-
Notifications
You must be signed in to change notification settings - Fork 8
Expand file tree
/
Copy pathscript.sh
More file actions
219 lines (190 loc) · 8.08 KB
/
script.sh
File metadata and controls
219 lines (190 loc) · 8.08 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
#!/usr/bin/env bash
# ==============================================================================
# Linux TCP/IP & BBR 智能优化脚本
#
# 版本: 2.0.0 (针对代理转发深度优化)
# 改进日志:
# - [核心] 启用 tcp_tw_reuse,解决高并发下的端口耗尽问题
# - [新增] 增加 TCP Keepalive 调优,快速释放死连接
# - [新增] 增加 UDP 缓冲区优化 (针对 Hysteria/QUIC)
# - [新增] 引入 tcp_notsent_lowat 降低延迟
# - [调整] 优化 conntrack 策略,防止表溢出
# ==============================================================================
# --- 脚本版本号定义 ---
SCRIPT_VERSION="2.0.0"
set -euo pipefail
# --- 颜色定义 ---
GREEN='\033[0;32m'
RED='\033[0;31m'
YELLOW='\033[1;33m'
CYAN='\033[0;36m'
BLUE='\033[0;34m'
NC='\033[0m'
# --- 配置文件路径 ---
CONF_FILE="/etc/sysctl.d/99-bbr.conf"
# --- 系统信息检测函数 ---
get_system_info() {
TOTAL_MEM=$(free -m | awk '/^Mem:/{print $2}' | tr -d '\r')
CPU_CORES=$(nproc | tr -d '\r')
if command -v systemd-detect-virt >/dev/null 2>&1; then
VIRT_TYPE=$(systemd-detect-virt)
elif grep -q -i "hypervisor" /proc/cpuinfo; then
VIRT_TYPE="KVM/VMware"
else
VIRT_TYPE="Physical/Unknown"
fi
echo -e "${CYAN}>>> 系统信息检测:${NC}"
echo -e "内存大小 : ${YELLOW}${TOTAL_MEM}MB${NC}"
echo -e "CPU核心数 : ${YELLOW}${CPU_CORES}${NC}"
echo -e "虚拟化类型 : ${YELLOW}${VIRT_TYPE}${NC}"
calculate_parameters
}
# --- 动态参数计算函数 (针对转发业务调整) ---
calculate_parameters() {
# 基础连接数设置 - 代理服务器需要更多的连接跟踪
if [ "$TOTAL_MEM" -le 512 ]; then
VM_TIER="入门级(≤512MB)"
RMEM_MAX="16777216" # 16MB
WMEM_MAX="16777216"
TCP_MEM_MAX="16777216"
SOMAXCONN="4096"
FILE_MAX="65535"
CONNTRACK_MAX="65536"
elif [ "$TOTAL_MEM" -le 1024 ]; then
VM_TIER="基础级(1GB)"
RMEM_MAX="33554432" # 32MB
WMEM_MAX="33554432"
TCP_MEM_MAX="33554432"
SOMAXCONN="16384"
FILE_MAX="524288"
CONNTRACK_MAX="262144"
elif [ "$TOTAL_MEM" -le 4096 ]; then
VM_TIER="进阶级(2GB-4GB)"
RMEM_MAX="67108864" # 64MB
WMEM_MAX="67108864"
TCP_MEM_MAX="67108864"
SOMAXCONN="32768"
FILE_MAX="1048576"
CONNTRACK_MAX="524288"
else
VM_TIER="专业级(>4GB)"
# 限制最大缓冲区,避免单连接吃光内存,注重并发总量
RMEM_MAX="134217728" # 128MB
WMEM_MAX="134217728"
TCP_MEM_MAX="134217728"
SOMAXCONN="65535"
FILE_MAX="2097152"
CONNTRACK_MAX="1048576" # 100万连接足够绝大多数场景,过大浪费内核内存
fi
}
# --- 预检查函数 ---
pre_flight_checks() {
if [[ $(id -u) -ne 0 ]]; then
echo -e "${RED}❌ 错误: 必须 root 权限。${NC}"
exit 1
fi
# 加载必要的内核模块 (尤其是连接跟踪和BBR)
modprobe nf_conntrack >/dev/null 2>&1 || true
modprobe tcp_bbr >/dev/null 2>&1 || true
}
# --- 配置写入函数 ---
add_conf() {
local key="$1"
local value="$2"
local comment="$3"
echo "# $comment" >> "$CONF_FILE"
echo "$key = $value" >> "$CONF_FILE"
echo "" >> "$CONF_FILE"
}
# --- 备份管理 ---
manage_backups() {
if [ -f "$CONF_FILE" ]; then
cp "$CONF_FILE" "$CONF_FILE.bak_$(date +%F_%H-%M-%S)"
# 保留最近3个备份
ls -t "$CONF_FILE.bak_"* 2>/dev/null | tail -n +4 | xargs -r rm
fi
}
# --- 核心优化逻辑 (重写部分) ---
apply_optimizations() {
echo -e "${CYAN}>>> 应用网络优化配置 (${YELLOW}${VM_TIER}${CYAN})...${NC}"
> "$CONF_FILE"
cat >> "$CONF_FILE" << EOF
# ==========================================================
# Linux Network Tuning (Proxy/Forwarding Optimized)
# 生成时间: $(date)
# 硬件环境: ${TOTAL_MEM}MB RAM, ${CPU_CORES} CPU
# ==========================================================
EOF
# 1. BBR 与 队列算法
add_conf "net.core.default_qdisc" "fq" "FQ 队列算法 (BBR 最佳拍档)"
add_conf "net.ipv4.tcp_congestion_control" "bbr" "开启 BBR"
# 2. 缓冲区优化 (TCP & UDP) - 这对 Hysteria/QUIC 很重要
add_conf "net.core.rmem_max" "$RMEM_MAX" "系统最大接收缓存"
add_conf "net.core.wmem_max" "$WMEM_MAX" "系统最大发送缓存"
add_conf "net.core.rmem_default" "262144" "默认接收缓存 (256k)"
add_conf "net.core.wmem_default" "262144" "默认发送缓存 (256k)"
# TCP 自动调优窗口
add_conf "net.ipv4.tcp_rmem" "8192 262144 $TCP_MEM_MAX" "TCP读缓存 (min default max)"
add_conf "net.ipv4.tcp_wmem" "8192 262144 $TCP_MEM_MAX" "TCP写缓存 (min default max)"
add_conf "net.ipv4.udp_rmem_min" "16384" "UDP读缓存下限 (优化QUIC)"
add_conf "net.ipv4.udp_wmem_min" "16384" "UDP写缓存下限 (优化QUIC)"
# 3. 连接与队列上限
add_conf "net.core.somaxconn" "$SOMAXCONN" "最大监听队列"
add_conf "net.core.netdev_max_backlog" "$SOMAXCONN" "网卡积压队列"
add_conf "net.ipv4.tcp_max_syn_backlog" "$SOMAXCONN" "SYN半连接队列"
add_conf "net.ipv4.tcp_notsent_lowat" "16384" "降低缓冲区未发送数据阈值 (降低延迟)"
# 4. TIME_WAIT 与 端口复用 (代理服务器的关键)
add_conf "net.ipv4.tcp_tw_reuse" "1" "开启 TIME_WAIT 复用 (关键优化)"
add_conf "net.ipv4.tcp_timestamps" "1" "开启时间戳 (配合 reuse 必须)"
add_conf "net.ipv4.tcp_fin_timeout" "30" "缩短 FIN_WAIT 时间"
add_conf "net.ipv4.ip_local_port_range" "10000 65535" "扩大本地端口范围"
add_conf "net.ipv4.tcp_max_tw_buckets" "500000" "允许更多 TIME_WAIT socket 存在"
# 5. TCP Keepalive (快速剔除死链)
add_conf "net.ipv4.tcp_keepalive_time" "600" "TCP保活时间 (10分钟)"
add_conf "net.ipv4.tcp_keepalive_intvl" "15" "探测间隔"
add_conf "net.ipv4.tcp_keepalive_probes" "5" "探测次数"
# 6. 连接跟踪 (Conntrack)
# 如果模块未加载,写入配置可能会报错,这里做个判断(但通常文件写入没问题,是sysctl -p报错)
add_conf "net.netfilter.nf_conntrack_max" "$CONNTRACK_MAX" "最大连接跟踪数"
add_conf "net.netfilter.nf_conntrack_tcp_timeout_established" "7200" "连接跟踪超时 (2小时)"
add_conf "net.netfilter.nf_conntrack_tcp_timeout_time_wait" "120" "减少 TIME_WAIT 跟踪时间"
# 7. 其他系统级优化
add_conf "fs.file-max" "$FILE_MAX" "最大文件句柄"
add_conf "vm.swappiness" "10" "减少 Swap 使用"
add_conf "net.ipv4.tcp_mtu_probing" "1" "开启 MTU 探测 (解决部分网络卡顿)"
add_conf "net.ipv4.tcp_syncookies" "1" "防 SYN Flood"
}
# --- 应用与验证 ---
apply_and_verify() {
echo -e "${CYAN}>>> 应用配置...${NC}"
sysctl --system >/dev/null 2>&1 || echo -e "${YELLOW}⚠️ 注意: 部分参数应用失败 (可能是容器限制或模块缺失),但不影响核心功能。${NC}"
local cc=$(sysctl -n net.ipv4.tcp_congestion_control 2>/dev/null)
local qdisc=$(sysctl -n net.core.default_qdisc 2>/dev/null)
local reuse=$(sysctl -n net.ipv4.tcp_tw_reuse 2>/dev/null)
echo -e "${GREEN}✅ 优化完成!${NC}"
echo -e "拥塞控制: ${YELLOW}${cc}${NC} | 队列算法: ${YELLOW}${qdisc}${NC}"
if [ "$reuse" == "1" ]; then
echo -e "并发复用: ${GREEN}已启用 (tcp_tw_reuse)${NC}"
else
echo -e "并发复用: ${RED}未启用 (可能被覆盖)${NC}"
fi
}
# --- 主逻辑 ---
main() {
# 简单的参数处理
if [[ "${1:-}" == "uninstall" ]]; then
rm -f "$CONF_FILE"
sysctl --system
echo -e "${GREEN}已删除优化配置。${NC}"
exit 0
fi
echo -e "${CYAN}======================================================${NC}"
echo -e "${CYAN} Linux Network Optimizer (Proxy Edition) v${SCRIPT_VERSION} ${NC}"
echo -e "${CYAN}======================================================${NC}"
pre_flight_checks
get_system_info
manage_backups
apply_optimizations
apply_and_verify
}
main "$@"