macos 性能测试 内核优化配置

解决mac 在糟糕网络下 tcp/http 等连接较高概率超时失败问题

经过定位,应该是系统的tcp 和 socket连接数太小的问题,导致开大量应用后会出现该问题

1.增加 max files:

解决mac 在糟糕网络下 tcp/http 等连接较高概率超时失败问题

经过定位,应该是系统的tcp 和 socket连接数太小的问题,导致开大量应用后会出现该问题

1.增加 max files:

sysctl -a | grep files
kern.maxfiles = 12288
kern.maxfilesperproc = 10240

#设置系统最大连接数从12288到1048600.
sudo sysctl -w kern.maxfiles=1048600

#设置进程连接数限制,进程的最大连接数要小于等于全局连接数
sudo sysctl -w kern.maxfilesperproc=1048576

2.增加max sockets:

sysctl -a | grep somax
kern.ipc.somaxconn: 256
sudo sysctl -w kern.ipc.somaxconn=4096

3.设置动态端口范围portrange

sysctl net.inet.ip.portrange
net.inet.ip.portrange.first: 49152
net.inet.ip.portrange.last: 65535

说明:Linux动态端口号默认范围是32768-65535,也就是说,作为客户端连接同一个IP和同一个端口号,最多只能建立30000多个连接,而Mac默认只能建立16000个左右的连接。
sudo sysctl -w net.inet.ip.portrange.first=32768

4.tcp最大分段寿命
sysctl net.inet.tcp.msl
net.inet.tcp.msl: 30000

说明:最大段寿命*是一个 [TCP] [分段]可以存在于互联网系统中的最大时间。它被任意地定义为两分钟长。最大段寿命的值用来确定 TIME_WAIT 周期(最大段寿命的两倍)
sudo sysctl -w net.inet.tcp.msl=5000

说明:设置tcp失败后回收时间,由默认的30s修改为5秒,一般方便性能测试。

5.设置ulimit
ulimit -n 
说明:命令显示当前shell能打开的最大文件数,默认值:256,该值总是小于kern.maxfilesperproc的值,因为一个shell就是一个进程。
ulimit -n 1048576

6.确保重启后参数生效(永久设置)
6.1按以上的方式设置参数有个问题,当系统重启后,这些参数又恢复成了默认值,解决办法就是把参数写到/etc/sysctl.conf文件中,但是,默认macos这个文件是不存在的,所以首先就要创建它:
sudo touch /etc/sysctl.conf
然后把参数写到文件里
kern.maxfiles=1048600
kern.maxfilesperproc=1048576
kern.ipc.somaxconn=4096
net.inet.tcp.msl=5000
net.inet.ip.portrange.first=32768
#net.inet.ip.portrange.last=65535

至于ulimit-n的值,可以把ulimit-n1048576 写到.bashrc中实现自动修改。

查看批量查看结果

ulimit -n 

sysctl kern.maxfiles kern.maxfilesperproc kern.ipc.somaxconn net.inet.tcp.msl net.inet.ip.portrange.first net.inet.ip.portrange.last

最后修改参数总结:(临时设置)
sudo sysctl -w kern.maxfiles=1048600
sudo sysctl -w kern.maxfilesperproc=1048576
sudo sysctl -w kern.ipc.somaxconn=4096
sudo sysctl -w net.inet.tcp.msl=5000
sudo  sysctl -w net.inet.ip.portrange.first=32768
ulimit -n 1048576

Easy Connect 网络监视进程关闭方法

由于工作中,有时需要在使用外部网络的情况下,访问公司内网,因此使用了Easy Connect这个工具,用于连接到公司的虚拟专用网中。装了之后,也只偶尔用用,大多数时间这个软件是关闭的。

但是最近处理网络异常断线时排查问题发现,EasyMonitor等3个进程一直在运行,而Easy Connect已经几个月没有使用过了,一直源源不断的上传下载数据包。不能强制退出,即使我在终端使用kill命令结束了,也会立刻重启,然后拦截网络流量.这是一个顽固的开机启动程序,类似病毒的.所以决定动手干掉.

检查plist文件

分别在以下6个目录中检查是否有与EasyConnect相关的plist文件

  1. ~/Library/Preferences/ – (当前用户设置的进程)
  2. ~/Library/LaunchAgents/ – (当前用户的守护进程)
  3. /Library/LaunchAgents/ – (管理员设置的用户进程)
  4. /Library/LaunchDaemons/ – (管理员提供的系统守护进程)
  5. /System/Library/LaunchAgents/ – (Mac操作系统提供的用户进程)
  6. /System/Library/LaunchDaemons/ – (Mac操作系统提供的系统守护进程)

删除所有com.sangfor.EasyMonitor.plist,和以com.sangfor.开头的plist

检查守护进程
launchctl list | grep Easy
可以看到有3个进程是杀不掉的会自动重启

sudo launchctl unload com.sangfor.ECAgentProxy

sudo launchctl unload /Applications/EasyConnect.app/Contents/Resources/LaunchDaemons/com.sangfor.EasyMonitor.plist

sudo launchctl unload /Applications/EasyConnect.app/Contents/Resources/LaunchAgents/com.sangfor.ECAgentProxy.plist

然后重启,网络终于正常了,一个晚上加一整天都没有断线(以前一天要断好几次地),收工.

mac os x10.12 安装thrift0.8 源码

参考:http://www.cnblogs.com/peterpanzsy/p/4210127.html

http://thrift.apache.org/docs/install/

一:安装最新版(自动安装)

最简单的是用homebrew进行安装

  • 安装homebrew 在终端输入ruby -e “$(curl -fsSL https://raw.github.com/Homebrew/homebrew/go/install)”
  • 安装thrift   brew install thrift

用brew安装的thrift版本是0.9的,but,我们项目中得thrift版本是0.8的,所以果断卸载掉。

brew uninstall thrift。转到下面第二种方法安装thrift

二:手动安装0.8.0

先安装依赖。

http://www.jattcode.com/installing-autoconf-automake-libtool-on-mac-osx-mountain-lion/

  • 安装BOOST

下载:http://www.boost.org/

命令:./bootstrap.sh,该命令用于生成bjam可执行文件,这个东西就是用来编译boost库

命令:sudo ./b2 threading=multi address-model=64 variant=release stage install

  • 安装 libevent

下载:http://libevent.org/

命令:./configure –prefix=/usr/local

命令:make

命令:sudo make install

  • 安装 Apache Thrift

下载:http://thrift.apache.org/

编译命令:./configure –prefix=/usr/local/ –with-boost=/usr/local/lib –with-libevent=/usr/local/lib –without-ruby –without-python –without-perl –without-php

有一些不相关的code genorater可以不要了,不然又得会报错。。。

安装命令:sudo make install

thrift -version 可以查看安装是否成功和版本

thrift-0.8.0.tar.gz

安装8的时候会遇到如下问题,并按如下解决:

以下摘自美团 Created by 曹继光, last modified by 严鑫 on 十月 10, 2014

Osx 10.9 是比较新的系统, 从这个版本开始, 系统默认编译器从GCC 改为 Clang(GCC -v 一下, 给的是clang 的提示).

Thrift 0.8  代码相对又比较老, 在新的编译器上遇到了下列一些问题.

问题1 :

多个源码文件报错 # include <tr1/functional>, file not found, 改为 # include <boost/tr1/functional.hpp> 解决.

需要修改以下文件:

  • lib/cpp/src/concurrency/ThreadManager.h  line:24
  • lib/cpp/src/async/TAsyncChannel.h line:23
  • lib/cpp/src/async/TAsyncChannel.cpp line:21
  • lib/cpp/src/async/TAsyncProcessor.h line:23
  • lib/cpp/src/async/TAsyncBufferProcessor.h line:23

原因:  在我试验的环境下, 此头文件有后缀名/usr/local/include/boost/ tr1/functional.hpp

问题2:

cpp 测试代码 lib/cpp/test/Benchmark.cpp 编译失败,  shared_ptr  ambigous , 用 boost::shared_ptr 替换 shared_ptr,

错误消失.

原因: Clang 支持 C++ 11, 其 标准库自带 shared_ptr(std::shared_ptr, 参考 http://zh.cppreference.com/w/cpp/memory/shared_ptr)

故需显式指定名字空间.

三:测试

下面编写一个HelloWorld.thrift 来测试一下,内容如下:

namespace java com.xx.mobile.hotel.sc.demo

service HelloWorldService {
string sayHello(1:string username)
}

执行:thrift -gen java HelloWorld.thrift 将在同级目录下生成gen-java/com/xx/mobile/hotel/sc/demo/HelloWorldService.java文件。

Mac升级为macOS Sierra系统后xcode项目报错[转]

元旦升级了macOS Sierra系统,顿时感觉入坑了,本来好好的项目报如下错误:

resource fork, Finder information, or similar detritus not allowed
Command /usr/bin/codesign failed with exit code 1

在网上找了很多方法,都不使用我的项目,或者说网上的说法太模糊,现给出解决办法:

  1. 关闭Xcode,打开终端;
  2. 进入项目的文件夹, 有.xcodeproj文件

    ll

    发现有 drwxr-xr-x@ 7 liyunde staff 238B 1 3 12:36 iosapp.xcodeproj
    多了个@符号

  3. 输入指令

    xattr -rc .

  4.  打开项目重新运行,OK了!

网上说的太模糊,资料也少,自己浪费了很长时间,现在给出详细的解决办法,避免同行入坑,节省时间。

参考:http://blog.csdn.net/benpaofengling/article/details/52680542

Adding SQLCipher to Xcode Projects IOS MAC

Adding SQLCipher to Xcode Projects

SQLite is already a popular API for persistent data storage in iOS apps so the upside for development is obvious. As a programmer you work with a stable, well-documented API that happens to have many good wrappers available in Objective-C, such as FMDB and Encrypted Core Data. All security concerns are cleanly decoupled from application code and managed by the underlying framework.

The framework code of the SQLCipher project is open source, so users can be confident that an application isn’t using insecure or proprietary security code. In addition, SQLCipher can also be compiled on Android, Linux, OS X and Windows for those developing cross-platform applications.

Using SQLCipher in an iOS app is fairly straightforward. This document describes integrating SQLCipher into an existing iOS project using the Community Edition source code build process. This tutorial assumes some familiarity with basic iOS app development and a working install of Xcode (6.1.1). The same basic steps can be applied to OS X projects as well.

? Hot Tip: Commercial Edition static libraries are available for you to drop right into your project if you’d like to skip all this and receive personalized support from our crack development team! Binaries and helpful projects integrations are available for all supported platforms. Learn more »

Prerequisites

Xcode with an iOS or OS X SDK installed. Visit the Apple Developer site for more information on downloading the latest Xcode and iOS and OS X SDKs.

OpenSSL

OpenSSL is no longer required for building SQLCipher on iOS and OS X, as the project by default uses Apple’s CommonCrypto framework for hardware-accelerated encryption. You can still build SQLCipher with other crypto providers like OpenSSL if you’d prefer, or you can write your own.

SQLCipher

Fire up the Terminal app, switch into your project’s root directory and checkout the SQLCipher project code using Git:

$ cd ~/Documents/code/SQLCipherApp
$ git clone https://github.com/sqlcipher/sqlcipher.git

Xcode Project Configuration

The SQLCipher source provides a sqlcipher.xcodeproj project file that we’ll add to your project to build a static library that you’ll link from your main application target.

Add Project Reference

Open your iOS app’s project or workspace in Xcode, open the Project Navigator (command+1), and click on the top-level Project icon for your iOS app. Right click on the project and choose “Add Files to “My App”” (the label will vary depending on your app’s name). Since we cloned SQLCipher directly into the same folder as your iOS app you should see a sqlcipher folder in your root project folder. Open this folder and select sqlcipher.xcodeproj:

Add Files to 'My App'

Project References

Project Settings

Navigate to your Project settings (make sure you don’t select the application target level). Select the Build Settings pane. In the search field, type in “Header Search Paths”. Double-click on the field under the target column and add the following path: $(PROJECT_DIR)/sqlcipher/src:

Next, add a setting to ensure that SQLCipher is the first library linked with your application in the “Other Linker Flags” setting. Start typing “Other Linker Flags” into the search field until the setting appears, double click to edit it, and add the following value: $(BUILT_PRODUCTS_DIR)/libsqlcipher.a

You will next edit one other setting on your Project to ensure the SQLCipher builds correctly—”Other C Flags.” Start typing “Other C Flags” into the search field until the setting appears, double click to edit it, and in the pop-up add the following value: -DSQLITE_HAS_CODEC

Target Settings

Next, navigate to the Target Level settings. Add a Target dependency to each of your application targets to ensure that SQLCipher is compiled before the application code. In Xcode’s Project Navigator (command+1), select your app’s Project file and in the Editor pane select Build Phases and your app’s main target (not the project file).

Expand Target Dependencies and click on the + button at the end of the list. In the browser that opens, select the sqlcipher static library target:

Add Target Dependency

Expand Link Binary With Libraries, click on the +button at the end of the list, and select the libsqlcipher.a library.

Link Binary With Libraries

Finally, also under Link With Libraries, add Security.framework.

? Hot Tip: If libsqlite3.dylib or another SQLite framework is listed in your Link Binary With Libraries list be sure to remove it!

Repeat these steps for any other targets in your project that will depend on SQLCipher, i.e. unit tests.

Integration Code

Now that the SQLCipher library is incorporated into the project you can start using the library immediately. Telling SQLCipher to encrypt a database is easy:

  • Open the database
  • Use the sqlite3_key function to provide key material. In most cases this should occur as the first operation after opening the database.
  • Run a query to verify the database can be opened (i.e. by querying the schema)
  • As a precautionary measure, run a query to ensure that the application is using SQLCipher on the active connection
#import <sqlite3.h>

...
NSString *databasePath = [[NSSearchPathForDirectoriesInDomains(NSDocumentDirectory, NSUserDomainMask, YES) objectAtIndex:0]
                          stringByAppendingPathComponent: @"sqlcipher.db"];
sqlite3 *db;
bool sqlcipher_valid = NO;

if (sqlite3_open([databasePath UTF8String], &db) == SQLITE_OK) {
    const char* key = [@"BIGSecret" UTF8String];
    sqlite3_key(db, key, strlen(key));
    if (sqlite3_exec(db, (const char*) "SELECT count(*) FROM sqlite_master;", NULL, NULL, NULL) == SQLITE_OK) {
      if(sqlite3_prepare_v2(database, "PRAGMA cipher_version;", -1, &stmt, NULL) == SQLITE_OK) {
        if(sqlite3_step(stmt)== SQLITE_ROW) {
          const unsigned char *ver = sqlite3_column_text(stmt, 0);
          if(ver != NULL) {
            sqlcipher_valid = YES;

            // password is correct (or database initialize), and verified to be using sqlcipher

          }
        }
        sqlite3_finalize(stmt);
      }
    }
    sqlite3_close(db);
}

In most cases SQLCipher uses PBKDF2, a salted and iterated key derivation function, to obtain the encryption key. Alternately, an application can tell SQLCipher to use a specific binary key in blob notation (note that SQLCipher requires exactly 256 bits of key material), i.e.

PRAGMA key = "x'2DD29CA851E7B56E4697B0E1F08507293D761A05CE4D1B628663F411A8086D99'";

Once the key is set SQLCipher will automatically encrypt all data in the database! Note that if you don’t set a key then SQLCipher will operate identically to a standard SQLite database.

Testing and Verification

There are a number of ways that you can verify SQLCipher is working as expected in your applications before its release to users.

After the application is wired up to use SQLCipher, take a peek at the resulting data files to make sure everything is in order. An ordinary SQLite database will look something like the following under hexdump. Note that the file type, schema, and data are clearly readable.

% hexdump -C plaintext.db
00000000  53 51 4c 69 74 65 20 66  6f 72 6d 61 74 20 33 00  |SQLite format 3.|
00000010  04 00 01 01 00 40 20 20  00 00 00 04 00 00 00 00  |.....@  ........|
...
000003b0  00 00 00 00 24 02 06 17  11 11 01 35 74 61 62 6c  |....$......5tabl|
000003c0  65 74 32 74 32 03 43 52  45 41 54 45 20 54 41 42  |et2t2.CREATE TAB|
000003d0  4c 45 20 74 32 28 61 2c  62 29 24 01 06 17 11 11  |LE t2(a,b)$.....|
000003e0  01 35 74 61 62 6c 65 74  31 74 31 02 43 52 45 41  |.5tablet1t1.CREA|
000003f0  54 45 20 54 41 42 4c 45  20 74 31 28 61 2c 62 29  |TE TABLE t1(a,b)|
...
000007d0  00 00 00 14 02 03 01 2d  02 74 77 6f 20 66 6f 72  |.......-.two for|
000007e0  20 74 68 65 20 73 68 6f  77 15 01 03 01 2f 01 6f  | the show..../.o|
000007f0  6e 65 20 66 6f 72 20 74  68 65 20 6d 6f 6e 65 79  |ne for the money|

Fire up the SQLCipher application in simulator and look for the application database files under /Users/sjlombardo/Library/Application Support/iPhone Simulator/5.0/Applications/<Instance ID>/Documents. Try running hexdump on the application database. With SQLCipher the output should looks completely random, with no discerning characteristics at all.

% hexdump -C sqlcipher.db
00000000  1b 31 3c e3 aa 71 ae 39  6d 06 f6 21 63 85 a6 ae  |.1<..q.9m..!c...|
00000010  ca 70 91 3e f5 a5 03 e5  b3 32 67 2e 82 18 97 5a  |.p.>.....2g....Z|
00000020  34 d8 65 95 eb 17 10 47  a7 5e 23 20 21 21 d4 d1  |4.e....G.^# !!..|
...
000007d0  af e8 21 ea 0d 4f 44 fe  15 b7 c2 94 7b ee ca 0b  |..!..OD.....{...|
000007e0  29 8b 72 93 1d 21 e9 91  d4 3c 99 fc aa 64 d2 55  |).r..!...<...d.U|
000007f0  d5 e9 3f 91 18 a9 c5 4b  25 cb 84 86 82 0a 08 7f  |..?....K%.......|
00000800

Other sensible testing steps include:

  • Attempt to open a database with a correct key and verify that the operation succeeds
  • Attempt to open a database with an incorrect key and verify that the operation fails
  • Attempt to open a database without any key, and verify the operation fails
  • Programtically inspect the first 16 bytes of the database file and ensure that it contains random data (i.e. not the string SQLite Format 3\0)

来源:https://www.zetetic.net/sqlcipher/ios-tutorial/

如何使mac os x支持sap的web portal

以前在Mac OS X上使用firefox访问sap 的web portal时,往往在验证用户名和口令之后,就被告知访问失败。本来以为是操作系统+浏览器的问题,直到最近windows 7也遇到此类问题,并得到完美解决之后,我才想到,Mac OS X上估计也能如法炮制。

Windows 7上的解决方案是在本地安全策略中启用kerberos验证。实际上firefox也有一个启用kerberos的过程。具体的步骤如下 :
  •  In the address bar of Firefox, type about:config to display the list of current configuration options.
  • In the Filter field, type negotiate to restrict the list of options.
  • Double-click the network.negotiate-auth.trusted-uris entry to display the Enter string value dialog box.
  • Enter the name of the domain against which you want to authenticate, for example, .example.com.
  • Repeat the above procedure for the network.negotiate-auth.delegation-uris entry, using the same domain.光有这步还不够,还需要拿到kerberos验证需要的ticket.方法如下:

    在shell下运行 kinit username@DOMAIN.NAME

    后面的域名一定要用大写,小写会导致验证失败。

    根据提示输入密码之后,就能够拿到ticket了。接下来再用firefox访问sap web portal,就没有任何问题了。

来源://blog.chinaunix.net/uid-11093116-id-180489.html

PHP7 Support PThread

In PHP7 etc/standard/php_smart_str.h has been renamed to etc/standard/php_smart_string.h.

错误描述:

php-7.0.0beta3/ext/pthreads/php_pthreads.c:22:
./src/pthreads.h:41:10: fatal error: ‘ext/standard/php_smart_str.h’ file not
found
#include <ext/standard/php_smart_str.h>
^
1 error generated.
make: *** [php_pthreads.lo] Error 1

https://github.com/gophp7/gophp7-ext/wiki/extensions-catalog

https://github.com/krakjoe/pthreads/tree/seven

今天在github 上发现一个新的分支seven 可用在php7

下载之

使用当前最新php版本 php-7.0.0RC2

➜  /Users/liyunde/Downloads/pthreads-seven  >phpize7
Configuring for:
PHP Api Version:         20131218
Zend Module Api No:      20141001
Zend Extension Api No:   320140815

配置

➜  /Users/liyunde/Downloads/pthreads-seven  >./configure –with-php-config=php-config7 –enable-pthreads

…..

creating libtool
appending configuration tag “CXX” to libtool
configure: creating ./config.status
config.status: creating config.h

编译,安装

make -j2

make test

sudo make install

make 通过,工作正常,enjoy !

 

更新到10.10.3,但是出现finder缓慢,文件夹长时间菊花问题

问题出现:

更新后,finder只要打开本次启动没打开过的文件夹,就会转很久菊花(窗口右下角状态栏),才能刷出来。
删除到废纸篓和清空都变得很缓慢 有卡顿。其它程序打开文件时调用finder 选择文件也变得很慢。

解决方案:

1,如果使用了内存盘,请关闭RamDisk
2.  去掉系统文件的ln 特别是tmp ,cache,logs,并放回原来的位置,
如果不在系统默认位置,依然会菊花很久,/var/folders/xx/乱序码/T,是放用户临时文件的地方,不能换位置,也不能放内存盘,不然就会菊花
3. 要关闭系统,再启动,用重启好像是不行地,(reboot也不行)
4.可以回复ram使用,不过依然会有些小问题,还是不要用了,对磁盘读写负担没有减少

 

同类问题: http://bbs.pcbeta.com/forum.php?mod=viewthread&tid=1591396

@liyunde