</span> <span class="token string" style="box-sizing: border-box; color: #7ec699; list-style: inherit;">"Rockchip RV1126 Evaluation Board"</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
<span class="token comment" style="box-sizing: border-box; color: #999999; list-style: inherit;">// signature节点由mkimage工具自动插入生成,节点里保存了RSA-SHA算法类型、RSA核心因子参</span>
<span class="token comment" style="box-sizing: border-box; color: #999999; list-style: inherit;">//数等信息。</span>
signature <span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">{</span>
key<span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">-</span>dev <span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">{</span>
required <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">=</span> <span class="token string" style="box-sizing: border-box; color: #7ec699; list-style: inherit;">"conf"</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
algo <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">=</span> <span class="token string" style="box-sizing: border-box; color: #7ec699; list-style: inherit;">"sha256,rsa2048"</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
rsa<span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">,</span>np <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">=</span> <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;"><</span><span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x00000000</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x00000000</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x00000000</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x00000000</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x00000000</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x00000000</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x00000000</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x00000000</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x00000000</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x00000000</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x00000000</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x00000000</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x00000000</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x00000000</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x00000000</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x1327f633</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x00000003</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x00000003</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x00000003</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0xc7aead6a</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0xb4c79f40</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0xa82bdf76</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0xfb2f8387</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0xa1e06dce</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0xd451a706</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0xc7f865e3</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x3e2d7ca8</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x6a71762e</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x125f1828</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x36ab1a41</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0xb7e9e852</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x7bd0011a</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x7279e0b8</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0xf37e189c</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x8cf00963</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x00000100</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x00000000</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x00000000</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x00000000</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x00000000</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x00000000</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x00000000</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x00000000</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x00000000</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x00000000</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x00000000</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x00000000</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x00000000</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x00000000</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x00000000</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x00000000</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x00000000</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x00000377</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x00000004</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x00000004</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x00000004</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x00000002</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x00000003</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x69616c40</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x00000003</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x6d634066</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x00000010</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x66633630</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x73797363</span><span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">></span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
rsa<span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">,</span>c <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">=</span> <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;"><</span><span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x00000000</span><span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">></span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
rsa<span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">,</span>r<span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">-</span>squared <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">=</span> <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;"><</span><span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x00000000</span><span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">></span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
rsa<span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">,</span>modulus <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">=</span> <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;"><</span><span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0xc25ae693</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0xc359f2a4</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0xa866c89d</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0xb7b1994f</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0xf9f9f690</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x518d54a7</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0xda0b83e8</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x06606e12</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x6ad1cbf9</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x92438edd</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x81e039c0</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x5d7322cc</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x124cdc80</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0xa0c3288a</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x9265c3ae</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x6ac47a4b</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x00000003</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x00000000</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x00000000</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x00000000</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x00000000</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x00000000</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x00000000</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x00000000</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x00000000</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x00000000</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x00000000</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x00000000</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x00000000</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x00000000</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x00000000</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x00000000</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x00000000</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x00000008</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x00000003</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x00000003</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x00000003</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x00000002</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x73657300</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x2f736572</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x00000000</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x2f64776d</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x00000003</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x6d634066</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x00000001</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x30303000</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x726f636b</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x67726600</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x00000008</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x00000003</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x00000004</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x00000001</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x30303000</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x726f636b</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x706d7567</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x00000003</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x00001000</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x00000003</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x00000002</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x6e616765</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x30000000</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x726f636b</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x706d7500</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x00000008</span><span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">></span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
rsa<span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">,</span>exponent<span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">-</span><span class="token constant" style="box-sizing: border-box; color: #f8c555; list-style: inherit;">BN</span> <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">=</span> <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;"><</span><span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x00000000</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x00000000</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x00000000</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x00000000</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x00000000</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x00000000</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x00000000</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x00000000</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x00000000</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x00000000</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x00000000</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x00000000</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x00000000</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x00000000</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x00000000</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x00000000</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x00000003</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x00010001</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0xe95771c5</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x00000800</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x64657600</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x616c6961</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x0000002c</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x30303030</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x00000034</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x30303000</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x2f64776d</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x00000002</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x65303030</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x0000001b</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x3132362d</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x00000003</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x00020000</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x00000003</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x00000002</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x65303230</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x0000001b</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x3132362d</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x6e000000</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0xfe020000</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x00000042</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x0000006d</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x722d6d61</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x65303030</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x0000001b</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x3132362d</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x00000003</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x00001000</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x00000002</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x6e74726f</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x30000000</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x726f636b</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x706d7563</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x0000003e</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x00000004</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x00000004</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x00000004</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x00000000</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x00000050</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x636c6f63</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x40666634</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x00000014</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x2c727631</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x00000008</span><span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">></span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
rsa<span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">,</span>exponent <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">=</span> <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;"><</span><span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x00000000</span> <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x00000368</span><span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">></span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
rsa<span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">,</span>n0<span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">-</span>inverse <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">=</span> <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;"><</span><span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0xe95771c5</span><span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">></span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
rsa<span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">,</span>num<span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">-</span>bits <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">=</span> <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;"><</span><span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">0x00000800</span><span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">></span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
key<span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">-</span>name<span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">-</span>hint <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">=</span> <span class="token string" style="box-sizing: border-box; color: #7ec699; list-style: inherit;">"dev"</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
<span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">}</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
<span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">}</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
<span aria-hidden="true" class="line-numbers-rows" style="border-right: 1px solid rgb(153, 153, 153); box-sizing: border-box; left: -3.8em; letter-spacing: -1px; list-style: inherit; pointer-events: none; position: absolute; top: 0px; user-select: none; width: 3em;"><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span></span></code></pre><button class="copy" style="background-color: #697191; border-color: initial; border-radius: 0.5em; border-style: none; border-width: initial; color: white; cursor: pointer; font-family: "Pingfang SC", "STHeiti Light", "helvetica neue", "hiragino sans gb", arial, "microsoft yahei ui", "microsoft yahei", simsun, sans-serif; font-size: 0.8em; list-style: inherit; margin: 0px; opacity: 0; padding: 0px 0.5em; position: absolute; right: 0.2em; top: 0.3em; transition: opacity 0.3s ease-in-out 0s; z-index: 10;">复制</button></div><h2 id="%E7%AD%BE%E5%90%8D%E6%96%B9%E6%A1%88" name="%E7%AD%BE%E5%90%8D%E6%96%B9%E6%A1%88" style="background-color: white; box-sizing: border-box; font-family: "pingfang SC", "helvetica neue", arial, "hiragino sans gb", "microsoft yahei ui", "microsoft yahei", simsun, sans-serif; font-size: 16px; line-height: 26px; list-style: inherit; margin: 16px 0px 8px; padding: 0px; white-space: pre-wrap;"><strong style="box-sizing: border-box; list-style: inherit;">签名方案</strong> </h2><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: "pingfang SC", "helvetica neue", arial, "hiragino sans gb", "microsoft yahei ui", "microsoft yahei", simsun, sans-serif; font-size: 14px; list-style: inherit; margin: 0px 0px 8px; min-height: 24px; padding: 0px; white-space: pre-wrap;">上一节内容提到过,在secure boot中一般使用RSA签名方案。</p><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: "pingfang SC", "helvetica neue", arial, "hiragino sans gb", "microsoft yahei ui", "microsoft yahei", simsun, sans-serif; font-size: 14px; list-style: inherit; margin: 0px 0px 8px; min-height: 24px; padding: 0px; white-space: pre-wrap;">要完成对镜像的签名,就必须使用私钥。而私钥一般是存在<a data-from="20065" data-text-link="375_2182626" href="https://cloud.tencent.com/product/cvm?from=20065&from_column=20065" style="box-sizing: border-box; color: #00a4ff; list-style: inherit; text-decoration-line: none;" target="_blank">服务器</a>上的,在本地PC上只存公钥。要想完成对镜像的签名,就必须把所有镜像上传到服务器重新打包。这种方案上传的文件太多,比较繁琐。下面我们介绍一种常用的签名方案。</p><figure style="background-color: white; box-sizing: border-box; color: #333333; font-family: "pingfang SC", "helvetica neue", arial, "hiragino sans gb", "microsoft yahei ui", "microsoft yahei", simsun, sans-serif; font-size: 14px; list-style: inherit; margin: 16px 0px; white-space: pre-wrap;"><div class="image-block" style="box-sizing: border-box; list-style: inherit; margin: 0px; padding: 0px;"><span style="box-sizing: border-box; list-style: inherit;"><div style="box-sizing: border-box; list-style: inherit; margin: 0px; padding: 0px; position: relative; text-align: center;"><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEhWCYLqV7M5Dve8aXtvu4isY5ZBfPb_P2jPkWbpfbYTWQajr-pH1OtWkNXGtyXU8rt3SUhQswWDeD0hX9ldpyyraWj7WsyXb_28kvUwPoVQ5CxBgy1VGrK8zb5rzH3bPOvHOdonXZUl8P8NvjqTagT_0JEPI1b5DKsJuhygtJ_930V6W-rv3fuxJ9_Z" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="481" data-original-width="1080" height="271" src="https://blogger.googleusercontent.com/img/a/AVvXsEhWCYLqV7M5Dve8aXtvu4isY5ZBfPb_P2jPkWbpfbYTWQajr-pH1OtWkNXGtyXU8rt3SUhQswWDeD0hX9ldpyyraWj7WsyXb_28kvUwPoVQ5CxBgy1VGrK8zb5rzH3bPOvHOdonXZUl8P8NvjqTagT_0JEPI1b5DKsJuhygtJ_930V6W-rv3fuxJ9_Z=w607-h271" width="607" /></a></div><br /><br /></div></span></div></figure><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: "pingfang SC", "helvetica neue", arial, "hiragino sans gb", "microsoft yahei ui", "microsoft yahei", simsun, sans-serif; font-size: 14px; list-style: inherit; margin: 0px 0px 8px; min-height: 24px; padding: 0px; white-space: pre-wrap;">在PC上,存放一把公钥和临时私钥,公钥是打包进dtb中的,安全启动时使用。临时私钥是为了生成签名数据。</p><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: "pingfang SC", "helvetica neue", arial, "hiragino sans gb", "microsoft yahei ui", "microsoft yahei", simsun, sans-serif; font-size: 14px; list-style: inherit; margin: 0px 0px 8px; min-height: 24px; padding: 0px; white-space: pre-wrap;">在本地打包时,使用临时私钥对非安全镜像签名,将签名数据上传到服务器使用真正的私钥进行二次签名。将二次签名的数据和非安全镜像打包在一起,就得到了安全镜像。安全启动时,从dtb中拿出公钥对安全镜像进行校验即可。</p><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: "pingfang SC", "helvetica neue", arial, "hiragino sans gb", "microsoft yahei ui", "microsoft yahei", simsun, sans-serif; font-size: 14px; list-style: inherit; margin: 0px 0px 8px; min-height: 24px; padding: 0px; white-space: pre-wrap;">这样既可以保证私钥的安全,又避免了上传所有镜像签名的繁琐。</p><h2 id="%E7%AD%BE%E5%90%8D%E9%95%9C%E5%83%8F+%E7%AD%BE%E5%90%8D%E9%85%8D%E7%BD%AE" name="%E7%AD%BE%E5%90%8D%E9%95%9C%E5%83%8F+%E7%AD%BE%E5%90%8D%E9%85%8D%E7%BD%AE" style="background-color: white; box-sizing: border-box; font-family: "pingfang SC", "helvetica neue", arial, "hiragino sans gb", "microsoft yahei ui", "microsoft yahei", simsun, sans-serif; font-size: 16px; line-height: 26px; list-style: inherit; margin: 16px 0px 8px; padding: 0px; white-space: pre-wrap;"><strong style="box-sizing: border-box; list-style: inherit;">签名镜像+签名配置</strong> </h2><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: "pingfang SC", "helvetica neue", arial, "hiragino sans gb", "microsoft yahei ui", "microsoft yahei", simsun, sans-serif; font-size: 14px; list-style: inherit; margin: 0px 0px 8px; min-height: 24px; padding: 0px; white-space: pre-wrap;">在secure boot中,除了对各个独立镜像签名外,还要对FIT Image中的配置项进行签名。</p><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: "pingfang SC", "helvetica neue", arial, "hiragino sans gb", "microsoft yahei ui", "microsoft yahei", simsun, sans-serif; font-size: 14px; list-style: inherit; margin: 0px 0px 8px; min-height: 24px; padding: 0px; white-space: pre-wrap;">有些情况下,已经签名的镜像也有可能遭到破坏。例如,也可以使用相同的签名镜像创建一个FIT image,但是,其配置已经被改变,从而可以选择不同的镜像去加载(混合式匹配攻击)。也有可能拿旧版本的FIT Image去替换新的FIT image(回滚式攻击)。</p><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: "pingfang SC", "helvetica neue", arial, "hiragino sans gb", "microsoft yahei ui", "microsoft yahei", simsun, sans-serif; font-size: 14px; list-style: inherit; margin: 0px 0px 8px; min-height: 24px; padding: 0px; white-space: pre-wrap;">下面举个例子。</p><div class="developer-code-block" style="background-color: white; box-sizing: border-box; color: #333333; font-family: "pingfang SC", "helvetica neue", arial, "hiragino sans gb", "microsoft yahei ui", "microsoft yahei", simsun, sans-serif; font-size: 14px; list-style: inherit; margin: 0px; padding: 0px; position: relative; white-space: pre-wrap;"><pre class="prism-token token line-numbers language-javascript" style="background: rgb(80, 85, 107); border-radius: 3px; box-sizing: border-box; color: #cccccc; counter-reset: linenumber 0; font-family: Consolas, Monaco, "Andale Mono", "Ubuntu Mono", monospace; hyphens: none; line-height: 1.5; list-style: inherit; margin-bottom: 0.5em; margin-top: 0.5em; overflow-wrap: normal; overflow: auto; padding: 1em 1em 1em 3.8em; position: relative; tab-size: 4; word-break: normal; word-spacing: normal;" tabindex="0"><code class="language-javascript" style="background: transparent; border-radius: 0px; box-sizing: border-box; color: inherit; display: block; font-family: Consolas, Monaco, "Andale Mono", "Ubuntu Mono", monospace; hyphens: none; line-height: 1.5; list-style: inherit; margin-left: 0px; margin-right: 10px; overflow-wrap: break-word; padding: 0px; position: relative; tab-size: 4; vertical-align: baseline; white-space: inherit; word-break: normal; word-spacing: normal;"><span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">/</span> <span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">{</span>
images <span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">{</span>
kernel@<span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">1</span> <span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">{</span>
data <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">=</span> <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;"><</span>data <span class="token keyword" style="box-sizing: border-box; color: #cc99cd; list-style: inherit;">for</span> kernel1<span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">></span>
signature@<span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">1</span> <span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">{</span>
algo <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">=</span> <span class="token string" style="box-sizing: border-box; color: #7ec699; list-style: inherit;">"sha1,rsa2048"</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
# kernel image镜像的哈希值,由mkiamge工具自动生成
value <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">=</span> <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;"><</span><span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">...</span>kernel signature <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">1.</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">.</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">.</span><span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">></span>
<span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">}</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
<span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">}</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
kernel@<span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">2</span> <span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">{</span>
data <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">=</span> <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;"><</span>data <span class="token keyword" style="box-sizing: border-box; color: #cc99cd; list-style: inherit;">for</span> kernel2<span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">></span>
signature@<span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">1</span> <span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">{</span>
algo <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">=</span> <span class="token string" style="box-sizing: border-box; color: #7ec699; list-style: inherit;">"sha1,rsa2048"</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
value <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">=</span> <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;"><</span><span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">...</span>kernel signature <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">2.</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">.</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">.</span><span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">></span>
<span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">}</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
<span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">}</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
fdt@<span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">1</span> <span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">{</span>
data <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">=</span> <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;"><</span>data <span class="token keyword" style="box-sizing: border-box; color: #cc99cd; list-style: inherit;">for</span> fdt1<span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">></span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
signature@<span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">1</span> <span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">{</span>
algo <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">=</span> <span class="token string" style="box-sizing: border-box; color: #7ec699; list-style: inherit;">"sha1,rsa2048"</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
vaue <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">=</span> <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;"><</span><span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">...</span>fdt signature <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">1.</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">.</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">.</span><span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">></span>
<span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">}</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
<span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">}</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
fdt@<span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">2</span> <span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">{</span>
data <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">=</span> <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;"><</span>data <span class="token keyword" style="box-sizing: border-box; color: #cc99cd; list-style: inherit;">for</span> fdt2<span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">></span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
signature@<span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">1</span> <span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">{</span>
algo <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">=</span> <span class="token string" style="box-sizing: border-box; color: #7ec699; list-style: inherit;">"sha1,rsa2048"</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
vaue <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">=</span> <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;"><</span><span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">...</span>fdt signature <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">2.</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">.</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">.</span><span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">></span>
<span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">}</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
<span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">}</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
<span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">}</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
configurations <span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">{</span>
<span class="token keyword" style="box-sizing: border-box; color: #cc99cd; list-style: inherit;">default</span> <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">=</span> <span class="token string" style="box-sizing: border-box; color: #7ec699; list-style: inherit;">"conf@1"</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
conf@<span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">1</span> <span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">{</span>
kernel <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">=</span> <span class="token string" style="box-sizing: border-box; color: #7ec699; list-style: inherit;">"kernel@1"</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
fdt <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">=</span> <span class="token string" style="box-sizing: border-box; color: #7ec699; list-style: inherit;">"fdt@1"</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
<span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">}</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
conf@<span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">1</span> <span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">{</span>
kernel <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">=</span> <span class="token string" style="box-sizing: border-box; color: #7ec699; list-style: inherit;">"kernel@2"</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
fdt <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">=</span> <span class="token string" style="box-sizing: border-box; color: #7ec699; list-style: inherit;">"fdt@2"</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
<span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">}</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
<span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">}</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
<span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">}</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
<span aria-hidden="true" class="line-numbers-rows" style="border-right: 1px solid rgb(153, 153, 153); box-sizing: border-box; left: -3.8em; letter-spacing: -1px; list-style: inherit; pointer-events: none; position: absolute; top: 0px; user-select: none; width: 3em;"><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span></span></code></pre><button class="copy" style="background-color: #697191; border-color: initial; border-radius: 0.5em; border-style: none; border-width: initial; color: white; cursor: pointer; font-family: "Pingfang SC", "STHeiti Light", "helvetica neue", "hiragino sans gb", arial, "microsoft yahei ui", "microsoft yahei", simsun, sans-serif; font-size: 0.8em; list-style: inherit; margin: 0px; opacity: 0; padding: 0px 0.5em; position: absolute; right: 0.2em; top: 0.3em; transition: opacity 0.3s ease-in-out 0s; z-index: 10;">复制</button></div><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: "pingfang SC", "helvetica neue", arial, "hiragino sans gb", "microsoft yahei ui", "microsoft yahei", simsun, sans-serif; font-size: 14px; list-style: inherit; margin: 0px 0px 8px; min-height: 24px; padding: 0px; white-space: pre-wrap;">两个kernel image 都已经被签名了,但是,攻击者可以很容易的将kernel1 和fdt2 作为configuration 3去加载。</p><div class="developer-code-block" style="background-color: white; box-sizing: border-box; color: #333333; font-family: "pingfang SC", "helvetica neue", arial, "hiragino sans gb", "microsoft yahei ui", "microsoft yahei", simsun, sans-serif; font-size: 14px; list-style: inherit; margin: 0px; padding: 0px; position: relative; white-space: pre-wrap;"><pre class="prism-token token line-numbers language-javascript" style="background: rgb(80, 85, 107); border-radius: 3px; box-sizing: border-box; color: #cccccc; counter-reset: linenumber 0; font-family: Consolas, Monaco, "Andale Mono", "Ubuntu Mono", monospace; hyphens: none; line-height: 1.5; list-style: inherit; margin-bottom: 0.5em; margin-top: 0.5em; overflow-wrap: normal; overflow: auto; padding: 1em 1em 1em 3.8em; position: relative; tab-size: 4; word-break: normal; word-spacing: normal;" tabindex="0"><code class="language-javascript" style="background: transparent; border-radius: 0px; box-sizing: border-box; color: inherit; display: block; font-family: Consolas, Monaco, "Andale Mono", "Ubuntu Mono", monospace; hyphens: none; line-height: 1.5; list-style: inherit; margin-left: 0px; margin-right: 10px; overflow-wrap: break-word; padding: 0px; position: relative; tab-size: 4; vertical-align: baseline; white-space: inherit; word-break: normal; word-spacing: normal;"> configurations <span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">{</span>
<span class="token keyword" style="box-sizing: border-box; color: #cc99cd; list-style: inherit;">default</span> <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">=</span> <span class="token string" style="box-sizing: border-box; color: #7ec699; list-style: inherit;">"conf@1"</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
conf@<span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">1</span> <span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">{</span>
kernel <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">=</span> <span class="token string" style="box-sizing: border-box; color: #7ec699; list-style: inherit;">"kernel@1"</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
fdt <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">=</span> <span class="token string" style="box-sizing: border-box; color: #7ec699; list-style: inherit;">"fdt@1"</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
<span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">}</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
conf@<span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">1</span> <span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">{</span>
kernel <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">=</span> <span class="token string" style="box-sizing: border-box; color: #7ec699; list-style: inherit;">"kernel@2"</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
fdt <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">=</span> <span class="token string" style="box-sizing: border-box; color: #7ec699; list-style: inherit;">"fdt@2"</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
<span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">}</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
conf@<span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">3</span> <span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">{</span>
kernel <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">=</span> <span class="token string" style="box-sizing: border-box; color: #7ec699; list-style: inherit;">"kernel@1"</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
fdt <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">=</span> <span class="token string" style="box-sizing: border-box; color: #7ec699; list-style: inherit;">"fdt@2"</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
<span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">}</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
<span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">}</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
<span aria-hidden="true" class="line-numbers-rows" style="border-right: 1px solid rgb(153, 153, 153); box-sizing: border-box; left: -3.8em; letter-spacing: -1px; list-style: inherit; pointer-events: none; position: absolute; top: 0px; user-select: none; width: 3em;"><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span></span></code></pre><button class="copy" style="background-color: #697191; border-color: initial; border-radius: 0.5em; border-style: none; border-width: initial; color: white; cursor: pointer; font-family: "Pingfang SC", "STHeiti Light", "helvetica neue", "hiragino sans gb", arial, "microsoft yahei ui", "microsoft yahei", simsun, sans-serif; font-size: 0.8em; list-style: inherit; margin: 0px; opacity: 0; padding: 0px 0.5em; position: absolute; right: 0.2em; top: 0.3em; transition: opacity 0.3s ease-in-out 0s; z-index: 10;">复制</button></div><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: "pingfang SC", "helvetica neue", arial, "hiragino sans gb", "microsoft yahei ui", "microsoft yahei", simsun, sans-serif; font-size: 14px; list-style: inherit; margin: 0px 0px 8px; min-height: 24px; padding: 0px; white-space: pre-wrap;">攻击者可以拿到签名的镜像,并且镜像是正确的。这种组合式攻击会给设备带来很大风险。</p><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: "pingfang SC", "helvetica neue", arial, "hiragino sans gb", "microsoft yahei ui", "microsoft yahei", simsun, sans-serif; font-size: 14px; list-style: inherit; margin: 0px 0px 8px; min-height: 24px; padding: 0px; white-space: pre-wrap;">因此,为了解决这个问题,除了给镜像签名外,我们可以把配置选项也签名,每个镜像都有自己的签名,在给配置选项签名时,把镜像的hash值也包含进去。具体例子如下:</p><div class="developer-code-block" style="background-color: white; box-sizing: border-box; color: #333333; font-family: "pingfang SC", "helvetica neue", arial, "hiragino sans gb", "microsoft yahei ui", "microsoft yahei", simsun, sans-serif; font-size: 14px; list-style: inherit; margin: 0px; padding: 0px; position: relative; white-space: pre-wrap;"><pre class="prism-token token line-numbers language-javascript" style="background: rgb(80, 85, 107); border-radius: 3px; box-sizing: border-box; color: #cccccc; counter-reset: linenumber 0; font-family: Consolas, Monaco, "Andale Mono", "Ubuntu Mono", monospace; hyphens: none; line-height: 1.5; list-style: inherit; margin-bottom: 0.5em; margin-top: 0.5em; overflow-wrap: normal; overflow: auto; padding: 1em 1em 1em 3.8em; position: relative; tab-size: 4; word-break: normal; word-spacing: normal;" tabindex="0"><code class="language-javascript" style="background: transparent; border-radius: 0px; box-sizing: border-box; color: inherit; display: block; font-family: Consolas, Monaco, "Andale Mono", "Ubuntu Mono", monospace; hyphens: none; line-height: 1.5; list-style: inherit; margin-left: 0px; margin-right: 10px; overflow-wrap: break-word; padding: 0px; position: relative; tab-size: 4; vertical-align: baseline; white-space: inherit; word-break: normal; word-spacing: normal;"><span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">/</span> <span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">{</span>
images <span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">{</span>
kernel@<span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">1</span> <span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">{</span>
data <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">=</span> <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;"><</span>data <span class="token keyword" style="box-sizing: border-box; color: #cc99cd; list-style: inherit;">for</span> kernel1<span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">></span>
hash@<span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">1</span> <span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">{</span>
algo <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">=</span> <span class="token string" style="box-sizing: border-box; color: #7ec699; list-style: inherit;">"sha1"</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
value <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">=</span> <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;"><</span><span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">...</span>kernel hash <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">1.</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">.</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">.</span><span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">></span>
<span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">}</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
<span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">}</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
kernel@<span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">2</span> <span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">{</span>
data <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">=</span> <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;"><</span>data <span class="token keyword" style="box-sizing: border-box; color: #cc99cd; list-style: inherit;">for</span> kernel2<span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">></span>
hash@<span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">1</span> <span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">{</span>
algo <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">=</span> <span class="token string" style="box-sizing: border-box; color: #7ec699; list-style: inherit;">"sha1"</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
value <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">=</span> <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;"><</span><span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">...</span>kernel hash <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">2.</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">.</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">.</span><span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">></span>
<span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">}</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
<span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">}</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
fdt@<span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">1</span> <span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">{</span>
data <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">=</span> <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;"><</span>data <span class="token keyword" style="box-sizing: border-box; color: #cc99cd; list-style: inherit;">for</span> fdt1<span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">></span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
hash@<span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">1</span> <span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">{</span>
algo <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">=</span> <span class="token string" style="box-sizing: border-box; color: #7ec699; list-style: inherit;">"sha1"</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
value <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">=</span> <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;"><</span><span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">...</span>fdt hash <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">1.</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">.</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">.</span><span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">></span>
<span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">}</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
<span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">}</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
fdt@<span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">2</span> <span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">{</span>
data <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">=</span> <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;"><</span>data <span class="token keyword" style="box-sizing: border-box; color: #cc99cd; list-style: inherit;">for</span> fdt2<span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">></span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
hash@<span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">1</span> <span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">{</span>
algo <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">=</span> <span class="token string" style="box-sizing: border-box; color: #7ec699; list-style: inherit;">"sha1"</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
value <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">=</span> <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;"><</span><span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">...</span>fdt hash <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">2.</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">.</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">.</span><span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">></span>
<span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">}</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
<span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">}</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
<span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">}</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
configurations <span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">{</span>
<span class="token keyword" style="box-sizing: border-box; color: #cc99cd; list-style: inherit;">default</span> <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">=</span> <span class="token string" style="box-sizing: border-box; color: #7ec699; list-style: inherit;">"conf@1"</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
conf@<span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">1</span> <span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">{</span>
kernel <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">=</span> <span class="token string" style="box-sizing: border-box; color: #7ec699; list-style: inherit;">"kernel@1"</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
fdt <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">=</span> <span class="token string" style="box-sizing: border-box; color: #7ec699; list-style: inherit;">"fdt@1"</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
signature@<span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">1</span> <span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">{</span>
algo <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">=</span> <span class="token string" style="box-sizing: border-box; color: #7ec699; list-style: inherit;">"sha1,rsa2048"</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
# 对配置项签名,由mkimage工具自动生成
value <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">=</span> <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;"><</span><span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">...</span>conf <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">1</span> signature<span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">...</span><span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">></span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
<span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">}</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
<span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">}</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
conf@<span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">2</span> <span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">{</span>
kernel <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">=</span> <span class="token string" style="box-sizing: border-box; color: #7ec699; list-style: inherit;">"kernel@2"</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
fdt <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">=</span> <span class="token string" style="box-sizing: border-box; color: #7ec699; list-style: inherit;">"fdt@2"</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
signature@<span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">1</span> <span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">{</span>
algo <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">=</span> <span class="token string" style="box-sizing: border-box; color: #7ec699; list-style: inherit;">"sha1,rsa2048"</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
value <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">=</span> <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;"><</span><span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">...</span>conf <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">1</span> signature<span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">...</span><span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">></span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
<span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">}</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
<span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">}</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
<span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">}</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
<span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">}</span><span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">;</span>
<span aria-hidden="true" class="line-numbers-rows" style="border-right: 1px solid rgb(153, 153, 153); box-sizing: border-box; left: -3.8em; letter-spacing: -1px; list-style: inherit; pointer-events: none; position: absolute; top: 0px; user-select: none; width: 3em;"><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span></span></code></pre><button class="copy" style="background-color: #697191; border-color: initial; border-radius: 0.5em; border-style: none; border-width: initial; color: white; cursor: pointer; font-family: "Pingfang SC", "STHeiti Light", "helvetica neue", "hiragino sans gb", arial, "microsoft yahei ui", "microsoft yahei", simsun, sans-serif; font-size: 0.8em; list-style: inherit; margin: 0px; opacity: 0; padding: 0px 0.5em; position: absolute; right: 0.2em; top: 0.3em; transition: opacity 0.3s ease-in-out 0s; z-index: 10;">复制</button></div><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: "pingfang SC", "helvetica neue", arial, "hiragino sans gb", "microsoft yahei ui", "microsoft yahei", simsun, sans-serif; font-size: 14px; list-style: inherit; margin: 0px 0px 8px; min-height: 24px; padding: 0px; white-space: pre-wrap;">如上所示,除了给所有镜像添加了hash值,还为每个配置添加了签名。mkimage将会对<code style="background-color: #f3f5f9; border-radius: 0px; box-sizing: border-box; color: #0abf5b; display: inline-block; font-family: Consolas, "Liberation Mono", Menlo, Courier, "Microsoft Yahei", monospace; line-height: 20px; list-style: inherit; margin-left: 10px; margin-right: 10px; overflow-wrap: break-word; padding: 0px 12px; word-break: normal;">configurations/conf@1</code>签名<code style="background-color: #f3f5f9; border-radius: 0px; box-sizing: border-box; color: #0abf5b; display: inline-block; font-family: Consolas, "Liberation Mono", Menlo, Courier, "Microsoft Yahei", monospace; line-height: 20px; list-style: inherit; margin-left: 10px; margin-right: 10px; overflow-wrap: break-word; padding: 0px 12px; word-break: normal;">(/images/kernel@1, /images/kernel@1/hash@1,/images/fdt@1, /images/fdt@1/hash@1)</code> 。签名会被写入 <code style="background-color: #f3f5f9; border-radius: 0px; box-sizing: border-box; color: #0abf5b; display: inline-block; font-family: Consolas, "Liberation Mono", Menlo, Courier, "Microsoft Yahei", monospace; line-height: 20px; list-style: inherit; margin-left: 10px; margin-right: 10px; overflow-wrap: break-word; padding: 0px 12px; word-break: normal;">/configurations/conf@1/signature@1/value</code>。</p><h2 id="%E9%AA%8C%E7%AD%BE" name="%E9%AA%8C%E7%AD%BE" style="background-color: white; box-sizing: border-box; font-family: "pingfang SC", "helvetica neue", arial, "hiragino sans gb", "microsoft yahei ui", "microsoft yahei", simsun, sans-serif; font-size: 16px; line-height: 26px; list-style: inherit; margin: 16px 0px 8px; padding: 0px; white-space: pre-wrap;"><strong style="box-sizing: border-box; list-style: inherit;">验签</strong> </h2><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: "pingfang SC", "helvetica neue", arial, "hiragino sans gb", "microsoft yahei ui", "microsoft yahei", simsun, sans-serif; font-size: 14px; list-style: inherit; margin: 0px 0px 8px; min-height: 24px; padding: 0px; white-space: pre-wrap;">FIT image 在加载时会验签。如果'required' 指定了验签的公钥,则会使用这把公钥校验该配置对应的所有镜像。</p><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: "pingfang SC", "helvetica neue", arial, "hiragino sans gb", "microsoft yahei ui", "microsoft yahei", simsun, sans-serif; font-size: 14px; list-style: inherit; margin: 0px 0px 8px; min-height: 24px; padding: 0px; white-space: pre-wrap;">为了支持FIT格式,以下配置项必须被选上。</p><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: "pingfang SC", "helvetica neue", arial, "hiragino sans gb", "microsoft yahei ui", "microsoft yahei", simsun, sans-serif; font-size: 14px; list-style: inherit; margin: 0px 0px 8px; min-height: 24px; padding: 0px; white-space: pre-wrap;">CONFIG_FIT_SIGNATURE :使能FIT image的签名和验签</p><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: "pingfang SC", "helvetica neue", arial, "hiragino sans gb", "microsoft yahei ui", "microsoft yahei", simsun, sans-serif; font-size: 14px; list-style: inherit; margin: 0px 0px 8px; min-height: 24px; padding: 0px; white-space: pre-wrap;">CONFIG_RSA :使能RSA签名算法</p><blockquote style="background-color: white; border-left: 4px solid rgb(221, 221, 221); box-sizing: border-box; color: #777777; font-family: "pingfang SC", "helvetica neue", arial, "hiragino sans gb", "microsoft yahei ui", "microsoft yahei", simsun, sans-serif; font-size: 14px; list-style: inherit; margin: 0px 0px 24px; padding: 0px 15px; white-space: pre-wrap;"><p style="box-sizing: border-box; list-style: inherit; margin: 0px; min-height: 24px; padding: 0px;">默认情况下,使能FIT Image的签名和验签后,CONFIG_IMAGE_FORMAT_LEGACY会被禁用。即FIT uboot image的只能引导FIT kernel Image。
如果需要引导legacy kernel image,需要手动添加CONFIG_IMAGE_FORMAT_LEGACY 定义。</p></blockquote><h2 id="%E6%B5%8B%E8%AF%95" name="%E6%B5%8B%E8%AF%95" style="background-color: white; box-sizing: border-box; font-family: "pingfang SC", "helvetica neue", arial, "hiragino sans gb", "microsoft yahei ui", "microsoft yahei", simsun, sans-serif; font-size: 16px; line-height: 26px; list-style: inherit; margin: 16px 0px 8px; padding: 0px; white-space: pre-wrap;"><strong style="box-sizing: border-box; list-style: inherit;">测试</strong> </h2><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: "pingfang SC", "helvetica neue", arial, "hiragino sans gb", "microsoft yahei ui", "microsoft yahei", simsun, sans-serif; font-size: 14px; list-style: inherit; margin: 0px 0px 8px; min-height: 24px; padding: 0px; white-space: pre-wrap;">为了校验签名和验签是否正确,可以使用测试脚本<code style="background-color: #f3f5f9; border-radius: 0px; box-sizing: border-box; color: #0abf5b; display: inline-block; font-family: Consolas, "Liberation Mono", Menlo, Courier, "Microsoft Yahei", monospace; line-height: 20px; list-style: inherit; margin-left: 10px; margin-right: 10px; overflow-wrap: break-word; padding: 0px 12px; word-break: normal;">test/vboot/vboot_test.sh</code>。下面以sandbox为例子来说明bootm的启动和对镜像的验签。</p><div class="developer-code-block" style="background-color: white; box-sizing: border-box; color: #333333; font-family: "pingfang SC", "helvetica neue", arial, "hiragino sans gb", "microsoft yahei ui", "microsoft yahei", simsun, sans-serif; font-size: 14px; list-style: inherit; margin: 0px; padding: 0px; position: relative; white-space: pre-wrap;"><pre class="prism-token token line-numbers language-javascript" style="background: rgb(80, 85, 107); border-radius: 3px; box-sizing: border-box; color: #cccccc; counter-reset: linenumber 0; font-family: Consolas, Monaco, "Andale Mono", "Ubuntu Mono", monospace; hyphens: none; line-height: 1.5; list-style: inherit; margin-bottom: 0.5em; margin-top: 0.5em; overflow-wrap: normal; overflow: auto; padding: 1em 1em 1em 3.8em; position: relative; tab-size: 4; word-break: normal; word-spacing: normal;" tabindex="0"><code class="language-javascript" style="background: transparent; border-radius: 0px; box-sizing: border-box; color: inherit; display: block; font-family: Consolas, Monaco, "Andale Mono", "Ubuntu Mono", monospace; hyphens: none; line-height: 1.5; list-style: inherit; margin-left: 0px; margin-right: 10px; overflow-wrap: break-word; padding: 0px; position: relative; tab-size: 4; vertical-align: baseline; white-space: inherit; word-break: normal; word-spacing: normal;">$ make <span class="token constant" style="box-sizing: border-box; color: #f8c555; list-style: inherit;">O</span><span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">=</span>sandbox sandbox_config
$ make <span class="token constant" style="box-sizing: border-box; color: #f8c555; list-style: inherit;">O</span><span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">=</span>sandbox
$ <span class="token constant" style="box-sizing: border-box; color: #f8c555; list-style: inherit;">O</span><span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">=</span>sandbox <span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">.</span><span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">/</span>test<span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">/</span>vboot<span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">/</span>vboot_test<span class="token punctuation" style="box-sizing: border-box; list-style: inherit;">.</span>sh
<span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">/</span>home<span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">/</span>hs<span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">/</span>ids<span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">/</span>u<span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">-</span>boot<span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">/</span>sandbox<span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">/</span>tools<span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">/</span>mkimage <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">-</span><span class="token constant" style="box-sizing: border-box; color: #f8c555; list-style: inherit;">D</span> <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">-</span><span class="token constant" style="box-sizing: border-box; color: #f8c555; list-style: inherit;">I</span> dts <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">-</span><span class="token constant" style="box-sizing: border-box; color: #f8c555; list-style: inherit;">O</span> dtb <span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">-</span>p <span class="token number" style="box-sizing: border-box; color: #f08d49; list-style: inherit;">2000</span>
Build keys
<span class="token keyword" style="box-sizing: border-box; color: #cc99cd; list-style: inherit;">do</span> sha1 test
Build <span class="token constant" style="box-sizing: border-box; color: #f8c555; list-style: inherit;">FIT</span> <span class="token keyword" style="box-sizing: border-box; color: #cc99cd; list-style: inherit;">with</span> signed images
Test Verified Boot Run<span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">:</span> unsigned signatures<span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">:</span><span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">:</span> <span class="token constant" style="box-sizing: border-box; color: #f8c555; list-style: inherit;">OK</span>
Sign images
Test Verified Boot Run<span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">:</span> signed images<span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">:</span> <span class="token constant" style="box-sizing: border-box; color: #f8c555; list-style: inherit;">OK</span>
Build <span class="token constant" style="box-sizing: border-box; color: #f8c555; list-style: inherit;">FIT</span> <span class="token keyword" style="box-sizing: border-box; color: #cc99cd; list-style: inherit;">with</span> signed configuration
Test Verified Boot Run<span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">:</span> unsigned config<span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">:</span> <span class="token constant" style="box-sizing: border-box; color: #f8c555; list-style: inherit;">OK</span>
Sign images
Test Verified Boot Run<span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">:</span> signed config<span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">:</span> <span class="token constant" style="box-sizing: border-box; color: #f8c555; list-style: inherit;">OK</span>
check signed config on the host
Signature check <span class="token constant" style="box-sizing: border-box; color: #f8c555; list-style: inherit;">OK</span>
<span class="token constant" style="box-sizing: border-box; color: #f8c555; list-style: inherit;">OK</span>
Test Verified Boot Run<span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">:</span> signed config<span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">:</span> <span class="token constant" style="box-sizing: border-box; color: #f8c555; list-style: inherit;">OK</span>
Test Verified Boot Run<span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">:</span> signed config <span class="token keyword" style="box-sizing: border-box; color: #cc99cd; list-style: inherit;">with</span> bad hash<span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">:</span> <span class="token constant" style="box-sizing: border-box; color: #f8c555; list-style: inherit;">OK</span>
<span class="token keyword" style="box-sizing: border-box; color: #cc99cd; list-style: inherit;">do</span> sha256 test
Build <span class="token constant" style="box-sizing: border-box; color: #f8c555; list-style: inherit;">FIT</span> <span class="token keyword" style="box-sizing: border-box; color: #cc99cd; list-style: inherit;">with</span> signed images
Test Verified Boot Run<span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">:</span> unsigned signatures<span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">:</span><span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">:</span> <span class="token constant" style="box-sizing: border-box; color: #f8c555; list-style: inherit;">OK</span>
Sign images
Test Verified Boot Run<span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">:</span> signed images<span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">:</span> <span class="token constant" style="box-sizing: border-box; color: #f8c555; list-style: inherit;">OK</span>
Build <span class="token constant" style="box-sizing: border-box; color: #f8c555; list-style: inherit;">FIT</span> <span class="token keyword" style="box-sizing: border-box; color: #cc99cd; list-style: inherit;">with</span> signed configuration
Test Verified Boot Run<span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">:</span> unsigned config<span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">:</span> <span class="token constant" style="box-sizing: border-box; color: #f8c555; list-style: inherit;">OK</span>
Sign images
Test Verified Boot Run<span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">:</span> signed config<span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">:</span> <span class="token constant" style="box-sizing: border-box; color: #f8c555; list-style: inherit;">OK</span>
check signed config on the host
Signature check <span class="token constant" style="box-sizing: border-box; color: #f8c555; list-style: inherit;">OK</span>
<span class="token constant" style="box-sizing: border-box; color: #f8c555; list-style: inherit;">OK</span>
Test Verified Boot Run<span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">:</span> signed config<span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">:</span> <span class="token constant" style="box-sizing: border-box; color: #f8c555; list-style: inherit;">OK</span>
Test Verified Boot Run<span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">:</span> signed config <span class="token keyword" style="box-sizing: border-box; color: #cc99cd; list-style: inherit;">with</span> bad hash<span class="token operator" style="box-sizing: border-box; color: #67cdcc; list-style: inherit;">:</span> <span class="token constant" style="box-sizing: border-box; color: #f8c555; list-style: inherit;">OK</span>
Test passed
<span aria-hidden="true" class="line-numbers-rows" style="border-right: 1px solid rgb(153, 153, 153); box-sizing: border-box; left: -3.8em; letter-spacing: -1px; list-style: inherit; pointer-events: none; position: absolute; top: 0px; user-select: none; width: 3em;"><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span><span style="box-sizing: border-box; counter-increment: linenumber 1; display: block; list-style: inherit;"></span></span></code></pre><button class="copy" style="background-color: #697191; border-color: initial; border-radius: 0.5em; border-style: none; border-width: initial; color: white; cursor: pointer; font-family: "Pingfang SC", "STHeiti Light", "helvetica neue", "hiragino sans gb", arial, "microsoft yahei ui", "microsoft yahei", simsun, sans-serif; font-size: 0.8em; list-style: inherit; margin: 0px; opacity: 0; padding: 0px 0.5em; position: absolute; right: 0.2em; top: 0.3em; transition: opacity 0.3s ease-in-out 0s; z-index: 10;">复制</button></div><h2 id="%E5%AE%8C%E6%95%B4%E6%A0%A1%E9%AA%8C%E6%B5%81%E7%A8%8B" name="%E5%AE%8C%E6%95%B4%E6%A0%A1%E9%AA%8C%E6%B5%81%E7%A8%8B" style="background-color: white; box-sizing: border-box; font-family: "pingfang SC", "helvetica neue", arial, "hiragino sans gb", "microsoft yahei ui", "microsoft yahei", simsun, sans-serif; font-size: 16px; line-height: 26px; list-style: inherit; margin: 16px 0px 8px; padding: 0px; white-space: pre-wrap;"><strong style="box-sizing: border-box; list-style: inherit;">完整校验流程</strong> </h2><h3 id="OTP%E6%A0%A1%E9%AA%8Cloader" name="OTP%E6%A0%A1%E9%AA%8Cloader" style="background-color: white; box-sizing: border-box; font-family: "pingfang SC", "helvetica neue", arial, "hiragino sans gb", "microsoft yahei ui", "microsoft yahei", simsun, sans-serif; font-size: 14px; line-height: 24px; list-style: inherit; margin: 12px 0px 8px; padding: 0px; white-space: pre-wrap;"><strong style="box-sizing: border-box; list-style: inherit;">OTP校验loader</strong></h3><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: "pingfang SC", "helvetica neue", arial, "hiragino sans gb", "microsoft yahei ui", "microsoft yahei", simsun, sans-serif; font-size: 14px; list-style: inherit; margin: 0px 0px 8px; min-height: 24px; padding: 0px; white-space: pre-wrap;">那么,这种镜像校验方式有个很重要的问题,公钥存在哪里才是安全的呢?</p><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: "pingfang SC", "helvetica neue", arial, "hiragino sans gb", "microsoft yahei ui", "microsoft yahei", simsun, sans-serif; font-size: 14px; list-style: inherit; margin: 0px 0px 8px; min-height: 24px; padding: 0px; white-space: pre-wrap;">一般SOC中会有一个叫OTP或EFUSE的区域,这部分区域比较特殊,只可以写入一次,写入后就再也不可以修改了。把公钥存储在OTP中,就可以很好地保证其不能被修改。</p><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: "pingfang SC", "helvetica neue", arial, "hiragino sans gb", "microsoft yahei ui", "microsoft yahei", simsun, sans-serif; font-size: 14px; list-style: inherit; margin: 0px 0px 8px; min-height: 24px; padding: 0px; white-space: pre-wrap;">OTP的存储空间很小,一般只有几KB,因此并不适合直接存放RSA公钥。一般都是将RSA公钥的hash val 存放在OTP中。像sha256的hash值仅为256 bits,而RSA 公钥本身一般存放在镜像中。</p><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: "pingfang SC", "helvetica neue", arial, "hiragino sans gb", "microsoft yahei ui", "microsoft yahei", simsun, sans-serif; font-size: 14px; list-style: inherit; margin: 0px 0px 8px; min-height: 24px; padding: 0px; white-space: pre-wrap;">在使用公钥之前,只需要使用OTP中的公钥hash值验证镜像附带公钥的完整性,即可确定公钥是否合法。</p><figure style="background-color: white; box-sizing: border-box; color: #333333; font-family: "pingfang SC", "helvetica neue", arial, "hiragino sans gb", "microsoft yahei ui", "microsoft yahei", simsun, sans-serif; font-size: 14px; list-style: inherit; margin: 16px 0px; white-space: pre-wrap;"><div class="image-block" style="box-sizing: border-box; list-style: inherit; margin: 0px; padding: 0px;"><span style="box-sizing: border-box; list-style: inherit;"><div style="box-sizing: border-box; list-style: inherit; margin: 0px; padding: 0px; position: relative; text-align: center;"><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEgWTO4s7RZWhGvF56vpRFXZEnNwEuhO_SEBLJzPFWQ8XhTIVqn6vBg1Yn85bhcJ6ypWo8rMRxvdPjvZSJbN0zkSo4l_1hRDCPfDNCBeUNkos37TBsXDH892kC-rT2HlUSCJ3QNdJkcST8H-o36AS7-5zbmLgpzxXj86dZO1y8menyeY_CA-ixq-N4Ld" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="345" data-original-width="1080" height="183" src="https://blogger.googleusercontent.com/img/a/AVvXsEgWTO4s7RZWhGvF56vpRFXZEnNwEuhO_SEBLJzPFWQ8XhTIVqn6vBg1Yn85bhcJ6ypWo8rMRxvdPjvZSJbN0zkSo4l_1hRDCPfDNCBeUNkos37TBsXDH892kC-rT2HlUSCJ3QNdJkcST8H-o36AS7-5zbmLgpzxXj86dZO1y8menyeY_CA-ixq-N4Ld=w575-h183" width="575" /></a></div><br /><br /></div></span></div></figure><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: "pingfang SC", "helvetica neue", arial, "hiragino sans gb", "microsoft yahei ui", "microsoft yahei", simsun, sans-serif; font-size: 14px; list-style: inherit; margin: 0px 0px 8px; min-height: 24px; padding: 0px; white-space: pre-wrap;">RSA公钥需要一般使用芯片厂家的工具写入loader。安全启动时,bootrom首先从loader固件头中获取RSA公钥并校验合法性;然后再使用该公钥校验SPL的固件签名。</p><h3 id="spl%E6%A0%A1%E9%AA%8Cuboot" name="spl%E6%A0%A1%E9%AA%8Cuboot" style="background-color: white; box-sizing: border-box; font-family: "pingfang SC", "helvetica neue", arial, "hiragino sans gb", "microsoft yahei ui", "microsoft yahei", simsun, sans-serif; font-size: 14px; line-height: 24px; list-style: inherit; margin: 16px 0px 8px; padding: 0px; white-space: pre-wrap;"><strong style="box-sizing: border-box; list-style: inherit;">spl校验uboot</strong></h3><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: "pingfang SC", "helvetica neue", arial, "hiragino sans gb", "microsoft yahei ui", "microsoft yahei", simsun, sans-serif; font-size: 14px; list-style: inherit; margin: 0px 0px 8px; min-height: 24px; padding: 0px; white-space: pre-wrap;">SPL把RSA公钥保存在u-boot-spl.dtb中,u-boot-spl.dtb会被打包进u-boot-spl.bin文件(最后打包进loader);安全启动时SPL从自己的dtb文件中拿出RSA公钥对uboot.img进行安全校验。</p><h3 id="uboot%E6%A0%A1%E9%AA%8Ckernel" name="uboot%E6%A0%A1%E9%AA%8Ckernel" style="background-color: white; box-sizing: border-box; font-family: "pingfang SC", "helvetica neue", arial, "hiragino sans gb", "microsoft yahei ui", "microsoft yahei", simsun, sans-serif; font-size: 14px; line-height: 24px; list-style: inherit; margin: 16px 0px 8px; padding: 0px; white-space: pre-wrap;"><strong style="box-sizing: border-box; list-style: inherit;">uboot校验kernel</strong></h3><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: "pingfang SC", "helvetica neue", arial, "hiragino sans gb", "microsoft yahei ui", "microsoft yahei", simsun, sans-serif; font-size: 14px; list-style: inherit; margin: 0px 0px 8px; min-height: 24px; padding: 0px; white-space: pre-wrap;">U-Boot把RSA公钥保存在u-boot.dtb中,u-boot.dtb会被打包进u-boot.bin文件(最后打包为uboot.img);安全启动时U-Boot从自己的dtb文件中拿RSA公钥对boot.img进行校验。</p><h2 id="%E6%80%BB%E7%BB%93" name="%E6%80%BB%E7%BB%93" style="background-color: white; box-sizing: border-box; font-family: "pingfang SC", "helvetica neue", arial, "hiragino sans gb", "microsoft yahei ui", "microsoft yahei", simsun, sans-serif; font-size: 16px; line-height: 26px; list-style: inherit; margin: 16px 0px 8px; padding: 0px; white-space: pre-wrap;"><strong style="box-sizing: border-box; list-style: inherit;">总结</strong> </h2><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: "pingfang SC", "helvetica neue", arial, "hiragino sans gb", "microsoft yahei ui", "microsoft yahei", simsun, sans-serif; font-size: 14px; list-style: inherit; margin: 0px 0px 8px; min-height: 24px; padding: 0px; white-space: pre-wrap;">从bootrom到kernel为止的安全启动,统一使用一把RSA公钥完成安全校验,并且当前这级的RSA Key已经作为自身固件的一部分,由前一级loader完成了安全校验,从而保证了Key的安全。</p>髒圳嘎http://www.blogger.com/profile/17184209061223272557noreply@blogger.com0tag:blogger.com,1999:blog-2937680267848947674.post-29190390746465510862023-02-21T18:20:00.000+08:002023-02-21T18:20:23.045+08:00<p> <br /><br /></p><p style="background-color: white; box-sizing: border-box; color: #151515; font-family: RedHatText, Overpass, Helvetica, Arial, sans-serif; font-size: 16px; line-height: 24px; margin-bottom: var(--pf-c-content--MarginBottom); margin-left: 0px; margin-right: 0px; margin-top: 0px; padding: 0px;">A <a href="https://developers.redhat.com/topics/linux" style="box-sizing: border-box; cursor: pointer; font-family: inherit; font-size: inherit; font-weight: inherit; line-height: inherit; text-decoration: var(--pf-theme--link--text-decoration,"underline");">Linux</a> bridge is a kernel module that behaves like a network switch, forwarding packets between interfaces that are connected to it. It's usually used for forwarding packets on routers, on gateways, or between VMs and network namespaces on a host.</p><p style="background-color: white; box-sizing: border-box; color: #151515; font-family: RedHatText, Overpass, Helvetica, Arial, sans-serif; font-size: 16px; line-height: 24px; margin-bottom: var(--pf-c-content--MarginBottom); margin-left: 0px; margin-right: 0px; margin-top: 0px; padding: 0px;">The Linux bridge has included basic support for the <a href="https://www.inap.com/blog/spanning-tree-protocol-explained/" style="box-sizing: border-box; cursor: pointer; font-family: inherit; font-size: inherit; font-weight: inherit; line-height: inherit; text-decoration: var(--pf-theme--link--text-decoration,"underline");">Spanning Tree Protocol</a> (STP), multicast, and <a href="https://www.netfilter.org/" style="box-sizing: border-box; cursor: pointer; font-family: inherit; font-size: inherit; font-weight: inherit; line-height: inherit; text-decoration: var(--pf-theme--link--text-decoration,"underline");">Netfilter</a> since the 2.4 and 2.6 kernel series. Features that have been added in more recent releases include:</p><ul style="background-color: white; box-sizing: border-box; color: #151515; font-family: RedHatText, Overpass, Helvetica, Arial, sans-serif; font-size: 16px; list-style: var(--pf-c-content--ul--ListStyle); margin-bottom: var(--pf-c-content--MarginBottom); margin-left: var(--pf-c-content--ul--MarginLeft); margin-right: 0px; margin-top: 0px; padding-bottom: 0px; padding-left: var(--pf-c-content--ul--PaddingLeft); padding-right: 0px; padding-top: 0px;"><li style="box-sizing: border-box; font-weight: var(--rhd-global--FontWeight-Display--medium,400); line-height: 24px; margin: 0px; padding: 0px;">Configuration via <a href="https://man7.org/linux/man-pages/man7/netlink.7.html" style="box-sizing: border-box; cursor: pointer; font-family: inherit; font-size: inherit; font-weight: inherit; line-height: inherit; text-decoration: var(--pf-theme--link--text-decoration,"underline");">Netlink</a></li><li style="box-sizing: border-box; font-weight: var(--rhd-global--FontWeight-Display--medium,400); line-height: 24px; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: var(--pf-c-content--li--MarginTop); padding: 0px;">VLAN filter</li><li style="box-sizing: border-box; font-weight: var(--rhd-global--FontWeight-Display--medium,400); line-height: 24px; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: var(--pf-c-content--li--MarginTop); padding: 0px;">VxLAN tunnel mapping</li><li style="box-sizing: border-box; font-weight: var(--rhd-global--FontWeight-Display--medium,400); line-height: 24px; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: var(--pf-c-content--li--MarginTop); padding: 0px;">Internet Group Management Protocol version 3 (IGMPv3) and Multicast Listener Discovery version 2 (MLDv2)</li><li style="box-sizing: border-box; font-weight: var(--rhd-global--FontWeight-Display--medium,400); line-height: 24px; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: var(--pf-c-content--li--MarginTop); padding: 0px;">Switchdev</li></ul><p style="background-color: white; box-sizing: border-box; color: #151515; font-family: RedHatText, Overpass, Helvetica, Arial, sans-serif; font-size: 16px; line-height: 24px; margin-bottom: var(--pf-c-content--MarginBottom); margin-left: 0px; margin-right: 0px; margin-top: 0px; padding: 0px;">In this article, you'll get an introduction to these features and some useful commands to enable and control them. You'll also briefly examine <a href="https://www.openvswitch.org/" style="box-sizing: border-box; cursor: pointer; font-family: inherit; font-size: inherit; font-weight: inherit; line-height: inherit; text-decoration: var(--pf-theme--link--text-decoration,"underline");">Open vSwitch</a> as an alternative to Linux bridging.</p><p><span class="rhd-c-has-toc-target" id="basic_bridge_commands" style="background-color: white; box-sizing: border-box; color: #151515; display: block; font-family: RedHatText, Overpass, Helvetica, Arial, sans-serif; font-size: 16px; margin-top: -2.1rem; pointer-events: none; position: absolute; visibility: hidden;"></span></p><h2 id="basic_bridge_commands-h2" style="background-color: white; box-sizing: border-box; color: #151515; font-family: RedHatDisplay, Overpass, Helvetica, Arial, sans-serif; font-size: 28px; font-weight: var(--rhd-global--FontWeight-Display--medium); line-height: 37px; margin-bottom: var(--rhd-theme--container-spacer-md); margin-left: 0px; margin-right: 0px; margin-top: var(--pf-c-content--h2--MarginTop); padding: 0px;">Basic bridge commands</h2><p style="background-color: white; box-sizing: border-box; color: #151515; font-family: RedHatText, Overpass, Helvetica, Arial, sans-serif; font-size: 16px; line-height: 24px; margin-bottom: var(--pf-c-content--MarginBottom); margin-left: 0px; margin-right: 0px; margin-top: 0px; padding: 0px;">All the commands used in this article are part of the <code style="background-color: #f9f9f9; border: 1px solid rgb(213, 213, 213); box-sizing: border-box; color: #0a0a0a; font-family: monospace, serif; font-size: 1em; overflow: auto; padding: 1px 8px;">iproute2</code> module, which invokes Netlink messages to configure the bridge. There are two <code style="background-color: #f9f9f9; border: 1px solid rgb(213, 213, 213); box-sizing: border-box; color: #0a0a0a; font-family: monospace, serif; font-size: 1em; overflow: auto; padding: 1px 8px;">iproute2</code> commands for setting and configuring bridges: <code style="background-color: #f9f9f9; border: 1px solid rgb(213, 213, 213); box-sizing: border-box; color: #0a0a0a; font-family: monospace, serif; font-size: 1em; overflow: auto; padding: 1px 8px;">ip link</code> and <code style="background-color: #f9f9f9; border: 1px solid rgb(213, 213, 213); box-sizing: border-box; color: #0a0a0a; font-family: monospace, serif; font-size: 1em; overflow: auto; padding: 1px 8px;">bridge</code>.</p><p style="background-color: white; box-sizing: border-box; color: #151515; font-family: RedHatText, Overpass, Helvetica, Arial, sans-serif; font-size: 16px; line-height: 24px; margin-bottom: var(--pf-c-content--MarginBottom); margin-left: 0px; margin-right: 0px; margin-top: 0px; padding: 0px;"><code style="background-color: #f9f9f9; border: 1px solid rgb(213, 213, 213); box-sizing: border-box; color: #0a0a0a; font-family: monospace, serif; font-size: 1em; overflow: auto; padding: 1px 8px;">ip link</code> can add and remove bridges and set their options. <code style="background-color: #f9f9f9; border: 1px solid rgb(213, 213, 213); box-sizing: border-box; color: #0a0a0a; font-family: monospace, serif; font-size: 1em; overflow: auto; padding: 1px 8px;">bridge</code> displays and manipulates bridges on final distribution boards (FDBs), main distribution boards (MDBs), and virtual local area networks (VLANs).</p><p style="background-color: white; box-sizing: border-box; color: #151515; font-family: RedHatText, Overpass, Helvetica, Arial, sans-serif; font-size: 16px; line-height: 24px; margin-bottom: var(--pf-c-content--MarginBottom); margin-left: 0px; margin-right: 0px; margin-top: 0px; padding: 0px;">The listings that follow demonstrate some basic uses for the two commands. Both require administrator privileges, and therefore the listings are shown with the <code style="background-color: #f9f9f9; border: 1px solid rgb(213, 213, 213); box-sizing: border-box; color: #0a0a0a; font-family: monospace, serif; font-size: 1em; overflow: auto; padding: 1px 8px;">#</code> root prompt instead of a regular user prompt.</p><ul style="background-color: white; box-sizing: border-box; color: #151515; font-family: RedHatText, Overpass, Helvetica, Arial, sans-serif; font-size: 16px; list-style: var(--pf-c-content--ul--ListStyle); margin-bottom: var(--pf-c-content--MarginBottom); margin-left: var(--pf-c-content--ul--MarginLeft); margin-right: 0px; margin-top: 0px; padding-bottom: 0px; padding-left: var(--pf-c-content--ul--PaddingLeft); padding-right: 0px; padding-top: 0px;"><li style="box-sizing: border-box; font-weight: var(--rhd-global--FontWeight-Display--medium,400); line-height: 24px; margin: 0px; padding: 0px;"><p style="box-sizing: border-box; font-weight: var(--rhd-global--FontWeight-Display--medium,400); line-height: 24px; margin-bottom: var(--pf-c-content--MarginBottom); margin-left: 0px; margin-right: 0px; margin-top: 0px; padding: 0px;">Show help information about the <code style="background-color: #f9f9f9; border: 1px solid rgb(213, 213, 213); box-sizing: border-box; color: #0a0a0a; font-family: monospace, serif; font-size: 1em; overflow: auto; padding: 1px 8px;">bridge</code> object:</p><pre style="background: rgb(249, 249, 249); border-radius: 0px; border: 1px solid rgb(213, 213, 213); box-sizing: border-box; font-family: monospace, serif; font-size: 1em; margin: var(--rhd-theme--container-spacer-sm) 0 0; overflow-wrap: break-word; overflow: auto; padding: var(--rhd-theme--container-spacer-sm); position: relative; white-space: pre-wrap;"><code class="language-bash hljs hljs " style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: none; box-sizing: border-box; color: #0a0a0a; display: block; font-family: monospace, serif; font-size: 1em; overflow: auto; padding: 0px;"><span class="hljs-comment" style="box-sizing: border-box; color: #6a737d; font-style: italic;"># ip link help bridge</span>
<span class="hljs-comment" style="box-sizing: border-box; color: #6a737d; font-style: italic;"># bridge -h</span></code></pre><div class="copy-code-container" style="align-items: flex-start; background-color: #f9f9f9; border-bottom-color: rgb(213, 213, 213); border-bottom-style: solid; border-image: initial; border-left-color: rgb(213, 213, 213); border-left-style: solid; border-right-color: rgb(213, 213, 213); border-right-style: solid; border-top-color: initial; border-top-style: initial; border-width: 0px 1px 1px; box-sizing: border-box; display: flex; margin-bottom: var(--rhd-theme--container-spacer-md); width: 1028px;"><a class="copy-code__link" id="copy-code-0" style="box-sizing: border-box; color: var(--pf-theme--color--ui-link,#06c); cursor: pointer; font-family: inherit; font-size: inherit; font-weight: inherit; line-height: inherit; margin: 0px; padding: 5px 10px; text-decoration: var(--pf-theme--link--text-decoration,"underline"); width: 1026px;"><svg aria-hidden="true" class="code-copy__icon" viewbox="0 0 448 512" xmlns="http://www.w3.org/2000/svg"><path d="M320 448v40c0 13.255-10.745 24-24 24H24c-13.255 0-24-10.745-24-24V120c0-13.255 10.745-24 24-24h72v296c0 30.879 25.121 56 56 56h168zm0-344V0H152c-13.255 0-24 10.745-24 24v368c0 13.255 10.745 24 24 24h272c13.255 0 24-10.745 24-24V128H344c-13.2 0-24-10.8-24-24zm120.971-31.029L375.029 7.029A24 24 0 00358.059 0H352v96h96v-6.059a24 24 0 00-7.029-16.97z" fill="#06c"></path></svg>Copy snippet</a></div></li><li style="box-sizing: border-box; font-weight: var(--rhd-global--FontWeight-Display--medium,400); line-height: 24px; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: var(--pf-c-content--li--MarginTop); padding: 0px;"><p style="box-sizing: border-box; font-weight: var(--rhd-global--FontWeight-Display--medium,400); line-height: 24px; margin-bottom: var(--pf-c-content--MarginBottom); margin-left: 0px; margin-right: 0px; margin-top: 0px; padding: 0px;">Create a bridge named <code style="background-color: #f9f9f9; border: 1px solid rgb(213, 213, 213); box-sizing: border-box; color: #0a0a0a; font-family: monospace, serif; font-size: 1em; overflow: auto; padding: 1px 8px;">br0</code>:</p><pre style="background: rgb(249, 249, 249); border-radius: 0px; border: 1px solid rgb(213, 213, 213); box-sizing: border-box; font-family: monospace, serif; font-size: 1em; margin: var(--rhd-theme--container-spacer-sm) 0 0; overflow-wrap: break-word; overflow: auto; padding: var(--rhd-theme--container-spacer-sm); position: relative; white-space: pre-wrap;"><code class="language-bash hljs hljs " style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: none; box-sizing: border-box; color: #0a0a0a; display: block; font-family: monospace, serif; font-size: 1em; overflow: auto; padding: 0px;"><span class="hljs-comment" style="box-sizing: border-box; color: #6a737d; font-style: italic;"># ip link add br0 type bridge</span></code></pre><div class="copy-code-container" style="align-items: flex-start; background-color: #f9f9f9; border-bottom-color: rgb(213, 213, 213); border-bottom-style: solid; border-image: initial; border-left-color: rgb(213, 213, 213); border-left-style: solid; border-right-color: rgb(213, 213, 213); border-right-style: solid; border-top-color: initial; border-top-style: initial; border-width: 0px 1px 1px; box-sizing: border-box; display: flex; margin-bottom: var(--rhd-theme--container-spacer-md); width: 1028px;"><a class="copy-code__link" id="copy-code-1" style="box-sizing: border-box; color: var(--pf-theme--color--ui-link,#06c); cursor: pointer; font-family: inherit; font-size: inherit; font-weight: inherit; line-height: inherit; margin: 0px; padding: 5px 10px; text-decoration: var(--pf-theme--link--text-decoration,"underline"); width: 1026px;"><svg aria-hidden="true" class="code-copy__icon" viewbox="0 0 448 512" xmlns="http://www.w3.org/2000/svg"><path d="M320 448v40c0 13.255-10.745 24-24 24H24c-13.255 0-24-10.745-24-24V120c0-13.255 10.745-24 24-24h72v296c0 30.879 25.121 56 56 56h168zm0-344V0H152c-13.255 0-24 10.745-24 24v368c0 13.255 10.745 24 24 24h272c13.255 0 24-10.745 24-24V128H344c-13.2 0-24-10.8-24-24zm120.971-31.029L375.029 7.029A24 24 0 00358.059 0H352v96h96v-6.059a24 24 0 00-7.029-16.97z" fill="#06c"></path></svg>Copy snippet</a></div></li><li style="box-sizing: border-box; font-weight: var(--rhd-global--FontWeight-Display--medium,400); line-height: 24px; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: var(--pf-c-content--li--MarginTop); padding: 0px;"><p style="box-sizing: border-box; font-weight: var(--rhd-global--FontWeight-Display--medium,400); line-height: 24px; margin-bottom: var(--pf-c-content--MarginBottom); margin-left: 0px; margin-right: 0px; margin-top: 0px; padding: 0px;">Show bridge details:</p><pre style="background: rgb(249, 249, 249); border-radius: 0px; border: 1px solid rgb(213, 213, 213); box-sizing: border-box; font-family: monospace, serif; font-size: 1em; margin: var(--rhd-theme--container-spacer-sm) 0 0; overflow-wrap: break-word; overflow: auto; padding: var(--rhd-theme--container-spacer-sm); position: relative; white-space: pre-wrap;"><code class="language-bash hljs hljs " style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: none; box-sizing: border-box; color: #0a0a0a; display: block; font-family: monospace, serif; font-size: 1em; overflow: auto; padding: 0px;"><span class="hljs-comment" style="box-sizing: border-box; color: #6a737d; font-style: italic;"># ip -d link show br0</span></code></pre><div class="copy-code-container" style="align-items: flex-start; background-color: #f9f9f9; border-bottom-color: rgb(213, 213, 213); border-bottom-style: solid; border-image: initial; border-left-color: rgb(213, 213, 213); border-left-style: solid; border-right-color: rgb(213, 213, 213); border-right-style: solid; border-top-color: initial; border-top-style: initial; border-width: 0px 1px 1px; box-sizing: border-box; display: flex; margin-bottom: var(--rhd-theme--container-spacer-md); width: 1028px;"><a class="copy-code__link" id="copy-code-2" style="box-sizing: border-box; color: var(--pf-theme--color--ui-link,#06c); cursor: pointer; font-family: inherit; font-size: inherit; font-weight: inherit; line-height: inherit; margin: 0px; padding: 5px 10px; text-decoration: var(--pf-theme--link--text-decoration,"underline"); width: 1026px;"><svg aria-hidden="true" class="code-copy__icon" viewbox="0 0 448 512" xmlns="http://www.w3.org/2000/svg"><path d="M320 448v40c0 13.255-10.745 24-24 24H24c-13.255 0-24-10.745-24-24V120c0-13.255 10.745-24 24-24h72v296c0 30.879 25.121 56 56 56h168zm0-344V0H152c-13.255 0-24 10.745-24 24v368c0 13.255 10.745 24 24 24h272c13.255 0 24-10.745 24-24V128H344c-13.2 0-24-10.8-24-24zm120.971-31.029L375.029 7.029A24 24 0 00358.059 0H352v96h96v-6.059a24 24 0 00-7.029-16.97z" fill="#06c"></path></svg>Copy snippet</a></div></li><li style="box-sizing: border-box; font-weight: var(--rhd-global--FontWeight-Display--medium,400); line-height: 24px; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: var(--pf-c-content--li--MarginTop); padding: 0px;"><p style="box-sizing: border-box; font-weight: var(--rhd-global--FontWeight-Display--medium,400); line-height: 24px; margin-bottom: var(--pf-c-content--MarginBottom); margin-left: 0px; margin-right: 0px; margin-top: 0px; padding: 0px;">Show bridge details in a pretty JSON format (which is a good way to get bridge key-value pairs):</p><pre style="background: rgb(249, 249, 249); border-radius: 0px; border: 1px solid rgb(213, 213, 213); box-sizing: border-box; font-family: monospace, serif; font-size: 1em; margin: var(--rhd-theme--container-spacer-sm) 0 0; overflow-wrap: break-word; overflow: auto; padding: var(--rhd-theme--container-spacer-sm); position: relative; white-space: pre-wrap;"><code class="language-bash hljs hljs " style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: none; box-sizing: border-box; color: #0a0a0a; display: block; font-family: monospace, serif; font-size: 1em; overflow: auto; padding: 0px;"><span class="hljs-comment" style="box-sizing: border-box; color: #6a737d; font-style: italic;"># ip -j -p -d link show br0</span></code></pre><div class="copy-code-container" style="align-items: flex-start; background-color: #f9f9f9; border-bottom-color: rgb(213, 213, 213); border-bottom-style: solid; border-image: initial; border-left-color: rgb(213, 213, 213); border-left-style: solid; border-right-color: rgb(213, 213, 213); border-right-style: solid; border-top-color: initial; border-top-style: initial; border-width: 0px 1px 1px; box-sizing: border-box; display: flex; margin-bottom: var(--rhd-theme--container-spacer-md); width: 1028px;"><a class="copy-code__link" id="copy-code-3" style="box-sizing: border-box; color: var(--pf-theme--color--ui-link,#06c); cursor: pointer; font-family: inherit; font-size: inherit; font-weight: inherit; line-height: inherit; margin: 0px; padding: 5px 10px; text-decoration: var(--pf-theme--link--text-decoration,"underline"); width: 1026px;"><svg aria-hidden="true" class="code-copy__icon" viewbox="0 0 448 512" xmlns="http://www.w3.org/2000/svg"><path d="M320 448v40c0 13.255-10.745 24-24 24H24c-13.255 0-24-10.745-24-24V120c0-13.255 10.745-24 24-24h72v296c0 30.879 25.121 56 56 56h168zm0-344V0H152c-13.255 0-24 10.745-24 24v368c0 13.255 10.745 24 24 24h272c13.255 0 24-10.745 24-24V128H344c-13.2 0-24-10.8-24-24zm120.971-31.029L375.029 7.029A24 24 0 00358.059 0H352v96h96v-6.059a24 24 0 00-7.029-16.97z" fill="#06c"></path></svg>Copy snippet</a></div></li><li style="box-sizing: border-box; font-weight: var(--rhd-global--FontWeight-Display--medium,400); line-height: 24px; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: var(--pf-c-content--li--MarginTop); padding: 0px;"><p style="box-sizing: border-box; font-weight: var(--rhd-global--FontWeight-Display--medium,400); line-height: 24px; margin-bottom: var(--pf-c-content--MarginBottom); margin-left: 0px; margin-right: 0px; margin-top: 0px; padding: 0px;">Add interfaces to a bridge:</p><pre style="background: rgb(249, 249, 249); border-radius: 0px; border: 1px solid rgb(213, 213, 213); box-sizing: border-box; font-family: monospace, serif; font-size: 1em; margin: var(--rhd-theme--container-spacer-sm) 0 0; overflow-wrap: break-word; overflow: auto; padding: var(--rhd-theme--container-spacer-sm); position: relative; white-space: pre-wrap;"><code class="language-bash hljs hljs " style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: none; box-sizing: border-box; color: #0a0a0a; display: block; font-family: monospace, serif; font-size: 1em; overflow: auto; padding: 0px;"><span class="hljs-comment" style="box-sizing: border-box; color: #6a737d; font-style: italic;"># ip link set veth0 master br0</span>
<span class="hljs-comment" style="box-sizing: border-box; color: #6a737d; font-style: italic;"># ip link set tap0 master br0</span></code></pre><div class="copy-code-container" style="align-items: flex-start; background-color: #f9f9f9; border-bottom-color: rgb(213, 213, 213); border-bottom-style: solid; border-image: initial; border-left-color: rgb(213, 213, 213); border-left-style: solid; border-right-color: rgb(213, 213, 213); border-right-style: solid; border-top-color: initial; border-top-style: initial; border-width: 0px 1px 1px; box-sizing: border-box; display: flex; margin-bottom: var(--rhd-theme--container-spacer-md); width: 1028px;"><a class="copy-code__link" id="copy-code-4" style="box-sizing: border-box; color: var(--pf-theme--color--ui-link,#06c); cursor: pointer; font-family: inherit; font-size: inherit; font-weight: inherit; line-height: inherit; margin: 0px; padding: 5px 10px; text-decoration: var(--pf-theme--link--text-decoration,"underline"); width: 1026px;"><svg aria-hidden="true" class="code-copy__icon" viewbox="0 0 448 512" xmlns="http://www.w3.org/2000/svg"><path d="M320 448v40c0 13.255-10.745 24-24 24H24c-13.255 0-24-10.745-24-24V120c0-13.255 10.745-24 24-24h72v296c0 30.879 25.121 56 56 56h168zm0-344V0H152c-13.255 0-24 10.745-24 24v368c0 13.255 10.745 24 24 24h272c13.255 0 24-10.745 24-24V128H344c-13.2 0-24-10.8-24-24zm120.971-31.029L375.029 7.029A24 24 0 00358.059 0H352v96h96v-6.059a24 24 0 00-7.029-16.97z" fill="#06c"></path></svg>Copy snippet</a></div></li></ul><p><span class="rhd-c-has-toc-target" id="spanning_tree_protocol" style="background-color: white; box-sizing: border-box; color: #151515; display: block; font-family: RedHatText, Overpass, Helvetica, Arial, sans-serif; font-size: 16px; margin-top: -2.1rem; pointer-events: none; position: absolute; visibility: hidden;"></span></p><h2 id="spanning_tree_protocol-h2" style="background-color: white; box-sizing: border-box; color: #151515; font-family: RedHatDisplay, Overpass, Helvetica, Arial, sans-serif; font-size: 28px; font-weight: var(--rhd-global--FontWeight-Display--medium); line-height: 37px; margin-bottom: var(--rhd-theme--container-spacer-md); margin-left: 0px; margin-right: 0px; margin-top: var(--pf-c-content--h2--MarginTop); padding: 0px;">Spanning Tree Protocol</h2><p style="background-color: white; box-sizing: border-box; color: #151515; font-family: RedHatText, Overpass, Helvetica, Arial, sans-serif; font-size: 16px; line-height: 24px; margin-bottom: var(--pf-c-content--MarginBottom); margin-left: 0px; margin-right: 0px; margin-top: 0px; padding: 0px;">The purpose of STP is to prevent a networking loop, which can lead to a traffic storm in the network. Figure 1 shows such a loop.</p><figure role="group" style="background-color: white; box-sizing: border-box; color: #151515; font-family: RedHatText, Overpass, Helvetica, Arial, sans-serif; font-size: 16px; margin-bottom: var(--pf-global--spacer--md); margin-left: 0px; margin-right: 0px; margin-top: 0px; padding: 0px;"><div class="rhd-c-figure" style="box-sizing: border-box; color: var(--pf-c-card--Color); text-align: center;"><article class="media media--type-image media--view-mode-article-content-full-width" style="box-sizing: border-box;"><div class="field field--name-image field--type-image field--label-hidden field__items" style="box-sizing: border-box; margin-right: var(--pf-global--spacer--sm);"><a data-featherlight="image" href="https://developers.redhat.com/sites/default/files/br_1.png" style="box-sizing: border-box; cursor: pointer; font-weight: var(--rhd-global--FontWeight-Display--medium,400); line-height: 24px; text-decoration: var(--pf-theme--link--text-decoration,"underline");"><img alt="Without STP, a network can be configured in a loop." height="229" loading="lazy" src="https://developers.redhat.com/sites/default/files/styles/article_full_width_1440px_w/public/br_1.png?itok=J-oXObCl" style="box-sizing: border-box; height: auto; max-width: 100%;" typeof="foaf:Image" width="473" /></a></div><div class="field field--name-field-caption field--type-string field--label-hidden field__items" style="box-sizing: border-box; margin-right: var(--pf-global--spacer--sm);"><div class="rhd-c-caption field__item" style="box-sizing: border-box; margin-bottom: var(--pf-global--spacer--md);">Figure 1: Without STP, a network can be configured in a loop.</div></div></article></div><figcaption class="rhd-c-caption" style="box-sizing: border-box; margin-bottom: var(--pf-global--spacer--md); text-align: center;"></figcaption></figure><p style="background-color: white; box-sizing: border-box; color: #151515; font-family: RedHatText, Overpass, Helvetica, Arial, sans-serif; font-size: 16px; line-height: 24px; margin-bottom: var(--pf-c-content--MarginBottom); margin-left: 0px; margin-right: 0px; margin-top: 0px; padding: 0px;">With STP enabled, the bridges will send each other Bridge Protocol Data Units (BPDUs) so they can elect a root bridge and block an interface, making the network topology loop-free (Figure 2).</p><figure role="group" style="background-color: white; box-sizing: border-box; color: #151515; font-family: RedHatText, Overpass, Helvetica, Arial, sans-serif; font-size: 16px; margin-bottom: var(--pf-global--spacer--md); margin-left: 0px; margin-right: 0px; margin-top: 0px; padding: 0px;"><div class="rhd-c-figure" style="box-sizing: border-box; color: var(--pf-c-card--Color); text-align: center;"><article class="media media--type-image media--view-mode-article-content-full-width" style="box-sizing: border-box;"><div class="field field--name-image field--type-image field--label-hidden field__items" style="box-sizing: border-box; margin-right: var(--pf-global--spacer--sm);"><a data-featherlight="image" href="https://developers.redhat.com/sites/default/files/br_2.png" style="box-sizing: border-box; cursor: pointer; font-weight: var(--rhd-global--FontWeight-Display--medium,400); line-height: 24px; text-decoration: var(--pf-theme--link--text-decoration,"underline");"><img alt="STP can choose a link and block it." height="229" loading="lazy" src="https://developers.redhat.com/sites/default/files/styles/article_full_width_1440px_w/public/br_2.png?itok=ZJbkJjVE" style="box-sizing: border-box; height: auto; max-width: 100%;" typeof="foaf:Image" width="471" /></a></div><div class="field field--name-field-caption field--type-string field--label-hidden field__items" style="box-sizing: border-box; margin-right: var(--pf-global--spacer--sm);"><div class="rhd-c-caption field__item" style="box-sizing: border-box; margin-bottom: var(--pf-global--spacer--md);">Figure 2: STP can choose a link and block it.</div></div></article></div><figcaption class="rhd-c-caption" style="box-sizing: border-box; margin-bottom: var(--pf-global--spacer--md); text-align: center;"></figcaption></figure><p style="background-color: white; box-sizing: border-box; color: #151515; font-family: RedHatText, Overpass, Helvetica, Arial, sans-serif; font-size: 16px; line-height: 24px; margin-bottom: var(--pf-c-content--MarginBottom); margin-left: 0px; margin-right: 0px; margin-top: 0px; padding: 0px;">Linux bridging has supported STP since the 2.4 and 2.6 kernel series. To enable STP on a bridge, enter:</p><pre style="background: rgb(249, 249, 249); border-radius: 0px; border: 1px solid rgb(213, 213, 213); box-sizing: border-box; color: #151515; font-family: monospace, serif; font-size: 16px; margin: var(--rhd-theme--container-spacer-sm) 0 0; overflow-wrap: break-word; overflow: auto; padding: var(--rhd-theme--container-spacer-sm); position: relative; white-space: pre-wrap;"><code class="language-bash hljs hljs " style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: none; box-sizing: border-box; color: #0a0a0a; display: block; font-family: monospace, serif; font-size: 1em; overflow: auto; padding: 0px;"><span class="hljs-comment" style="box-sizing: border-box; color: #6a737d; font-style: italic;"># ip link set br0 type bridge stp_state 1</span></code></pre><div class="copy-code-container" style="align-items: flex-start; background-color: #f9f9f9; border-bottom-color: rgb(213, 213, 213); border-bottom-style: solid; border-image: initial; border-left-color: rgb(213, 213, 213); border-left-style: solid; border-right-color: rgb(213, 213, 213); border-right-style: solid; border-top-color: initial; border-top-style: initial; border-width: 0px 1px 1px; box-sizing: border-box; color: #151515; display: flex; font-family: RedHatText, Overpass, Helvetica, Arial, sans-serif; font-size: 16px; margin-bottom: var(--rhd-theme--container-spacer-md); width: 1076px;"><a class="copy-code__link" id="copy-code-5" style="box-sizing: border-box; color: var(--pf-theme--color--ui-link,#06c); cursor: pointer; font-weight: var(--rhd-global--FontWeight-Display--medium,400); line-height: 24px; margin: 0px; padding: 5px 10px; text-decoration: var(--pf-theme--link--text-decoration,"underline"); width: 1074px;"><svg aria-hidden="true" class="code-copy__icon" viewbox="0 0 448 512" xmlns="http://www.w3.org/2000/svg"><path d="M320 448v40c0 13.255-10.745 24-24 24H24c-13.255 0-24-10.745-24-24V120c0-13.255 10.745-24 24-24h72v296c0 30.879 25.121 56 56 56h168zm0-344V0H152c-13.255 0-24 10.745-24 24v368c0 13.255 10.745 24 24 24h272c13.255 0 24-10.745 24-24V128H344c-13.2 0-24-10.8-24-24zm120.971-31.029L375.029 7.029A24 24 0 00358.059 0H352v96h96v-6.059a24 24 0 00-7.029-16.97z" fill="#06c"></path></svg>Copy snippet</a></div><p class="Indent1" style="background-color: white; box-sizing: border-box; color: #151515; font-family: RedHatText, Overpass, Helvetica, Arial, sans-serif; font-size: 16px; line-height: 24px; margin-bottom: var(--pf-c-content--MarginBottom); margin-left: 2rem !important; margin-right: 0px; margin-top: 0px; padding: 0px;"><strong style="box-sizing: border-box;">Note:</strong> The Linux bridge does not support the Rapid Spanning Tree Protocol (RSTP).</p><p style="background-color: white; box-sizing: border-box; color: #151515; font-family: RedHatText, Overpass, Helvetica, Arial, sans-serif; font-size: 16px; line-height: 24px; margin-bottom: var(--pf-c-content--MarginBottom); margin-left: 0px; margin-right: 0px; margin-top: 0px; padding: 0px;">Now you can show the STP blocking state on the bridge:</p><pre style="background: rgb(249, 249, 249); border-radius: 0px; border: 1px solid rgb(213, 213, 213); box-sizing: border-box; color: #151515; font-family: monospace, serif; font-size: 16px; margin: var(--rhd-theme--container-spacer-sm) 0 0; overflow-wrap: break-word; overflow: auto; padding: var(--rhd-theme--container-spacer-sm); position: relative; white-space: pre-wrap;"><code class="language-bash hljs hljs " style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: none; box-sizing: border-box; color: #0a0a0a; display: block; font-family: monospace, serif; font-size: 1em; overflow: auto; padding: 0px;"><span class="hljs-comment" style="box-sizing: border-box; color: #6a737d; font-style: italic;"># ip -j -p -d link show br0 | grep root_port</span>
<span class="hljs-string" style="box-sizing: border-box; color: #032f62;">"root_port"</span>: <span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">1</span>,
<span class="hljs-comment" style="box-sizing: border-box; color: #6a737d; font-style: italic;"># ip -j -p -d link show br1 | grep root_port</span>
<span class="hljs-string" style="box-sizing: border-box; color: #032f62;">"root_port"</span>: <span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">0</span>,
<span class="hljs-comment" style="box-sizing: border-box; color: #6a737d; font-style: italic;"># bridge link show</span>
<span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">7</span>: veth0@veth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu <span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">1500</span> master br0 state forwarding priority <span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">32</span> cost <span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">2</span>
<span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">8</span>: veth1@veth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu <span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">1500</span> master br1 state forwarding priority <span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">32</span> cost <span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">2</span>
<span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">9</span>: veth2@veth3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu <span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">1500</span> master br0 state blocking priority <span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">32</span> cost <span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">2</span>
<span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">10</span>: veth3@veth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu <span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">1500</span> master br1 state forwarding priority <span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">32</span> cost <span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">2</span></code></pre><div class="copy-code-container" style="align-items: flex-start; background-color: #f9f9f9; border-bottom-color: rgb(213, 213, 213); border-bottom-style: solid; border-image: initial; border-left-color: rgb(213, 213, 213); border-left-style: solid; border-right-color: rgb(213, 213, 213); border-right-style: solid; border-top-color: initial; border-top-style: initial; border-width: 0px 1px 1px; box-sizing: border-box; color: #151515; display: flex; font-family: RedHatText, Overpass, Helvetica, Arial, sans-serif; font-size: 16px; margin-bottom: var(--rhd-theme--container-spacer-md); width: 1076px;"><a class="copy-code__link" id="copy-code-6" style="box-sizing: border-box; color: var(--pf-theme--color--ui-link,#06c); cursor: pointer; font-weight: var(--rhd-global--FontWeight-Display--medium,400); line-height: 24px; margin: 0px; padding: 5px 10px; text-decoration: var(--pf-theme--link--text-decoration,"underline"); width: 1074px;"><svg aria-hidden="true" class="code-copy__icon" viewbox="0 0 448 512" xmlns="http://www.w3.org/2000/svg"><path d="M320 448v40c0 13.255-10.745 24-24 24H24c-13.255 0-24-10.745-24-24V120c0-13.255 10.745-24 24-24h72v296c0 30.879 25.121 56 56 56h168zm0-344V0H152c-13.255 0-24 10.745-24 24v368c0 13.255 10.745 24 24 24h272c13.255 0 24-10.745 24-24V128H344c-13.2 0-24-10.8-24-24zm120.971-31.029L375.029 7.029A24 24 0 00358.059 0H352v96h96v-6.059a24 24 0 00-7.029-16.97z" fill="#06c"></path></svg>Copy snippet</a></div><p style="background-color: white; box-sizing: border-box; color: #151515; font-family: RedHatText, Overpass, Helvetica, Arial, sans-serif; font-size: 16px; line-height: 24px; margin-bottom: var(--pf-c-content--MarginBottom); margin-left: 0px; margin-right: 0px; margin-top: 0px; padding: 0px;">The line labeled 9 in the output shows that the <code style="background-color: #f9f9f9; border: 1px solid rgb(213, 213, 213); box-sizing: border-box; color: #0a0a0a; font-family: monospace, serif; font-size: 1em; overflow: auto; padding: 1px 8px;">veth2</code> interface is in a blocking state, as illustrated in Figure 3.</p><figure role="group" style="background-color: white; box-sizing: border-box; color: #151515; font-family: RedHatText, Overpass, Helvetica, Arial, sans-serif; font-size: 16px; margin-bottom: var(--pf-global--spacer--md); margin-left: 0px; margin-right: 0px; margin-top: 0px; padding: 0px;"><div class="rhd-c-figure" style="box-sizing: border-box; color: var(--pf-c-card--Color); text-align: center;"><article class="media media--type-image media--view-mode-article-content-full-width" style="box-sizing: border-box;"><div class="field field--name-image field--type-image field--label-hidden field__items" style="box-sizing: border-box; margin-right: var(--pf-global--spacer--sm);"><a data-featherlight="image" href="https://developers.redhat.com/sites/default/files/br_3.png" style="box-sizing: border-box; cursor: pointer; font-weight: var(--rhd-global--FontWeight-Display--medium,400); line-height: 24px; text-decoration: var(--pf-theme--link--text-decoration,"underline");"><img alt="The link from br0 to veth2 is blocked." height="257" loading="lazy" src="https://developers.redhat.com/sites/default/files/styles/article_full_width_1440px_w/public/br_3.png?itok=RcE8tX77" style="box-sizing: border-box; height: auto; max-width: 100%;" typeof="foaf:Image" width="470" /></a></div><div class="field field--name-field-caption field--type-string field--label-hidden field__items" style="box-sizing: border-box; margin-right: var(--pf-global--spacer--sm);"><div class="rhd-c-caption field__item" style="box-sizing: border-box; margin-bottom: var(--pf-global--spacer--md);">Figure 3: The link from br0 to veth2 is blocked.</div></div></article></div><figcaption class="rhd-c-caption" style="box-sizing: border-box; margin-bottom: var(--pf-global--spacer--md); text-align: center;"></figcaption></figure><p style="background-color: white; box-sizing: border-box; color: #151515; font-family: RedHatText, Overpass, Helvetica, Arial, sans-serif; font-size: 16px; line-height: 24px; margin-bottom: var(--pf-c-content--MarginBottom); margin-left: 0px; margin-right: 0px; margin-top: 0px; padding: 0px;">To change the STP hello time, enter:</p><pre style="background: rgb(249, 249, 249); border-radius: 0px; border: 1px solid rgb(213, 213, 213); box-sizing: border-box; color: #151515; font-family: monospace, serif; font-size: 16px; margin: var(--rhd-theme--container-spacer-sm) 0 0; overflow-wrap: break-word; overflow: auto; padding: var(--rhd-theme--container-spacer-sm); position: relative; white-space: pre-wrap;"><code class="language-bash hljs hljs " style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: none; box-sizing: border-box; color: #0a0a0a; display: block; font-family: monospace, serif; font-size: 1em; overflow: auto; padding: 0px;"><span class="hljs-comment" style="box-sizing: border-box; color: #6a737d; font-style: italic;"># ip link set br0 type bridge hello_time 300</span>
<span class="hljs-comment" style="box-sizing: border-box; color: #6a737d; font-style: italic;"># ip -j -p -d link show br0 | grep \"hello_time\"</span>
<span class="hljs-string" style="box-sizing: border-box; color: #032f62;">"hello_time"</span>: <span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">300</span>,</code></pre><div class="copy-code-container" style="align-items: flex-start; background-color: #f9f9f9; border-bottom-color: rgb(213, 213, 213); border-bottom-style: solid; border-image: initial; border-left-color: rgb(213, 213, 213); border-left-style: solid; border-right-color: rgb(213, 213, 213); border-right-style: solid; border-top-color: initial; border-top-style: initial; border-width: 0px 1px 1px; box-sizing: border-box; color: #151515; display: flex; font-family: RedHatText, Overpass, Helvetica, Arial, sans-serif; font-size: 16px; margin-bottom: var(--rhd-theme--container-spacer-md); width: 1076px;"><a class="copy-code__link" id="copy-code-7" style="box-sizing: border-box; color: var(--pf-theme--color--ui-link,#06c); cursor: pointer; font-weight: var(--rhd-global--FontWeight-Display--medium,400); line-height: 24px; margin: 0px; padding: 5px 10px; text-decoration: var(--pf-theme--link--text-decoration,"underline"); width: 1074px;"><svg aria-hidden="true" class="code-copy__icon" viewbox="0 0 448 512" xmlns="http://www.w3.org/2000/svg"><path d="M320 448v40c0 13.255-10.745 24-24 24H24c-13.255 0-24-10.745-24-24V120c0-13.255 10.745-24 24-24h72v296c0 30.879 25.121 56 56 56h168zm0-344V0H152c-13.255 0-24 10.745-24 24v368c0 13.255 10.745 24 24 24h272c13.255 0 24-10.745 24-24V128H344c-13.2 0-24-10.8-24-24zm120.971-31.029L375.029 7.029A24 24 0 00358.059 0H352v96h96v-6.059a24 24 0 00-7.029-16.97z" fill="#06c"></path></svg>Copy snippet</a></div><p style="background-color: white; box-sizing: border-box; color: #151515; font-family: RedHatText, Overpass, Helvetica, Arial, sans-serif; font-size: 16px; line-height: 24px; margin-bottom: var(--pf-c-content--MarginBottom); margin-left: 0px; margin-right: 0px; margin-top: 0px; padding: 0px;">You can use the same basic approach to change other STP parameters, such as maximum age, forward delay, ageing time, and so on.</p><p><span class="rhd-c-has-toc-target" id="vlan_filter" style="background-color: white; box-sizing: border-box; color: #151515; display: block; font-family: RedHatText, Overpass, Helvetica, Arial, sans-serif; font-size: 16px; margin-top: -2.1rem; pointer-events: none; position: absolute; visibility: hidden;"></span></p><h2 id="vlan_filter-h2" style="background-color: white; box-sizing: border-box; color: #151515; font-family: RedHatDisplay, Overpass, Helvetica, Arial, sans-serif; font-size: 28px; font-weight: var(--rhd-global--FontWeight-Display--medium); line-height: 37px; margin-bottom: var(--rhd-theme--container-spacer-md); margin-left: 0px; margin-right: 0px; margin-top: var(--pf-c-content--h2--MarginTop); padding: 0px;">VLAN filter</h2><p style="background-color: white; box-sizing: border-box; color: #151515; font-family: RedHatText, Overpass, Helvetica, Arial, sans-serif; font-size: 16px; line-height: 24px; margin-bottom: var(--pf-c-content--MarginBottom); margin-left: 0px; margin-right: 0px; margin-top: 0px; padding: 0px;">The VLAN filter was introduced in Linux kernel 3.8. Previously, to separate VLAN traffic on the bridge, the administrator needed to create multiple bridge/VLAN interfaces. As illustrated in Figure 4, three bridges—<code style="background-color: #f9f9f9; border: 1px solid rgb(213, 213, 213); box-sizing: border-box; color: #0a0a0a; font-family: monospace, serif; font-size: 1em; overflow: auto; padding: 1px 8px;">br0</code>, <code style="background-color: #f9f9f9; border: 1px solid rgb(213, 213, 213); box-sizing: border-box; color: #0a0a0a; font-family: monospace, serif; font-size: 1em; overflow: auto; padding: 1px 8px;">br2</code>, and <code style="background-color: #f9f9f9; border: 1px solid rgb(213, 213, 213); box-sizing: border-box; color: #0a0a0a; font-family: monospace, serif; font-size: 1em; overflow: auto; padding: 1px 8px;">br3</code>—would be needed to support three VLANs to make sure that VLAN traffic went to the corresponding VLANs.</p><figure class="rhd-u-has-filter-caption" role="group" style="background-color: white; box-sizing: border-box; color: #151515; font-family: RedHatText, Overpass, Helvetica, Arial, sans-serif; font-size: 16px; margin-bottom: var(--pf-global--spacer--md); margin-left: 0px; margin-right: 0px; margin-top: 0px; padding: 0px;"><div class="rhd-c-figure" style="box-sizing: border-box; color: var(--pf-c-card--Color); text-align: center;"><article class="media media--type-image media--view-mode-article-content-full-width" style="box-sizing: border-box;"><div class="field field--name-image field--type-image field--label-hidden field__items" style="box-sizing: border-box; margin-right: var(--pf-global--spacer--sm);"><a data-featherlight="image" href="https://developers.redhat.com/sites/default/files/br_4.png" style="box-sizing: border-box; cursor: pointer; font-weight: var(--rhd-global--FontWeight-Display--medium,400); line-height: 24px; text-decoration: var(--pf-theme--link--text-decoration,"underline");"><img alt="Without VLAN filter, three VLANs required three bridges and network configurations." height="328" loading="lazy" src="https://developers.redhat.com/sites/default/files/styles/article_full_width_1440px_w/public/br_4.png?itok=gQOf45H2" style="box-sizing: border-box; height: auto; max-width: 100%;" typeof="foaf:Image" width="874" /></a></div><div class="field field--name-field-caption field--type-string field--label-hidden field__items" style="box-sizing: border-box; margin-right: var(--pf-global--spacer--sm);"></div></article></div><figcaption class="rhd-c-caption" style="box-sizing: border-box; margin-bottom: var(--pf-global--spacer--md); text-align: center;">Figure 4: Without the VLAN filter, three VLANs required three bridges and network configurations.</figcaption></figure><p style="background-color: white; box-sizing: border-box; color: #151515; font-family: RedHatText, Overpass, Helvetica, Arial, sans-serif; font-size: 16px; line-height: 24px; margin-bottom: var(--pf-c-content--MarginBottom); margin-left: 0px; margin-right: 0px; margin-top: 0px; padding: 0px;">But with the VLAN filter, just one bridge device is enough to set all the VLAN configurations, as illustrated in Figure 5.</p><figure class="rhd-u-has-filter-caption" role="group" style="background-color: white; box-sizing: border-box; color: #151515; font-family: RedHatText, Overpass, Helvetica, Arial, sans-serif; font-size: 16px; margin-bottom: var(--pf-global--spacer--md); margin-left: 0px; margin-right: 0px; margin-top: 0px; padding: 0px;"><div class="rhd-c-figure" style="box-sizing: border-box; color: var(--pf-c-card--Color); text-align: center;"><article class="media media--type-image media--view-mode-article-content-full-width" style="box-sizing: border-box;"><div class="field field--name-image field--type-image field--label-hidden field__items" style="box-sizing: border-box; margin-right: var(--pf-global--spacer--sm);"><a data-featherlight="image" href="https://developers.redhat.com/sites/default/files/br_5.png" style="box-sizing: border-box; cursor: pointer; font-weight: var(--rhd-global--FontWeight-Display--medium,400); line-height: 24px; text-decoration: var(--pf-theme--link--text-decoration,"underline");"><img alt="With VLAN filter, a single bridge can serve multiple VLANs." height="301" loading="lazy" src="https://developers.redhat.com/sites/default/files/styles/article_full_width_1440px_w/public/br_5.png?itok=W0KYDfZM" style="box-sizing: border-box; height: auto; max-width: 100%;" typeof="foaf:Image" width="558" /></a></div><div class="field field--name-field-caption field--type-string field--label-hidden field__items" style="box-sizing: border-box; margin-right: var(--pf-global--spacer--sm);"></div></article></div><figcaption class="rhd-c-caption" style="box-sizing: border-box; margin-bottom: var(--pf-global--spacer--md); text-align: center;">Figure 5: With the VLAN filter, a single bridge can serve multiple VLANs.</figcaption></figure><p style="background-color: white; box-sizing: border-box; color: #151515; font-family: RedHatText, Overpass, Helvetica, Arial, sans-serif; font-size: 16px; line-height: 24px; margin-bottom: var(--pf-c-content--MarginBottom); margin-left: 0px; margin-right: 0px; margin-top: 0px; padding: 0px;">The following commands enable the VLAN filter and configure three VLANs:</p><pre style="background: rgb(249, 249, 249); border-radius: 0px; border: 1px solid rgb(213, 213, 213); box-sizing: border-box; color: #151515; font-family: monospace, serif; font-size: 16px; margin: var(--rhd-theme--container-spacer-sm) 0 0; overflow-wrap: break-word; overflow: auto; padding: var(--rhd-theme--container-spacer-sm); position: relative; white-space: pre-wrap;"><code class="language-bash hljs hljs " style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: none; box-sizing: border-box; color: #0a0a0a; display: block; font-family: monospace, serif; font-size: 1em; overflow: auto; padding: 0px;"><span class="hljs-comment" style="box-sizing: border-box; color: #6a737d; font-style: italic;"># ip link set br0 type bridge vlan_filtering 1</span>
<span class="hljs-comment" style="box-sizing: border-box; color: #6a737d; font-style: italic;"># ip link set eth1 master br0</span>
<span class="hljs-comment" style="box-sizing: border-box; color: #6a737d; font-style: italic;"># ip link set eth1 up</span>
<span class="hljs-comment" style="box-sizing: border-box; color: #6a737d; font-style: italic;"># ip link set br0 up</span>
<span class="hljs-comment" style="box-sizing: border-box; color: #6a737d; font-style: italic;"># bridge vlan add dev veth1 vid 2</span>
<span class="hljs-comment" style="box-sizing: border-box; color: #6a737d; font-style: italic;"># bridge vlan add dev veth2 vid 2 pvid untagged</span>
<span class="hljs-comment" style="box-sizing: border-box; color: #6a737d; font-style: italic;"># bridge vlan add dev veth3 vid 3 pvid untagged master</span>
<span class="hljs-comment" style="box-sizing: border-box; color: #6a737d; font-style: italic;"># bridge vlan add dev eth1 vid 2-3</span>
<span class="hljs-comment" style="box-sizing: border-box; color: #6a737d; font-style: italic;"># bridge vlan show</span>
port vlan-id
eth1 <span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">1</span> PVID Egress Untagged
<span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">2</span>
<span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">3</span>
br0 <span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">1</span> PVID Egress Untagged
veth1 <span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">1</span> Egress Untagged
<span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">2</span>
veth2 <span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">1</span> Egress Untagged
<span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">2</span> PVID Egress Untagged
veth3 <span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">1</span> Egress Untagged
<span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">3</span> PVID Egress Untagged</code></pre><div class="copy-code-container" style="align-items: flex-start; background-color: #f9f9f9; border-bottom-color: rgb(213, 213, 213); border-bottom-style: solid; border-image: initial; border-left-color: rgb(213, 213, 213); border-left-style: solid; border-right-color: rgb(213, 213, 213); border-right-style: solid; border-top-color: initial; border-top-style: initial; border-width: 0px 1px 1px; box-sizing: border-box; color: #151515; display: flex; font-family: RedHatText, Overpass, Helvetica, Arial, sans-serif; font-size: 16px; margin-bottom: var(--rhd-theme--container-spacer-md); width: 1076px;"><a class="copy-code__link" id="copy-code-8" style="box-sizing: border-box; color: var(--pf-theme--color--ui-link,#06c); cursor: pointer; font-weight: var(--rhd-global--FontWeight-Display--medium,400); line-height: 24px; margin: 0px; padding: 5px 10px; text-decoration: var(--pf-theme--link--text-decoration,"underline"); width: 1074px;"><svg aria-hidden="true" class="code-copy__icon" viewbox="0 0 448 512" xmlns="http://www.w3.org/2000/svg"><path d="M320 448v40c0 13.255-10.745 24-24 24H24c-13.255 0-24-10.745-24-24V120c0-13.255 10.745-24 24-24h72v296c0 30.879 25.121 56 56 56h168zm0-344V0H152c-13.255 0-24 10.745-24 24v368c0 13.255 10.745 24 24 24h272c13.255 0 24-10.745 24-24V128H344c-13.2 0-24-10.8-24-24zm120.971-31.029L375.029 7.029A24 24 0 00358.059 0H352v96h96v-6.059a24 24 0 00-7.029-16.97z" fill="#06c"></path></svg>Copy snippet</a></div><p style="background-color: white; box-sizing: border-box; color: #151515; font-family: RedHatText, Overpass, Helvetica, Arial, sans-serif; font-size: 16px; line-height: 24px; margin-bottom: var(--pf-c-content--MarginBottom); margin-left: 0px; margin-right: 0px; margin-top: 0px; padding: 0px;">Then the following command enables a VLAN filter on the <code style="background-color: #f9f9f9; border: 1px solid rgb(213, 213, 213); box-sizing: border-box; color: #0a0a0a; font-family: monospace, serif; font-size: 1em; overflow: auto; padding: 1px 8px;">br0</code> bridge:</p><pre style="background: rgb(249, 249, 249); border-radius: 0px; border: 1px solid rgb(213, 213, 213); box-sizing: border-box; color: #151515; font-family: monospace, serif; font-size: 16px; margin: var(--rhd-theme--container-spacer-sm) 0 0; overflow-wrap: break-word; overflow: auto; padding: var(--rhd-theme--container-spacer-sm); position: relative; white-space: pre-wrap;"><code class="language-bash hljs hljs " style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: none; box-sizing: border-box; color: #0a0a0a; display: block; font-family: monospace, serif; font-size: 1em; overflow: auto; padding: 0px;">ip <span class="hljs-built_in" style="box-sizing: border-box; color: #e36209;">link</span> <span class="hljs-built_in" style="box-sizing: border-box; color: #e36209;"><span class="hljs-keyword" style="box-sizing: border-box; color: #d73a49; font-weight: bold;">set</span></span> br0 <span class="hljs-built_in" style="box-sizing: border-box; color: #e36209;">type</span> bridge vlan_filtering <span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">1</span></code></pre><div class="copy-code-container" style="align-items: flex-start; background-color: #f9f9f9; border-bottom-color: rgb(213, 213, 213); border-bottom-style: solid; border-image: initial; border-left-color: rgb(213, 213, 213); border-left-style: solid; border-right-color: rgb(213, 213, 213); border-right-style: solid; border-top-color: initial; border-top-style: initial; border-width: 0px 1px 1px; box-sizing: border-box; color: #151515; display: flex; font-family: RedHatText, Overpass, Helvetica, Arial, sans-serif; font-size: 16px; margin-bottom: var(--rhd-theme--container-spacer-md); width: 1076px;"><a class="copy-code__link" id="copy-code-9" style="box-sizing: border-box; color: var(--pf-theme--color--ui-link,#06c); cursor: pointer; font-weight: var(--rhd-global--FontWeight-Display--medium,400); line-height: 24px; margin: 0px; padding: 5px 10px; text-decoration: var(--pf-theme--link--text-decoration,"underline"); width: 1074px;"><svg aria-hidden="true" class="code-copy__icon" viewbox="0 0 448 512" xmlns="http://www.w3.org/2000/svg"><path d="M320 448v40c0 13.255-10.745 24-24 24H24c-13.255 0-24-10.745-24-24V120c0-13.255 10.745-24 24-24h72v296c0 30.879 25.121 56 56 56h168zm0-344V0H152c-13.255 0-24 10.745-24 24v368c0 13.255 10.745 24 24 24h272c13.255 0 24-10.745 24-24V128H344c-13.2 0-24-10.8-24-24zm120.971-31.029L375.029 7.029A24 24 0 00358.059 0H352v96h96v-6.059a24 24 0 00-7.029-16.97z" fill="#06c"></path></svg>Copy snippet</a></div><p style="background-color: white; box-sizing: border-box; color: #151515; font-family: RedHatText, Overpass, Helvetica, Arial, sans-serif; font-size: 16px; line-height: 24px; margin-bottom: var(--pf-c-content--MarginBottom); margin-left: 0px; margin-right: 0px; margin-top: 0px; padding: 0px;">This next command makes the <code style="background-color: #f9f9f9; border: 1px solid rgb(213, 213, 213); box-sizing: border-box; color: #0a0a0a; font-family: monospace, serif; font-size: 1em; overflow: auto; padding: 1px 8px;">veth1</code> bridge port transmit only VLAN 2 data:</p><pre style="background: rgb(249, 249, 249); border-radius: 0px; border: 1px solid rgb(213, 213, 213); box-sizing: border-box; color: #151515; font-family: monospace, serif; font-size: 16px; margin: var(--rhd-theme--container-spacer-sm) 0 0; overflow-wrap: break-word; overflow: auto; padding: var(--rhd-theme--container-spacer-sm); position: relative; white-space: pre-wrap;"><code class="language-bash hljs hljs " style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: none; box-sizing: border-box; color: #0a0a0a; display: block; font-family: monospace, serif; font-size: 1em; overflow: auto; padding: 0px;">bridge vlan add dev veth1 vid <span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">2</span></code></pre><div class="copy-code-container" style="align-items: flex-start; background-color: #f9f9f9; border-bottom-color: rgb(213, 213, 213); border-bottom-style: solid; border-image: initial; border-left-color: rgb(213, 213, 213); border-left-style: solid; border-right-color: rgb(213, 213, 213); border-right-style: solid; border-top-color: initial; border-top-style: initial; border-width: 0px 1px 1px; box-sizing: border-box; color: #151515; display: flex; font-family: RedHatText, Overpass, Helvetica, Arial, sans-serif; font-size: 16px; margin-bottom: var(--rhd-theme--container-spacer-md); width: 1076px;"><a class="copy-code__link" id="copy-code-10" style="box-sizing: border-box; color: var(--pf-theme--color--ui-link,#06c); cursor: pointer; font-weight: var(--rhd-global--FontWeight-Display--medium,400); line-height: 24px; margin: 0px; padding: 5px 10px; text-decoration: var(--pf-theme--link--text-decoration,"underline"); width: 1074px;"><svg aria-hidden="true" class="code-copy__icon" viewbox="0 0 448 512" xmlns="http://www.w3.org/2000/svg"><path d="M320 448v40c0 13.255-10.745 24-24 24H24c-13.255 0-24-10.745-24-24V120c0-13.255 10.745-24 24-24h72v296c0 30.879 25.121 56 56 56h168zm0-344V0H152c-13.255 0-24 10.745-24 24v368c0 13.255 10.745 24 24 24h272c13.255 0 24-10.745 24-24V128H344c-13.2 0-24-10.8-24-24zm120.971-31.029L375.029 7.029A24 24 0 00358.059 0H352v96h96v-6.059a24 24 0 00-7.029-16.97z" fill="#06c"></path></svg>Copy snippet</a></div><p style="background-color: white; box-sizing: border-box; color: #151515; font-family: RedHatText, Overpass, Helvetica, Arial, sans-serif; font-size: 16px; line-height: 24px; margin-bottom: var(--pf-c-content--MarginBottom); margin-left: 0px; margin-right: 0px; margin-top: 0px; padding: 0px;">The following command, similar to the previous one, makes the <code style="background-color: #f9f9f9; border: 1px solid rgb(213, 213, 213); box-sizing: border-box; color: #0a0a0a; font-family: monospace, serif; font-size: 1em; overflow: auto; padding: 1px 8px;">veth2</code> bridge port transmit VLAN 2 data. The <code style="background-color: #f9f9f9; border: 1px solid rgb(213, 213, 213); box-sizing: border-box; color: #0a0a0a; font-family: monospace, serif; font-size: 1em; overflow: auto; padding: 1px 8px;">pvid</code> parameter causes untagged frames to be assigned to this VLAN at ingress (<code style="background-color: #f9f9f9; border: 1px solid rgb(213, 213, 213); box-sizing: border-box; color: #0a0a0a; font-family: monospace, serif; font-size: 1em; overflow: auto; padding: 1px 8px;">veth2</code> to bridge), and the <code style="background-color: #f9f9f9; border: 1px solid rgb(213, 213, 213); box-sizing: border-box; color: #0a0a0a; font-family: monospace, serif; font-size: 1em; overflow: auto; padding: 1px 8px;">untagged</code> parameter causes the packet to be untagged on egress (bridge to <code style="background-color: #f9f9f9; border: 1px solid rgb(213, 213, 213); box-sizing: border-box; color: #0a0a0a; font-family: monospace, serif; font-size: 1em; overflow: auto; padding: 1px 8px;">veth2</code>):</p><pre style="background: rgb(249, 249, 249); border-radius: 0px; border: 1px solid rgb(213, 213, 213); box-sizing: border-box; color: #151515; font-family: monospace, serif; font-size: 16px; margin: var(--rhd-theme--container-spacer-sm) 0 0; overflow-wrap: break-word; overflow: auto; padding: var(--rhd-theme--container-spacer-sm); position: relative; white-space: pre-wrap;"><code class="language-bash hljs hljs " style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: none; box-sizing: border-box; color: #0a0a0a; display: block; font-family: monospace, serif; font-size: 1em; overflow: auto; padding: 0px;">bridge vlan add dev veth2 vid <span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">2</span> pvid untagged</code></pre><div class="copy-code-container" style="align-items: flex-start; background-color: #f9f9f9; border-bottom-color: rgb(213, 213, 213); border-bottom-style: solid; border-image: initial; border-left-color: rgb(213, 213, 213); border-left-style: solid; border-right-color: rgb(213, 213, 213); border-right-style: solid; border-top-color: initial; border-top-style: initial; border-width: 0px 1px 1px; box-sizing: border-box; color: #151515; display: flex; font-family: RedHatText, Overpass, Helvetica, Arial, sans-serif; font-size: 16px; margin-bottom: var(--rhd-theme--container-spacer-md); width: 1076px;"><a class="copy-code__link" id="copy-code-11" style="box-sizing: border-box; color: var(--pf-theme--color--ui-link,#06c); cursor: pointer; font-weight: var(--rhd-global--FontWeight-Display--medium,400); line-height: 24px; margin: 0px; padding: 5px 10px; text-decoration: var(--pf-theme--link--text-decoration,"underline"); width: 1074px;"><svg aria-hidden="true" class="code-copy__icon" viewbox="0 0 448 512" xmlns="http://www.w3.org/2000/svg"><path d="M320 448v40c0 13.255-10.745 24-24 24H24c-13.255 0-24-10.745-24-24V120c0-13.255 10.745-24 24-24h72v296c0 30.879 25.121 56 56 56h168zm0-344V0H152c-13.255 0-24 10.745-24 24v368c0 13.255 10.745 24 24 24h272c13.255 0 24-10.745 24-24V128H344c-13.2 0-24-10.8-24-24zm120.971-31.029L375.029 7.029A24 24 0 00358.059 0H352v96h96v-6.059a24 24 0 00-7.029-16.97z" fill="#06c"></path></svg>Copy snippet</a></div><p style="background-color: white; box-sizing: border-box; color: #151515; font-family: RedHatText, Overpass, Helvetica, Arial, sans-serif; font-size: 16px; line-height: 24px; margin-bottom: var(--pf-c-content--MarginBottom); margin-left: 0px; margin-right: 0px; margin-top: 0px; padding: 0px;">The next command carries out the same operation as the previous one, this time on <code style="background-color: #f9f9f9; border: 1px solid rgb(213, 213, 213); box-sizing: border-box; color: #0a0a0a; font-family: monospace, serif; font-size: 1em; overflow: auto; padding: 1px 8px;">veth3</code>. The <code style="background-color: #f9f9f9; border: 1px solid rgb(213, 213, 213); box-sizing: border-box; color: #0a0a0a; font-family: monospace, serif; font-size: 1em; overflow: auto; padding: 1px 8px;">master</code> parameter indicates that the link setting is configured on the software bridge. However, because <code style="background-color: #f9f9f9; border: 1px solid rgb(213, 213, 213); box-sizing: border-box; color: #0a0a0a; font-family: monospace, serif; font-size: 1em; overflow: auto; padding: 1px 8px;">master</code> is a default option, this command has the same effect as the previous one:</p><pre style="background: rgb(249, 249, 249); border-radius: 0px; border: 1px solid rgb(213, 213, 213); box-sizing: border-box; color: #151515; font-family: monospace, serif; font-size: 16px; margin: var(--rhd-theme--container-spacer-sm) 0 0; overflow-wrap: break-word; overflow: auto; padding: var(--rhd-theme--container-spacer-sm); position: relative; white-space: pre-wrap;"><code class="language-bash hljs hljs " style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: none; box-sizing: border-box; color: #0a0a0a; display: block; font-family: monospace, serif; font-size: 1em; overflow: auto; padding: 0px;">bridge vlan add dev veth3 vid <span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">3</span> pvid untagged master</code></pre><div class="copy-code-container" style="align-items: flex-start; background-color: #f9f9f9; border-bottom-color: rgb(213, 213, 213); border-bottom-style: solid; border-image: initial; border-left-color: rgb(213, 213, 213); border-left-style: solid; border-right-color: rgb(213, 213, 213); border-right-style: solid; border-top-color: initial; border-top-style: initial; border-width: 0px 1px 1px; box-sizing: border-box; color: #151515; display: flex; font-family: RedHatText, Overpass, Helvetica, Arial, sans-serif; font-size: 16px; margin-bottom: var(--rhd-theme--container-spacer-md); width: 1076px;"><a class="copy-code__link" id="copy-code-12" style="box-sizing: border-box; color: var(--pf-theme--color--ui-link,#06c); cursor: pointer; font-weight: var(--rhd-global--FontWeight-Display--medium,400); line-height: 24px; margin: 0px; padding: 5px 10px; text-decoration: var(--pf-theme--link--text-decoration,"underline"); width: 1074px;"><svg aria-hidden="true" class="code-copy__icon" viewbox="0 0 448 512" xmlns="http://www.w3.org/2000/svg"><path d="M320 448v40c0 13.255-10.745 24-24 24H24c-13.255 0-24-10.745-24-24V120c0-13.255 10.745-24 24-24h72v296c0 30.879 25.121 56 56 56h168zm0-344V0H152c-13.255 0-24 10.745-24 24v368c0 13.255 10.745 24 24 24h272c13.255 0 24-10.745 24-24V128H344c-13.2 0-24-10.8-24-24zm120.971-31.029L375.029 7.029A24 24 0 00358.059 0H352v96h96v-6.059a24 24 0 00-7.029-16.97z" fill="#06c"></path></svg>Copy snippet</a></div><p style="background-color: white; box-sizing: border-box; color: #151515; font-family: RedHatText, Overpass, Helvetica, Arial, sans-serif; font-size: 16px; line-height: 24px; margin-bottom: var(--pf-c-content--MarginBottom); margin-left: 0px; margin-right: 0px; margin-top: 0px; padding: 0px;">The following command enables VLAN 2 and VLAN 3 traffic on <code style="background-color: #f9f9f9; border: 1px solid rgb(213, 213, 213); box-sizing: border-box; color: #0a0a0a; font-family: monospace, serif; font-size: 1em; overflow: auto; padding: 1px 8px;">eth1</code>:</p><pre style="background: rgb(249, 249, 249); border-radius: 0px; border: 1px solid rgb(213, 213, 213); box-sizing: border-box; color: #151515; font-family: monospace, serif; font-size: 16px; margin: var(--rhd-theme--container-spacer-sm) 0 0; overflow-wrap: break-word; overflow: auto; padding: var(--rhd-theme--container-spacer-sm); position: relative; white-space: pre-wrap;"><code class="language-bash hljs hljs " style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: none; box-sizing: border-box; color: #0a0a0a; display: block; font-family: monospace, serif; font-size: 1em; overflow: auto; padding: 0px;">bridge vlan add dev eth1 vid <span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">2</span>-<span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">3</span></code></pre><div class="copy-code-container" style="align-items: flex-start; background-color: #f9f9f9; border-bottom-color: rgb(213, 213, 213); border-bottom-style: solid; border-image: initial; border-left-color: rgb(213, 213, 213); border-left-style: solid; border-right-color: rgb(213, 213, 213); border-right-style: solid; border-top-color: initial; border-top-style: initial; border-width: 0px 1px 1px; box-sizing: border-box; color: #151515; display: flex; font-family: RedHatText, Overpass, Helvetica, Arial, sans-serif; font-size: 16px; margin-bottom: var(--rhd-theme--container-spacer-md); width: 1076px;"><a class="copy-code__link" id="copy-code-13" style="box-sizing: border-box; color: var(--pf-theme--color--ui-link,#06c); cursor: pointer; font-weight: var(--rhd-global--FontWeight-Display--medium,400); line-height: 24px; margin: 0px; padding: 5px 10px; text-decoration: var(--pf-theme--link--text-decoration,"underline"); width: 1074px;"><svg aria-hidden="true" class="code-copy__icon" viewbox="0 0 448 512" xmlns="http://www.w3.org/2000/svg"><path d="M320 448v40c0 13.255-10.745 24-24 24H24c-13.255 0-24-10.745-24-24V120c0-13.255 10.745-24 24-24h72v296c0 30.879 25.121 56 56 56h168zm0-344V0H152c-13.255 0-24 10.745-24 24v368c0 13.255 10.745 24 24 24h272c13.255 0 24-10.745 24-24V128H344c-13.2 0-24-10.8-24-24zm120.971-31.029L375.029 7.029A24 24 0 00358.059 0H352v96h96v-6.059a24 24 0 00-7.029-16.97z" fill="#06c"></path></svg>Copy snippet</a></div><p style="background-color: white; box-sizing: border-box; color: #151515; font-family: RedHatText, Overpass, Helvetica, Arial, sans-serif; font-size: 16px; line-height: 24px; margin-bottom: var(--pf-c-content--MarginBottom); margin-left: 0px; margin-right: 0px; margin-top: 0px; padding: 0px;">To show the VLAN traffic state, enable VLAN statistics (added in kernel 4.7) as follows:</p><pre style="background: rgb(249, 249, 249); border-radius: 0px; border: 1px solid rgb(213, 213, 213); box-sizing: border-box; color: #151515; font-family: monospace, serif; font-size: 16px; margin: var(--rhd-theme--container-spacer-sm) 0 0; overflow-wrap: break-word; overflow: auto; padding: var(--rhd-theme--container-spacer-sm); position: relative; white-space: pre-wrap;"><code class="language-bash hljs hljs " style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: none; box-sizing: border-box; color: #0a0a0a; display: block; font-family: monospace, serif; font-size: 1em; overflow: auto; padding: 0px;">ip <span class="hljs-built_in" style="box-sizing: border-box; color: #e36209;">link</span> <span class="hljs-built_in" style="box-sizing: border-box; color: #e36209;"><span class="hljs-keyword" style="box-sizing: border-box; color: #d73a49; font-weight: bold;">set</span></span> br0 <span class="hljs-built_in" style="box-sizing: border-box; color: #e36209;">type</span> bridge vlan_stats_enabled <span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">1</span></code></pre><div class="copy-code-container" style="align-items: flex-start; background-color: #f9f9f9; border-bottom-color: rgb(213, 213, 213); border-bottom-style: solid; border-image: initial; border-left-color: rgb(213, 213, 213); border-left-style: solid; border-right-color: rgb(213, 213, 213); border-right-style: solid; border-top-color: initial; border-top-style: initial; border-width: 0px 1px 1px; box-sizing: border-box; color: #151515; display: flex; font-family: RedHatText, Overpass, Helvetica, Arial, sans-serif; font-size: 16px; margin-bottom: var(--rhd-theme--container-spacer-md); width: 1076px;"><a class="copy-code__link" id="copy-code-14" style="box-sizing: border-box; color: var(--pf-theme--color--ui-link,#06c); cursor: pointer; font-weight: var(--rhd-global--FontWeight-Display--medium,400); line-height: 24px; margin: 0px; padding: 5px 10px; text-decoration: var(--pf-theme--link--text-decoration,"underline"); width: 1074px;"><svg aria-hidden="true" class="code-copy__icon" viewbox="0 0 448 512" xmlns="http://www.w3.org/2000/svg"><path d="M320 448v40c0 13.255-10.745 24-24 24H24c-13.255 0-24-10.745-24-24V120c0-13.255 10.745-24 24-24h72v296c0 30.879 25.121 56 56 56h168zm0-344V0H152c-13.255 0-24 10.745-24 24v368c0 13.255 10.745 24 24 24h272c13.255 0 24-10.745 24-24V128H344c-13.2 0-24-10.8-24-24zm120.971-31.029L375.029 7.029A24 24 0 00358.059 0H352v96h96v-6.059a24 24 0 00-7.029-16.97z" fill="#06c"></path></svg>Copy snippet</a></div><p style="background-color: white; box-sizing: border-box; color: #151515; font-family: RedHatText, Overpass, Helvetica, Arial, sans-serif; font-size: 16px; line-height: 24px; margin-bottom: var(--pf-c-content--MarginBottom); margin-left: 0px; margin-right: 0px; margin-top: 0px; padding: 0px;">The previous command enables just global VLAN statistics on the bridge, and is not fine grained enough to show each VLAN's state. To enable per-VLAN statistics when there are <code style="background-color: #f9f9f9; border: 1px solid rgb(213, 213, 213); box-sizing: border-box; color: #0a0a0a; font-family: monospace, serif; font-size: 1em; overflow: auto; padding: 1px 8px;">no</code> port VLANs in the bridge, you also need to enable <code style="background-color: #f9f9f9; border: 1px solid rgb(213, 213, 213); box-sizing: border-box; color: #0a0a0a; font-family: monospace, serif; font-size: 1em; overflow: auto; padding: 1px 8px;">vlan_stats_per_port</code> (added in kernel 4.20). You can run:</p><pre style="background: rgb(249, 249, 249); border-radius: 0px; border: 1px solid rgb(213, 213, 213); box-sizing: border-box; color: #151515; font-family: monospace, serif; font-size: 16px; margin: var(--rhd-theme--container-spacer-sm) 0 0; overflow-wrap: break-word; overflow: auto; padding: var(--rhd-theme--container-spacer-sm); position: relative; white-space: pre-wrap;"><code class="language-bash hljs hljs " style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: none; box-sizing: border-box; color: #0a0a0a; display: block; font-family: monospace, serif; font-size: 1em; overflow: auto; padding: 0px;">ip <span class="hljs-built_in" style="box-sizing: border-box; color: #e36209;">link</span> <span class="hljs-built_in" style="box-sizing: border-box; color: #e36209;"><span class="hljs-keyword" style="box-sizing: border-box; color: #d73a49; font-weight: bold;">set</span></span> br0 <span class="hljs-built_in" style="box-sizing: border-box; color: #e36209;">type</span> bridge vlan_stats_per_port <span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">1</span></code></pre><div class="copy-code-container" style="align-items: flex-start; background-color: #f9f9f9; border-bottom-color: rgb(213, 213, 213); border-bottom-style: solid; border-image: initial; border-left-color: rgb(213, 213, 213); border-left-style: solid; border-right-color: rgb(213, 213, 213); border-right-style: solid; border-top-color: initial; border-top-style: initial; border-width: 0px 1px 1px; box-sizing: border-box; color: #151515; display: flex; font-family: RedHatText, Overpass, Helvetica, Arial, sans-serif; font-size: 16px; margin-bottom: var(--rhd-theme--container-spacer-md); width: 1076px;"><a class="copy-code__link" id="copy-code-15" style="box-sizing: border-box; color: var(--pf-theme--color--ui-link,#06c); cursor: pointer; font-weight: var(--rhd-global--FontWeight-Display--medium,400); line-height: 24px; margin: 0px; padding: 5px 10px; text-decoration: var(--pf-theme--link--text-decoration,"underline"); width: 1074px;"><svg aria-hidden="true" class="code-copy__icon" viewbox="0 0 448 512" xmlns="http://www.w3.org/2000/svg"><path d="M320 448v40c0 13.255-10.745 24-24 24H24c-13.255 0-24-10.745-24-24V120c0-13.255 10.745-24 24-24h72v296c0 30.879 25.121 56 56 56h168zm0-344V0H152c-13.255 0-24 10.745-24 24v368c0 13.255 10.745 24 24 24h272c13.255 0 24-10.745 24-24V128H344c-13.2 0-24-10.8-24-24zm120.971-31.029L375.029 7.029A24 24 0 00358.059 0H352v96h96v-6.059a24 24 0 00-7.029-16.97z" fill="#06c"></path></svg>Copy snippet</a></div><p style="background-color: white; box-sizing: border-box; color: #151515; font-family: RedHatText, Overpass, Helvetica, Arial, sans-serif; font-size: 16px; line-height: 24px; margin-bottom: var(--pf-c-content--MarginBottom); margin-left: 0px; margin-right: 0px; margin-top: 0px; padding: 0px;">Then you can show per-VLAN statistics like so:</p><pre style="background: rgb(249, 249, 249); border-radius: 0px; border: 1px solid rgb(213, 213, 213); box-sizing: border-box; color: #151515; font-family: monospace, serif; font-size: 16px; margin: var(--rhd-theme--container-spacer-sm) 0 0; overflow-wrap: break-word; overflow: auto; padding: var(--rhd-theme--container-spacer-sm); position: relative; white-space: pre-wrap;"><code class="language-bash hljs hljs " style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: none; box-sizing: border-box; color: #0a0a0a; display: block; font-family: monospace, serif; font-size: 1em; overflow: auto; padding: 0px;"><span class="hljs-comment" style="box-sizing: border-box; color: #6a737d; font-style: italic;"># bridge -s vlan show</span>
port vlan-id
br0 <span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">1</span> PVID Egress Untagged
RX: <span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">248</span> bytes <span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">3</span> packets
TX: <span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">333</span> bytes <span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">1</span> packets
eth1 <span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">1</span> PVID Egress Untagged
RX: <span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">333</span> bytes <span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">1</span> packets
TX: <span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">248</span> bytes <span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">3</span> packets
<span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">2</span>
RX: <span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">0</span> bytes <span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">0</span> packets
TX: <span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">56</span> bytes <span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">1</span> packets
<span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">3</span>
RX: <span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">0</span> bytes <span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">0</span> packets
TX: <span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">224</span> bytes <span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">7</span> packets
veth1 <span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">1</span> Egress Untagged
RX: <span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">0</span> bytes <span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">0</span> packets
TX: <span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">581</span> bytes <span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">4</span> packets
<span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">2</span> PVID Egress Untagged
RX: <span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">6356</span> bytes <span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">77</span> packets
TX: <span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">6412</span> bytes <span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">78</span> packets
veth2 <span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">1</span> Egress Untagged
RX: <span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">0</span> bytes <span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">0</span> packets
TX: <span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">581</span> bytes <span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">4</span> packets
<span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">2</span> PVID Egress Untagged
RX: <span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">6412</span> bytes <span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">78</span> packets
TX: <span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">6356</span> bytes <span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">77</span> packets
veth3 <span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">1</span> Egress Untagged
RX: <span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">0</span> bytes <span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">0</span> packets
TX: <span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">581</span> bytes <span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">4</span> packets
<span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">3</span> PVID Egress Untagged
RX: <span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">224</span> bytes <span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">7</span> packets
TX: <span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">0</span> bytes <span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">0</span> packets</code></pre><div class="copy-code-container" style="align-items: flex-start; background-color: #f9f9f9; border-bottom-color: rgb(213, 213, 213); border-bottom-style: solid; border-image: initial; border-left-color: rgb(213, 213, 213); border-left-style: solid; border-right-color: rgb(213, 213, 213); border-right-style: solid; border-top-color: initial; border-top-style: initial; border-width: 0px 1px 1px; box-sizing: border-box; color: #151515; display: flex; font-family: RedHatText, Overpass, Helvetica, Arial, sans-serif; font-size: 16px; margin-bottom: var(--rhd-theme--container-spacer-md); width: 1076px;"><a class="copy-code__link" id="copy-code-16" style="box-sizing: border-box; color: var(--pf-theme--color--ui-link,#06c); cursor: pointer; font-weight: var(--rhd-global--FontWeight-Display--medium,400); line-height: 24px; margin: 0px; padding: 5px 10px; text-decoration: var(--pf-theme--link--text-decoration,"underline"); width: 1074px;"><svg aria-hidden="true" class="code-copy__icon" viewbox="0 0 448 512" xmlns="http://www.w3.org/2000/svg"><path d="M320 448v40c0 13.255-10.745 24-24 24H24c-13.255 0-24-10.745-24-24V120c0-13.255 10.745-24 24-24h72v296c0 30.879 25.121 56 56 56h168zm0-344V0H152c-13.255 0-24 10.745-24 24v368c0 13.255 10.745 24 24 24h272c13.255 0 24-10.745 24-24V128H344c-13.2 0-24-10.8-24-24zm120.971-31.029L375.029 7.029A24 24 0 00358.059 0H352v96h96v-6.059a24 24 0 00-7.029-16.97z" fill="#06c"></path></svg>Copy snippet</a></div><p><span class="rhd-c-has-toc-target" id="vlan_tunnel_mapping" style="background-color: white; box-sizing: border-box; color: #151515; display: block; font-family: RedHatText, Overpass, Helvetica, Arial, sans-serif; font-size: 16px; margin-top: -2.1rem; pointer-events: none; position: absolute; visibility: hidden;"></span></p><h2 id="vlan_tunnel_mapping-h2" style="background-color: white; box-sizing: border-box; color: #151515; font-family: RedHatDisplay, Overpass, Helvetica, Arial, sans-serif; font-size: 28px; font-weight: var(--rhd-global--FontWeight-Display--medium); line-height: 37px; margin-bottom: var(--rhd-theme--container-spacer-md); margin-left: 0px; margin-right: 0px; margin-top: var(--pf-c-content--h2--MarginTop); padding: 0px;">VLAN tunnel mapping</h2><p style="background-color: white; box-sizing: border-box; color: #151515; font-family: RedHatText, Overpass, Helvetica, Arial, sans-serif; font-size: 16px; line-height: 24px; margin-bottom: var(--pf-c-content--MarginBottom); margin-left: 0px; margin-right: 0px; margin-top: 0px; padding: 0px;">VxLAN builds Layer 2 virtual networks on top of a Layer 3 underlay. A VxLAN tunnel endpoint (VTEP) originates and terminates VxLAN tunnels. VxLAN bridging is the function provided by VTEPs to terminate VxLAN tunnels and map the VxLAN network identifier (VNI) to the traditional end host's VLAN.</p><p style="background-color: white; box-sizing: border-box; color: #151515; font-family: RedHatText, Overpass, Helvetica, Arial, sans-serif; font-size: 16px; line-height: 24px; margin-bottom: var(--pf-c-content--MarginBottom); margin-left: 0px; margin-right: 0px; margin-top: 0px; padding: 0px;">Previously, to achieve VLAN tunnel mapping, administrators needed to add local ports and VxLAN network devices (netdevs) into a VLAN filtering bridge. The local ports were configured as trunk ports carrying all VLANs. A VxLAN netdev for each VNI would then need to be added to the bridge. VLAN to VNI mapping was achieved by configuring a port VLAN identifier (pvid) for each VLAN as on the corresponding VxLAN netdev, as shown in Figure 6.</p><figure class="rhd-u-has-filter-caption" role="group" style="background-color: white; box-sizing: border-box; color: #151515; font-family: RedHatText, Overpass, Helvetica, Arial, sans-serif; font-size: 16px; margin-bottom: var(--pf-global--spacer--md); margin-left: 0px; margin-right: 0px; margin-top: 0px; padding: 0px;"><div class="rhd-c-figure" style="box-sizing: border-box; color: var(--pf-c-card--Color); text-align: center;"><article class="media media--type-image media--view-mode-article-content-full-width" style="box-sizing: border-box;"><div class="field field--name-image field--type-image field--label-hidden field__items" style="box-sizing: border-box; margin-right: var(--pf-global--spacer--sm);"><a data-featherlight="image" href="https://developers.redhat.com/sites/default/files/br_6.png" style="box-sizing: border-box; cursor: pointer; font-weight: var(--rhd-global--FontWeight-Display--medium,400); line-height: 24px; text-decoration: var(--pf-theme--link--text-decoration,"underline");"><img alt="VxLAN used to require multiple netdevs." height="234" loading="lazy" src="https://developers.redhat.com/sites/default/files/styles/article_full_width_1440px_w/public/br_6.png?itok=cbHrDl-b" style="box-sizing: border-box; height: auto; max-width: 100%;" typeof="foaf:Image" width="398" /></a></div><div class="field field--name-field-caption field--type-string field--label-hidden field__items" style="box-sizing: border-box; margin-right: var(--pf-global--spacer--sm);"></div></article></div><figcaption class="rhd-c-caption" style="box-sizing: border-box; margin-bottom: var(--pf-global--spacer--md); text-align: center;">Figure 6. VxLAN used to require multiple netdevs.</figcaption></figure><p style="background-color: white; box-sizing: border-box; color: #151515; font-family: RedHatText, Overpass, Helvetica, Arial, sans-serif; font-size: 16px; line-height: 24px; margin-bottom: var(--pf-c-content--MarginBottom); margin-left: 0px; margin-right: 0px; margin-top: 0px; padding: 0px;">Since 4.11, the kernel has provided a native way to support VxLAN bridging. The topology for this looks like Figure 7. The <code style="background-color: #f9f9f9; border: 1px solid rgb(213, 213, 213); box-sizing: border-box; color: #0a0a0a; font-family: monospace, serif; font-size: 1em; overflow: auto; padding: 1px 8px;">vxlan0</code> endpoint in this figure was added with lightweight tunnel (LWT) support to handle multiple VNIs.</p><figure class="rhd-u-has-filter-caption" role="group" style="background-color: white; box-sizing: border-box; color: #151515; font-family: RedHatText, Overpass, Helvetica, Arial, sans-serif; font-size: 16px; margin-bottom: var(--pf-global--spacer--md); margin-left: 0px; margin-right: 0px; margin-top: 0px; padding: 0px;"><div class="rhd-c-figure" style="box-sizing: border-box; color: var(--pf-c-card--Color); text-align: center;"><article class="media media--type-image media--view-mode-article-content-full-width" style="box-sizing: border-box;"><div class="field field--name-image field--type-image field--label-hidden field__items" style="box-sizing: border-box; margin-right: var(--pf-global--spacer--sm);"><a data-featherlight="image" href="https://developers.redhat.com/sites/default/files/br_7.png" style="box-sizing: border-box; cursor: pointer; font-weight: var(--rhd-global--FontWeight-Display--medium,400); line-height: 24px; text-decoration: var(--pf-theme--link--text-decoration,"underline");"><img alt="Now Linux bridging handle multiple VNIs with one VxLAN." height="236" loading="lazy" src="https://developers.redhat.com/sites/default/files/styles/article_full_width_1440px_w/public/br_7.png?itok=8fJ6xtLr" style="box-sizing: border-box; height: auto; max-width: 100%;" typeof="foaf:Image" width="399" /></a></div><div class="field field--name-field-caption field--type-string field--label-hidden field__items" style="box-sizing: border-box; margin-right: var(--pf-global--spacer--sm);"></div></article></div><figcaption class="rhd-c-caption" style="box-sizing: border-box; margin-bottom: var(--pf-global--spacer--md); text-align: center;">Figure 7: Now Linux bridging can handle multiple VNIs with one VxLAN.</figcaption></figure><p style="background-color: white; box-sizing: border-box; color: #151515; font-family: RedHatText, Overpass, Helvetica, Arial, sans-serif; font-size: 16px; line-height: 24px; margin-bottom: var(--pf-c-content--MarginBottom); margin-left: 0px; margin-right: 0px; margin-top: 0px; padding: 0px;">To create a tunnel, you must first add related VIDs to the interfaces:</p><pre style="background: rgb(249, 249, 249); border-radius: 0px; border: 1px solid rgb(213, 213, 213); box-sizing: border-box; color: #151515; font-family: monospace, serif; font-size: 16px; margin: var(--rhd-theme--container-spacer-sm) 0 0; overflow-wrap: break-word; overflow: auto; padding: var(--rhd-theme--container-spacer-sm); position: relative; white-space: pre-wrap;"><code class="language-bash hljs hljs " style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: none; box-sizing: border-box; color: #0a0a0a; display: block; font-family: monospace, serif; font-size: 1em; overflow: auto; padding: 0px;">bridge vlan add dev eth1 vid <span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">100</span>-<span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">101</span>
bridge vlan add dev eth1 vid <span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">200</span>
bridge vlan add dev vxlan0 vid <span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">100</span>-<span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">101</span>
bridge vlan add dev vxlan0 vid <span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">200</span></code></pre><div class="copy-code-container" style="align-items: flex-start; background-color: #f9f9f9; border-bottom-color: rgb(213, 213, 213); border-bottom-style: solid; border-image: initial; border-left-color: rgb(213, 213, 213); border-left-style: solid; border-right-color: rgb(213, 213, 213); border-right-style: solid; border-top-color: initial; border-top-style: initial; border-width: 0px 1px 1px; box-sizing: border-box; color: #151515; display: flex; font-family: RedHatText, Overpass, Helvetica, Arial, sans-serif; font-size: 16px; margin-bottom: var(--rhd-theme--container-spacer-md); width: 1076px;"><a class="copy-code__link" id="copy-code-17" style="box-sizing: border-box; color: var(--pf-theme--color--ui-link,#06c); cursor: pointer; font-weight: var(--rhd-global--FontWeight-Display--medium,400); line-height: 24px; margin: 0px; padding: 5px 10px; text-decoration: var(--pf-theme--link--text-decoration,"underline"); width: 1074px;"><svg aria-hidden="true" class="code-copy__icon" viewbox="0 0 448 512" xmlns="http://www.w3.org/2000/svg"><path d="M320 448v40c0 13.255-10.745 24-24 24H24c-13.255 0-24-10.745-24-24V120c0-13.255 10.745-24 24-24h72v296c0 30.879 25.121 56 56 56h168zm0-344V0H152c-13.255 0-24 10.745-24 24v368c0 13.255 10.745 24 24 24h272c13.255 0 24-10.745 24-24V128H344c-13.2 0-24-10.8-24-24zm120.971-31.029L375.029 7.029A24 24 0 00358.059 0H352v96h96v-6.059a24 24 0 00-7.029-16.97z" fill="#06c"></path></svg>Copy snippet</a></div><p style="background-color: white; box-sizing: border-box; color: #151515; font-family: RedHatText, Overpass, Helvetica, Arial, sans-serif; font-size: 16px; line-height: 24px; margin-bottom: var(--pf-c-content--MarginBottom); margin-left: 0px; margin-right: 0px; margin-top: 0px; padding: 0px;">Now enable a VLAN tunnel mapping on a bridge port:</p><pre style="background: rgb(249, 249, 249); border-radius: 0px; border: 1px solid rgb(213, 213, 213); box-sizing: border-box; color: #151515; font-family: monospace, serif; font-size: 16px; margin: var(--rhd-theme--container-spacer-sm) 0 0; overflow-wrap: break-word; overflow: auto; padding: var(--rhd-theme--container-spacer-sm); position: relative; white-space: pre-wrap;"><code class="language-bash hljs hljs " style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: none; box-sizing: border-box; color: #0a0a0a; display: block; font-family: monospace, serif; font-size: 1em; overflow: auto; padding: 0px;"><span class="hljs-comment" style="box-sizing: border-box; color: #6a737d; font-style: italic;"># ip link set dev vxlan0 type bridge_slave vlan_tunnel on</span></code></pre><div class="copy-code-container" style="align-items: flex-start; background-color: #f9f9f9; border-bottom-color: rgb(213, 213, 213); border-bottom-style: solid; border-image: initial; border-left-color: rgb(213, 213, 213); border-left-style: solid; border-right-color: rgb(213, 213, 213); border-right-style: solid; border-top-color: initial; border-top-style: initial; border-width: 0px 1px 1px; box-sizing: border-box; color: #151515; display: flex; font-family: RedHatText, Overpass, Helvetica, Arial, sans-serif; font-size: 16px; margin-bottom: var(--rhd-theme--container-spacer-md); width: 1076px;"><a class="copy-code__link" id="copy-code-18" style="box-sizing: border-box; color: var(--pf-theme--color--ui-link,#06c); cursor: pointer; font-weight: var(--rhd-global--FontWeight-Display--medium,400); line-height: 24px; margin: 0px; padding: 5px 10px; text-decoration: var(--pf-theme--link--text-decoration,"underline"); width: 1074px;"><svg aria-hidden="true" class="code-copy__icon" viewbox="0 0 448 512" xmlns="http://www.w3.org/2000/svg"><path d="M320 448v40c0 13.255-10.745 24-24 24H24c-13.255 0-24-10.745-24-24V120c0-13.255 10.745-24 24-24h72v296c0 30.879 25.121 56 56 56h168zm0-344V0H152c-13.255 0-24 10.745-24 24v368c0 13.255 10.745 24 24 24h272c13.255 0 24-10.745 24-24V128H344c-13.2 0-24-10.8-24-24zm120.971-31.029L375.029 7.029A24 24 0 00358.059 0H352v96h96v-6.059a24 24 0 00-7.029-16.97z" fill="#06c"></path></svg>Copy snippet</a></div><p style="background-color: white; box-sizing: border-box; color: #151515; font-family: RedHatText, Overpass, Helvetica, Arial, sans-serif; font-size: 16px; line-height: 24px; margin-bottom: var(--pf-c-content--MarginBottom); margin-left: 0px; margin-right: 0px; margin-top: 0px; padding: 0px;">Alternatively, you can enable the tunnel with this command:</p><pre style="background: rgb(249, 249, 249); border-radius: 0px; border: 1px solid rgb(213, 213, 213); box-sizing: border-box; color: #151515; font-family: monospace, serif; font-size: 16px; margin: var(--rhd-theme--container-spacer-sm) 0 0; overflow-wrap: break-word; overflow: auto; padding: var(--rhd-theme--container-spacer-sm); position: relative; white-space: pre-wrap;"><code class="language-bash hljs hljs " style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: none; box-sizing: border-box; color: #0a0a0a; display: block; font-family: monospace, serif; font-size: 1em; overflow: auto; padding: 0px;"><span class="hljs-comment" style="box-sizing: border-box; color: #6a737d; font-style: italic;"># bridge link set dev vxlan0 vlan_tunnel on</span></code></pre><div class="copy-code-container" style="align-items: flex-start; background-color: #f9f9f9; border-bottom-color: rgb(213, 213, 213); border-bottom-style: solid; border-image: initial; border-left-color: rgb(213, 213, 213); border-left-style: solid; border-right-color: rgb(213, 213, 213); border-right-style: solid; border-top-color: initial; border-top-style: initial; border-width: 0px 1px 1px; box-sizing: border-box; color: #151515; display: flex; font-family: RedHatText, Overpass, Helvetica, Arial, sans-serif; font-size: 16px; margin-bottom: var(--rhd-theme--container-spacer-md); width: 1076px;"><a class="copy-code__link" id="copy-code-19" style="box-sizing: border-box; color: var(--pf-theme--color--ui-link,#06c); cursor: pointer; font-weight: var(--rhd-global--FontWeight-Display--medium,400); line-height: 24px; margin: 0px; padding: 5px 10px; text-decoration: var(--pf-theme--link--text-decoration,"underline"); width: 1074px;"><svg aria-hidden="true" class="code-copy__icon" viewbox="0 0 448 512" xmlns="http://www.w3.org/2000/svg"><path d="M320 448v40c0 13.255-10.745 24-24 24H24c-13.255 0-24-10.745-24-24V120c0-13.255 10.745-24 24-24h72v296c0 30.879 25.121 56 56 56h168zm0-344V0H152c-13.255 0-24 10.745-24 24v368c0 13.255 10.745 24 24 24h272c13.255 0 24-10.745 24-24V128H344c-13.2 0-24-10.8-24-24zm120.971-31.029L375.029 7.029A24 24 0 00358.059 0H352v96h96v-6.059a24 24 0 00-7.029-16.97z" fill="#06c"></path></svg>Copy snippet</a></div><p style="background-color: white; box-sizing: border-box; color: #151515; font-family: RedHatText, Overpass, Helvetica, Arial, sans-serif; font-size: 16px; line-height: 24px; margin-bottom: var(--pf-c-content--MarginBottom); margin-left: 0px; margin-right: 0px; margin-top: 0px; padding: 0px;">Then add VLAN tunnel mapping:</p><pre style="background: rgb(249, 249, 249); border-radius: 0px; border: 1px solid rgb(213, 213, 213); box-sizing: border-box; color: #151515; font-family: monospace, serif; font-size: 16px; margin: var(--rhd-theme--container-spacer-sm) 0 0; overflow-wrap: break-word; overflow: auto; padding: var(--rhd-theme--container-spacer-sm); position: relative; white-space: pre-wrap;"><code class="language-bash hljs hljs " style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: none; box-sizing: border-box; color: #0a0a0a; display: block; font-family: monospace, serif; font-size: 1em; overflow: auto; padding: 0px;"><span class="hljs-comment" style="box-sizing: border-box; color: #6a737d; font-style: italic;"># bridge vlan add dev vxlan0 vid 2000 tunnel_info id 2000</span>
<span class="hljs-comment" style="box-sizing: border-box; color: #6a737d; font-style: italic;"># bridge vlan add dev vxlan0 vid 1000-1001 tunnel_info id 1000-1001</span>
<span class="hljs-comment" style="box-sizing: border-box; color: #6a737d; font-style: italic;"># bridge -j -p vlan tunnelshow</span>
[ {
<span class="hljs-string" style="box-sizing: border-box; color: #032f62;">"ifname"</span>: <span class="hljs-string" style="box-sizing: border-box; color: #032f62;">"vxlan0"</span>,
<span class="hljs-string" style="box-sizing: border-box; color: #032f62;">"tunnels"</span>: [ {
<span class="hljs-string" style="box-sizing: border-box; color: #032f62;">"vlan"</span>: <span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">100</span>,
<span class="hljs-string" style="box-sizing: border-box; color: #032f62;">"vlanEnd"</span>: <span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">101</span>,
<span class="hljs-string" style="box-sizing: border-box; color: #032f62;">"tunid"</span>: <span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">100</span>,
<span class="hljs-string" style="box-sizing: border-box; color: #032f62;">"tunidEnd"</span>: <span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">101</span>
},{
<span class="hljs-string" style="box-sizing: border-box; color: #032f62;">"vlan"</span>: <span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">200</span>,
<span class="hljs-string" style="box-sizing: border-box; color: #032f62;">"tunid"</span>: <span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">200</span>
} ]
} ]</code></pre><div class="copy-code-container" style="align-items: flex-start; background-color: #f9f9f9; border-bottom-color: rgb(213, 213, 213); border-bottom-style: solid; border-image: initial; border-left-color: rgb(213, 213, 213); border-left-style: solid; border-right-color: rgb(213, 213, 213); border-right-style: solid; border-top-color: initial; border-top-style: initial; border-width: 0px 1px 1px; box-sizing: border-box; color: #151515; display: flex; font-family: RedHatText, Overpass, Helvetica, Arial, sans-serif; font-size: 16px; margin-bottom: var(--rhd-theme--container-spacer-md); width: 1076px;"><a class="copy-code__link" id="copy-code-20" style="box-sizing: border-box; color: var(--pf-theme--color--ui-link,#06c); cursor: pointer; font-weight: var(--rhd-global--FontWeight-Display--medium,400); line-height: 24px; margin: 0px; padding: 5px 10px; text-decoration: var(--pf-theme--link--text-decoration,"underline"); width: 1074px;"><svg aria-hidden="true" class="code-copy__icon" viewbox="0 0 448 512" xmlns="http://www.w3.org/2000/svg"><path d="M320 448v40c0 13.255-10.745 24-24 24H24c-13.255 0-24-10.745-24-24V120c0-13.255 10.745-24 24-24h72v296c0 30.879 25.121 56 56 56h168zm0-344V0H152c-13.255 0-24 10.745-24 24v368c0 13.255 10.745 24 24 24h272c13.255 0 24-10.745 24-24V128H344c-13.2 0-24-10.8-24-24zm120.971-31.029L375.029 7.029A24 24 0 00358.059 0H352v96h96v-6.059a24 24 0 00-7.029-16.97z" fill="#06c"></path></svg>Copy snippet</a></div><p><span class="rhd-c-has-toc-target" id="multicast" style="background-color: white; box-sizing: border-box; color: #151515; display: block; font-family: RedHatText, Overpass, Helvetica, Arial, sans-serif; font-size: 16px; margin-top: -2.1rem; pointer-events: none; position: absolute; visibility: hidden;"></span></p><h2 id="multicast-h2" style="background-color: white; box-sizing: border-box; color: #151515; font-family: RedHatDisplay, Overpass, Helvetica, Arial, sans-serif; font-size: 28px; font-weight: var(--rhd-global--FontWeight-Display--medium); line-height: 37px; margin-bottom: var(--rhd-theme--container-spacer-md); margin-left: 0px; margin-right: 0px; margin-top: var(--pf-c-content--h2--MarginTop); padding: 0px;">Multicast</h2><p style="background-color: white; box-sizing: border-box; color: #151515; font-family: RedHatText, Overpass, Helvetica, Arial, sans-serif; font-size: 16px; line-height: 24px; margin-bottom: var(--pf-c-content--MarginBottom); margin-left: 0px; margin-right: 0px; margin-top: 0px; padding: 0px;">Linux bridging has included support for IGMPv2 and MLDv1 support since kernel version 2.6. IGMPv3/MLDv2 support was added in kernel 5.10.</p><p style="background-color: white; box-sizing: border-box; color: #151515; font-family: RedHatText, Overpass, Helvetica, Arial, sans-serif; font-size: 16px; line-height: 24px; margin-bottom: var(--pf-c-content--MarginBottom); margin-left: 0px; margin-right: 0px; margin-top: 0px; padding: 0px;">To use multicast, enable bridge multicast snooping, querier, and statistics as follows:</p><pre style="background: rgb(249, 249, 249); border-radius: 0px; border: 1px solid rgb(213, 213, 213); box-sizing: border-box; color: #151515; font-family: monospace, serif; font-size: 16px; margin: var(--rhd-theme--container-spacer-sm) 0 0; overflow-wrap: break-word; overflow: auto; padding: var(--rhd-theme--container-spacer-sm); position: relative; white-space: pre-wrap;"><code class="language-bash hljs hljs " style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: none; box-sizing: border-box; color: #0a0a0a; display: block; font-family: monospace, serif; font-size: 1em; overflow: auto; padding: 0px;"><span class="hljs-comment" style="box-sizing: border-box; color: #6a737d; font-style: italic;"># ip link set br0 type bridge mcast_snooping 1</span>
<span class="hljs-comment" style="box-sizing: border-box; color: #6a737d; font-style: italic;"># ip link set br0 type bridge mcast_querier 1</span>
<span class="hljs-comment" style="box-sizing: border-box; color: #6a737d; font-style: italic;"># ip link set br0 type bridge mcast_stats_enabled 1</span>
<span class="hljs-comment" style="box-sizing: border-box; color: #6a737d; font-style: italic;"># tcpdump -i br0 -nn -l</span>
<span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">02</span>:<span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">47</span>:<span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">03.417331</span> IP <span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">0.0</span>.<span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">0.0</span> > <span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">224.0</span>.<span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">0.1</span>: igmp query v2
<span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">02</span>:<span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">47</span>:<span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">03.417340</span> IP6 fe80::<span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">3454</span>:<span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">82</span>ff:feb9:d7b4 > ff02::<span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">1</span>: HBH ICMP6, multicast listener querymax resp delay: <span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">10000</span> addr: ::, length <span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">24</span></code></pre><div class="copy-code-container" style="align-items: flex-start; background-color: #f9f9f9; border-bottom-color: rgb(213, 213, 213); border-bottom-style: solid; border-image: initial; border-left-color: rgb(213, 213, 213); border-left-style: solid; border-right-color: rgb(213, 213, 213); border-right-style: solid; border-top-color: initial; border-top-style: initial; border-width: 0px 1px 1px; box-sizing: border-box; color: #151515; display: flex; font-family: RedHatText, Overpass, Helvetica, Arial, sans-serif; font-size: 16px; margin-bottom: var(--rhd-theme--container-spacer-md); width: 1076px;"><a class="copy-code__link" id="copy-code-21" style="box-sizing: border-box; color: var(--pf-theme--color--ui-link,#06c); cursor: pointer; font-weight: var(--rhd-global--FontWeight-Display--medium,400); line-height: 24px; margin: 0px; padding: 5px 10px; text-decoration: var(--pf-theme--link--text-decoration,"underline"); width: 1074px;"><svg aria-hidden="true" class="code-copy__icon" viewbox="0 0 448 512" xmlns="http://www.w3.org/2000/svg"><path d="M320 448v40c0 13.255-10.745 24-24 24H24c-13.255 0-24-10.745-24-24V120c0-13.255 10.745-24 24-24h72v296c0 30.879 25.121 56 56 56h168zm0-344V0H152c-13.255 0-24 10.745-24 24v368c0 13.255 10.745 24 24 24h272c13.255 0 24-10.745 24-24V128H344c-13.2 0-24-10.8-24-24zm120.971-31.029L375.029 7.029A24 24 0 00358.059 0H352v96h96v-6.059a24 24 0 00-7.029-16.97z" fill="#06c"></path></svg>Copy snippet</a></div><p style="background-color: white; box-sizing: border-box; color: #151515; font-family: RedHatText, Overpass, Helvetica, Arial, sans-serif; font-size: 16px; line-height: 24px; margin-bottom: var(--pf-c-content--MarginBottom); margin-left: 0px; margin-right: 0px; margin-top: 0px; padding: 0px;">By default, when snooping is enabled, the bridge uses IGMPv2/MLDv1. You can change the versions with these commands:</p><pre style="background: rgb(249, 249, 249); border-radius: 0px; border: 1px solid rgb(213, 213, 213); box-sizing: border-box; color: #151515; font-family: monospace, serif; font-size: 16px; margin: var(--rhd-theme--container-spacer-sm) 0 0; overflow-wrap: break-word; overflow: auto; padding: var(--rhd-theme--container-spacer-sm); position: relative; white-space: pre-wrap;"><code class="language-bash hljs hljs " style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: none; box-sizing: border-box; color: #0a0a0a; display: block; font-family: monospace, serif; font-size: 1em; overflow: auto; padding: 0px;">ip <span class="hljs-built_in" style="box-sizing: border-box; color: #e36209;">link</span> <span class="hljs-built_in" style="box-sizing: border-box; color: #e36209;"><span class="hljs-keyword" style="box-sizing: border-box; color: #d73a49; font-weight: bold;">set</span></span> br0 <span class="hljs-built_in" style="box-sizing: border-box; color: #e36209;">type</span> bridge mcast_igmp_version <span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">3</span>
ip <span class="hljs-built_in" style="box-sizing: border-box; color: #e36209;">link</span> <span class="hljs-built_in" style="box-sizing: border-box; color: #e36209;"><span class="hljs-keyword" style="box-sizing: border-box; color: #d73a49; font-weight: bold;">set</span></span> br0 <span class="hljs-built_in" style="box-sizing: border-box; color: #e36209;">type</span> bridge mcast_mld_version <span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">2</span></code></pre><div class="copy-code-container" style="align-items: flex-start; background-color: #f9f9f9; border-bottom-color: rgb(213, 213, 213); border-bottom-style: solid; border-image: initial; border-left-color: rgb(213, 213, 213); border-left-style: solid; border-right-color: rgb(213, 213, 213); border-right-style: solid; border-top-color: initial; border-top-style: initial; border-width: 0px 1px 1px; box-sizing: border-box; color: #151515; display: flex; font-family: RedHatText, Overpass, Helvetica, Arial, sans-serif; font-size: 16px; margin-bottom: var(--rhd-theme--container-spacer-md); width: 1076px;"><svg aria-hidden="true" class="code-copy__icon" viewbox="0 0 448 512" xmlns="http://www.w3.org/2000/svg"><path d="M320 448v40c0 13.255-10.745 24-24 24H24c-13.255 0-24-10.745-24-24V120c0-13.255 10.745-24 24-24h72v296c0 30.879 25.121 56 56 56h168zm0-344V0H152c-13.255 0-24 10.745-24 24v368c0 13.255 10.745 24 24 24h272c13.255 0 24-10.745 24-24V128H344c-13.2 0-24-10.8-24-24zm120.971-31.029L375.029 7.029A24 24 0 00358.059 0H352v96h96v-6.059a24 24 0 00-7.029-16.97z" fill="#06c"></path></svg>Copy snippet</div><p style="background-color: white; box-sizing: border-box; color: #151515; font-family: RedHatText, Overpass, Helvetica, Arial, sans-serif; font-size: 16px; line-height: 24px; margin-bottom: var(--pf-c-content--MarginBottom); margin-left: 0px; margin-right: 0px; margin-top: 0px; padding: 0px;">After a port joins a group, you can show the multicast database (mdb) like so:</p><pre style="background: rgb(249, 249, 249); border-radius: 0px; border: 1px solid rgb(213, 213, 213); box-sizing: border-box; color: #151515; font-family: monospace, serif; font-size: 16px; margin: var(--rhd-theme--container-spacer-sm) 0 0; overflow-wrap: break-word; overflow: auto; padding: var(--rhd-theme--container-spacer-sm); position: relative; white-space: pre-wrap;"><code class="language-bash hljs hljs " style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: none; box-sizing: border-box; color: #0a0a0a; display: block; font-family: monospace, serif; font-size: 1em; overflow: auto; padding: 0px;"><span class="hljs-comment" style="box-sizing: border-box; color: #6a737d; font-style: italic;"># bridge mdb show</span>
dev br0 port br0 grp ff02::fb temp
dev br0 port eth1 grp ff02::fb temp
dev br0 port eth2 grp ff02::fb temp
dev br0 port eth2 grp <span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">224.1</span>.<span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">1.1</span> temp
dev br0 port br0 grp ff02::<span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">6</span>a temp
dev br0 port eth1 grp ff02::<span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">6</span>a temp
dev br0 port eth2 grp ff02::<span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">6</span>a temp
dev br0 port br0 grp ff02::<span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">1</span>:ffe2:de9f temp
dev br0 port eth1 grp ff02::<span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">1</span>:ffe2:de9f temp
dev br0 port eth2 grp ff02::<span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">1</span>:ffe2:de9f temp</code></pre><div class="copy-code-container" style="align-items: flex-start; background-color: #f9f9f9; border-bottom-color: rgb(213, 213, 213); border-bottom-style: solid; border-image: initial; border-left-color: rgb(213, 213, 213); border-left-style: solid; border-right-color: rgb(213, 213, 213); border-right-style: solid; border-top-color: initial; border-top-style: initial; border-width: 0px 1px 1px; box-sizing: border-box; color: #151515; display: flex; font-family: RedHatText, Overpass, Helvetica, Arial, sans-serif; font-size: 16px; margin-bottom: var(--rhd-theme--container-spacer-md); width: 1076px;"><a class="copy-code__link" id="copy-code-23" style="box-sizing: border-box; color: var(--pf-theme--color--ui-link,#06c); cursor: pointer; font-weight: var(--rhd-global--FontWeight-Display--medium,400); line-height: 24px; margin: 0px; padding: 5px 10px; text-decoration: var(--pf-theme--link--text-decoration,"underline"); width: 1074px;"><svg aria-hidden="true" class="code-copy__icon" viewbox="0 0 448 512" xmlns="http://www.w3.org/2000/svg"><path d="M320 448v40c0 13.255-10.745 24-24 24H24c-13.255 0-24-10.745-24-24V120c0-13.255 10.745-24 24-24h72v296c0 30.879 25.121 56 56 56h168zm0-344V0H152c-13.255 0-24 10.745-24 24v368c0 13.255 10.745 24 24 24h272c13.255 0 24-10.745 24-24V128H344c-13.2 0-24-10.8-24-24zm120.971-31.029L375.029 7.029A24 24 0 00358.059 0H352v96h96v-6.059a24 24 0 00-7.029-16.97z" fill="#06c"></path></svg>Copy snippet</a></div><p style="background-color: white; box-sizing: border-box; color: #151515; font-family: RedHatText, Overpass, Helvetica, Arial, sans-serif; font-size: 16px; line-height: 24px; margin-bottom: var(--pf-c-content--MarginBottom); margin-left: 0px; margin-right: 0px; margin-top: 0px; padding: 0px;">Bridging also supports multicast snooping and querier on a single VLAN. Set them as follows:</p><pre style="background: rgb(249, 249, 249); border-radius: 0px; border: 1px solid rgb(213, 213, 213); box-sizing: border-box; color: #151515; font-family: monospace, serif; font-size: 16px; margin: var(--rhd-theme--container-spacer-sm) 0 0; overflow-wrap: break-word; overflow: auto; padding: var(--rhd-theme--container-spacer-sm); position: relative; white-space: pre-wrap;"><code class="language-bash hljs hljs " style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: none; box-sizing: border-box; color: #0a0a0a; display: block; font-family: monospace, serif; font-size: 1em; overflow: auto; padding: 0px;">bridge vlan <span class="hljs-built_in" style="box-sizing: border-box; color: #e36209;"><span class="hljs-keyword" style="box-sizing: border-box; color: #d73a49; font-weight: bold;">set</span></span> vid <span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">10</span> dev eth1 mcast_snooping <span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">1</span> mcast_querier <span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">1</span></code></pre><div class="copy-code-container" style="align-items: flex-start; background-color: #f9f9f9; border-bottom-color: rgb(213, 213, 213); border-bottom-style: solid; border-image: initial; border-left-color: rgb(213, 213, 213); border-left-style: solid; border-right-color: rgb(213, 213, 213); border-right-style: solid; border-top-color: initial; border-top-style: initial; border-width: 0px 1px 1px; box-sizing: border-box; color: #151515; display: flex; font-family: RedHatText, Overpass, Helvetica, Arial, sans-serif; font-size: 16px; margin-bottom: var(--rhd-theme--container-spacer-md); width: 1076px;"><a class="copy-code__link" id="copy-code-24" style="box-sizing: border-box; color: var(--pf-theme--color--ui-link,#06c); cursor: pointer; font-weight: var(--rhd-global--FontWeight-Display--medium,400); line-height: 24px; margin: 0px; padding: 5px 10px; text-decoration: var(--pf-theme--link--text-decoration,"underline"); width: 1074px;"><svg aria-hidden="true" class="code-copy__icon" viewbox="0 0 448 512" xmlns="http://www.w3.org/2000/svg"><path d="M320 448v40c0 13.255-10.745 24-24 24H24c-13.255 0-24-10.745-24-24V120c0-13.255 10.745-24 24-24h72v296c0 30.879 25.121 56 56 56h168zm0-344V0H152c-13.255 0-24 10.745-24 24v368c0 13.255 10.745 24 24 24h272c13.255 0 24-10.745 24-24V128H344c-13.2 0-24-10.8-24-24zm120.971-31.029L375.029 7.029A24 24 0 00358.059 0H352v96h96v-6.059a24 24 0 00-7.029-16.97z" fill="#06c"></path></svg>Copy snippet</a></div><p style="background-color: white; box-sizing: border-box; color: #151515; font-family: RedHatText, Overpass, Helvetica, Arial, sans-serif; font-size: 16px; line-height: 24px; margin-bottom: var(--pf-c-content--MarginBottom); margin-left: 0px; margin-right: 0px; margin-top: 0px; padding: 0px;">You can show bridge xstats (multicast RX/TX information) with this command:</p><pre style="background: rgb(249, 249, 249); border-radius: 0px; border: 1px solid rgb(213, 213, 213); box-sizing: border-box; color: #151515; font-family: monospace, serif; font-size: 16px; margin: var(--rhd-theme--container-spacer-sm) 0 0; overflow-wrap: break-word; overflow: auto; padding: var(--rhd-theme--container-spacer-sm); position: relative; white-space: pre-wrap;"><code class="language-bash hljs hljs " style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: none; box-sizing: border-box; color: #0a0a0a; display: block; font-family: monospace, serif; font-size: 1em; overflow: auto; padding: 0px;"><span class="hljs-comment" style="box-sizing: border-box; color: #6a737d; font-style: italic;"># ip link xstats type bridge</span>
br0
IGMP queries:
RX: v1 <span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">0</span> v2 <span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">1</span> v3 <span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">0</span>
TX: v1 <span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">0</span> v2 <span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">131880</span> v3 <span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">0</span>
IGMP reports:
RX: v1 <span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">0</span> v2 <span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">1</span> v3 <span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">0</span>
TX: v1 <span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">0</span> v2 <span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">496</span> v3 <span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">18956</span>
IGMP leaves: RX: <span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">0</span> TX: <span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">0</span>
IGMP parse errors: <span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">0</span>
MLD queries:
RX: v1 <span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">1</span> v2 <span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">0</span>
TX: v1 <span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">51327</span> v2 <span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">0</span>
MLD reports:
RX: v1 <span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">66</span> v2 <span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">6</span>
TX: v1 <span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">3264</span> v2 <span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">213794</span>
MLD leaves: RX: <span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">0</span> TX: <span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">0</span>
MLD parse errors: <span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">0</span></code></pre><div class="copy-code-container" style="align-items: flex-start; background-color: #f9f9f9; border-bottom-color: rgb(213, 213, 213); border-bottom-style: solid; border-image: initial; border-left-color: rgb(213, 213, 213); border-left-style: solid; border-right-color: rgb(213, 213, 213); border-right-style: solid; border-top-color: initial; border-top-style: initial; border-width: 0px 1px 1px; box-sizing: border-box; color: #151515; display: flex; font-family: RedHatText, Overpass, Helvetica, Arial, sans-serif; font-size: 16px; margin-bottom: var(--rhd-theme--container-spacer-md); width: 1076px;"><a class="copy-code__link" id="copy-code-25" style="box-sizing: border-box; color: var(--pf-theme--color--ui-link,#06c); cursor: pointer; font-weight: var(--rhd-global--FontWeight-Display--medium,400); line-height: 24px; margin: 0px; padding: 5px 10px; text-decoration: var(--pf-theme--link--text-decoration,"underline"); width: 1074px;"><svg aria-hidden="true" class="code-copy__icon" viewbox="0 0 448 512" xmlns="http://www.w3.org/2000/svg"><path d="M320 448v40c0 13.255-10.745 24-24 24H24c-13.255 0-24-10.745-24-24V120c0-13.255 10.745-24 24-24h72v296c0 30.879 25.121 56 56 56h168zm0-344V0H152c-13.255 0-24 10.745-24 24v368c0 13.255 10.745 24 24 24h272c13.255 0 24-10.745 24-24V128H344c-13.2 0-24-10.8-24-24zm120.971-31.029L375.029 7.029A24 24 0 00358.059 0H352v96h96v-6.059a24 24 0 00-7.029-16.97z" fill="#06c"></path></svg>Copy snippet</a></div><p style="background-color: white; box-sizing: border-box; color: #151515; font-family: RedHatText, Overpass, Helvetica, Arial, sans-serif; font-size: 16px; line-height: 24px; margin-bottom: var(--pf-c-content--MarginBottom); margin-left: 0px; margin-right: 0px; margin-top: 0px; padding: 0px;">There are other multicast parameters you can configure, including <code style="background-color: #f9f9f9; border: 1px solid rgb(213, 213, 213); box-sizing: border-box; color: #0a0a0a; font-family: monospace, serif; font-size: 1em; overflow: auto; padding: 1px 8px;">mcast_router</code>, <code style="background-color: #f9f9f9; border: 1px solid rgb(213, 213, 213); box-sizing: border-box; color: #0a0a0a; font-family: monospace, serif; font-size: 1em; overflow: auto; padding: 1px 8px;">mcast_query_interval</code>, and <code style="background-color: #f9f9f9; border: 1px solid rgb(213, 213, 213); box-sizing: border-box; color: #0a0a0a; font-family: monospace, serif; font-size: 1em; overflow: auto; padding: 1px 8px;">mcast_hash_max</code>.</p><p><span class="rhd-c-has-toc-target" id="bridge_switchdev" style="background-color: white; box-sizing: border-box; color: #151515; display: block; font-family: RedHatText, Overpass, Helvetica, Arial, sans-serif; font-size: 16px; margin-top: -2.1rem; pointer-events: none; position: absolute; visibility: hidden;"></span></p><h2 id="bridge_switchdev-h2" style="background-color: white; box-sizing: border-box; color: #151515; font-family: RedHatDisplay, Overpass, Helvetica, Arial, sans-serif; font-size: 28px; font-weight: var(--rhd-global--FontWeight-Display--medium); line-height: 37px; margin-bottom: var(--rhd-theme--container-spacer-md); margin-left: 0px; margin-right: 0px; margin-top: var(--pf-c-content--h2--MarginTop); padding: 0px;">Bridge switchdev</h2><p style="background-color: white; box-sizing: border-box; color: #151515; font-family: RedHatText, Overpass, Helvetica, Arial, sans-serif; font-size: 16px; line-height: 24px; margin-bottom: var(--pf-c-content--MarginBottom); margin-left: 0px; margin-right: 0px; margin-top: 0px; padding: 0px;">Linux bridging is always used when virtual machines (VMs) connect to physical networks, by using the virtio tap driver. You can also attach a Single Root I/O Virtualization (SR-IOV) virtual function (VF) in a VM guest to get better performance (Figure 8).</p><figure role="group" style="background-color: white; box-sizing: border-box; color: #151515; font-family: RedHatText, Overpass, Helvetica, Arial, sans-serif; font-size: 16px; margin-bottom: var(--pf-global--spacer--md); margin-left: 0px; margin-right: 0px; margin-top: 0px; padding: 0px;"><div class="rhd-c-figure" style="box-sizing: border-box; color: var(--pf-c-card--Color); text-align: center;"><article class="media media--type-image media--view-mode-article-content-full-width" style="box-sizing: border-box;"><div class="field field--name-image field--type-image field--label-hidden field__items" style="box-sizing: border-box; margin-right: var(--pf-global--spacer--sm);"><a data-featherlight="image" href="https://developers.redhat.com/sites/default/files/br_8.png" style="box-sizing: border-box; cursor: pointer; font-weight: var(--rhd-global--FontWeight-Display--medium,400); line-height: 24px; text-decoration: var(--pf-theme--link--text-decoration,"underline");"><img alt="VFs in virtual machines." height="291" loading="lazy" src="https://developers.redhat.com/sites/default/files/styles/article_full_width_1440px_w/public/br_8.png?itok=s21JwYjI" style="box-sizing: border-box; height: auto; max-width: 100%;" typeof="foaf:Image" width="596" /></a></div><div class="field field--name-field-caption field--type-string field--label-hidden field__items" style="box-sizing: border-box; margin-right: var(--pf-global--spacer--sm);"><div class="rhd-c-caption field__item" style="box-sizing: border-box; margin-bottom: var(--pf-global--spacer--md);">Figure 8: VFs in virtual machines.</div></div></article></div><figcaption class="rhd-c-caption" style="box-sizing: border-box; margin-bottom: var(--pf-global--spacer--md); text-align: center;"></figcaption></figure><p style="background-color: white; box-sizing: border-box; color: #151515; font-family: RedHatText, Overpass, Helvetica, Arial, sans-serif; font-size: 16px; line-height: 24px; margin-bottom: var(--pf-c-content--MarginBottom); margin-left: 0px; margin-right: 0px; margin-top: 0px; padding: 0px;">But the way Linux used to deal with SR-IOV embedded switches limited their expressiveness and flexibility. And the kernel model for controlling the SR-IOV eSwitch did not allow any forwarding unless it was based on MAC/VLAN.</p><p style="background-color: white; box-sizing: border-box; color: #151515; font-family: RedHatText, Overpass, Helvetica, Arial, sans-serif; font-size: 16px; line-height: 24px; margin-bottom: var(--pf-c-content--MarginBottom); margin-left: 0px; margin-right: 0px; margin-top: 0px; padding: 0px;">To make VFs also support dynamic FDB (as in Figure 9) and maintain the benefits of the VLAN filter while still providing optimal performance, Linux bridging added switchdev support in kernel version 4.9. Switchdev allows the offloading of Layer 2 forwarding to a hardware switch such as <a href="https://github.com/Mellanox/mlxsw/wiki" style="box-sizing: border-box; cursor: pointer; font-family: inherit; font-size: inherit; font-weight: inherit; line-height: inherit; text-decoration: var(--pf-theme--link--text-decoration,"underline");">Mellanox Spectrum devices</a>, DSA-based switches, and MLX5 CX6 Dx cards.</p><figure role="group" style="background-color: white; box-sizing: border-box; color: #151515; font-family: RedHatText, Overpass, Helvetica, Arial, sans-serif; font-size: 16px; margin-bottom: var(--pf-global--spacer--md); margin-left: 0px; margin-right: 0px; margin-top: 0px; padding: 0px;"><div class="rhd-c-figure" style="box-sizing: border-box; color: var(--pf-c-card--Color); text-align: center;"><article class="media media--type-image media--view-mode-article-content-full-width" style="box-sizing: border-box;"><div class="field field--name-image field--type-image field--label-hidden field__items" style="box-sizing: border-box; margin-right: var(--pf-global--spacer--sm);"><a data-featherlight="image" href="https://developers.redhat.com/sites/default/files/br_9.png" style="box-sizing: border-box; cursor: pointer; font-weight: var(--rhd-global--FontWeight-Display--medium,400); line-height: 24px; text-decoration: var(--pf-theme--link--text-decoration,"underline");"><img alt="Switchdev provides widespread support for offloading traffic to hardware." height="285" loading="lazy" src="https://developers.redhat.com/sites/default/files/styles/article_full_width_1440px_w/public/br_9.png?itok=_yu2G2C5" style="box-sizing: border-box; height: auto; max-width: 100%;" typeof="foaf:Image" width="582" /></a></div><div class="field field--name-field-caption field--type-string field--label-hidden field__items" style="box-sizing: border-box; margin-right: var(--pf-global--spacer--sm);"><div class="rhd-c-caption field__item" style="box-sizing: border-box; margin-bottom: var(--pf-global--spacer--md);">Figure 9: Switchdev provides widespread support for offloading traffic to hardware.</div></div></article></div><figcaption class="rhd-c-caption" style="box-sizing: border-box; margin-bottom: var(--pf-global--spacer--md); text-align: center;"></figcaption></figure><p style="background-color: white; box-sizing: border-box; color: #151515; font-family: RedHatText, Overpass, Helvetica, Arial, sans-serif; font-size: 16px; line-height: 24px; margin-bottom: var(--pf-c-content--MarginBottom); margin-left: 0px; margin-right: 0px; margin-top: 0px; padding: 0px;">In switchdev mode, the bridge is up and its related configuration is enabled, e.g., MLX5_BRIDGE for an MLX5 SRIOV eSwitch. Once in switchdev mode, you can connect the VF's representors to the bridge, and frames that are supposed to be transmitted by the bridge are transmitted by hardware only. Their routing will be done in the switch at the network interface controller (NIC).</p><p style="background-color: white; box-sizing: border-box; color: #151515; font-family: RedHatText, Overpass, Helvetica, Arial, sans-serif; font-size: 16px; line-height: 24px; margin-bottom: var(--pf-c-content--MarginBottom); margin-left: 0px; margin-right: 0px; margin-top: 0px; padding: 0px;">Once a frame passes through the VF to its representor, the bridge learns that the source MAC of the VF is behind a particular port. The bridge adds an entry with the MAC address and port to its FDB. Immediately afterward, the bridge sends a message to the mlx5 driver, and the driver adds a relevant rule or line to two tables located in the eSwitch on the NIC. Later, frames with the same destination MAC address that come from the VF don't go through the kernel; instead, they go directly through the NIC to the appropriate port.</p><p style="background-color: white; box-sizing: border-box; color: #151515; font-family: RedHatText, Overpass, Helvetica, Arial, sans-serif; font-size: 16px; line-height: 24px; margin-bottom: var(--pf-c-content--MarginBottom); margin-left: 0px; margin-right: 0px; margin-top: 0px; padding: 0px;">Switchdev support for embedded switches in NICs is simple, but for full-featured switches such as Mellanox Spectrum, the offloading capabilities are much richer, with support for link aggregation group (LAG) hashing (team, bonding), tunneling (VxLAN, etc.), routing, and TC offloading. Routing and TC offloading are out of scope for bridging, but LAGs can be attached to the bridge as well as to VxLAN tunnels, with full support for offloading.</p><p><span class="rhd-c-has-toc-target" id="bridging_with_netfilter" style="background-color: white; box-sizing: border-box; color: #151515; display: block; font-family: RedHatText, Overpass, Helvetica, Arial, sans-serif; font-size: 16px; margin-top: -2.1rem; pointer-events: none; position: absolute; visibility: hidden;"></span></p><h2 id="bridging_with_netfilter-h2" style="background-color: white; box-sizing: border-box; color: #151515; font-family: RedHatDisplay, Overpass, Helvetica, Arial, sans-serif; font-size: 28px; font-weight: var(--rhd-global--FontWeight-Display--medium); line-height: 37px; margin-bottom: var(--rhd-theme--container-spacer-md); margin-left: 0px; margin-right: 0px; margin-top: var(--pf-c-content--h2--MarginTop); padding: 0px;">Bridging with Netfilter</h2><p style="background-color: white; box-sizing: border-box; color: #151515; font-family: RedHatText, Overpass, Helvetica, Arial, sans-serif; font-size: 16px; line-height: 24px; margin-bottom: var(--pf-c-content--MarginBottom); margin-left: 0px; margin-right: 0px; margin-top: 0px; padding: 0px;">By default, the traffic forwarded by the bridge does not go through an iptables firewall. To let the iptables forward rules filter Layer 2 traffic, enter:</p><pre style="background: rgb(249, 249, 249); border-radius: 0px; border: 1px solid rgb(213, 213, 213); box-sizing: border-box; color: #151515; font-family: monospace, serif; font-size: 16px; margin: var(--rhd-theme--container-spacer-sm) 0 0; overflow-wrap: break-word; overflow: auto; padding: var(--rhd-theme--container-spacer-sm); position: relative; white-space: pre-wrap;"><code class="language-bash hljs hljs " style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: none; box-sizing: border-box; color: #0a0a0a; display: block; font-family: monospace, serif; font-size: 1em; overflow: auto; padding: 0px;">ip <span class="hljs-built_in" style="box-sizing: border-box; color: #e36209;">link</span> <span class="hljs-built_in" style="box-sizing: border-box; color: #e36209;"><span class="hljs-keyword" style="box-sizing: border-box; color: #d73a49; font-weight: bold;">set</span></span> br0 <span class="hljs-built_in" style="box-sizing: border-box; color: #e36209;">type</span> bridge nf_call_iptables <span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">1</span></code></pre><div class="copy-code-container" style="align-items: flex-start; background-color: #f9f9f9; border-bottom-color: rgb(213, 213, 213); border-bottom-style: solid; border-image: initial; border-left-color: rgb(213, 213, 213); border-left-style: solid; border-right-color: rgb(213, 213, 213); border-right-style: solid; border-top-color: initial; border-top-style: initial; border-width: 0px 1px 1px; box-sizing: border-box; color: #151515; display: flex; font-family: RedHatText, Overpass, Helvetica, Arial, sans-serif; font-size: 16px; margin-bottom: var(--rhd-theme--container-spacer-md); width: 1076px;"><a class="copy-code__link" id="copy-code-26" style="box-sizing: border-box; color: var(--pf-theme--color--ui-link,#06c); cursor: pointer; font-weight: var(--rhd-global--FontWeight-Display--medium,400); line-height: 24px; margin: 0px; padding: 5px 10px; text-decoration: var(--pf-theme--link--text-decoration,"underline"); width: 1074px;"><svg aria-hidden="true" class="code-copy__icon" viewbox="0 0 448 512" xmlns="http://www.w3.org/2000/svg"><path d="M320 448v40c0 13.255-10.745 24-24 24H24c-13.255 0-24-10.745-24-24V120c0-13.255 10.745-24 24-24h72v296c0 30.879 25.121 56 56 56h168zm0-344V0H152c-13.255 0-24 10.745-24 24v368c0 13.255 10.745 24 24 24h272c13.255 0 24-10.745 24-24V128H344c-13.2 0-24-10.8-24-24zm120.971-31.029L375.029 7.029A24 24 0 00358.059 0H352v96h96v-6.059a24 24 0 00-7.029-16.97z" fill="#06c"></path></svg>Copy snippet</a></div><p style="background-color: white; box-sizing: border-box; color: #151515; font-family: RedHatText, Overpass, Helvetica, Arial, sans-serif; font-size: 16px; line-height: 24px; margin-bottom: var(--pf-c-content--MarginBottom); margin-left: 0px; margin-right: 0px; margin-top: 0px; padding: 0px;">The same procedure works for ip6tables and arptables.</p><p><span class="rhd-c-has-toc-target" id="bridge_ageing_time" style="background-color: white; box-sizing: border-box; color: #151515; display: block; font-family: RedHatText, Overpass, Helvetica, Arial, sans-serif; font-size: 16px; margin-top: -2.1rem; pointer-events: none; position: absolute; visibility: hidden;"></span></p><h2 id="bridge_ageing_time-h2" style="background-color: white; box-sizing: border-box; color: #151515; font-family: RedHatDisplay, Overpass, Helvetica, Arial, sans-serif; font-size: 28px; font-weight: var(--rhd-global--FontWeight-Display--medium); line-height: 37px; margin-bottom: var(--rhd-theme--container-spacer-md); margin-left: 0px; margin-right: 0px; margin-top: var(--pf-c-content--h2--MarginTop); padding: 0px;">Bridge ageing time</h2><p style="background-color: white; box-sizing: border-box; color: #151515; font-family: RedHatText, Overpass, Helvetica, Arial, sans-serif; font-size: 16px; line-height: 24px; margin-bottom: var(--pf-c-content--MarginBottom); margin-left: 0px; margin-right: 0px; margin-top: 0px; padding: 0px;">Ageing determines the number of seconds a MAC address is kept in the FDB after a packet has been received from that address. After this time has passed, entries are cleaned up. To change the timer, enter:</p><pre style="background: rgb(249, 249, 249); border-radius: 0px; border: 1px solid rgb(213, 213, 213); box-sizing: border-box; color: #151515; font-family: monospace, serif; font-size: 16px; margin: var(--rhd-theme--container-spacer-sm) 0 0; overflow-wrap: break-word; overflow: auto; padding: var(--rhd-theme--container-spacer-sm); position: relative; white-space: pre-wrap;"><code class="language-bash hljs hljs " style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: none; box-sizing: border-box; color: #0a0a0a; display: block; font-family: monospace, serif; font-size: 1em; overflow: auto; padding: 0px;">ip <span class="hljs-built_in" style="box-sizing: border-box; color: #e36209;">link</span> <span class="hljs-built_in" style="box-sizing: border-box; color: #e36209;"><span class="hljs-keyword" style="box-sizing: border-box; color: #d73a49; font-weight: bold;">set</span></span> br0 <span class="hljs-built_in" style="box-sizing: border-box; color: #e36209;">type</span> bridge ageing_time <span class="hljs-number" style="box-sizing: border-box; color: #005cc5;">20000</span></code></pre><div class="copy-code-container" style="align-items: flex-start; background-color: #f9f9f9; border-bottom-color: rgb(213, 213, 213); border-bottom-style: solid; border-image: initial; border-left-color: rgb(213, 213, 213); border-left-style: solid; border-right-color: rgb(213, 213, 213); border-right-style: solid; border-top-color: initial; border-top-style: initial; border-width: 0px 1px 1px; box-sizing: border-box; color: #151515; display: flex; font-family: RedHatText, Overpass, Helvetica, Arial, sans-serif; font-size: 16px; margin-bottom: var(--rhd-theme--container-spacer-md); width: 1076px;"><a class="copy-code__link" id="copy-code-27" style="box-sizing: border-box; color: var(--pf-theme--color--ui-link,#06c); cursor: pointer; font-weight: var(--rhd-global--FontWeight-Display--medium,400); line-height: 24px; margin: 0px; padding: 5px 10px; text-decoration: var(--pf-theme--link--text-decoration,"underline"); width: 1074px;"><svg aria-hidden="true" class="code-copy__icon" viewbox="0 0 448 512" xmlns="http://www.w3.org/2000/svg"><path d="M320 448v40c0 13.255-10.745 24-24 24H24c-13.255 0-24-10.745-24-24V120c0-13.255 10.745-24 24-24h72v296c0 30.879 25.121 56 56 56h168zm0-344V0H152c-13.255 0-24 10.745-24 24v368c0 13.255 10.745 24 24 24h272c13.255 0 24-10.745 24-24V128H344c-13.2 0-24-10.8-24-24zm120.971-31.029L375.029 7.029A24 24 0 00358.059 0H352v96h96v-6.059a24 24 0 00-7.029-16.97z" fill="#06c"></path></svg>Copy snippet</a></div><p><span class="rhd-c-has-toc-target" id="bridging_versus_open_vswitch" style="background-color: white; box-sizing: border-box; color: #151515; display: block; font-family: RedHatText, Overpass, Helvetica, Arial, sans-serif; font-size: 16px; margin-top: -2.1rem; pointer-events: none; position: absolute; visibility: hidden;"></span></p><h2 id="bridging_versus_open_vswitch-h2" style="background-color: white; box-sizing: border-box; color: #151515; font-family: RedHatDisplay, Overpass, Helvetica, Arial, sans-serif; font-size: 28px; font-weight: var(--rhd-global--FontWeight-Display--medium); line-height: 37px; margin-bottom: var(--rhd-theme--container-spacer-md); margin-left: 0px; margin-right: 0px; margin-top: var(--pf-c-content--h2--MarginTop); padding: 0px;">Bridging versus Open vSwitch</h2><p style="background-color: white; box-sizing: border-box; color: #151515; font-family: RedHatText, Overpass, Helvetica, Arial, sans-serif; font-size: 16px; line-height: 24px; margin-bottom: var(--pf-c-content--MarginBottom); margin-left: 0px; margin-right: 0px; margin-top: 0px; padding: 0px;">Linux bridging is very useful and has become popular over the past few years. It supplies Layer 2 forwarding, and connects VMs and networks with VLAN/multicast support. Bridging on Linux is stable, reliable, and easy to set up and configure.</p><p style="background-color: white; box-sizing: border-box; color: #151515; font-family: RedHatText, Overpass, Helvetica, Arial, sans-serif; font-size: 16px; line-height: 24px; margin-bottom: var(--pf-c-content--MarginBottom); margin-left: 0px; margin-right: 0px; margin-top: 0px; padding: 0px;">On the other hand, Linux bridging also has some limitations. It's missing some types of tunnel support, for instance. If you want to get easier network management, more tunnel support (GRE, VXLAN, etc.), Layer 3 forwarding, and integration with software-defined networking (SDN), you can try <a href="https://www.openvswitch.org/" style="box-sizing: border-box; cursor: pointer; font-family: inherit; font-size: inherit; font-weight: inherit; line-height: inherit; text-decoration: var(--pf-theme--link--text-decoration,"underline");">Open vSwitch</a> (OVS).</p><p style="background-color: white; box-sizing: border-box; color: #151515; font-family: RedHatText, Overpass, Helvetica, Arial, sans-serif; font-size: 16px; line-height: 24px; margin-bottom: var(--pf-c-content--MarginBottom); margin-left: 0px; margin-right: 0px; margin-top: 0px; padding: 0px;">To learn more about Linux network interfaces and other networking topics, check out these articles from Red Hat Developer:</p><ul style="background-color: white; box-sizing: border-box; color: #151515; font-family: RedHatText, Overpass, Helvetica, Arial, sans-serif; font-size: 16px; list-style: var(--pf-c-content--ul--ListStyle); margin-bottom: 0px; margin-left: var(--pf-c-content--ul--MarginLeft); margin-right: 0px; margin-top: 0px; padding-bottom: 0px; padding-left: var(--pf-c-content--ul--PaddingLeft); padding-right: 0px; padding-top: 0px;"><li style="box-sizing: border-box; font-weight: var(--rhd-global--FontWeight-Display--medium,400); line-height: 24px; margin: 0px; padding: 0px;"><a href="https://developers.redhat.com/blog/2019/05/17/an-introduction-to-linux-virtual-interfaces-tunnels" style="box-sizing: border-box; cursor: pointer; font-family: inherit; font-size: inherit; font-weight: inherit; line-height: inherit; text-decoration: var(--pf-theme--link--text-decoration,"underline");">An introduction to Linux virtual interfaces: Tunnels</a></li><li style="box-sizing: border-box; font-weight: var(--rhd-global--FontWeight-Display--medium,400); line-height: 24px; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: var(--pf-c-content--li--MarginTop); padding: 0px;"><a href="https://developers.redhat.com/blog/2018/10/22/introduction-to-linux-interfaces-for-virtual-networking" style="box-sizing: border-box; cursor: pointer; font-family: inherit; font-size: inherit; font-weight: inherit; line-height: inherit; text-decoration: var(--pf-theme--link--text-decoration,"underline");">Introduction to Linux interfaces for virtual networking</a></li><li style="box-sizing: border-box; font-weight: var(--rhd-global--FontWeight-Display--medium,400); line-height: 24px; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: var(--pf-c-content--li--MarginTop); padding: 0px;"><a href="https://developers.redhat.com/blog/2021/04/01/get-started-with-xdp" style="box-sizing: border-box; cursor: pointer; font-family: inherit; font-size: inherit; font-weight: inherit; line-height: inherit; text-decoration: var(--pf-theme--link--text-decoration,"underline");">Get started with XDP</a></li></ul>髒圳嘎http://www.blogger.com/profile/17184209061223272557noreply@blogger.com0tag:blogger.com,1999:blog-2937680267848947674.post-27056856740041286432022-12-15T13:21:00.002+08:002022-12-15T13:21:38.352+08:00SecureCRT & Notepad++ 的 網路設備 關鍵字顯示 (Keyword Highlighting/Syntax highlighting)<p> <br /><span style="background-color: white;"><span style="color: #303030; font-family: PT Sans, -apple-system, BlinkMacSystemFont, Segoe UI, Roboto, Oxygen, Ubuntu, Cantarell, Fira Sans, Droid Sans, Helvetica Neue, sans-serif; font-size: xx-small;">From:https://chingfengwang.com/2020/12/10/securecrt-and-notepad-keyword-highlighting-syntax-highlighting/</span><br /><br /><br /><span style="color: #303030; font-family: PT Sans, -apple-system, BlinkMacSystemFont, Segoe UI, Roboto, Oxygen, Ubuntu, Cantarell, Fira Sans, Droid Sans, Helvetica Neue, sans-serif;"><span style="font-size: 20px;">由於常常用</span></span></span><span style="box-sizing: inherit; color: #303030; font-family: "PT Sans", -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 20px; font-weight: bolder; max-width: unset;">SecureCRT</span><span style="background-color: white; color: #303030; font-family: "PT Sans", -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 20px;">終端機軟體及文字編輯器</span><span style="background-color: white; color: #303030; font-family: "PT Sans", -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 20px;"> </span><span style="box-sizing: inherit; color: #303030; font-family: "PT Sans", -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 20px; font-weight: bolder; max-width: unset;">NOTEPAD++</span><span style="background-color: white; color: #303030; font-family: "PT Sans", -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 20px;"> </span><span style="background-color: white; color: #303030; font-family: "PT Sans", -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 20px;">,發現常常盯著眼睛有點花 ,之前有找到 Notepad++ 的,今天阿豐找到感覺不錯的 SCRT 跟 Notepad++ 的語法:)</span></p><p style="-webkit-font-smoothing: antialiased; background-color: white; box-sizing: inherit; color: #303030; font-family: "PT Sans", -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 20px; margin: 32px auto; max-width: calc(750px); overflow-wrap: break-word; padding: 0px;">1.<span style="box-sizing: inherit; font-weight: bolder; max-width: unset;">SecureCRT 的 Text Highlighting</span><br style="box-sizing: inherit; max-width: unset;" /><span style="box-sizing: inherit; font-weight: bolder; max-width: unset;">#出處:feral packet</span> 網站<span style="box-sizing: inherit; font-weight: bolder; max-width: unset;"><br style="box-sizing: inherit; max-width: unset;" /><a href="https://feralpacket.org/?p=817" rel="noreferrer noopener" style="background-color: transparent; box-sizing: inherit; cursor: pointer; max-width: unset;" target="_blank">https://feralpacket.org/?p=817 </a></span></p><p style="-webkit-font-smoothing: antialiased; background-color: white; box-sizing: inherit; color: #303030; font-family: "PT Sans", -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 20px; margin: 32px auto; max-width: calc(750px); overflow-wrap: break-word; padding: 0px;"><span style="box-sizing: inherit; font-weight: bolder; max-width: unset;">#下載ini:</span></p><div class="wp-block-file" style="background-color: white; box-sizing: inherit; color: #303030; font-family: "PT Sans", -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 0.8em; margin: 32px auto; max-width: calc(750px);"><a href="https://chingfengwang.files.wordpress.com/2020/12/feralpacket.zip" style="background-color: transparent; box-sizing: inherit; cursor: pointer; max-width: unset; text-decoration-line: none;"><span style="box-sizing: inherit; font-weight: bolder; max-width: unset;">feralpacket.ini</span> 下載 (unzip password:<span style="box-sizing: inherit; font-weight: bolder; max-width: unset;">chingfengwang.com</span> )</a><a class="wp-block-file__button" download="" href="https://chingfengwang.files.wordpress.com/2020/12/feralpacket.zip?force_download=true" style="background-color: var(--wp--preset--color--primary); border-radius: 5px; border-width: 0px; box-sizing: inherit; cursor: pointer; font-family: var(--font-base, "PT Sans", -apple-system, BlinkMacSystemFont, "Segoe UI", "Roboto", "Oxygen", "Ubuntu", "Cantarell", "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif); font-size: 0.86957rem; font-weight: bold; line-height: 1; margin-left: 16px; margin-right: 16px; max-width: unset; padding: 16px 24px; text-decoration-line: none;">下載</a></div><p style="-webkit-font-smoothing: antialiased; background-color: white; box-sizing: inherit; color: #303030; font-family: "PT Sans", -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 20px; margin: 32px auto; max-width: calc(750px); overflow-wrap: break-word; padding: 0px;">從作者的 <span style="box-sizing: inherit; font-weight: bolder; max-width: unset;">feral packet </span>網站 下載: <a href="http://download.feralpacket.org/feralpacket.ini%C2%A0" style="background-color: transparent; box-sizing: inherit; cursor: pointer; max-width: unset;">http://download.feralpacket.org/feralpacket.ini </a></p><p style="-webkit-font-smoothing: antialiased; background-color: white; box-sizing: inherit; color: #303030; font-family: "PT Sans", -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 20px; margin: 32px auto; max-width: calc(750px); overflow-wrap: break-word; padding: 0px;"><span style="box-sizing: inherit; font-weight: bolder; max-width: unset;">#下載後把複製 ini 到:</span><br style="box-sizing: inherit; max-width: unset;" />#<span style="box-sizing: inherit; font-weight: bolder; max-width: unset;">MAC:</span><br style="box-sizing: inherit; max-width: unset;" />/Users/username/Library/Application/Support/VanDyke/SecureCRT/Config/Keywords/.<br style="box-sizing: inherit; max-width: unset;" /><br style="box-sizing: inherit; max-width: unset;" /><span style="box-sizing: inherit; font-weight: bolder; max-width: unset;">Windows</span>: 存放在 <span style="box-sizing: inherit; font-weight: bolder; max-width: unset;">%APPDATA%</span>, <br style="box-sizing: inherit; max-width: unset;" />C:\Users\{使用者名稱}\AppData\Roaming\VanDyke\Config\Keywords><br style="box-sizing: inherit; max-width: unset;" /><br style="box-sizing: inherit; max-width: unset;" /><span style="box-sizing: inherit; font-weight: bolder; max-width: unset;">Linux:</span><br style="box-sizing: inherit; max-width: unset;" />複製 <span style="box-sizing: inherit; font-weight: bolder; max-width: unset;">ini 檔案到:</span> /home/username/.vandyke/SecureCRT/Config/Keywords/<br style="box-sizing: inherit; max-width: unset;" /><br style="box-sizing: inherit; max-width: unset;" /><span style="box-sizing: inherit; font-weight: bolder; max-width: unset;">#設定方式:</span><br style="box-sizing: inherit; max-width: unset;" /><span style="box-sizing: inherit; font-weight: bolder; max-width: unset;">SecureCRT Settings:</span><br style="box-sizing: inherit; max-width: unset;" />– <span style="box-sizing: inherit; font-weight: bolder; max-width: unset;">Session Options</span> -> <span style="box-sizing: inherit; font-weight: bolder; max-width: unset;">Terminal </span>-> <span style="box-sizing: inherit; font-weight: bolder; max-width: unset;">Appearance</span><br style="box-sizing: inherit; max-width: unset;" />-> Current color scheme<br style="box-sizing: inherit; max-width: unset;" />-> White / Black<br style="box-sizing: inherit; max-width: unset;" />-> <span style="box-sizing: inherit; font-weight: bolder; max-width: unset;">Highlight keywords</span><br style="box-sizing: inherit; max-width: unset;" />-> Name: <span style="box-sizing: inherit; font-weight: bolder; max-width: unset;">feralpacket</span><br style="box-sizing: inherit; max-width: unset;" />-> Style: <span style="box-sizing: inherit; font-weight: bolder; max-width: unset;">Color </span>打勾<br style="box-sizing: inherit; max-width: unset;" /></p><figure class="wp-block-image size-large" style="-webkit-font-smoothing: antialiased; background-color: white; box-sizing: inherit; color: #303030; font-family: "PT Sans", -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 20px; margin: 32px auto; max-width: calc(750px); padding: 0px; text-align: center;"><img alt="" class="wp-image-527" data-attachment-id="527" data-comments-opened="1" data-image-caption="" data-image-description="" data-image-meta="{"aperture":"0","credit":"","camera":"","caption":"","created_timestamp":"0","copyright":"","focal_length":"0","iso":"0","shutter_speed":"0","title":"","orientation":"0"}" data-image-title="image-4-1" data-large-file="https://chingfengwang.files.wordpress.com/2020/12/image-4-1.png?w=541" data-medium-file="https://chingfengwang.files.wordpress.com/2020/12/image-4-1.png?w=300" data-orig-file="https://chingfengwang.files.wordpress.com/2020/12/image-4-1.png" data-orig-size="541,477" data-permalink="https://chingfengwang.com/image-4-1/" sizes="(max-width: 541px) 100vw, 541px" src="https://chingfengwang.files.wordpress.com/2020/12/image-4-1.png?w=541" srcset="https://chingfengwang.files.wordpress.com/2020/12/image-4-1.png 541w, https://chingfengwang.files.wordpress.com/2020/12/image-4-1.png?w=150 150w, https://chingfengwang.files.wordpress.com/2020/12/image-4-1.png?w=300 300w" style="border-style: none; box-sizing: border-box; height: auto; max-width: 100%; vertical-align: bottom;" /></figure><p style="-webkit-font-smoothing: antialiased; background-color: white; box-sizing: inherit; color: #303030; font-family: "PT Sans", -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 20px; margin: 32px auto; max-width: calc(750px); overflow-wrap: break-word; padding: 0px;"><span style="box-sizing: inherit; font-weight: bolder; max-width: unset;">– Keyword List Properties<br style="box-sizing: inherit; max-width: unset;" /></span>-> Match case 打勾<br style="box-sizing: inherit; max-width: unset;" /></p><figure class="wp-block-image size-large" style="-webkit-font-smoothing: antialiased; background-color: white; box-sizing: inherit; color: #303030; font-family: "PT Sans", -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 20px; margin: 32px auto; max-width: calc(750px); padding: 0px; text-align: center;"><img alt="" class="wp-image-524" data-attachment-id="524" data-comments-opened="1" data-image-caption="" data-image-description="" data-image-meta="{"aperture":"0","credit":"","camera":"","caption":"","created_timestamp":"0","copyright":"","focal_length":"0","iso":"0","shutter_speed":"0","title":"","orientation":"0"}" data-image-title="image-3-1" data-large-file="https://chingfengwang.files.wordpress.com/2020/12/image-3-1.png?w=517" data-medium-file="https://chingfengwang.files.wordpress.com/2020/12/image-3-1.png?w=300" data-orig-file="https://chingfengwang.files.wordpress.com/2020/12/image-3-1.png" data-orig-size="517,314" data-permalink="https://chingfengwang.com/image-3-1/" sizes="(max-width: 517px) 100vw, 517px" src="https://chingfengwang.files.wordpress.com/2020/12/image-3-1.png?w=517" srcset="https://chingfengwang.files.wordpress.com/2020/12/image-3-1.png 517w, https://chingfengwang.files.wordpress.com/2020/12/image-3-1.png?w=150 150w, https://chingfengwang.files.wordpress.com/2020/12/image-3-1.png?w=300 300w" style="border-style: none; box-sizing: border-box; height: auto; max-width: 100%; vertical-align: bottom;" /></figure><p style="-webkit-font-smoothing: antialiased; background-color: white; box-sizing: inherit; color: #303030; font-family: "PT Sans", -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 20px; margin: 32px auto; max-width: calc(750px); overflow-wrap: break-word; padding: 0px;"><span style="box-sizing: inherit; font-weight: bolder; max-width: unset;">– To set for the default session:<br style="box-sizing: inherit; max-width: unset;" /></span>-> Global Options -> General -> Default Session<br style="box-sizing: inherit; max-width: unset;" />-> Edit Default Settings…</p><p style="-webkit-font-smoothing: antialiased; background-color: white; box-sizing: inherit; color: #303030; font-family: "PT Sans", -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 20px; margin: 32px auto; max-width: calc(750px); overflow-wrap: break-word; padding: 0px;"><span style="box-sizing: inherit; font-weight: bolder; max-width: unset;">#作者的截圖:</span></p><figure class="wp-block-image size-large" style="-webkit-font-smoothing: antialiased; background-color: white; box-sizing: inherit; color: #303030; font-family: "PT Sans", -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 20px; margin: 32px auto; max-width: calc(750px); padding: 0px; text-align: center;"><img alt="" class="wp-image-554" data-attachment-id="554" data-comments-opened="1" data-image-caption="" data-image-description="" data-image-meta="{"aperture":"0","credit":"","camera":"","caption":"","created_timestamp":"0","copyright":"","focal_length":"0","iso":"0","shutter_speed":"0","title":"","orientation":"0"}" data-image-title="config_prompt" data-large-file="https://chingfengwang.files.wordpress.com/2020/12/config_prompt.png?w=661" data-medium-file="https://chingfengwang.files.wordpress.com/2020/12/config_prompt.png?w=248" data-orig-file="https://chingfengwang.files.wordpress.com/2020/12/config_prompt.png" data-orig-size="661,800" data-permalink="https://chingfengwang.com/config_prompt/" sizes="(max-width: 661px) 100vw, 661px" src="https://chingfengwang.files.wordpress.com/2020/12/config_prompt.png?w=661" srcset="https://chingfengwang.files.wordpress.com/2020/12/config_prompt.png 661w, https://chingfengwang.files.wordpress.com/2020/12/config_prompt.png?w=124 124w, https://chingfengwang.files.wordpress.com/2020/12/config_prompt.png?w=248 248w" style="border-style: none; box-sizing: border-box; height: auto; max-width: 100%; vertical-align: bottom;" /></figure><figure class="wp-block-image size-large" style="-webkit-font-smoothing: antialiased; background-color: white; box-sizing: inherit; color: #303030; font-family: "PT Sans", -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 20px; margin: 32px auto; max-width: calc(750px); padding: 0px; text-align: center;"><img alt="" class="wp-image-555" data-attachment-id="555" data-comments-opened="1" data-image-caption="" data-image-description="" data-image-meta="{"aperture":"0","credit":"","camera":"","caption":"","created_timestamp":"0","copyright":"","focal_length":"0","iso":"0","shutter_speed":"0","title":"","orientation":"0"}" data-image-title="logs" data-large-file="https://chingfengwang.files.wordpress.com/2020/12/logs.png?w=750" data-medium-file="https://chingfengwang.files.wordpress.com/2020/12/logs.png?w=300" data-orig-file="https://chingfengwang.files.wordpress.com/2020/12/logs.png" data-orig-size="1808,454" data-permalink="https://chingfengwang.com/logs/" sizes="(max-width: 1024px) 100vw, 1024px" src="https://chingfengwang.files.wordpress.com/2020/12/logs.png?w=1024" srcset="https://chingfengwang.files.wordpress.com/2020/12/logs.png?w=1024 1024w, https://chingfengwang.files.wordpress.com/2020/12/logs.png?w=150 150w, https://chingfengwang.files.wordpress.com/2020/12/logs.png?w=300 300w, https://chingfengwang.files.wordpress.com/2020/12/logs.png?w=768 768w, https://chingfengwang.files.wordpress.com/2020/12/logs.png 1808w" style="border-style: none; box-sizing: border-box; height: auto; max-width: 100%; vertical-align: bottom;" /><figcaption style="box-sizing: inherit; color: var(--wp--preset--color--foreground-low-contrast); font-size: 0.75614rem; margin-bottom: 16px; margin-top: calc(8px); max-width: unset;">範例:出處 <span style="box-sizing: inherit; font-weight: bolder; max-width: unset;">feral packet</span> 網站</figcaption></figure><p style="-webkit-font-smoothing: antialiased; background-color: white; box-sizing: inherit; color: #303030; font-family: "PT Sans", -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 20px; margin: 32px auto; max-width: calc(750px); overflow-wrap: break-word; padding: 0px;">更多截圖可以到<a href="https://feralpacket.org/?p=817" style="background-color: transparent; box-sizing: inherit; cursor: pointer; max-width: unset;">作者網站</a>看喔:)</p><p style="-webkit-font-smoothing: antialiased; background-color: white; box-sizing: inherit; color: #303030; font-family: "PT Sans", -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 20px; margin: 32px auto; max-width: calc(750px); overflow-wrap: break-word; padding: 0px;"><span style="box-sizing: inherit; font-weight: bolder; max-width: unset;">2.NOTEPAD++</span></p><p style="-webkit-font-smoothing: antialiased; background-color: white; box-sizing: inherit; color: #303030; font-family: "PT Sans", -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 20px; margin: 32px auto; max-width: calc(750px); overflow-wrap: break-word; padding: 0px;"><span style="box-sizing: inherit; font-weight: bolder; max-width: unset;">給notepad++用的顯示不同網路設備 config 的語法 ( Syntax Highlight )</span>下載:</p><p style="-webkit-font-smoothing: antialiased; background-color: white; box-sizing: inherit; color: #303030; font-family: "PT Sans", -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 20px; margin: 32px auto; max-width: calc(750px); overflow-wrap: break-word; padding: 0px;"><a href="https://github.com/click0/npp-udl" style="background-color: transparent; box-sizing: inherit; cursor: pointer; max-width: unset;">https://github.com/click0/npp-udl</a></p><p style="-webkit-font-smoothing: antialiased; background-color: white; box-sizing: inherit; color: #303030; font-family: "PT Sans", -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 20px; margin: 32px auto; max-width: calc(750px); overflow-wrap: break-word; padding: 0px;"><span style="box-sizing: inherit; font-weight: bolder; max-width: unset;">#安裝:</span></p><p style="-webkit-font-smoothing: antialiased; background-color: white; box-sizing: inherit; color: #303030; font-family: "PT Sans", -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 20px; margin: 32px auto; max-width: calc(750px); overflow-wrap: break-word; padding: 0px;">解壓縮後,抓下來把要用的 xml 丟到: </p><p style="-webkit-font-smoothing: antialiased; background-color: white; box-sizing: inherit; color: #303030; font-family: "PT Sans", -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 20px; margin: 32px auto; max-width: calc(750px); overflow-wrap: break-word; padding: 0px;"><span style="box-sizing: inherit; font-weight: bolder; max-width: unset;">C:\Users\{使用者名稱}\AppData\Roaming\Notepad++\userDefineLangs<br style="box-sizing: inherit; max-width: unset;" /></span>1.然後再開啟<span style="box-sizing: inherit; font-weight: bolder; max-width: unset;">notepad++ </span>,</p><p style="-webkit-font-smoothing: antialiased; background-color: white; box-sizing: inherit; color: #303030; font-family: "PT Sans", -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 20px; margin: 32px auto; max-width: calc(750px); overflow-wrap: break-word; padding: 0px;">2. 跟需要的config 檔案</p><p style="-webkit-font-smoothing: antialiased; background-color: white; box-sizing: inherit; color: #303030; font-family: "PT Sans", -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 20px; margin: 32px auto; max-width: calc(750px); overflow-wrap: break-word; padding: 0px;">3.至 <span style="box-sizing: inherit; font-weight: bolder; max-width: unset;">語言 > 選擇需要的設備語言 (如 Junos , iOS)</span></p><figure class="wp-block-image size-large" style="-webkit-font-smoothing: antialiased; background-color: white; box-sizing: inherit; color: #303030; font-family: "PT Sans", -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 20px; margin: 32px auto; max-width: calc(750px); padding: 0px; text-align: center;"><img alt="" class="wp-image-516" data-attachment-id="516" data-comments-opened="1" data-image-caption="" data-image-description="" data-image-meta="{"aperture":"0","credit":"","camera":"","caption":"","created_timestamp":"0","copyright":"","focal_length":"0","iso":"0","shutter_speed":"0","title":"","orientation":"0"}" data-image-title="image" data-large-file="https://chingfengwang.files.wordpress.com/2020/12/image.png?w=240" data-medium-file="https://chingfengwang.files.wordpress.com/2020/12/image.png?w=103" data-orig-file="https://chingfengwang.files.wordpress.com/2020/12/image.png" data-orig-size="240,700" data-permalink="https://chingfengwang.com/image-25/" sizes="(max-width: 240px) 100vw, 240px" src="https://chingfengwang.files.wordpress.com/2020/12/image.png?w=240" srcset="https://chingfengwang.files.wordpress.com/2020/12/image.png 240w, https://chingfengwang.files.wordpress.com/2020/12/image.png?w=51 51w" style="border-style: none; box-sizing: border-box; height: auto; max-width: 100%; vertical-align: bottom;" /></figure><h6 class="wp-block-heading" style="-webkit-font-smoothing: antialiased; background-color: white; box-sizing: inherit; clear: both; color: #303030; font-family: "PT Sans", -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 1.15rem; line-height: 1.125; margin: 32px auto; max-width: calc(750px); padding: 0px;">下面是作者範例的截圖:<br style="box-sizing: inherit; max-width: unset;" /><em style="box-sizing: inherit; max-width: unset;">(出處為作者github專案 <a href="https://github.com/click0/npp-udl" rel="noreferrer noopener" style="background-color: transparent; box-sizing: inherit; cursor: pointer; max-width: unset; text-decoration-line: none;" target="_blank">https://github.com/click0/npp-udl</a> )</em></h6><p style="-webkit-font-smoothing: antialiased; background-color: white; box-sizing: inherit; color: #303030; font-family: "PT Sans", -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 20px; margin: 32px auto; max-width: calc(750px); overflow-wrap: break-word; padding: 0px;"></p><ul style="-webkit-font-smoothing: antialiased; background-color: white; box-sizing: border-box; color: #303030; font-family: "PT Sans", -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 20px; margin: 32px auto; max-width: calc(750px); padding: 0px 0px 0px 32px;"><li style="-webkit-font-smoothing: antialiased; box-sizing: inherit; margin: 0px; max-width: unset; padding: 0px;">Quagga config or ( Cisco IOS )</li></ul><figure class="wp-block-image" style="-webkit-font-smoothing: antialiased; background-color: white; box-sizing: inherit; color: #303030; font-family: "PT Sans", -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 20px; margin: 0px auto; max-width: calc(750px); padding: 0px; text-align: center;"><a href="https://raw.githubusercontent.com/click0/npp-udl/master/Example%20screen/Cisco_IOS_and_quagga_UDL-npp.jpg" rel="noreferrer noopener" style="background-color: transparent; box-sizing: inherit; cursor: pointer; max-width: unset; text-decoration-line: none;" target="_blank"><img alt="" scale="0" src="https://raw.githubusercontent.com/click0/npp-udl/master/Example%20screen/Cisco_IOS_and_quagga_UDL-npp.jpg" style="border-style: none; box-sizing: border-box; height: auto; max-width: 100%; vertical-align: bottom;" /></a></figure><ul style="-webkit-font-smoothing: antialiased; background-color: white; box-sizing: border-box; color: #303030; font-family: "PT Sans", -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 20px; margin: 0px auto 32px; max-width: calc(750px); padding: 0px 0px 0px 32px;"><li style="-webkit-font-smoothing: antialiased; box-sizing: inherit; margin: 0px; max-width: unset; padding: 0px;">AlliedTelesis switch config</li></ul><figure class="wp-block-image" style="-webkit-font-smoothing: antialiased; background-color: white; box-sizing: inherit; color: #303030; font-family: "PT Sans", -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 20px; margin: 0px auto; max-width: calc(750px); padding: 0px; text-align: center;"><a href="https://raw.githubusercontent.com/click0/npp-udl/master/Example%20screen/AlliedTelesis_UDL-npp.jpg" rel="noreferrer noopener" style="background-color: transparent; box-sizing: inherit; cursor: pointer; max-width: unset; text-decoration-line: none;" target="_blank"><img alt="" scale="0" src="https://raw.githubusercontent.com/click0/npp-udl/master/Example%20screen/AlliedTelesis_UDL-npp.jpg" style="border-style: none; box-sizing: border-box; height: auto; max-width: 100%; vertical-align: bottom;" /></a></figure><ul style="-webkit-font-smoothing: antialiased; background-color: white; box-sizing: border-box; color: #303030; font-family: "PT Sans", -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 20px; margin: 0px auto 32px; max-width: calc(750px); padding: 0px 0px 0px 32px;"><li style="-webkit-font-smoothing: antialiased; box-sizing: inherit; margin: 0px; max-width: unset; padding: 0px;">Mikrotik router config ( RouterOS )</li></ul><figure class="wp-block-image" style="-webkit-font-smoothing: antialiased; background-color: white; box-sizing: inherit; color: #303030; font-family: "PT Sans", -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 20px; margin: 0px auto; max-width: calc(750px); padding: 0px; text-align: center;"><a href="https://raw.githubusercontent.com/click0/npp-udl/master/Example%20screen/RouterOS_UDL-npp.jpg" rel="noreferrer noopener" style="background-color: transparent; box-sizing: inherit; cursor: pointer; max-width: unset; text-decoration-line: none;" target="_blank"><img alt="" scale="0" src="https://raw.githubusercontent.com/click0/npp-udl/master/Example%20screen/RouterOS_UDL-npp.jpg" style="border-style: none; box-sizing: border-box; height: auto; max-width: 100%; vertical-align: bottom;" /></a></figure><ul style="-webkit-font-smoothing: antialiased; background-color: white; box-sizing: border-box; color: #303030; font-family: "PT Sans", -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 20px; margin: 0px auto 32px; max-width: calc(750px); padding: 0px 0px 0px 32px;"><li style="-webkit-font-smoothing: antialiased; box-sizing: inherit; margin: 0px; max-width: unset; padding: 0px;">Juniper router config ( JunOS )</li></ul><figure class="wp-block-image" style="-webkit-font-smoothing: antialiased; background-color: white; box-sizing: inherit; color: #303030; font-family: "PT Sans", -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 20px; margin: 0px auto; max-width: calc(750px); padding: 0px; text-align: center;"><a href="https://raw.githubusercontent.com/click0/npp-udl/master/Example%20screen/JunOS_UDL-npp.jpg" rel="noreferrer noopener" style="background-color: transparent; box-sizing: inherit; cursor: pointer; max-width: unset; text-decoration-line: none;" target="_blank"><img alt="" scale="0" src="https://raw.githubusercontent.com/click0/npp-udl/master/Example%20screen/JunOS_UDL-npp.jpg" style="border-style: none; box-sizing: border-box; height: auto; max-width: 100%; vertical-align: bottom;" /></a></figure><p style="-webkit-font-smoothing: antialiased; background-color: white; box-sizing: inherit; color: #303030; font-family: "PT Sans", -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 20px; margin: 0px auto 32px; max-width: calc(750px); overflow-wrap: break-word; padding: 0px;"><span style="box-sizing: inherit; font-weight: bolder; max-width: unset;">#參考資料:</span><br style="box-sizing: inherit; max-width: unset;" />1.<a href="https://feralpacket.org/" style="background-color: transparent; box-sizing: inherit; cursor: pointer; max-width: unset;">feral packet</a> , <span style="box-sizing: inherit; font-weight: bolder; max-width: unset;">Regular Expressions For SecureCRT Keyword Highlighting – Update</span> , <a href="https://feralpacket.org/?p=817" rel="noreferrer noopener" style="background-color: transparent; box-sizing: inherit; cursor: pointer; max-width: unset;" target="_blank"><em style="box-sizing: inherit; max-width: unset;">https://feralpacket.org/?p=817</em></a><br style="box-sizing: inherit; max-width: unset;" />2.npp-udl, <span style="box-sizing: inherit; font-weight: bolder; max-width: unset;">Syntax Highlight Rules for Notepad++ Text Editor</span>, <a href="https://github.com/click0/npp-udl" rel="noreferrer noopener" style="background-color: transparent; box-sizing: inherit; cursor: pointer; max-width: unset;" target="_blank"><span style="box-sizing: inherit; font-weight: bolder; max-width: unset;"><em style="box-sizing: inherit; max-width: unset;">https://github.com/click0/npp-udl</em></span></a><br style="box-sizing: inherit; max-width: unset;" />3.<a href="https://npp-user-manual.org/docs/user-defined-language-system/" rel="nofollow" style="background-color: transparent; box-sizing: inherit; cursor: pointer; max-width: unset;">https://npp-user-manual.org/docs/user-defined-language-system/</a></p>髒圳嘎http://www.blogger.com/profile/17184209061223272557noreply@blogger.com0tag:blogger.com,1999:blog-2937680267848947674.post-88827400155110640092022-08-03T15:50:00.007+08:002022-08-03T15:50:59.144+08:00 Outlook-解除禁止存取可能不安全的附件<p> <span style="background-color: white; color: #222222; font-family: 微軟正黑體; font-size: 18.6667px; letter-spacing: 1.33333px;">當你 Outlook 中收到的郵件含有某些檔案格式的附件,會被 Outlook 判定為禁止存取(參考下圖)。要如何取消這個限制呢?</span></p><p style="background-color: white; color: #222222; font-family: 微軟正黑體; font-size: 18.6667px; letter-spacing: 1.33333px; margin: 0px 0px 1em; padding: 0px;"><img alt="" border="0" height="69" loading="lazy" src="https://pic.pimg.tw/isvincent/1313077196-ff7f46d7cc560a51e71d8144fc56fb01.png" style="background-image: none; border: 0px; display: inline; padding-left: 0px; padding-right: 0px; padding-top: 0px;" title="" width="400" /></p><p style="background-color: white; color: #222222; font-family: 微軟正黑體; font-size: 18.6667px; letter-spacing: 1.33333px; margin: 0px 0px 1em; padding: 0px;">參考以下步驟:</p><p style="background-color: white; color: #222222; font-family: 微軟正黑體; font-size: 18.6667px; letter-spacing: 1.33333px; margin: 0px 0px 1em; padding: 0px;">1. 按一下 <strong><span style="font-weight: normal;">WinKey+R</span></strong> 鍵,輸入「<strong>regedit</strong>」,按一下 <strong><span style="font-weight: normal;">Enter</span></strong> 鍵。</p><p style="background-color: white; color: #222222; font-family: 微軟正黑體; font-size: 18.6667px; letter-spacing: 1.33333px; margin: 0px 0px 1em; padding: 0px;">2. 開啟以下路徑:(以 Outlook 365 為例)</p><p style="background-color: white; color: #222222; font-family: 微軟正黑體; font-size: 18.6667px; letter-spacing: 1.33333px; margin: 0px 0px 1em; padding: 0px;">HKEY_CURRENT_USER\Software\Microsoft\Office\<strong><span style="font-weight: normal;">16.0</span></strong>\Outlook\Security</p><p style="background-color: white; color: #222222; font-family: 微軟正黑體; font-size: 18.6667px; letter-spacing: 1.33333px; margin: 0px 0px 1em; padding: 0px;"><span style="letter-spacing: 1.33333px;">3. 在 Security 中建立一個</span><span style="letter-spacing: 1.33333px;"> </span><strong style="letter-spacing: 1.33333px;">Level1Remove</strong><span style="letter-spacing: 1.33333px;"> </span><span style="letter-spacing: 1.33333px;">字串值。</span></p><p style="background-color: white; color: #222222; font-family: 微軟正黑體; font-size: 18.6667px; letter-spacing: 1.33333px; margin: 0px 0px 1em; padding: 0px;">4. 點選 Level1Remove 字串值,數值資料中輸入想要開放的檔案格式(本例為.asp),若有多種檔案格式要開放,則在各個副檔名中間加上「;」(分號),例如:「.exe;.asp」。</p><p style="background-color: white; color: #222222; font-family: 微軟正黑體; font-size: 18.6667px; letter-spacing: 1.33333px; margin: 0px 0px 1em; padding: 0px;">5. 你必須關閉登錄編輯程式,重新開啟outlook,設定才會生效。</p><p style="background-color: white; color: #222222; font-family: 微軟正黑體; font-size: 18.6667px; letter-spacing: 1.33333px; margin: 0px 0px 1em; padding: 0px;"><img alt="" border="0" height="626" loading="lazy" src="https://pic.pimg.tw/isvincent/1313077197-d057dcfa503a05d3a5f83a2bda369ebd.png" style="background-image: none; border: 0px; display: inline; padding-left: 0px; padding-right: 0px; padding-top: 0px;" title="" width="595" /></p><p style="background-color: white; color: #222222; font-family: 微軟正黑體; font-size: 18.6667px; letter-spacing: 1.33333px; margin: 0px 0px 1em; padding: 0px;">註:如果想要回復這些檔案格式禁止開啟,則只要刪除 <strong>Level1Remove</strong> 字串值即可。</p>髒圳嘎http://www.blogger.com/profile/17184209061223272557noreply@blogger.com0tag:blogger.com,1999:blog-2937680267848947674.post-91853949849224114772022-07-04T12:20:00.004+08:002022-07-04T12:20:41.333+08:00iOS 16 Beta downgrade 備份恢復問題<p> Downgrade 回iOS15 要恢復備份時, iTunes 顯示版本不符所以不能恢復.<br /><br />這時只需要修改 %userprofile%\Apple\MobileSync\Backup\xxxxxxx\Info.plist<br /><br />把黃色部分改成15.0後存檔即可.<br /><br /></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEjyah7YNE2rLgggpOJ5OP5xLHGodqThwUSohC_nOKHucrr38lM9m5ppmwHiqJ7-7D4GdKSQXbJxJx3-kBp30ZOqcuwWUPA7ipGwE6NZDMcOUNGZDa4i1eJEQjoJoK-yiqYJhSx-cI8gOvKh87zguBM5HDThhjzURmh6YlmsH732_IYCn-b0nsH-cDHA" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="1299" data-original-width="2075" height="200" src="https://blogger.googleusercontent.com/img/a/AVvXsEjyah7YNE2rLgggpOJ5OP5xLHGodqThwUSohC_nOKHucrr38lM9m5ppmwHiqJ7-7D4GdKSQXbJxJx3-kBp30ZOqcuwWUPA7ipGwE6NZDMcOUNGZDa4i1eJEQjoJoK-yiqYJhSx-cI8gOvKh87zguBM5HDThhjzURmh6YlmsH732_IYCn-b0nsH-cDHA" width="320" /></a></div><br /><br /><p></p>髒圳嘎http://www.blogger.com/profile/17184209061223272557noreply@blogger.com0tag:blogger.com,1999:blog-2937680267848947674.post-21942558762867358812022-06-16T23:18:00.000+08:002022-06-16T23:18:02.204+08:00How do I scroll in tmux?<p> <span style="background-color: #e3e6e8; color: #232629; font-family: ui-monospace, "Cascadia Mono", "Segoe UI Mono", "Liberation Mono", Menlo, Monaco, Consolas, monospace; font-size: 13px; white-space: pre-wrap;">echo "set -g mouse on" >> ~/.tmux.conf
or
</span><kbd style="border-radius: var(--br-sm); border: 1px solid var(--black-300); box-shadow: rgba(12, 13, 14, 0.15) 0px 1px 1px, rgb(255, 255, 255) 0px 1px 0px 0px inset; box-sizing: inherit; color: #232629; display: inline-block; font-family: var(--ff-sans); font-size: var(--fs-fine); font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: var(--s-prose-line-height); margin: 0px 0.1em; overflow-wrap: break-word; padding: 0.1em 0.6em; text-shadow: 0 1px 0 var(--white); vertical-align: baseline; white-space: nowrap;">Ctrl</kbd><span style="background-color: white; color: #232629; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI Adjusted", "Segoe UI", "Liberation Sans", sans-serif; font-size: 15px;">-</span><kbd style="border-radius: var(--br-sm); border: 1px solid var(--black-300); box-shadow: rgba(12, 13, 14, 0.15) 0px 1px 1px, rgb(255, 255, 255) 0px 1px 0px 0px inset; box-sizing: inherit; color: #232629; display: inline-block; font-family: var(--ff-sans); font-size: var(--fs-fine); font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: var(--s-prose-line-height); margin: 0px 0.1em; overflow-wrap: break-word; padding: 0.1em 0.6em; text-shadow: 0 1px 0 var(--white); vertical-align: baseline; white-space: nowrap;">b</kbd><span style="background-color: white; color: #232629; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI Adjusted", "Segoe UI", "Liberation Sans", sans-serif; font-size: 15px;"> then </span><kbd style="border-radius: var(--br-sm); border: 1px solid var(--black-300); box-shadow: rgba(12, 13, 14, 0.15) 0px 1px 1px, rgb(255, 255, 255) 0px 1px 0px 0px inset; box-sizing: inherit; color: #232629; display: inline-block; font-family: var(--ff-sans); font-size: var(--fs-fine); font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: var(--s-prose-line-height); margin: 0px 0.1em; overflow-wrap: break-word; padding: 0.1em 0.6em; text-shadow: 0 1px 0 var(--white); vertical-align: baseline; white-space: nowrap;">[</kbd><span style="background-color: white; color: #232629; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI Adjusted", "Segoe UI", "Liberation Sans", sans-serif; font-size: 15px;"> then you can use your normal navigation keys to scroll around (eg. </span><kbd style="border-radius: var(--br-sm); border: 1px solid var(--black-300); box-shadow: rgba(12, 13, 14, 0.15) 0px 1px 1px, rgb(255, 255, 255) 0px 1px 0px 0px inset; box-sizing: inherit; color: #232629; display: inline-block; font-family: var(--ff-sans); font-size: var(--fs-fine); font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: var(--s-prose-line-height); margin: 0px 0.1em; overflow-wrap: break-word; padding: 0.1em 0.6em; text-shadow: 0 1px 0 var(--white); vertical-align: baseline; white-space: nowrap;">Up Arrow</kbd><span style="background-color: white; color: #232629; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI Adjusted", "Segoe UI", "Liberation Sans", sans-serif; font-size: 15px;"> or </span><kbd style="border-radius: var(--br-sm); border: 1px solid var(--black-300); box-shadow: rgba(12, 13, 14, 0.15) 0px 1px 1px, rgb(255, 255, 255) 0px 1px 0px 0px inset; box-sizing: inherit; color: #232629; display: inline-block; font-family: var(--ff-sans); font-size: var(--fs-fine); font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: var(--s-prose-line-height); margin: 0px 0.1em; overflow-wrap: break-word; padding: 0.1em 0.6em; text-shadow: 0 1px 0 var(--white); vertical-align: baseline; white-space: nowrap;">PgDn</kbd><span style="background-color: white; color: #232629; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI Adjusted", "Segoe UI", "Liberation Sans", sans-serif; font-size: 15px;">). Press </span><kbd style="border-radius: var(--br-sm); border: 1px solid var(--black-300); box-shadow: rgba(12, 13, 14, 0.15) 0px 1px 1px, rgb(255, 255, 255) 0px 1px 0px 0px inset; box-sizing: inherit; color: #232629; display: inline-block; font-family: var(--ff-sans); font-size: var(--fs-fine); font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: var(--s-prose-line-height); margin: 0px 0.1em; overflow-wrap: break-word; padding: 0.1em 0.6em; text-shadow: 0 1px 0 var(--white); vertical-align: baseline; white-space: nowrap;">q</kbd><span style="background-color: white; color: #232629; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI Adjusted", "Segoe UI", "Liberation Sans", sans-serif; font-size: 15px;"> to quit scroll mode.</span><span style="background-color: #e3e6e8; color: #232629; font-family: ui-monospace, "Cascadia Mono", "Segoe UI Mono", "Liberation Mono", Menlo, Monaco, Consolas, monospace; font-size: 13px; white-space: pre-wrap;">
</span></p>髒圳嘎http://www.blogger.com/profile/17184209061223272557noreply@blogger.com0tag:blogger.com,1999:blog-2937680267848947674.post-16645190616903447512022-04-25T12:23:00.003+08:002022-04-25T12:23:27.322+08:00log可打timestamp 並直接顯示在螢幕的 termnal : extraputty<p> </p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEiQ3BwOw88OQMXKUxp2n5-Iuj2H3cmBW_2L7_AHesen6lEX98pNGkmVA8M6PtMR5qcox0HVKSVWRXL8fUyDmvHC93EQwjsfGsHeSkp5f7f34jsBgvSp6cUELkT_nwVcG-nBxWiOtqbQCqTgCFM93dqz7y5esmwXjP90Qm4v2-AGKZWFpAurfDnOCiae" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="978" data-original-width="1626" height="298" src="https://blogger.googleusercontent.com/img/a/AVvXsEiQ3BwOw88OQMXKUxp2n5-Iuj2H3cmBW_2L7_AHesen6lEX98pNGkmVA8M6PtMR5qcox0HVKSVWRXL8fUyDmvHC93EQwjsfGsHeSkp5f7f34jsBgvSp6cUELkT_nwVcG-nBxWiOtqbQCqTgCFM93dqz7y5esmwXjP90Qm4v2-AGKZWFpAurfDnOCiae=w496-h298" width="496" /></a></div><br />載點:https://sourceforge.net/projects/extraputty/<p></p>髒圳嘎http://www.blogger.com/profile/17184209061223272557noreply@blogger.com0tag:blogger.com,1999:blog-2937680267848947674.post-67797616544565018552022-04-25T12:12:00.000+08:002022-04-25T12:12:01.308+08:00主機板廠牌與型號/Windows 10序號 提取command<p><br /></p><h2 style="background-color: white; box-sizing: border-box; color: #222222; font-family: Hind; font-size: 30px; line-height: 1.4; margin: 0px 0px 15px; overflow-wrap: break-word;"><span id="只要輸入一行指令馬上出現-Windows-10序號" style="box-sizing: border-box;"><b style="box-sizing: border-box;"><span style="box-sizing: border-box; color: blue;"><br /></span></b></span></h2><h2 style="background-color: white; box-sizing: border-box; color: #222222; font-family: Hind; font-size: 30px; line-height: 1.4; margin: 0px 0px 15px; overflow-wrap: break-word;"><span id="命令提示字元輸入一行指令,跳出主機板廠牌與型號" style="box-sizing: border-box;"><b style="box-sizing: border-box;"><span style="box-sizing: border-box; color: blue;">主機板廠牌與型號<br /><div style="color: black; font-family: "Times New Roman"; font-size: medium; font-weight: 400;"><span style="box-sizing: border-box;"><b style="box-sizing: border-box;"><span style="box-sizing: border-box; color: blue;"><span style="color: #252324; font-family: Hind; font-size: 17px; font-weight: 400;">直接開啟「</span><strong style="box-sizing: border-box; color: #252324; font-family: Hind; font-size: 17px;">Windows系統 → <a class="st_tag internal_tag " data-adlink-host="iqmore.tw" data-adlink-id="converly-190" data-adlink-original="https://iqmore.tw/tag/%e5%91%bd%e4%bb%a4%e6%8f%90%e7%a4%ba%e5%ad%97%e5%85%83" href="https://iqmore.tw/tag/%e5%91%bd%e4%bb%a4%e6%8f%90%e7%a4%ba%e5%ad%97%e5%85%83" rel="tag" style="background: transparent; box-sizing: border-box; color: #b02b33; outline: none; text-decoration-line: none; transition-duration: 0.2s;" title="Posts tagged with 命令提示字元">命令提示字元</a></strong><span style="color: #252324; font-family: Hind; font-size: 17px; font-weight: 400;">」</span></span></b></span></div><p style="color: black; font-family: "Times New Roman"; font-size: medium; font-weight: 400;"><span style="background-color: #f9f2f4; color: #c7254e; font-family: monospace, monospace; font-size: 15.3px;">指令建議使用複製貼上:<br /></span><strong style="box-sizing: border-box; color: #252324; font-family: Hind; font-size: 17px;">wmic baseboard get product,Manufacturer,version,serialnumber</strong></p></span></b></span></h2><h2 style="background-color: white; box-sizing: border-box; color: #222222; font-family: Hind; font-size: 30px; line-height: 1.4; margin: 0px 0px 15px; overflow-wrap: break-word;"><span style="box-sizing: border-box;"><b style="box-sizing: border-box;"><span style="box-sizing: border-box; color: blue;"><a class="st_tag internal_tag " data-adlink-host="iqmore.tw" data-adlink-id="converly-189" data-adlink-original="https://iqmore.tw/tag/windows" href="https://iqmore.tw/tag/windows" rel="tag" style="background: transparent; box-sizing: border-box; color: #093969; text-decoration-line: none; transition-duration: 0.2s;" title="Posts tagged with Windows">Windows</a> 10序號</span></b></span></h2><div><span style="box-sizing: border-box;"><b style="box-sizing: border-box;"><span style="box-sizing: border-box; color: blue;"><span style="background-color: white; color: #252324; font-family: Hind; font-size: 17px; font-weight: 400;">直接開啟「</span><strong style="background-color: white; box-sizing: border-box; color: #252324; font-family: Hind; font-size: 17px;">Windows系統 → <a class="st_tag internal_tag " data-adlink-host="iqmore.tw" data-adlink-id="converly-190" data-adlink-original="https://iqmore.tw/tag/%e5%91%bd%e4%bb%a4%e6%8f%90%e7%a4%ba%e5%ad%97%e5%85%83" href="https://iqmore.tw/tag/%e5%91%bd%e4%bb%a4%e6%8f%90%e7%a4%ba%e5%ad%97%e5%85%83" rel="tag" style="background: transparent; box-sizing: border-box; color: #b02b33; outline: none; text-decoration-line: none; transition-duration: 0.2s;" title="Posts tagged with 命令提示字元">命令提示字元</a></strong><span style="background-color: white; color: #252324; font-family: Hind; font-size: 17px; font-weight: 400;">」</span></span></b></span></div><p><span style="background-color: #f9f2f4; color: #c7254e; font-family: monospace, monospace; font-size: 15.3px;">指令建議使用複製貼上:</span><br style="box-sizing: border-box; color: #c7254e; font-family: monospace, monospace; font-size: 15.3px;" /><span style="background-color: #f9f2f4; color: #c7254e; font-family: monospace, monospace; font-size: 15.3px;">wmic path softwarelicensingservice get OA3xOriginalProductKey</span></p>髒圳嘎http://www.blogger.com/profile/17184209061223272557noreply@blogger.com0tag:blogger.com,1999:blog-2937680267848947674.post-59816328350226199392022-02-18T10:52:00.005+08:002022-02-18T10:52:50.855+08:00PHY暫存器<p><span style="background-color: white; color: #262626; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Ubuntu, "Helvetica Neue", Helvetica, Arial, "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", "Source Han Sans CN", sans-serif; font-size: 16px;"> PHY暫存器的地址空間為5位,從0到31最多可以定義32個暫存器(隨著晶片功能不斷增加,很多PHY晶片採用分頁技術來擴充套件地址空間以定義更多的暫存器),IEEE802.3定義了地址為0-15這16個暫存器的功能,地址16-31的暫存器留給晶片製造商自由定義,如下表所示。</span></p><blockquote style="background: rgb(251, 251, 251); border-left: 5px solid rgb(229, 229, 229); box-sizing: border-box; color: #666666; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Ubuntu, "Helvetica Neue", Helvetica, Arial, "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", "Source Han Sans CN", sans-serif; font-size: 1.16667rem; margin: 0px 0px 20px; padding: 10px 20px;"><p style="box-sizing: border-box; line-height: 1.8; margin: 0px;">(1)官方介紹請參考IEEE802.3標準的22.2.4 Management functions節。<br style="box-sizing: border-box;" />(2)上圖的B和E表示了,在特定介面下,暫存器是基本的還是擴充套件的。例如:MII介面下只有0和1暫存器是基本的,其它的是擴充套件的。<em style="box-sizing: border-box;">注意:所為擴充套件是指留給IEEE以後的擴充套件特性用,不是給PHY廠商的擴充套件,PHY廠商自定義的只能是16~31號暫存器</em><br style="box-sizing: border-box;" />(3)在IEEE標準文件及某些PHY手冊中,某暫存器的位元(bit)用<code style="box-sizing: border-box; font-family: monospace, monospace; font-size: 1em;">X.y</code>表示,如0.15表示第0暫存器的第15位。</p></blockquote><h3 style="background-color: white; border-left: 4px solid rgb(26, 188, 156); box-sizing: border-box; color: #262626; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Ubuntu, "Helvetica Neue", Helvetica, Arial, "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", "Source Han Sans CN", sans-serif; font-size: 1.5rem; line-height: 1.2; margin: 30px 0px 20px; padding-left: 10px;"><a name="t7" style="background-color: transparent; box-sizing: border-box; color: #1abc9c; transition: all 0.3s ease-out 0s;"></a><a name="t7" style="background-color: transparent; box-sizing: border-box; color: #1abc9c; transition: all 0.3s ease-out 0s;"></a><a id="Control_Register_Register_0_96" style="background-color: transparent; box-sizing: border-box; color: #1abc9c; transition: all 0.3s ease-out 0s;"></a>Control Register (Register 0)</h3><p style="background-color: white; box-sizing: border-box; color: #262626; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Ubuntu, "Helvetica Neue", Helvetica, Arial, "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", "Source Han Sans CN", sans-serif; font-size: 16px; line-height: 1.8; margin: 0px 0px 1.66667rem;"> 暫存器0是PHY控制暫存器,通過Control Register可以對PHY的主要工作狀態進行設定。應該保證控制暫存器每個位的預設值,以便在沒有管理干預的情況下,上電或復位時PHY的初始狀態為正常操作狀態。Control Register的每一位完成的功能見下。<br style="box-sizing: border-box;" /></p><ul style="background-color: white; box-sizing: border-box; color: #262626; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Ubuntu, "Helvetica Neue", Helvetica, Arial, "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", "Source Han Sans CN", sans-serif; font-size: 16px; list-style-position: outside; margin-bottom: 20px; margin-top: 0px; padding-left: 2em;"><li style="box-sizing: border-box; margin-bottom: 10px;">Reset:通過將位0.15設定為邏輯1來完成復位PHY。 該操作應將狀態和控制暫存器設定為其預設狀態。 因此,此操作可能會改變PHY的內部狀態以及與PHY關聯的物理鏈路的狀態。<em style="box-sizing: border-box;">復位過程中Bit15保持為1,復位完成之後該位應該自動清零。</em>在復位過程完成之前,PHY不需要接受對控制暫存器的寫入操作,並且在復位過程完成之前寫入0.15以外的控制暫存器位可能不起作用。 復位過程應在0.15位設定的0.5 s內完成。</li></ul><blockquote style="background: rgb(251, 251, 251); border-left: 5px solid rgb(229, 229, 229); box-sizing: border-box; color: #666666; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Ubuntu, "Helvetica Neue", Helvetica, Arial, "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", "Source Han Sans CN", sans-serif; font-size: 1.16667rem; margin: 0px 0px 20px; padding: 10px 20px;"><p style="box-sizing: border-box; line-height: 1.8; margin: 0px;">(1)一般要改變埠的工作模式(如速率、雙工、流控或協商資訊等)時,在設定完相應位置的暫存器之後,需要通過Reset位復位PHY來使配置生效。<br style="box-sizing: border-box;" />(2)該位元位的預設值為 0。</p></blockquote><ul style="background-color: white; box-sizing: border-box; color: #262626; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Ubuntu, "Helvetica Neue", Helvetica, Arial, "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", "Source Han Sans CN", sans-serif; font-size: 16px; list-style-position: outside; margin-bottom: 20px; margin-top: 0px; padding-left: 2em;"><li style="box-sizing: border-box; margin-bottom: 10px;">Loopback:當位0.14被設定為邏輯1時,PHY應置於環回操作模式。 當位0.14置位時,PHY接收電路應與網路介質隔離,並且MII或GMII處的TX_EN斷言不應導致網路介質上的資料傳輸。 當位0.14置位時,PHY應接受來自MII或GMII傳送資料路徑的資料,並將其返回給MII或GMII接收資料路徑,以響應TX_EN的斷言。 當位0.14置位時,從斷言TX_EN到斷言RX_DV的延遲應小於512 BT。 當位0.14置位時,除非設定了位0.7,否則COL訊號應始終保持無效,在這種情況下,COL訊號的行為應如22.2.4.1.9所述。 清0.14位為零允許正常操作。<br style="box-sizing: border-box;" /> Loopback是一個除錯以及故障診斷中常用的功能,Bit14置1之後,PHY和外部MDI的連線在邏輯上將被斷開,從MAC經過MII/GMII(也可能是其他的MAC/PHY介面)傳送過來的資料將不會被髮送到MDI上,而是在PHY內部(一般在PCS)迴環到本埠的MII/GMII接收通道上,通過Loopback功能可以檢查MII/GMII以及PHY介面部分是否工作正常,對於埠不通的情況可用於故障定位。</li></ul><blockquote style="background: rgb(251, 251, 251); border-left: 5px solid rgb(229, 229, 229); box-sizing: border-box; color: #666666; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Ubuntu, "Helvetica Neue", Helvetica, Arial, "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", "Source Han Sans CN", sans-serif; font-size: 1.16667rem; margin: 0px 0px 20px; padding: 10px 20px;"><p style="box-sizing: border-box; line-height: 1.8; margin: 0px;">(1)需要注意的是,很多時候PHY設定Loopback後端口可能就Link down了,MAC無法向該埠發幀,這時就需要通過設定埠Force Link up才能使用Loopback功能。<br style="box-sizing: border-box;" />(2)該位元位的預設值為 0。</p></blockquote><ul style="background-color: white; box-sizing: border-box; color: #262626; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Ubuntu, "Helvetica Neue", Helvetica, Arial, "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", "Source Han Sans CN", sans-serif; font-size: 16px; list-style-position: outside; margin-bottom: 20px; margin-top: 0px; padding-left: 2em;"><li style="box-sizing: border-box; margin-bottom: 10px;">Speed Selection:***Bit13和Bit6兩位聯合實現***對埠的速率控制功能。連結速度可以通過自動協商過程或手動速度選擇來選擇。 通過將位0.12清零來禁用自動協商時,允許手動速度選擇。</li><li style="box-sizing: border-box; margin-bottom: 10px;">當禁用自動協商並將位0.6清除為邏輯0時,將位0.13設定為邏輯1將PHY配置為100 Mb / s操作,並將位0.13清除為邏輯0將PHY配置為10 Mb / s操作 。</li><li style="box-sizing: border-box; margin-bottom: 10px;">當禁用自動協商並將位0.6設定為邏輯1時,將位0.13清零為邏輯0會選擇1000 Mb / s的操作。 將位0.6和0.13設定為邏輯1的組合保留用於未來的標準化。</li><li style="box-sizing: border-box; margin-bottom: 10px;">當使能自動協商時,可以讀取或寫入位0.6和0.13,但位0.6和位0.13的狀態對鏈路配置沒有影響,位0.6和位0.13不需要反映當它被讀取時連結。</li></ul><p style="background-color: white; box-sizing: border-box; color: #262626; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Ubuntu, "Helvetica Neue", Helvetica, Arial, "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", "Source Han Sans CN", sans-serif; font-size: 16px; line-height: 1.8; margin: 0px 0px 1.66667rem;"> 如果PHY通過位元1.15:9和位元15.15:12報告它不能工作在所有速度時,則位元0.6和0.13的值應該與PHY可以操作的速度相對應。並且任何試圖將該位設定為無效的操作均將被忽略。</p><blockquote style="background: rgb(251, 251, 251); border-left: 5px solid rgb(229, 229, 229); box-sizing: border-box; color: #666666; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Ubuntu, "Helvetica Neue", Helvetica, Arial, "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", "Source Han Sans CN", sans-serif; font-size: 1.16667rem; margin: 0px 0px 20px; padding: 10px 20px;"><p style="box-sizing: border-box; line-height: 1.8; margin: 0px;">(1)對Speed Selection的修改設定,往往需要復位端口才能配置生效。因此在設定該位置的時候需要檢查自動協商的設定並通過Bit15復位埠。<br style="box-sizing: border-box;" />(2)位0.6和0.13的預設值是根據位1.15:9和15.15:12所指示的PHY可以操作的***最高資料速率***的編碼組合。</p></blockquote><ul style="background-color: white; box-sizing: border-box; color: #262626; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Ubuntu, "Helvetica Neue", Helvetica, Arial, "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", "Source Han Sans CN", sans-serif; font-size: 16px; list-style-position: outside; margin-bottom: 20px; margin-top: 0px; padding-left: 2em;"><li style="box-sizing: border-box; margin-bottom: 10px;">Auto-Negotiation Enable:自動協商過程應通過將位0.12設定為邏輯1來啟用。 如果位0.12設定為邏輯1,則位0.13、0.8和0.6不應對鏈路配置和除了自動協商協議規定之外的站操作產生影響。 如果將位0.12清零為邏輯0,則無論鏈路配置和自動協商過程的先前狀態如何,位0.13、0.8和0.6都將確定鏈路配置。<br style="box-sizing: border-box;" /> 如果PHY通過位1.3報告它缺乏執行自動協商的能力,則PHY應在位0.12返回零值。 如果PHY通過位1.3報告它缺乏執行自動協商的能力,則位0.12應該始終寫為0,並且任何嘗試將1寫入位0.12都應該被忽略。</li></ul><blockquote style="background: rgb(251, 251, 251); border-left: 5px solid rgb(229, 229, 229); box-sizing: border-box; color: #666666; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Ubuntu, "Helvetica Neue", Helvetica, Arial, "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", "Source Han Sans CN", sans-serif; font-size: 1.16667rem; margin: 0px 0px 20px; padding: 10px 20px;"><p style="box-sizing: border-box; line-height: 1.8; margin: 0px;">必須注意的是,對於1000BASE-T介面,自動協商必須開啟。</p></blockquote><ul style="background-color: white; box-sizing: border-box; color: #262626; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Ubuntu, "Helvetica Neue", Helvetica, Arial, "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", "Source Han Sans CN", sans-serif; font-size: 16px; list-style-position: outside; margin-bottom: 20px; margin-top: 0px; padding-left: 2em;"><li style="box-sizing: border-box; margin-bottom: 10px;">Power Down:通過將位0.11設定為邏輯1,可以將PHY置於低功耗狀態。 清0.11位為零允許正常操作。 PHY在掉電狀態下的具體行為是特定實現的。 處於掉電狀態時,PHY應響應管理事務。 在轉換到掉電狀態期間和處於掉電狀態期間,PHY不應在MII或GMII上產生寄生訊號。<br style="box-sizing: border-box;" /> 當位0.11或位0.10被設定為邏輯1時,PHY不需要滿足RX_CLK和TX_CLK訊號功能要求。 在位0.11和0.10清零後,PHY應在0.5 s內滿足22.2.2中定義的RX_CLK和TX_CLK訊號功能要求。</li></ul><blockquote style="background: rgb(251, 251, 251); border-left: 5px solid rgb(229, 229, 229); box-sizing: border-box; color: #666666; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Ubuntu, "Helvetica Neue", Helvetica, Arial, "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", "Source Han Sans CN", sans-serif; font-size: 1.16667rem; margin: 0px 0px 20px; padding: 10px 20px;"><p style="box-sizing: border-box; line-height: 1.8; margin: 0px;">(1)Power Down模式一般在軟體shut down埠的時候使用,需要注意的是埠從Power Down模式恢復,需要復位埠以保證埠可靠的連線。<br style="box-sizing: border-box;" />(2)該位的預設值為 0。</p></blockquote><ul style="background-color: white; box-sizing: border-box; color: #262626; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Ubuntu, "Helvetica Neue", Helvetica, Arial, "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", "Source Han Sans CN", sans-serif; font-size: 16px; list-style-position: outside; margin-bottom: 20px; margin-top: 0px; padding-left: 2em;"><li style="box-sizing: border-box; margin-bottom: 10px;">Isolate:通過將位0.10設定為邏輯1,PHY可能被迫將其資料路徑與MII或GMII電隔離。 清零位0.10允許正常操作。 當PHY與MII或GMII隔離時,它不會響應TXD資料包和TX_EN,TX_ER、GTX_CLK的輸入。並且它的TX_CLK,RX_CLK,RX_DV,RX_ER,RXD資料包、COL和CRS輸出均應為高阻態。 當PHY與MII或GMII隔離時,它將響應管理事務(MDC/MDIO介面的訊號)。</li></ul><blockquote style="background: rgb(251, 251, 251); border-left: 5px solid rgb(229, 229, 229); box-sizing: border-box; color: #666666; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Ubuntu, "Helvetica Neue", Helvetica, Arial, "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", "Source Han Sans CN", sans-serif; font-size: 1.16667rem; margin: 0px 0px 20px; padding: 10px 20px;"><p style="box-sizing: border-box; line-height: 1.8; margin: 0px;">(1)IEEE802.3沒有對Isolate 時MDI介面的狀態進行規範,此時MDI端可能還在正常執行。Isolate在實際應用中並沒有用到。<br style="box-sizing: border-box;" />(2)由於目前很多百兆的PHY晶片其MAC介面主流的都是SMII/S3MII,8個埠的介面是相互關聯的,一個埠設定Isolate可能會影響其他埠的正常使用,因此在使用中注意不要隨意更改bit10的狀態。</p></blockquote><ul style="background-color: white; box-sizing: border-box; color: #262626; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Ubuntu, "Helvetica Neue", Helvetica, Arial, "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", "Source Han Sans CN", sans-serif; font-size: 16px; list-style-position: outside; margin-bottom: 20px; margin-top: 0px; padding-left: 2em;"><li style="box-sizing: border-box; margin-bottom: 10px;">Restart Auto-Negotiation:如果PHY通過位1.3報告它缺乏執行自動協商的能力,或者如果自動協商被禁用,則PHY應在位0.9返回零值。 如果PHY通過位1.3報告它缺乏執行自動協商的能力,或者如果禁用了自動協商,則應將位0.9始終寫為0,並且任何嘗試將1寫入位0.9應被忽略。<br style="box-sizing: border-box;" /> Bit9置1將重新啟動埠的自動協商程序,當然前提是Auto-Negotiation Enable是使能的。</li></ul><blockquote style="background: rgb(251, 251, 251); border-left: 5px solid rgb(229, 229, 229); box-sizing: border-box; color: #666666; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Ubuntu, "Helvetica Neue", Helvetica, Arial, "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", "Source Han Sans CN", sans-serif; font-size: 1.16667rem; margin: 0px 0px 20px; padding: 10px 20px;"><p style="box-sizing: border-box; line-height: 1.8; margin: 0px;">一般在修改埠的自動協商能力資訊之後通過Bit9置1重新啟動自動協商來使埠按照新的配置建立link。</p></blockquote><ul style="background-color: white; box-sizing: border-box; color: #262626; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Ubuntu, "Helvetica Neue", Helvetica, Arial, "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", "Source Han Sans CN", sans-serif; font-size: 16px; list-style-position: outside; margin-bottom: 20px; margin-top: 0px; padding-left: 2em;"><li style="box-sizing: border-box; margin-bottom: 10px;">Duplex Mode:可以通過自動協商過程或手動雙面選擇來選擇雙工模式。 通過將位0.12清零來禁用自動協商時,允許手動雙面選擇。</li><li style="box-sizing: border-box; margin-bottom: 10px;">當禁用自動協商時,將位0.8設定為邏輯1將PHY配置為全雙工操作,並將位0.8清零以將邏輯0配置為用於半雙工操作的PHY。</li><li style="box-sizing: border-box; margin-bottom: 10px;">當啟用自動協商時,可以讀取或寫入位0.8,但位0.8的狀態對鏈路配置沒有影響。</li></ul><p style="background-color: white; box-sizing: border-box; color: #262626; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Ubuntu, "Helvetica Neue", Helvetica, Arial, "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", "Source Han Sans CN", sans-serif; font-size: 16px; line-height: 1.8; margin: 0px 0px 1.66667rem;"> 如果PHY通過位1.15:9和15.15:12報告它只能在一個雙工模式下工作,則位0.8的值應該與PHY可以工作的模式相對應,並且任何嘗試改變將該位0.8修改為無效指的操作應被忽略。</p><blockquote style="background: rgb(251, 251, 251); border-left: 5px solid rgb(229, 229, 229); box-sizing: border-box; color: #666666; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Ubuntu, "Helvetica Neue", Helvetica, Arial, "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", "Source Han Sans CN", sans-serif; font-size: 1.16667rem; margin: 0px 0px 20px; padding: 10px 20px;"><p style="box-sizing: border-box; line-height: 1.8; margin: 0px;">對Duplex Mode的修改配置也需要復位端口才能生效。</p></blockquote><ul style="background-color: white; box-sizing: border-box; color: #262626; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Ubuntu, "Helvetica Neue", Helvetica, Arial, "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", "Source Han Sans CN", sans-serif; font-size: 16px; list-style-position: outside; margin-bottom: 20px; margin-top: 0px; padding-left: 2em;"><li style="box-sizing: border-box; margin-bottom: 10px;">Collision Test:衝突訊號(COL)測試開關。在需要對COL訊號進行測試時,可以通過Bit7置1,這時PHY將輸出一個COL脈衝以供測試。實際測試操作中也可以將埠配置為半雙工狀態,通過發幀衝突來測試COL訊號,因此該配置實用價值不大。</li><li style="box-sizing: border-box; margin-bottom: 10px;">Unidirectional enable:如果PHY通過位元1.7報告它不具備編碼和傳輸來自媒體獨立介面的資料的能力,而不管PHY是否確定已建立有效鏈路,則PHY應在位元0.5中返回零值,並且 任何嘗試寫一個到位0.5應該被忽略。</li></ul><h3 style="background-color: white; border-left: 4px solid rgb(26, 188, 156); box-sizing: border-box; color: #262626; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Ubuntu, "Helvetica Neue", Helvetica, Arial, "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", "Source Han Sans CN", sans-serif; font-size: 1.5rem; line-height: 1.2; margin: 30px 0px 20px; padding-left: 10px;"><a name="t8" style="background-color: transparent; box-sizing: border-box; color: #1abc9c; transition: all 0.3s ease-out 0s;"></a><a name="t8" style="background-color: transparent; box-sizing: border-box; color: #1abc9c; transition: all 0.3s ease-out 0s;"></a><a id="Status_register_145" style="background-color: transparent; box-sizing: border-box; color: #1abc9c; transition: all 0.3s ease-out 0s;"></a>Status register</h3><p style="background-color: white; box-sizing: border-box; color: #262626; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Ubuntu, "Helvetica Neue", Helvetica, Arial, "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", "Source Han Sans CN", sans-serif; font-size: 16px; line-height: 1.8; margin: 0px 0px 1.66667rem;"> 暫存器1是PHY狀態暫存器,主要包含PHY的狀態資訊,大多數bit的值都是由晶片廠家確定的,每一個bit的功能在表3種已有詳細說明。<br style="box-sizing: border-box;" /><br style="box-sizing: border-box;" />暫存器中各位的詳細說明如下:</p><ul style="background-color: white; box-sizing: border-box; color: #262626; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Ubuntu, "Helvetica Neue", Helvetica, Arial, "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", "Source Han Sans CN", sans-serif; font-size: 16px; list-style-position: outside; margin-bottom: 20px; margin-top: 0px; padding-left: 2em;"><li style="box-sizing: border-box; margin-bottom: 10px;">100BASE-T4 ability:當讀為邏輯1時,位1.15指示PHY有能力使用100BASE-T4信令規範執行鏈路傳送和接收。 當讀為邏輯0時,位1.15表示PHY缺乏使用100BASE-T4信令規範執行鏈路傳送和接收的能力。</li><li style="box-sizing: border-box; margin-bottom: 10px;">100BASE-X full duplex ability:當讀為邏輯1時,位1.14指示PHY有能力使用100BASE-X信令規範執行全雙工鏈路傳輸和接收。 當作為邏輯0讀取時,bit1.14表示PHY缺乏使用100BASE-X信令規範執行全雙工鏈路傳輸和接收的能力。</li><li style="box-sizing: border-box; margin-bottom: 10px;">100BASE-X half duplex ability:當讀為邏輯1時,位1.13指示PHY有能力使用100BASE-X信令規範執行半雙工鏈路傳輸和接收。 當讀為邏輯0時,位1.13指示PHY缺乏使用100BASE-X信令規範執行半雙工鏈路傳輸和接收的能力。</li><li style="box-sizing: border-box; margin-bottom: 10px;"><em style="box-sizing: border-box;">其他同類型的值意義基本與上面幾個相同:指示PHY所具有的工作模式能力,不再一一說明。</em></li><li style="box-sizing: border-box; margin-bottom: 10px;">Unidirectional ability:當讀為邏輯1時,位1.7指示PHY具有編碼和傳輸來自媒體獨立介面的資料的能力,而不管PHY是否確定已建立有效鏈路。 當讀為邏輯0時,位1.7指示PHY只有在PHY確定已建立有效鏈路時才能從媒體獨立介面傳輸資料。</li><li style="box-sizing: border-box; margin-bottom: 10px;">MF preamble suppression ability:當讀為邏輯1時,位1.6指示PHY能夠接受管理幀,而不管它們是否在22.2.4.5.2中描述的前導碼模式之前。 當讀為邏輯0時,位1.6指示PHY不能接受管理幀,除非它們之前是22.2.4.5.2中描述的前導碼模式。</li><li style="box-sizing: border-box; margin-bottom: 10px;">Auto-Negotiation Complete:當讀為邏輯1時,位1.5指示自動協商過程已完成,並且由自動協商協議(條款28或條款37)實施的擴充套件暫存器的內容是有效的。 當讀為邏輯0時,位1.5指示自動協商過程尚未完成,並且擴充套件暫存器的內容由自動協商協議的當前狀態定義,或者為手動配置寫入。 如果自動協商通過清除位0.12禁用,則PHY應在位1.5返回零值。 如果PHY缺乏執行自動協商的能力,它還應在位1.5返回零值。</li></ul><blockquote style="background: rgb(251, 251, 251); border-left: 5px solid rgb(229, 229, 229); box-sizing: border-box; color: #666666; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Ubuntu, "Helvetica Neue", Helvetica, Arial, "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", "Source Han Sans CN", sans-serif; font-size: 1.16667rem; margin: 0px 0px 20px; padding: 10px 20px;"><p style="box-sizing: border-box; line-height: 1.8; margin: 0px;">在除錯以及異常故障處理時,可以通過該位暫存器的狀態判斷AN是否成功,從而進一步的檢查AN相關的設定是否正確,或者晶片的AN功能是否正常等。</p></blockquote><ul style="background-color: white; box-sizing: border-box; color: #262626; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Ubuntu, "Helvetica Neue", Helvetica, Arial, "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", "Source Han Sans CN", sans-serif; font-size: 16px; list-style-position: outside; margin-bottom: 20px; margin-top: 0px; padding-left: 2em;"><li style="box-sizing: border-box; margin-bottom: 10px;">Remote Fault:當讀為邏輯1時,位1.4表示檢測到遠端故障狀態。 故障型別以及故障檢測的標準和方法是PHY特定的。 遠端故障位必須使用鎖存功能來實現,以便發生遠端故障將導致遠端故障位置位,並保持置位狀態直至被清除。 每當通過管理介面讀取暫存器1時,遠端故障位應清零,並且還應通過PHY復位清零。<br style="box-sizing: border-box;" /> 遠端錯誤指示位。Bit4=1代表連線對端(Link Partner)出錯,至於出錯的具體型別以及錯誤檢測機制在規範中並沒有定義,由PHY的製造商自由發揮,一般的廠商都會在其他的暫存器(Register16-31由廠商自行定義)指示比較詳細的錯誤型別。在與埠相關的故障查證中,Remote Fault是一個重要的指示資訊,通過互聯雙方的Remote Fault資訊(可能要加上其他的具體錯誤指示),可以幫助定位故障原因。</li><li style="box-sizing: border-box; margin-bottom: 10px;">Auto-Negotiation ability:當讀為邏輯1時,位1.3指示PHY有能力執行自動協商。 當讀為邏輯0時,位1.3指示PHY缺乏執行自動協商的能力。</li><li style="box-sizing: border-box; margin-bottom: 10px;">Link Status:當讀為邏輯1時,位1.2指示PHY已經確定已建立有效鏈路。 當作為邏輯0讀取時,位1.2指示該連結無效。 確定鏈路有效性的標準是PHY特定的。 鏈路狀態位應該使用鎖存功能來實現,以便發生鏈路故障情況將導致鏈路狀態位清零並保持清零,直到通過管理介面讀取。 此狀態指示旨在支援在30.5.1.1.4,aMediaAvailable中定義的管理屬性。<br style="box-sizing: border-box;" /> 實際應用中一般都是通過Bit2來判斷埠的狀態。而且,一般的MAC晶片也是通過輪詢PHY的這個暫存器值來判斷埠的Link狀態的(這個過程可能有不同的名稱,比如BCM叫做Link Scan,而Marvell叫做PHY Polling。)如前所述,在AN Enable的情況下,Link Status的資訊只有在Auto-Negotiation Complete指示已經完成的情況下才是正確可靠的,否則有可能出錯。</li><li style="box-sizing: border-box; margin-bottom: 10px;">Jabber Detect:當作為邏輯1讀取時,位1.1指示已經檢測到爆音條件。 此狀態指示旨在支援30.5.1.1.6中定義的管理屬性,aJabber和30.5.1.3.1 nJabber中定義的MAU通知。 檢測Jabber條件的標準是PHY特定的。 Jabber檢測位應該使用鎖存功能來實現,以便發生Jabber條件將導致Jabber檢測位置位,並保持置位狀態直至被清除。 每次通過管理介面讀取暫存器1時,Jabber檢測位應清零,並且還應通過PHY復位清零。<br style="box-sizing: border-box;" /> IEEE802.3對Jabber的解釋是“A condition wherein a station transmits for a period of time longer than the maximum permissible packet length, usually due to a fault condition”。這一位指示的是Link Partner傳送的時間超過了規定的最大長度。值得注意的是,Jabber Detect只有在10BASE-T模式下才有意義,100和1000M模式是沒有定義Jabber這一功能的。</li></ul><h3 style="background-color: white; border-left: 4px solid rgb(26, 188, 156); box-sizing: border-box; color: #262626; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Ubuntu, "Helvetica Neue", Helvetica, Arial, "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", "Source Han Sans CN", sans-serif; font-size: 1.5rem; line-height: 1.2; margin: 30px 0px 20px; padding-left: 10px;"><a name="t9" style="background-color: transparent; box-sizing: border-box; color: #1abc9c; transition: all 0.3s ease-out 0s;"></a><a name="t9" style="background-color: transparent; box-sizing: border-box; color: #1abc9c; transition: all 0.3s ease-out 0s;"></a><a id="PHY_Identifier_Register_167" style="background-color: transparent; box-sizing: border-box; color: #1abc9c; transition: all 0.3s ease-out 0s;"></a>PHY Identifier Register</h3><p style="background-color: white; box-sizing: border-box; color: #262626; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Ubuntu, "Helvetica Neue", Helvetica, Arial, "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", "Source Han Sans CN", sans-serif; font-size: 16px; line-height: 1.8; margin: 0px 0px 1.66667rem;"> 暫存器2和3存放PHY晶片的型號程式碼,暫存器2(PHY ID1)為高16位,而暫存器3(PHY ID2)為低16位。由晶片製造商自行定義,實際應用中軟體通過讀取這兩個暫存器的內容可以識別PHY的型號和版本。<br style="box-sizing: border-box;" /> PHY識別符號應由由IEEE分配給PHY製造商的組織唯一識別符號(OUI)的(<em style="box-sizing: border-box;">只需要使用第3至第24位,共22位</em>),加上6位製造商的型號以及4位製造商的修訂版編號組成。 PHY識別符號旨在提供足夠的資訊來支援30.1.2中所要求的oResourceTypeID物件。<br style="box-sizing: border-box;" /> OUI的第三位分配給位2.15,OUI的第四位分配給位2.14,依此類推。 位2.0包含OUI的第十八位。 位3.15包含OUI的第十九位,位3.10包含OUI的第二十四位。 位3.9包含製造商型號的MSB。 位3.4包含製造商型號的LSB。 位3.3包含製造商版本號的MSB,位3.0包含製造商版本號的LSB。具體如下圖所示:<br style="box-sizing: border-box;" /></p><h3 style="background-color: white; border-left: 4px solid rgb(26, 188, 156); box-sizing: border-box; color: #262626; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Ubuntu, "Helvetica Neue", Helvetica, Arial, "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", "Source Han Sans CN", sans-serif; font-size: 1.5rem; line-height: 1.2; margin: 30px 0px 20px; padding-left: 10px;"><a name="t10" style="background-color: transparent; box-sizing: border-box; color: #1abc9c; transition: all 0.3s ease-out 0s;"></a><a name="t10" style="background-color: transparent; box-sizing: border-box; color: #1abc9c; transition: all 0.3s ease-out 0s;"></a><a id="AutoNegotiation_Advertisement_Register_Register_4_RW_173" style="background-color: transparent; box-sizing: border-box; color: #1abc9c; transition: all 0.3s ease-out 0s;"></a>Auto-Negotiation Advertisement Register (Register 4) (R/W)</h3><p style="background-color: white; box-sizing: border-box; color: #262626; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Ubuntu, "Helvetica Neue", Helvetica, Arial, "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", "Source Han Sans CN", sans-serif; font-size: 16px; line-height: 1.8; margin: 0px 0px 1.66667rem;"> 暫存器4是自動協商的能力通告暫存器,在AN Enable的前提下(見暫存器0),埠根據該暫存器的相關配置將自動協商資訊通過FLP在MDI上進行通告。當AN配置為Disable狀態的時候,暫存器4的配置將不起作用,埠的工作模式由控制暫存器中的配置決定。<br style="box-sizing: border-box;" /> 該暫存器包含PHY的通告能力,它們將在自動協商期間傳送給其連結夥伴。 基本頁的位定義在IEEE標準的28.2.1.2中定義。 上電時,在自動協商開始之前,該暫存器應具有以下預設配置:</p><ul style="background-color: white; box-sizing: border-box; color: #262626; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Ubuntu, "Helvetica Neue", Helvetica, Arial, "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", "Source Han Sans CN", sans-serif; font-size: 16px; list-style-position: outside; margin-bottom: 20px; margin-top: 0px; padding-left: 2em;"><li style="box-sizing: border-box; margin-bottom: 10px;">Selector Field (4.4:0):被設定為適當的程式碼,如IEEE標準的附件28A中所規定。</li><li style="box-sizing: border-box; margin-bottom: 10px;">Reserved(4.14):被設定為邏輯0。</li><li style="box-sizing: border-box; margin-bottom: 10px;">Technology Ability Field(4.11:5):<em style="box-sizing: border-box;">根據MII狀態暫存器(暫存器1)(1.15:11)中設定的值或等效值設定</em>。 另見28.2.1.2.3和附件28D。<br style="box-sizing: border-box;" /></li></ul><h4 style="background-color: white; box-sizing: border-box; color: #262626; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Ubuntu, "Helvetica Neue", Helvetica, Arial, "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", "Source Han Sans CN", sans-serif; font-size: 18px; line-height: 1.1; margin-bottom: 10px; margin-top: 10px;"><a id="Link_codeword_encoding_182" style="background-color: transparent; box-sizing: border-box; color: #1abc9c; transition: all 0.3s ease-out 0s;"></a>Link codeword encoding(基本鏈路碼字)</h4><p style="background-color: white; box-sizing: border-box; color: #262626; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Ubuntu, "Helvetica Neue", Helvetica, Arial, "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", "Source Han Sans CN", sans-serif; font-size: 16px; line-height: 1.8; margin: 0px 0px 1.66667rem;"> 在FLP Burst內傳輸的基本鏈路程式碼字(基本頁面)應該傳達如圖28-7所示的編碼。 自動協商功能可以使用下一頁功能支援其他頁面。 下一頁交換中使用的連結程式碼字的編碼在28.2.3.4中定義。 在FLP Burst中,D0應該是第一個傳輸的位。<br style="box-sizing: border-box;" /></p><h4 style="background-color: white; box-sizing: border-box; color: #262626; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Ubuntu, "Helvetica Neue", Helvetica, Arial, "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", "Source Han Sans CN", sans-serif; font-size: 18px; line-height: 1.1; margin-bottom: 10px; margin-top: 10px;"><a id="Next_Page_function_186" style="background-color: transparent; box-sizing: border-box; color: #1abc9c; transition: all 0.3s ease-out 0s;"></a>Next Page function</h4><p style="background-color: white; box-sizing: border-box; color: #262626; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Ubuntu, "Helvetica Neue", Helvetica, Arial, "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", "Source Han Sans CN", sans-serif; font-size: 16px; line-height: 1.8; margin: 0px 0px 1.66667rem;"> 下一頁功能使用標準的自動協商仲裁機制來允許交換任意的資料。 資料由可選的下一頁資訊攜帶,其遵循用於基本連結碼字的傳輸和確認過程。 定義了四種類型的下一頁編碼:訊息頁面,未格式化頁面,擴充套件訊息頁面和擴充套件的未格式化頁面。<br style="box-sizing: border-box;" /> 關於該部分,具體見IEEE標準的28.2.3.4 Next Page function。<br style="box-sizing: border-box;" /> 在IEEE標準中,Auto-Negotiation Advertisement Register中的各部分全部是在獨立章節中進行介紹的。具體如下:</p><ul style="background-color: white; box-sizing: border-box; color: #262626; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Ubuntu, "Helvetica Neue", Helvetica, Arial, "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", "Source Han Sans CN", sans-serif; font-size: 16px; list-style-position: outside; margin-bottom: 20px; margin-top: 0px; padding-left: 2em;"><li style="box-sizing: border-box; margin-bottom: 10px;">Selector Field:選擇器欄位(S [4:0])是一個5位寬的欄位,編碼32個可能的訊息。 鏈路碼字中的選擇器欄位S [4:0]應用於識別自動協商傳送的訊息的型別。 下表列出了可能傳送的訊息的型別。 隨著新訊息的發展,該表格將相應更新。<br style="box-sizing: border-box;" /><br style="box-sizing: border-box;" />未指定的組合保留供將來使用。 不會傳輸選擇器欄位的預留組合。***我們所接觸的乙太網PHY遵從IEEE802.3規範,Selector Field=0001,該區域不可隨意更改(很多PHY將此區域設計為只讀暫存器,以免被修改)***。</li><li style="box-sizing: border-box; margin-bottom: 10px;">Technology Ability Field:技術能力欄位(A [6:0])是一個7位寬的欄位,其中包含指示選擇器欄位值特定的支援技術的資訊。 這些位被對映到各個技術,以便能夠針對單個選擇器欄位值並行通告能力。 附錄28B.2和附件28D描述了IEEE 802.3選擇器的技術能力欄位編碼。 連結程式碼字中可能會公佈多種技術。 裝置應支援其宣傳的技術的資料服務能力。<br style="box-sizing: border-box;" /></li><li style="box-sizing: border-box; margin-bottom: 10px;">Extended Next Page:擴充套件下一頁(XNP)被編碼在基本鏈路碼字的位D12中。 擴充套件下一頁位指示本地裝置在設定為邏輯1時支援擴充套件下一頁的傳輸,並指示本地裝置在設定為邏輯0時不支援擴充套件下一頁。 Extended Next Page的使用與協商的資料速率,媒體或連結技術是正交的。 擴充套件下一頁位按照28.2.3.4中的擴充套件下一頁功能規範使用。</li><li style="box-sizing: border-box; margin-bottom: 10px;">Next Page:無論選擇器欄位值還是連結碼字編碼,下一頁(NP)都在D15位編碼。 支援附加連結碼字編碼的傳輸和接收是可選的。 如果不支援Next Page功能,NP位應始終設定為邏輯0。 如果裝置實現下一頁功能並希望進行下一頁交換,則應將NP位設定為邏輯1。 裝置可以實現下一頁功能,並通過將NP位設定為邏輯0來選擇不參與下一頁交換。 下一頁功能在28.2.3.4中定義。</li><li style="box-sizing: border-box; margin-bottom: 10px;">Remote Fault:遠端故障(RF)編碼在基本鏈路碼字的位D13中。 預設值是邏輯零。 遠端故障位為傳輸簡單的故障資訊提供了一種標準的傳輸機制。 當自動協商通告暫存器(暫存器4)中的RF位設定為邏輯1時,傳送的基本鏈路碼字中的RF位被設定為邏輯1。 當接收到的基本鏈路程式碼字中的RF位被設定為邏輯1時,如果存在MII管理功能,則MII狀態暫存器(暫存器1)中的遠端故障位將被設定為邏輯1。</li></ul><h3 style="background-color: white; border-left: 4px solid rgb(26, 188, 156); box-sizing: border-box; color: #262626; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Ubuntu, "Helvetica Neue", Helvetica, Arial, "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", "Source Han Sans CN", sans-serif; font-size: 1.5rem; line-height: 1.2; margin: 30px 0px 20px; padding-left: 10px;"><a name="t11" style="background-color: transparent; box-sizing: border-box; color: #1abc9c; transition: all 0.3s ease-out 0s;"></a><a name="t11" style="background-color: transparent; box-sizing: border-box; color: #1abc9c; transition: all 0.3s ease-out 0s;"></a><a id="AutoNegotiation_Link_Partner_ability_register_Register_5_RO_200" style="background-color: transparent; box-sizing: border-box; color: #1abc9c; transition: all 0.3s ease-out 0s;"></a>Auto-Negotiation Link Partner ability register (Register 5) (RO)</h3><p style="background-color: white; box-sizing: border-box; color: #262626; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Ubuntu, "Helvetica Neue", Helvetica, Arial, "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", "Source Han Sans CN", sans-serif; font-size: 16px; line-height: 1.8; margin: 0px 0px 1.66667rem;"> 暫存器5儲存的是本端PHY接收到的對端PHY所通告的埠能力,暫存器5的結構和暫存器4基本一致。</p><h3 style="background-color: white; border-left: 4px solid rgb(26, 188, 156); box-sizing: border-box; color: #262626; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Ubuntu, "Helvetica Neue", Helvetica, Arial, "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", "Source Han Sans CN", sans-serif; font-size: 1.5rem; line-height: 1.2; margin: 30px 0px 20px; padding-left: 10px;"><a name="t12" style="background-color: transparent; box-sizing: border-box; color: #1abc9c; transition: all 0.3s ease-out 0s;"></a><a name="t12" style="background-color: transparent; box-sizing: border-box; color: #1abc9c; transition: all 0.3s ease-out 0s;"></a><a id="AutoNegotiation_Expansion_Register_Register_6_RO_203" style="background-color: transparent; box-sizing: border-box; color: #1abc9c; transition: all 0.3s ease-out 0s;"></a>Auto-Negotiation Expansion Register (Register 6) (RO)</h3><p style="background-color: white; box-sizing: border-box; color: #262626; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Ubuntu, "Helvetica Neue", Helvetica, Arial, "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", "Source Han Sans CN", sans-serif; font-size: 16px; line-height: 1.8; margin: 0px 0px 1.66667rem;"> 暫存器6儲存了PHY自動協商過程的異常資訊。從這個寄存其中我們可以獲取到Link Partner子否支援自動協商以及自動協商下一頁有沒有收到的資訊。<br style="box-sizing: border-box;" /></p><h3 style="background-color: white; border-left: 4px solid rgb(26, 188, 156); box-sizing: border-box; color: #262626; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Ubuntu, "Helvetica Neue", Helvetica, Arial, "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", "Source Han Sans CN", sans-serif; font-size: 1.5rem; line-height: 1.2; margin: 30px 0px 20px; padding-left: 10px;"><a name="t13" style="background-color: transparent; box-sizing: border-box; color: #1abc9c; transition: all 0.3s ease-out 0s;"></a><a name="t13" style="background-color: transparent; box-sizing: border-box; color: #1abc9c; transition: all 0.3s ease-out 0s;"></a><a id="AutoNegotiation_Next_Page_transmit_register_Register_7_RW_207" style="background-color: transparent; box-sizing: border-box; color: #1abc9c; transition: all 0.3s ease-out 0s;"></a>Auto-Negotiation Next Page transmit register (Register 7) (R/W)</h3><p style="background-color: white; box-sizing: border-box; color: #262626; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Ubuntu, "Helvetica Neue", Helvetica, Arial, "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", "Source Han Sans CN", sans-serif; font-size: 16px; line-height: 1.8; margin: 0px 0px 1.66667rem;"> 自動協商下一頁傳送暫存器包含在支援下一頁功能時要傳送的下一頁連結碼字。 (見表28-6)內容在28.2.3.4中定義。 上電時,該暫存器應包含預設值2001H,該值表示訊息程式碼設定為Null訊息的訊息頁面。 該值可以由裝置希望傳輸的任何有效的下一頁訊息程式碼替換。 寫入該暫存器應將mr_next_page_loaded設定為true。<br style="box-sizing: border-box;" /></p><h3 style="background-color: white; border-left: 4px solid rgb(26, 188, 156); box-sizing: border-box; color: #262626; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Ubuntu, "Helvetica Neue", Helvetica, Arial, "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", "Source Han Sans CN", sans-serif; font-size: 1.5rem; line-height: 1.2; margin: 30px 0px 20px; padding-left: 10px;"><a name="t14" style="background-color: transparent; box-sizing: border-box; color: #1abc9c; transition: all 0.3s ease-out 0s;"></a><a name="t14" style="background-color: transparent; box-sizing: border-box; color: #1abc9c; transition: all 0.3s ease-out 0s;"></a><a id="AutoNegotiation_Link_Partner_Received_Next_Page_register_Register_8_RO_211" style="background-color: transparent; box-sizing: border-box; color: #1abc9c; transition: all 0.3s ease-out 0s;"></a>Auto-Negotiation Link Partner Received Next Page register (Register 8) (RO)</h3><p style="background-color: white; box-sizing: border-box; color: #262626; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Ubuntu, "Helvetica Neue", Helvetica, Arial, "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", "Source Han Sans CN", sans-serif; font-size: 16px; line-height: 1.8; margin: 0px 0px 1.66667rem;"></p><p style="background-color: white; box-sizing: border-box; color: #262626; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Ubuntu, "Helvetica Neue", Helvetica, Arial, "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", "Source Han Sans CN", sans-serif; font-size: 16px; line-height: 1.8; margin: 0px 0px 1.66667rem;"></p><p style="background-color: white; box-sizing: border-box; color: #262626; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Ubuntu, "Helvetica Neue", Helvetica, Arial, "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei UI", "Microsoft YaHei", "Source Han Sans CN", sans-serif; font-size: 16px; line-height: 1.8; margin: 0px 0px 1.66667rem;"><i>https://blog.csdn.net/sternlycore/article/details/89065789</i></p>髒圳嘎http://www.blogger.com/profile/17184209061223272557noreply@blogger.com0tag:blogger.com,1999:blog-2937680267848947674.post-25830953277202834892020-11-17T11:28:00.002+08:002020-11-17T11:28:13.716+08:00GPON Type B保護<p><span style="font-size: xx-small;"><i>from:https://blog.csdn.net/derek_yi/article/details/8743146 </i></span><br /><span style="box-sizing: border-box; color: #4d4d4d; font-family: 宋体; font-size: 13px; line-height: 18px; margin: 0px; outline: 0px; overflow-wrap: break-word; padding: 0px;"><br />GPON TYPE B保護的組網圖如</span><a href="http://localhost:7890/pages/AZB0315V/02/AZB0315V/02/resources/feature/feature_1080.html?ft=0&fe=10&hib=3.3.17.10.6&id=AZB0315V_02_10950#feature_1080__fig_feature108001" style="box-sizing: border-box; color: #6795b5; cursor: pointer; font-family: 宋体; font-size: 13px; line-height: 18px; margin: 0px; outline: none; overflow-wrap: break-word; padding: 0px; text-decoration-line: none;">圖1</a><span style="box-sizing: border-box; color: #4d4d4d; font-family: 宋体; font-size: 13px; line-height: 18px; margin: 0px; outline: 0px; overflow-wrap: break-word; padding: 0px;">所示,相應的保護範圍包括OLT的主用和備用PON端口,主用和備用光纖。</span></p><p style="background-color: white; box-sizing: border-box; color: #4d4d4d; font-family: -apple-system, "SF UI Text", Arial, "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei", "WenQuanYi Micro Hei", sans-serif, SimHei, SimSun; font-size: 16px; line-height: 26px !important; margin: 0px 0px 16px; outline: 0px; overflow-wrap: break-word; overflow: auto hidden; padding: 0px;"><span style="box-sizing: border-box; font-family: 宋体; font-size: 13px; line-height: 18px; margin: 0px; outline: 0px; overflow-wrap: break-word; padding: 0px;"><img alt="" src="https://img-my.csdn.net/uploads/201303/31/1364716333_2509.png" style="border: 0px; box-sizing: border-box; cursor: zoom-in; height: auto; max-width: 100%; outline: none; overflow-wrap: break-word;" /><br style="box-sizing: border-box; outline: 0px; overflow-wrap: break-word;" /></span></p><p style="background-color: white; box-sizing: border-box; color: #4d4d4d; font-family: -apple-system, "SF UI Text", Arial, "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei", "WenQuanYi Micro Hei", sans-serif, SimHei, SimSun; font-size: 16px; line-height: 26px !important; margin: 0px 0px 16px; outline: 0px; overflow-wrap: break-word; overflow: auto hidden; padding: 0px;"></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgR6gBuyVhidMxGMrMWqZO73kAoIiDgeSajBK_voET4EK5hVGf6CA_PKhxgJ-wERGSgkotVYl8WDF4jH-ja3jUTNVnnkyOryHttoLzRjtEcdjSRd3_MtHL6V_XPRIjNULZnKt1vyetLaCI/s413/1364716333_2509.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="189" data-original-width="413" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgR6gBuyVhidMxGMrMWqZO73kAoIiDgeSajBK_voET4EK5hVGf6CA_PKhxgJ-wERGSgkotVYl8WDF4jH-ja3jUTNVnnkyOryHttoLzRjtEcdjSRd3_MtHL6V_XPRIjNULZnKt1vyetLaCI/s320/1364716333_2509.png" width="320" /></a></div><br /><span style="box-sizing: border-box; font-family: 宋体; font-size: 13px; line-height: 18px; margin: 0px; outline: 0px; overflow-wrap: break-word; padding: 0px;"><br style="box-sizing: border-box; outline: 0px; overflow-wrap: break-word;" /></span><p></p><p style="background-color: white; box-sizing: border-box; color: #4d4d4d; font-family: -apple-system, "SF UI Text", Arial, "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei", "WenQuanYi Micro Hei", sans-serif, SimHei, SimSun; font-size: 16px; line-height: 26px !important; margin: 0px 0px 16px; outline: 0px; overflow-wrap: break-word; overflow: auto hidden; padding: 0px;"><span style="box-sizing: border-box; font-family: 宋体; font-size: 13px; line-height: 18px; margin: 0px; outline: 0px; overflow-wrap: break-word; padding: 0px;"><span style="box-sizing: border-box; line-height: 18px; margin: 0px; outline: 0px; overflow-wrap: break-word; padding: 0px;"><span style="box-sizing: border-box; outline: 0px; overflow-wrap: break-word; vertical-align: inherit;"><span style="box-sizing: border-box; outline: 0px; overflow-wrap: break-word; vertical-align: inherit;">場景一:PON口工作過程中主用光纖斷,如</span></span></span><a href="http://localhost:7890/pages/AZB0315V/02/AZB0315V/02/resources/feature/feature_1080.html?ft=0&fe=10&hib=3.3.17.10.6&id=AZB0315V_02_10950#feature_1080__fig_feature108002" style="box-sizing: border-box; color: #6795b5; cursor: pointer; line-height: 18px; margin: 0px; outline: none; overflow-wrap: break-word; padding: 0px; text-decoration-line: none;"><span style="box-sizing: border-box; outline: 0px; overflow-wrap: break-word; vertical-align: inherit;"><span style="box-sizing: border-box; outline: 0px; overflow-wrap: break-word; vertical-align: inherit;">圖2</span></span></a><span style="box-sizing: border-box; line-height: 18px; margin: 0px; outline: 0px; overflow-wrap: break-word; padding: 0px;"><span style="box-sizing: border-box; outline: 0px; overflow-wrap: break-word; vertical-align: inherit;"><span style="box-sizing: border-box; outline: 0px; overflow-wrap: break-word; vertical-align: inherit;">所示。</span></span></span><br style="box-sizing: border-box; outline: 0px; overflow-wrap: break-word;" /></span></p><p style="background-color: white; box-sizing: border-box; color: #4d4d4d; font-family: -apple-system, "SF UI Text", Arial, "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei", "WenQuanYi Micro Hei", sans-serif, SimHei, SimSun; font-size: 16px; line-height: 26px !important; margin: 0px 0px 16px; outline: 0px; overflow-wrap: break-word; overflow: auto hidden; padding: 0px;"><span style="box-sizing: border-box; font-family: 宋体; font-size: 13px; line-height: 18px; margin: 0px; outline: 0px; overflow-wrap: break-word; padding: 0px;"><span style="box-sizing: border-box; line-height: 18px; margin: 0px; outline: 0px; overflow-wrap: break-word; padding: 0px;"><span style="box-sizing: border-box; outline: 0px; overflow-wrap: break-word; vertical-align: inherit;"></span></span></span></p><div class="separator" style="clear: both; text-align: center;"><span style="box-sizing: border-box; outline: 0px; overflow-wrap: break-word; vertical-align: inherit;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiZN4LlGn289fQ0QR3RJzJ0c1RIE-ksDHyYGpbs0LpLLQ_rzhnyr-Z2V-rtRwwu4szZnOuDdPxIJYEUG1Fh9F3W1oiNVIiLomZEb7g_u2jAi1m-l7g7Evkd3hpnwHVPXRXH7USx187GAPs/s413/1364716365_8646.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="189" data-original-width="413" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiZN4LlGn289fQ0QR3RJzJ0c1RIE-ksDHyYGpbs0LpLLQ_rzhnyr-Z2V-rtRwwu4szZnOuDdPxIJYEUG1Fh9F3W1oiNVIiLomZEb7g_u2jAi1m-l7g7Evkd3hpnwHVPXRXH7USx187GAPs/s320/1364716365_8646.png" width="320" /></a></span></div><span style="box-sizing: border-box; outline: 0px; overflow-wrap: break-word; vertical-align: inherit;"><br /><span style="box-sizing: border-box; outline: 0px; overflow-wrap: break-word; vertical-align: inherit;"><br /></span></span><p></p><p style="background-color: white; box-sizing: border-box; color: #4d4d4d; font-family: -apple-system, "SF UI Text", Arial, "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei", "WenQuanYi Micro Hei", sans-serif, SimHei, SimSun; font-size: 16px; line-height: 26px !important; margin: 0px 0px 16px; outline: 0px; overflow-wrap: break-word; overflow: auto hidden; padding: 0px;"><span style="box-sizing: border-box; font-family: 宋体; font-size: 13px; line-height: 18px; margin: 0px; outline: 0px; overflow-wrap: break-word; padding: 0px;"><img alt="" src="https://img-my.csdn.net/uploads/201303/31/1364716365_8646.png" style="border: 0px; box-sizing: border-box; cursor: zoom-in; height: auto; max-width: 100%; outline: none; overflow-wrap: break-word;" /><br style="box-sizing: border-box; outline: 0px; overflow-wrap: break-word;" /></span></p><p style="background-color: white; box-sizing: border-box; color: #4d4d4d; font-family: -apple-system, "SF UI Text", Arial, "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei", "WenQuanYi Micro Hei", sans-serif, SimHei, SimSun; font-size: 16px; line-height: 26px !important; margin: 0px 0px 16px; outline: 0px; overflow-wrap: break-word; overflow: auto hidden; padding: 0px;"><span style="box-sizing: border-box; font-family: 宋体; font-size: 13px; line-height: 18px; margin: 0px; outline: 0px; overflow-wrap: break-word; padding: 0px;"><span style="box-sizing: border-box; outline: 0px; overflow-wrap: break-word; vertical-align: inherit;"><span style="box-sizing: border-box; outline: 0px; overflow-wrap: break-word; vertical-align: inherit;">Standby PON口在進入Standby狀態後,啟動上行光信號檢測功能。</span></span><br style="box-sizing: border-box; outline: 0px; overflow-wrap: break-word;" /><span style="box-sizing: border-box; outline: 0px; overflow-wrap: break-word; vertical-align: inherit;"><span style="box-sizing: border-box; outline: 0px; overflow-wrap: break-word; vertical-align: inherit;">Active PON口檢測到LOS告警(主用光纖斷引起的LOS告警),立即關閉主用GPON端口光模塊發送功能。</span></span><br style="box-sizing: border-box; outline: 0px; overflow-wrap: break-word;" /><span style="box-sizing: border-box; outline: 0px; overflow-wrap: break-word; vertical-align: inherit;"><span style="box-sizing: border-box; outline: 0px; overflow-wrap: break-word; vertical-align: inherit;">Standby PON口檢測到主用PON口LOS告警,打開GPON端口光模塊發送功能並進行ONU測試操作。</span></span><br style="box-sizing: border-box; outline: 0px; overflow-wrap: break-word;" /><span style="box-sizing: border-box; outline: 0px; overflow-wrap: break-word; vertical-align: inherit;"><span style="box-sizing: border-box; outline: 0px; overflow-wrap: break-word; vertical-align: inherit;">如果Standby PON口光纖正常,並發現ONU,便上報端口LOS恢復告警。</span></span><br style="box-sizing: border-box; outline: 0px; overflow-wrap: break-word;" /><span style="box-sizing: border-box; outline: 0px; overflow-wrap: break-word; vertical-align: inherit;"><span style="box-sizing: border-box; outline: 0px; overflow-wrap: break-word; vertical-align: inherit;">Active PON口切換為Standby狀態,並啟動上行光檢測功能。</span><span style="box-sizing: border-box; outline: 0px; overflow-wrap: break-word; vertical-align: inherit;">Standby PON口被設置為Active狀態。</span><span style="box-sizing: border-box; outline: 0px; overflow-wrap: break-word; vertical-align: inherit;">至此倒換處理過程結束。</span></span><br style="box-sizing: border-box; outline: 0px; overflow-wrap: break-word;" /></span></p><p style="background-color: white; box-sizing: border-box; color: #4d4d4d; font-family: -apple-system, "SF UI Text", Arial, "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei", "WenQuanYi Micro Hei", sans-serif, SimHei, SimSun; font-size: 16px; line-height: 26px !important; margin: 0px 0px 16px; outline: 0px; overflow-wrap: break-word; overflow: auto hidden; padding: 0px;"><span style="box-sizing: border-box; font-family: 宋体; font-size: 13px; line-height: 18px; margin: 0px; outline: 0px; overflow-wrap: break-word; padding: 0px;"><br style="box-sizing: border-box; outline: 0px; overflow-wrap: break-word;" /></span></p><p style="background-color: white; box-sizing: border-box; color: #4d4d4d; font-family: -apple-system, "SF UI Text", Arial, "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei", "WenQuanYi Micro Hei", sans-serif, SimHei, SimSun; font-size: 16px; line-height: 26px !important; margin: 0px 0px 16px; outline: 0px; overflow-wrap: break-word; overflow: auto hidden; padding: 0px;"><span style="box-sizing: border-box; font-family: 宋体; font-size: 13px; line-height: 18px; margin: 0px; outline: 0px; overflow-wrap: break-word; padding: 0px;"><span style="box-sizing: border-box; line-height: 18px; margin: 0px; outline: 0px; overflow-wrap: break-word; padding: 0px;"><span style="box-sizing: border-box; outline: 0px; overflow-wrap: break-word; vertical-align: inherit;"><span style="box-sizing: border-box; outline: 0px; overflow-wrap: break-word; vertical-align: inherit;">場景二:PON口相關聯的ONU全部離線,如</span></span></span><a href="http://localhost:7890/pages/AZB0315V/02/AZB0315V/02/resources/feature/feature_1080.html?ft=0&fe=10&hib=3.3.17.10.6&id=AZB0315V_02_10950#feature_1080__fig_feature108003" style="box-sizing: border-box; color: #6795b5; cursor: pointer; line-height: 18px; margin: 0px; outline: none; overflow-wrap: break-word; padding: 0px; text-decoration-line: none;"><span style="box-sizing: border-box; outline: 0px; overflow-wrap: break-word; vertical-align: inherit;"><span style="box-sizing: border-box; outline: 0px; overflow-wrap: break-word; vertical-align: inherit;">圖3</span></span></a><span style="box-sizing: border-box; line-height: 18px; margin: 0px; outline: 0px; overflow-wrap: break-word; padding: 0px;"><span style="box-sizing: border-box; outline: 0px; overflow-wrap: break-word; vertical-align: inherit;"><span style="box-sizing: border-box; outline: 0px; overflow-wrap: break-word; vertical-align: inherit;">所示。</span></span></span><br style="box-sizing: border-box; outline: 0px; overflow-wrap: break-word;" /></span></p><p style="background-color: white; box-sizing: border-box; color: #4d4d4d; font-family: -apple-system, "SF UI Text", Arial, "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei", "WenQuanYi Micro Hei", sans-serif, SimHei, SimSun; font-size: 16px; line-height: 26px !important; margin: 0px 0px 16px; outline: 0px; overflow-wrap: break-word; overflow: auto hidden; padding: 0px;"><span style="box-sizing: border-box; font-family: 宋体; font-size: 13px; line-height: 18px; margin: 0px; outline: 0px; overflow-wrap: break-word; padding: 0px;"><span style="box-sizing: border-box; line-height: 18px; margin: 0px; outline: 0px; overflow-wrap: break-word; padding: 0px;"><span style="box-sizing: border-box; outline: 0px; overflow-wrap: break-word; vertical-align: inherit;"></span></span></span></p><div class="separator" style="clear: both; text-align: center;"><span style="box-sizing: border-box; outline: 0px; overflow-wrap: break-word; vertical-align: inherit;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhMl_mDoHhNimdN-F5ot9iI6sT4Gt1nrVmBvBqds48lnSkQ5-AVG1mrfaiFgsYvJWCai_7B5EmB63Ut0W10ueG_Szuzwdd5enE2ZLnyOwTkeGIy1HpY2V0cBSZHYWwFH8hT2sGE_kXeL00/s413/1364716390_4509.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="189" data-original-width="413" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhMl_mDoHhNimdN-F5ot9iI6sT4Gt1nrVmBvBqds48lnSkQ5-AVG1mrfaiFgsYvJWCai_7B5EmB63Ut0W10ueG_Szuzwdd5enE2ZLnyOwTkeGIy1HpY2V0cBSZHYWwFH8hT2sGE_kXeL00/s320/1364716390_4509.png" width="320" /></a></span></div><span style="box-sizing: border-box; outline: 0px; overflow-wrap: break-word; vertical-align: inherit;"><br /><span style="box-sizing: border-box; outline: 0px; overflow-wrap: break-word; vertical-align: inherit;"><br /></span></span><p></p><p style="background-color: white; box-sizing: border-box; color: #4d4d4d; font-family: -apple-system, "SF UI Text", Arial, "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei", "WenQuanYi Micro Hei", sans-serif, SimHei, SimSun; font-size: 16px; line-height: 26px !important; margin: 0px 0px 16px; outline: 0px; overflow-wrap: break-word; overflow: auto hidden; padding: 0px;"><span style="box-sizing: border-box; font-family: 宋体; font-size: 13px; line-height: 18px; margin: 0px; outline: 0px; overflow-wrap: break-word; padding: 0px;"><img alt="" src="https://img-my.csdn.net/uploads/201303/31/1364716390_4509.png" style="border: 0px; box-sizing: border-box; cursor: zoom-in; height: auto; max-width: 100%; outline: none; overflow-wrap: break-word;" /><br style="box-sizing: border-box; outline: 0px; overflow-wrap: break-word;" /></span></p><p style="background-color: white; box-sizing: border-box; color: #4d4d4d; font-family: -apple-system, "SF UI Text", Arial, "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei", "WenQuanYi Micro Hei", sans-serif, SimHei, SimSun; font-size: 16px; line-height: 26px !important; margin: 0px 0px 16px; outline: 0px; overflow-wrap: break-word; overflow: auto hidden; padding: 0px;"><span style="box-sizing: border-box; font-family: 宋体; font-size: 13px; line-height: 18px; margin: 0px; outline: 0px; overflow-wrap: break-word; padding: 0px;"><span style="box-sizing: border-box; outline: 0px; overflow-wrap: break-word; vertical-align: inherit;"><span style="box-sizing: border-box; outline: 0px; overflow-wrap: break-word; vertical-align: inherit;">Standby PON口在進入Standby狀態後,啟動上行光信號檢測功能。</span></span><br style="box-sizing: border-box; outline: 0px; overflow-wrap: break-word;" /><span style="box-sizing: border-box; outline: 0px; overflow-wrap: break-word; vertical-align: inherit;"><span style="box-sizing: border-box; outline: 0px; overflow-wrap: break-word; vertical-align: inherit;">Active PON口檢測到LOS告警(所有ONU全部離線引起的LOS告警),立即關閉GPON端口光模塊發送功能。</span></span><br style="box-sizing: border-box; outline: 0px; overflow-wrap: break-word;" /><span style="box-sizing: border-box; outline: 0px; overflow-wrap: break-word; vertical-align: inherit;"><span style="box-sizing: border-box; outline: 0px; overflow-wrap: break-word; vertical-align: inherit;">Standby PON口檢測到主用PON口LOS告警,打開GPON端口光模塊發送功能並進行ONU測試操作。</span></span><br style="box-sizing: border-box; outline: 0px; overflow-wrap: break-word;" /><span style="box-sizing: border-box; outline: 0px; overflow-wrap: break-word; vertical-align: inherit;"><span style="box-sizing: border-box; outline: 0px; overflow-wrap: break-word; vertical-align: inherit;">由於PON口下沒有ONU在線,設備會一直進行主用端口與備用端口的循環檢測,直到有ONU上線。</span></span><br style="box-sizing: border-box; outline: 0px; overflow-wrap: break-word;" /><span style="box-sizing: border-box; outline: 0px; overflow-wrap: break-word; vertical-align: inherit;"><span style="box-sizing: border-box; outline: 0px; overflow-wrap: break-word; vertical-align: inherit;">當ONU上線的時候,PON端口沒有進行倒換。</span></span></span></p>髒圳嘎http://www.blogger.com/profile/17184209061223272557noreply@blogger.com0tag:blogger.com,1999:blog-2937680267848947674.post-18350164551938830442020-11-10T11:42:00.000+08:002020-11-10T11:42:07.781+08:00MACsec on Linux<div style="text-align: left;"><span style="font-size: xx-small;"> from https://nextheader.net/2016/10/14/macsec-on-linux/</span></div><div style="text-align: left;"><span style="font-size: xx-small;"><br /></span></div><div style="text-align: left;"><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: sans-serif; font-size: 15px; line-height: 1.5em; margin: 1em 0px;">Starting with kernel 4.6, <a href="https://kernelnewbies.org/Linux_4.6#head-8b8146ce3054d61fae7f5e2dd5331488d0809031" style="background-color: transparent; box-sizing: border-box; color: #135995; text-decoration-line: none;">support for MACsec has been added in Linux</a> so it won’t be needed to use a release candidate to test this feature.</p><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: sans-serif; font-size: 15px; line-height: 1.5em; margin: 1em 0px;">There are two ways to implement MACsec:</p><ul style="background-color: white; box-sizing: border-box; color: #333333; font-family: sans-serif; font-size: 15px; margin-bottom: 10px; margin-top: 0px; padding-left: 15px;"><li style="box-sizing: border-box; padding-bottom: 0.3em; padding-top: 0.3em;">manually configure secure channel(SC), security association(SA) and the keys(this is what we are going to see)</li><li style="box-sizing: border-box; padding-bottom: 0.3em; padding-top: 0.3em;">use dot1x with MACsec extensions that allows dynamic discovery of MACsec peers, SA and SC setup, key generation and distribution</li></ul><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: sans-serif; font-size: 15px; line-height: 1.5em; margin: 1em 0px;">This is the topology that is being used to demonstrate most of the implementation of MACsec on Linux and the purpose is to have connectivity between the two hosts using MACsec.</p><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: sans-serif; font-size: 15px; line-height: 1.5em; margin: 1em 0px;"> </p><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: sans-serif; font-size: 15px; line-height: 1.5em; margin: 1em 0px;"><img alt="linux_macsec_single" class="aligncenter size-large wp-image-864" height="330" sizes="(max-width: 1024px) 100vw, 1024px" src="https://nextheader.net/wp/wp-content/uploads/2016/10/linux_macsec_single-1024x330.png" srcset="https://nextheader.net/wp/wp-content/uploads/2016/10/linux_macsec_single-1024x330.png 1024w, https://nextheader.net/wp/wp-content/uploads/2016/10/linux_macsec_single-300x97.png 300w, https://nextheader.net/wp/wp-content/uploads/2016/10/linux_macsec_single-768x248.png 768w, https://nextheader.net/wp/wp-content/uploads/2016/10/linux_macsec_single.png 1346w" style="border: none; box-sizing: border-box; display: block; height: auto; margin: 0.3rem auto 2rem; max-width: 100%; vertical-align: middle;" width="1024" /></p><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: sans-serif; font-size: 15px; line-height: 1.5em; margin: 1em 0px;"><span id="more-861" style="box-sizing: border-box;"></span></p><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: sans-serif; font-size: 15px; line-height: 1.5em; margin: 1em 0px;">Between the two hosts there is a L2VPN that is provided by the QFX10K switches.</p><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: sans-serif; font-size: 15px; line-height: 1.5em; margin: 1em 0px;">I won’t discuss how to set up the L2VPN as we already did this several times, one example being <a href="https://nextheader.net/2016/10/05/l2circuit-for-l2-protocol-tunneling/" style="background-color: transparent; box-sizing: border-box; color: #135995; text-decoration-line: none;">L2circuit for L2 protocol tunneling</a>.</p><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: sans-serif; font-size: 15px; line-height: 1.5em; margin: 1em 0px;">On top of this, we want to have additional security at Layer 2 between the two Linux hosts, hence MACsec is the suitable option here.</p><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: sans-serif; font-size: 15px; line-height: 1.5em; margin: 1em 0px;">There are few prerequisites for running MACsec on Linux. I won’t mention here that you need a kernel that supports MACsec:</p><ul style="background-color: white; box-sizing: border-box; color: #333333; font-family: sans-serif; font-size: 15px; margin-bottom: 10px; margin-top: 0px; padding-left: 15px;"><li style="box-sizing: border-box; padding-bottom: 0.3em; padding-top: 0.3em;">add the macsec module in kernel</li><li style="box-sizing: border-box; padding-bottom: 0.3em; padding-top: 0.3em;">install the latest version of iproute2</li></ul><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: sans-serif; font-size: 15px; line-height: 1.5em; margin: 1em 0px;">This is how you perform these two operations</p><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: sans-serif; font-size: 15px; line-height: 1.5em; margin: 1em 0px;"> </p><pre style="background-color: whitesmoke; border-radius: 4px; border: 1px solid rgb(204, 204, 204); box-sizing: border-box; color: #333333; font-family: Menlo, Monaco, Consolas, "Courier New", monospace; font-size: 13px; line-height: 1.42857; margin-bottom: 10px; margin-top: 0px; overflow-wrap: break-word; overflow: auto; padding: 9.5px; white-space: pre-wrap; word-break: break-all;"><span style="box-sizing: border-box; color: red;">git clone git://git.kernel.org/pub/scm/linux/kernel/git/shemminger/iproute2.git</span>
<span style="box-sizing: border-box; color: red;">cd iproute2/</span>
<span style="box-sizing: border-box; color: red;">./configure</span>
<span style="box-sizing: border-box; color: red;">make</span>
<span style="box-sizing: border-box; color: red;">make install</span>
<span style="box-sizing: border-box; color: red;">modprobe macsec</span></pre><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: sans-serif; font-size: 15px; line-height: 1.5em; margin: 1em 0px;"> </p><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: sans-serif; font-size: 15px; line-height: 1.5em; margin: 1em 0px;">So let’s move further with the configuration.</p><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: sans-serif; font-size: 15px; line-height: 1.5em; margin: 1em 0px;">The required steps to configure MACsec are the following:</p><ul style="background-color: white; box-sizing: border-box; color: #333333; font-family: sans-serif; font-size: 15px; margin-bottom: 10px; margin-top: 0px; padding-left: 15px;"><li style="box-sizing: border-box; padding-bottom: 0.3em; padding-top: 0.3em;">create a MACsec device on the physical link over the traffic will be received and sent</li><li style="box-sizing: border-box; padding-bottom: 0.3em; padding-top: 0.3em;">configure a secure association on the MACsec device</li><li style="box-sizing: border-box; padding-bottom: 0.3em; padding-top: 0.3em;">configure a receive channel(you will need to use the peer MAC address as parameter)</li><li style="box-sizing: border-box; padding-bottom: 0.3em; padding-top: 0.3em;">configure a receive association(you will need to use the peer MAC address as parameter)</li></ul><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: sans-serif; font-size: 15px; line-height: 1.5em; margin: 1em 0px;">First we need to know the MAC addresses of the two hosts between which MACsec will be configured. Each host needs to know from what MAC address will receive protected traffic.</p><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: sans-serif; font-size: 15px; line-height: 1.5em; margin: 1em 0px;">This is UBUNTU-1:</p><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: sans-serif; font-size: 15px; line-height: 1.5em; margin: 1em 0px;"> </p><pre style="background-color: whitesmoke; border-radius: 4px; border: 1px solid rgb(204, 204, 204); box-sizing: border-box; color: #333333; font-family: Menlo, Monaco, Consolas, "Courier New", monospace; font-size: 13px; line-height: 1.42857; margin-bottom: 10px; margin-top: 0px; overflow-wrap: break-word; overflow: auto; padding: 9.5px; white-space: pre-wrap; word-break: break-all;"><span style="box-sizing: border-box; color: red;">root@UBUNTU-1:~# ifconfig eth1</span>
<span style="box-sizing: border-box; color: red;">eth1 Link encap:Ethernet HWaddr 56:68:a6:6f:08:d1</span>
<span style="box-sizing: border-box; color: red;"> inet6 addr: fe80::5468:a6ff:fe6f:8d1/64 Scope:Link</span>
<span style="box-sizing: border-box; color: red;"> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1</span>
<span style="box-sizing: border-box; color: red;"> RX packets:114 errors:2 dropped:91 overruns:0 frame:2</span>
<span style="box-sizing: border-box; color: red;"> TX packets:158 errors:0 dropped:0 overruns:0 carrier:0</span>
<span style="box-sizing: border-box; color: red;"> collisions:0 txqueuelen:1000</span>
<span style="box-sizing: border-box; color: red;"> RX bytes:30957 (30.9 KB) TX bytes:26724 (26.7 KB)</span>
<span style="box-sizing: border-box; color: red;">root@UBUNTU-1:~#</span></pre><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: sans-serif; font-size: 15px; line-height: 1.5em; margin: 1em 0px;"> </p><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: sans-serif; font-size: 15px; line-height: 1.5em; margin: 1em 0px;">And this is UBUNTU-2:</p><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: sans-serif; font-size: 15px; line-height: 1.5em; margin: 1em 0px;"> </p><pre style="background-color: whitesmoke; border-radius: 4px; border: 1px solid rgb(204, 204, 204); box-sizing: border-box; color: #333333; font-family: Menlo, Monaco, Consolas, "Courier New", monospace; font-size: 13px; line-height: 1.42857; margin-bottom: 10px; margin-top: 0px; overflow-wrap: break-word; overflow: auto; padding: 9.5px; white-space: pre-wrap; word-break: break-all;"><span style="box-sizing: border-box; color: red;">root@UBUNTU-2:~# ifconfig eth1</span>
<span style="box-sizing: border-box; color: red;">eth1 Link encap:Ethernet HWaddr 56:68:a6:6f:08:d6</span>
<span style="box-sizing: border-box; color: red;"> inet6 addr: fe80::5468:a6ff:fe6f:8d6/64 Scope:Link</span>
<span style="box-sizing: border-box; color: red;"> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1</span>
<span style="box-sizing: border-box; color: red;"> RX packets:63 errors:2 dropped:36 overruns:0 frame:2</span>
<span style="box-sizing: border-box; color: red;"> TX packets:163 errors:0 dropped:0 overruns:0 carrier:0</span>
<span style="box-sizing: border-box; color: red;"> collisions:0 txqueuelen:1000</span>
<span style="box-sizing: border-box; color: red;"> RX bytes:15079 (15.0 KB) TX bytes:27392 (27.3 KB)</span>
<span style="box-sizing: border-box; color: red;">root@UBUNTU-2:~#</span></pre><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: sans-serif; font-size: 15px; line-height: 1.5em; margin: 1em 0px;"> </p><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: sans-serif; font-size: 15px; line-height: 1.5em; margin: 1em 0px;">Let’s see the configuration for UBUNTU-1(the last two commands are also adding an IP address on the newly created interface and bring it up so we can test later on the IP reachability between the hosts):</p><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: sans-serif; font-size: 15px; line-height: 1.5em; margin: 1em 0px;"> </p><pre style="background-color: whitesmoke; border-radius: 4px; border: 1px solid rgb(204, 204, 204); box-sizing: border-box; color: #333333; font-family: Menlo, Monaco, Consolas, "Courier New", monospace; font-size: 13px; line-height: 1.42857; margin-bottom: 10px; margin-top: 0px; overflow-wrap: break-word; overflow: auto; padding: 9.5px; white-space: pre-wrap; word-break: break-all;"><span style="box-sizing: border-box; color: blue;">ip link add link eth1 macsec0 type macsec</span></pre><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: sans-serif; font-size: 15px; line-height: 1.5em; margin: 1em 0px;"> </p><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: sans-serif; font-size: 15px; line-height: 1.5em; margin: 1em 0px;">Creates the MACsec device on eth1 interface</p><pre style="background-color: whitesmoke; border-radius: 4px; border: 1px solid rgb(204, 204, 204); box-sizing: border-box; color: #333333; font-family: Menlo, Monaco, Consolas, "Courier New", monospace; font-size: 13px; line-height: 1.42857; margin-bottom: 10px; margin-top: 0px; overflow-wrap: break-word; overflow: auto; padding: 9.5px; white-space: pre-wrap; word-break: break-all;"><span style="box-sizing: border-box; color: blue;">ip macsec add macsec0 tx sa 0 pn 1 on key 01 12345678901234567890123456789012</span></pre><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: sans-serif; font-size: 15px; line-height: 1.5em; margin: 1em 0px;"> </p><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: sans-serif; font-size: 15px; line-height: 1.5em; margin: 1em 0px;">Configure the transmit secure association, the packet number used as the start ID for the packets sent through this SA and the key.</p><pre style="background-color: whitesmoke; border-radius: 4px; border: 1px solid rgb(204, 204, 204); box-sizing: border-box; color: #333333; font-family: Menlo, Monaco, Consolas, "Courier New", monospace; font-size: 13px; line-height: 1.42857; margin-bottom: 10px; margin-top: 0px; overflow-wrap: break-word; overflow: auto; padding: 9.5px; white-space: pre-wrap; word-break: break-all;"><span style="box-sizing: border-box; color: blue;">ip macsec add macsec0 rx address 56:68:a5:c2:37:76 port 1</span>
<span style="box-sizing: border-box; color: blue;">ip macsec add macsec0 rx address 56:68:a5:c2:37:76 port 1 sa 0 pn 1 on key 02 09876543210987654321098765432109</span></pre><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: sans-serif; font-size: 15px; line-height: 1.5em; margin: 1em 0px;"> </p><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: sans-serif; font-size: 15px; line-height: 1.5em; margin: 1em 0px;">Configure the receive channel and receive association based on the peer MAC address, the port number, the first packet number expected and the key.</p><pre style="background-color: whitesmoke; border-radius: 4px; border: 1px solid rgb(204, 204, 204); box-sizing: border-box; color: #333333; font-family: Menlo, Monaco, Consolas, "Courier New", monospace; font-size: 13px; line-height: 1.42857; margin-bottom: 10px; margin-top: 0px; overflow-wrap: break-word; overflow: auto; padding: 9.5px; white-space: pre-wrap; word-break: break-all;"><span style="box-sizing: border-box; color: blue;">ip link set dev macsec0 up</span>
<span style="box-sizing: border-box; color: blue;">ifconfig macsec0 10.10.12.1/24</span></pre><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: sans-serif; font-size: 15px; line-height: 1.5em; margin: 1em 0px;"> </p><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: sans-serif; font-size: 15px; line-height: 1.5em; margin: 1em 0px;">These two bring up the interface and configure an IP address on macsec0 interface.</p><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: sans-serif; font-size: 15px; line-height: 1.5em; margin: 1em 0px;">Remember that the transmit SA key has to match the peer’s receive SA key and the other way around.</p><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: sans-serif; font-size: 15px; line-height: 1.5em; margin: 1em 0px;">And this is the configuration for UBUNTU-2:</p><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: sans-serif; font-size: 15px; line-height: 1.5em; margin: 1em 0px;"> </p><pre style="background-color: whitesmoke; border-radius: 4px; border: 1px solid rgb(204, 204, 204); box-sizing: border-box; color: #333333; font-family: Menlo, Monaco, Consolas, "Courier New", monospace; font-size: 13px; line-height: 1.42857; margin-bottom: 10px; margin-top: 0px; overflow-wrap: break-word; overflow: auto; padding: 9.5px; white-space: pre-wrap; word-break: break-all;"><span style="box-sizing: border-box; color: blue;">ip link add link eth1 macsec0 type macsec</span>
<span style="box-sizing: border-box; color: blue;">ip macsec add macsec0 tx sa 0 pn 1 on key 02 09876543210987654321098765432109</span>
<span style="box-sizing: border-box; color: blue;">ip macsec add macsec0 rx address 56:68:a5:c2:4c:14 port 1</span>
<span style="box-sizing: border-box; color: blue;">ip macsec add macsec0 rx address 56:68:a5:c2:4c:14 port 1 sa 0 pn 1 on key 01 12345678901234567890123456789012</span>
<span style="box-sizing: border-box; color: blue;">ip link set dev macsec0 up</span>
<span style="box-sizing: border-box; color: blue;">ifconfig macsec0 10.10.12.2/24</span></pre><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: sans-serif; font-size: 15px; line-height: 1.5em; margin: 1em 0px;"> </p><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: sans-serif; font-size: 15px; line-height: 1.5em; margin: 1em 0px;">Once the configuration is applied on both sides, you can check the MACsec configuration:</p><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: sans-serif; font-size: 15px; line-height: 1.5em; margin: 1em 0px;"> </p><pre style="background-color: whitesmoke; border-radius: 4px; border: 1px solid rgb(204, 204, 204); box-sizing: border-box; color: #333333; font-family: Menlo, Monaco, Consolas, "Courier New", monospace; font-size: 13px; line-height: 1.42857; margin-bottom: 10px; margin-top: 0px; overflow-wrap: break-word; overflow: auto; padding: 9.5px; white-space: pre-wrap; word-break: break-all;"><span style="box-sizing: border-box; color: red;">root@UBUNTU-1:~# ip macsec show</span>
<span style="box-sizing: border-box; color: red;">8: macsec0: protect on validate strict sc off sa off encrypt off send_sci on end_station off scb off replay off</span>
<span style="box-sizing: border-box; color: red;"> cipher suite: GCM-AES-128, using ICV length 16</span>
<span style="box-sizing: border-box; color: red;"> TXSC: 5668a5c24c140001 on SA 0</span>
<span style="box-sizing: border-box; color: red;"> 0: PN 12, state on, key 12345678901234567890123456789012</span>
<span style="box-sizing: border-box; color: red;"> RXSC: 5668a5c237760001, state on</span>
<span style="box-sizing: border-box; color: red;"> 0: PN 12, state on, key 09876543210987654321098765432109</span>
<span style="box-sizing: border-box; color: red;">root@UBUNTU-1:~#</span></pre><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: sans-serif; font-size: 15px; line-height: 1.5em; margin: 1em 0px;"> </p><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: sans-serif; font-size: 15px; line-height: 1.5em; margin: 1em 0px;">As you can see the traffic is authenticated and encrypted by default using AES-GCM-128.</p><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: sans-serif; font-size: 15px; line-height: 1.5em; margin: 1em 0px;">From the above output, some packets protected by MACsec exited and entered this device(“PN 12” shows this, we started at 1).</p><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: sans-serif; font-size: 15px; line-height: 1.5em; margin: 1em 0px;">Let’s send some packets between the two hosts:</p><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: sans-serif; font-size: 15px; line-height: 1.5em; margin: 1em 0px;"> </p><pre style="background-color: whitesmoke; border-radius: 4px; border: 1px solid rgb(204, 204, 204); box-sizing: border-box; color: #333333; font-family: Menlo, Monaco, Consolas, "Courier New", monospace; font-size: 13px; line-height: 1.42857; margin-bottom: 10px; margin-top: 0px; overflow-wrap: break-word; overflow: auto; padding: 9.5px; white-space: pre-wrap; word-break: break-all;"><span style="box-sizing: border-box; color: red;">root@UBUNTU-1:~# ping 10.10.12.2 -c 3</span>
<span style="box-sizing: border-box; color: red;">PING 10.10.12.2 (10.10.12.2) 56(84) bytes of data.</span>
<span style="box-sizing: border-box; color: red;">64 bytes from 10.10.12.2: icmp_seq=1 ttl=64 time=24.3 ms</span>
<span style="box-sizing: border-box; color: red;">64 bytes from 10.10.12.2: icmp_seq=2 ttl=64 time=20.8 ms</span>
<span style="box-sizing: border-box; color: red;">64 bytes from 10.10.12.2: icmp_seq=3 ttl=64 time=19.3 ms</span>
<span style="box-sizing: border-box; color: red;">--- 10.10.12.2 ping statistics ---</span>
<span style="box-sizing: border-box; color: red;">3 packets transmitted, 3 received, 0% packet loss, time 2003ms</span>
<span style="box-sizing: border-box; color: red;">rtt min/avg/max/mdev = 19.367/21.533/24.388/2.106 ms</span>
<span style="box-sizing: border-box; color: red;">root@UBUNTU-1:~# ip macsec show</span>
<span style="box-sizing: border-box; color: red;">8: macsec0: protect on validate strict sc off sa off encrypt off send_sci on end_station off scb off replay off</span>
<span style="box-sizing: border-box; color: red;"> cipher suite: GCM-AES-128, using ICV length 16</span>
<span style="box-sizing: border-box; color: red;"> TXSC: 5668a5c24c140001 on SA 0</span>
<span style="box-sizing: border-box; color: red;"> 0: PN 15, state on, key 12345678901234567890123456789012</span>
<span style="box-sizing: border-box; color: red;"> RXSC: 5668a5c237760001, state on</span>
<span style="box-sizing: border-box; color: red;"> 0: PN 15, state on, key 09876543210987654321098765432109</span>
<span style="box-sizing: border-box; color: red;">root@UBUNTU-1:~#</span></pre><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: sans-serif; font-size: 15px; line-height: 1.5em; margin: 1em 0px;"> </p><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: sans-serif; font-size: 15px; line-height: 1.5em; margin: 1em 0px;">As you can see, the packet number increased.</p><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: sans-serif; font-size: 15px; line-height: 1.5em; margin: 1em 0px;">You can also check detailed statistics about the MACsec traffic like this:</p><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: sans-serif; font-size: 15px; line-height: 1.5em; margin: 1em 0px;"> </p><pre style="background-color: whitesmoke; border-radius: 4px; border: 1px solid rgb(204, 204, 204); box-sizing: border-box; color: #333333; font-family: Menlo, Monaco, Consolas, "Courier New", monospace; font-size: 13px; line-height: 1.42857; margin-bottom: 10px; margin-top: 0px; overflow-wrap: break-word; overflow: auto; padding: 9.5px; white-space: pre-wrap; word-break: break-all;"><span style="box-sizing: border-box; color: red;">root@UBUNTU-1:~# ip -s macsec show</span>
<span style="box-sizing: border-box; color: red;">8: macsec0: protect on validate strict sc off sa off encrypt off send_sci on end_station off scb off replay off</span>
<span style="box-sizing: border-box; color: red;"> cipher suite: GCM-AES-128, using ICV length 16</span>
<span style="box-sizing: border-box; color: red;"> TXSC: 5668a5c24c140001 on SA 0</span>
<span style="box-sizing: border-box; color: red;"> stats: OutPktsUntagged InPktsUntagged OutPktsTooLong InPktsNoTag InPktsBadTag InPktsUnknownSCI InPktsNoSCI InPktsOverrun</span>
<span style="box-sizing: border-box; color: red;"> 0 0 0 9 0 0 0 0</span>
<span style="box-sizing: border-box; color: red;"> stats: OutOctetsProtected OutOctetsEncrypted OutPktsProtected OutPktsEncrypted</span>
<span style="box-sizing: border-box; color: red;"> 14 0 1572 0</span>
<span style="box-sizing: border-box; color: red;"> 0: PN 15, state on, key 12345678901234567890123456789012</span>
<span style="box-sizing: border-box; color: red;"> OutPktsProtected OutPktsEncrypted</span>
<span style="box-sizing: border-box; color: red;"> 14 0</span>
<span style="box-sizing: border-box; color: red;"> RXSC: 5668a5c237760001, state on</span>
<span style="box-sizing: border-box; color: red;"> stats: InOctetsValidated InOctetsDecrypted InPktsUnchecked InPktsDelayed InPktsOK InPktsInvalid InPktsLate InPktsNotValid InPktsNotUsingSA InPktsUnusedSA</span>
<span style="box-sizing: border-box; color: red;"> 668 0 0 0 6 0 0 0 0 0</span>
<span style="box-sizing: border-box; color: red;"> 0: PN 15, state on, key 09876543210987654321098765432109</span>
<span style="box-sizing: border-box; color: red;"> InPktsOK InPktsInvalid InPktsNotValid InPktsNotUsingSA InPktsUnusedSA</span>
<span style="box-sizing: border-box; color: red;"> 6 0 0 0 0</span>
<span style="box-sizing: border-box; color: red;">root@UBUNTU-1:~#</span></pre><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: sans-serif; font-size: 15px; line-height: 1.5em; margin: 1em 0px;"> </p><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: sans-serif; font-size: 15px; line-height: 1.5em; margin: 1em 0px;">Two optional features that increase the security on MACsec traffic are encryption and replay protection.</p><ul style="background-color: white; box-sizing: border-box; color: #333333; font-family: sans-serif; font-size: 15px; margin-bottom: 10px; margin-top: 0px; padding-left: 15px;"><li style="box-sizing: border-box; padding-bottom: 0.3em; padding-top: 0.3em;">Encryption – The original payload is encrypted and authenticated</li><li style="box-sizing: border-box; padding-bottom: 0.3em; padding-top: 0.3em;">Replay protection – The packet number of each packet that crossed the MACsec secured link is checked. If there is any packet that arrived out of sequence and the difference between the packet numbers is higher than the replay protection window size, the packet is dropped.</li></ul><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: sans-serif; font-size: 15px; line-height: 1.5em; margin: 1em 0px;">Let’s see how these are configured.</p><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: sans-serif; font-size: 15px; line-height: 1.5em; margin: 1em 0px;">First the encryption:</p><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: sans-serif; font-size: 15px; line-height: 1.5em; margin: 1em 0px;"> </p><pre style="background-color: whitesmoke; border-radius: 4px; border: 1px solid rgb(204, 204, 204); box-sizing: border-box; color: #333333; font-family: Menlo, Monaco, Consolas, "Courier New", monospace; font-size: 13px; line-height: 1.42857; margin-bottom: 10px; margin-top: 0px; overflow-wrap: break-word; overflow: auto; padding: 9.5px; white-space: pre-wrap; word-break: break-all;"><span style="box-sizing: border-box; color: blue;">ip link set macsec0 type macsec encrypt on</span>
</pre><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: sans-serif; font-size: 15px; line-height: 1.5em; margin: 1em 0px;">Remember that we were at PN 15. Let’s send another 3 packets using ping and then check the statistics:</p><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: sans-serif; font-size: 15px; line-height: 1.5em; margin: 1em 0px;"> </p><pre style="background-color: whitesmoke; border-radius: 4px; border: 1px solid rgb(204, 204, 204); box-sizing: border-box; color: #333333; font-family: Menlo, Monaco, Consolas, "Courier New", monospace; font-size: 13px; line-height: 1.42857; margin-bottom: 10px; margin-top: 0px; overflow-wrap: break-word; overflow: auto; padding: 9.5px; white-space: pre-wrap; word-break: break-all;"><span style="box-sizing: border-box; color: red;">root@UBUNTU-1:~# ip macsec show</span>
<span style="box-sizing: border-box; color: red;">8: macsec0: protect on validate strict sc off sa off encrypt on send_sci on end_station off scb off replay off</span>
<span style="box-sizing: border-box; color: red;"> cipher suite: GCM-AES-128, using ICV length 16</span>
<span style="box-sizing: border-box; color: red;"> TXSC: 5668a5c24c140001 on SA 0</span>
<span style="box-sizing: border-box; color: red;"> 0: PN 19, state on, key 12345678901234567890123456789012</span>
<span style="box-sizing: border-box; color: red;"> RXSC: 5668a5c237760001, state on</span>
<span style="box-sizing: border-box; color: red;"> 0: PN 19, state on, key 09876543210987654321098765432109</span>
<span style="box-sizing: border-box; color: red;">root@UBUNTU-1:~# ip -s macsec show</span>
<span style="box-sizing: border-box; color: red;">8: macsec0: protect on validate strict sc off sa off encrypt on send_sci on end_station off scb off replay off</span>
<span style="box-sizing: border-box; color: red;"> cipher suite: GCM-AES-128, using ICV length 16</span>
<span style="box-sizing: border-box; color: red;"> TXSC: 5668a5c24c140001 on SA 0</span>
<span style="box-sizing: border-box; color: red;"> stats: OutPktsUntagged InPktsUntagged OutPktsTooLong InPktsNoTag InPktsBadTag InPktsUnknownSCI InPktsNoSCI InPktsOverrun</span>
<span style="box-sizing: border-box; color: red;"> 0 0 0 23 0 0 0 0</span>
<span style="box-sizing: border-box; color: red;"> stats: OutOctetsProtected OutOctetsEncrypted OutPktsProtected OutPktsEncrypted</span>
<span style="box-sizing: border-box; color: red;"> 14 4 1572 464</span>
<span style="box-sizing: border-box; color: red;"> 0: PN 19, state on, key 12345678901234567890123456789012</span>
<span style="box-sizing: border-box; color: red;"> OutPktsProtected OutPktsEncrypted</span>
<span style="box-sizing: border-box; color: red;"> 14 4</span>
<span style="box-sizing: border-box; color: red;"> RXSC: 5668a5c237760001, state on</span>
<span style="box-sizing: border-box; color: red;"> stats: InOctetsValidated InOctetsDecrypted InPktsUnchecked InPktsDelayed InPktsOK InPktsInvalid InPktsLate InPktsNotValid InPktsNotUsingSA InPktsUnusedSA</span>
<span style="box-sizing: border-box; color: red;"> 668 464 0 0 10 0 0 0 0 0</span>
<span style="box-sizing: border-box; color: red;"> 0: PN 19, state on, key 09876543210987654321098765432109</span>
<span style="box-sizing: border-box; color: red;"> InPktsOK InPktsInvalid InPktsNotValid InPktsNotUsingSA InPktsUnusedSA</span>
<span style="box-sizing: border-box; color: red;"> 10 0 0 0 0</span>
<span style="box-sizing: border-box; color: red;">root@UBUNTU-1:~#</span></pre><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: sans-serif; font-size: 15px; line-height: 1.5em; margin: 1em 0px;"> </p><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: sans-serif; font-size: 15px; line-height: 1.5em; margin: 1em 0px;">As you can see, we are now at PN 19, which means that actually there were 4 packets that were sent.</p><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: sans-serif; font-size: 15px; line-height: 1.5em; margin: 1em 0px;">Three of them were the ICMP packets and one of them was the ARP Request.</p><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: sans-serif; font-size: 15px; line-height: 1.5em; margin: 1em 0px;">The 4 packets have a total size of 464B. Let’s decompose the ICMP Request packet:</p><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: sans-serif; font-size: 15px; line-height: 1.5em; margin: 1em 0px;">IP – 20B</p><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: sans-serif; font-size: 15px; line-height: 1.5em; margin: 1em 0px;">ICMP – 64B</p><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: sans-serif; font-size: 15px; line-height: 1.5em; margin: 1em 0px;">ICV – 16B</p><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: sans-serif; font-size: 15px; line-height: 1.5em; margin: 1em 0px;">SecTag – 16B</p><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: sans-serif; font-size: 15px; line-height: 1.5em; margin: 1em 0px;">Ethernet – 14</p><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: sans-serif; font-size: 15px; line-height: 1.5em; margin: 1em 0px;">So a total of 130B and this means that 3 ICMP Request packets are 390B, which leave us 74B for the ARP Request packet which is broken down like this:</p><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: sans-serif; font-size: 15px; line-height: 1.5em; margin: 1em 0px;">ARP – 28B</p><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: sans-serif; font-size: 15px; line-height: 1.5em; margin: 1em 0px;">ICV – 16B</p><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: sans-serif; font-size: 15px; line-height: 1.5em; margin: 1em 0px;">SecTag – 16B</p><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: sans-serif; font-size: 15px; line-height: 1.5em; margin: 1em 0px;">Ethernet – 14</p><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: sans-serif; font-size: 15px; line-height: 1.5em; margin: 1em 0px;">Actually doing a tcpdump on UBUNTU-2 while an ICMP Request/Reply was received/sent, you can see that the size is 130B:</p><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: sans-serif; font-size: 15px; line-height: 1.5em; margin: 1em 0px;"> </p><pre style="background-color: whitesmoke; border-radius: 4px; border: 1px solid rgb(204, 204, 204); box-sizing: border-box; color: #333333; font-family: Menlo, Monaco, Consolas, "Courier New", monospace; font-size: 13px; line-height: 1.42857; margin-bottom: 10px; margin-top: 0px; overflow-wrap: break-word; overflow: auto; padding: 9.5px; white-space: pre-wrap; word-break: break-all;"><span style="box-sizing: border-box; color: red;">root@UBUNTU-2:~# tcpdump -i eth1</span>
<span style="box-sizing: border-box; color: red;">tcpdump: verbose output suppressed, use -v or -vv for full protocol decode</span>
<span style="box-sizing: border-box; color: red;">listening on eth1, link-type EN10MB (Ethernet), capture size 262144 bytes</span>
<span style="box-sizing: border-box; color: red;">07:51:20.389014 56:68:a5:c2:4c:14 (oui Unknown) > 56:68:a5:c2:37:76 (oui Unknown), ethertype Unknown (0x88e5), length 130:</span>
<span style="box-sizing: border-box; color: red;">07:51:20.389190 56:68:a5:c2:37:76 (oui Unknown) > 56:68:a5:c2:4c:14 (oui Unknown), ethertype Unknown (0x88e5), length 130:</span>
<span style="box-sizing: border-box; color: red;">^C</span>
<span style="box-sizing: border-box; color: red;">2 packets captured</span>
<span style="box-sizing: border-box; color: red;">2 packets received by filter</span>
<span style="box-sizing: border-box; color: red;">0 packets dropped by kernel</span>
<span style="box-sizing: border-box; color: red;">root@UBUNTU-2:~#</span></pre><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: sans-serif; font-size: 15px; line-height: 1.5em; margin: 1em 0px;"> </p><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: sans-serif; font-size: 15px; line-height: 1.5em; margin: 1em 0px;">You can also see the MACsec ether-type, 0x88e5.</p><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: sans-serif; font-size: 15px; line-height: 1.5em; margin: 1em 0px;">This is how you can enable the replay protection:</p><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: sans-serif; font-size: 15px; line-height: 1.5em; margin: 1em 0px;"> </p><pre style="background-color: whitesmoke; border-radius: 4px; border: 1px solid rgb(204, 204, 204); box-sizing: border-box; color: #333333; font-family: Menlo, Monaco, Consolas, "Courier New", monospace; font-size: 13px; line-height: 1.42857; margin-bottom: 10px; margin-top: 0px; overflow-wrap: break-word; overflow: auto; padding: 9.5px; white-space: pre-wrap; word-break: break-all;"><span style="box-sizing: border-box; color: blue;">ip link set macsec0 type macsec replay on window 128</span>
</pre><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: sans-serif; font-size: 15px; line-height: 1.5em; margin: 1em 0px;">You can see that encryption and replay protection are enabled by checking the MACsec configuration:</p><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: sans-serif; font-size: 15px; line-height: 1.5em; margin: 1em 0px;"> </p><pre style="background-color: whitesmoke; border-radius: 4px; border: 1px solid rgb(204, 204, 204); box-sizing: border-box; color: #333333; font-family: Menlo, Monaco, Consolas, "Courier New", monospace; font-size: 13px; line-height: 1.42857; margin-bottom: 10px; margin-top: 0px; overflow-wrap: break-word; overflow: auto; padding: 9.5px; white-space: pre-wrap; word-break: break-all;"><span style="box-sizing: border-box; color: red;">root@UBUNTU-1:~# ip macsec show</span>
<span style="box-sizing: border-box; color: red;">8: macsec0: protect on validate strict sc off sa off <span style="box-sizing: border-box; font-weight: 700;">encrypt on</span> send_sci on end_station off scb off <span style="box-sizing: border-box; font-weight: 700;">replay on window 128</span></span>
<span style="box-sizing: border-box; color: red;"> cipher suite: GCM-AES-128, using ICV length 16</span>
<span style="box-sizing: border-box; color: red;"> TXSC: 5668a5c24c140001 on SA 0</span>
<span style="box-sizing: border-box; color: red;"> 0: PN 40, state on, key 12345678901234567890123456789012</span>
<span style="box-sizing: border-box; color: red;"> RXSC: 5668a5c237760001, state on</span>
<span style="box-sizing: border-box; color: red;"> 0: PN 40, state on, key 09876543210987654321098765432109</span>
<span style="box-sizing: border-box; color: red;">root@UBUNTU-1:~#</span></pre><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: sans-serif; font-size: 15px; line-height: 1.5em; margin: 1em 0px;"> </p><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: sans-serif; font-size: 15px; line-height: 1.5em; margin: 1em 0px;">And this would be the basic configuration that you need to enable MACsec to protect the Layer 2 traffic.</p><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: sans-serif; font-size: 15px; line-height: 1.5em; margin: 1em 0px;">I also tried to enable MACsec on bond links(aggregated interfaces or port-channels how they are named in networking vendors terminology), but I wasn’t able to do it.</p><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: sans-serif; font-size: 15px; line-height: 1.5em; margin: 1em 0px;">In case of bond interfaces, the macsec devices are enslaved instead of the physical links and the macsec devices are created on the physical links. However, I wasn’t allowed to enslave the macsec devices in the bond for some reason.</p><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: sans-serif; font-size: 15px; line-height: 1.5em; margin: 1em 0px;">I hope you found this post useful.</p><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: sans-serif; font-size: 15px; line-height: 1.5em; margin: 1em 0px;"> </p><p style="background-color: white; box-sizing: border-box; color: #333333; font-family: sans-serif; font-size: 15px; line-height: 1.5em; margin: 1em 0px;">References:</p><ul style="background-color: white; box-sizing: border-box; color: #333333; font-family: sans-serif; font-size: 15px; margin-bottom: 10px; margin-top: 0px; padding-left: 15px;"><li style="box-sizing: border-box; padding-bottom: 0.3em; padding-top: 0.3em;"><a href="http://www.netdevconf.org/1.1/proceedings/slides/dubroca-macsec-encryption-wire-lan.pdf" style="background-color: transparent; box-sizing: border-box; color: #135995; text-decoration-line: none;">MACsec – Encryption for the wired LAN</a></li></ul></div>髒圳嘎http://www.blogger.com/profile/17184209061223272557noreply@blogger.com0tag:blogger.com,1999:blog-2937680267848947674.post-49717144493151605722020-09-18T11:00:00.000+08:002020-09-18T11:00:09.081+08:00SSH 命令的三種代理功能(-L/-R/-D)<p><span style="font-size: xx-small;"> From:https://zhuanlan.zhihu.com/p/57630633</span></p><p style="background-color: white; color: #121212; font-family: -apple-system, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Microsoft YaHei", "Source Han Sans SC", "Noto Sans CJK SC", "WenQuanYi Micro Hei", sans-serif; margin: 0px 0px 1.4em;"><span style="vertical-align: inherit;">ssh 命令除了登陸外還有三種代理功能:</span></p><ul style="background-color: white; color: #121212; display: table; font-family: -apple-system, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Microsoft YaHei", "Source Han Sans SC", "Noto Sans CJK SC", "WenQuanYi Micro Hei", sans-serif; margin: 1.4em 0px; padding: 0px;"><li style="display: table-row; list-style: none;"><span style="vertical-align: inherit;">正向代理(-L):相當於iptable 的port forwarding</span></li><li style="display: table-row; list-style: none;"><span style="vertical-align: inherit;">反向代理(-R):相當於frp 或者ngrok</span></li><li style="display: table-row; list-style: none;"><span style="vertical-align: inherit;">socks5 代理(-D):相當於ss/ssr</span></li></ul><p style="background-color: white; color: #121212; font-family: -apple-system, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Microsoft YaHei", "Source Han Sans SC", "Noto Sans CJK SC", "WenQuanYi Micro Hei", sans-serif; margin: 1.4em 0px;"><span style="vertical-align: inherit;"><span style="vertical-align: inherit;">如要長期高效的服務,應使用對應的專用軟件。</span><span style="vertical-align: inherit;">如沒法安裝軟件,比如當你處在限制環境下想要訪問下某個不可達到的目標,或者某個臨時需求,那麼ssh 就是你的兜底方案。</span></span></p><p class="ztext-empty-paragraph" style="background-color: white; color: #121212; font-family: -apple-system, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Microsoft YaHei", "Source Han Sans SC", "Noto Sans CJK SC", "WenQuanYi Micro Hei", sans-serif; margin: -0.8em 0px;"><br /></p><p style="background-color: white; color: #121212; font-family: -apple-system, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Microsoft YaHei", "Source Han Sans SC", "Noto Sans CJK SC", "WenQuanYi Micro Hei", sans-serif; margin: 1.4em 0px;"><span style="font-weight: 600;">正向代理:</span></p><p style="background-color: white; color: #121212; font-family: -apple-system, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Microsoft YaHei", "Source Han Sans SC", "Noto Sans CJK SC", "WenQuanYi Micro Hei", sans-serif; margin: 1.4em 0px;"><span style="vertical-align: inherit;">所謂“正向代理”就是在本地啟動端口,把本地端口數據轉發到遠端。</span></p><p style="background-color: white; color: #121212; font-family: -apple-system, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Microsoft YaHei", "Source Han Sans SC", "Noto Sans CJK SC", "WenQuanYi Micro Hei", sans-serif; margin: 1.4em 0px;"><span style="vertical-align: inherit;">用法1:遠程端口映射到其他機器</span></p><p style="background-color: white; color: #121212; font-family: -apple-system, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Microsoft YaHei", "Source Han Sans SC", "Noto Sans CJK SC", "WenQuanYi Micro Hei", sans-serif; margin: 1.4em 0px;"><span style="vertical-align: inherit;">HostB 上啟動一個PortB 端口,映射到HostC:PortC 上,在HostB 上運行:</span></p><div class="highlight" style="background-color: white; color: #121212; font-family: -apple-system, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Microsoft YaHei", "Source Han Sans SC", "Noto Sans CJK SC", "WenQuanYi Micro Hei", sans-serif; margin: 1em 0px;"><pre style="background: rgb(246, 246, 246); border-radius: 4px; font-size: 0.9em; margin-bottom: 0px; margin-top: 0px; overflow-wrap: normal; overflow: auto; padding: 0.88889em; word-break: normal;"><code class="language-bash" style="background-color: inherit; border-radius: 0px; font-family: Menlo, Monaco, Consolas, "Andale Mono", "lucida console", "Courier New", monospace; font-size: inherit; margin: 0px; padding: 0px;">HostB$ ssh -L 0.0.0.0:PortB:HostC:PortC user@HostC</code></pre></div><p style="background-color: white; color: #121212; font-family: -apple-system, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Microsoft YaHei", "Source Han Sans SC", "Noto Sans CJK SC", "WenQuanYi Micro Hei", sans-serif; margin: 1.4em 0px;"><span style="vertical-align: inherit;">這時訪問HostB:PortB 相當於訪問HostC:PortC(和iptable 的port-forwarding 類似)。</span></p><p style="background-color: white; color: #121212; font-family: -apple-system, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Microsoft YaHei", "Source Han Sans SC", "Noto Sans CJK SC", "WenQuanYi Micro Hei", sans-serif; margin: 1.4em 0px;"><span style="vertical-align: inherit;">用法2:本地端口通過跳板映射到其他機器</span></p><p style="background-color: white; color: #121212; font-family: -apple-system, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Microsoft YaHei", "Source Han Sans SC", "Noto Sans CJK SC", "WenQuanYi Micro Hei", sans-serif; margin: 1.4em 0px;"><span style="vertical-align: inherit;">HostA 上啟動一個PortA 端口,通過HostB 轉發到HostC:PortC上,在HostA 上運行:</span></p><div class="highlight" style="background-color: white; color: #121212; font-family: -apple-system, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Microsoft YaHei", "Source Han Sans SC", "Noto Sans CJK SC", "WenQuanYi Micro Hei", sans-serif; margin: 1em 0px;"><pre style="background: rgb(246, 246, 246); border-radius: 4px; font-size: 0.9em; margin-bottom: 0px; margin-top: 0px; overflow-wrap: normal; overflow: auto; padding: 0.88889em; word-break: normal;"><code class="language-bash" style="background-color: inherit; border-radius: 0px; font-family: Menlo, Monaco, Consolas, "Andale Mono", "lucida console", "Courier New", monospace; font-size: inherit; margin: 0px; padding: 0px;">HostA$ ssh -L 0.0.0.0:PortA:HostC:PortC user@HostB</code></pre></div><p style="background-color: white; color: #121212; font-family: -apple-system, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Microsoft YaHei", "Source Han Sans SC", "Noto Sans CJK SC", "WenQuanYi Micro Hei", sans-serif; margin: 1.4em 0px;"><span style="vertical-align: inherit;">這時訪問HostA:PortA 相當於訪問HostC:PortC。</span></p><p style="background-color: white; color: #121212; font-family: -apple-system, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Microsoft YaHei", "Source Han Sans SC", "Noto Sans CJK SC", "WenQuanYi Micro Hei", sans-serif; margin: 1.4em 0px;"><span style="vertical-align: inherit;">兩種用法的區別是,第一種用法本地到跳板機HostB 的數據是明文的,而第二種用法一般本地就是HostA,訪問本地的PortA,數據被ssh 加密傳輸給HostB 又轉發給HostC:PortC 。</span><br /></p><p style="background-color: white; color: #121212; font-family: -apple-system, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Microsoft YaHei", "Source Han Sans SC", "Noto Sans CJK SC", "WenQuanYi Micro Hei", sans-serif; margin: 1.4em 0px;"><span style="font-weight: 600;">反向代理:</span></p><p style="background-color: white; color: #121212; font-family: -apple-system, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Microsoft YaHei", "Source Han Sans SC", "Noto Sans CJK SC", "WenQuanYi Micro Hei", sans-serif; margin: 1.4em 0px;"><span style="vertical-align: inherit;">所謂“反向代理”就是讓遠端啟動端口,把遠端端口數據轉發到本地。</span></p><p style="background-color: white; color: #121212; font-family: -apple-system, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Microsoft YaHei", "Source Han Sans SC", "Noto Sans CJK SC", "WenQuanYi Micro Hei", sans-serif; margin: 1.4em 0px;"><span style="vertical-align: inherit;">HostA 將自己可以訪問的HostB:PortB 暴露給外網服務器HostC:PortC,在HostA 上運行:</span></p><div class="highlight" style="background-color: white; color: #121212; font-family: -apple-system, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Microsoft YaHei", "Source Han Sans SC", "Noto Sans CJK SC", "WenQuanYi Micro Hei", sans-serif; margin: 1em 0px;"><pre style="background: rgb(246, 246, 246); border-radius: 4px; font-size: 0.9em; margin-bottom: 0px; margin-top: 0px; overflow-wrap: normal; overflow: auto; padding: 0.88889em; word-break: normal;"><code class="language-bash" style="background-color: inherit; border-radius: 0px; font-family: Menlo, Monaco, Consolas, "Andale Mono", "lucida console", "Courier New", monospace; font-size: inherit; margin: 0px; padding: 0px;">HostA$ ssh -R HostC:PortC:HostB:PortB user@HostC</code></pre></div><p style="background-color: white; color: #121212; font-family: -apple-system, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Microsoft YaHei", "Source Han Sans SC", "Noto Sans CJK SC", "WenQuanYi Micro Hei", sans-serif; margin: 1.4em 0px;"><span style="vertical-align: inherit;"><span style="vertical-align: inherit;">那麼鏈接HostC:PortC 就相當於鏈接HostB:PortB。</span><span style="vertical-align: inherit;">使用時需修改HostC 的/etc/ssh/sshd_config,添加:</span></span></p><div class="highlight" style="background-color: white; color: #121212; font-family: -apple-system, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Microsoft YaHei", "Source Han Sans SC", "Noto Sans CJK SC", "WenQuanYi Micro Hei", sans-serif; margin: 1em 0px;"><pre style="background: rgb(246, 246, 246); border-radius: 4px; font-size: 0.9em; margin-bottom: 0px; margin-top: 0px; overflow-wrap: normal; overflow: auto; padding: 0.88889em; word-break: normal;"><code class="language-apacheconf" style="background-color: inherit; border-radius: 0px; font-family: Menlo, Monaco, Consolas, "Andale Mono", "lucida console", "Courier New", monospace; font-size: inherit; margin: 0px; padding: 0px;"><span class="nb" style="color: #0084ff;">GatewayPorts</span> yes</code></pre></div><p style="background-color: white; color: #121212; font-family: -apple-system, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Microsoft YaHei", "Source Han Sans SC", "Noto Sans CJK SC", "WenQuanYi Micro Hei", sans-serif; margin: 1.4em 0px;"><span style="vertical-align: inherit;">相當於內網穿透,比如HostA 和HostB 是同一個內網下的兩台可以互相訪問的機器,HostC是外網跳板機,HostC不能訪問HostA,但是HostA 可以訪問HostC。</span></p><p style="background-color: white; color: #121212; font-family: -apple-system, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Microsoft YaHei", "Source Han Sans SC", "Noto Sans CJK SC", "WenQuanYi Micro Hei", sans-serif; margin: 1.4em 0px;"><span style="vertical-align: inherit;">那麼通過在內網HostA上運行</span><code style="background-color: #f6f6f6; border-radius: 3px; font-family: Menlo, Monaco, Consolas, "Andale Mono", "lucida console", "Courier New", monospace; font-size: 0.9em; margin: 0px 2px; padding: 3px 4px;">ssh -R</code><span style="vertical-align: inherit;">告訴HostC,創建PortC端口監聽,把該端口所有數據轉發給我(HostA),我會再轉發給同一個內網下的HostB:PortB。</span></p><p style="background-color: white; color: #121212; font-family: -apple-system, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Microsoft YaHei", "Source Han Sans SC", "Noto Sans CJK SC", "WenQuanYi Micro Hei", sans-serif; margin: 1.4em 0px;"><span style="vertical-align: inherit;">同內網下的HostA/HostB也可以是同一台機器,換句話說就是</span><span style="font-weight: 600;">內網HostA把自己可以訪問的端口暴露給了外網HostC。</span></p><p style="background-color: white; color: #121212; font-family: -apple-system, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Microsoft YaHei", "Source Han Sans SC", "Noto Sans CJK SC", "WenQuanYi Micro Hei", sans-serif; margin: 1.4em 0px;"><span style="vertical-align: inherit;">按照前文《</span><a class="internal" data-za-detail-view-id="1043" href="https://zhuanlan.zhihu.com/p/57477087" style="border-bottom: 1px solid grey; cursor: pointer; text-decoration-line: none;"><span style="vertical-align: inherit;"><span style="vertical-align: inherit;">韋易笑:內網穿透:在公網訪問你家的NAS</span></span></a><span style="vertical-align: inherit;">》中,相當於再HostA上啟動了frpc,而再HostC上啟動了frps。</span></p><p class="ztext-empty-paragraph" style="background-color: white; color: #121212; font-family: -apple-system, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Microsoft YaHei", "Source Han Sans SC", "Noto Sans CJK SC", "WenQuanYi Micro Hei", sans-serif; margin: -0.8em 0px;"><br /></p><p style="background-color: white; color: #121212; font-family: -apple-system, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Microsoft YaHei", "Source Han Sans SC", "Noto Sans CJK SC", "WenQuanYi Micro Hei", sans-serif; margin: 1.4em 0px;"><span style="font-weight: 600;">本地socks5 代理</span></p><p style="background-color: white; color: #121212; font-family: -apple-system, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Microsoft YaHei", "Source Han Sans SC", "Noto Sans CJK SC", "WenQuanYi Micro Hei", sans-serif; margin: 1.4em 0px;"><span style="vertical-align: inherit;">在HostA 的本地1080 端口啟動一個socks5 服務,通過本地socks5 代理的數據會通過ssh 鏈接先發送給HostB,再從HostB 轉發送給遠程主機:</span></p><div class="highlight" style="background-color: white; color: #121212; font-family: -apple-system, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Microsoft YaHei", "Source Han Sans SC", "Noto Sans CJK SC", "WenQuanYi Micro Hei", sans-serif; margin: 1em 0px;"><pre style="background: rgb(246, 246, 246); border-radius: 4px; font-size: 0.9em; margin-bottom: 0px; margin-top: 0px; overflow-wrap: normal; overflow: auto; padding: 0.88889em; word-break: normal;"><code class="language-bash" style="background-color: inherit; border-radius: 0px; font-family: Menlo, Monaco, Consolas, "Andale Mono", "lucida console", "Courier New", monospace; font-size: inherit; margin: 0px; padding: 0px;">HostA$ ssh -D localhost:1080 HostB</code></pre></div><p style="background-color: white; color: #121212; font-family: -apple-system, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Microsoft YaHei", "Source Han Sans SC", "Noto Sans CJK SC", "WenQuanYi Micro Hei", sans-serif; margin: 1.4em 0px;"><span style="vertical-align: inherit;">那麼在HostA 上面,瀏覽器配置socks5 代理為127.0.0.1:1080,看網頁時就能把數據通過HostB 代理出去,類似ss/ssr 版本,只不過用ssh 來實現。</span></p><p class="ztext-empty-paragraph" style="background-color: white; color: #121212; font-family: -apple-system, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Microsoft YaHei", "Source Han Sans SC", "Noto Sans CJK SC", "WenQuanYi Micro Hei", sans-serif; margin: -0.8em 0px;"><br /></p><p style="background-color: white; color: #121212; font-family: -apple-system, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Microsoft YaHei", "Source Han Sans SC", "Noto Sans CJK SC", "WenQuanYi Micro Hei", sans-serif; margin: 1.4em 0px;"><span style="font-weight: 600;">使用優化</span></p><p style="background-color: white; color: #121212; font-family: -apple-system, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Microsoft YaHei", "Source Han Sans SC", "Noto Sans CJK SC", "WenQuanYi Micro Hei", sans-serif; margin: 1.4em 0px;"><span style="vertical-align: inherit;">為了更好用一點,ssh後面還可以加上:</span><code style="background-color: #f6f6f6; border-radius: 3px; font-family: Menlo, Monaco, Consolas, "Andale Mono", "lucida console", "Courier New", monospace; font-size: 0.9em; margin: 0px 2px; padding: 3px 4px;">-CqTnN</code><span style="vertical-align: inherit;">參數,比如:</span></p><div class="highlight" style="background-color: white; color: #121212; font-family: -apple-system, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Microsoft YaHei", "Source Han Sans SC", "Noto Sans CJK SC", "WenQuanYi Micro Hei", sans-serif; margin: 1em 0px;"><pre style="background: rgb(246, 246, 246); border-radius: 4px; font-size: 0.9em; margin-bottom: 0px; margin-top: 0px; overflow-wrap: normal; overflow: auto; padding: 0.88889em; word-break: normal;"><code class="language-bash" style="background-color: inherit; border-radius: 0px; font-family: Menlo, Monaco, Consolas, "Andale Mono", "lucida console", "Courier New", monospace; font-size: inherit; margin: 0px; padding: 0px;">$ ssh -CqTnN -L 0.0.0.0:PortA:HostC:PortC user@HostB</code></pre></div><p style="background-color: white; color: #121212; font-family: -apple-system, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Microsoft YaHei", "Source Han Sans SC", "Noto Sans CJK SC", "WenQuanYi Micro Hei", sans-serif; margin: 1.4em 0px;"><span style="vertical-align: inherit;">其中</span><code style="background-color: #f6f6f6; border-radius: 3px; font-family: Menlo, Monaco, Consolas, "Andale Mono", "lucida console", "Courier New", monospace; font-size: 0.9em; margin: 0px 2px; padding: 3px 4px;">-C</code><span style="vertical-align: inherit;">為壓縮數據,</span><code style="background-color: #f6f6f6; border-radius: 3px; font-family: Menlo, Monaco, Consolas, "Andale Mono", "lucida console", "Courier New", monospace; font-size: 0.9em; margin: 0px 2px; padding: 3px 4px;">-q</code><span style="vertical-align: inherit;">安靜模式,</span><code style="background-color: #f6f6f6; border-radius: 3px; font-family: Menlo, Monaco, Consolas, "Andale Mono", "lucida console", "Courier New", monospace; font-size: 0.9em; margin: 0px 2px; padding: 3px 4px;">-T</code><span style="vertical-align: inherit;">禁止遠程分配終端,</span><code style="background-color: #f6f6f6; border-radius: 3px; font-family: Menlo, Monaco, Consolas, "Andale Mono", "lucida console", "Courier New", monospace; font-size: 0.9em; margin: 0px 2px; padding: 3px 4px;">-n</code><span style="vertical-align: inherit;">關閉標準輸入,</span><code style="background-color: #f6f6f6; border-radius: 3px; font-family: Menlo, Monaco, Consolas, "Andale Mono", "lucida console", "Courier New", monospace; font-size: 0.9em; margin: 0px 2px; padding: 3px 4px;">-N</code><span style="vertical-align: inherit;"><span style="vertical-align: inherit;">不執行遠程命令。</span><span style="vertical-align: inherit;">此外視需要還可以增加</span></span><code style="background-color: #f6f6f6; border-radius: 3px; font-family: Menlo, Monaco, Consolas, "Andale Mono", "lucida console", "Courier New", monospace; font-size: 0.9em; margin: 0px 2px; padding: 3px 4px;">-f</code><span style="vertical-align: inherit;">參數,把ssh放到後台運行。</span></p><p style="background-color: white; color: #121212; font-family: -apple-system, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Microsoft YaHei", "Source Han Sans SC", "Noto Sans CJK SC", "WenQuanYi Micro Hei", sans-serif; margin: 1.4em 0px;"><span style="vertical-align: inherit;">這些ssh 代理沒有短線重連功能,鏈接斷了命令就退出了,所以需要些腳本監控重啟,或者使用autossh 之類的工具保持鏈接。</span></p><p style="background-color: white; color: #121212; font-family: -apple-system, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Microsoft YaHei", "Source Han Sans SC", "Noto Sans CJK SC", "WenQuanYi Micro Hei", sans-serif; margin: 1.4em 0px;"><span style="font-weight: 600;">功能對比</span></p><p style="background-color: white; color: #121212; font-family: -apple-system, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Microsoft YaHei", "Source Han Sans SC", "Noto Sans CJK SC", "WenQuanYi Micro Hei", sans-serif; margin: 1.4em 0px;"><span style="vertical-align: inherit;"><span style="vertical-align: inherit;">正向代理(-L)的第一種用法可以用iptable 的port-forwarding 模擬,iptable 性能更好,但是需要root 權限,ssh -L 性能不好,但是正向代理花樣更多些。</span><span style="vertical-align: inherit;">反向代理(-R)一般就作為沒有安裝frp/ngrok/shootback 時候的一種代替,但是數據傳輸的性能和穩定性當然frp 這些專用軟件更好。</span></span></p><p style="background-color: white; color: #121212; font-family: -apple-system, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Microsoft YaHei", "Source Han Sans SC", "Noto Sans CJK SC", "WenQuanYi Micro Hei", sans-serif; margin: 1.4em 0px;"><span style="vertical-align: inherit;"><span style="vertical-align: inherit;">socks5 代理(-D)其實是可以代替ss/ssr 的,區別和上麵類似。</span><span style="vertical-align: inherit;">所以要長久使用,推薦安裝對應軟件,臨時用一下ssh 挺順手。</span></span></p><p class="ztext-empty-paragraph" style="background-color: white; color: #121212; font-family: -apple-system, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Microsoft YaHei", "Source Han Sans SC", "Noto Sans CJK SC", "WenQuanYi Micro Hei", sans-serif; margin: -0.8em 0px;"><br /></p><p style="background-color: white; color: #121212; font-family: -apple-system, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Microsoft YaHei", "Source Han Sans SC", "Noto Sans CJK SC", "WenQuanYi Micro Hei", sans-serif; margin: 1.4em 0px;"><span style="vertical-align: inherit;">--</span></p><p style="background-color: white; color: #121212; font-family: -apple-system, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Microsoft YaHei", "Source Han Sans SC", "Noto Sans CJK SC", "WenQuanYi Micro Hei", sans-serif; margin: 1.4em 0px;"><span style="vertical-align: inherit;">補充下iptable的 </span><code style="background-color: #f6f6f6; border-radius: 3px; font-family: Menlo, Monaco, Consolas, "Andale Mono", "lucida console", "Courier New", monospace; font-size: 0.9em; margin: 0px 2px; padding: 3px 4px;">port-forwarding</code><span style="vertical-align: inherit;">怎麼設置,十分管用的功能,兩個函數即可:</span></p><div class="highlight" style="background-color: white; color: #121212; font-family: -apple-system, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Microsoft YaHei", "Source Han Sans SC", "Noto Sans CJK SC", "WenQuanYi Micro Hei", sans-serif; margin: 1em 0px;"><pre style="background: rgb(246, 246, 246); border-radius: 4px; font-size: 0.9em; margin-bottom: 0px; margin-top: 0px; overflow-wrap: normal; overflow: auto; padding: 0.88889em; word-break: normal;"><code class="language-bash" style="background-color: inherit; border-radius: 0px; font-family: Menlo, Monaco, Consolas, "Andale Mono", "lucida console", "Courier New", monospace; font-size: inherit; margin: 0px; padding: 0px;"><span class="cp" style="color: #999999; font-weight: 600;">#! /bin/sh
</span><span class="cp" style="color: #999999; font-weight: 600;"></span>
<span class="c1" style="color: #999999; font-style: italic;"># create forward rule by source interface</span>
<span class="c1" style="color: #999999; font-style: italic;"># http://serverfault.com/questions/532569/how-to-do-port-forwarding-redirecting-on-debian</span>
PortForward1<span class="o" style="font-weight: 600;">()</span> <span class="o" style="font-weight: 600;">{</span>
<span class="nb" style="color: #0084ff;">local</span> <span class="nv" style="color: #0084ff;">IN_IF</span><span class="o" style="font-weight: 600;">=</span><span class="nv" style="color: #0084ff;">$1</span>
<span class="nb" style="color: #0084ff;">local</span> <span class="nv" style="color: #0084ff;">IN_PORT</span><span class="o" style="font-weight: 600;">=</span><span class="nv" style="color: #0084ff;">$2</span>
<span class="nb" style="color: #0084ff;">local</span> <span class="nv" style="color: #0084ff;">OUT_IP</span><span class="o" style="font-weight: 600;">=</span><span class="nv" style="color: #0084ff;">$3</span>
<span class="nb" style="color: #0084ff;">local</span> <span class="nv" style="color: #0084ff;">OUT_PORT</span><span class="o" style="font-weight: 600;">=</span><span class="nv" style="color: #0084ff;">$4</span>
<span class="nb" style="color: #0084ff;">local</span> <span class="nv" style="color: #0084ff;">IPTBL</span><span class="o" style="font-weight: 600;">=</span><span class="s2" style="color: #f1403c;">"/sbin/iptables"</span>
<span class="nb" style="color: #0084ff;">echo</span> <span class="s2" style="color: #f1403c;">"1"</span> > /proc/sys/net/ipv4/ip_forward
<span class="nv" style="color: #0084ff;">$IPTBL</span> -A PREROUTING -t nat -i <span class="nv" style="color: #0084ff;">$IN_IF</span> -p tcp --dport <span class="nv" style="color: #0084ff;">$IN_PORT</span> -j DNAT --to-destination <span class="si" style="color: #f1403c;">${</span><span class="nv" style="color: #0084ff;">OUT_IP</span><span class="si" style="color: #f1403c;">}</span>:<span class="si" style="color: #f1403c;">${</span><span class="nv" style="color: #0084ff;">OUT_PORT</span><span class="si" style="color: #f1403c;">}</span>
<span class="nv" style="color: #0084ff;">$IPTBL</span> -A FORWARD -p tcp -d <span class="nv" style="color: #0084ff;">$OUT_IP</span> --dport <span class="nv" style="color: #0084ff;">$OUT_PORT</span> -j ACCEPT
<span class="nv" style="color: #0084ff;">$IPTBL</span> -A POSTROUTING -t nat -j MASQUERADE
<span class="o" style="font-weight: 600;">}</span>
<span class="c1" style="color: #999999; font-style: italic;"># create forward rule by source ip</span>
<span class="c1" style="color: #999999; font-style: italic;"># http://blog.csdn.net/zzhongcy/article/details/42738285</span>
ForwardPort2<span class="o" style="font-weight: 600;">()</span> <span class="o" style="font-weight: 600;">{</span>
<span class="nb" style="color: #0084ff;">local</span> <span class="nv" style="color: #0084ff;">IN_IP</span><span class="o" style="font-weight: 600;">=</span><span class="nv" style="color: #0084ff;">$1</span>
<span class="nb" style="color: #0084ff;">local</span> <span class="nv" style="color: #0084ff;">IN_PORT</span><span class="o" style="font-weight: 600;">=</span><span class="nv" style="color: #0084ff;">$2</span>
<span class="nb" style="color: #0084ff;">local</span> <span class="nv" style="color: #0084ff;">OUT_IP</span><span class="o" style="font-weight: 600;">=</span><span class="nv" style="color: #0084ff;">$3</span>
<span class="nb" style="color: #0084ff;">local</span> <span class="nv" style="color: #0084ff;">OUT_PORT</span><span class="o" style="font-weight: 600;">=</span><span class="nv" style="color: #0084ff;">$4</span>
<span class="nb" style="color: #0084ff;">local</span> <span class="nv" style="color: #0084ff;">IPTBL</span><span class="o" style="font-weight: 600;">=</span><span class="s2" style="color: #f1403c;">"/sbin/iptables"</span>
<span class="nb" style="color: #0084ff;">echo</span> <span class="s2" style="color: #f1403c;">"1"</span> > /proc/sys/net/ipv4/ip_forward
<span class="nv" style="color: #0084ff;">$IPTBL</span> -t nat -A PREROUTING --dst <span class="nv" style="color: #0084ff;">$IN_IP</span> -p tcp --dport <span class="nv" style="color: #0084ff;">$IN_PORT</span> -j DNAT --to-destination <span class="si" style="color: #f1403c;">${</span><span class="nv" style="color: #0084ff;">OUT_IP</span><span class="si" style="color: #f1403c;">}</span>:<span class="si" style="color: #f1403c;">${</span><span class="nv" style="color: #0084ff;">OUT_PORT</span><span class="si" style="color: #f1403c;">}</span>
<span class="nv" style="color: #0084ff;">$IPTBL</span> -t nat -A POSTROUTING --dst <span class="nv" style="color: #0084ff;">$OUT_IP</span> -p tcp --dport <span class="nv" style="color: #0084ff;">$OUT_PORT</span> -j SNAT --to-source <span class="nv" style="color: #0084ff;">$IN_IP</span>
<span class="o" style="font-weight: 600;">}</span></code></pre></div><p style="background-color: white; color: #121212; font-family: -apple-system, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Microsoft YaHei", "Source Han Sans SC", "Noto Sans CJK SC", "WenQuanYi Micro Hei", sans-serif; margin: 1.4em 0px;"><span style="vertical-align: inherit;">第一個函數是按照網卡名稱設置轉發:</span></p><div class="highlight" style="background-color: white; color: #121212; font-family: -apple-system, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Microsoft YaHei", "Source Han Sans SC", "Noto Sans CJK SC", "WenQuanYi Micro Hei", sans-serif; margin: 1em 0px;"><pre style="background: rgb(246, 246, 246); border-radius: 4px; font-size: 0.9em; margin-bottom: 0px; margin-top: 0px; overflow-wrap: normal; overflow: auto; padding: 0.88889em; word-break: normal;"><code class="language-bash" style="background-color: inherit; border-radius: 0px; font-family: Menlo, Monaco, Consolas, "Andale Mono", "lucida console", "Courier New", monospace; font-size: inherit; margin: 0px; padding: 0px;">PortForward1 eth1 <span class="m" style="color: #0084ff;">8765</span> 202.115.8.2 <span class="m" style="color: #0084ff;">8765</span></code></pre></div><p style="background-color: white; color: #121212; font-family: -apple-system, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Microsoft YaHei", "Source Han Sans SC", "Noto Sans CJK SC", "WenQuanYi Micro Hei", sans-serif; margin: 1.4em 0px;"><span style="vertical-align: inherit;">這時,本地eth1 網卡的8765 端口就會被轉發給202.115.8.2 的8765 端口。</span></p><p style="background-color: white; color: #121212; font-family: -apple-system, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Microsoft YaHei", "Source Han Sans SC", "Noto Sans CJK SC", "WenQuanYi Micro Hei", sans-serif; margin: 1.4em 0px;"><span style="vertical-align: inherit;">第二個函數是按照本機的ip 地址,比如本機是192.168.1.2:</span></p><div class="highlight" style="background-color: white; color: #121212; font-family: -apple-system, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Microsoft YaHei", "Source Han Sans SC", "Noto Sans CJK SC", "WenQuanYi Micro Hei", sans-serif; margin: 1em 0px;"><pre style="background: rgb(246, 246, 246); border-radius: 4px; font-size: 0.9em; margin-bottom: 0px; margin-top: 0px; overflow-wrap: normal; overflow: auto; padding: 0.88889em; word-break: normal;"><code class="language-bash" style="background-color: inherit; border-radius: 0px; font-family: Menlo, Monaco, Consolas, "Andale Mono", "lucida console", "Courier New", monospace; font-size: inherit; margin: 0px; padding: 0px;">PortForward2 192.168.1.2 <span class="m" style="color: #0084ff;">8765</span> 202.115.8.2 <span class="m" style="color: #0084ff;">8765</span></code></pre></div><p style="background-color: white; color: #121212; font-family: -apple-system, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Microsoft YaHei", "Source Han Sans SC", "Noto Sans CJK SC", "WenQuanYi Micro Hei", sans-serif; margin: 1.4em 0px;"><span style="vertical-align: inherit;">那麼任何訪問本機192.168.1.2 這個地址8765 端口,都會被轉發到202.115.8.2:8765</span></p><p style="background-color: white; color: #121212; font-family: -apple-system, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Microsoft YaHei", "Source Han Sans SC", "Noto Sans CJK SC", "WenQuanYi Micro Hei", sans-serif; margin: 1.4em 0px;"><span style="vertical-align: inherit;">這個iptable的</span><code style="background-color: #f6f6f6; border-radius: 3px; font-family: Menlo, Monaco, Consolas, "Andale Mono", "lucida console", "Courier New", monospace; font-size: 0.9em; margin: 0px 2px; padding: 3px 4px;">port forwarding</code><span style="vertical-align: inherit;">是內核層運行的,性能極好,只不過每次重啟都需要重新設置下。</span></p><p><br /></p>髒圳嘎http://www.blogger.com/profile/17184209061223272557noreply@blogger.com0tag:blogger.com,1999:blog-2937680267848947674.post-34288459950020233442020-07-16T16:55:00.003+08:002020-07-16T16:55:40.836+08:00常見以太網接口介紹<span style="background-color: white; border: 0px; box-sizing: inherit; color: rgba(0, 0, 0, 0.87); font-family: 微軟正黑體; margin: 0px; padding: 0px; vertical-align: baseline;"><span style="box-sizing: inherit; vertical-align: inherit;"><span style="box-sizing: inherit; vertical-align: inherit;"><span style="font-size: xx-small;"><i>from:<a href="https://www.wpgdadatong.com/tw/blog/detail?BID=B0594">https://www.wpgdadatong.com/tw/blog/detail?BID=B0594</a></i></span><br /><br /><span style="font-size: 15px;">一. </span></span></span><span style="border: 0px; box-sizing: inherit; font-size: 15px; font-weight: 700; margin: 0px; padding: 0px; vertical-align: baseline;"><span style="box-sizing: inherit; vertical-align: inherit;"><span style="box-sizing: inherit; vertical-align: inherit;">PHY包含的各個子層</span></span></span><span style="box-sizing: inherit; font-size: 15px; vertical-align: inherit;"><span style="box-sizing: inherit; vertical-align: inherit;">:</span></span></span><br />
<div style="background-color: white; border: 0px; box-sizing: inherit; color: rgba(0, 0, 0, 0.87); font-family: 微軟正黑體; font-size: 15px; padding: 0px 0px 1em; vertical-align: baseline;">
<span style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">PCS:編碼和解碼</span></div>
<div style="background-color: white; border: 0px; box-sizing: inherit; color: rgba(0, 0, 0, 0.87); font-family: 微軟正黑體; font-size: 15px; padding: 0px 0px 1em; vertical-align: baseline;">
<span style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">PMA:串行器和反序列化器</span></div>
<div style="background-color: white; border: 0px; box-sizing: inherit; color: rgba(0, 0, 0, 0.87); font-family: 微軟正黑體; font-size: 15px; padding: 0px 0px 1em; vertical-align: baseline;">
<span style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;"><span style="box-sizing: inherit; vertical-align: inherit;"><span style="box-sizing: inherit; vertical-align: inherit;">PMD:取決於物理介質</span></span><br style="box-sizing: inherit;" /></span></div>
<div style="background-color: white; border: 0px; box-sizing: inherit; color: rgba(0, 0, 0, 0.87); font-family: 微軟正黑體; font-size: 15px; padding: 0px 0px 1em; vertical-align: baseline;">
<span style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;"><span style="border: 0px; box-sizing: inherit; font-weight: 700; margin: 0px; padding: 0px; vertical-align: baseline;"><span style="box-sizing: inherit; vertical-align: inherit;"><span style="box-sizing: inherit; vertical-align: inherit;">Firgure 1:</span></span></span><span style="box-sizing: inherit; vertical-align: inherit;"><span style="box-sizing: inherit; vertical-align: inherit;"> OSI模型裡示意圖:</span></span></span><br style="box-sizing: inherit;" /><span style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;"><img alt="" src="https://edit.wpgdadawant.com/uploads/news_file/blog/2019/726/tinymce/1.png" style="border: 0px; box-sizing: inherit; height: auto; margin: 0px; max-width: 100%; padding: 0px; vertical-align: baseline;" /></span></div>
<div style="background-color: white; border: 0px; box-sizing: inherit; color: rgba(0, 0, 0, 0.87); font-family: 微軟正黑體; font-size: 15px; padding: 0px 0px 1em; vertical-align: baseline;">
<span style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">Firgure 2: 實際互連示意圖:</span></div>
<div style="background-color: white; border: 0px; box-sizing: inherit; color: rgba(0, 0, 0, 0.87); font-family: 微軟正黑體; font-size: 15px; padding: 0px 0px 1em; vertical-align: baseline;">
<span style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;"><img alt="" src="https://edit.wpgdadawant.com/uploads/news_file/blog/2019/726/tinymce/2.png" style="border: 0px; box-sizing: inherit; height: auto; margin: 0px; max-width: 100%; padding: 0px; vertical-align: baseline;" /></span><br style="box-sizing: inherit;" /><br style="box-sizing: inherit;" /><span style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;"><span style="box-sizing: inherit; vertical-align: inherit;"><span style="box-sizing: inherit; vertical-align: inherit;">二. </span></span><span style="border: 0px; box-sizing: inherit; font-weight: 700; margin: 0px; padding: 0px; vertical-align: baseline;"><span style="box-sizing: inherit; vertical-align: inherit;"><span style="box-sizing: inherit; vertical-align: inherit;">以太網上常見的MAC </span></span></span><span style="border: 0px; box-sizing: inherit; font-weight: 700; margin: 0px; padding: 0px; vertical-align: baseline;"><span style="box-sizing: inherit; vertical-align: inherit;"><span style="box-sizing: inherit; vertical-align: inherit;">與PHY </span></span></span><span style="border: 0px; box-sizing: inherit; font-weight: 700; margin: 0px; padding: 0px; vertical-align: baseline;"><span style="box-sizing: inherit; vertical-align: inherit;"><span style="box-sizing: inherit; vertical-align: inherit;">之間的接口( </span></span></span><span style="border: 0px; box-sizing: inherit; font-weight: 700; margin: 0px; padding: 0px; vertical-align: baseline;"><span style="box-sizing: inherit; vertical-align: inherit;"><span style="box-sizing: inherit; vertical-align: inherit;">按照速度區分)</span></span></span></span></div>
<ol style="background-color: white; border: 0px; box-sizing: inherit; color: rgba(0, 0, 0, 0.87); font-family: 微軟正黑體; font-size: 15px; list-style-position: inside; vertical-align: baseline;">
<li style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;"><span style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;"><span style="border: 0px; box-sizing: inherit; font-weight: 700; margin: 0px; padding: 0px; vertical-align: baseline;">1億</span></span></li>
</ol>
<div style="background-color: white; border: 0px; box-sizing: inherit; color: rgba(0, 0, 0, 0.87); font-family: 微軟正黑體; font-size: 15px; padding: 0px 0px 1em; vertical-align: baseline;">
<span style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;"><span style="border: 0px; box-sizing: inherit; font-weight: 700; margin: 0px; padding: 0px; vertical-align: baseline;"><span style="box-sizing: inherit; vertical-align: inherit;"><span style="box-sizing: inherit; vertical-align: inherit;"> MII:介質獨立接口(</span></span></span><span style="box-sizing: inherit; vertical-align: inherit;"><span style="box-sizing: inherit; vertical-align: inherit;"> IEEE 802.3 CL22 </span></span><span style="border: 0px; box-sizing: inherit; font-weight: 700; margin: 0px; padding: 0px; vertical-align: baseline;"><span style="box-sizing: inherit; vertical-align: inherit;"><span style="box-sizing: inherit; vertical-align: inherit;">)</span></span></span></span></div>
<ul style="background-color: white; border: 0px; box-sizing: inherit; color: rgba(0, 0, 0, 0.87); font-family: 微軟正黑體; font-size: 15px; list-style: initial; vertical-align: baseline;">
<li style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;"><span style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">一種數字接口,可在10/100 Mbit / s PHY與MAC子層之間提供4位寬的數據路徑。</span></li>
<li style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;"><span style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">TXC,TXD [3:0],TXEN,TXER</span></li>
<li style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;"><span style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">RXC,RXD [3:0],RXDV,RXER</span></li>
</ul>
<div style="background-color: white; border: 0px; box-sizing: inherit; color: rgba(0, 0, 0, 0.87); font-family: 微軟正黑體; font-size: 15px; padding: 0px 0px 1em; vertical-align: baseline;">
<span style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;"><span style="border: 0px; box-sizing: inherit; font-weight: 700; margin: 0px; padding: 0px; vertical-align: baseline;"> RMII:簡化的媒體獨立接口</span></span></div>
<ul style="background-color: white; border: 0px; box-sizing: inherit; color: rgba(0, 0, 0, 0.87); font-family: 微軟正黑體; font-size: 15px; list-style: initial; vertical-align: baseline;">
<li style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;"><span style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">對比MII,是信號線數量減半</span></li>
<li style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;"><span style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">主要支持廠家有BRCM/AMD/TI等</span></li>
</ul>
<div style="background-color: white; border: 0px; box-sizing: inherit; color: rgba(0, 0, 0, 0.87); font-family: 微軟正黑體; font-size: 15px; padding: 0px 0px 1em; vertical-align: baseline;">
<span style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">Figure 3:RMII連接示意圖:</span><br style="box-sizing: inherit;" /><span style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;"><img alt="" src="https://edit.wpgdadawant.com/uploads/news_file/blog/2019/726/tinymce/3.png" style="border: 0px; box-sizing: inherit; height: auto; margin: 0px; max-width: 100%; padding: 0px; vertical-align: baseline;" /></span><br style="box-sizing: inherit;" /><span style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;"><span style="border: 0px; box-sizing: inherit; font-weight: 700; margin: 0px; padding: 0px; vertical-align: baseline;"><br style="box-sizing: inherit;" /></span></span></div>
<div style="background-color: white; border: 0px; box-sizing: inherit; color: rgba(0, 0, 0, 0.87); font-family: 微軟正黑體; font-size: 15px; padding: 0px 0px 1em; vertical-align: baseline;">
<span style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;"><span style="border: 0px; box-sizing: inherit; font-weight: 700; margin: 0px; padding: 0px; vertical-align: baseline;"> SMII:串行MII</span></span></div>
<ul style="background-color: white; border: 0px; box-sizing: inherit; color: rgba(0, 0, 0, 0.87); font-family: 微軟正黑體; font-size: 15px; list-style: initial; vertical-align: baseline;">
<li style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;"><span style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;"><span style="border: 0px; box-sizing: inherit; font-weight: 700; margin: 0px; padding: 0px; vertical-align: baseline;">串行化的MII</span></span></li>
<li style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;"><span style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;"><span style="border: 0px; box-sizing: inherit; font-weight: 700; margin: 0px; padding: 0px; vertical-align: baseline;"><span style="box-sizing: inherit; vertical-align: inherit;"><span style="box-sizing: inherit; vertical-align: inherit;">信號主要有:</span></span></span><span style="box-sizing: inherit; vertical-align: inherit;"><span style="box-sizing: inherit; vertical-align: inherit;"> REFCLK, STXD, SRXD, SSYNC, TX_EN, RX_DV</span></span></span></li>
<li style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;"><span style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;"><span style="border: 0px; box-sizing: inherit; font-weight: 700; margin: 0px; padding: 0px; vertical-align: baseline;">主要支持廠家有Cisco</span></span></li>
</ul>
<div style="background-color: white; border: 0px; box-sizing: inherit; color: rgba(0, 0, 0, 0.87); font-family: 微軟正黑體; font-size: 15px; padding: 0px 0px 1em; vertical-align: baseline;">
<span style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">Figure 4:SMII連接示意圖:</span><br style="box-sizing: inherit;" /><span style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;"><img alt="" src="https://edit.wpgdadawant.com/uploads/news_file/blog/2019/726/tinymce/4.png" style="border: 0px; box-sizing: inherit; height: auto; margin: 0px; max-width: 100%; padding: 0px; vertical-align: baseline;" /></span></div>
<div style="background-color: white; border: 0px; box-sizing: inherit; color: rgba(0, 0, 0, 0.87); font-family: 微軟正黑體; font-size: 15px; padding: 0px 0px 1em; vertical-align: baseline;">
<span style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;"><span style="border: 0px; box-sizing: inherit; font-weight: 700; margin: 0px; padding: 0px; vertical-align: baseline;">S3MII:源同步SMII</span></span></div>
<ul style="background-color: white; border: 0px; box-sizing: inherit; color: rgba(0, 0, 0, 0.87); font-family: 微軟正黑體; font-size: 15px; list-style: initial; vertical-align: baseline;">
<li style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;"><span style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">REFCLK,SSMII_RXC,SSMII_RSYNC,RXD,SSMII_TXC,SSYNC,TXD</span></li>
<li style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;"><span style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">主要支持廠家Cisco</span></li>
</ul>
<div style="background-color: white; border: 0px; box-sizing: inherit; color: rgba(0, 0, 0, 0.87); font-family: 微軟正黑體; font-size: 15px; padding: 0px 0px 1em; vertical-align: baseline;">
<span style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">Figure 5:S3MII連接示意圖:</span><br style="box-sizing: inherit;" /><span style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;"><img alt="" src="https://edit.wpgdadawant.com/uploads/news_file/blog/2019/726/tinymce/5.png" style="border: 0px; box-sizing: inherit; height: auto; margin: 0px; max-width: 100%; padding: 0px; vertical-align: baseline;" /></span><br style="box-sizing: inherit;" /></div>
<ol start="2" style="background-color: white; border: 0px; box-sizing: inherit; color: rgba(0, 0, 0, 0.87); font-family: 微軟正黑體; font-size: 15px; list-style-position: inside; vertical-align: baseline;">
<li style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;"><span style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;"><span style="border: 0px; box-sizing: inherit; font-weight: 700; margin: 0px; padding: 0px; vertical-align: baseline;">1000M</span></span></li>
</ol>
<div style="background-color: white; border: 0px; box-sizing: inherit; color: rgba(0, 0, 0, 0.87); font-family: 微軟正黑體; font-size: 15px; padding: 0px 0px 1em; vertical-align: baseline;">
<span style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;"><span style="border: 0px; box-sizing: inherit; font-weight: 700; margin: 0px; padding: 0px; vertical-align: baseline;"><span style="box-sizing: inherit; vertical-align: inherit;"><span style="box-sizing: inherit; vertical-align: inherit;"> 2.1>.1GE </span></span></span><span style="border: 0px; box-sizing: inherit; font-weight: 700; margin: 0px; padding: 0px; vertical-align: baseline;"><span style="box-sizing: inherit; vertical-align: inherit;"><span style="box-sizing: inherit; vertical-align: inherit;">並行接口</span></span></span></span></div>
<div style="background-color: white; border: 0px; box-sizing: inherit; color: rgba(0, 0, 0, 0.87); font-family: 微軟正黑體; font-size: 15px; padding: 0px 0px 1em; vertical-align: baseline;">
<span style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;"><span style="border: 0px; box-sizing: inherit; font-weight: 700; margin: 0px; padding: 0px; vertical-align: baseline;"><span style="box-sizing: inherit; vertical-align: inherit;"><span style="box-sizing: inherit; vertical-align: inherit;"> GMII:</span></span></span><span style="box-sizing: inherit; vertical-align: inherit;"><span style="box-sizing: inherit; vertical-align: inherit;"> 千兆位媒體獨立接口,IEEE 802.3 CL35</span></span></span></div>
<ul style="background-color: white; border: 0px; box-sizing: inherit; color: rgba(0, 0, 0, 0.87); font-family: 微軟正黑體; font-size: 15px; list-style: initial; vertical-align: baseline;">
<li style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;"><span style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;"><span style="box-sizing: inherit; vertical-align: inherit;"><span style="box-sizing: inherit; vertical-align: inherit;">在1000 Mbit / s PHY和MAC子層之間提供8位寬數據路徑的數字接口。</span><span style="box-sizing: inherit; vertical-align: inherit;">它還支持IEEE 802.3z規範中定義的4位寬的MII接口。</span></span></span></li>
<li style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;"><span style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">GTXCLK,TXD [7:0],TXEN,TXER</span></li>
<li style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;"><span style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">RXC,RXD [7:0],RXDV,RXER,COL CRS</span></li>
</ul>
<div style="background-color: white; border: 0px; box-sizing: inherit; color: rgba(0, 0, 0, 0.87); font-family: 微軟正黑體; font-size: 15px; padding: 0px 0px 1em; vertical-align: baseline;">
<span style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">Figure 6: GMII 連接示意圖:</span><br style="box-sizing: inherit;" /><span style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;"><img alt="" src="https://edit.wpgdadawant.com/uploads/news_file/blog/2019/726/tinymce/6.png" style="border: 0px; box-sizing: inherit; height: auto; margin: 0px; max-width: 100%; padding: 0px; vertical-align: baseline;" /></span><br style="box-sizing: inherit;" /></div>
<div style="background-color: white; border: 0px; box-sizing: inherit; color: rgba(0, 0, 0, 0.87); font-family: 微軟正黑體; font-size: 15px; padding: 0px 0px 1em; vertical-align: baseline;">
<span style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;"><span style="border: 0px; box-sizing: inherit; font-weight: 700; margin: 0px; padding: 0px; vertical-align: baseline;"><span style="box-sizing: inherit; vertical-align: inherit;"><span style="box-sizing: inherit; vertical-align: inherit;">RGMII</span></span></span><span style="box-sizing: inherit; vertical-align: inherit;"><span style="box-sizing: inherit; vertical-align: inherit;">:簡化的GMII,</span></span></span></div>
<div style="background-color: white; border: 0px; box-sizing: inherit; color: rgba(0, 0, 0, 0.87); font-family: 微軟正黑體; font-size: 15px; padding: 0px 0px 1em; vertical-align: baseline;">
<span style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">-對比GMII,主要是數據線數量減半;</span></div>
<div style="background-color: white; border: 0px; box-sizing: inherit; color: rgba(0, 0, 0, 0.87); font-family: 微軟正黑體; font-size: 15px; padding: 0px 0px 1em; vertical-align: baseline;">
<span style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">-主要支持廠家有BRCM/HP/MAVL</span></div>
<div style="background-color: white; border: 0px; box-sizing: inherit; color: rgba(0, 0, 0, 0.87); font-family: 微軟正黑體; font-size: 15px; padding: 0px 0px 1em; vertical-align: baseline;">
<span style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;"><span style="border: 0px; box-sizing: inherit; font-weight: 700; margin: 0px; padding: 0px; vertical-align: baseline;"><span style="box-sizing: inherit; vertical-align: inherit;"><span style="box-sizing: inherit; vertical-align: inherit;"> 2.2>. 1GE </span></span></span><span style="border: 0px; box-sizing: inherit; font-weight: 700; margin: 0px; padding: 0px; vertical-align: baseline;"><span style="box-sizing: inherit; vertical-align: inherit;"><span style="box-sizing: inherit; vertical-align: inherit;">串行接口</span></span></span></span></div>
<div style="background-color: white; border: 0px; box-sizing: inherit; color: rgba(0, 0, 0, 0.87); font-family: 微軟正黑體; font-size: 15px; padding: 0px 0px 1em; vertical-align: baseline;">
<span style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;"><span style="border: 0px; box-sizing: inherit; font-weight: 700; margin: 0px; padding: 0px; vertical-align: baseline;"><span style="box-sizing: inherit; vertical-align: inherit;"><span style="box-sizing: inherit; vertical-align: inherit;"> SGMII:串行MII </span></span></span><span style="border: 0px; box-sizing: inherit; font-weight: 700; margin: 0px; padding: 0px; vertical-align: baseline;"><span style="box-sizing: inherit; vertical-align: inherit;"><span style="box-sizing: inherit; vertical-align: inherit;">,</span></span></span><span style="border: 0px; box-sizing: inherit; font-weight: 700; margin: 0px; padding: 0px; vertical-align: baseline;"><span style="box-sizing: inherit; vertical-align: inherit;"><span style="box-sizing: inherit; vertical-align: inherit;">1.25G波特率,Cisco</span></span></span></span></div>
<ul style="background-color: white; border: 0px; box-sizing: inherit; color: rgba(0, 0, 0, 0.87); font-family: 微軟正黑體; font-size: 15px; list-style: initial; vertical-align: baseline;">
<li style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;"><span style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">一個數字接口,可在1000 Mbit / s PHY和MAC子層之間提供1.25 Gbps串行雙數據速率數據路徑。</span></li>
<li style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;"><span style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">SGIN +-/ SGOUT +-</span></li>
<li style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;"><span style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">8b / 10b編碼</span></li>
</ul>
<div style="background-color: white; border: 0px; box-sizing: inherit; color: rgba(0, 0, 0, 0.87); font-family: 微軟正黑體; font-size: 15px; padding: 0px 0px 1em; vertical-align: baseline;">
<span style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">Figure 7: SGMII 連接示意圖:</span><br style="box-sizing: inherit;" /><span style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;"><img alt="" src="https://edit.wpgdadawant.com/uploads/news_file/blog/2019/726/tinymce/7.png" style="border: 0px; box-sizing: inherit; height: auto; margin: 0px; max-width: 100%; padding: 0px; vertical-align: baseline;" /></span><br style="box-sizing: inherit;" /></div>
<div style="background-color: white; border: 0px; box-sizing: inherit; color: rgba(0, 0, 0, 0.87); font-family: 微軟正黑體; font-size: 15px; padding: 0px 0px 1em; vertical-align: baseline;">
<span style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;"><span style="border: 0px; box-sizing: inherit; font-weight: 700; margin: 0px; padding: 0px; vertical-align: baseline;"><span style="box-sizing: inherit; vertical-align: inherit;"><span style="box-sizing: inherit; vertical-align: inherit;">QSGMII:Quad SGMII </span></span></span><span style="border: 0px; box-sizing: inherit; font-weight: 700; margin: 0px; padding: 0px; vertical-align: baseline;"><span style="box-sizing: inherit; vertical-align: inherit;"><span style="box-sizing: inherit; vertical-align: inherit;">,</span></span></span><span style="border: 0px; box-sizing: inherit; font-weight: 700; margin: 0px; padding: 0px; vertical-align: baseline;"><span style="box-sizing: inherit; vertical-align: inherit;"><span style="box-sizing: inherit; vertical-align: inherit;">5G波特率</span></span></span><span style="border: 0px; box-sizing: inherit; font-weight: 700; margin: 0px; padding: 0px; vertical-align: baseline;"><span style="box-sizing: inherit; vertical-align: inherit;"><span style="box-sizing: inherit; vertical-align: inherit;">,</span></span></span><span style="border: 0px; box-sizing: inherit; font-weight: 700; margin: 0px; padding: 0px; vertical-align: baseline;"><span style="box-sizing: inherit; vertical-align: inherit;"><span style="box-sizing: inherit; vertical-align: inherit;">Cisco</span></span></span></span></div>
<ul style="background-color: white; border: 0px; box-sizing: inherit; color: rgba(0, 0, 0, 0.87); font-family: 微軟正黑體; font-size: 15px; list-style: initial; vertical-align: baseline;">
<li style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;"><span style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">四路串行千兆媒體獨立接口:一種數字接口,可在四個1000 Mbit / s PHY端口和MAC子層之間提供5.0 Gbps串行數據路徑</span></li>
<li style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;"><span style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">QSGMII_RDp / n,QSGMII_TDp / n</span></li>
<li style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;"><span style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">8b / 10b編碼</span></li>
</ul>
<div style="background-color: white; border: 0px; box-sizing: inherit; color: rgba(0, 0, 0, 0.87); font-family: 微軟正黑體; font-size: 15px; padding: 0px 0px 1em; vertical-align: baseline;">
<span style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;"><span style="border: 0px; box-sizing: inherit; font-weight: 700; margin: 0px; padding: 0px; vertical-align: baseline;"><span style="box-sizing: inherit; vertical-align: inherit;"><span style="box-sizing: inherit; vertical-align: inherit;">USGMII:</span></span></span><span style="box-sizing: inherit; vertical-align: inherit;"><span style="box-sizing: inherit; vertical-align: inherit;">通用SGMII,1.25G / 5G / 10G波特率,思科</span></span></span></div>
<ul style="background-color: white; border: 0px; box-sizing: inherit; color: rgba(0, 0, 0, 0.87); font-family: 微軟正黑體; font-size: 15px; list-style: initial; vertical-align: baseline;">
<li style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;"><span style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;"><span style="box-sizing: inherit; vertical-align: inherit;"><span style="box-sizing: inherit; vertical-align: inherit;">當前SGMII和QSGMII的擴展。</span><span style="box-sizing: inherit; vertical-align: inherit;">USGMII提供了添加新功能的靈活性,同時保持了向後兼容性。</span></span></span></li>
<li style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;"><span style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">USGMII_RDp / n,USGMII_TDp / n</span></li>
<li style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;"><span style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">8b / 10b編碼</span></li>
<li style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;"><span style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">最多可以支持8個1GE 口</span></li>
<li style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;"><span style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">PCH: Packet Control Header. 這個是最大特點。</span></li>
</ul>
<div style="background-color: white; border: 0px; box-sizing: inherit; color: rgba(0, 0, 0, 0.87); font-family: 微軟正黑體; font-size: 15px; padding: 0px 0px 1em; vertical-align: baseline;">
<span style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;"><span style="box-sizing: inherit; vertical-align: inherit;"><span style="box-sizing: inherit; vertical-align: inherit;">PCH提供諸如PTP時間戳之類的可選功能,並可以通過重複使用下文所述的擴展字段來添加功能。</span><span style="box-sizing: inherit; vertical-align: inherit;">PHY通過PCH與端口MAC(ASIC)通信。</span><span style="box-sizing: inherit; vertical-align: inherit;">PCH是8個字節,它代替了幀的前同步碼。</span></span></span><br style="box-sizing: inherit;" /><span style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;"><img alt="" src="https://edit.wpgdadawant.com/uploads/news_file/blog/2019/726/tinymce/8.png" style="border: 0px; box-sizing: inherit; height: auto; margin: 0px; max-width: 100%; padding: 0px; vertical-align: baseline;" /></span><br style="box-sizing: inherit;" /></div>
<div style="background-color: white; border: 0px; box-sizing: inherit; color: rgba(0, 0, 0, 0.87); font-family: 微軟正黑體; font-size: 15px; padding: 0px 0px 1em; vertical-align: baseline;">
<span style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;"><span style="border: 0px; box-sizing: inherit; font-weight: 700; margin: 0px; padding: 0px; vertical-align: baseline;"><span style="box-sizing: inherit; vertical-align: inherit;"><span style="box-sizing: inherit; vertical-align: inherit;"> 1000base-X: </span></span></span><span style="box-sizing: inherit; vertical-align: inherit;"><span style="box-sizing: inherit; vertical-align: inherit;">Serdes,8b / 10b編碼,IEEE 802.3 CL36 / 37</span></span></span></div>
<div style="background-color: white; border: 0px; box-sizing: inherit; color: rgba(0, 0, 0, 0.87); font-family: 微軟正黑體; font-size: 15px; padding: 0px 0px 1em; vertical-align: baseline;">
<span style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;"><span style="border: 0px; box-sizing: inherit; font-weight: 700; margin: 0px; padding: 0px; vertical-align: baseline;"><span style="box-sizing: inherit; vertical-align: inherit;"><span style="box-sizing: inherit; vertical-align: inherit;"> 1000base-KX: </span></span></span><span style="box-sizing: inherit; vertical-align: inherit;"><span style="box-sizing: inherit; vertical-align: inherit;"> 1G背板的應用, 8b/10b coding, IEEE 802.3 CL70</span></span></span></div>
<div style="background-color: white; border: 0px; box-sizing: inherit; color: rgba(0, 0, 0, 0.87); font-family: 微軟正黑體; font-size: 15px; padding: 0px 0px 1em; vertical-align: baseline;">
<span style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;"><span style="border: 0px; box-sizing: inherit; font-weight: 700; margin: 0px; padding: 0px; vertical-align: baseline;"><span style="box-sizing: inherit; vertical-align: inherit;"><span style="box-sizing: inherit; vertical-align: inherit;">2.3>. </span></span></span><span style="border: 0px; box-sizing: inherit; font-weight: 700; margin: 0px; padding: 0px; vertical-align: baseline;"><span style="box-sizing: inherit; vertical-align: inherit;"><span style="box-sizing: inherit; vertical-align: inherit;">擴展</span></span></span><span style="border: 0px; box-sizing: inherit; font-weight: 700; margin: 0px; padding: 0px; vertical-align: baseline;"><span style="box-sizing: inherit; vertical-align: inherit;"><span style="box-sizing: inherit; vertical-align: inherit;">—BRCM supports USXGMII:</span></span></span></span></div>
<div style="background-color: white; border: 0px; box-sizing: inherit; color: rgba(0, 0, 0, 0.87); font-family: 微軟正黑體; font-size: 15px; padding: 0px 0px 1em; vertical-align: baseline;">
<span style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;"><span style="border: 0px; box-sizing: inherit; font-weight: 700; margin: 0px; padding: 0px; vertical-align: baseline;"> </span><span style="box-sizing: inherit; vertical-align: inherit;"><span style="box-sizing: inherit; vertical-align: inherit;">USXGMII: Universal serial XGMII,它是基於一對serdes的一個端口;</span></span></span></div>
<div style="background-color: white; border: 0px; box-sizing: inherit; color: rgba(0, 0, 0, 0.87); font-family: 微軟正黑體; font-size: 15px; padding: 0px 0px 1em; vertical-align: baseline;">
<span style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;"> -10.3125G波特率,64b / 66b編碼;</span></div>
<div style="background-color: white; border: 0px; box-sizing: inherit; color: rgba(0, 0, 0, 0.87); font-family: 微軟正黑體; font-size: 15px; padding: 0px 0px 1em; vertical-align: baseline;">
<span style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;"> Figure 9:USXGMII工作在10G和5G時候的區別:</span></div>
<div style="background-color: white; border: 0px; box-sizing: inherit; color: rgba(0, 0, 0, 0.87); font-family: 微軟正黑體; font-size: 15px; padding: 0px 0px 1em; vertical-align: baseline;">
<span style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;"><span style="border: 0px; box-sizing: inherit; font-weight: 700; margin: 0px; padding: 0px; vertical-align: baseline;"><img alt="" src="https://edit.wpgdadawant.com/uploads/news_file/blog/2019/726/tinymce/9.png" style="border: 0px; box-sizing: inherit; height: auto; margin: 0px; max-width: 100%; padding: 0px; vertical-align: baseline;" /></span></span></div>
<div style="background-color: white; border: 0px; box-sizing: inherit; color: rgba(0, 0, 0, 0.87); font-family: 微軟正黑體; font-size: 15px; padding: 0px 0px 1em; vertical-align: baseline;">
<span style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;"><span style="border: 0px; box-sizing: inherit; font-weight: 700; margin: 0px; padding: 0px; vertical-align: baseline;"><span style="box-sizing: inherit; vertical-align: inherit;"><span style="box-sizing: inherit; vertical-align: inherit;">2.4>. </span></span></span><span style="border: 0px; box-sizing: inherit; font-weight: 700; margin: 0px; padding: 0px; vertical-align: baseline;"><span style="box-sizing: inherit; vertical-align: inherit;"><span style="box-sizing: inherit; vertical-align: inherit;">比較:</span></span></span></span></div>
<div style="background-color: white; border: 0px; box-sizing: inherit; color: rgba(0, 0, 0, 0.87); font-family: 微軟正黑體; font-size: 15px; padding: 0px 0px 1em; vertical-align: baseline;">
<span style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;"><span style="border: 0px; box-sizing: inherit; font-weight: 700; margin: 0px; padding: 0px; vertical-align: baseline;"> -USGMII與SGMII / QSGMII</span></span></div>
<div style="background-color: white; border: 0px; box-sizing: inherit; color: rgba(0, 0, 0, 0.87); font-family: 微軟正黑體; font-size: 15px; padding: 0px 0px 1em; vertical-align: baseline;">
<span style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;"><span style="border: 0px; box-sizing: inherit; font-weight: 700; margin: 0px; padding: 0px; vertical-align: baseline;"> </span><span style="box-sizing: inherit; vertical-align: inherit;"><span style="box-sizing: inherit; vertical-align: inherit;"> USGMII可以最多支持8個1GE口,通過一對10G serdes,對於高密度的應用更合適;</span></span></span></div>
<div style="background-color: white; border: 0px; box-sizing: inherit; color: rgba(0, 0, 0, 0.87); font-family: 微軟正黑體; font-size: 15px; padding: 0px 0px 1em; vertical-align: baseline;">
<span style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;"> USGMII可以過PCH(PacketControlHeader)傳遞MAC和PHY之間的control/status信息,這對PTP上timestamp的應用提供了便利;</span></div>
<ul style="background-color: white; border: 0px; box-sizing: inherit; color: rgba(0, 0, 0, 0.87); font-family: 微軟正黑體; font-size: 15px; list-style: initial; vertical-align: baseline;">
<li style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;"><span style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;"><span style="border: 0px; box-sizing: inherit; font-weight: 700; margin: 0px; padding: 0px; vertical-align: baseline;">USGMII與USXGMII</span></span></li>
</ul>
<div style="background-color: white; border: 0px; box-sizing: inherit; color: rgba(0, 0, 0, 0.87); font-family: 微軟正黑體; font-size: 15px; padding: 0px 0px 1em; vertical-align: baseline;">
<span style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;"><span style="border: 0px; box-sizing: inherit; font-weight: 700; margin: 0px; padding: 0px; vertical-align: baseline;"> </span><span style="box-sizing: inherit; vertical-align: inherit;"><span style="box-sizing: inherit; vertical-align: inherit;"> USGMII是出8個1GE口,</span></span></span></div>
<div style="background-color: white; border: 0px; box-sizing: inherit; color: rgba(0, 0, 0, 0.87); font-family: 微軟正黑體; font-size: 15px; padding: 0px 0px 1em; vertical-align: baseline;">
<span style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;"> USXGMII是出一個口,此口可以是10M/100M/1000M/5G/10G等</span></div>
<ol start="3" style="background-color: white; border: 0px; box-sizing: inherit; color: rgba(0, 0, 0, 0.87); font-family: 微軟正黑體; font-size: 15px; list-style-position: inside; vertical-align: baseline;">
<li style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;"><span style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;"><span style="border: 0px; box-sizing: inherit; font-weight: 700; margin: 0px; padding: 0px; vertical-align: baseline;">10G</span></span></li>
</ol>
<div style="background-color: white; border: 0px; box-sizing: inherit; color: rgba(0, 0, 0, 0.87); font-family: 微軟正黑體; font-size: 15px; padding: 0px 0px 1em; vertical-align: baseline;">
<span style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;"><span style="border: 0px; box-sizing: inherit; font-weight: 700; margin: 0px; padding: 0px; vertical-align: baseline;"><span style="box-sizing: inherit; vertical-align: inherit;"><span style="box-sizing: inherit; vertical-align: inherit;"> XAUI</span></span></span><span style="box-sizing: inherit; vertical-align: inherit;"><span style="box-sizing: inherit; vertical-align: inherit;"> ---- 10千兆位附件單元接口,IEEE 802.3 CL47 10GBASE-LX4(CL53),10GBASE-KX4(CL71),10GBASE-CX4(CL54)</span></span></span></div>
<ul style="background-color: white; border: 0px; box-sizing: inherit; color: rgba(0, 0, 0, 0.87); font-family: 微軟正黑體; font-size: 15px; list-style: initial; vertical-align: baseline;">
<li style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;"><span style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">125Gbps,8b / 10b編碼</span></li>
<li style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;"><span style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">XG_RX [3:0] _p / n,XG_TX [3:0] _p / n</span></li>
<li style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;"><span style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">4對差分線出1一個10G口;</span></li>
</ul>
<div style="background-color: white; border: 0px; box-sizing: inherit; color: rgba(0, 0, 0, 0.87); font-family: 微軟正黑體; font-size: 15px; padding: 0px 0px 1em; vertical-align: baseline;">
<span style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;"> <span style="border: 0px; box-sizing: inherit; font-weight: 700; margin: 0px; padding: 0px; vertical-align: baseline;"><span style="box-sizing: inherit; vertical-align: inherit;"><span style="box-sizing: inherit; vertical-align: inherit;"> DXAUI--</span></span></span><span style="box-sizing: inherit; vertical-align: inherit;"><span style="box-sizing: inherit; vertical-align: inherit;">雙重XAUI 4x6.25Gbps,8b / 10b編碼</span></span></span></div>
<ul style="background-color: white; border: 0px; box-sizing: inherit; color: rgba(0, 0, 0, 0.87); font-family: 微軟正黑體; font-size: 15px; list-style: initial; vertical-align: baseline;">
<li style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;"><span style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">XG_RX [3:0] _p / n,XG_TX [3:0] _p / n</span></li>
<li style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;"><span style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">4對差分線出一個20G口;</span></li>
</ul>
<div style="background-color: white; border: 0px; box-sizing: inherit; color: rgba(0, 0, 0, 0.87); font-family: 微軟正黑體; font-size: 15px; padding: 0px 0px 1em; vertical-align: baseline;">
<span style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;"><span style="border: 0px; box-sizing: inherit; font-weight: 700; margin: 0px; padding: 0px; vertical-align: baseline;"><span style="box-sizing: inherit; vertical-align: inherit;"><span style="box-sizing: inherit; vertical-align: inherit;"> RAXUI</span></span></span><span style="box-sizing: inherit; vertical-align: inherit;"><span style="box-sizing: inherit; vertical-align: inherit;"> ---減少XAUI 2x6.25Gbps,8b / 10b編碼</span></span></span></div>
<ul style="background-color: white; border: 0px; box-sizing: inherit; color: rgba(0, 0, 0, 0.87); font-family: 微軟正黑體; font-size: 15px; list-style: initial; vertical-align: baseline;">
<li style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;"><span style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">XG_RX [1:0] _p / n,XG_TX [1:0] _p / n</span></li>
<li style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;"><span style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">兩對差分線出一個10G口;</span></li>
</ul>
<div style="background-color: white; border: 0px; box-sizing: inherit; color: rgba(0, 0, 0, 0.87); font-family: 微軟正黑體; font-size: 15px; padding: 0px 0px 1em; vertical-align: baseline;">
<span style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;"> <span style="border: 0px; box-sizing: inherit; font-weight: 700; margin: 0px; padding: 0px; vertical-align: baseline;"><span style="box-sizing: inherit; vertical-align: inherit;"><span style="box-sizing: inherit; vertical-align: inherit;"> XFI:</span></span></span><span style="border: 0px; box-sizing: inherit; font-weight: 700; margin: 0px; padding: 0px; vertical-align: baseline;"> </span><span style="box-sizing: inherit; vertical-align: inherit;"><span style="box-sizing: inherit; vertical-align: inherit;"> 10 Gigibit附件單元接口,INF-8077 </span></span></span></div>
<ul style="background-color: white; border: 0px; box-sizing: inherit; color: rgba(0, 0, 0, 0.87); font-family: 微軟正黑體; font-size: 15px; list-style: initial; vertical-align: baseline;">
<li style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;"><span style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">The XFI 用來做10G速率下chip-to-chip 互聯,最初是被XFP multi-source agreement定義.</span></li>
<li style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;"><span style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">10.3125Gbps,64b / 66b編碼</span></li>
<li style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;"><span style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">一對差分線出10G口;</span></li>
</ul>
<span style="background-color: white; border: 0px; box-sizing: inherit; color: rgba(0, 0, 0, 0.87); font-family: 微軟正黑體; font-size: 15px; margin: 0px; padding: 0px; vertical-align: baseline;"><span style="border: 0px; box-sizing: inherit; font-weight: 700; margin: 0px; padding: 0px; vertical-align: baseline;"><span style="box-sizing: inherit; vertical-align: inherit;"><span style="box-sizing: inherit; vertical-align: inherit;"> 10GBASE-KR:</span></span></span><span style="box-sizing: inherit; vertical-align: inherit;"><span style="box-sizing: inherit; vertical-align: inherit;">背板側應用,IEEE 802.3,CL72</span></span></span><br />
<ul style="background-color: white; border: 0px; box-sizing: inherit; color: rgba(0, 0, 0, 0.87); font-family: 微軟正黑體; font-size: 15px; list-style: initial; vertical-align: baseline;">
<li style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;"><span style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">主要特點是CL73 AN,CL72 training,CL74 FEC;</span></li>
<li style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;"><span style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">速率10.3125G,64b/66b編碼;</span></li>
<li style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;"><span style="border: 0px; box-sizing: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">一對差分線出一個10G口;</span></li>
</ul>
髒圳嘎http://www.blogger.com/profile/17184209061223272557noreply@blogger.com0tag:blogger.com,1999:blog-2937680267848947674.post-46242399999399652102020-07-01T15:09:00.004+08:002020-07-01T15:09:36.302+08:00QoS中ToS和CoS的區別?802.1p、ip pri、dscp的區別?<h4 style="-webkit-font-smoothing: antialiased; font-family: -apple-system, "Helvetica Neue", Helvetica, Arial, "PingFang SC", "Hiragino Sans GB", "WenQuanYi Micro Hei", "Microsoft Yahei", sans-serif; line-height: 1.8; margin-bottom: 0.7rem; max-width: 100%; overflow-wrap: break-word; padding: 0px; word-break: break-all;">
<span style="font-size: xx-small;"><span style="color: #333333;">from:</span><a href="https://blog.51cto.com/imccie/1750821">https://blog.51cto.com/imccie/1750821</a></span></h4>
<div style="-webkit-font-smoothing: antialiased; color: #3d464d; font-family: -apple-system, "Helvetica Neue", Helvetica, Arial, "PingFang SC", "Hiragino Sans GB", "WenQuanYi Micro Hei", "Microsoft Yahei", sans-serif; font-size: 16px; line-height: 1.8; margin-bottom: 0.7rem; max-width: 100%; overflow-wrap: break-word; padding: 0px; word-break: break-all;">
<span style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; vertical-align: inherit; word-break: break-all;">談到qos首先需要了解qos調度的幾個重要過程,qos調度過程包括網絡入口數據流量的分類和標記、骨幹網設備上的擁塞避免和擁塞管理、網路出口的隊列調度這幾個重要過程.</span><br style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;" /><strong style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;">1、cos和tos的區別:</strong><br style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;" /><span style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; vertical-align: inherit; word-break: break-all;">通過acl對流量進行分類以後,緊接著就需要對報文進行標記,打標記可以在三層(ip)報文頭上做,也可以在二層報文頭上做.</span><br style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;" /><span style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; vertical-align: inherit; word-break: break-all;">tos(type of service)就是指在三層報文頭(即ip頭)作標記,cos(code of service)則是在二層報文頭作標記,tos與cos只是qos的一種標記機制。</span><br style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;" /><strong style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;">2、802.1p、ip preference、tos、dscp的區別:</strong><br style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;" /><strong style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;">(1)、802.1p:</strong><br style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;" /><span style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; vertical-align: inherit; word-break: break-all;">當需要在二層報文頭做標記的時候,由於單純二層報文沒有地方能打標記,二層打標記只能在trunk上完成,trunk要用到802.1q或isl協議,如果使用的是802.1q協議,標記會打在802.1q協議頭的tci字段上,打了標記(優先級)後的報文,就稱為802.1p報文了。</span><br style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;" /><span style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; vertical-align: inherit; word-break: break-all;">二層報文頭:</span></div>
<table align="center" cellpadding="0" cellspacing="0" style="-webkit-font-smoothing: antialiased; border-collapse: collapse; border-spacing: 0px; color: #333333; display: block; font-family: -apple-system, "Helvetica Neue", Helvetica, Arial, "PingFang SC", "Hiragino Sans GB", "WenQuanYi Micro Hei", "Microsoft Yahei", sans-serif; font-size: 16px; margin: 0px 0px 15px; max-width: 100%; overflow: auto; padding: 0px; width: 764px; word-break: keep-all;"><tbody style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;">
<tr style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;"><td style="-webkit-font-smoothing: antialiased; border: 1px solid rgb(221, 221, 221); margin: 0px; max-width: 748px; padding: 5px; word-break: break-all;"><strong style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;">da</strong></td><td style="-webkit-font-smoothing: antialiased; border: 1px solid rgb(221, 221, 221); margin: 0px; max-width: 748px; padding: 5px; word-break: break-all;"><strong style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;">sa</strong></td><td style="-webkit-font-smoothing: antialiased; border: 1px solid rgb(221, 221, 221); margin: 0px; max-width: 748px; padding: 5px; word-break: break-all;"><strong style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;">data</strong></td><td style="-webkit-font-smoothing: antialiased; border: 1px solid rgb(221, 221, 221); margin: 0px; max-width: 748px; padding: 5px; word-break: break-all;"><strong style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;">fcs</strong></td></tr>
</tbody></table>
<div style="-webkit-font-smoothing: antialiased; color: #3d464d; font-family: -apple-system, "Helvetica Neue", Helvetica, Arial, "PingFang SC", "Hiragino Sans GB", "WenQuanYi Micro Hei", "Microsoft Yahei", sans-serif; font-size: 16px; line-height: 1.8; margin-bottom: 0.7rem; max-width: 100%; overflow-wrap: break-word; padding: 0px; word-break: break-all;">
</div>
<div style="-webkit-font-smoothing: antialiased; color: #3d464d; font-family: -apple-system, "Helvetica Neue", Helvetica, Arial, "PingFang SC", "Hiragino Sans GB", "WenQuanYi Micro Hei", "Microsoft Yahei", sans-serif; font-size: 16px; line-height: 1.8; margin-bottom: 0.7rem; max-width: 100%; overflow-wrap: break-word; padding: 0px; word-break: break-all;">
<br /></div>
<div style="-webkit-font-smoothing: antialiased; color: #3d464d; font-family: -apple-system, "Helvetica Neue", Helvetica, Arial, "PingFang SC", "Hiragino Sans GB", "WenQuanYi Micro Hei", "Microsoft Yahei", sans-serif; font-size: 16px; line-height: 1.8; margin-bottom: 0.7rem; max-width: 100%; overflow-wrap: break-word; padding: 0px; word-break: break-all;">
<span style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; vertical-align: inherit; word-break: break-all;">802.1q報文頭:</span></div>
<table align="center" cellpadding="0" cellspacing="0" style="-webkit-font-smoothing: antialiased; border-collapse: collapse; border-spacing: 0px; color: #333333; display: block; font-family: -apple-system, "Helvetica Neue", Helvetica, Arial, "PingFang SC", "Hiragino Sans GB", "WenQuanYi Micro Hei", "Microsoft Yahei", sans-serif; font-size: 16px; margin: 0px 0px 15px; max-width: 100%; overflow: auto; padding: 0px; width: 764px; word-break: keep-all;"><tbody style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;">
<tr style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;"><td style="-webkit-font-smoothing: antialiased; border: 1px solid rgb(221, 221, 221); margin: 0px; max-width: 748px; padding: 5px; word-break: break-all;"><strong style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;">da</strong></td><td style="-webkit-font-smoothing: antialiased; border: 1px solid rgb(221, 221, 221); margin: 0px; max-width: 748px; padding: 5px; word-break: break-all;"><strong style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;">sa</strong></td><td style="-webkit-font-smoothing: antialiased; border: 1px solid rgb(221, 221, 221); margin: 0px; max-width: 748px; padding: 5px; word-break: break-all;"><strong style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;">tpid</strong><br style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;" /><strong style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;">2byte</strong></td><td style="-webkit-font-smoothing: antialiased; border: 1px solid rgb(221, 221, 221); margin: 0px; max-width: 748px; padding: 5px; word-break: break-all;"><strong style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;">tci</strong><br style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;" /><strong style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;">2byte</strong></td><td style="-webkit-font-smoothing: antialiased; border: 1px solid rgb(221, 221, 221); margin: 0px; max-width: 748px; padding: 5px; word-break: break-all;"><strong style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;">pt</strong></td><td style="-webkit-font-smoothing: antialiased; border: 1px solid rgb(221, 221, 221); margin: 0px; max-width: 748px; padding: 5px; word-break: break-all;"><strong style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;">data</strong></td><td style="-webkit-font-smoothing: antialiased; border: 1px solid rgb(221, 221, 221); margin: 0px; max-width: 748px; padding: 5px; word-break: break-all;"><strong style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;">fcs</strong></td></tr>
</tbody></table>
<div style="-webkit-font-smoothing: antialiased; color: #3d464d; font-family: -apple-system, "Helvetica Neue", Helvetica, Arial, "PingFang SC", "Hiragino Sans GB", "WenQuanYi Micro Hei", "Microsoft Yahei", sans-serif; font-size: 16px; line-height: 1.8; margin-bottom: 0.7rem; max-width: 100%; overflow-wrap: break-word; padding: 0px; word-break: break-all;">
</div>
<div style="-webkit-font-smoothing: antialiased; color: #3d464d; font-family: -apple-system, "Helvetica Neue", Helvetica, Arial, "PingFang SC", "Hiragino Sans GB", "WenQuanYi Micro Hei", "Microsoft Yahei", sans-serif; font-size: 16px; line-height: 1.8; margin-bottom: 0.7rem; max-width: 100%; overflow-wrap: break-word; padding: 0px; word-break: break-all;">
<br /></div>
<div style="-webkit-font-smoothing: antialiased; color: #3d464d; font-family: -apple-system, "Helvetica Neue", Helvetica, Arial, "PingFang SC", "Hiragino Sans GB", "WenQuanYi Micro Hei", "Microsoft Yahei", sans-serif; font-size: 16px; line-height: 1.8; margin-bottom: 0.7rem; max-width: 100%; overflow-wrap: break-word; padding: 0px; word-break: break-all;">
<span style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; vertical-align: inherit; word-break: break-all;">tci字段結構:</span></div>
<table cellpadding="0" cellspacing="0" style="-webkit-font-smoothing: antialiased; border-collapse: collapse; border-spacing: 0px; color: #333333; display: block; font-family: -apple-system, "Helvetica Neue", Helvetica, Arial, "PingFang SC", "Hiragino Sans GB", "WenQuanYi Micro Hei", "Microsoft Yahei", sans-serif; font-size: 16px; margin: 0px 0px 15px; max-width: 100%; overflow: auto; padding: 0px; width: 290px; word-break: keep-all;"><tbody style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;">
<tr style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;"><td colspan="3" style="-webkit-font-smoothing: antialiased; border: 1px solid rgb(221, 221, 221); margin: 0px; max-width: 748px; padding: 5px; word-break: break-all;"><strong style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;">tci</strong></td></tr>
<tr style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;"><td style="-webkit-font-smoothing: antialiased; border: 1px solid rgb(221, 221, 221); margin: 0px; max-width: 748px; padding: 5px; word-break: break-all;"><strong style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;">pri</strong><br style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;" /><strong style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;">3 bits</strong></td><td style="-webkit-font-smoothing: antialiased; border: 1px solid rgb(221, 221, 221); margin: 0px; max-width: 748px; padding: 5px; word-break: break-all;"><strong style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;">cfi</strong><br style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;" /><strong style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;">1 bit</strong></td><td style="-webkit-font-smoothing: antialiased; border: 1px solid rgb(221, 221, 221); margin: 0px; max-width: 748px; padding: 5px; word-break: break-all;"><strong style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;">vlan id</strong><br style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;" /><strong style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;">12 bits</strong></td></tr>
</tbody></table>
<div style="-webkit-font-smoothing: antialiased; color: #3d464d; font-family: -apple-system, "Helvetica Neue", Helvetica, Arial, "PingFang SC", "Hiragino Sans GB", "WenQuanYi Micro Hei", "Microsoft Yahei", sans-serif; font-size: 16px; line-height: 1.8; margin-bottom: 0.7rem; max-width: 100%; overflow-wrap: break-word; padding: 0px; word-break: break-all;">
<br style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;" /><span style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; vertical-align: inherit; word-break: break-all;">tpid字段標識此報文是802.1q報文,tci字段有3bit是用來標記優先級的,如果標記了優先級就稱為802.1p報文了。</span><br style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;" /><strong style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;">(2)、ip preference和tos:</strong><br style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;" /><span style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; vertical-align: inherit; word-break: break-all;">ip報文結構如下:</span></div>
<table cellpadding="0" cellspacing="0" style="-webkit-font-smoothing: antialiased; border-collapse: collapse; border-spacing: 0px; color: #333333; display: block; font-family: -apple-system, "Helvetica Neue", Helvetica, Arial, "PingFang SC", "Hiragino Sans GB", "WenQuanYi Micro Hei", "Microsoft Yahei", sans-serif; font-size: 16px; margin: 0px 0px 15px; max-width: 100%; overflow: auto; padding: 0px; width: 764px; word-break: keep-all;"><tbody style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;">
<tr style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;"><td style="-webkit-font-smoothing: antialiased; border: 1px solid rgb(221, 221, 221); margin: 0px; max-width: 748px; padding: 5px; word-break: break-all;"><strong style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;">version</strong></td><td style="-webkit-font-smoothing: antialiased; border: 1px solid rgb(221, 221, 221); margin: 0px; max-width: 748px; padding: 5px; word-break: break-all;"><strong style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;">ihl</strong></td><td style="-webkit-font-smoothing: antialiased; border: 1px solid rgb(221, 221, 221); margin: 0px; max-width: 748px; padding: 5px; word-break: break-all;"><strong style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;">type of service</strong></td><td colspan="3" style="-webkit-font-smoothing: antialiased; border: 1px solid rgb(221, 221, 221); margin: 0px; max-width: 748px; padding: 5px; word-break: break-all;"><strong style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;">packet length</strong></td></tr>
<tr style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;"><td colspan="3" style="-webkit-font-smoothing: antialiased; border: 1px solid rgb(221, 221, 221); margin: 0px; max-width: 748px; padding: 5px; word-break: break-all;"><strong style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;">identification</strong></td><td style="-webkit-font-smoothing: antialiased; border: 1px solid rgb(221, 221, 221); margin: 0px; max-width: 748px; padding: 5px; word-break: break-all;"><strong style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;">flag</strong></td><td colspan="2" style="-webkit-font-smoothing: antialiased; border: 1px solid rgb(221, 221, 221); margin: 0px; max-width: 748px; padding: 5px; word-break: break-all;"><strong style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;">frag offset</strong></td></tr>
<tr style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;"><td colspan="2" style="-webkit-font-smoothing: antialiased; border: 1px solid rgb(221, 221, 221); margin: 0px; max-width: 748px; padding: 5px; word-break: break-all;"><strong style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;">time to live</strong></td><td style="-webkit-font-smoothing: antialiased; border: 1px solid rgb(221, 221, 221); margin: 0px; max-width: 748px; padding: 5px; word-break: break-all;"><strong style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;">protocol</strong></td><td colspan="3" style="-webkit-font-smoothing: antialiased; border: 1px solid rgb(221, 221, 221); margin: 0px; max-width: 748px; padding: 5px; word-break: break-all;"><strong style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;">header checksum</strong></td></tr>
<tr style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;"><td colspan="6" style="-webkit-font-smoothing: antialiased; border: 1px solid rgb(221, 221, 221); margin: 0px; max-width: 748px; padding: 5px; word-break: break-all;"><strong style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;">source address</strong></td></tr>
<tr style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;"><td colspan="6" style="-webkit-font-smoothing: antialiased; border: 1px solid rgb(221, 221, 221); margin: 0px; max-width: 748px; padding: 5px; word-break: break-all;"><strong style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;">destination address</strong></td></tr>
<tr style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;"><td colspan="5" style="-webkit-font-smoothing: antialiased; border: 1px solid rgb(221, 221, 221); margin: 0px; max-width: 748px; padding: 5px; word-break: break-all;"><strong style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;">options</strong></td><td style="-webkit-font-smoothing: antialiased; border: 1px solid rgb(221, 221, 221); margin: 0px; max-width: 748px; padding: 5px; word-break: break-all;"><strong style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;">padding</strong></td></tr>
<tr style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;"><td style="-webkit-font-smoothing: antialiased; border: 1px solid rgb(221, 221, 221); margin: 0px; max-width: 748px; padding: 5px; word-break: break-all;"><br style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;" /></td><td style="-webkit-font-smoothing: antialiased; border: 1px solid rgb(221, 221, 221); margin: 0px; max-width: 748px; padding: 5px; word-break: break-all;"><br style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;" /></td><td style="-webkit-font-smoothing: antialiased; border: 1px solid rgb(221, 221, 221); margin: 0px; max-width: 748px; padding: 5px; word-break: break-all;"><br style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;" /></td><td style="-webkit-font-smoothing: antialiased; border: 1px solid rgb(221, 221, 221); margin: 0px; max-width: 748px; padding: 5px; word-break: break-all;"><br style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;" /></td><td style="-webkit-font-smoothing: antialiased; border: 1px solid rgb(221, 221, 221); margin: 0px; max-width: 748px; padding: 5px; word-break: break-all;"><br style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;" /></td><td style="-webkit-font-smoothing: antialiased; border: 1px solid rgb(221, 221, 221); margin: 0px; max-width: 748px; padding: 5px; word-break: break-all;"><br style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;" /></td></tr>
</tbody></table>
<div style="-webkit-font-smoothing: antialiased; color: #3d464d; font-family: -apple-system, "Helvetica Neue", Helvetica, Arial, "PingFang SC", "Hiragino Sans GB", "WenQuanYi Micro Hei", "Microsoft Yahei", sans-serif; font-size: 16px; line-height: 1.8; margin-bottom: 0.7rem; max-width: 100%; overflow-wrap: break-word; padding: 0px; word-break: break-all;">
<span style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; vertical-align: inherit; word-break: break-all;">ip報文頭的type of sevice字段長度為1個字節,其中高3 bit用來標記優先級,所以有0-7共8個ip preference級別。</span><br style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;" /><span style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; vertical-align: inherit; word-break: break-all;"><span style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; vertical-align: inherit; word-break: break-all;">type of service字段的中間4bit為tos子字段,最低1bit未用但必須置0。4bit的tos分別代表:最小時延、最大吞吐量、最小費用和最高可靠性。</span><span style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; vertical-align: inherit; word-break: break-all;">4bit中只能將其中1bit置1。</span><span style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; vertical-align: inherit; word-break: break-all;">如果所有4bit均為0,那麼就表示是普通服務。</span><span style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; vertical-align: inherit; word-break: break-all;">type of service字段結構如下:</span></span></div>
<table align="center" cellpadding="0" cellspacing="0" style="-webkit-font-smoothing: antialiased; border-collapse: collapse; border-spacing: 0px; color: #333333; display: block; font-family: -apple-system, "Helvetica Neue", Helvetica, Arial, "PingFang SC", "Hiragino Sans GB", "WenQuanYi Micro Hei", "Microsoft Yahei", sans-serif; font-size: 16px; margin: 0px 0px 15px; max-width: 100%; overflow: auto; padding: 0px; width: 764px; word-break: keep-all;"><tbody style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;">
<tr style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;"><td colspan="8" style="-webkit-font-smoothing: antialiased; border: 1px solid rgb(221, 221, 221); margin: 0px; max-width: 748px; padding: 5px; word-break: break-all;"><strong style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;">type of service</strong></td></tr>
<tr style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;"><td style="-webkit-font-smoothing: antialiased; border: 1px solid rgb(221, 221, 221); margin: 0px; max-width: 748px; padding: 5px; word-break: break-all;"><strong style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;">x</strong></td><td style="-webkit-font-smoothing: antialiased; border: 1px solid rgb(221, 221, 221); margin: 0px; max-width: 748px; padding: 5px; word-break: break-all;"><strong style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;">x</strong></td><td style="-webkit-font-smoothing: antialiased; border: 1px solid rgb(221, 221, 221); margin: 0px; max-width: 748px; padding: 5px; word-break: break-all;"><strong style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;">x</strong></td><td style="-webkit-font-smoothing: antialiased; border: 1px solid rgb(221, 221, 221); margin: 0px; max-width: 748px; padding: 5px; word-break: break-all;"><strong style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;">delay</strong></td><td style="-webkit-font-smoothing: antialiased; border: 1px solid rgb(221, 221, 221); margin: 0px; max-width: 748px; padding: 5px; word-break: break-all;"><strong style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;">troughput</strong></td><td style="-webkit-font-smoothing: antialiased; border: 1px solid rgb(221, 221, 221); margin: 0px; max-width: 748px; padding: 5px; word-break: break-all;"><strong style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;">cost</strong></td><td style="-webkit-font-smoothing: antialiased; border: 1px solid rgb(221, 221, 221); margin: 0px; max-width: 748px; padding: 5px; word-break: break-all;"><strong style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;">rely</strong></td><td style="-webkit-font-smoothing: antialiased; border: 1px solid rgb(221, 221, 221); margin: 0px; max-width: 748px; padding: 5px; word-break: break-all;"><strong style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;">0</strong></td></tr>
<tr style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;"><td colspan="3" style="-webkit-font-smoothing: antialiased; border: 1px solid rgb(221, 221, 221); margin: 0px; max-width: 748px; padding: 5px; word-break: break-all;"><strong style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;">ip preference</strong></td><td colspan="4" style="-webkit-font-smoothing: antialiased; border: 1px solid rgb(221, 221, 221); margin: 0px; max-width: 748px; padding: 5px; word-break: break-all;"><strong style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;">tos</strong></td><td style="-webkit-font-smoothing: antialiased; border: 1px solid rgb(221, 221, 221); margin: 0px; max-width: 748px; padding: 5px; word-break: break-all;"><strong style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;">長置0</strong></td></tr>
</tbody></table>
<div style="-webkit-font-smoothing: antialiased; color: #3d464d; font-family: -apple-system, "Helvetica Neue", Helvetica, Arial, "PingFang SC", "Hiragino Sans GB", "WenQuanYi Micro Hei", "Microsoft Yahei", sans-serif; font-size: 16px; line-height: 1.8; margin-bottom: 0.7rem; max-width: 100%; overflow-wrap: break-word; padding: 0px; word-break: break-all;">
</div>
<div style="-webkit-font-smoothing: antialiased; color: #3d464d; font-family: -apple-system, "Helvetica Neue", Helvetica, Arial, "PingFang SC", "Hiragino Sans GB", "WenQuanYi Micro Hei", "Microsoft Yahei", sans-serif; font-size: 16px; line-height: 1.8; margin-bottom: 0.7rem; max-width: 100%; overflow-wrap: break-word; padding: 0px; word-break: break-all;">
<br /></div>
<div style="-webkit-font-smoothing: antialiased; color: #3d464d; font-family: -apple-system, "Helvetica Neue", Helvetica, Arial, "PingFang SC", "Hiragino Sans GB", "WenQuanYi Micro Hei", "Microsoft Yahei", sans-serif; font-size: 16px; line-height: 1.8; margin-bottom: 0.7rem; max-width: 100%; overflow-wrap: break-word; padding: 0px; word-break: break-all;">
<strong style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;">(3)、dscp:</strong><br style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;" /><span style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; vertical-align: inherit; word-break: break-all;"><span style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; vertical-align: inherit; word-break: break-all;">為了更精細化的控制數據流分類,rfc2474定義了dscp(differential services code point),dscp擴展了type of service字段的高6 bit來表示報文優先級,因此,標記範圍從0-63。</span><span style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; vertical-align: inherit; word-break: break-all;">type of service字段結構如下:</span></span></div>
<table align="center" cellpadding="0" cellspacing="0" style="-webkit-font-smoothing: antialiased; border-collapse: collapse; border-spacing: 0px; color: #333333; display: block; font-family: -apple-system, "Helvetica Neue", Helvetica, Arial, "PingFang SC", "Hiragino Sans GB", "WenQuanYi Micro Hei", "Microsoft Yahei", sans-serif; font-size: 16px; margin: 0px 0px 15px; max-width: 100%; overflow: auto; padding: 0px; width: 764px; word-break: keep-all;"><tbody style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;">
<tr style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;"><td colspan="8" style="-webkit-font-smoothing: antialiased; border: 1px solid rgb(221, 221, 221); margin: 0px; max-width: 748px; padding: 5px; word-break: break-all;"><strong style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;">type of service</strong></td></tr>
<tr style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;"><td style="-webkit-font-smoothing: antialiased; border: 1px solid rgb(221, 221, 221); margin: 0px; max-width: 748px; padding: 5px; word-break: break-all;"><strong style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;">x</strong></td><td style="-webkit-font-smoothing: antialiased; border: 1px solid rgb(221, 221, 221); margin: 0px; max-width: 748px; padding: 5px; word-break: break-all;"><strong style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;">x</strong></td><td style="-webkit-font-smoothing: antialiased; border: 1px solid rgb(221, 221, 221); margin: 0px; max-width: 748px; padding: 5px; word-break: break-all;"><strong style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;">x</strong></td><td style="-webkit-font-smoothing: antialiased; border: 1px solid rgb(221, 221, 221); margin: 0px; max-width: 748px; padding: 5px; word-break: break-all;"><strong style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;">x</strong></td><td style="-webkit-font-smoothing: antialiased; border: 1px solid rgb(221, 221, 221); margin: 0px; max-width: 748px; padding: 5px; word-break: break-all;"><strong style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;">x</strong></td><td style="-webkit-font-smoothing: antialiased; border: 1px solid rgb(221, 221, 221); margin: 0px; max-width: 748px; padding: 5px; word-break: break-all;"><strong style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;">x</strong></td><td style="-webkit-font-smoothing: antialiased; border: 1px solid rgb(221, 221, 221); margin: 0px; max-width: 748px; padding: 5px; word-break: break-all;"><strong style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;">0</strong></td><td style="-webkit-font-smoothing: antialiased; border: 1px solid rgb(221, 221, 221); margin: 0px; max-width: 748px; padding: 5px; word-break: break-all;"><strong style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;">0</strong></td></tr>
<tr style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;"><td colspan="6" style="-webkit-font-smoothing: antialiased; border: 1px solid rgb(221, 221, 221); margin: 0px; max-width: 748px; padding: 5px; word-break: break-all;"><strong style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;">ip preference</strong></td><td colspan="2" style="-webkit-font-smoothing: antialiased; border: 1px solid rgb(221, 221, 221); margin: 0px; max-width: 748px; padding: 5px; word-break: break-all;"><strong style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;">長置0</strong></td></tr>
</tbody></table>
<div style="-webkit-font-smoothing: antialiased; color: #3d464d; font-family: -apple-system, "Helvetica Neue", Helvetica, Arial, "PingFang SC", "Hiragino Sans GB", "WenQuanYi Micro Hei", "Microsoft Yahei", sans-serif; font-size: 16px; line-height: 1.8; margin-bottom: 0.7rem; max-width: 100%; overflow-wrap: break-word; padding: 0px; word-break: break-all;">
</div>
<div style="-webkit-font-smoothing: antialiased; color: #3d464d; font-family: -apple-system, "Helvetica Neue", Helvetica, Arial, "PingFang SC", "Hiragino Sans GB", "WenQuanYi Micro Hei", "Microsoft Yahei", sans-serif; font-size: 16px; line-height: 1.8; margin-bottom: 0.7rem; max-width: 100%; overflow-wrap: break-word; padding: 0px; word-break: break-all;">
<br /></div>
<div style="-webkit-font-smoothing: antialiased; color: #3d464d; font-family: -apple-system, "Helvetica Neue", Helvetica, Arial, "PingFang SC", "Hiragino Sans GB", "WenQuanYi Micro Hei", "Microsoft Yahei", sans-serif; font-size: 16px; line-height: 1.8; margin-bottom: 0.7rem; max-width: 100%; overflow-wrap: break-word; padding: 0px; word-break: break-all;">
<span style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; vertical-align: inherit; word-break: break-all;">dscp定義了四個系列,default、cs系列、af系列、ef系列。</span><br style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;" /><strong style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;">①、default</strong><span style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; vertical-align: inherit; word-break: break-all;"> :</span><br style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;" /><span style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; vertical-align: inherit; word-break: break-all;">就是默認的不做優先級,即ip preference字段都是0。</span></div>
<table align="center" cellpadding="0" cellspacing="0" style="-webkit-font-smoothing: antialiased; border-collapse: collapse; border-spacing: 0px; color: #333333; display: block; font-family: -apple-system, "Helvetica Neue", Helvetica, Arial, "PingFang SC", "Hiragino Sans GB", "WenQuanYi Micro Hei", "Microsoft Yahei", sans-serif; font-size: 16px; margin: 0px 0px 15px; max-width: 100%; overflow: auto; padding: 0px; width: 764px; word-break: keep-all;"><tbody style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;">
<tr style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;"><td colspan="8" style="-webkit-font-smoothing: antialiased; border: 1px solid rgb(221, 221, 221); margin: 0px; max-width: 748px; padding: 5px; word-break: break-all;"><strong style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;">type of service</strong></td></tr>
<tr style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;"><td style="-webkit-font-smoothing: antialiased; border: 1px solid rgb(221, 221, 221); margin: 0px; max-width: 748px; padding: 5px; word-break: break-all;"><strong style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;">0</strong></td><td style="-webkit-font-smoothing: antialiased; border: 1px solid rgb(221, 221, 221); margin: 0px; max-width: 748px; padding: 5px; word-break: break-all;"><strong style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;">0</strong></td><td style="-webkit-font-smoothing: antialiased; border: 1px solid rgb(221, 221, 221); margin: 0px; max-width: 748px; padding: 5px; word-break: break-all;"><strong style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;">0</strong></td><td style="-webkit-font-smoothing: antialiased; border: 1px solid rgb(221, 221, 221); margin: 0px; max-width: 748px; padding: 5px; word-break: break-all;"><strong style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;">0</strong></td><td style="-webkit-font-smoothing: antialiased; border: 1px solid rgb(221, 221, 221); margin: 0px; max-width: 748px; padding: 5px; word-break: break-all;"><strong style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;">0</strong></td><td style="-webkit-font-smoothing: antialiased; border: 1px solid rgb(221, 221, 221); margin: 0px; max-width: 748px; padding: 5px; word-break: break-all;"><strong style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;">0</strong></td><td style="-webkit-font-smoothing: antialiased; border: 1px solid rgb(221, 221, 221); margin: 0px; max-width: 748px; padding: 5px; word-break: break-all;"><strong style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;">0</strong></td><td style="-webkit-font-smoothing: antialiased; border: 1px solid rgb(221, 221, 221); margin: 0px; max-width: 748px; padding: 5px; word-break: break-all;"><strong style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;">0</strong></td></tr>
<tr style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;"><td colspan="6" style="-webkit-font-smoothing: antialiased; border: 1px solid rgb(221, 221, 221); margin: 0px; max-width: 748px; padding: 5px; word-break: break-all;"><strong style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;">ip preference</strong></td><td colspan="2" style="-webkit-font-smoothing: antialiased; border: 1px solid rgb(221, 221, 221); margin: 0px; max-width: 748px; padding: 5px; word-break: break-all;"><strong style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;">長置0</strong></td></tr>
</tbody></table>
<div style="-webkit-font-smoothing: antialiased; color: #3d464d; font-family: -apple-system, "Helvetica Neue", Helvetica, Arial, "PingFang SC", "Hiragino Sans GB", "WenQuanYi Micro Hei", "Microsoft Yahei", sans-serif; font-size: 16px; line-height: 1.8; margin-bottom: 0.7rem; max-width: 100%; overflow-wrap: break-word; padding: 0px; word-break: break-all;">
</div>
<div style="-webkit-font-smoothing: antialiased; color: #3d464d; font-family: -apple-system, "Helvetica Neue", Helvetica, Arial, "PingFang SC", "Hiragino Sans GB", "WenQuanYi Micro Hei", "Microsoft Yahei", sans-serif; font-size: 16px; line-height: 1.8; margin-bottom: 0.7rem; max-width: 100%; overflow-wrap: break-word; padding: 0px; word-break: break-all;">
<br /></div>
<div style="-webkit-font-smoothing: antialiased; color: #3d464d; font-family: -apple-system, "Helvetica Neue", Helvetica, Arial, "PingFang SC", "Hiragino Sans GB", "WenQuanYi Micro Hei", "Microsoft Yahei", sans-serif; font-size: 16px; line-height: 1.8; margin-bottom: 0.7rem; max-width: 100%; overflow-wrap: break-word; padding: 0px; word-break: break-all;">
<strong style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;">②、cs系列:</strong><br style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;" /><span style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; vertical-align: inherit; word-break: break-all;"><span style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; vertical-align: inherit; word-break: break-all;">rfc2474定義最高3比特為級別/類別選擇代碼(class selector codepoints,cs),其意義和ipv4報頭中ip優先級的定義是相同的,cs0 ~ cs7的級別相當於ip優先級0 ~ 7。</span><span style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; vertical-align: inherit; word-break: break-all;">但它並沒有定義第3到第5比特的具體含義以及使用規則。</span><span style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; vertical-align: inherit; word-break: break-all;">dscp使用6比特,可以定義64個優先級(0-63)。</span><span style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; vertical-align: inherit; word-break: break-all;">cs系列ip報文中type of service字段結構如下:</span></span><br style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;" /> </div>
<table align="center" cellpadding="0" cellspacing="0" style="-webkit-font-smoothing: antialiased; border-collapse: collapse; border-spacing: 0px; color: #333333; display: block; font-family: -apple-system, "Helvetica Neue", Helvetica, Arial, "PingFang SC", "Hiragino Sans GB", "WenQuanYi Micro Hei", "Microsoft Yahei", sans-serif; font-size: 16px; margin: 0px 0px 15px; max-width: 100%; overflow: auto; padding: 0px; width: 764px; word-break: keep-all;"><tbody style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;">
<tr style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;"><td colspan="8" style="-webkit-font-smoothing: antialiased; border: 1px solid rgb(221, 221, 221); margin: 0px; max-width: 748px; padding: 5px; word-break: break-all;"><strong style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;">type of service</strong></td></tr>
<tr style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;"><td style="-webkit-font-smoothing: antialiased; border: 1px solid rgb(221, 221, 221); margin: 0px; max-width: 748px; padding: 5px; word-break: break-all;"><strong style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;">0</strong></td><td style="-webkit-font-smoothing: antialiased; border: 1px solid rgb(221, 221, 221); margin: 0px; max-width: 748px; padding: 5px; word-break: break-all;"><strong style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;">0</strong></td><td style="-webkit-font-smoothing: antialiased; border: 1px solid rgb(221, 221, 221); margin: 0px; max-width: 748px; padding: 5px; word-break: break-all;"><strong style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;">1</strong></td><td style="-webkit-font-smoothing: antialiased; border: 1px solid rgb(221, 221, 221); margin: 0px; max-width: 748px; padding: 5px; word-break: break-all;"><strong style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;">0</strong></td><td style="-webkit-font-smoothing: antialiased; border: 1px solid rgb(221, 221, 221); margin: 0px; max-width: 748px; padding: 5px; word-break: break-all;"><strong style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;">0</strong></td><td style="-webkit-font-smoothing: antialiased; border: 1px solid rgb(221, 221, 221); margin: 0px; max-width: 748px; padding: 5px; word-break: break-all;"><strong style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;">0</strong></td><td style="-webkit-font-smoothing: antialiased; border: 1px solid rgb(221, 221, 221); margin: 0px; max-width: 748px; padding: 5px; word-break: break-all;"><strong style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;">0</strong></td><td style="-webkit-font-smoothing: antialiased; border: 1px solid rgb(221, 221, 221); margin: 0px; max-width: 748px; padding: 5px; word-break: break-all;"><strong style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;">0</strong></td></tr>
<tr style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;"><td colspan="6" style="-webkit-font-smoothing: antialiased; border: 1px solid rgb(221, 221, 221); margin: 0px; max-width: 748px; padding: 5px; word-break: break-all;"><strong style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;">ip preference</strong></td><td colspan="2" style="-webkit-font-smoothing: antialiased; border: 1px solid rgb(221, 221, 221); margin: 0px; max-width: 748px; padding: 5px; word-break: break-all;"><strong style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;">長置0</strong></td></tr>
</tbody></table>
<div style="-webkit-font-smoothing: antialiased; color: #3d464d; font-family: -apple-system, "Helvetica Neue", Helvetica, Arial, "PingFang SC", "Hiragino Sans GB", "WenQuanYi Micro Hei", "Microsoft Yahei", sans-serif; font-size: 16px; line-height: 1.8; margin-bottom: 0.7rem; max-width: 100%; overflow-wrap: break-word; padding: 0px; word-break: break-all;">
</div>
<div style="-webkit-font-smoothing: antialiased; color: #3d464d; font-family: -apple-system, "Helvetica Neue", Helvetica, Arial, "PingFang SC", "Hiragino Sans GB", "WenQuanYi Micro Hei", "Microsoft Yahei", sans-serif; font-size: 16px; line-height: 1.8; margin-bottom: 0.7rem; max-width: 100%; overflow-wrap: break-word; padding: 0px; word-break: break-all;">
<br /></div>
<div style="-webkit-font-smoothing: antialiased; color: #3d464d; font-family: -apple-system, "Helvetica Neue", Helvetica, Arial, "PingFang SC", "Hiragino Sans GB", "WenQuanYi Micro Hei", "Microsoft Yahei", sans-serif; font-size: 16px; line-height: 1.8; margin-bottom: 0.7rem; max-width: 100%; overflow-wrap: break-word; padding: 0px; word-break: break-all;">
<strong style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;">.</strong><br style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;" /><strong style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;">.</strong><br style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;" /><strong style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;">.</strong></div>
<table align="center" cellpadding="0" cellspacing="0" style="-webkit-font-smoothing: antialiased; border-collapse: collapse; border-spacing: 0px; color: #333333; display: block; font-family: -apple-system, "Helvetica Neue", Helvetica, Arial, "PingFang SC", "Hiragino Sans GB", "WenQuanYi Micro Hei", "Microsoft Yahei", sans-serif; font-size: 16px; margin: 0px 0px 15px; max-width: 100%; overflow: auto; padding: 0px; width: 764px; word-break: keep-all;"><tbody style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;">
<tr style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;"><td colspan="8" style="-webkit-font-smoothing: antialiased; border: 1px solid rgb(221, 221, 221); margin: 0px; max-width: 748px; padding: 5px; word-break: break-all;"><strong style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;">type of service</strong></td></tr>
<tr style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;"><td style="-webkit-font-smoothing: antialiased; border: 1px solid rgb(221, 221, 221); margin: 0px; max-width: 748px; padding: 5px; word-break: break-all;"><strong style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;">1</strong></td><td style="-webkit-font-smoothing: antialiased; border: 1px solid rgb(221, 221, 221); margin: 0px; max-width: 748px; padding: 5px; word-break: break-all;"><strong style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;">1</strong></td><td style="-webkit-font-smoothing: antialiased; border: 1px solid rgb(221, 221, 221); margin: 0px; max-width: 748px; padding: 5px; word-break: break-all;"><strong style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;">1</strong></td><td style="-webkit-font-smoothing: antialiased; border: 1px solid rgb(221, 221, 221); margin: 0px; max-width: 748px; padding: 5px; word-break: break-all;"><strong style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;">0</strong></td><td style="-webkit-font-smoothing: antialiased; border: 1px solid rgb(221, 221, 221); margin: 0px; max-width: 748px; padding: 5px; word-break: break-all;"><strong style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;">0</strong></td><td style="-webkit-font-smoothing: antialiased; border: 1px solid rgb(221, 221, 221); margin: 0px; max-width: 748px; padding: 5px; word-break: break-all;"><strong style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;">0</strong></td><td style="-webkit-font-smoothing: antialiased; border: 1px solid rgb(221, 221, 221); margin: 0px; max-width: 748px; padding: 5px; word-break: break-all;"><strong style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;">0</strong></td><td style="-webkit-font-smoothing: antialiased; border: 1px solid rgb(221, 221, 221); margin: 0px; max-width: 748px; padding: 5px; word-break: break-all;"><strong style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;">0</strong></td></tr>
<tr style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;"><td colspan="6" style="-webkit-font-smoothing: antialiased; border: 1px solid rgb(221, 221, 221); margin: 0px; max-width: 748px; padding: 5px; word-break: break-all;"><strong style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;">ip preference</strong></td><td colspan="2" style="-webkit-font-smoothing: antialiased; border: 1px solid rgb(221, 221, 221); margin: 0px; max-width: 748px; padding: 5px; word-break: break-all;"><strong style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;">長置0</strong></td></tr>
</tbody></table>
<div style="-webkit-font-smoothing: antialiased; color: #3d464d; font-family: -apple-system, "Helvetica Neue", Helvetica, Arial, "PingFang SC", "Hiragino Sans GB", "WenQuanYi Micro Hei", "Microsoft Yahei", sans-serif; font-size: 16px; line-height: 1.8; margin-bottom: 0.7rem; max-width: 100%; overflow-wrap: break-word; padding: 0px; word-break: break-all;">
</div>
<div style="-webkit-font-smoothing: antialiased; color: #3d464d; font-family: -apple-system, "Helvetica Neue", Helvetica, Arial, "PingFang SC", "Hiragino Sans GB", "WenQuanYi Micro Hei", "Microsoft Yahei", sans-serif; font-size: 16px; line-height: 1.8; margin-bottom: 0.7rem; max-width: 100%; overflow-wrap: break-word; padding: 0px; word-break: break-all;">
<br /></div>
<div style="-webkit-font-smoothing: antialiased; color: #3d464d; font-family: -apple-system, "Helvetica Neue", Helvetica, Arial, "PingFang SC", "Hiragino Sans GB", "WenQuanYi Micro Hei", "Microsoft Yahei", sans-serif; font-size: 16px; line-height: 1.8; margin-bottom: 0.7rem; max-width: 100%; overflow-wrap: break-word; padding: 0px; word-break: break-all;">
<span style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; vertical-align: inherit; word-break: break-all;">cs = 6網間控制(internetwork control),</span><strong style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;">dscp</strong><span style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; vertical-align: inherit; word-break: break-all;"> = 48 (110000).路由協議優先級默認是cs6。</span><br style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;" /><span style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; vertical-align: inherit; word-break: break-all;">cs = 7網內控制(intranetwork control),</span><strong style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;">dscp</strong><span style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; vertical-align: inherit; word-break: break-all;"> = 56 (111000)</span><br style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;" /><strong style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;">③、af</strong><span style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; vertical-align: inherit; word-break: break-all;"> :</span><br style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;" /><span style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; vertical-align: inherit; word-break: break-all;"><span style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; vertical-align: inherit; word-break: break-all;">保證轉發(assured forwarding, af)由rfc2597對cs1~cs4進行進一步定義。</span><span style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; vertical-align: inherit; word-break: break-all;">它使用第3和第4比特做丟棄優先級標誌。</span><span style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; vertical-align: inherit; word-break: break-all;">01-低丟棄優先級;10-中丟棄優先級;11-高丟棄優先級。</span><span style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; vertical-align: inherit; word-break: break-all;">這樣,在同一類數據中,又根據被丟棄的可能性劃分出3個級別。</span><span style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; vertical-align: inherit; word-break: break-all;">af11~af13,af21~af23,af31~af33,af41~af43.下表列出了af服務等級及其對應的dscp值:</span></span></div>
<table align="center" cellpadding="0" cellspacing="0" style="-webkit-font-smoothing: antialiased; border-collapse: collapse; border-spacing: 0px; color: #333333; display: block; font-family: -apple-system, "Helvetica Neue", Helvetica, Arial, "PingFang SC", "Hiragino Sans GB", "WenQuanYi Micro Hei", "Microsoft Yahei", sans-serif; font-size: 16px; margin: 0px 0px 15px; max-width: 100%; overflow: auto; padding: 0px; width: 764px; word-break: keep-all;"><tbody style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;">
<tr style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;"><td style="-webkit-font-smoothing: antialiased; border: 1px solid rgb(221, 221, 221); margin: 0px; max-width: 748px; padding: 5px; word-break: break-all;"><br style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;" /></td><td style="-webkit-font-smoothing: antialiased; border: 1px solid rgb(221, 221, 221); margin: 0px; max-width: 748px; padding: 5px; word-break: break-all;"><span style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; vertical-align: inherit; word-break: break-all;"><span style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; vertical-align: inherit; word-break: break-all;">cs1</span></span><br style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;" /><span style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; vertical-align: inherit; word-break: break-all;"><span style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; vertical-align: inherit; word-break: break-all;">00100</span></span></td><td style="-webkit-font-smoothing: antialiased; border: 1px solid rgb(221, 221, 221); margin: 0px; max-width: 748px; padding: 5px; word-break: break-all;"><span style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; vertical-align: inherit; word-break: break-all;"><span style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; vertical-align: inherit; word-break: break-all;">cs2</span></span><br style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;" /><span style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; vertical-align: inherit; word-break: break-all;"><span style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; vertical-align: inherit; word-break: break-all;">01000</span></span></td><td style="-webkit-font-smoothing: antialiased; border: 1px solid rgb(221, 221, 221); margin: 0px; max-width: 748px; padding: 5px; word-break: break-all;"><span style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; vertical-align: inherit; word-break: break-all;"><span style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; vertical-align: inherit; word-break: break-all;">cs3</span></span><br style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;" /><span style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; vertical-align: inherit; word-break: break-all;"><span style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; vertical-align: inherit; word-break: break-all;">01100</span></span></td><td style="-webkit-font-smoothing: antialiased; border: 1px solid rgb(221, 221, 221); margin: 0px; max-width: 748px; padding: 5px; word-break: break-all;"><span style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; vertical-align: inherit; word-break: break-all;"><span style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; vertical-align: inherit; word-break: break-all;">cs4</span></span><br style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;" /><span style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; vertical-align: inherit; word-break: break-all;"><span style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; vertical-align: inherit; word-break: break-all;">10000</span></span></td></tr>
<tr style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;"><td style="-webkit-font-smoothing: antialiased; border: 1px solid rgb(221, 221, 221); margin: 0px; max-width: 748px; padding: 5px; word-break: break-all;"><span style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; vertical-align: inherit; word-break: break-all;"><span style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; vertical-align: inherit; word-break: break-all;">low drop</span></span><br style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;" /><span style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; vertical-align: inherit; word-break: break-all;"><span style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; vertical-align: inherit; word-break: break-all;">01</span></span></td><td style="-webkit-font-smoothing: antialiased; border: 1px solid rgb(221, 221, 221); margin: 0px; max-width: 748px; padding: 5px; word-break: break-all;"><span style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; vertical-align: inherit; word-break: break-all;"><span style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; vertical-align: inherit; word-break: break-all;">af11</span></span><br style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;" /><span style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; vertical-align: inherit; word-break: break-all;"><span style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; vertical-align: inherit; word-break: break-all;">00101</span></span></td><td style="-webkit-font-smoothing: antialiased; border: 1px solid rgb(221, 221, 221); margin: 0px; max-width: 748px; padding: 5px; word-break: break-all;"><span style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; vertical-align: inherit; word-break: break-all;"><span style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; vertical-align: inherit; word-break: break-all;">af21</span></span><br style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;" /><span style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; vertical-align: inherit; word-break: break-all;"><span style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; vertical-align: inherit; word-break: break-all;">01001</span></span></td><td style="-webkit-font-smoothing: antialiased; border: 1px solid rgb(221, 221, 221); margin: 0px; max-width: 748px; padding: 5px; word-break: break-all;"><span style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; vertical-align: inherit; word-break: break-all;"><span style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; vertical-align: inherit; word-break: break-all;">af31</span></span><br style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;" /><span style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; vertical-align: inherit; word-break: break-all;"><span style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; vertical-align: inherit; word-break: break-all;">01101</span></span></td><td style="-webkit-font-smoothing: antialiased; border: 1px solid rgb(221, 221, 221); margin: 0px; max-width: 748px; padding: 5px; word-break: break-all;"><span style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; vertical-align: inherit; word-break: break-all;"><span style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; vertical-align: inherit; word-break: break-all;">af41</span></span><br style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;" /><span style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; vertical-align: inherit; word-break: break-all;"><span style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; vertical-align: inherit; word-break: break-all;">10001</span></span></td></tr>
<tr style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;"><td style="-webkit-font-smoothing: antialiased; border: 1px solid rgb(221, 221, 221); margin: 0px; max-width: 748px; padding: 5px; word-break: break-all;"><span style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; vertical-align: inherit; word-break: break-all;"><span style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; vertical-align: inherit; word-break: break-all;">medium drop</span></span><br style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;" /><span style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; vertical-align: inherit; word-break: break-all;"><span style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; vertical-align: inherit; word-break: break-all;">10</span></span></td><td style="-webkit-font-smoothing: antialiased; border: 1px solid rgb(221, 221, 221); margin: 0px; max-width: 748px; padding: 5px; word-break: break-all;"><span style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; vertical-align: inherit; word-break: break-all;"><span style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; vertical-align: inherit; word-break: break-all;">af12</span></span><br style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;" /><span style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; vertical-align: inherit; word-break: break-all;"><span style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; vertical-align: inherit; word-break: break-all;">00110</span></span></td><td style="-webkit-font-smoothing: antialiased; border: 1px solid rgb(221, 221, 221); margin: 0px; max-width: 748px; padding: 5px; word-break: break-all;"><span style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; vertical-align: inherit; word-break: break-all;"><span style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; vertical-align: inherit; word-break: break-all;">af22</span></span><br style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;" /><span style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; vertical-align: inherit; word-break: break-all;"><span style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; vertical-align: inherit; word-break: break-all;">01010</span></span></td><td style="-webkit-font-smoothing: antialiased; border: 1px solid rgb(221, 221, 221); margin: 0px; max-width: 748px; padding: 5px; word-break: break-all;"><span style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; vertical-align: inherit; word-break: break-all;"><span style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; vertical-align: inherit; word-break: break-all;">af32</span></span><br style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;" /><span style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; vertical-align: inherit; word-break: break-all;"><span style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; vertical-align: inherit; word-break: break-all;">01110</span></span></td><td style="-webkit-font-smoothing: antialiased; border: 1px solid rgb(221, 221, 221); margin: 0px; max-width: 748px; padding: 5px; word-break: break-all;"><span style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; vertical-align: inherit; word-break: break-all;"><span style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; vertical-align: inherit; word-break: break-all;">af42</span></span><br style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;" /><span style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; vertical-align: inherit; word-break: break-all;"><span style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; vertical-align: inherit; word-break: break-all;">10010</span></span></td></tr>
<tr style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;"><td style="-webkit-font-smoothing: antialiased; border: 1px solid rgb(221, 221, 221); margin: 0px; max-width: 748px; padding: 5px; word-break: break-all;"><span style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; vertical-align: inherit; word-break: break-all;"><span style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; vertical-align: inherit; word-break: break-all;">high drop</span></span><br style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;" /><span style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; vertical-align: inherit; word-break: break-all;"><span style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; vertical-align: inherit; word-break: break-all;">11</span></span></td><td style="-webkit-font-smoothing: antialiased; border: 1px solid rgb(221, 221, 221); margin: 0px; max-width: 748px; padding: 5px; word-break: break-all;"><span style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; vertical-align: inherit; word-break: break-all;"><span style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; vertical-align: inherit; word-break: break-all;">af13</span></span><br style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;" /><span style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; vertical-align: inherit; word-break: break-all;"><span style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; vertical-align: inherit; word-break: break-all;">00111</span></span></td><td style="-webkit-font-smoothing: antialiased; border: 1px solid rgb(221, 221, 221); margin: 0px; max-width: 748px; padding: 5px; word-break: break-all;"><span style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; vertical-align: inherit; word-break: break-all;"><span style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; vertical-align: inherit; word-break: break-all;">af23</span></span><br style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;" /><span style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; vertical-align: inherit; word-break: break-all;"><span style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; vertical-align: inherit; word-break: break-all;">01011</span></span></td><td style="-webkit-font-smoothing: antialiased; border: 1px solid rgb(221, 221, 221); margin: 0px; max-width: 748px; padding: 5px; word-break: break-all;"><span style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; vertical-align: inherit; word-break: break-all;"><span style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; vertical-align: inherit; word-break: break-all;">af33</span></span><br style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;" /><span style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; vertical-align: inherit; word-break: break-all;"><span style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; vertical-align: inherit; word-break: break-all;">01111</span></span></td><td style="-webkit-font-smoothing: antialiased; border: 1px solid rgb(221, 221, 221); margin: 0px; max-width: 748px; padding: 5px; word-break: break-all;"><span style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; vertical-align: inherit; word-break: break-all;"><span style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; vertical-align: inherit; word-break: break-all;">af43</span></span><br style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;" /><span style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; vertical-align: inherit; word-break: break-all;"><span style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; vertical-align: inherit; word-break: break-all;">10011</span></span></td></tr>
</tbody></table>
<div style="-webkit-font-smoothing: antialiased; color: #3d464d; font-family: -apple-system, "Helvetica Neue", Helvetica, Arial, "PingFang SC", "Hiragino Sans GB", "WenQuanYi Micro Hei", "Microsoft Yahei", sans-serif; font-size: 16px; line-height: 1.8; margin-bottom: 0.7rem; max-width: 100%; overflow-wrap: break-word; padding: 0px; word-break: break-all;">
</div>
<div style="-webkit-font-smoothing: antialiased; color: #3d464d; font-family: -apple-system, "Helvetica Neue", Helvetica, Arial, "PingFang SC", "Hiragino Sans GB", "WenQuanYi Micro Hei", "Microsoft Yahei", sans-serif; font-size: 16px; line-height: 1.8; margin-bottom: 0.7rem; max-width: 100%; overflow-wrap: break-word; padding: 0px; word-break: break-all;">
<br /></div>
<div style="-webkit-font-smoothing: antialiased; color: #3d464d; font-family: -apple-system, "Helvetica Neue", Helvetica, Arial, "PingFang SC", "Hiragino Sans GB", "WenQuanYi Micro Hei", "Microsoft Yahei", sans-serif; font-size: 16px; line-height: 1.8; margin-bottom: 0.7rem; max-width: 100%; overflow-wrap: break-word; padding: 0px; word-break: break-all;">
<strong style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;">④、ef:</strong><br style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; word-break: break-all;" /><span style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; vertical-align: inherit; word-break: break-all;"><span style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; vertical-align: inherit; word-break: break-all;">由rfc2598定義,dscp值為46 (101110)。</span><span style="-webkit-font-smoothing: antialiased; margin: 0px; max-width: 100%; padding: 0px; vertical-align: inherit; word-break: break-all;">ef服務適用於低丟包率,低延遲,低抖動及保證帶寬的業務,voip默認級別是ef。</span></span></div>
髒圳嘎http://www.blogger.com/profile/17184209061223272557noreply@blogger.com0tag:blogger.com,1999:blog-2937680267848947674.post-88368477344763873682020-06-02T10:16:00.000+08:002020-06-02T10:16:22.828+08:00SMI(MDC/MDIO)介紹 Clause 22/45<div style="background-color: white; color: #333333; font-family: avenir, "microsoft yahei", "hiragino sans gb", "microsoft sans serif", "wenquanyi micro hei", sans-serif; margin-bottom: 10px; padding: 0px;">
<div style="font-family: Avenir, "Microsoft Yahei", "Hiragino Sans GB", "Microsoft Sans Serif", "WenQuanYi Micro Hei", sans-serif; margin-bottom: 10px; padding: 0px;">
</div>
<span style="vertical-align: inherit;"><span style="font-size: xx-small; vertical-align: inherit;">From:<a href="http://blog.chinaaet.com/justlxy/p/5100064818">http://blog.chinaaet.com/justlxy/p/5100064818</a></span></span><br />
<span style="font-size: 16px; vertical-align: inherit;"><span style="vertical-align: inherit;"><br />SMI:串行管理接口(Serial Management Interface),通常直接被稱為MDIO接口(Management Data Input/Output Interface)。</span><span style="vertical-align: inherit;">MDIO最早在IEEE 802.3的第22卷定義,後來在第45卷又定義了增強版本的MDIO,其主要被應用於以太網的MAC和PHY層之間,用於MAC層器件通過讀寫寄存器來實現對PHY層器件的操作與管理。</span></span><br /><br />
<div style="font-family: Avenir, "Microsoft Yahei", "Hiragino Sans GB", "Microsoft Sans Serif", "WenQuanYi Micro Hei", sans-serif; font-size: 16px; margin-bottom: 10px; padding: 0px;">
<span style="vertical-align: inherit;"><span style="vertical-align: inherit;">MDIO主機(即產生MDC時鐘的設備)通常被稱為STA(Station Management Entity),而MDIO從機通常被稱為MMD(MDIO Management Device)。</span><span style="vertical-align: inherit;">通常STA都是MAC層器件的一部分,而MMD則是PHY層器件的一部分。</span><span style="vertical-align: inherit;">MDIO接口包括兩條線,MDIO和MDC,其中MDIO是雙向數據線,而MDC是由STA驅動的時鐘線。</span><span style="vertical-align: inherit;">MDC時鐘的最高速率一般為2.5MHz,MDC也可以是非固定頻率,甚至可以是非週期的。</span><span style="vertical-align: inherit;">MDIO接口只是會在MDC時鐘的上升沿進行採樣,而並不在意MDC時鐘的頻率(類似於I2C接口)。</span><span style="vertical-align: inherit;">如下圖所示。</span></span></div>
<div style="font-family: Avenir, "Microsoft Yahei", "Hiragino Sans GB", "Microsoft Sans Serif", "WenQuanYi Micro Hei", sans-serif; font-size: 16px; margin-bottom: 10px; padding: 0px; text-align: center;">
<img alt="blob.png" src="http://files.chinaaet.com/images/blog/2019/20190924/1000019445-6370494317263169496318344.png" style="border: 0px; height: auto; margin: 0px; max-height: 100%; max-width: 100%; overflow: hidden; padding: 0px; width: auto;" title="blob.png" /></div>
<div style="font-family: Avenir, "Microsoft Yahei", "Hiragino Sans GB", "Microsoft Sans Serif", "WenQuanYi Micro Hei", sans-serif; font-size: 16px; margin-bottom: 10px; padding: 0px;">
<span style="vertical-align: inherit;"><span style="vertical-align: inherit;">MDIO接口有兩個版本,通常被稱為卷22版本和卷45版本。</span><span style="vertical-align: inherit;">卷22版本的MDIO接口最多支持連接32個MMD(PHY層設備),每個設備最多支持32個寄存器。</span><span style="vertical-align: inherit;">卷45版本的MDIO接口最多支持連接32個MMD,32個設備類型,每個設備最多支持64K個寄存器。</span><span style="vertical-align: inherit;">卷22版本的MDIO接口的數據幀格式如下:</span></span></div>
<div style="font-family: Avenir, "Microsoft Yahei", "Hiragino Sans GB", "Microsoft Sans Serif", "WenQuanYi Micro Hei", sans-serif; font-size: 16px; margin-bottom: 10px; padding: 0px; text-align: center;">
<img alt="blob.png" src="http://files.chinaaet.com/images/blog/2019/20190924/1000019445-6370494343987147319277880.png" style="border: 0px; height: auto; margin: 0px; max-height: 100%; max-width: 100%; overflow: hidden; padding: 0px; width: auto;" title="blob.png" /></div>
<div style="font-family: Avenir, "Microsoft Yahei", "Hiragino Sans GB", "Microsoft Sans Serif", "WenQuanYi Micro Hei", sans-serif; font-size: 16px; margin-bottom: 10px; padding: 0px;">
<span style="vertical-align: inherit;">具體每個bit描述如下:</span></div>
<div style="font-family: Avenir, "Microsoft Yahei", "Hiragino Sans GB", "Microsoft Sans Serif", "WenQuanYi Micro Hei", sans-serif; font-size: 16px; margin-bottom: 10px; padding: 0px; text-align: center;">
<img alt="blob.png" src="http://files.chinaaet.com/images/blog/2019/20190924/1000019445-6370494349284781811923503.png" style="border: 0px; height: auto; margin: 0px; max-height: 100%; max-width: 100%; overflow: hidden; padding: 0px; width: auto;" title="blob.png" /></div>
<div style="font-family: Avenir, "Microsoft Yahei", "Hiragino Sans GB", "Microsoft Sans Serif", "WenQuanYi Micro Hei", sans-serif; font-size: 16px; margin-bottom: 10px; padding: 0px; text-align: center;">
<img alt="blob.png" src="http://files.chinaaet.com/images/blog/2019/20191009/1000019445-6370622280634317787828939.png" style="border: 0px; height: auto; margin: 0px; max-height: 100%; max-width: 100%; overflow: hidden; padding: 0px; width: auto;" title="blob.png" /></div>
<div style="font-family: Avenir, "Microsoft Yahei", "Hiragino Sans GB", "Microsoft Sans Serif", "WenQuanYi Micro Hei", sans-serif; font-size: 16px; margin-bottom: 10px; padding: 0px;">
<span style="vertical-align: inherit;">卷45版本的MDIO接口的數據幀格式如下:</span></div>
<div style="font-family: Avenir, "Microsoft Yahei", "Hiragino Sans GB", "Microsoft Sans Serif", "WenQuanYi Micro Hei", sans-serif; font-size: 16px; margin-bottom: 10px; padding: 0px; text-align: center;">
<img alt="blob.png" src="http://files.chinaaet.com/images/blog/2019/20190924/1000019445-6370494361389407842076563.png" style="border: 0px; height: auto; margin: 0px; max-height: 100%; max-width: 100%; overflow: hidden; padding: 0px; width: auto;" title="blob.png" /></div>
<div style="font-family: Avenir, "Microsoft Yahei", "Hiragino Sans GB", "Microsoft Sans Serif", "WenQuanYi Micro Hei", sans-serif; font-size: 16px; margin-bottom: 10px; padding: 0px;">
<span style="vertical-align: inherit;">具體每個bit的描述如下:</span></div>
<div style="font-family: Avenir, "Microsoft Yahei", "Hiragino Sans GB", "Microsoft Sans Serif", "WenQuanYi Micro Hei", sans-serif; font-size: 16px; margin-bottom: 10px; padding: 0px; text-align: center;">
<img alt="blob.png" src="http://files.chinaaet.com/images/blog/2019/20190924/1000019445-6370494372165176355024998.png" style="border: 0px; height: auto; margin: 0px; max-height: 100%; max-width: 100%; overflow: hidden; padding: 0px; width: auto;" title="blob.png" /></div>
<div style="font-family: Avenir, "Microsoft Yahei", "Hiragino Sans GB", "Microsoft Sans Serif", "WenQuanYi Micro Hei", sans-serif; font-size: 16px; margin-bottom: 10px; padding: 0px; text-align: center;">
<img alt="blob.png" src="http://files.chinaaet.com/images/blog/2019/20191009/1000019445-6370622277257785935910509.png" style="border: 0px; height: auto; margin: 0px; max-height: 100%; max-width: 100%; overflow: hidden; padding: 0px; width: auto;" title="blob.png" /></div>
<div style="font-family: Avenir, "Microsoft Yahei", "Hiragino Sans GB", "Microsoft Sans Serif", "WenQuanYi Micro Hei", sans-serif; font-size: 16px; margin-bottom: 10px; padding: 0px;">
<span style="vertical-align: inherit;"><span style="vertical-align: inherit;">如果是STA(MAC層設備)驅動MDIO,則MDIO相對於MDC上升沿,至少要有10ns的建立時間(Setup Time)和10ns的保持時間(Hold Time)。</span><span style="vertical-align: inherit;">如下圖所示:</span></span></div>
<div style="font-family: Avenir, "Microsoft Yahei", "Hiragino Sans GB", "Microsoft Sans Serif", "WenQuanYi Micro Hei", sans-serif; font-size: 16px; margin-bottom: 10px; padding: 0px; text-align: center;">
<img alt="blob.png" src="http://files.chinaaet.com/images/blog/2019/20190924/1000019445-6370494592516864862629248.png" style="border: 0px; height: auto; margin: 0px; max-height: 100%; max-width: 100%; overflow: hidden; padding: 0px; width: auto;" title="blob.png" /></div>
<div style="font-family: Avenir, "Microsoft Yahei", "Hiragino Sans GB", "Microsoft Sans Serif", "WenQuanYi Micro Hei", sans-serif; font-size: 16px; margin-bottom: 10px; padding: 0px;">
<span style="vertical-align: inherit;"><span style="vertical-align: inherit;">如果MDIO是由MMD(PHY層設備)驅動的,則MDIO相對於MDC的Tco(Clock to Output Delay)的範圍是0ns~300ns。</span><span style="vertical-align: inherit;">如下圖所示:</span></span></div>
<div style="font-family: Avenir, "Microsoft Yahei", "Hiragino Sans GB", "Microsoft Sans Serif", "WenQuanYi Micro Hei", sans-serif; font-size: 16px; margin-bottom: 10px; padding: 0px; text-align: center;">
<img alt="blob.png" src="http://files.chinaaet.com/images/blog/2019/20190924/1000019445-6370494606215090501812398.png" style="border: 0px; height: auto; margin: 0px; max-height: 100%; max-width: 100%; overflow: hidden; padding: 0px; width: auto;" title="blob.png" /></div>
<div style="font-family: Avenir, "Microsoft Yahei", "Hiragino Sans GB", "Microsoft Sans Serif", "WenQuanYi Micro Hei", sans-serif; font-size: 16px; margin-bottom: 10px; padding: 0px;">
<span style="vertical-align: inherit;">實際上,MDC的頻率也並非一定是小於或等於2.5MHz,比如Marvell的88E1512最大支持12MHz的MDC:</span></div>
<div style="font-family: Avenir, "Microsoft Yahei", "Hiragino Sans GB", "Microsoft Sans Serif", "WenQuanYi Micro Hei", sans-serif; font-size: 16px; margin-bottom: 10px; padding: 0px; text-align: center;">
<img alt="blob.png" src="http://files.chinaaet.com/images/blog/2019/20190926/1000019445-6370511154697741484450094.png" style="border: 0px; height: auto; margin: 0px; max-height: 100%; max-width: 100%; overflow: hidden; padding: 0px; width: auto;" title="blob.png" /></div>
<div style="font-family: Avenir, "Microsoft Yahei", "Hiragino Sans GB", "Microsoft Sans Serif", "WenQuanYi Micro Hei", sans-serif; font-size: 16px; margin-bottom: 10px; padding: 0px;">
<span style="vertical-align: inherit;"><span style="vertical-align: inherit;">IEEE 802.3建議同時對MDIO進行下拉(下拉電阻建議為2k歐姆+5%),和上拉(上拉電阻建議為1.5k歐姆+5%),使得在TA時,MDIO處於中間態。</span><span style="vertical-align: inherit;">但是並非所有的PHY器件都有這樣的要求,比如Marvell的88E1512只要求對MDIO進行上拉即可,上拉電阻範圍為1.5k~10kΩ。</span></span><strong style="color: inherit;"><br /></strong></div>
<div style="font-family: Avenir, "Microsoft Yahei", "Hiragino Sans GB", "Microsoft Sans Serif", "WenQuanYi Micro Hei", sans-serif; font-size: 16px; margin-bottom: 10px; padding: 0px;">
<strong style="color: inherit;">主要參考資料</strong></div>
<div style="font-family: Avenir, "Microsoft Yahei", "Hiragino Sans GB", "Microsoft Sans Serif", "WenQuanYi Micro Hei", sans-serif; font-size: 16px; margin-bottom: 10px; padding: 0px;">
<span style="vertical-align: inherit;">1、IEEE 802.3 第22卷,第45卷</span></div>
<div style="font-family: Avenir, "Microsoft Yahei", "Hiragino Sans GB", "Microsoft Sans Serif", "WenQuanYi Micro Hei", sans-serif; font-size: 16px; margin-bottom: 10px; padding: 0px;">
<span style="vertical-align: inherit;">2、網友落塵紛擾的博客:</span><a href="https://blog.csdn.net/jasonchen_gbd/article/details/51628992" style="color: #4d4b4b; text-decoration-line: none;">https://blog.csdn.net/jasonchen_gbd/article/details/51628992</a></div>
<div style="font-family: Avenir, "Microsoft Yahei", "Hiragino Sans GB", "Microsoft Sans Serif", "WenQuanYi Micro Hei", sans-serif; font-size: 16px; margin-bottom: 10px; padding: 0px;">
<span style="vertical-align: inherit;">3、Lattice, RD1194, MDIO Master and Slave Controllers User Guide</span></div>
<div style="font-family: Avenir, "Microsoft Yahei", "Hiragino Sans GB", "Microsoft Sans Serif", "WenQuanYi Micro Hei", sans-serif; font-size: 16px; margin-bottom: 10px; padding: 0px;">
<span style="vertical-align: inherit;">4、Marvell,Alaska 88E1512 Datasheet</span></div>
</div>
髒圳嘎http://www.blogger.com/profile/17184209061223272557noreply@blogger.com0tag:blogger.com,1999:blog-2937680267848947674.post-19626366818437054492020-02-20T17:05:00.002+08:002020-02-20T17:05:51.383+08:00arp_ignore 和 arp_filter<span style="color: #999999;">From:</span><a href="http://huntxu.github.io/2015-12-24-arp-filter-vs-arp-ignore.html">http://huntxu.github.io/2015-12-24-arp-filter-vs-arp-ignore.html</a><br />
<span style="color: #999999;"><br /></span>
<br />
<h1>
<span style="color: #999999;">arp_ignore 和 arp_filter</span></h1>
<div style="margin: 1em;">
<span style="color: #999999;">24 Dec 2015</span></div>
<div style="margin: 1em;">
<span style="color: #999999;">先說結論好了</span></div>
<ol style="margin-left: 1.2em;">
<li style="line-height: 1.2em;"><span style="color: #999999;"><code class="highlighter-rouge" style="background-color: #08175d; font-family: "DejaVu Sans Mono", Monaco, Courier, monospace; padding: 0.1em 0.5em;">arp_filter</code>有個表哥叫做<code class="highlighter-rouge" style="background-color: #08175d; font-family: "DejaVu Sans Mono", Monaco, Courier, monospace; padding: 0.1em 0.5em;">rp_filter</code>,這裏的<code class="highlighter-rouge" style="background-color: #08175d; font-family: "DejaVu Sans Mono", Monaco, Courier, monospace; padding: 0.1em 0.5em;">rp</code>是<code class="highlighter-rouge" style="background-color: #08175d; font-family: "DejaVu Sans Mono", Monaco, Courier, monospace; padding: 0.1em 0.5em;">Reserve Path</code>的意思,其實就是用來檢查返回的包是否會從相對應的到來的包使用相同的網絡接口出去。它們的區別只是層次不同</span></li>
<li style="line-height: 1.2em;"><span style="color: #999999;"><code class="highlighter-rouge" style="background-color: #08175d; font-family: "DejaVu Sans Mono", Monaco, Courier, monospace; padding: 0.1em 0.5em;">arp_ignore</code> 則是內核用來確定是否應該回覆從該端口收到的<code class="highlighter-rouge" style="background-color: #08175d; font-family: "DejaVu Sans Mono", Monaco, Courier, monospace; padding: 0.1em 0.5em;">ARP</code>請求的</span></li>
<li style="line-height: 1.2em;"><span style="color: #999999;">這兩個判斷都在內核中的<code class="highlighter-rouge" style="background-color: #08175d; font-family: "DejaVu Sans Mono", Monaco, Courier, monospace; padding: 0.1em 0.5em;">net/ipv4/arp.c</code>中</span></li>
</ol>
<div style="margin: 1em;">
<span style="color: #999999;">故事是因爲有個同事在一個機器上用<code class="highlighter-rouge" style="background-color: #08175d; font-family: "DejaVu Sans Mono", Monaco, Courier, monospace; padding: 0.1em 0.5em;">libvirt</code>搭建了幾臺虛擬機之後使用橋接連接這幾臺機器,並且使用自動部署工具去部署這幾臺機器。結果發現其中有一臺機器的一個網卡沒有成功得到預期的地址。調查之後發現那臺機器在配置該地址之前使用了<code class="highlighter-rouge" style="background-color: #08175d; font-family: "DejaVu Sans Mono", Monaco, Courier, monospace; padding: 0.1em 0.5em;">arping -D</code>去檢查是否與其他機器已有的地址相互衝突了,剛巧該地址和宿主機之上的另外一個網卡地址相同,於是宿主機上橋接虛擬機網絡的網卡,便響應了那個<code class="highlighter-rouge" style="background-color: #08175d; font-family: "DejaVu Sans Mono", Monaco, Courier, monospace; padding: 0.1em 0.5em;">ARP</code>請求,導致配置失敗。</span></div>
<div style="margin: 1em;">
<span style="color: #999999;">一開始我也很奇怪,爲什麼明明宿主機上橋接着虛擬機網絡的網卡並不擁有那個目標地址但卻會回覆,而更奇怪的是,虛擬機中使用<code class="highlighter-rouge" style="background-color: #08175d; font-family: "DejaVu Sans Mono", Monaco, Courier, monospace; padding: 0.1em 0.5em;">arping</code>不加<code class="highlighter-rouge" style="background-color: #08175d; font-family: "DejaVu Sans Mono", Monaco, Courier, monospace; padding: 0.1em 0.5em;">-D</code>參數,也收不到回覆。所以經過一番搜索與測試驗證,才大致搞明白了其中的原因。</span></div>
<div style="margin: 1em;">
<span style="color: #999999;">首先,在內核文檔中有這樣一段對<code class="highlighter-rouge" style="background-color: #08175d; font-family: "DejaVu Sans Mono", Monaco, Courier, monospace; padding: 0.1em 0.5em;">arp_filter</code>參數的描述:</span></div>
<div class="highlighter-rouge">
<pre class="highlight" style="background-color: #08175d; display: inline-block; font-size: 12px; line-height: 1.5em; margin-left: 5em; margin-right: 5em; padding: 0px 1em;"><code style="font-family: "DejaVu Sans Mono", Monaco, Courier, monospace; padding: 0.1em 0.5em;"><span style="color: #999999;">0 - (default) The kernel can respond to arp requests with addresses
from other interfaces. This may seem wrong but it usually makes
sense, because it increases the chance of successful communication.
IP addresses are owned by the complete host on Linux, not by
particular interfaces. Only for more complex setups like load-
balancing, does this behaviour cause problems.
</span></code></pre>
</div>
<div style="margin: 1em;">
<span style="color: #999999;">內核認爲一個IP地址是屬於整個主機的,而非某個特定的端口,所以默認情況下,每個端口都會回覆目標是其他端口的IP地址的ARP請求。</span></div>
<div style="margin: 1em;">
<span style="color: #999999;">查看了機器之後發現這一項爲默認值0,但是又一個疑問發生了,爲什麼使用<code class="highlighter-rouge" style="background-color: #08175d; font-family: "DejaVu Sans Mono", Monaco, Courier, monospace; padding: 0.1em 0.5em;">arping</code>不帶<code class="highlighter-rouge" style="background-color: #08175d; font-family: "DejaVu Sans Mono", Monaco, Courier, monospace; padding: 0.1em 0.5em;">-D</code>參數就無法收到返回呢?答案是<code class="highlighter-rouge" style="background-color: #08175d; font-family: "DejaVu Sans Mono", Monaco, Courier, monospace; padding: 0.1em 0.5em;">rp_filter</code>做了過濾,默認回應的包不從收到的端口出去,所以並不回覆。</span></div>
<div style="margin: 1em;">
<span style="color: #999999;">那麼接下來又有一個問題,爲什麼帶了<code class="highlighter-rouge" style="background-color: #08175d; font-family: "DejaVu Sans Mono", Monaco, Courier, monospace; padding: 0.1em 0.5em;">-D</code>參數就收的到回覆呢?原因是,如果使用<code class="highlighter-rouge" style="background-color: #08175d; font-family: "DejaVu Sans Mono", Monaco, Courier, monospace; padding: 0.1em 0.5em;">arping -D</code>的話,發出的請求包的原地址是設置爲<code class="highlighter-rouge" style="background-color: #08175d; font-family: "DejaVu Sans Mono", Monaco, Courier, monospace; padding: 0.1em 0.5em;">0.0.0.0</code>的,這點可以參考<a href="https://tools.ietf.org/html/rfc2131">RFC2131</a>中的<code class="highlighter-rouge" style="background-color: #08175d; font-family: "DejaVu Sans Mono", Monaco, Courier, monospace; padding: 0.1em 0.5em;">4.4.1</code>一段。然後來看代碼:</span></div>
<div class="highlighter-rouge">
<pre class="highlight" style="background-color: #08175d; display: inline-block; font-size: 12px; line-height: 1.5em; margin-left: 5em; margin-right: 5em; padding: 0px 1em;"><code style="font-family: "DejaVu Sans Mono", Monaco, Courier, monospace; padding: 0.1em 0.5em;"><span style="color: #999999;"> /* Special case: IPv4 duplicate address detection packet (RFC2131) */
if (sip == 0) {
if (arp->ar_op == htons(ARPOP_REQUEST) &&
inet_addr_type_dev_table(net, dev, tip) == RTN_LOCAL &&
!arp_ignore(in_dev, sip, tip))
arp_send_dst(ARPOP_REPLY, ETH_P_ARP, sip, dev, tip,
sha, dev->dev_addr, sha, reply_dst);
goto out;
}
</span></code></pre>
</div>
<div style="margin: 1em;">
<span style="color: #999999;">當請求包的地址爲<code class="highlighter-rouge" style="background-color: #08175d; font-family: "DejaVu Sans Mono", Monaco, Courier, monospace; padding: 0.1em 0.5em;">0.0.0.0</code>的時候,內核只照顧<code class="highlighter-rouge" style="background-color: #08175d; font-family: "DejaVu Sans Mono", Monaco, Courier, monospace; padding: 0.1em 0.5em;">arp_ignore</code>這個選項,而不去管<code class="highlighter-rouge" style="background-color: #08175d; font-family: "DejaVu Sans Mono", Monaco, Courier, monospace; padding: 0.1em 0.5em;">arp_filter</code>選項的內容,也不去管<code class="highlighter-rouge" style="background-color: #08175d; font-family: "DejaVu Sans Mono", Monaco, Courier, monospace; padding: 0.1em 0.5em;">rp_filter</code>的內容。</span></div>
<div style="margin: 1em;">
<span style="color: #999999;">下面看兩個場景,加深一下對這幾個參數的印象:</span></div>
<ol style="margin-left: 1.2em;">
<li style="line-height: 1.2em;"><span style="color: #999999;">主機上兩個接口,地址分別處於不同的子網之中</span><ul style="margin-left: 1.2em;">
<li style="line-height: 1.2em;"><span style="color: #999999;">這種情況不會引起混亂</span></li>
<li style="line-height: 1.2em;"><span style="color: #999999;">從哪個端口進來的<code class="highlighter-rouge" style="background-color: #08175d; font-family: "DejaVu Sans Mono", Monaco, Courier, monospace; padding: 0.1em 0.5em;">ARP</code>請求,一般來說請求的源地址也是那個子網之中的地址,因此回覆包也會從該端口出去,所以能通過<code class="highlighter-rouge" style="background-color: #08175d; font-family: "DejaVu Sans Mono", Monaco, Courier, monospace; padding: 0.1em 0.5em;">rp_filter</code>以及<code class="highlighter-rouge" style="background-color: #08175d; font-family: "DejaVu Sans Mono", Monaco, Courier, monospace; padding: 0.1em 0.5em;">arp_filter</code>的驗證</span></li>
<li style="line-height: 1.2em;"><span style="color: #999999;">這種情況下的回覆只需要考慮<code class="highlighter-rouge" style="background-color: #08175d; font-family: "DejaVu Sans Mono", Monaco, Courier, monospace; padding: 0.1em 0.5em;">arp_ignore</code>的影響</span></li>
</ul>
</li>
<li style="line-height: 1.2em;"><span style="color: #999999;">主機上兩個接口,地址處於相同的子網之中</span><ul style="margin-left: 1.2em;">
<li style="line-height: 1.2em;"><span style="color: #999999;">容易引起混亂的情況</span></li>
<li style="line-height: 1.2em;"><span style="color: #999999;">兩個端口進來的<code class="highlighter-rouge" style="background-color: #08175d; font-family: "DejaVu Sans Mono", Monaco, Courier, monospace; padding: 0.1em 0.5em;">ARP</code>請求,基本上源地址是同一個子網,因此回覆的包只會從<code class="highlighter-rouge" style="background-color: #08175d; font-family: "DejaVu Sans Mono", Monaco, Courier, monospace; padding: 0.1em 0.5em;">ifindex</code>較小(猜測,未驗證)的端口發送出去,因此從其中一個端口進來的請求有可能無法通過<code class="highlighter-rouge" style="background-color: #08175d; font-family: "DejaVu Sans Mono", Monaco, Courier, monospace; padding: 0.1em 0.5em;">rp_filter</code>以及<code class="highlighter-rouge" style="background-color: #08175d; font-family: "DejaVu Sans Mono", Monaco, Courier, monospace; padding: 0.1em 0.5em;">arp_filter</code>的驗證</span></li>
<li style="line-height: 1.2em;"><span style="color: #999999;">同樣需要考慮<code class="highlighter-rouge" style="background-color: #08175d; font-family: "DejaVu Sans Mono", Monaco, Courier, monospace; padding: 0.1em 0.5em;">arp_ignore</code>的影響,對於上面說的收到無法通過<code class="highlighter-rouge" style="background-color: #08175d; font-family: "DejaVu Sans Mono", Monaco, Courier, monospace; padding: 0.1em 0.5em;">rp_filter</code>以及<code class="highlighter-rouge" style="background-color: #08175d; font-family: "DejaVu Sans Mono", Monaco, Courier, monospace; padding: 0.1em 0.5em;">arp_filter</code>驗證的請求包的端口,除非請求的源地址爲<code class="highlighter-rouge" style="background-color: #08175d; font-family: "DejaVu Sans Mono", Monaco, Courier, monospace; padding: 0.1em 0.5em;">0.0.0.0</code>,否則便根本不會回覆,而另一端口收到的則正常,而且對兩個接口上所設置的地址,都能夠通過上述的驗證</span></li>
<li style="line-height: 1.2em;"><span style="color: #999999;">要想讓兩個端口在同一子網中互不干擾,各自使用各自的地址並各自對請求包進行回覆,則需要使用策略路由,並且將<code class="highlighter-rouge" style="background-color: #08175d; font-family: "DejaVu Sans Mono", Monaco, Courier, monospace; padding: 0.1em 0.5em;">arp_filter</code>和<code class="highlighter-rouge" style="background-color: #08175d; font-family: "DejaVu Sans Mono", Monaco, Courier, monospace; padding: 0.1em 0.5em;">rp_filter</code>打開,<code class="highlighter-rouge" style="background-color: #08175d; font-family: "DejaVu Sans Mono", Monaco, Courier, monospace; padding: 0.1em 0.5em;">arp_ignore</code>正確設置</span></li>
</ul>
</li>
</ol>
<div style="margin: 1em;">
<span style="color: #999999;">關於這些選項的具體設置值的意義,可以參考內核文檔,這裏就不複製粘貼進來加長篇幅了。總之,在能夠進行規劃的情況下,還是儘量避免容易引起混亂的情況爲好。</span></div>
髒圳嘎http://www.blogger.com/profile/17184209061223272557noreply@blogger.com0tag:blogger.com,1999:blog-2937680267848947674.post-10723927505011896782019-03-25T15:49:00.001+08:002019-03-25T15:49:33.198+08:00VXLAN vs VLAN<div style="background-color: white; color: #1a1a1a; font-family: -apple-system, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Microsoft YaHei", "Source Han Sans SC", "Noto Sans CJK SC", "WenQuanYi Micro Hei", sans-serif; margin-bottom: 1.4em;">
</div>
<h4>
<span style="vertical-align: inherit;"><span style="font-size: xx-small; vertical-align: inherit;"><i>from:https://zhuanlan.zhihu.com/p/36165475</i></span></span></h4>
<span style="vertical-align: inherit;"><span style="vertical-align: inherit;"><br />VXLAN(Virtual eXtensible Local Area Network)或許是目前最熱門的網絡虛擬化技術。</span><span style="vertical-align: inherit;">網絡虛擬化是指在一套物理網絡設備上虛擬出多個二層網絡。</span><span style="vertical-align: inherit;">VXLAN由RFC7348定義,這是2014年定稿的一個協議,VXLAN協議將Ethernet幀封裝在UDP內,再加上8個字節的VXLAN header,用來標識不同的二層網絡。</span></span><br />
<div style="background-color: white; color: #1a1a1a; font-family: -apple-system, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Microsoft YaHei", "Source Han Sans SC", "Noto Sans CJK SC", "WenQuanYi Micro Hei", sans-serif; margin-bottom: 1.4em; margin-top: 1.4em;">
<span style="vertical-align: inherit;"><span style="vertical-align: inherit;">同樣是網絡虛擬化技術的VLAN(Virtual Local Network)在1998年就提出了第一稿,並且得到廣泛的應用,VLAN直接在Ethernet幀的頭部加上4個字節的VLAN Tag,用來標識不同的二層網絡。</span><span style="vertical-align: inherit;">VLAN已經在大部分的網絡設備和操作系統中得到了支持,它處理起來也比較簡單,在讀取Ethernet數據的時候,只需要根據EtherType相應的偏移4個字節就行。</span><span style="vertical-align: inherit;">相比之下,VXLAN因為提出的較晚,在設備上的支持率不如VLAN,而且,VXLAN數據的封裝解封裝,要比VLAN複雜的多。</span><span style="vertical-align: inherit;">看起來沒理由VXLAN搶占VLAN的地位,但是現實卻不是如此,那究竟是什麼原因導致的呢?</span></span></div>
<h2 style="background-color: white; clear: left; color: #1a1a1a; font-family: -apple-system, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Microsoft YaHei", "Source Han Sans SC", "Noto Sans CJK SC", "WenQuanYi Micro Hei", sans-serif; font-size: 1.2em; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: 1.5; margin: 2.33333em 0px 1.16667em;">
<span style="vertical-align: inherit;">VXLAN協議</span></h2>
<div style="background-color: white; color: #1a1a1a; font-family: -apple-system, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Microsoft YaHei", "Source Han Sans SC", "Noto Sans CJK SC", "WenQuanYi Micro Hei", sans-serif; margin-bottom: 1.4em; margin-top: 1.4em;">
<span style="vertical-align: inherit;">我們先來看看VXLAN協議,前面說過,VXLAN是將Ethernet Frame封裝在UDP包裡面,具體的協議格式如下。</span></div>
<figure data-size="normal" style="background-color: white; color: #1a1a1a; font-family: -apple-system, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Microsoft YaHei", "Source Han Sans SC", "Noto Sans CJK SC", "WenQuanYi Micro Hei", sans-serif; margin: 1.4em 0px;"><img class="origin_image zh-lightbox-thumb lazy" data-actualsrc="https://pic3.zhimg.com/v2-5b08893335ea7f4094de7c17ccdd5b7a_b.jpg" data-caption="" data-original="https://pic3.zhimg.com/v2-5b08893335ea7f4094de7c17ccdd5b7a_r.jpg" data-rawheight="389" data-rawwidth="600" data-size="normal" src="https://pic3.zhimg.com/80/v2-5b08893335ea7f4094de7c17ccdd5b7a_hd.jpg" style="cursor: zoom-in; display: block; margin: 0px auto; max-width: 100%;" width="600" /></figure><div style="background-color: white; color: #1a1a1a; font-family: -apple-system, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Microsoft YaHei", "Source Han Sans SC", "Noto Sans CJK SC", "WenQuanYi Micro Hei", sans-serif; margin-bottom: 1.4em; margin-top: 1.4em;">
<span style="vertical-align: inherit;"><span style="vertical-align: inherit;">除了常規的各層的header之外,VXLAN協議定義了8個字節的VXLAN Header。</span><span style="vertical-align: inherit;">其中的24bit用來標識不同的二層網絡,這樣總共可以標識1600多萬個不同的二層網絡。</span><span style="vertical-align: inherit;">一般的傳輸層端口號用來標識進程或者應用,但是在VXLAN協議裡面的,Ethernet Frame封裝在UDP裡面,UDP的source port被用來在ECMP或者LACP做負載均衡;destination port被用來標識VXLAN數據,IANA(Internet Assigned Numbers Authority)分配給VXLAN的端口號是4789。</span><span style="vertical-align: inherit;">VXLAN數據是經過VTEP(VXLAN Tunnel EndPoint)封裝和解封裝的,相應的VXLAN數據的外層IP地址就是VTEP的IP地址。</span><span style="vertical-align: inherit;">最外層的MAC地址用來實現VTEP之間的數據傳遞。</span></span></div>
<div style="background-color: white; color: #1a1a1a; font-family: -apple-system, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Microsoft YaHei", "Source Han Sans SC", "Noto Sans CJK SC", "WenQuanYi Micro Hei", sans-serif; margin-bottom: 1.4em; margin-top: 1.4em;">
<span style="vertical-align: inherit;"><span style="vertical-align: inherit;">VXLAN與VLAN的最大區別在於,VLAN只是修改了原始的Ethernet Header,但是整個網絡數據包還是原來那個數據包,而VXLAN是將原始的Ethernet Frame隱藏在UDP數據裡面。</span><span style="vertical-align: inherit;">經過VTEP封裝之後,在網絡線路上看起來只有VTEP之間的UDP數據傳遞,原始的網絡數據包被掩蓋了。</span></span></div>
<div style="background-color: white; color: #1a1a1a; font-family: -apple-system, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Microsoft YaHei", "Source Han Sans SC", "Noto Sans CJK SC", "WenQuanYi Micro Hei", sans-serif; margin-bottom: 1.4em; margin-top: 1.4em;">
<span style="vertical-align: inherit;">VXLAN並不是憑空出現,這種在UDP裡面封裝網絡數據的做法,在VXLAN之前就已經存在,例如OTV(Overlay Transport Virtualization)和LISP(Locator/ID Separation Protocol </span><span style="font-weight: 600;">)。</span></div>
<h2 style="background-color: white; clear: left; color: #1a1a1a; font-family: -apple-system, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Microsoft YaHei", "Source Han Sans SC", "Noto Sans CJK SC", "WenQuanYi Micro Hei", sans-serif; font-size: 1.2em; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: 1.5; margin: 2.33333em 0px 1.16667em;">
<span style="vertical-align: inherit;">為什麼要VXLAN?</span></h2>
<div style="background-color: white; color: #1a1a1a; font-family: -apple-system, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Microsoft YaHei", "Source Han Sans SC", "Noto Sans CJK SC", "WenQuanYi Micro Hei", sans-serif; margin-bottom: 1.4em; margin-top: 1.4em;">
<span style="vertical-align: inherit;"><span style="vertical-align: inherit;">相比VLAN,VXLAN顯得複雜很多。</span><span style="vertical-align: inherit;">再加上VLAN的先發優勢,已經得到了廣泛的支持。</span><span style="vertical-align: inherit;">那為什麼還要VXLAN?</span></span></div>
<div style="background-color: white; color: #1a1a1a; font-family: -apple-system, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Microsoft YaHei", "Source Han Sans SC", "Noto Sans CJK SC", "WenQuanYi Micro Hei", sans-serif; margin-bottom: 1.4em; margin-top: 1.4em;">
<span style="font-weight: 600;"><i>VLAN ID數量限制</i></span></div>
<div style="background-color: white; color: #1a1a1a; font-family: -apple-system, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Microsoft YaHei", "Source Han Sans SC", "Noto Sans CJK SC", "WenQuanYi Micro Hei", sans-serif; margin-bottom: 1.4em; margin-top: 1.4em;">
<span style="font-weight: 600;"><i>--</i></span></div>
<div style="background-color: white; color: #1a1a1a; font-family: -apple-system, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Microsoft YaHei", "Source Han Sans SC", "Noto Sans CJK SC", "WenQuanYi Micro Hei", sans-serif; margin-bottom: 1.4em; margin-top: 1.4em;">
<span style="vertical-align: inherit;"><span style="vertical-align: inherit;">首先是VLAN能支持的二層網絡數量有限。</span><span style="vertical-align: inherit;">VLAN Tag總共4個字節,其中有12bit用來標識不同的二層網絡,這樣總共是4000多個。</span><span style="vertical-align: inherit;">而VXLAN header有8個字節,有24bit用來標識不同的二層網絡,這樣總共是1600多萬個。</span><span style="vertical-align: inherit;">這或許是知名度最高的一條原因。</span><span style="vertical-align: inherit;">但這是最根本的原因嗎?</span><span style="vertical-align: inherit;">VLAN自身也有一些相關的協議,其中QinQ(IEEE 802.1 ad)定義在Ethernet頭部加上2個VLAN Tag,這樣總共也可以由12+12=24bit的數據用來標識不同的二層網絡。</span><span style="vertical-align: inherit;">如果僅僅是因為能支持的二層網絡數量有限,只需要在現有的VLAN設備上做一些改動,直接用QinQ就好了。</span><span style="vertical-align: inherit;">所以,選用VXLAN一定還有其他原因。</span></span></div>
<div style="background-color: white; color: #1a1a1a; font-family: -apple-system, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Microsoft YaHei", "Source Han Sans SC", "Noto Sans CJK SC", "WenQuanYi Micro Hei", sans-serif; margin-bottom: 1.4em; margin-top: 1.4em;">
<i><span style="font-weight: 600;">TOR交換機MAC地址表限制</span></i></div>
<div style="background-color: white; color: #1a1a1a; font-family: -apple-system, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Microsoft YaHei", "Source Han Sans SC", "Noto Sans CJK SC", "WenQuanYi Micro Hei", sans-serif; margin-bottom: 1.4em; margin-top: 1.4em;">
<i><span style="font-weight: 600;">--</span></i></div>
<div style="background-color: white; color: #1a1a1a; font-family: -apple-system, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Microsoft YaHei", "Source Han Sans SC", "Noto Sans CJK SC", "WenQuanYi Micro Hei", sans-serif; margin-bottom: 1.4em; margin-top: 1.4em;">
<span style="vertical-align: inherit;"><span style="vertical-align: inherit;">數據中心的虛擬化給網絡設備帶來的最直接影響就是:之前TOR(Top Of Rack)交換機的一個端口連接一個物理主機對應一個MAC地址,但現在交換機的一個端口雖然還是連接一個物理主機但是可能進而連接幾十個甚至上百個虛擬機和相應數量的MAC地址。</span><span style="vertical-align: inherit;">傳統交換機是根據MAC地址表實現二層轉發。</span><span style="vertical-align: inherit;">如下圖所示,交換機在收到一個數據幀之後,根據VLAN和目的MAC地址,查找到相應的交換機端口,再將數據幀從相應的端口發出。</span></span></div>
<figure data-size="normal" style="background-color: white; color: #1a1a1a; font-family: -apple-system, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Microsoft YaHei", "Source Han Sans SC", "Noto Sans CJK SC", "WenQuanYi Micro Hei", sans-serif; margin: 1.4em 0px;"><img class="origin_image zh-lightbox-thumb lazy" data-actualsrc="https://pic4.zhimg.com/v2-6a14707804784b3dafedc1c15b231d67_b.jpg" data-caption="" data-original="https://pic4.zhimg.com/v2-6a14707804784b3dafedc1c15b231d67_r.jpg" data-rawheight="502" data-rawwidth="720" data-size="normal" src="https://pic4.zhimg.com/80/v2-6a14707804784b3dafedc1c15b231d67_hd.jpg" style="cursor: zoom-in; display: block; margin: 0px auto; max-width: 100%;" width="720" /></figure><div style="background-color: white; color: #1a1a1a; font-family: -apple-system, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Microsoft YaHei", "Source Han Sans SC", "Noto Sans CJK SC", "WenQuanYi Micro Hei", sans-serif; margin-bottom: 1.4em; margin-top: 1.4em;">
<span style="vertical-align: inherit;"><span style="vertical-align: inherit;">這個MAC地址表是通過交換機的flood-learn學習並記錄在交換機的內存。</span><span style="vertical-align: inherit;">交換機的內存比較寶貴,所以MAC地址表的大小通常是有限的。</span><span style="vertical-align: inherit;">現在因為虛擬化,整個數據中心的MAC地址多了幾十倍,那相應的交換機裡面的MAC地址表也需要擴大幾十倍。</span><span style="vertical-align: inherit;">如果交換機不支持這麼大的MAC地址表,那麼就會導致MAC地址表溢出。</span><span style="vertical-align: inherit;">溢出之後,交換機不能將新的MAC地址學習到自己的MAC地址表。</span><span style="vertical-align: inherit;">如果交換機收到這些MAC地址的數據幀,因為不能通過查表轉發,會flood到所有的端口。</span><span style="vertical-align: inherit;">這不但增加了交換機的負擔,還增加了網絡中其他設備的負擔。</span><span style="vertical-align: inherit;">為了避免這個問題,可以用一些更大容量的交換機,但是相應的成本也要上升,而且還不能從根本上解決這個問題。</span></span></div>
<div style="background-color: white; color: #1a1a1a; font-family: -apple-system, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Microsoft YaHei", "Source Han Sans SC", "Noto Sans CJK SC", "WenQuanYi Micro Hei", sans-serif; margin-bottom: 1.4em; margin-top: 1.4em;">
<span style="vertical-align: inherit;"><span style="vertical-align: inherit;">如果使用VXLAN,虛擬機的Ethernet Frame被VTEP封裝在UDP裡面,一個VTEP可以被一個物理主機上的所有虛擬機共用。</span><span style="vertical-align: inherit;">從交換機的角度,交換機看到的是VTEP之間在傳遞UDP數據。</span><span style="vertical-align: inherit;">通常,一個物理主機對應一個VTEP,所以交換機的MAC地址表,只需要記錄與物理主機數量相當條目就可以了,虛擬化帶來的MAC地址表暴增的問題也不存在了。</span><span style="vertical-align: inherit;">這是VXLAN能解決的,而現有的VLAN沒有辦法迴避的問題。</span></span></div>
<div style="background-color: white; color: #1a1a1a; font-family: -apple-system, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Microsoft YaHei", "Source Han Sans SC", "Noto Sans CJK SC", "WenQuanYi Micro Hei", sans-serif; margin-bottom: 1.4em; margin-top: 1.4em;">
<span style="font-weight: 600;"><i>靈活的虛機部署和部署</i></span></div>
<div style="background-color: white; color: #1a1a1a; font-family: -apple-system, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Microsoft YaHei", "Source Han Sans SC", "Noto Sans CJK SC", "WenQuanYi Micro Hei", sans-serif; margin-bottom: 1.4em; margin-top: 1.4em;">
<span style="font-weight: 600;"><i>--</i></span></div>
<div style="background-color: white; color: #1a1a1a; font-family: -apple-system, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Microsoft YaHei", "Source Han Sans SC", "Noto Sans CJK SC", "WenQuanYi Micro Hei", sans-serif; margin-bottom: 1.4em; margin-top: 1.4em;">
<span style="vertical-align: inherit;"><span style="vertical-align: inherit;">採用VLAN網絡的虛擬環境,不存在overlay網絡。</span><span style="vertical-align: inherit;">虛擬機的網絡數據,被打上VLAN Tag之後,直接在物理網絡上傳輸,與物理網絡上的VLAN是融合在一起的。</span><span style="vertical-align: inherit;">這樣的好處是虛擬機能直接訪問到物理網絡的設備,但是壞處是,虛擬網絡現在不能打破物理網絡的限制。</span><span style="vertical-align: inherit;">比如,如果要在VLAN 100部署虛擬機,那隻能在支持VLAN 100的物理設備上部署虛機。</span><span style="vertical-align: inherit;">通常不同的VLAN網絡,會被分配不同的IP地址段,通過路由器或者其他的三層設備連接在一起。</span><span style="vertical-align: inherit;">設想我有下面一個環境,紫色區域和綠色區域分別對應不同的VLAN網絡,紫色區域裡面每個服務器已經有10個虛機,綠色區域每個服務器只有2個虛機,紫色區域雖然服務器數量更多,但是總的負擔已經夠重了。</span><span style="vertical-align: inherit;">現在因為業務的需求,我們還需要向紫色網絡裡面部署虛機,因為VLAN網絡無法打破物理二層網絡的限制,虛機還是只能部署在紫色區域,這明顯不合理。</span></span></div>
<div style="background-color: white; color: #1a1a1a; font-family: -apple-system, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Microsoft YaHei", "Source Han Sans SC", "Noto Sans CJK SC", "WenQuanYi Micro Hei", sans-serif; margin-bottom: 1.4em; margin-top: 1.4em;">
<span style="vertical-align: inherit;"><span style="vertical-align: inherit;">另一方面,就算不部署新的虛擬機,只是對現有的部署做一個優化,將部分虛擬機從紫色區域遷移到綠色區域,因為無法打破物理二層網絡的限制,這也是不可行的。</span><span style="vertical-align: inherit;">因為業務肯定不是平均分配的,那如果採用VLAN網絡,極有可能會導致數據中心的利用率分佈不均勻。</span></span></div>
<figure data-size="normal" style="background-color: white; color: #1a1a1a; font-family: -apple-system, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Microsoft YaHei", "Source Han Sans SC", "Noto Sans CJK SC", "WenQuanYi Micro Hei", sans-serif; margin: 1.4em 0px;"><img class="origin_image zh-lightbox-thumb lazy" data-actualsrc="https://pic2.zhimg.com/v2-5aa91b6df1d8cd86cad8dbd0acb453b1_b.jpg" data-caption="" data-original="https://pic2.zhimg.com/v2-5aa91b6df1d8cd86cad8dbd0acb453b1_r.jpg" data-rawheight="718" data-rawwidth="1078" data-size="normal" src="https://pic2.zhimg.com/80/v2-5aa91b6df1d8cd86cad8dbd0acb453b1_hd.jpg" style="cursor: zoom-in; display: block; margin: 0px auto; max-width: 100%;" width="1078" /></figure><div style="background-color: white; color: #1a1a1a; font-family: -apple-system, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Microsoft YaHei", "Source Han Sans SC", "Noto Sans CJK SC", "WenQuanYi Micro Hei", sans-serif; margin-bottom: 1.4em; margin-top: 1.4em;">
<span style="vertical-align: inherit;"><span style="vertical-align: inherit;">VLAN其實有自己的解決辦法,如果將所有的交換機Trunk連接起來,那在物理上沒有明確的區域區分。</span><span style="vertical-align: inherit;">但是這樣就產生了一個大的二層,相應的BUM(Broadcast,Unknown Unicast,Multicast)和交換機MAC地址表的問題也會隨之產生。</span></span></div>
<div style="background-color: white; color: #1a1a1a; font-family: -apple-system, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Microsoft YaHei", "Source Han Sans SC", "Noto Sans CJK SC", "WenQuanYi Micro Hei", sans-serif; margin-bottom: 1.4em; margin-top: 1.4em;">
<span style="vertical-align: inherit;"><span style="vertical-align: inherit;">如果使用VXLAN呢?</span><span style="vertical-align: inherit;">因為VXLAN通過UDP傳輸Ethernet Frame,那相應的可以在一個L3網絡上,傳遞L2的數據。</span><span style="vertical-align: inherit;">又或者用官方的說法,在一個L3網絡上構建了L2網絡。</span><span style="vertical-align: inherit;">物理網絡的二層邊界還存在,但是現在虛機的網絡數據在三層網絡傳輸,可以跨越物理二層網絡的限制。</span></span></div>
<figure data-size="normal" style="background-color: white; color: #1a1a1a; font-family: -apple-system, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Microsoft YaHei", "Source Han Sans SC", "Noto Sans CJK SC", "WenQuanYi Micro Hei", sans-serif; margin: 1.4em 0px;"><img class="origin_image zh-lightbox-thumb lazy" data-actualsrc="https://pic4.zhimg.com/v2-3c372aa2b3cb1e2d19729af508f1823f_b.jpg" data-caption="" data-original="https://pic4.zhimg.com/v2-3c372aa2b3cb1e2d19729af508f1823f_r.jpg" data-rawheight="341" data-rawwidth="523" data-size="normal" src="https://pic4.zhimg.com/80/v2-3c372aa2b3cb1e2d19729af508f1823f_hd.jpg" style="cursor: zoom-in; display: block; margin: 0px auto; max-width: 100%;" width="523" /></figure><div style="background-color: white; color: #1a1a1a; font-family: -apple-system, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Microsoft YaHei", "Source Han Sans SC", "Noto Sans CJK SC", "WenQuanYi Micro Hei", sans-serif; margin-bottom: 1.4em; margin-top: 1.4em;">
<span style="vertical-align: inherit;"><span style="vertical-align: inherit;">不管物理網絡的二層還是三層,虛擬機現在已經感知不到了。</span><span style="vertical-align: inherit;">通過VXLAN的封裝,虛擬機現在走的是一套獨立於物理網絡(underlay network)的overlay network。</span><span style="vertical-align: inherit;">這樣的話,在物理網絡上,就不必把所有的交換機Trunk連起來,還是可以保持一個個小的L2 Pod。</span><span style="vertical-align: inherit;">但是同時,虛擬機的部署和遷移,又不用受物理網絡的限制,整個數據中心可以保持一個平均的利用率。</span><span style="vertical-align: inherit;">這是另外一個VXLAN能解決,但是VLAN無法迴避的問題。</span></span></div>
<div style="background-color: white; color: #1a1a1a; font-family: -apple-system, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Microsoft YaHei", "Source Han Sans SC", "Noto Sans CJK SC", "WenQuanYi Micro Hei", sans-serif; margin-bottom: 1.4em; margin-top: 1.4em;">
<span style="font-weight: 600;"><i>更好的利用多條網絡鏈路</i></span></div>
<div style="background-color: white; color: #1a1a1a; font-family: -apple-system, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Microsoft YaHei", "Source Han Sans SC", "Noto Sans CJK SC", "WenQuanYi Micro Hei", sans-serif; margin-bottom: 1.4em; margin-top: 1.4em;">
<span style="vertical-align: inherit;">--</span></div>
<div style="background-color: white; color: #1a1a1a; font-family: -apple-system, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Microsoft YaHei", "Source Han Sans SC", "Noto Sans CJK SC", "WenQuanYi Micro Hei", sans-serif; margin-bottom: 1.4em; margin-top: 1.4em;">
<span style="vertical-align: inherit;"><span style="vertical-align: inherit;">VLAN協議使用STP(Spanning Tree Protocol)來管理多條線路,STP根據優先級和cost,只會選出一條線路來工作,這樣可以避免數據傳遞的環路。</span><span style="vertical-align: inherit;">這種主備(active-passive)的模式,比只連接一條線路肯定是有優勢,但是對於用戶來說,相當於花了N倍的錢,卻只用到了1倍的服務。</span><span style="vertical-align: inherit;">當網絡流量較大的時,也不能通過增加線路來提升性能。</span><span style="vertical-align: inherit;">而VXLAN因為是通過UDP封裝,在三層網絡上傳輸。</span><span style="vertical-align: inherit;">雖然傳遞的還是二層的Ethernet Frame,但是VXLAN可以利用一些基於三層的協議來實現多條線路共同工作(active-active),以實現負載均衡,例如ECMP,LACP。</span><span style="vertical-align: inherit;">現在對於用戶來說,花了N倍的錢,也用到了N倍的服務。</span><span style="vertical-align: inherit;">當網絡流量較大時,現在可以通過增加線路來減輕現有線路的負擔。</span><span style="vertical-align: inherit;">這在提升數據中心網絡性能,尤其是東西向流量的性能時,尤其重要。</span><span style="vertical-align: inherit;">這是VXLAN相比VLAN,能帶來的另一個好處。</span></span></div>
<h2 style="background-color: white; clear: left; color: #1a1a1a; font-family: -apple-system, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Microsoft YaHei", "Source Han Sans SC", "Noto Sans CJK SC", "WenQuanYi Micro Hei", sans-serif; font-size: 1.2em; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: 1.5; margin: 2.33333em 0px 1.16667em;">
<span style="vertical-align: inherit;">最後</span></h2>
<div style="background-color: white; color: #1a1a1a; font-family: -apple-system, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Microsoft YaHei", "Source Han Sans SC", "Noto Sans CJK SC", "WenQuanYi Micro Hei", sans-serif; margin-bottom: 1.4em; margin-top: 1.4em;">
<span style="vertical-align: inherit;">所以,儘管VXLAN要復雜一些,提出的晚一些,普及率也要低一些,但是隨著數據中心規模的發展和虛擬化的普及,VXLAN逐漸成為構建數據中心網絡的趨勢。</span></div>
<div style="background-color: white; color: #1a1a1a; font-family: -apple-system, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Microsoft YaHei", "Source Han Sans SC", "Noto Sans CJK SC", "WenQuanYi Micro Hei", sans-serif; margin-bottom: 1.4em; margin-top: 1.4em;">
<span style="vertical-align: inherit;"><span style="vertical-align: inherit;">不過理智點看,VXLAN有這麼多優點,在可以預見的未來,還是不能完全替代VLAN。</span><span style="vertical-align: inherit;">首先VXLAN是一種overlay網絡,不能獨立存在,必須依賴underlay網絡,而在構建underlay網絡時,還是需要藉助VLAN。</span><span style="vertical-align: inherit;">其次,這裡介紹的VXLAN的優勢,都是在大規模環境下,如果你的數據中心的規模,不論虛機還是物理的,就百十台的樣子,那直接用VLAN也可以了,沒必要上VXLAN。</span></span></div>
<div style="background-color: white; color: #1a1a1a; font-family: -apple-system, BlinkMacSystemFont, "Helvetica Neue", "PingFang SC", "Microsoft YaHei", "Source Han Sans SC", "Noto Sans CJK SC", "WenQuanYi Micro Hei", sans-serif; margin-top: 1.4em;">
<span style="vertical-align: inherit;"><span style="vertical-align: inherit;">VXLAN最多是在構建數據中心時的一個選項,而不是唯一的選項。</span><span style="vertical-align: inherit;">套用馬斯洛的“工具法則”:當你只有一個錘子時,任何東西看起來都像是個釘子。</span><span style="vertical-align: inherit;">在設計數據中心網絡時,也應該避免用一種方法解決所有問題,VXLAN,VLAN,BGP,EVPN,OpenStack應該綜合考慮。</span></span></div>
髒圳嘎http://www.blogger.com/profile/17184209061223272557noreply@blogger.com0tag:blogger.com,1999:blog-2937680267848947674.post-32566935841715634512018-12-27T10:24:00.002+08:002018-12-27T10:24:35.879+08:00什麼是MPLS<table border="0" cellpadding="5" cellspacing="0" class="s1" style="background-color: white; font-size: 12px; letter-spacing: 1pt; line-height: 18px; width: 100%px; word-spacing: 1pt;"><tbody>
<tr><td valign="top"><span style="font-size: xx-small;"><b>From:http://eservice.seed.net.tw/class/class0801c.html</b></span><br />
<blockquote>
多重通訊協定標籤交換傳輸(Multi-Protocol Label Switching)是由IETF 所發展出來的Network Standard。它是實現寬頻網際網路最熱門的技術;其目的是要提供一個更具彈性、擴充性及效率更高的IP層交換技術。<br />
MPLS 是一種整合了標籤交換架構與網路層的路由機制的技術,最基本的概念是將進入MPLS Network 的封包(Packet)配置一個固定長度的標籤(Label),在MPLS Network中Packet會根據標籤(Label) 做Forwarding , 由Label來決定Packet在網路上的路徑,不會再看 Layer 3的 IP Header(標頭)。</blockquote>
</td></tr>
<tr><td valign="top"><b><span style="font-size: small;">傳統IP Network 的運作方式</span></b><br />
<blockquote>
Packet在一般的IP Network傳遞時,路由器的運作是以所謂的"Store and Forward"的程序來做Packet路由的選擇及轉送,所以當路由器收到一個Packet時,會先儲存Packet 、分析路由、轉送Packet 到下一個適當的路由器,而當此路由器又收到下一個Packet 要傳送到相同的目的地時,它必須重覆執行相同的程序(儲存、分析、轉送),這樣是很沒有效率的而且會耗用路由器大量的CPU處理能力及記憶體空間,此外傳統的路由器是以軟體的處理方式轉送IP 封包,而MPLS的技術則是引用與ATM交換技術類似的標籤交換(Label Switching)技術,簡化了路由器的轉送功能直接利用Switching Fabric以線上速度(Line Speed)來轉送封包(Packet)到達目的地。</blockquote>
</td></tr>
<tr><td valign="top"><b><span style="font-size: small;">MPLS Label 的Format及插入Packet的位置</span></b><br />
<blockquote>
Label是一個4Bytes、固定長度、locally-significant identifier類似在ATM網路中VPI(Virtual Path Identifier)/VCI(Virtual Circuit Identifier)或是Frame-Relay網路中的DLCI(Data Link Circuit Identifier),Label是被插入於Packet的第二層資料鏈結層(data link layer)與第三層網路層(network layer)Header之間。</blockquote>
</td></tr>
<tr><td height="209" valign="top"><div align="center">
<img border="1" height="234" src="https://eservice.seed.net.tw/image/class/0801-1c1.gif" width="433" /></div>
</td></tr>
<tr><td height="83" valign="top"><b><span style="font-size: small;">MPLS Network 的組成</span></b><br />
<blockquote>
MPLS 網路是由多個具有標籤交換能力的路由器LSR(Label Switch Router)互相連結所組成,根據在MPLS網路內扮演角色的不同LSR可以分為三種類型:<br />
(1) Ingress LSR:負責將進入MPLS網路的IP Packet貼上標籤(Push Label)<br />
(2) Core LSR:LSR則位於MPLS網路的核心,負責做標籤轉換(Label Swap)<br />
(3) Egress LSR:當封包要離開MPLS網路到一般IP網路時,負責去除標籤( Pop Label)。</blockquote>
<br /></td></tr>
<tr><td height="190" valign="top"><div align="center">
<img border="1" height="275" src="https://eservice.seed.net.tw/image/class/0801-1c2.gif" width="584" /></div>
</td></tr>
<tr><td height="299" valign="top"><b><span style="font-size: small;">Label Assignment and Distribution的過程</span></b><br />
<ol>
<li>LSR Routing Table的建立:在MPLS網路中所有的LSR利用routing protocol來交換路由資訊,建立自己的IP Routing Table,並根據Routing Table 建立自己的FIB(Forwarding Information Base),此時的FIB中並沒有Label的資訊。</li>
<li>LSR Allocating Label過程: 當LSR路由器開始啟動MPLS功能時,會根據由IGP(如RIP、OSPF)學來的路由表(Routing Table)內容,對於使用相同處理方式、相同path、到達相同目的地IP subnet的Routing entry 做彙整(aggregation)及分類後Assign Label。</li>
<li>LSR 初步建立自己的LIB及LFIB:將前面步驟Allocating 的local Label資訊儲存於LIB(Label Information Base)和LFIB(Label Forwarding Information Base)中,此時的LFIB中只有local Label 的資訊並沒有outgoing Label 的資訊。</li>
<li>LSR Label Distribution過程:LSR將他Local assign的Label資訊傳送(Distribution)給相鄰的LSR,不論這相鄰的LSR是local LSR的downstream或upstream 都會傳送,而Label Distribution 靠的是相鄰的LSR間要執行LDP(Label Distribution Protocol)的協定,來互相交換彼此的Label資訊。另外談到LDP 的特性,MPLS Device 會send/receive LDP,LDP 透過Discovery 去和Neighbor溝通對方是否有啟動MPLS及交換Label information,而LDP是用UDP protocol去discovery neighbor,並利用 TCP 去去交換彼此Label information。</li>
<li>LSR收到相鄰LSR送來的Lable資訊做資訊的彙整過程:最後每個LSR 根據接收到相鄰LSR送來的Label 資訊後,新增這些Label資訊於自己的LIB中,並根據routing table得到的最佳路徑,獲知到某網段的Next-hop LSR 所送來的Label資訊,插入到LFIB的outgoing Label資料結構中。</li>
</ol>
</td></tr>
<tr><td height="88" valign="top"><div align="center">
<img border="1" height="210" src="https://eservice.seed.net.tw/image/class/0801-1c3.gif" width="584" /></div>
</td></tr>
<tr><td height="89" valign="top"><div align="center">
<img border="1" height="210" src="https://eservice.seed.net.tw/image/class/0801-1c4.gif" width="584" /></div>
</td></tr>
<tr><td height="177" valign="top"><div align="center">
<img border="1" height="210" src="https://eservice.seed.net.tw/image/class/0801-1c5.gif" width="584" /></div>
</td></tr>
<tr><td height="88" valign="top"><div align="center">
<img border="1" height="210" src="https://eservice.seed.net.tw/image/class/0801-1c6.gif" width="584" /></div>
</td></tr>
<tr><td height="89" valign="top"><div align="center">
<img border="1" height="210" src="https://eservice.seed.net.tw/image/class/0801-1c7.gif" width="584" /></div>
</td></tr>
<tr><td height="220" valign="top"><b><span style="font-size: small;">Packet在MPLS網路中傳送的過程</span></b><br />
<ol>
<li>Ingress LSR(Router A):IP Packet 進入MPLS網路的第一顆LSR路由器稱為Ingress LSR,當IP Packet 進入Ingress LSR 首先會查看Packet中的Destination IP address,並且在FIB中lookup 是否有符合的IP network ,如果有則進一步查看FIB中相對應的Label欄位其值為何?(例如:IP =X ,Label=25 ),當Packet從Ingress LSR 送出時,會在此Packet中打上Label=25的標示,再傳送出去。</li>
<li>Core LSR (Router B):當帶有Label=25的Packet傳到Router B時,Router B會查看(lookup)他的LFIB的資料,看看是否有Inbound Label=25的entry,如果有則再查看此entry中Outgoing Label的欄位值為何?(例如 Outgoing Label=47),所以Packet中的Label快速的被置換(Label=25 aLabel=47)並往下一個節點傳送出去。</li>
<li>Egress LSR(Router C):當帶有Label=47的Packet傳到Router C時,Router C會查看(lookup)他的LFIB的資料,看看是否有Inbound Label=47的entry,如果有則再查看此entry中Outgoing Label的欄位值為何?(例如 Outgoing Label=Pop),所以Packet中的Label被移除,此時已離開MPLS網路再進入到IP的網路中,因此重新查看Packet中的Destination IP address為何?並查看其FIB以決定Packet要傳送的下一個節點 。</li>
</ol>
</td></tr>
<tr><td valign="top"><div align="center">
<img border="1" height="261" src="https://eservice.seed.net.tw/image/class/0801-1c8.gif" width="584" /></div>
</td></tr>
<tr><td height="60" valign="top"><b><span style="font-size: small;">在MPLS網路中Egress LSR double lookup的問題</span></b><br />
<blockquote>
由於Egress LSR不但要查看LFIB中的資料以便移除Packet 中的Label,而且還要查看FIB中的資料以決定將Packet往IP網路的下一個節點傳送,這樣的作法會使Egress LSR 的負擔太重,而且對傳送有Label的封包也不是最有效的方式。</blockquote>
</td></tr>
<tr><td height="258" valign="top"><div align="center">
<img border="1" height="261" src="https://eservice.seed.net.tw/image/class/0801-1c9.gif" width="584" /></div>
</td></tr>
<tr><td height="25" valign="top"><b><span style="font-size: small;">Penultimate Hop Popping</span></b><br />
<blockquote>
所以解決的方式就是在原來Egress LSR前一個節點就把Label移除,最後一顆Router 只要做IP lookup 就好了,此種運作方式稱為Penultimate Hop Popping。</blockquote>
</td></tr>
<tr><td height="186" valign="top"><div align="center">
<img border="1" height="216" src="https://eservice.seed.net.tw/image/class/0801-1c10.gif" width="584" /></div>
</td></tr>
<tr><td valign="top"><b><span style="font-size: small;">結語</span></b><br />
<blockquote>
本篇文章從一開始介紹傳統路由器在IP 路由傳送封包的運作缺點及描述發展MPLS技術的優勢,並且說明整個MPLS 技術的運作原理,從MPLS Label的format介紹及Label在封包標頭位置的解說,到整個MPLS網路中各個不同角色LSR的運作方式,在其中更詳細的探討Label 如何被Assignment及 相鄰LSR之間如何交換彼此的Label Information的過程,另外更舉例說明封包在MPLS網路中從Push(加上)Label,一直到離開MPLS網路前Pop(去除)Label的詳細過程,最後則探討為何封包在離開MPLS網路的前一個節點(Hop)就要先Pop(去除)Label的原因。</blockquote>
</td></tr>
</tbody></table>
髒圳嘎http://www.blogger.com/profile/17184209061223272557noreply@blogger.com0tag:blogger.com,1999:blog-2937680267848947674.post-56075596417247818822018-09-20T12:17:00.000+08:002018-09-20T12:17:33.427+08:00用ipset配置linux防火牆<span style="background-color: white; color: #666666; font-family: 宋体, Arial; vertical-align: inherit; word-wrap: break-word;"><span style="vertical-align: inherit; word-wrap: break-word;"><span style="font-size: xx-small;">From:http://blog.chinaunix.net/uid-21706718-id-3561951.html</span><br />iptables是在linux內核裡配置防火牆規則的用戶空間工具,它實際上是netfilter框架的一部分.可能因為iptables是netfilter框架裡最常見的部分,所以這個框架通常被稱為iptables,iptables是linux從2.4版本引入的防火牆解決方案. </span></span><br style="background-color: white; color: #666666; font-family: 宋体, Arial; font-size: 16px; word-wrap: break-word;" /><br style="background-color: white; color: #666666; font-family: 宋体, Arial; font-size: 16px; word-wrap: break-word;" /><span style="background-color: white; color: #666666; font-family: 宋体, Arial; font-size: 16px; vertical-align: inherit; word-wrap: break-word;"><span style="vertical-align: inherit; word-wrap: break-word;">ipset是iptables的擴展,它允許你創建匹配整個地址sets(地址集合)的規則。</span><span style="vertical-align: inherit; word-wrap: break-word;">而不像普通的iptables鍊是線性的存儲和過濾,ip集合存儲在帶索引的數據結構中,這種結構即時集合比較大也可以進行高效的查找. </span></span><br style="background-color: white; color: #666666; font-family: 宋体, Arial; font-size: 16px; word-wrap: break-word;" /><br style="background-color: white; color: #666666; font-family: 宋体, Arial; font-size: 16px; word-wrap: break-word;" /><span style="background-color: white; color: #666666; font-family: 宋体, Arial; font-size: 16px; vertical-align: inherit; word-wrap: break-word;"><span style="vertical-align: inherit; word-wrap: break-word;">除了一些常用的情況,比如阻止一些危險主機訪問本機,從而減少系統資源佔用或網絡擁塞,IPsets也具備一些新防火牆設計方法,並簡化了配置. </span></span><br style="background-color: white; color: #666666; font-family: 宋体, Arial; font-size: 16px; word-wrap: break-word;" /><br style="background-color: white; color: #666666; font-family: 宋体, Arial; font-size: 16px; word-wrap: break-word;" /><span style="background-color: white; color: #666666; font-family: 宋体, Arial; font-size: 16px; vertical-align: inherit; word-wrap: break-word;"><span style="vertical-align: inherit; word-wrap: break-word;">在本文中,在快速的討論ipsets的安裝要求後,我會花一點時間來介紹iptables的核心機制和基本概念.然後我會介紹ipset的使用方法和語法,並且演示ipset如何與iptables結合來完成各種不同的配置。</span><span style="vertical-align: inherit; word-wrap: break-word;">最後,我會提供一些細節和較高級的例子來演示如何解決現實中的問題。</span></span><br style="background-color: white; color: #666666; font-family: 宋体, Arial; font-size: 16px; word-wrap: break-word;" /><br style="background-color: white; color: #666666; font-family: 宋体, Arial; font-size: 16px; word-wrap: break-word;" /><span style="background-color: white; color: #666666; font-family: 宋体, Arial; font-size: 16px; vertical-align: inherit; word-wrap: break-word;"><span style="vertical-align: inherit; word-wrap: break-word;">ipset比傳統的iptables擁有顯著的性能提升和擴展特性,比如將單個防火牆規則通過一次配置應用到整個主機所在的組和網絡。</span></span><br style="background-color: white; color: #666666; font-family: 宋体, Arial; font-size: 16px; word-wrap: break-word;" /><br style="background-color: white; color: #666666; font-family: 宋体, Arial; font-size: 16px; word-wrap: break-word;" /><span style="background-color: white; color: #666666; font-family: 宋体, Arial; font-size: 16px; vertical-align: inherit; word-wrap: break-word;"><span style="vertical-align: inherit; word-wrap: break-word;">由於ipset只是iptables的擴展,所以也會對iptables進行描述。</span></span><br style="background-color: white; color: #666666; font-family: 宋体, Arial; font-size: 16px; word-wrap: break-word;" /><br style="background-color: white; color: #666666; font-family: 宋体, Arial; font-size: 16px; word-wrap: break-word;" /><span style="background-color: white; color: #666666; font-family: 宋体, Arial; font-size: 16px; vertical-align: inherit; word-wrap: break-word;"><span style="vertical-align: inherit; word-wrap: break-word;">在許多的linux發布中ipset是一個簡單的安裝包,大家可以通過自己的linux發行版提供的包管理工具進行安裝。</span></span><br style="background-color: white; color: #666666; font-family: 宋体, Arial; font-size: 16px; word-wrap: break-word;" /><br style="background-color: white; color: #666666; font-family: 宋体, Arial; font-size: 16px; word-wrap: break-word;" /><span style="background-color: white; color: #666666; font-family: 宋体, Arial; font-size: 16px; vertical-align: inherit; word-wrap: break-word;"><span style="vertical-align: inherit; word-wrap: break-word;">需要理解的重點時,同iptables一樣,ipset是由用戶空間的工具和內核空間的模塊兩部分組成,所以你需要將這兩部分都準備好。</span><span style="vertical-align: inherit; word-wrap: break-word;">你也需要"ipset-aware"這個iptables模塊,這個模塊用來增加rules that match against sets。</span><span style="vertical-align: inherit; word-wrap: break-word;">(……)</span></span><br style="background-color: white; color: #666666; font-family: 宋体, Arial; font-size: 16px; word-wrap: break-word;" /><br style="background-color: white; color: #666666; font-family: 宋体, Arial; font-size: 16px; word-wrap: break-word;" /><span style="background-color: white; color: #666666; font-family: 宋体, Arial; font-size: 16px; vertical-align: inherit; word-wrap: break-word;"><span style="vertical-align: inherit; word-wrap: break-word;">首先我們使用自己的linux發行版的包管理工具對ipset進行搜索。</span><span style="vertical-align: inherit; word-wrap: break-word;">在ubuntu上安裝需要安裝ipset和xtables-addons-source包,然後,運行module-assistant auto-install xtables-addons,等待大約30秒後ipset就可以使用了。</span></span><br style="background-color: white; color: #666666; font-family: 宋体, Arial; font-size: 16px; word-wrap: break-word;" /><br style="background-color: white; color: #666666; font-family: 宋体, Arial; font-size: 16px; word-wrap: break-word;" /><span style="background-color: white; color: #666666; font-family: 宋体, Arial; font-size: 16px; vertical-align: inherit; word-wrap: break-word;"><span style="vertical-align: inherit; word-wrap: break-word;">如果你的linux發行版沒有被支持,那就需要根據ipset首頁中的安裝步驟構建源碼並對內核打補丁。</span></span><br style="background-color: white; color: #666666; font-family: 宋体, Arial; font-size: 16px; word-wrap: break-word;" /><br style="background-color: white; color: #666666; font-family: 宋体, Arial; font-size: 16px; word-wrap: break-word;" /><span style="background-color: white; color: #666666; font-family: 宋体, Arial; font-size: 16px; vertical-align: inherit; word-wrap: break-word;"><span style="vertical-align: inherit; word-wrap: break-word;">這篇文章中使用ipset v4.3和iptables v1.4.9。</span></span><br style="background-color: white; color: #666666; font-family: 宋体, Arial; font-size: 16px; word-wrap: break-word;" /><br style="background-color: white; color: #666666; font-family: 宋体, Arial; font-size: 16px; word-wrap: break-word;" /><span style="background-color: white; color: #e53333; font-family: 宋体, Arial; font-size: 16px; word-wrap: break-word;"><span style="vertical-align: inherit; word-wrap: break-word;"><span style="vertical-align: inherit; word-wrap: break-word;">iptables概述</span></span></span><br style="background-color: white; color: #666666; font-family: 宋体, Arial; font-size: 16px; word-wrap: break-word;" /><br style="background-color: white; color: #666666; font-family: 宋体, Arial; font-size: 16px; word-wrap: break-word;" /><span style="background-color: white; color: #666666; font-family: 宋体, Arial; font-size: 16px; vertical-align: inherit; word-wrap: break-word;"><span style="vertical-align: inherit; word-wrap: break-word;">簡單來講,iptables防火牆配置由規則鏈的集合組成,每一個鏈包含一個規則。</span><span style="vertical-align: inherit; word-wrap: break-word;">一個數據包,在各個處理階段,內核商量合適的規則來決定數據報的命運。</span></span><br style="background-color: white; color: #666666; font-family: 宋体, Arial; font-size: 16px; word-wrap: break-word;" /><br style="background-color: white; color: #666666; font-family: 宋体, Arial; font-size: 16px; word-wrap: break-word;" /><span style="background-color: white; color: #666666; font-family: 宋体, Arial; font-size: 16px; vertical-align: inherit; word-wrap: break-word;"><span style="vertical-align: inherit; word-wrap: break-word;">規則鏈按照順序進行匹配,基於數據包的流向(remote-to-local, remote-to-remote or local-to-remote)和當前所處的處理階段(before or after "routing")。</span><span style="vertical-align: inherit; word-wrap: break-word;">參考圖1。</span></span><br style="background-color: white; color: #666666; font-family: 宋体, Arial; font-size: 16px; word-wrap: break-word;" /><img alt="" height="391" src="http://blog.chinaunix.net/attachment/201304/2/21706718_1364894446K2zG.jpg" style="background-color: white; border: 0px; color: #666666; font-family: 宋体, Arial; font-size: 16px; max-width: 100%; word-wrap: break-word;" width="438" /><span style="background-color: white; color: #666666; font-family: 宋体, Arial; font-size: 16px;"></span><br />
<table cellpadding="0" cellspacing="0" style="background-color: white; color: #666666; font-family: 宋体, Arial; font-size: 16px; word-wrap: break-word;"><tbody style="word-wrap: break-word;">
<tr style="word-wrap: break-word;"><td class="t_f" id="postmessage_702" style="margin: 0px; padding: 0px; word-wrap: break-word;"><span style="vertical-align: inherit; word-wrap: break-word;"><span style="vertical-align: inherit; word-wrap: break-word;">當需要匹配規則鏈時,數據包需要與鏈中的每個規則按照順序進行比對,直道找到匹配的規則。</span><span style="vertical-align: inherit; word-wrap: break-word;">一旦找到了匹配的規則,目標規則就會被調用。</span><span style="vertical-align: inherit; word-wrap: break-word;">如果最後一個規則與數據包也不匹配,就會使用默認規則。</span></span><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;"><span style="vertical-align: inherit; word-wrap: break-word;">一個規則鏈就是許多規則按順序排列組成,一個規則就是match/target的組合。</span><span style="vertical-align: inherit; word-wrap: break-word;">一個簡單的match例子是“TCP目標端口為80”。</span><span style="vertical-align: inherit; word-wrap: break-word;">target的例子是“接受這個包”。</span><span style="vertical-align: inherit; word-wrap: break-word;">target同樣可以將數據包重定向到其他的用戶自定義的鏈,用戶自定義鏈提供了一些機制,包括組合和細分規則,將多個鏈級聯來完成一個功能。</span></span><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;"><span style="vertical-align: inherit; word-wrap: break-word;">每一個用來定義規則的iptables命令,不管是用於簡單的規則還是複雜的規則,都有三個基本的部分組成,包括指定table/chain (and order), match和target。</span></span><br style="word-wrap: break-word;" /><img alt="" height="102" src="http://blog.chinaunix.net/attachment/201304/2/21706718_1364894464l7gE.png" style="border: 0px; max-width: 100%; word-wrap: break-word;" width="550" /><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;"><span style="vertical-align: inherit; word-wrap: break-word;">Figure 2.解析iptables命令</span></span><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;"><span style="vertical-align: inherit; word-wrap: break-word;">配置所有的這些選項,創建一個完整得防火牆,你需要按照特定的順序運行一系列的iptables命令。</span></span><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;"><span style="vertical-align: inherit; word-wrap: break-word;">iptables非常強大並且可擴展。</span><span style="vertical-align: inherit; word-wrap: break-word;">除了許多內部特性,iptables提供了擴展match和target的API。</span></span><br style="word-wrap: break-word;" /><span style="color: #e53333; word-wrap: break-word;">ipset</span><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;"><span style="vertical-align: inherit; word-wrap: break-word;">ipset是iptables的match擴展。</span><span style="vertical-align: inherit; word-wrap: break-word;">如果要使用它,需要使用ipset命令行工具創建一個集合併指定一個唯一的集和名,然後在iptables規則的match部分分別索引這些集合。</span></span><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;"><span style="vertical-align: inherit; word-wrap: break-word;">一個集合是一個方便有效快速查詢的地址列表。</span></span><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;"><span style="vertical-align: inherit; word-wrap: break-word;">下面有兩個常見的iptables命令,這兩個命令阻止從1.1.1.1和2.2.2.2進入主機的數據包:</span></span><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;"><span style="vertical-align: inherit; word-wrap: break-word;">iptables -A INPUT -s 1.1.1.1 -j DROP</span></span><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;"><span style="vertical-align: inherit; word-wrap: break-word;">iptables -A INPUT -s 2.2.2.2 -j DROP </span></span><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;"><span style="vertical-align: inherit; word-wrap: break-word;">match部分語法-s 1.1.1.1表示“匹配源地址是1.1.1.1的數據包”。</span></span><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;"><span style="vertical-align: inherit; word-wrap: break-word;">下面的ipset/iptables命令同樣可以達到上面的目的:</span></span><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;"><span style="vertical-align: inherit; word-wrap: break-word;">ipset -N myset iphash </span></span><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;"><span style="vertical-align: inherit; word-wrap: break-word;">ipset -A myset 1.1.1.1 </span></span><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;"><span style="vertical-align: inherit; word-wrap: break-word;">ipset -A myset 2.2.2.2 </span></span><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;"><span style="vertical-align: inherit; word-wrap: break-word;">iptables -A INPUT -m set --set myset src -j DROP </span></span><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;"><span style="vertical-align: inherit; word-wrap: break-word;">上面的ipset命令創建了一個包含兩個地址(1.1.1.1 and 2.2.2.2)的集合(myset of type iphash)。</span></span><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;"><span style="vertical-align: inherit; word-wrap: break-word;">然後iptables命令通過-m set --set myset src這個match選項使用這個集合,這個匹配規則的意思是“匹配源地址包含在集合myset中的數據包” </span></span><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;"><span style="vertical-align: inherit; word-wrap: break-word;">src表示源地址,dst表示目標地址。</span><span style="vertical-align: inherit; word-wrap: break-word;">如果同時使用src和dst表示既要匹配源地址又要匹配目的地址。</span></span><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;"><span style="vertical-align: inherit; word-wrap: break-word;">在第二個例子裡,只需要一個iptables命令,不管集合裡有多少ip地址需要添加。</span><span style="vertical-align: inherit; word-wrap: break-word;">雖然這個例子裡只使用了兩個地址,但是你可以依據這個例子簡單的定義1000個地址,並且仍然只需要一條iptables語句。</span><span style="vertical-align: inherit; word-wrap: break-word;">而如果使用第一個例子的方法,不使用ipset,就需要1000條iptables規則。</span></span><br style="word-wrap: break-word;" /><span style="color: #e53333; word-wrap: break-word;">Set Types</span><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;"><span style="vertical-align: inherit; word-wrap: break-word;">每一個集合都是特定類型的,它不但定義了什麼類型的值可以儲存在裡面(IP addresses, networks, ports and so on),而且定義瞭如何匹配數據包(換言之,數據包的那一部分需要被檢查和如何檢查)。</span><span style="vertical-align: inherit; word-wrap: break-word;">除了一些最通用的集合類型,比如檢查ip地址,也提供了一些其他的集合類型,比如檢查端口,地址和端口同時檢查,mac地址和ip地址同時檢查等。</span></span><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;"><span style="vertical-align: inherit; word-wrap: break-word;">每一種集合類型都有自己的規則,這些規則表示集合的類型,範圍,它包含的值得分佈。</span><span style="vertical-align: inherit; word-wrap: break-word;">不同的集合類型使用不同的類型索引,並且在不同的情況下被優化。</span><span style="vertical-align: inherit; word-wrap: break-word;">需要根據不同的現實情況選擇集合類型。</span></span><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;"><span style="vertical-align: inherit; word-wrap: break-word;">最靈活的集合類型是iphash,它可以存儲任意的ip地址和nethash(IP/mask)。</span><span style="vertical-align: inherit; word-wrap: break-word;">請參考ipset的man手冊來了解所有的集合類型。</span></span><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;"><span style="vertical-align: inherit; word-wrap: break-word;">setlist是一個特別的集合類型,它允許組織多個集合到一個集合裡面。</span><span style="vertical-align: inherit; word-wrap: break-word;">比如你需要一個單獨的集合既包含ip地址又包含網絡信息。</span></span><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;"><span style="vertical-align: inherit; word-wrap: break-word;">Advantages of ipset </span></span><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;"><span style="vertical-align: inherit; word-wrap: break-word;">除了性能優勢,一些情況下ipset允許更直接的配置方法。</span></span><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;"><span style="vertical-align: inherit; word-wrap: break-word;">如果你想定義一個防火牆環境,該環境不會處理來自1.1.1.1和2.2.2.2的包,並且處理過程包含在mychain中,注意下面的方法是無效的:</span></span><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;"><span style="vertical-align: inherit; word-wrap: break-word;">iptables -A INPUT -s ! 1.1.1.1 -g mychain </span></span><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;"><span style="vertical-align: inherit; word-wrap: break-word;">iptables -A INPUT -s ! 2.2.2.2 -g mychain </span></span><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;"><span style="vertical-align: inherit; word-wrap: break-word;">如果數據包來自1.1.1.1,它匹配第一條規則失敗,但是匹配第二條規則時會成功。</span><span style="vertical-align: inherit; word-wrap: break-word;">如果數據包來自2.2.2.2,匹配第一個規則就會成功。</span></span><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;"><span style="vertical-align: inherit; word-wrap: break-word;">雖然有有一些其它的方法可以不適用ipset就能達到指定的要求,但是ipset是最直接了當的。</span></span><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;"><span style="vertical-align: inherit; word-wrap: break-word;">ipset -N myset iphash </span></span><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;"><span style="vertical-align: inherit; word-wrap: break-word;">ipset -A myset 1.1.1.1 </span></span><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;"><span style="vertical-align: inherit; word-wrap: break-word;">ipset -A myset 2.2.2.2 </span></span><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;"><span style="vertical-align: inherit; word-wrap: break-word;">iptables -A INPUT -m set ! --set myset src -g mychain </span></span><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;"><span style="vertical-align: inherit; word-wrap: break-word;">用上面的方法,如果數據包來自1.1.1.1,它不會匹配規則(because the source address 1.1.1.1 does match the set myset)。</span><span style="vertical-align: inherit; word-wrap: break-word;">如果數據包來自2.2.2.2,它也不會匹配規則。</span></span><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;"><span style="vertical-align: inherit; word-wrap: break-word;">這只是一個簡單的例子,它說明在一個規則裡匹配完整條件的基本優點。</span><span style="vertical-align: inherit; word-wrap: break-word;">其他方面,每個iptables規則與其它規則是獨立的,並且將規則邏輯的連接起來是比較難的,特別當它包含混合了正常和反向測試時。</span><span style="vertical-align: inherit; word-wrap: break-word;">ipset只是在這些情況下使配置變簡單。</span></span><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;"><span style="vertical-align: inherit; word-wrap: break-word;">ipset的另一個優勢是集合可以動態的修改,即使iptables的規則正在使用這個集合。</span><span style="vertical-align: inherit; word-wrap: break-word;">添加/修改/刪除接口使用很簡單並且是順序無關的。</span><span style="vertical-align: inherit; word-wrap: break-word;">另一方面,在iptables裡每一條規則都比較複雜,並且規則的順序也是很重要的元素,所以修改內部規則很困難並且會存在潛在問題。</span></span></td></tr>
</tbody></table>
<div class="pattl" style="background-color: white; color: #666666; font-family: 宋体, Arial; font-size: 16px; word-wrap: break-word;">
<br style="word-wrap: break-word;" /><div class="mbn" style="margin-bottom: 5px; margin-top: 5px; padding: 0px; word-wrap: break-word;">
<span style="color: #e53333; word-wrap: break-word;">Excluding WAN, VPN and Other Routed Networks from the NAT—the Right Way</span><br style="word-wrap: break-word;" /><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;">Outbound NAT (SNAT或IP偽裝)允許私有局域網內的主機訪問internet.iptables NAT規則匹配私網內訪問internat的包,並用網關地址替換包的源地址(使數據包看起來像是從網關發送的,從而隱藏網關後面的主機)。</span><br style="word-wrap: break-word;" /><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;">NAT自動跟踪活動的連接,所以它能將返回的包發送給正確的內網主機(通過將數據包的目的地址修改為內部主機地址)。</span><br style="word-wrap: break-word;" /><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;">下面是一個簡單的outbound NAT規則,10.0.0.0/24是內部局域網:</span><br style="word-wrap: break-word;" /><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;">iptables -t nat -A POSTROUTING \ </span><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;"> -s 10.0.0.0/24 -j MASQUERADE </span><br style="word-wrap: break-word;" /><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;"><span style="vertical-align: inherit; word-wrap: break-word;">該規則匹配所有來自內網的包,並對他們進行偽裝。</span><span style="vertical-align: inherit; word-wrap: break-word;">如果只有一個路由連接到internat這種方法是非常有效率的,通過該路有的所有流量都是公網的流量。</span><span style="vertical-align: inherit; word-wrap: break-word;">然而,如果有連接到其它私有網絡的路由存在,比如VPN或無力WAN連接,你可能就不會使用地址偽裝。</span></span><br style="word-wrap: break-word;" /><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;">克服這個限制的一個簡單方法是基於物理接口建立NAT規則,而不是使用基於網絡地址的方式。</span><br style="word-wrap: break-word;" /><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;">iptables -t nat -A POSTROUTING \ </span><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;"> -o eth0 -j MASQUERADE </span><br style="word-wrap: break-word;" /><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;"><span style="vertical-align: inherit; word-wrap: break-word;">該規則假設eth0是外部接口,該規則會匹配所有離開這個接口的包。</span><span style="vertical-align: inherit; word-wrap: break-word;">與前面的規則不同的是,其他內網的數據包通過其它接口訪問公網時不會匹配這條規則(比如OpenVPN的連接)。</span></span><br style="word-wrap: break-word;" /><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;"><span style="vertical-align: inherit; word-wrap: break-word;">雖然許多連接是通過不同的接口路由,但並不能假設所有的鏈接都是這樣。</span><span style="vertical-align: inherit; word-wrap: break-word;">一個例子是基於KAME的IPsec VPN連接(比如Openswan)就不是使用虛擬接口。</span></span><br style="word-wrap: break-word;" /><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;">不適用上面的接口匹配技術的另一種情況是如果向外的接口(連接到Internet的接口)連接路由到其他私有網絡的中間網絡,而不是連接到Internet。</span><br style="word-wrap: break-word;" /><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;">通過匹配物理接口來設計的防火牆規則可以使用在一些人為限制方面,並且依賴網絡拓撲。</span><br style="word-wrap: break-word;" /><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;"><span style="vertical-align: inherit; word-wrap: break-word;">後來發現,ipset還有另一個應用。</span><span style="vertical-align: inherit; word-wrap: break-word;">假設有一個本地LAN (10.0.0.0/24)需要連接到internet,除此之外還有三個本地網絡(10.30.30.0/24, 10.40.40.0/24, 192.168.4.0/23和172.22.0.0/22 ),執行下面的命令:</span></span><br style="word-wrap: break-word;" /><br style="word-wrap: break-word;" /><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;">ipset -N routed_nets nethash </span><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;">ipset -A routed_nets 10.30.30.0/24 </span><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;">ipset -A routed_nets 10.40.40.0/24 </span><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;">ipset -A routed_nets 192.168.4.0/23 </span><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;">ipset -A routed_nets 172.22.0.0/22 </span><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;">iptables - t nat -A POSTROUTING \ </span><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;"> -s 10.0.0.0/24 \ </span><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;"> -m set ! --set routed_nets dst \ </span><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;"> -j MASQUERADE</span><br style="word-wrap: break-word;" /><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;"><span style="vertical-align: inherit; word-wrap: break-word;">如我們所見,ipset簡單的實現了精確匹配。</span><span style="vertical-align: inherit; word-wrap: break-word;">該規則偽裝所有來自(10.0.0.0/24)的數據包,而不處理其他在routed_nets集合中的網絡的包。</span><span style="vertical-align: inherit; word-wrap: break-word;">由於該配置完全基於網絡地址,所以你完全不用擔心其他特殊的網絡連接(比如VPN),也不用擔心物理接口和網絡拓撲。</span></span><br style="word-wrap: break-word;" /><br style="word-wrap: break-word;" /><span style="color: #e53333; word-wrap: break-word;">Limiting Certain PCs to Have Access Only to Certain Public Hosts</span><br style="word-wrap: break-word;" /><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;">假設老闆較關心員工上班時間上網問題,請你限制員工的PC只能訪問指定的幾個網站,但是不想所有的內部PC都受到限制。</span><br style="word-wrap: break-word;" /><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;"><span style="vertical-align: inherit; word-wrap: break-word;">限制3台PC (10.0.0.5, 10.0.0.6 and 10.0.0.7)只能訪問worksite1.com,worksite2.com和worksite3.com。</span><span style="vertical-align: inherit; word-wrap: break-word;">執行下面的命令:</span></span><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;">ipset -N limited_hosts iphash </span><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;">ipset -A limited_hosts 10.0.0.5 </span><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;">ipset -A limited_hosts 10.0.0.6 </span><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;">ipset -A limited_hosts 10.0.0.7 </span><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;">ipset -N allowed_sites iphash </span><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;">ipset -A allowed_sites worksite1.com </span><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;">ipset -A allowed_sites worksite2.com </span><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;">ipset -A allowed_sites worksite3.com </span><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;">iptables -I FORWARD \</span><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;"> -m set --set limited_hosts src \ </span><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;"> -m set ! --set allowed_sites dst \ </span><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;"> -j DROP </span><br style="word-wrap: break-word;" /><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;"><span style="vertical-align: inherit; word-wrap: break-word;">該例子在一條規則裡使用了兩個集合。</span><span style="vertical-align: inherit; word-wrap: break-word;">如果源地址匹配limited_hosts目的地址不匹配allowed_sites,數據包就被丟棄。</span></span><br style="word-wrap: break-word;" /><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;">注意該規則被添加到了FORWARD鏈,它不會影響防火牆主機自己的通信。</span><br style="word-wrap: break-word;" /><br style="word-wrap: break-word;" /><span style="color: #e53333; word-wrap: break-word;"> Blocking Access to Hosts for All but Certain PCs (Inverse Scenario)</span><br style="word-wrap: break-word;" /><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;"><span style="vertical-align: inherit; word-wrap: break-word;">假設老闆想阻止員工訪問幾個特定的網站,但是不阻止他自己的PC和他助理的PC。</span><span style="vertical-align: inherit; word-wrap: break-word;">在這個例子裡,我們可以匹配老闆和助理的PC的MAC地址,而不是匹配IP地址。</span><span style="vertical-align: inherit; word-wrap: break-word;">假設他們的MAC是11:11:11:11:11:11和22:22:22:22:22:22,需要組織員工訪問的站點是badsite1.com, badsite2.com和badsite3.com. </span></span><br style="word-wrap: break-word;" /><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;">這次我們不使用第二個集合匹配MAC地址,而是使用多個iptables命令,利用MARK target標記數據包,而利用後面的規則處理被標記的數據包。</span><br style="word-wrap: break-word;" /><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;">ipset -N blocked_sites iphash </span><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;">ipset -A blocked_sites badsite1.com </span><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;">ipset -A blocked_sites badsite2.com </span><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;">ipset -A blocked_sites badsite3.com</span><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;">iptables -I FORWARD -m mark --mark 0x187 -j DROP </span><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;">iptables -I FORWARD \ </span><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;"> -m mark --mark 0x187 \ </span><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;"> -m mac --mac-source 11:11:11:11:11:11 \ </span><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;"> -j MARK --set-mark 0x0 </span><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;">iptables -I FORWARD \ </span><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;"> -m mark --mark 0x187 \ </span><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;"> -m mac --mac-source 22:22:22:22:22:22 \ </span><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;"> -j MARK --set-mark 0x0 </span><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;">iptables - I FORWARD \ </span><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;"> -m set --set blocked_sites dst \ </span><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;"> -j MARK --set-mark 0x187 </span><br style="word-wrap: break-word;" /><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;"><span style="vertical-align: inherit; word-wrap: break-word;">上面的例子,由於沒有使用ipset完成所有的匹配工作,所以使用的命令比較多,而且比較複雜。</span><span style="vertical-align: inherit; word-wrap: break-word;">由於用到了多個iptables命令,所以各個命令的順序是非常重要的。</span></span><br style="word-wrap: break-word;" /><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;"><span style="vertical-align: inherit; word-wrap: break-word;">注意這些規則是使用—I (insert)選項而不是使用-A (append)選項。</span><span style="vertical-align: inherit; word-wrap: break-word;">當一個規則被插入,他會被添加的鏈的頂端,而以前的規則自動下移。</span><span style="vertical-align: inherit; word-wrap: break-word;">因為每一格規則都是被插入德,所以實際的有效順序是相反的。</span></span><br style="word-wrap: break-word;" /><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;"><span style="vertical-align: inherit; word-wrap: break-word;">最後一個iptables命令實際在FORWARD鏈的頂端。</span><span style="vertical-align: inherit; word-wrap: break-word;">該規則匹配所有目的地址與blocked_sites集合相匹配的數據包,然後將這些數據標記為0x187.下面的兩個規則匹配來自特定MAC地址並且已經標記為0x187的數據包,然後將他們標記為0。</span></span><br style="word-wrap: break-word;" /><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;"><span style="vertical-align: inherit; word-wrap: break-word;">最後,最後的iptables規則丟棄所有的被標記為0x187的數據包。</span><span style="vertical-align: inherit; word-wrap: break-word;">除了來源是兩個特定MAC地址的數據包,他將會匹配所有的目標地址在blocked_sites集合裡的數據包。</span></span><br style="word-wrap: break-word;" /><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;"><span style="vertical-align: inherit; word-wrap: break-word;">這是解決問題的一種方法。</span><span style="vertical-align: inherit; word-wrap: break-word;">還有一些其他方法,除了使用第二個ipset集合的方法,還可以使用用戶自定義鍊等。</span></span><br style="word-wrap: break-word;" /><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;">使用第二個ipset集合代替標記的方法是不可能完成上面的要求的,因為ipset沒有machash集合類型,只有集合類型,但是他要求同時匹配IP和MAC,而不是只匹配MAC地址。</span><br style="word-wrap: break-word;" /><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;"><span style="vertical-align: inherit; word-wrap: break-word;">警告:在大多數實際環境裡,這個方法可能不可行,應為大部分你需要屏蔽的網站他們的主機都有多個ip地址(比如Facebook, MySpace等等),而且這些ip會頻繁的更換。</span><span style="vertical-align: inherit; word-wrap: break-word;">iptables/ipset的一個限制是主機名只有被解析為單個ip地址時才能使用。</span></span><br style="word-wrap: break-word;" /><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;"><span style="vertical-align: inherit; word-wrap: break-word;">而且,主機名lookup只有在命令執行時發生,所以如果ip地址改變了,防火牆是不會意識到的,而是仍然使用以前的ip地址。</span><span style="vertical-align: inherit; word-wrap: break-word;">基於這個原因,一個完成Web訪問限制的更好的方法是使用HTTP代理,比如Squid。</span></span><br style="word-wrap: break-word;" /><br style="word-wrap: break-word;" /><span style="color: #e53333; word-wrap: break-word;">Automatically Ban Hosts That Attempt to Access Invalid Services</span><br style="word-wrap: break-word;" /><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;"><span style="vertical-align: inherit; word-wrap: break-word;">ipset為iptables提供了目標擴展功能,它提供了一種向集合動態添加和刪除目標的機制。</span><span style="vertical-align: inherit; word-wrap: break-word;">不必手動使用ipset命令添加目標,而是在運行時通過iptables自動添加。</span></span><br style="word-wrap: break-word;" /><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;">比如,如果遠程主機嘗試連接端口25,但是你並沒有運行SMTP服務,我們懷疑對方不懷好意,所以我們在對方還沒有乾什麼壞事前就組織他的其他嘗試,使用下面的規則:</span><br style="word-wrap: break-word;" /><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;">ipset -N banned_hosts iphash </span><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;">iptables -A INPUT \ </span><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;"> -p tcp --dport 25 \ </span><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;"> -j SET --add-set banned_hosts src </span><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;">iptables -A INPUT \ </span><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;"> -m set --set banned_hosts src \ </span><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;"> -j DROP </span><br style="word-wrap: break-word;" /><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;">如果從端口25接收到數據包,假設來源地址是1.1.1.1,那麼該地址馬上就被添加到banned_hosts集合,和下面的例子等效:</span><br style="word-wrap: break-word;" /><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;">ipset -A banned_hosts 1.1.1.1 </span><br style="word-wrap: break-word;" /><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;">所有的1.1.1.1的連接都會被阻塞。</span><br style="word-wrap: break-word;" /><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;">他同樣會阻止其他主機對本設備進行端口掃描,除非他不掃描25號端口。</span><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;">Clearing the Running Config </span><br style="word-wrap: break-word;" /><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;">如果你想清除ipset和iptables的配置,將防火牆reset,運行下面的命令:</span><br style="word-wrap: break-word;" /><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;">iptables -P INPUT ACCEPT </span><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;">iptables -P OUTPUT ACCEPT </span><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;">iptables -P FORWARD ACCEPT </span><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;">iptables -t filter -F</span><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;">iptables -t raw -F </span><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;">iptables -t nat -F </span><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;">iptables -t mangle -F </span><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;">ipset -F </span><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;">ipset -X </span><br style="word-wrap: break-word;" /><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;">如果集合正在被使用,意味著其它的iptables規則正在引用該集合,就不能對集合進行銷毀(ipset - X),所以為了在任何狀態下都完成reset,iptables鏈必須首先清除。</span><br style="word-wrap: break-word;" /><br style="word-wrap: break-word;" /><span style="color: #e53333; word-wrap: break-word;">Conclusion</span><br style="word-wrap: break-word;" /><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;">ipset為netfilter/iptables在增加了很多有用的特性和功能,正如本篇文章描述的,ipset不僅提供了新的防火牆配製的可能性,而且他減少了之前只使用iptables來配置防火牆的困難。</span><br style="word-wrap: break-word;" /><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;"><span style="vertical-align: inherit; word-wrap: break-word;">任何時候,如果你想將防火牆規則應用到一個組,你應該使用ipset。</span><span style="vertical-align: inherit; word-wrap: break-word;">正如前面的例子,你可以通過將ipset與iptables的其它特性相結合,來完成各種各樣的網絡配置和策略。</span></span><br style="word-wrap: break-word;" /><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;"><span style="vertical-align: inherit; word-wrap: break-word;">下一次你再進行防火牆配置時,考慮使用ipset。</span><span style="vertical-align: inherit; word-wrap: break-word;">我相信你會被他的可用性和靈活性震驚。</span></span><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;">Resources </span><br style="word-wrap: break-word;" /><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;">Netfilter/iptables Project Home Page: http://www.netfilter.org </span><br style="word-wrap: break-word;" /><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;">ipset Home Page: http://ipset.netfilter.org </span><br style="word-wrap: break-word;" /><br style="word-wrap: break-word;" /><span style="vertical-align: inherit; word-wrap: break-word;">原文地址:http://www.linuxjournal.com/content/advanced-firewall-configurations -ipset?page=0,0 </span><br style="word-wrap: break-word;" /></div>
</div>
髒圳嘎http://www.blogger.com/profile/17184209061223272557noreply@blogger.com0tag:blogger.com,1999:blog-2937680267848947674.post-85147132915836005702018-09-18T18:21:00.000+08:002018-09-18T18:21:13.190+08:00openwrt中使用ubus實現進程通信的原理<div style="background-color: white; box-sizing: border-box; color: #4f4f4f; font-family: -apple-system, "SF UI Text", Arial, "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei", "WenQuanYi Micro Hei", sans-serif, SimHei, SimSun; line-height: 26px; margin-bottom: 16px; outline: 0px; padding: 0px; text-align: justify; word-break: break-all;">
<span style="box-sizing: border-box; font-size: xx-small; outline: 0px; vertical-align: inherit; word-break: break-all;">From:http://blog.csdn.net/jasonchen_gbd/article/details/45627967</span></div>
<div style="background-color: white; box-sizing: border-box; color: #4f4f4f; font-family: -apple-system, "SF UI Text", Arial, "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei", "WenQuanYi Micro Hei", sans-serif, SimHei, SimSun; font-size: 16px; line-height: 26px; margin-bottom: 16px; outline: 0px; padding: 0px; text-align: justify; word-break: break-all;">
<span style="box-sizing: border-box; color: #555555; font-family: "microsoft yahei"; font-size: 15px; outline: 0px; vertical-align: inherit; word-break: break-all;">ubus為openwrt平台開發中的進程間通信提供了一個通用的框架。</span><span style="box-sizing: border-box; color: #555555; font-family: "microsoft yahei"; font-size: 15px; outline: 0px; vertical-align: inherit; word-break: break-all;">它讓進程間通信的實現變得非常簡單,並且ubus具有很強的可移植性,可以很方便的移植到其他linux平台上使用。</span><span style="box-sizing: border-box; color: #555555; font-family: "microsoft yahei"; font-size: 15px; outline: 0px; vertical-align: inherit; word-break: break-all;">本文描述了ubus的實現原理和整體框架。</span></div>
<div style="background-color: white; box-sizing: border-box; color: #555555; font-family: "microsoft yahei"; font-size: 15px; line-height: 35px; margin-bottom: 16px; outline: 0px; padding: 0px; text-align: justify; word-break: break-all;">
<span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;">ubus源碼可通過</span><a class="replace_word" href="http://lib.csdn.net/base/28" rel="nofollow" style="box-sizing: border-box; color: #df3434; cursor: pointer; font-weight: bold; outline: 0px; text-decoration-line: none; word-break: break-all;" target="_blank" title="Git知識庫">Git</a><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;">庫git://nbd.name/luci2/ubus.git獲得,其依賴的ubox庫的git庫:git://nbd.name/luci2/ubox.git。</span></div>
<h1 style="background-color: white; box-sizing: border-box; color: #555555; font-family: "microsoft yahei"; font-size: 28px; line-height: 35px; margin: 8px 0px 16px; outline: 0px; padding: 0px; word-break: break-all;">
<a href="https://www.blogger.com/null" name="t0" style="box-sizing: border-box; color: #4ea1db; cursor: pointer; outline: 0px; word-break: break-all;"></a><a href="https://www.blogger.com/null" name="t0" style="box-sizing: border-box; color: #0c89cf; cursor: pointer; outline: 0px; word-break: break-all;" target="_blank"></a><a href="https://www.blogger.com/null" style="box-sizing: border-box; color: #0c89cf; cursor: pointer; outline: 0px; word-break: break-all;" target="_blank"></a><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;">1. ubus的實現框架</span></h1>
<div style="background-color: white; box-sizing: border-box; color: #555555; font-family: "microsoft yahei"; font-size: 15px; line-height: 35px; margin-bottom: 16px; outline: 0px; padding: 0px; text-align: justify; word-break: break-all;">
<span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;"><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;">ubus實現的基礎是unix socket,即本地socket,它相對於用於網絡通信的inet socket更高效,更具可靠性。</span><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;">unix socket客戶端和服務器的實現方式和網絡socket類似,讀者如果還不太熟悉可查閱相關資料。</span></span><br style="box-sizing: border-box; outline: 0px; word-break: break-all;" /><br style="box-sizing: border-box; outline: 0px; word-break: break-all;" /><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;">我們知道實現一個簡單的unix socket服務器和客戶端需要做如下工作:</span></div>
<ol style="background-color: white; box-sizing: border-box; color: #555555; font-family: "microsoft yahei"; font-size: 15px; line-height: 35px; list-style: none; margin: 0px 0px 24px; outline: 0px; padding: 0px; word-break: break-all;">
<li style="box-sizing: border-box; list-style-type: decimal; margin: 8px 0px 0px 40px; outline: 0px; padding: 0px; word-break: break-all;"><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;">建立一個socket server端,綁定到一個本地socket文件,並監聽clients的連接。</span></li>
<li style="box-sizing: border-box; list-style-type: decimal; margin: 8px 0px 0px 40px; outline: 0px; padding: 0px; word-break: break-all;"><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;">建立一個或多個socket client端,連接server。</span></li>
<li style="box-sizing: border-box; list-style-type: decimal; margin: 8px 0px 0px 40px; outline: 0px; padding: 0px; word-break: break-all;"><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;">client和server相互發送消息。</span></li>
<li style="box-sizing: border-box; list-style-type: decimal; margin: 8px 0px 0px 40px; outline: 0px; padding: 0px; word-break: break-all;"><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;">client或server收到對方消息後,針對具體消息進行相應處理。</span></li>
</ol>
<div style="background-color: white; box-sizing: border-box; color: #555555; font-family: "microsoft yahei"; font-size: 15px; line-height: 35px; margin-bottom: 16px; outline: 0px; padding: 0px; text-align: justify; word-break: break-all;">
</div>
<div style="background-color: white; box-sizing: border-box; color: #555555; font-family: "microsoft yahei"; font-size: 15px; line-height: 35px; margin-bottom: 16px; outline: 0px; padding: 0px; text-align: justify; word-break: break-all;">
<img alt="" src="https://img-blog.csdn.net/20150510130552984?watermark/2/text/aHR0cDovL2Jsb2cuY3Nkbi5uZXQvamFzb25jaGVuX2diZA==/font/5a6L5L2T/fontsize/400/fill/I0JBQkFCMA==/dissolve/70/gravity/Center" style="border: none; box-sizing: border-box; cursor: zoom-in; margin: 0px; max-width: 100%; outline: 0px; word-break: break-all;" /></div>
<div style="background-color: white; box-sizing: border-box; color: #555555; font-family: "microsoft yahei"; font-size: 15px; line-height: 35px; margin-bottom: 16px; outline: 0px; padding: 0px; text-align: justify; word-break: break-all;">
<span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;">ubus同樣實現了上述組件,並對socket連接以及消息傳輸和處理進行了封裝:</span></div>
<ul style="background-color: white; box-sizing: border-box; color: #555555; font-family: "microsoft yahei"; font-size: 15px; line-height: 35px; list-style: none; margin: 0px 0px 24px; outline: 0px; padding: 0px; word-break: break-all;">
<li style="box-sizing: border-box; list-style-type: disc; margin: 8px 0px 0px 32px; outline: 0px; padding: 0px; word-break: break-all;"><span style="box-sizing: border-box; font-weight: 700; outline: 0px; word-break: break-all;">1. </span><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;"> ubus提供了一個socket server:</span><span style="box-sizing: border-box; font-weight: 700; outline: 0px; word-break: break-all;">ubusd</span><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;"><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;">。</span><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;">因此開發者不需要自己實現server端。</span></span></li>
<li style="box-sizing: border-box; list-style-type: disc; margin: 8px 0px 0px 32px; outline: 0px; padding: 0px; word-break: break-all;"><span style="box-sizing: border-box; font-weight: 700; outline: 0px; word-break: break-all;">2. </span><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;"> ubus提供了創建socket client端的接口,並且提供了三種現成的客戶端供用戶直接使用:</span></li>
</ul>
<div style="background-color: white; box-sizing: border-box; color: #555555; font-family: "microsoft yahei"; font-size: 15px; line-height: 35px; margin-bottom: 16px; outline: 0px; padding: 0px; text-align: justify; word-break: break-all;">
</div>
<blockquote style="background: rgb(238, 240, 244); border: none; box-sizing: border-box; color: #555555; font-family: "microsoft yahei"; font-size: 15px; line-height: 35px; margin: 0px 0px 24px; outline: 0px; overflow: auto; padding: 16px 16px 0px; word-break: break-all; word-wrap: normal;">
<div style="box-sizing: border-box; color: #4f4f4f; font-size: 16px; line-height: 26px; margin-bottom: 16px; outline: 0px; padding: 0px; text-align: justify; word-break: break-all;">
<span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;">1) 為shell腳本提供的client端。</span></div>
<div style="box-sizing: border-box; color: #4f4f4f; font-size: 16px; line-height: 26px; margin-bottom: 16px; outline: 0px; padding: 0px; text-align: justify; word-break: break-all;">
<span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;">2) 為lua腳本提供的client接口。</span></div>
<div style="box-sizing: border-box; color: #4f4f4f; font-size: 16px; line-height: 26px; margin-bottom: 16px; outline: 0px; padding: 0px; text-align: justify; word-break: break-all;">
<span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;">3) 為C語言提供的client接口。</span></div>
<div style="box-sizing: border-box; color: #4f4f4f; font-size: 16px; line-height: 26px; margin-bottom: 16px; outline: 0px; padding: 0px; text-align: justify; word-break: break-all;">
<span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;">可見ubus對shell和lua增加了支持,後面會介紹這些客戶端的用法。</span></div>
</blockquote>
<div style="background-color: white; box-sizing: border-box; color: #555555; font-family: "microsoft yahei"; font-size: 15px; line-height: 35px; margin-bottom: 16px; outline: 0px; padding: 0px; text-align: justify; word-break: break-all;">
</div>
<ul style="background-color: white; box-sizing: border-box; color: #555555; font-family: "microsoft yahei"; font-size: 15px; line-height: 35px; list-style: none; margin: 0px 0px 24px; outline: 0px; padding: 0px; word-break: break-all;">
<li style="box-sizing: border-box; list-style-type: disc; margin: 8px 0px 0px 32px; outline: 0px; padding: 0px; word-break: break-all;"><span style="box-sizing: border-box; font-weight: 700; outline: 0px; word-break: break-all;">3. </span><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;"> ubus對client和server之間通信的消息格式進行了定義:client和server都必須將消息封裝成</span><span style="box-sizing: border-box; font-weight: 700; outline: 0px; word-break: break-all;">json消息格式</span><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;">。</span></li>
<li style="box-sizing: border-box; list-style-type: disc; margin: 8px 0px 0px 32px; outline: 0px; padding: 0px; word-break: break-all;"><span style="box-sizing: border-box; font-weight: 700; outline: 0px; word-break: break-all;">4. </span><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;"> ubus對client端的消息處理抽像出</span><span style="box-sizing: border-box; font-weight: 700; outline: 0px; word-break: break-all;">“對象(object)”和“方法(method)”</span><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;"><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;">的概念。</span><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;">一個對像中包含多個方法,client需要向server註冊收到特定json消息時的處理方法。</span><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;">對象和方法都有自己的名字,發送請求方只需在消息中指定要調用的對象和方法的名字即可。</span></span></li>
</ul>
<div style="background-color: white; box-sizing: border-box; color: #555555; font-family: "microsoft yahei"; font-size: 15px; line-height: 35px; margin-bottom: 16px; outline: 0px; padding: 0px; text-align: justify; word-break: break-all;">
</div>
<div style="background-color: white; box-sizing: border-box; color: #555555; font-family: "microsoft yahei"; font-size: 15px; line-height: 35px; margin-bottom: 16px; outline: 0px; padding: 0px; text-align: justify; word-break: break-all;">
<span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;">使用ubus時需要引用一些動態庫,主要包括:</span></div>
<ul style="background-color: white; box-sizing: border-box; color: #555555; font-family: "microsoft yahei"; font-size: 15px; line-height: 35px; list-style: none; margin: 0px 0px 24px; outline: 0px; padding: 0px; word-break: break-all;">
<li style="box-sizing: border-box; list-style-type: disc; margin: 8px 0px 0px 32px; outline: 0px; padding: 0px; word-break: break-all;"><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;"> libubus.so:ubus向外部提供的編程接口,例如創建socket,進行監聽和連接,發送消息等接口函數。</span></li>
<li style="box-sizing: border-box; list-style-type: disc; margin: 8px 0px 0px 32px; outline: 0px; padding: 0px; word-break: break-all;"><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;"> libubox.so:ubus向外部提供的編程接口,例如等待和讀取消息。</span></li>
<li style="box-sizing: border-box; list-style-type: disc; margin: 8px 0px 0px 32px; outline: 0px; padding: 0px; word-break: break-all;"><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;"> libblobmsg.so,libjson.so:提供了封裝和解析json數據的接口,編程時不需要直接使用libjson.so,而是使用libblobmsg.so提供的更靈活的接口函數。</span></li>
</ul>
<span style="background-color: white; box-sizing: border-box; color: #555555; font-family: "microsoft yahei"; font-size: 15px; line-height: 35px; outline: 0px; word-break: break-all;"><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;"><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;">ubus中各組件的關係如下圖所示:</span></span></span><br />
<div style="background-color: white; box-sizing: border-box; color: #555555; font-family: "microsoft yahei"; font-size: 15px; line-height: 35px; margin-bottom: 16px; outline: 0px; padding: 0px; text-align: justify; word-break: break-all;">
</div>
<div style="background-color: white; box-sizing: border-box; color: #555555; font-family: "microsoft yahei"; font-size: 15px; line-height: 35px; margin-bottom: 16px; outline: 0px; padding: 0px; text-align: justify; word-break: break-all;">
<img alt="" src="https://img-blog.csdn.net/20150510130924211?watermark/2/text/aHR0cDovL2Jsb2cuY3Nkbi5uZXQvamFzb25jaGVuX2diZA==/font/5a6L5L2T/fontsize/400/fill/I0JBQkFCMA==/dissolve/70/gravity/Center" style="border: none; box-sizing: border-box; cursor: zoom-in; margin: 0px; max-width: 100%; outline: 0px; word-break: break-all;" /></div>
<div style="background-color: white; box-sizing: border-box; color: #555555; font-family: "microsoft yahei"; font-size: 15px; line-height: 35px; margin-bottom: 16px; outline: 0px; padding: 0px; text-align: justify; word-break: break-all;">
<br style="box-sizing: border-box; outline: 0px; word-break: break-all;" /></div>
<div style="background-color: white; box-sizing: border-box; color: #555555; font-family: "microsoft yahei"; font-size: 15px; line-height: 35px; margin-bottom: 16px; outline: 0px; padding: 0px; text-align: justify; word-break: break-all;">
<span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;"><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;">使用ubus進行進程間通信不需要編寫大量代碼,只需按照固定模式調用ubus提供的API即可。</span><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;">在ubus源碼中examples目錄下有一些例子可以參考。</span></span></div>
<h1 style="background-color: white; box-sizing: border-box; color: #555555; font-family: "microsoft yahei"; font-size: 28px; line-height: 35px; margin: 8px 0px 16px; outline: 0px; padding: 0px; word-break: break-all;">
<a href="https://www.blogger.com/null" name="t1" style="box-sizing: border-box; color: #4ea1db; cursor: pointer; outline: 0px; word-break: break-all;"></a><a href="https://www.blogger.com/null" name="t1" style="box-sizing: border-box; color: #0c89cf; cursor: pointer; outline: 0px; word-break: break-all;" target="_blank"></a><a href="https://www.blogger.com/null" style="box-sizing: border-box; color: #0c89cf; cursor: pointer; outline: 0px; word-break: break-all;" target="_blank"></a><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;">2. ubus的實現原理</span></h1>
<span style="background-color: white; box-sizing: border-box; color: #555555; font-family: "microsoft yahei"; font-size: 15px; line-height: 35px; outline: 0px; word-break: break-all;"><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;"><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;">下面以一個例子說明ubus的工作原理:</span></span></span><br style="background-color: white; box-sizing: border-box; color: #555555; font-family: "microsoft yahei"; font-size: 15px; line-height: 35px; outline: 0px; word-break: break-all;" /><span style="background-color: white; box-sizing: border-box; color: #555555; font-family: "microsoft yahei"; font-size: 15px; line-height: 35px; outline: 0px; word-break: break-all;"><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;"><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;">下圖中,client2試圖通過ubus修改ip地址,而修改ip地址的函數在client1中定義。</span></span></span><br />
<div style="background-color: white; box-sizing: border-box; color: #555555; font-family: "microsoft yahei"; font-size: 15px; line-height: 35px; margin-bottom: 16px; outline: 0px; padding: 0px; text-align: justify; word-break: break-all;">
</div>
<div style="background-color: white; box-sizing: border-box; color: #555555; font-family: "microsoft yahei"; font-size: 15px; line-height: 35px; margin-bottom: 16px; outline: 0px; padding: 0px; text-align: justify; word-break: break-all;">
<img alt="" src="https://img-blog.csdn.net/20150510131104036?watermark/2/text/aHR0cDovL2Jsb2cuY3Nkbi5uZXQvamFzb25jaGVuX2diZA==/font/5a6L5L2T/fontsize/400/fill/I0JBQkFCMA==/dissolve/70/gravity/Center" style="border: none; box-sizing: border-box; cursor: zoom-in; margin: 0px; max-width: 100%; outline: 0px; word-break: break-all;" /></div>
<div style="background-color: white; box-sizing: border-box; color: #555555; font-family: "microsoft yahei"; font-size: 15px; line-height: 35px; margin-bottom: 16px; outline: 0px; padding: 0px; text-align: justify; word-break: break-all;">
<span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;">client2進行請求的整個過程為:</span></div>
<blockquote style="background: rgb(238, 240, 244); border: none; box-sizing: border-box; color: #555555; font-family: "microsoft yahei"; font-size: 15px; line-height: 35px; margin: 0px 0px 24px; outline: 0px; overflow: auto; padding: 16px 16px 0px; word-break: break-all; word-wrap: normal;">
<div style="box-sizing: border-box; color: #4f4f4f; font-size: 16px; line-height: 26px; margin-bottom: 16px; outline: 0px; padding: 0px; text-align: justify; word-break: break-all;">
<span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;"><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;">1. client1向ubusd註冊了兩個對象:“interface”和“dotalk”,其中“interface”對像中註冊了兩個method:“getlanip”和“setlanip”,對應的處理函數分別為func1()和func2 ()。</span><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;">“dotalk”對像中註冊了兩個method:“sayhi”和“saybye”,對應的處理函數分別為func3()和func4()。</span></span></div>
<div style="box-sizing: border-box; color: #4f4f4f; font-size: 16px; line-height: 26px; margin-bottom: 16px; outline: 0px; padding: 0px; text-align: justify; word-break: break-all;">
<span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;">2. 接著創建一個client2用來與client1通信,注意,兩個client之間不能直接通信,需要經ubusd(server)中轉。</span></div>
<div style="box-sizing: border-box; color: #4f4f4f; font-size: 16px; line-height: 26px; margin-bottom: 16px; outline: 0px; padding: 0px; text-align: justify; word-break: break-all;">
<span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;"><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;">3. client2就是在前面講到的shell/lua/C客戶端。</span><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;">假設這裡使用shell客戶端,在終端輸入以下命令:</span></span></div>
</blockquote>
<blockquote style="background: rgb(238, 240, 244); border: none; box-sizing: border-box; color: #555555; font-family: "microsoft yahei"; font-size: 15px; line-height: 35px; margin: 0px 0px 24px; outline: 0px; overflow: auto; padding: 16px 16px 0px; word-break: break-all; word-wrap: normal;">
<blockquote style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: none; box-sizing: border-box; margin: 0px 0px 24px; outline: 0px; overflow: auto; padding: 16px 16px 0px; word-break: break-all; word-wrap: normal;">
<div style="box-sizing: border-box; color: #4f4f4f; font-size: 16px; line-height: 26px; margin-bottom: 16px; outline: 0px; padding: 0px; text-align: justify; word-break: break-all;">
<span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;">ubus call interface setlanip '{“ip”:“10.0.0.1”, “mask”:24}'</span></div>
</blockquote>
<span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;">ubus的call命令帶三個參數:請求的對象名,需要調用的方法名,要傳給方法的參數。</span></blockquote>
<blockquote style="background: rgb(238, 240, 244); border: none; box-sizing: border-box; color: #555555; font-family: "microsoft yahei"; font-size: 15px; line-height: 35px; margin: 0px 0px 24px; outline: 0px; overflow: auto; padding: 16px 16px 0px; word-break: break-all; word-wrap: normal;">
<div style="box-sizing: border-box; color: #4f4f4f; font-size: 16px; line-height: 26px; margin-bottom: 16px; outline: 0px; padding: 0px; text-align: justify; word-break: break-all;">
<span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;">4. 消息發到server後,server根據對象名找到應該將請求轉發給client1,然後將消息發送到client1,client1進而調用func2()接受參數並處理,如果處理完成後需要回复client2,則發送回复消息。</span></div>
</blockquote>
<div style="background-color: white; box-sizing: border-box; color: #555555; font-family: "microsoft yahei"; font-size: 15px; line-height: 35px; margin-bottom: 16px; outline: 0px; padding: 0px; text-align: justify; word-break: break-all;">
<br style="box-sizing: border-box; outline: 0px; word-break: break-all;" /><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;">接下來介紹一下上述過程中,ubus內部的處理機制,雖然使用ubus進行進程間通信不需要關注這些實現細節,但有助於加深對ubus實現原理的理解。</span><br style="box-sizing: border-box; outline: 0px; word-break: break-all;" /><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;"><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;">下圖中,client1註冊對象和方法,其實可認為是服務提供端,只不過對於ubusd來講是一個socket client。</span><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;">client2去調用client1註冊的方法。</span></span></div>
<div style="background-color: white; box-sizing: border-box; color: #555555; font-family: "microsoft yahei"; font-size: 15px; line-height: 35px; margin-bottom: 16px; outline: 0px; padding: 0px; text-align: justify; word-break: break-all;">
<img alt="" src="https://img-blog.csdn.net/20150510183306711?watermark/2/text/aHR0cDovL2Jsb2cuY3Nkbi5uZXQvamFzb25jaGVuX2diZA==/font/5a6L5L2T/fontsize/400/fill/I0JBQkFCMA==/dissolve/70/gravity/Center" style="border: none; box-sizing: border-box; cursor: zoom-in; margin: 0px; max-width: 100%; outline: 0px; word-break: break-all;" /></div>
<h1 style="background-color: white; box-sizing: border-box; color: #555555; font-family: "microsoft yahei"; font-size: 15px; line-height: 35px; margin: 8px 0px 16px; outline: 0px; padding: 0px; word-break: break-all;">
<a href="https://www.blogger.com/null" name="t2" style="box-sizing: border-box; color: #0c89cf; cursor: pointer; outline: 0px; word-break: break-all;" target="_blank"></a></h1>
<h1 style="background-color: white; box-sizing: border-box; color: #555555; font-family: "microsoft yahei"; font-size: 28px; line-height: 35px; margin: 8px 0px 16px; outline: 0px; padding: 0px; word-break: break-all;">
<a href="https://www.blogger.com/null" name="t3" style="box-sizing: border-box; color: #4ea1db; cursor: pointer; outline: 0px; word-break: break-all;"></a><a href="https://www.blogger.com/null" name="t3" style="box-sizing: border-box; color: #0c89cf; cursor: pointer; outline: 0px; word-break: break-all;" target="_blank"></a><a href="https://www.blogger.com/null" style="box-sizing: border-box; color: #0c89cf; cursor: pointer; outline: 0px; word-break: break-all;" target="_blank"></a><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;">3. ubus的應用場景和局限性</span></h1>
<div style="background-color: white; box-sizing: border-box; color: #555555; font-family: "microsoft yahei"; font-size: 15px; line-height: 35px; margin-bottom: 16px; outline: 0px; padding: 0px; text-align: justify; word-break: break-all;">
<span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;"><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;">ubus可用於兩個進程之間的通信,並以類似json格式進行數據交互。</span><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;">ubus的常見場景為:</span></span></div>
<div style="background-color: white; box-sizing: border-box; color: #555555; font-family: "microsoft yahei"; font-size: 15px; line-height: 35px; margin-bottom: 16px; outline: 0px; padding: 0px; text-align: justify; word-break: break-all;">
</div>
<ul style="background-color: white; box-sizing: border-box; color: #555555; font-family: "microsoft yahei"; font-size: 15px; line-height: 35px; list-style: none; margin: 0px 0px 24px; outline: 0px; padding: 0px; word-break: break-all;">
<li style="box-sizing: border-box; list-style-type: disc; margin: 8px 0px 0px 32px; outline: 0px; padding: 0px; word-break: break-all;"><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;">“客戶端--服務器”形式的交互,即進程A註冊一系列的服務,進程B去調用這些服務。</span></li>
<li style="box-sizing: border-box; list-style-type: disc; margin: 8px 0px 0px 32px; outline: 0px; padding: 0px; word-break: break-all;"><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;">ubus支持以“訂閱-- 通知”的方式進行進程通信,即進程A提供訂閱服務,其他進程可以選擇訂閱或退訂該服務,進程A可以向所有訂閱者發送消息。</span></li>
</ul>
<div style="background-color: white; box-sizing: border-box; color: #555555; font-family: "microsoft yahei"; font-size: 15px; line-height: 35px; margin-bottom: 16px; outline: 0px; padding: 0px; text-align: justify; word-break: break-all;">
</div>
<div style="background-color: white; box-sizing: border-box; color: #555555; font-family: "microsoft yahei"; font-size: 15px; line-height: 35px; margin-bottom: 16px; outline: 0px; padding: 0px; text-align: justify; word-break: break-all;">
<span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;">由於ubus實現方式的限制,在一些場景中不適宜使用ubus:</span></div>
<div style="background-color: white; box-sizing: border-box; color: #555555; font-family: "microsoft yahei"; font-size: 15px; line-height: 35px; margin-bottom: 16px; outline: 0px; padding: 0px; text-align: justify; word-break: break-all;">
</div>
<ol style="background-color: white; box-sizing: border-box; color: #555555; font-family: "microsoft yahei"; font-size: 15px; line-height: 35px; list-style: none; margin: 0px 0px 24px; outline: 0px; padding: 0px; word-break: break-all;">
<li style="box-sizing: border-box; list-style-type: decimal; margin: 8px 0px 0px 40px; outline: 0px; padding: 0px; word-break: break-all;"><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;"><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;">ubus用於少量數據的傳輸,如果數據量很大或是數據交互很頻繁,則不宜用ubus。</span><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;">經過測試,當ubus一次傳輸數據量超過60KB,就不能正常工作了。</span></span></li>
<li style="box-sizing: border-box; list-style-type: decimal; margin: 8px 0px 0px 40px; outline: 0px; padding: 0px; word-break: break-all;"><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;">ubus對多線程支持的不好,例如在多個線程中去請求同一個服務,就有可能出現不可預知的結果。</span></li>
<li style="box-sizing: border-box; list-style-type: decimal; margin: 8px 0px 0px 40px; outline: 0px; padding: 0px; word-break: break-all;"><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;"><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;">不建議遞歸調用ubus,例如進程A去調用進程B的服務,而B的該服務需要調用進程C的服務,之後C將結果返回給B,然後B將結果返回給A。</span><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;">如果不得不這樣做,需要在調用過程中避免全局變量的重用問題。</span></span></li>
</ol>
<div style="background-color: white; box-sizing: border-box; color: #555555; font-family: "microsoft yahei"; font-size: 15px; line-height: 35px; margin-bottom: 16px; outline: 0px; padding: 0px; text-align: justify; word-break: break-all;">
</div>
<h1 style="background-color: white; box-sizing: border-box; color: #555555; font-family: "microsoft yahei"; font-size: 28px; line-height: 35px; margin: 8px 0px 16px; outline: 0px; padding: 0px; word-break: break-all;">
<a href="https://www.blogger.com/null" name="t4" style="box-sizing: border-box; color: #4ea1db; cursor: pointer; outline: 0px; word-break: break-all;"></a><a href="https://www.blogger.com/null" name="t4" style="box-sizing: border-box; color: #0c89cf; cursor: pointer; outline: 0px; word-break: break-all;" target="_blank"></a><a href="https://www.blogger.com/null" style="box-sizing: border-box; color: #0c89cf; cursor: pointer; outline: 0px; word-break: break-all;" target="_blank"></a><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;">4. ubus源碼簡析</span></h1>
<div style="background-color: white; box-sizing: border-box; color: #555555; font-family: "microsoft yahei"; font-size: 15px; line-height: 35px; margin: 0px; outline: 0px; padding: 0px; word-break: break-all;">
<span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;">下面介紹一下ubusd和ubus client工作時的代碼流程,這里為了便於理解,只介紹大致的流程,欲了解詳細的實現請讀者自行閱讀源碼。</span></div>
<div style="background-color: white; box-sizing: border-box; color: #555555; font-family: "microsoft yahei"; font-size: 15px; line-height: 35px; margin-bottom: 16px; outline: 0px; padding: 0px; text-align: justify; word-break: break-all;">
</div>
<div style="background-color: white; box-sizing: border-box; color: #555555; font-family: "microsoft yahei"; font-size: 15px; line-height: 35px; margin-bottom: 16px; outline: 0px; padding: 0px; text-align: justify; word-break: break-all;">
</div>
<h2 style="background-color: white; box-sizing: border-box; color: #555555; font-family: "microsoft yahei"; font-size: 24px; line-height: 35px; margin: 8px 0px 16px; outline: 0px; padding: 0px; word-break: break-all;">
<a href="https://www.blogger.com/null" name="t5" style="box-sizing: border-box; color: #4ea1db; cursor: pointer; outline: 0px; word-break: break-all;"></a><a href="https://www.blogger.com/null" name="t5" style="box-sizing: border-box; color: #0c89cf; cursor: pointer; outline: 0px; word-break: break-all;" target="_blank"></a><span style="box-sizing: border-box; font-size: 15px; outline: 0px; word-break: break-all;">4.1 ubusd工作流程</span></h2>
<div style="background-color: white; box-sizing: border-box; color: #555555; font-family: "microsoft yahei"; font-size: 15px; line-height: 35px; margin: 0px; outline: 0px; padding: 0px; word-break: break-all;">
<span style="box-sizing: border-box; font-weight: 700; outline: 0px; word-break: break-all;">ubusd 的初始化所做的工作如下:</span></div>
<span style="background-color: white; box-sizing: border-box; color: #555555; font-family: "microsoft yahei"; font-size: 15px; line-height: 35px; outline: 0px; word-break: break-all;"><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;"><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;">1. epoll_create(32)創建出一個poll_fd。</span></span></span><br style="background-color: white; box-sizing: border-box; color: #555555; font-family: "microsoft yahei"; font-size: 15px; line-height: 35px; outline: 0px; word-break: break-all;" /><span style="background-color: white; box-sizing: border-box; color: #555555; font-family: "microsoft yahei"; font-size: 15px; line-height: 35px; outline: 0px; word-break: break-all;"><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;"><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;">2.創建一個UDP unix socket,並添加到poll_fd的監聽隊列。</span></span></span><br style="background-color: white; box-sizing: border-box; color: #555555; font-family: "microsoft yahei"; font-size: 15px; line-height: 35px; outline: 0px; word-break: break-all;" /><span style="background-color: white; box-sizing: border-box; color: #555555; font-family: "microsoft yahei"; font-size: 15px; line-height: 35px; outline: 0px; word-break: break-all;"><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;"><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;">3.進行epoll_wait()等待消息。</span><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;">收到消息後的處理函數定義如下:</span></span></span><br />
<div class="dp-highlighter bg_cpp" style="background-color: #e7e5dc; border-color: rgb(204, 204, 204); box-sizing: border-box; color: #555555; font-family: Consolas, "Courier New", Courier, mono, serif; font-size: 12px; line-height: 35px; margin: 0px 0px 24px; outline: 0px; overflow: hidden; padding: 1px 0px 0px; position: relative; width: 952.375px; word-break: break-all;">
<div class="bar" style="box-sizing: border-box; margin: 0px; outline: 0px; padding: 0px 0px 0px 45px; word-break: break-all;">
<div class="tools" style="background-color: #f8f8f8; border-left: 3px solid rgb(108, 226, 108); border-right: 1px solid rgb(231, 229, 220); box-sizing: border-box; color: silver; font-family: Verdana, Geneva, Arial, Helvetica, sans-serif; font-size: 9px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px; outline: 0px; padding: 3px 8px 10px 10px; word-break: break-all;">
<span style="box-sizing: border-box; font-weight: 700; outline: 0px; word-break: break-all;">[cpp] </span> <a class="ViewSource" href="http://blog.csdn.net/jasonchen_gbd/article/details/45627967#" rel="nofollow" style="background-attachment: initial; background-clip: initial; background-color: inherit; background-image: url("https://csdnimg.cn/release/phoenix/images/ico_plain.gif"); background-origin: initial; background-position: left top; background-repeat: no-repeat; background-size: initial; border: none; box-sizing: border-box; color: #0c89cf; cursor: pointer; display: inline-block; height: 16px; margin: 0px 10px 0px 0px; outline: 0px; padding: 1px; text-decoration-line: none; text-indent: -2000px; width: 16px; word-break: break-all;" target="_blank" title="view plain"><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;">view plain</span></a><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;"><span style="box-sizing: border-box; outline: 0px; word-break: break-all;"><a class="CopyToClipboard" href="http://blog.csdn.net/jasonchen_gbd/article/details/45627967#" rel="nofollow" style="background-attachment: initial; background-clip: initial; background-color: inherit; background-image: url("https://csdnimg.cn/release/phoenix/images/ico_copy.gif"); background-origin: initial; background-position: left top; background-repeat: no-repeat; background-size: initial; border: none; box-sizing: border-box; color: #0c89cf; cursor: pointer; display: inline-block; height: 16px; margin: 0px 10px 0px 0px; outline: 0px; padding: 1px; text-decoration-line: none; text-indent: -2000px; width: 16px; word-break: break-all;" target="_blank" title="copy"><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;">copy</span></a></span></span><span style="box-sizing: border-box; outline: 0px; word-break: break-all;"> <a class="CopyToClipboard" href="http://blog.csdn.net/jasonchen_gbd/article/details/45627967#" rel="nofollow" style="background-attachment: initial; background-clip: initial; background-color: inherit; background-image: url("https://csdnimg.cn/release/phoenix/images/ico_copy.gif"); background-origin: initial; background-position: left top; background-repeat: no-repeat; background-size: initial; border: none; box-sizing: border-box; color: #0c89cf; cursor: pointer; display: inline-block; height: 16px; margin: 0px 10px 0px 0px; outline: 0px; padding: 1px; text-decoration-line: none; text-indent: -2000px; width: 16px; word-break: break-all;" target="_blank" title="copy"><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;"></span></a><div style="box-sizing: border-box; height: 16px; left: 503px; margin: 0px; outline: 0px; padding: 0px; position: absolute; top: 4874px; width: 16px; word-break: break-all; z-index: 99;">
</div>
<div style="box-sizing: border-box; height: 16px; left: 503px; margin: 0px; outline: 0px; padding: 0px; position: absolute; top: 4874px; width: 16px; word-break: break-all; z-index: 99;">
</div>
</span><div style="box-sizing: border-box; margin: 0px; outline: 0px; padding: 0px; width: 19px; word-break: break-all; z-index: 99;">
</div>
<span style="box-sizing: border-box; outline: 0px; word-break: break-all;"></span></div>
</div>
<ol class="dp-cpp" start="1" style="background-color: white; border: none; box-sizing: border-box; color: #5c5c5c; list-style-image: initial; list-style-position: initial; margin: 0px 0px 24px; outline: 0px; padding: 0px; word-break: break-all;">
<li class="alt" style="border-bottom: none; border-image: initial; border-left: 3px solid rgb(108, 226, 108); border-right: none; border-top: none; box-sizing: border-box; color: inherit; line-height: 18px; list-style: outside; margin-bottom: 0px !important; margin-left: 40px; margin-right: 0px !important; margin-top: 8px; outline: 0px; padding: 0px 3px 0px 10px !important; word-break: break-all;"><span style="background-color: inherit; border: none; box-sizing: border-box; color: black; margin: 0px; outline: 0px; padding: 0px; word-break: break-all;"><span class="keyword" style="background-color: inherit; border: none; box-sizing: border-box; color: #006699; font-weight: bold; margin: 0px; outline: 0px; padding: 0px; word-break: break-all;"><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;"><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;">static </span></span></span><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;"><span class="keyword" style="background-color: inherit; border: none; box-sizing: border-box; color: #006699; font-weight: bold; margin: 0px; outline: 0px; padding: 0px; word-break: break-all;"><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;">struct </span></span><span style="background-color: inherit; border: none; box-sizing: border-box; margin: 0px; outline: 0px; padding: 0px; word-break: break-all;"><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;"> uloop_fd server_fd = { </span></span></span><span style="background-color: inherit; border: none; box-sizing: border-box; margin: 0px; outline: 0px; padding: 0px; word-break: break-all;"> </span><span class="keyword" style="background-color: inherit; border: none; box-sizing: border-box; color: #006699; font-weight: bold; margin: 0px; outline: 0px; padding: 0px; word-break: break-all;"><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;"></span></span><span style="background-color: inherit; border: none; box-sizing: border-box; margin: 0px; outline: 0px; padding: 0px; word-break: break-all;"><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;"></span></span></span></li>
<li style="background-color: #f8f8f8; border-bottom: none; border-image: initial; border-left: 3px solid rgb(108, 226, 108); border-right: none; border-top: none; box-sizing: border-box; line-height: 18px; list-style: outside; margin-bottom: 0px !important; margin-left: 40px; margin-right: 0px !important; margin-top: 8px; outline: 0px; padding: 0px 3px 0px 10px !important; word-break: break-all;"><span style="background-color: inherit; border: none; box-sizing: border-box; color: black; margin: 0px; outline: 0px; padding: 0px; word-break: break-all;"><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;"><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;">.cb = server_cb, </span></span></span></li>
<li class="alt" style="border-bottom: none; border-image: initial; border-left: 3px solid rgb(108, 226, 108); border-right: none; border-top: none; box-sizing: border-box; color: inherit; line-height: 18px; list-style: outside; margin-bottom: 0px !important; margin-left: 40px; margin-right: 0px !important; margin-top: 8px; outline: 0px; padding: 0px 3px 0px 10px !important; word-break: break-all;"><span style="background-color: inherit; border: none; box-sizing: border-box; color: black; margin: 0px; outline: 0px; padding: 0px; word-break: break-all;"><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;"><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;">}; </span></span></span></li>
</ol>
</div>
<span style="background-color: white; box-sizing: border-box; color: #555555; font-family: "microsoft yahei"; font-size: 15px; line-height: 35px; outline: 0px; word-break: break-all;"><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;"><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;">即調用server_cb()函數。</span></span></span><br style="background-color: white; box-sizing: border-box; color: #555555; font-family: "microsoft yahei"; font-size: 15px; line-height: 35px; outline: 0px; word-break: break-all;" /><span style="background-color: white; box-sizing: border-box; color: #555555; font-family: "microsoft yahei"; font-size: 15px; line-height: 35px; outline: 0px; word-break: break-all;"><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;"><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;">4. server_cb()函數中的工作為:</span></span></span><br style="background-color: white; box-sizing: border-box; color: #555555; font-family: "microsoft yahei"; font-size: 15px; line-height: 35px; outline: 0px; word-break: break-all;" /><span style="background-color: white; box-sizing: border-box; color: #555555; font-family: "microsoft yahei"; font-size: 15px; line-height: 35px; outline: 0px; word-break: break-all;"><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;"><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;">(1)進行accept(),接受client連接,並為該連接生成一個client_fd。</span></span></span><br style="background-color: white; box-sizing: border-box; color: #555555; font-family: "microsoft yahei"; font-size: 15px; line-height: 35px; outline: 0px; word-break: break-all;" /><span style="background-color: white; box-sizing: border-box; color: #555555; font-family: "microsoft yahei"; font-size: 15px; line-height: 35px; outline: 0px; word-break: break-all;"><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;"><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;">(2)為client分配一個client id,用於ubusd區分不同的client。</span></span></span><br style="background-color: white; box-sizing: border-box; color: #555555; font-family: "microsoft yahei"; font-size: 15px; line-height: 35px; outline: 0px; word-break: break-all;" /><span style="background-color: white; box-sizing: border-box; color: #555555; font-family: "microsoft yahei"; font-size: 15px; line-height: 35px; outline: 0px; word-break: break-all;"><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;"><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;">(3)向client發送一個HELLO消息作為連接建立的標誌。</span></span></span><br style="background-color: white; box-sizing: border-box; color: #555555; font-family: "microsoft yahei"; font-size: 15px; line-height: 35px; outline: 0px; word-break: break-all;" /><span style="background-color: white; box-sizing: border-box; color: #555555; font-family: "microsoft yahei"; font-size: 15px; line-height: 35px; outline: 0px; word-break: break-all;"><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;"><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;">(4)將client_fd添加到poll_fd的監聽隊列中,用於監聽client發過來的消息,消息處理函數為client_cb()。</span></span></span><br style="background-color: white; box-sizing: border-box; color: #555555; font-family: "microsoft yahei"; font-size: 15px; line-height: 35px; outline: 0px; word-break: break-all;" /><span style="background-color: white; box-sizing: border-box; color: #555555; font-family: "microsoft yahei"; font-size: 15px; line-height: 35px; outline: 0px; word-break: break-all;"><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;"><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;">也就是說ubusd監聽兩種消息,一種是新client的連接請求,一種是現有的每個client發過來的數據。</span></span></span><br style="background-color: white; box-sizing: border-box; color: #555555; font-family: "microsoft yahei"; font-size: 15px; line-height: 35px; outline: 0px; word-break: break-all;" /><span style="background-color: white; box-sizing: border-box; color: #555555; font-family: "microsoft yahei"; font-size: 15px; line-height: 35px; outline: 0px; word-break: break-all;"><span style="box-sizing: border-box; font-weight: 700; outline: 0px; word-break: break-all;"><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;"><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;">當ubusd收到一個client的數據後,調用client_cb()函數的處理過程:</span></span></span></span><br style="background-color: white; box-sizing: border-box; color: #555555; font-family: "microsoft yahei"; font-size: 15px; line-height: 35px; outline: 0px; word-break: break-all;" /><span style="background-color: white; box-sizing: border-box; color: #555555; font-family: "microsoft yahei"; font-size: 15px; line-height: 35px; outline: 0px; word-break: break-all;"><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;"><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;">1.先檢查一下是否有需要向這個client回复的數據(可能是上一次請求沒處理完),如果有,先發送這些遺留數據。</span></span></span><br style="background-color: white; box-sizing: border-box; color: #555555; font-family: "microsoft yahei"; font-size: 15px; line-height: 35px; outline: 0px; word-break: break-all;" /><span style="background-color: white; box-sizing: border-box; color: #555555; font-family: "microsoft yahei"; font-size: 15px; line-height: 35px; outline: 0px; word-break: break-all;"><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;"><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;">2.讀取socket上的數據,根據消息類型(數據中都指定了消息類型的)調用相應的處理函數,消息類型和處理函數定義如下:</span></span></span><br />
<div class="dp-highlighter bg_cpp" style="background-color: #e7e5dc; border-color: rgb(204, 204, 204); box-sizing: border-box; color: #555555; font-family: Consolas, "Courier New", Courier, mono, serif; font-size: 12px; line-height: 35px; margin: 0px 0px 24px; outline: 0px; overflow: hidden; padding: 1px 0px 0px; position: relative; width: 952.375px; word-break: break-all;">
<div class="bar" style="box-sizing: border-box; margin: 0px; outline: 0px; padding: 0px 0px 0px 45px; word-break: break-all;">
<div class="tools" style="background-color: #f8f8f8; border-left: 3px solid rgb(108, 226, 108); border-right: 1px solid rgb(231, 229, 220); box-sizing: border-box; color: silver; font-family: Verdana, Geneva, Arial, Helvetica, sans-serif; font-size: 9px; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal; margin: 0px; outline: 0px; padding: 3px 8px 10px 10px; word-break: break-all;">
<span style="box-sizing: border-box; font-weight: 700; outline: 0px; word-break: break-all;">[cpp] </span> <a class="ViewSource" href="http://blog.csdn.net/jasonchen_gbd/article/details/45627967#" rel="nofollow" style="background-attachment: initial; background-clip: initial; background-color: inherit; background-image: url("https://csdnimg.cn/release/phoenix/images/ico_plain.gif"); background-origin: initial; background-position: left top; background-repeat: no-repeat; background-size: initial; border: none; box-sizing: border-box; color: #0c89cf; cursor: pointer; display: inline-block; height: 16px; margin: 0px 10px 0px 0px; outline: 0px; padding: 1px; text-decoration-line: none; text-indent: -2000px; width: 16px; word-break: break-all;" target="_blank" title="view plain"><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;">view plain</span></a><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;"><span style="box-sizing: border-box; outline: 0px; word-break: break-all;"><a class="CopyToClipboard" href="http://blog.csdn.net/jasonchen_gbd/article/details/45627967#" rel="nofollow" style="background-attachment: initial; background-clip: initial; background-color: inherit; background-image: url("https://csdnimg.cn/release/phoenix/images/ico_copy.gif"); background-origin: initial; background-position: left top; background-repeat: no-repeat; background-size: initial; border: none; box-sizing: border-box; color: #0c89cf; cursor: pointer; display: inline-block; height: 16px; margin: 0px 10px 0px 0px; outline: 0px; padding: 1px; text-decoration-line: none; text-indent: -2000px; width: 16px; word-break: break-all;" target="_blank" title="copy"><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;">copy</span></a></span></span><span style="box-sizing: border-box; outline: 0px; word-break: break-all;"> <a class="CopyToClipboard" href="http://blog.csdn.net/jasonchen_gbd/article/details/45627967#" rel="nofollow" style="background-attachment: initial; background-clip: initial; background-color: inherit; background-image: url("https://csdnimg.cn/release/phoenix/images/ico_copy.gif"); background-origin: initial; background-position: left top; background-repeat: no-repeat; background-size: initial; border: none; box-sizing: border-box; color: #0c89cf; cursor: pointer; display: inline-block; height: 16px; margin: 0px 10px 0px 0px; outline: 0px; padding: 1px; text-decoration-line: none; text-indent: -2000px; width: 16px; word-break: break-all;" target="_blank" title="copy"><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;"></span></a><div style="box-sizing: border-box; height: 16px; left: 503px; margin: 0px; outline: 0px; padding: 0px; position: absolute; top: 5425px; width: 16px; word-break: break-all; z-index: 99;">
</div>
<div style="box-sizing: border-box; height: 16px; left: 503px; margin: 0px; outline: 0px; padding: 0px; position: absolute; top: 5425px; width: 16px; word-break: break-all; z-index: 99;">
</div>
</span><div style="box-sizing: border-box; margin: 0px; outline: 0px; padding: 0px; width: 19px; word-break: break-all; z-index: 99;">
</div>
<span style="box-sizing: border-box; outline: 0px; word-break: break-all;"></span></div>
</div>
<ol class="dp-cpp" start="1" style="background-color: white; border: none; box-sizing: border-box; color: #5c5c5c; list-style-image: initial; list-style-position: initial; margin: 0px 0px 24px; outline: 0px; padding: 0px; word-break: break-all;">
<li class="alt" style="border-bottom: none; border-image: initial; border-left: 3px solid rgb(108, 226, 108); border-right: none; border-top: none; box-sizing: border-box; color: inherit; line-height: 18px; list-style: outside; margin-bottom: 0px !important; margin-left: 40px; margin-right: 0px !important; margin-top: 8px; outline: 0px; padding: 0px 3px 0px 10px !important; word-break: break-all;"><span style="background-color: inherit; border: none; box-sizing: border-box; color: black; margin: 0px; outline: 0px; padding: 0px; word-break: break-all;"><span class="keyword" style="background-color: inherit; border: none; box-sizing: border-box; color: #006699; font-weight: bold; margin: 0px; outline: 0px; padding: 0px; word-break: break-all;"><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;"><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;">static </span></span></span><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;"><span class="keyword" style="background-color: inherit; border: none; box-sizing: border-box; color: #006699; font-weight: bold; margin: 0px; outline: 0px; padding: 0px; word-break: break-all;"><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;">const </span></span><span style="background-color: inherit; border: none; box-sizing: border-box; margin: 0px; outline: 0px; padding: 0px; word-break: break-all;"><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;"> ubus_cmd_cb handlers[__UBUS_MSG_LAST] = { </span></span></span><span style="background-color: inherit; border: none; box-sizing: border-box; margin: 0px; outline: 0px; padding: 0px; word-break: break-all;"> </span><span class="keyword" style="background-color: inherit; border: none; box-sizing: border-box; color: #006699; font-weight: bold; margin: 0px; outline: 0px; padding: 0px; word-break: break-all;"><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;"></span></span><span style="background-color: inherit; border: none; box-sizing: border-box; margin: 0px; outline: 0px; padding: 0px; word-break: break-all;"><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;"></span></span></span></li>
<li style="background-color: #f8f8f8; border-bottom: none; border-image: initial; border-left: 3px solid rgb(108, 226, 108); border-right: none; border-top: none; box-sizing: border-box; line-height: 18px; list-style: outside; margin-bottom: 0px !important; margin-left: 40px; margin-right: 0px !important; margin-top: 8px; outline: 0px; padding: 0px 3px 0px 10px !important; word-break: break-all;"><span style="background-color: inherit; border: none; box-sizing: border-box; color: black; margin: 0px; outline: 0px; padding: 0px; word-break: break-all;"><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;"><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;">[UBUS_MSG_PING] = ubusd_send_pong, </span></span></span></li>
<li class="alt" style="border-bottom: none; border-image: initial; border-left: 3px solid rgb(108, 226, 108); border-right: none; border-top: none; box-sizing: border-box; color: inherit; line-height: 18px; list-style: outside; margin-bottom: 0px !important; margin-left: 40px; margin-right: 0px !important; margin-top: 8px; outline: 0px; padding: 0px 3px 0px 10px !important; word-break: break-all;"><span style="background-color: inherit; border: none; box-sizing: border-box; color: black; margin: 0px; outline: 0px; padding: 0px; word-break: break-all;"><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;"><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;">[UBUS_MSG_ADD_OBJECT] = ubusd_handle_add_object, </span></span></span></li>
<li style="background-color: #f8f8f8; border-bottom: none; border-image: initial; border-left: 3px solid rgb(108, 226, 108); border-right: none; border-top: none; box-sizing: border-box; line-height: 18px; list-style: outside; margin-bottom: 0px !important; margin-left: 40px; margin-right: 0px !important; margin-top: 8px; outline: 0px; padding: 0px 3px 0px 10px !important; word-break: break-all;"><span style="background-color: inherit; border: none; box-sizing: border-box; color: black; margin: 0px; outline: 0px; padding: 0px; word-break: break-all;"><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;"><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;">[UBUS_MSG_REMOVE_OBJECT] = ubusd_handle_remove_object, </span></span></span></li>
<li class="alt" style="border-bottom: none; border-image: initial; border-left: 3px solid rgb(108, 226, 108); border-right: none; border-top: none; box-sizing: border-box; color: inherit; line-height: 18px; list-style: outside; margin-bottom: 0px !important; margin-left: 40px; margin-right: 0px !important; margin-top: 8px; outline: 0px; padding: 0px 3px 0px 10px !important; word-break: break-all;"><span style="background-color: inherit; border: none; box-sizing: border-box; color: black; margin: 0px; outline: 0px; padding: 0px; word-break: break-all;"><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;"><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;">[UBUS_MSG_LOOKUP] = ubusd_handle_lookup, </span></span></span></li>
<li style="background-color: #f8f8f8; border-bottom: none; border-image: initial; border-left: 3px solid rgb(108, 226, 108); border-right: none; border-top: none; box-sizing: border-box; line-height: 18px; list-style: outside; margin-bottom: 0px !important; margin-left: 40px; margin-right: 0px !important; margin-top: 8px; outline: 0px; padding: 0px 3px 0px 10px !important; word-break: break-all;"><span style="background-color: inherit; border: none; box-sizing: border-box; color: black; margin: 0px; outline: 0px; padding: 0px; word-break: break-all;"><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;"><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;">[UBUS_MSG_INVOKE] = ubusd_handle_invoke, </span></span></span></li>
<li class="alt" style="border-bottom: none; border-image: initial; border-left: 3px solid rgb(108, 226, 108); border-right: none; border-top: none; box-sizing: border-box; color: inherit; line-height: 18px; list-style: outside; margin-bottom: 0px !important; margin-left: 40px; margin-right: 0px !important; margin-top: 8px; outline: 0px; padding: 0px 3px 0px 10px !important; word-break: break-all;"><span style="background-color: inherit; border: none; box-sizing: border-box; color: black; margin: 0px; outline: 0px; padding: 0px; word-break: break-all;"><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;"><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;">[UBUS_MSG_STATUS] = ubusd_handle_response, </span></span></span></li>
<li style="background-color: #f8f8f8; border-bottom: none; border-image: initial; border-left: 3px solid rgb(108, 226, 108); border-right: none; border-top: none; box-sizing: border-box; line-height: 18px; list-style: outside; margin-bottom: 0px !important; margin-left: 40px; margin-right: 0px !important; margin-top: 8px; outline: 0px; padding: 0px 3px 0px 10px !important; word-break: break-all;"><span style="background-color: inherit; border: none; box-sizing: border-box; color: black; margin: 0px; outline: 0px; padding: 0px; word-break: break-all;"><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;"><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;">[UBUS_MSG_DATA] = ubusd_handle_response, </span></span></span></li>
<li class="alt" style="border-bottom: none; border-image: initial; border-left: 3px solid rgb(108, 226, 108); border-right: none; border-top: none; box-sizing: border-box; color: inherit; line-height: 18px; list-style: outside; margin-bottom: 0px !important; margin-left: 40px; margin-right: 0px !important; margin-top: 8px; outline: 0px; padding: 0px 3px 0px 10px !important; word-break: break-all;"><span style="background-color: inherit; border: none; box-sizing: border-box; color: black; margin: 0px; outline: 0px; padding: 0px; word-break: break-all;"><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;"><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;">[UBUS_MSG_SUBSCRIBE] = ubusd_handle_add_watch, </span></span></span></li>
<li style="background-color: #f8f8f8; border-bottom: none; border-image: initial; border-left: 3px solid rgb(108, 226, 108); border-right: none; border-top: none; box-sizing: border-box; line-height: 18px; list-style: outside; margin-bottom: 0px !important; margin-left: 40px; margin-right: 0px !important; margin-top: 8px; outline: 0px; padding: 0px 3px 0px 10px !important; word-break: break-all;"><span style="background-color: inherit; border: none; box-sizing: border-box; color: black; margin: 0px; outline: 0px; padding: 0px; word-break: break-all;"><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;"><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;">[UBUS_MSG_UNSUBSCRIBE] = ubusd_handle_remove_watch, </span></span></span></li>
<li class="alt" style="border-bottom: none; border-image: initial; border-left: 3px solid rgb(108, 226, 108); border-right: none; border-top: none; box-sizing: border-box; color: inherit; line-height: 18px; list-style: outside; margin-bottom: 0px !important; margin-left: 40px; margin-right: 0px !important; margin-top: 8px; outline: 0px; padding: 0px 3px 0px 10px !important; word-break: break-all;"><span style="background-color: inherit; border: none; box-sizing: border-box; color: black; margin: 0px; outline: 0px; padding: 0px; word-break: break-all;"><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;"><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;">[UBUS_MSG_NOTIFY] = ubusd_handle_notify, </span></span></span></li>
<li style="background-color: #f8f8f8; border-bottom: none; border-image: initial; border-left: 3px solid rgb(108, 226, 108); border-right: none; border-top: none; box-sizing: border-box; line-height: 18px; list-style: outside; margin-bottom: 0px !important; margin-left: 40px; margin-right: 0px !important; margin-top: 8px; outline: 0px; padding: 0px 3px 0px 10px !important; word-break: break-all;"><span style="background-color: inherit; border: none; box-sizing: border-box; color: black; margin: 0px; outline: 0px; padding: 0px; word-break: break-all;"><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;"><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;">}; </span></span></span></li>
</ol>
</div>
<span style="background-color: white; box-sizing: border-box; color: #555555; font-family: "microsoft yahei"; font-size: 15px; line-height: 35px; outline: 0px; word-break: break-all;"><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;"><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;">例如,如果收到invoke消息,就調用ubusd_handle_invoke()函數處理。</span></span></span><br style="background-color: white; box-sizing: border-box; color: #555555; font-family: "microsoft yahei"; font-size: 15px; line-height: 35px; outline: 0px; word-break: break-all;" /><span style="background-color: white; box-sizing: border-box; color: #555555; font-family: "microsoft yahei"; font-size: 15px; line-height: 35px; outline: 0px; word-break: break-all;"><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;"><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;">這些處理函數可能是ubusd處理完後需要回發給client數據,或者是將消息轉發給另一個client(如果發送請求的client需要和另一個client進行通信)。</span></span></span><br style="background-color: white; box-sizing: border-box; color: #555555; font-family: "microsoft yahei"; font-size: 15px; line-height: 35px; outline: 0px; word-break: break-all;" /><span style="background-color: white; box-sizing: border-box; color: #555555; font-family: "microsoft yahei"; font-size: 15px; line-height: 35px; outline: 0px; word-break: break-all;"><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;"><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;">3.處理完成後,向client發送處理結果,例如UBUS_STATUS_OK。</span><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;">(注意,client發送數據是UBUS_MSG_DATA類型的)</span></span></span><br />
<h2 style="background-color: white; box-sizing: border-box; color: #555555; font-family: "microsoft yahei"; font-size: 24px; line-height: 35px; margin: 8px 0px 16px; outline: 0px; padding: 0px; word-break: break-all;">
<a href="https://www.blogger.com/null" name="t6" style="box-sizing: border-box; color: #4ea1db; cursor: pointer; outline: 0px; word-break: break-all;"></a><a href="https://www.blogger.com/null" name="t6" style="box-sizing: border-box; color: #0c89cf; cursor: pointer; outline: 0px; word-break: break-all;" target="_blank"></a><span style="box-sizing: border-box; font-size: 15px; outline: 0px; word-break: break-all;">4.2 client的工作流程</span></h2>
<div style="background-color: white; box-sizing: border-box; color: #555555; font-family: "microsoft yahei"; font-size: 15px; line-height: 35px; margin-bottom: 16px; outline: 0px; padding: 0px; text-align: justify; word-break: break-all;">
<span style="box-sizing: border-box; font-weight: 700; outline: 0px; word-break: break-all;">ubus call obj method的工作流程:</span></div>
<span style="background-color: white; box-sizing: border-box; color: #555555; font-family: "microsoft yahei"; font-size: 15px; line-height: 35px; outline: 0px; word-break: break-all;"><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;"><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;">1.創建一個unix socket(UDP)連接ubusd,並接收到server發過來的HELLO消息。</span></span></span><br style="background-color: white; box-sizing: border-box; color: #555555; font-family: "microsoft yahei"; font-size: 15px; line-height: 35px; outline: 0px; word-break: break-all;" /><span style="background-color: white; box-sizing: border-box; color: #555555; font-family: "microsoft yahei"; font-size: 15px; line-height: 35px; outline: 0px; word-break: break-all;"><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;"><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;">2. ubus call命令由ubus_cli_call()函數進行處理,先向ubusd發送lookup消息請求obj的id。</span><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;">然後向ubusd發送invoke消息來調用obj的method方法。</span></span></span><br style="background-color: white; box-sizing: border-box; color: #555555; font-family: "microsoft yahei"; font-size: 15px; line-height: 35px; outline: 0px; word-break: break-all;" /><span style="background-color: white; box-sizing: border-box; color: #555555; font-family: "microsoft yahei"; font-size: 15px; line-height: 35px; outline: 0px; word-break: break-all;"><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;"><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;">3.創建epoll_fd並將client的fd添加到監聽列表中等待消息。</span></span></span><br style="background-color: white; box-sizing: border-box; color: #555555; font-family: "microsoft yahei"; font-size: 15px; line-height: 35px; outline: 0px; word-break: break-all;" /><span style="background-color: white; box-sizing: border-box; color: #555555; font-family: "microsoft yahei"; font-size: 15px; line-height: 35px; outline: 0px; word-break: break-all;"><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;"><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;">4. client收到消息後的處理函數為ubus_handle_data(),其中UBUS_MSG_DATA類型的數據receive_call_result_data()函數協助解析。</span></span></span><br style="background-color: white; box-sizing: border-box; color: #555555; font-family: "microsoft yahei"; font-size: 15px; line-height: 35px; outline: 0px; word-break: break-all;" /><span style="background-color: white; box-sizing: border-box; color: #555555; font-family: "microsoft yahei"; font-size: 15px; line-height: 35px; outline: 0px; word-break: break-all;"><span style="box-sizing: border-box; font-weight: 700; outline: 0px; word-break: break-all;"><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;"><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;">被call的client的工作流程:</span></span></span></span><br style="background-color: white; box-sizing: border-box; color: #555555; font-family: "microsoft yahei"; font-size: 15px; line-height: 35px; outline: 0px; word-break: break-all;" /><span style="background-color: white; box-sizing: border-box; color: #555555; font-family: "microsoft yahei"; font-size: 15px; line-height: 35px; outline: 0px; word-break: break-all;"><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;"><span style="box-sizing: border-box; outline: 0px; vertical-align: inherit; word-break: break-all;">和ubus客戶端的流程相似,只是變成了接受請求並調用處理函數</span></span></span>髒圳嘎http://www.blogger.com/profile/17184209061223272557noreply@blogger.com0