sad/segfault
1
0
Fork 0
mirror of https://github.com/hackerschoice/segfault.git synced 2024-06-27 09:18:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'main' of github.com:hackerschoice/segfault into direct

Browse Source
This commit is contained in:
SkyperTHC 2023-03-25 09:46:32 +00:00
commit 250f71be1c
No known key found for this signature in database
GPG Key ID: A9BD386DF9113CD6
2 changed files with 78 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

76
docker-compose.yml
View File

@ -169,8 +169,20 @@ services:
sysctls:
- net.ipv6.conf.all.disable_ipv6=1
- net.ipv4.conf.all.rp_filter=2
# - net.ipv4.conf.all.src_valid_mark=1
- net.ipv4.ip_forward=1
- net.netfilter.nf_conntrack_frag6_timeout=10
- net.netfilter.nf_conntrack_generic_timeout=180 # default is 600
- net.netfilter.nf_conntrack_tcp_timeout_syn_sent=10 # default is 120
- net.netfilter.nf_conntrack_tcp_timeout_syn_recv=1 # default is 30
- net.netfilter.nf_conntrack_tcp_timeout_last_ack=5 # default is 30
- net.netfilter.nf_conntrack_tcp_timeout_fin_wait=10 # default is 120
- net.netfilter.nf_conntrack_tcp_timeout_close=1 # default is 10
- net.netfilter.nf_conntrack_tcp_timeout_close_wait=10 # default is 60
- net.netfilter.nf_conntrack_tcp_timeout_unacknowledged=30 # default is 300
- net.netfilter.nf_conntrack_tcp_timeout_established=10800 # 3h, default is 5 days
- net.netfilter.nf_conntrack_icmp_timeout=10 # default is 30
- net.netfilter.nf_conntrack_udp_timeout=10 # default is 30
# - net.nf_conntrack_udp_timeout_stream= # leave as default of 120
volumes:
- "${SF_SHMDIR:-/dev/shm/sf}/run/vpn:/sf/run/vpn" # Between all VPNs
- "${SF_SHMDIR:-/dev/shm/sf}/config-for-guest:/config/guest" # vpn_status to guest
@ -205,6 +217,19 @@ services:
- net.ipv6.conf.all.disable_ipv6=1
- net.ipv4.conf.all.rp_filter=2
- net.ipv4.ip_forward=1
- net.netfilter.nf_conntrack_frag6_timeout=10
- net.netfilter.nf_conntrack_generic_timeout=180 # default is 600
- net.netfilter.nf_conntrack_tcp_timeout_syn_sent=10 # default is 120
- net.netfilter.nf_conntrack_tcp_timeout_syn_recv=5 # default is 30, 5 because of reverse tunnels
- net.netfilter.nf_conntrack_tcp_timeout_last_ack=5 # default is 30
- net.netfilter.nf_conntrack_tcp_timeout_fin_wait=10 # default is 120
- net.netfilter.nf_conntrack_tcp_timeout_close=1 # default is 10
- net.netfilter.nf_conntrack_tcp_timeout_close_wait=10 # default is 60
- net.netfilter.nf_conntrack_tcp_timeout_unacknowledged=30 # default is 300
- net.netfilter.nf_conntrack_tcp_timeout_established=10800 # 3h, default is 5 days
- net.netfilter.nf_conntrack_icmp_timeout=10 # default is 30
- net.netfilter.nf_conntrack_udp_timeout=10 # default is 30
# - net.nf_conntrack_udp_timeout_stream= # leave as default of 120
volumes:
- "${SF_SHMDIR:-/dev/shm/sf}/run/vpn:/sf/run/vpn" # Between all VPNs
- "${SF_SHMDIR:-/dev/shm/sf}/config-for-guest:/config/guest" # vpn_status to guest
@ -238,6 +263,19 @@ services:
- net.ipv6.conf.all.disable_ipv6=1
- net.ipv4.conf.all.rp_filter=2
- net.ipv4.ip_forward=1
- net.netfilter.nf_conntrack_frag6_timeout=10
- net.netfilter.nf_conntrack_generic_timeout=180 # default is 600
- net.netfilter.nf_conntrack_tcp_timeout_syn_sent=10 # default is 120
- net.netfilter.nf_conntrack_tcp_timeout_syn_recv=1 # default is 30
- net.netfilter.nf_conntrack_tcp_timeout_last_ack=5 # default is 30
- net.netfilter.nf_conntrack_tcp_timeout_fin_wait=10 # default is 120
- net.netfilter.nf_conntrack_tcp_timeout_close=1 # default is 10
- net.netfilter.nf_conntrack_tcp_timeout_close_wait=10 # default is 60
- net.netfilter.nf_conntrack_tcp_timeout_unacknowledged=30 # default is 300
- net.netfilter.nf_conntrack_tcp_timeout_established=10800 # 3h, default is 5 days
- net.netfilter.nf_conntrack_icmp_timeout=10 # default is 30
- net.netfilter.nf_conntrack_udp_timeout=10 # default is 30
# - net.nf_conntrack_udp_timeout_stream= # leave as default of 120
volumes:
- "${SF_SHMDIR:-/dev/shm/sf}/run/vpn:/sf/run/vpn" # Between all VPNs
- "${SF_SHMDIR:-/dev/shm/sf}/config-for-guest:/config/guest" # vpn_status to guest
@ -315,12 +353,18 @@ services:
- net.ipv4.conf.all.src_valid_mark=1 # SNAT
- net.ipv4.conf.all.rp_filter=2
- net.netfilter.nf_conntrack_frag6_timeout=10
- net.netfilter.nf_conntrack_generic_timeout=180 # default is 600
- net.netfilter.nf_conntrack_tcp_timeout_syn_sent=10
- net.netfilter.nf_conntrack_tcp_timeout_fin_wait=10
- net.netfilter.nf_conntrack_tcp_timeout_established=10800 #3h idle
# - net.netfilter.nf_conntrack_udp_timeout=10
- net.netfilter.nf_conntrack_icmp_timeout=10
- net.netfilter.nf_conntrack_generic_timeout=180 # default is 600
- net.netfilter.nf_conntrack_tcp_timeout_syn_sent=10 # default is 120
- net.netfilter.nf_conntrack_tcp_timeout_syn_recv=5 # default is 30, 5 because of reverse tunnels
- net.netfilter.nf_conntrack_tcp_timeout_last_ack=5 # default is 30
- net.netfilter.nf_conntrack_tcp_timeout_fin_wait=10 # default is 120
- net.netfilter.nf_conntrack_tcp_timeout_close=1 # default is 10
- net.netfilter.nf_conntrack_tcp_timeout_close_wait=10 # default is 60
- net.netfilter.nf_conntrack_tcp_timeout_unacknowledged=30 # default is 300
- net.netfilter.nf_conntrack_tcp_timeout_established=10800 # 3h, default is 5 days
- net.netfilter.nf_conntrack_icmp_timeout=10 # default is 30
- net.netfilter.nf_conntrack_udp_timeout=10 # default is 30
# - net.nf_conntrack_udp_timeout_stream= # leave as default of 120
ports:
- "${SF_SSH_PORT:-22}:22"
- "${SF_SSH_PORT2:-443}:22"
@ -425,12 +469,18 @@ services:
- net.ipv4.conf.all.src_valid_mark=1 # SNAT
- net.ipv4.conf.all.rp_filter=2
- net.netfilter.nf_conntrack_frag6_timeout=10
- net.netfilter.nf_conntrack_generic_timeout=180 # default is 600
- net.netfilter.nf_conntrack_tcp_timeout_syn_sent=10
- net.netfilter.nf_conntrack_tcp_timeout_fin_wait=10
- net.netfilter.nf_conntrack_tcp_timeout_established=10800 #3h idle
# - net.netfilter.nf_conntrack_udp_timeout=10
- net.netfilter.nf_conntrack_icmp_timeout=10
- net.netfilter.nf_conntrack_generic_timeout=180 # default is 600
- net.netfilter.nf_conntrack_tcp_timeout_syn_sent=10 # default is 120
- net.netfilter.nf_conntrack_tcp_timeout_syn_recv=1 # default is 30
- net.netfilter.nf_conntrack_tcp_timeout_last_ack=5 # default is 30
- net.netfilter.nf_conntrack_tcp_timeout_fin_wait=10 # default is 120
- net.netfilter.nf_conntrack_tcp_timeout_close=1 # default is 10
- net.netfilter.nf_conntrack_tcp_timeout_close_wait=10 # default is 60
- net.netfilter.nf_conntrack_tcp_timeout_unacknowledged=30 # default is 300
- net.netfilter.nf_conntrack_tcp_timeout_established=10800 # 3h, default is 5 days
- net.netfilter.nf_conntrack_icmp_timeout=10 # default is 30
- net.netfilter.nf_conntrack_udp_timeout=10 # default is 30
# - net.nf_conntrack_udp_timeout_stream= # leave as default of 120
environment:
- SF_DEBUG
volumes:

18
sfbin/sf
View File

@ -148,9 +148,21 @@ blockio_init
# 1. Use static IPs where possible for inter-container communication.
# 2. Limit the User's local network (to /22 or /24)
# 3. Increase the global size of the kernel's arp table (gc_thresh3)
sysctl -q -w net.ipv4.neigh.default.gc_thresh3=65536 || WARN "Could not set /proc/.../gc_thresh3"
sysctl -q -w net.netfilter.nf_conntrack_buckets=16384 || WARN "Could not set /proc/.../nf_conntrack_buckets"
sysctl -q -w net.netfilter.nf_conntrack_max=131072 || WARN "Could not set /proc/.../nf_conntrack_max"
sysinc()
{
local key
local val
key=$1
val=$2
[[ $(sysctl -n "$key") -ge $val ]] && return
sysctl -q -w "${key}=${val}" || WARN "Could not set '${key}=${val}'"
}
# These are global and shared among all containers
sysinc net.ipv4.neigh.default.gc_thresh3 65536
sysinc net.netfilter.nf_conntrack_buckets 16384 # 65536 for >4GB systems
sysinc net.netfilter.nf_conntrack_max 1048576
# Each Hugepagesize is 2MB (grep HUGE /proc/meminfo)
# 512 => 1g as HUGE
# 8192 => 16g as HUGE