LVS 作为高性能的四层负载均衡器,原生仅基于 IP/端口转发,不解析应用层流量,无法实现基于域名的访问控制。实际生产中有基于域名的白名单需求,需拦截非白名单域名的 HTTP/HTTPS 流量,并可在拦截时阻断连接。
本模块设计目标:
- 支持域名白名单过滤(HTTP Host、TLS SNI)
- 支持拦截非法域名连接并阻断后续包
- 可选使用内核连接跟踪(conntrack)或自定义轻量状态表实现高性能
ptpt52
/ lvs-host-filter.md
Created
June 4, 2025 01:04
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| #setup environment for tmpfs build for openwrt/x-wrt. | |
| mkdir -p tmpfs_local/host tmpfs_local/hostpkg | |
| mkdir tmpfs | |
| #mount tmpfs size=24G (total 32G ram) for build_dir. | |
| sudo mount -t tmpfs -o size=24G tmpfs tmpfs/ |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Wed Mar 22 17:30:03 2023 daemon.info : 08[ENC] parsed ID_PROT request 0 [ SA V V V V V V ] | |
| Wed Mar 22 17:30:03 2023 daemon.info : 08[IKE] received NAT-T (RFC 3947) vendor ID | |
| Wed Mar 22 17:30:03 2023 daemon.info : 08[IKE] received draft-ietf-ipsec-nat-t-ike-02 vendor ID | |
| Wed Mar 22 17:30:03 2023 daemon.info : 08[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID | |
| Wed Mar 22 17:30:03 2023 daemon.info : 08[IKE] received draft-ietf-ipsec-nat-t-ike-00 vendor ID | |
| Wed Mar 22 17:30:03 2023 daemon.info : 08[IKE] received FRAGMENTATION vendor ID | |
| Wed Mar 22 17:30:03 2023 daemon.info : 08[IKE] received DPD vendor ID | |
| Wed Mar 22 17:30:03 2023 daemon.info : 08[IKE] 192.168.16.190 is initiating a Main Mode IKE_SA | |
| Wed Mar 22 17:30:03 2023 authpriv.info : 08[IKE] 192.168.16.190 is initiating a Main Mode IKE_SA | |
| Wed Mar 22 17:30:03 2023 daemon.info : 08[CFG] selected proposal: IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024 |
ptpt52
/ ipq5018 sdk 12 crash wifi log
Created
November 7, 2022 09:03
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| root@OpenWrt:~# /etc/init.d/network reload | |
| [ 121.287227] mc_detach: disabled snooping on br-lan. | |
| Command failed: Not found | |
| Default Service Class Count: 8 | |
| Custom Service Class Count: 1 | |
| Command failed: Not found | |
| Command failed: Not found | |
| Command failed: Not found | |
| qcawifi qcawificfg80211 disable radio wifi0 | |
| Disable ol_stats for Lithium platforms |
ptpt52
/ mt7621 uboot normal boot (old version)
Created
September 27, 2021 09:15
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Welcome to minicom 2.8 | |
| OPTIONS: | |
| Port /dev/ttyUSB0, 17:13:45 | |
| Press CTRL-A Z for help on special keys | |
| =================================================================== | |
| MT7621 stage1 code 10:33:55 (ASIC) |
ptpt52
/ mt7621 512M uboot log
Created
September 27, 2021 09:11
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| >> Got DRAM size 0MB | |
| Retrying ... | |
| >> Applying AC timing parameters (try 2) | |
| Expected DRAM size: 512MB | |
| >> Setting DDR/CPU PLL ... | |
| Using 3PLL mode with External loopback | |
| DDR/CPU clock will be set to 1200MHz/880MHz |
ptpt52
/ qsdk mp03.5-c1 256M ipq5018+qcn61xx boot log
Created
August 13, 2021 06:52
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Hit any key within 10s to stop dump activity...resetting ... | |
| Format: Log Type - Time(microsec) - Message - Optional Info | |
| Log Type: B - Since Boot(Power On Reset), D - Delta, S - Statistic | |
| S - QC_IMAGE_VERSION_STRING=BOOT.BF.3.3.1.1-00059 | |
| S - IMAGE_VARIANT_STRING=MAABANAZA | |
| S - OEM_IMAGE_VERSION_STRING=CRM | |
| S - Boot Config, 0x000002c1 | |
| B - 128 - PBL, Start | |
| B - 1562 - bootable_media_detect_entry, Start |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| IPQ5018# reset | |
| resetting ... | |
| Format: Log Type - Time(microsec) - Message - Optional Info | |
| Log Type: B - Since Boot(Power On Reset), D - Delta, S - Statistic | |
| S - QC_IMAGE_VERSION_STRING=BOOT.BF.3.3.1.1-00042 | |
| S - IMAGE_VARIANT_STRING=MAABANAZA | |
| S - OEM_IMAGE_VERSION_STRING=CRM | |
| S - Boot Config, 0x000002c1 | |
| B - 127 - PBL, Start |
ptpt52
/ qsdk ipq5018 boot on tplink
Created
July 8, 2021 08:11
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| U-Boot 2016.01 (Jul 08 2021 - 07:14:42 +0000) | |
| DRAM: smem ram ptable found: ver: 1 len: 4 | |
| 256 MiB | |
| TEST- | |
| SPI_ADDR_LEN=3 | |
| SF: Detected XM25QU128C with page size 256 Bytes, erase size 4 KiB, total 16 MiB | |
| *** Warning - bad CRC, using default environment | |
| In: serial@78AF000 |
ptpt52
/ TPLink AX3600 ipq5018 oem boot log
Created
July 3, 2021 09:28
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Port /dev/ttyUSB0, 17:24:46 | |
| Press CTRL-A Z for help on special keys | |
| U-Boot 2016.01 (Jun 07 2021 - 14:49:46 +0800) | |
| DRAM: smem ram ptable found: ver: 1 len: 4 | |
| 256 MiB |
NewerOlder