webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-27 11:13:24 +02:00
Code Issues Packages Projects Releases Wiki Activity

ddos.cgi add DNS DDoS UI

Browse Source 
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
This commit is contained in:
Vincent Li
2024-04-18 02:29:27 +00:00
parent 56c5212374
commit fcdc42ea40
5 changed files with 84 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
config/cfgroot/dns-ddos-settings Normal file
View File

@@ -0,0 +1 @@
ENABLE_DNS_DDOS=off

51
html/cgi-bin/ddos.cgi
View File

@@ -37,6 +37,7 @@ my %color = ();
my %mainsettings = (); my %mainsettings = ();
my %ddossettings=(); my %ddossettings=();
my %udpddossettings=(); my %udpddossettings=();
my %dnsddossettings=();
my %checked=(); my %checked=();
my $errormessage=''; my $errormessage='';
my $counter = 0; my $counter = 0;
@@ -46,6 +47,7 @@ my $tcp_portfile = "${General::swroot}/ddos/tcp_ports";
my $udp_portfile = "${General::swroot}/ddos/udp_ports"; my $udp_portfile = "${General::swroot}/ddos/udp_ports";
my $ddossettingfile = "${General::swroot}/ddos/settings"; my $ddossettingfile = "${General::swroot}/ddos/settings";
my $udpddossettingfile = "${General::swroot}/ddos/udp-ddos-settings"; my $udpddossettingfile = "${General::swroot}/ddos/udp-ddos-settings";
my $dnsddossettingfile = "${General::swroot}/ddos/dns-ddos-settings";
&get_tcp_ports(); &get_tcp_ports();
&get_udp_ports(); &get_udp_ports();
@@ -59,8 +61,10 @@ my $udpddossettingfile = "${General::swroot}/ddos/udp-ddos-settings";
$ddossettings{'ENABLE_DDOS'} = 'off'; $ddossettings{'ENABLE_DDOS'} = 'off';
$udpddossettings{'ENABLE_UDP_DDOS'} = 'off'; $udpddossettings{'ENABLE_UDP_DDOS'} = 'off';
$dnsddossettings{'ENABLE_DNS_DDOS'} = 'off';
$ddossettings{'ACTION'} = ''; $ddossettings{'ACTION'} = '';
$udpddossettings{'UDP_ACTION'} = ''; $udpddossettings{'UDP_ACTION'} = '';
$udpddossettings{'DNS_ACTION'} = '';
&Header::getcgihash(\%ddossettings); &Header::getcgihash(\%ddossettings);
@@ -122,6 +126,25 @@ if ($udpddossettings{'UDP_ACTION'} eq $Lang::tr{'save'})
} }
&Header::getcgihash(\%dnsddossettings);
if ($udpddossettings{'DNS_ACTION'} eq $Lang::tr{'save'})
{
&General::writehash("$dnsddossettingfile", \%dnsddossettings);
if ($dnsddossettings{'ENABLE_DNS_DDOS'} eq 'on') {
&General::log($Lang::tr{'ddos is enabled'});
&General::system('/usr/bin/touch', "${General::swroot}/ddos/enableddos");
&General::system('/usr/local/bin/ddosctrl', 'start');
} else {
&General::log($Lang::tr{'ddos is disabled'});
&General::system('/usr/local/bin/ddosctrl', 'stop');
unlink "${General::swroot}/ddos/enableddos";
}
}
&Header::openpage($Lang::tr{'ebpf xdp ddos'}, 1, ''); &Header::openpage($Lang::tr{'ebpf xdp ddos'}, 1, '');
&Header::openbigbox('100%', 'left', '', $errormessage); &Header::openbigbox('100%', 'left', '', $errormessage);
@@ -242,6 +265,34 @@ END
&Header::closebox(); &Header::closebox();
print "</form>\n";
#
# Read configuration file.
&General::readhash("$dnsddossettingfile", \%dnsddossettings);
# Checkbox pre-selection.
my $dns_checked;
if ($dnsddossettings{'ENABLE_DNS_DDOS'} eq "on") {
$dns_checked = "checked='checked'";
}
# Print box to enable/disable locationblock.
print"<form method='POST' action='$ENV{'SCRIPT_NAME'}'>\n";
&Header::openbox('100%', 'center', $Lang::tr{'xdp dns'});
print <<END;
<table width='95%'>
<tr>
<td width='50%' class='base'>$Lang::tr{'xdp enable'}
<td><input type='checkbox' name='ENABLE_DNS_DDOS' $dns_checked></td>
<td align='center'><input type='submit' name='DNS_ACTION' value='$Lang::tr{'save'}'></td>
</tr>
</table>
END
&Header::closebox();
print "</form>\n"; print "</form>\n";
# Read configuration file. # Read configuration file.

1
langs/en/cgi-bin/en.pl
View File

@@ -1515,6 +1515,7 @@
'ebpf xdp ddos system' => 'eBPF XDP DDoS Protection System', 'ebpf xdp ddos system' => 'eBPF XDP DDoS Protection System',
'xdp tcp' => 'XDP TCP', 'xdp tcp' => 'XDP TCP',
'xdp udp' => 'XDP UDP', 'xdp udp' => 'XDP UDP',
'xdp dns' => 'XDP DNS',
'xdp enable' => 'Enable DDoS', 'xdp enable' => 'Enable DDoS',
'xdp tcp port' => 'TCP Ports', 'xdp tcp port' => 'TCP Ports',
'xdp udp port' => 'UDP Ports', 'xdp udp port' => 'UDP Ports',

3
lfs/configroot
View File

@@ -68,7 +68,7 @@ $(TARGET) :
fwhosts/customnetworks fwhosts/customhosts fwhosts/customgroups fwhosts/customservicegrp fwhosts/customlocationgrp fwlogs/ipsettings fwlogs/portsettings ipblocklist/modified \ fwhosts/customnetworks fwhosts/customhosts fwhosts/customgroups fwhosts/customservicegrp fwhosts/customlocationgrp fwlogs/ipsettings fwlogs/portsettings ipblocklist/modified \
ipblocklist/settings mac/settings main/hosts main/routing main/security main/settings optionsfw/settings \ ipblocklist/settings mac/settings main/hosts main/routing main/security main/settings optionsfw/settings \
ovpn/ccd.conf ovpn/ccdroute ovpn/ccdroute2 pakfire/settings portfw/config ppp/settings-1 ppp/settings-2 ppp/settings-3 ppp/settings-4 \ ovpn/ccd.conf ovpn/ccdroute ovpn/ccdroute2 pakfire/settings portfw/config ppp/settings-1 ppp/settings-2 ppp/settings-3 ppp/settings-4 \
ppp/settings-5 ppp/settings proxy/settings proxy/squid.conf proxy/advanced/settings proxy/advanced/cre/enable remote/settings ddos/settings ddos/tcp_ports ddos/udp-ddos-settings ddos/udp_ports qos/settings qos/classes qos/subclasses qos/level7config qos/portconfig \ ppp/settings-5 ppp/settings proxy/settings proxy/squid.conf proxy/advanced/settings proxy/advanced/cre/enable remote/settings ddos/settings ddos/tcp_ports ddos/udp-ddos-settings ddos/udp_ports ddos/dns-ddos-settings qos/settings qos/classes qos/subclasses qos/level7config qos/portconfig \
qos/tosconfig suricata/settings vpn/config vpn/settings vpn/ipsec.conf \ qos/tosconfig suricata/settings vpn/config vpn/settings vpn/ipsec.conf \
vpn/ipsec.secrets vpn/caconfig wakeonlan/clients.conf wireless/config wireless/settings; do \ vpn/ipsec.secrets vpn/caconfig wakeonlan/clients.conf wireless/config wireless/settings; do \
touch $(CONFIG_ROOT)/$$i; \ touch $(CONFIG_ROOT)/$$i; \
@@ -102,6 +102,7 @@ $(TARGET) :
cp $(DIR_SRC)/config/cfgroot/tcp_ports $(CONFIG_ROOT)/ddos/tcp_ports cp $(DIR_SRC)/config/cfgroot/tcp_ports $(CONFIG_ROOT)/ddos/tcp_ports
cp $(DIR_SRC)/config/cfgroot/udp-ddos-settings $(CONFIG_ROOT)/ddos/udp-ddos-settings cp $(DIR_SRC)/config/cfgroot/udp-ddos-settings $(CONFIG_ROOT)/ddos/udp-ddos-settings
cp $(DIR_SRC)/config/cfgroot/udp_ports $(CONFIG_ROOT)/ddos/udp_ports cp $(DIR_SRC)/config/cfgroot/udp_ports $(CONFIG_ROOT)/ddos/udp_ports
cp $(DIR_SRC)/config/cfgroot/dns-ddos-settings $(CONFIG_ROOT)/ddos/dns-ddos-settings
cp $(DIR_SRC)/config/cfgroot/time-settings $(CONFIG_ROOT)/time/settings cp $(DIR_SRC)/config/cfgroot/time-settings $(CONFIG_ROOT)/time/settings
cp $(DIR_SRC)/config/cfgroot/logging-settings $(CONFIG_ROOT)/logging/settings cp $(DIR_SRC)/config/cfgroot/logging-settings $(CONFIG_ROOT)/logging/settings
cp $(DIR_SRC)/config/cfgroot/ethernet-vlans $(CONFIG_ROOT)/ethernet/vlans cp $(DIR_SRC)/config/cfgroot/ethernet-vlans $(CONFIG_ROOT)/ethernet/vlans

29
src/initscripts/system/ddos
View File

@@ -25,6 +25,7 @@
eval $(/usr/local/bin/readhash /var/ipfire/ddos/settings) eval $(/usr/local/bin/readhash /var/ipfire/ddos/settings)
eval $(/usr/local/bin/readhash /var/ipfire/ddos/udp-ddos-settings) eval $(/usr/local/bin/readhash /var/ipfire/ddos/udp-ddos-settings)
eval $(/usr/local/bin/readhash /var/ipfire/ddos/dns-ddos-settings)
get_ports () { get_ports () {
# Define an empty variable to store the output # Define an empty variable to store the output
@@ -88,6 +89,17 @@ load_xdpudp () {
fi fi
} }
load_xdpdns () {
/usr/sbin/xdp-loader status red0 | grep 'xdp_dns'
if [ $? -ne 0 ]; then
xdp-loader load red0 -P 80 -p /sys/fs/bpf/xdp-dns -n xdp_dns /usr/lib/bpf/xdp_dnsrrl.bpf.o
if [ $? -ge 1 ]; then
boot_mesg "Native mode not supported, try SKB"
xdp-loader load red0 -m skb -P 80 -p /sys/fs/bpf/xdp-dns -n xdp_dns /usr/lib/bpf/xdp_dnsrrl.bpf.o
fi
fi
}
unload_syncookie () { unload_syncookie () {
sysctl -w net.ipv4.tcp_syncookies=1 sysctl -w net.ipv4.tcp_syncookies=1
/usr/sbin/xdp-loader status red0 | grep 'syncookie_xdp' /usr/sbin/xdp-loader status red0 | grep 'syncookie_xdp'
@@ -110,6 +122,17 @@ unload_xdpudp () {
fi fi
} }
unload_xdpdns () {
/usr/sbin/xdp-loader status red0 | grep 'xdp_dns'
if [ $? -eq 0 ]; then
prog_id=$(xdp-loader status red0 | grep 'xdp_dns' | awk '{print $4}')
/usr/sbin/xdp-loader unload -i $prog_id red0
/bin/rm -rf /sys/fs/bpf/xdp-dns
else
boot_mesg "Error xdp_dns not loaded!"
fi
}
tcp_ports="$(get_ports /var/ipfire/ddos/settings)" tcp_ports="$(get_ports /var/ipfire/ddos/settings)"
udp_ports="$(get_ports /var/ipfire/ddos/udp-ddos-settings)" udp_ports="$(get_ports /var/ipfire/ddos/udp-ddos-settings)"
@@ -127,6 +150,9 @@ case "$1" in
if [ "$ENABLE_UDP_DDOS" == "on" ]; then if [ "$ENABLE_UDP_DDOS" == "on" ]; then
load_xdpudp load_xdpudp
fi fi
if [ "$ENABLE_DNS_DDOS" == "on" ]; then
load_xdpdns
fi
;; ;;
stop) stop)
@@ -137,6 +163,9 @@ case "$1" in
if [ "$ENABLE_UDP_DDOS" == "off" ]; then if [ "$ENABLE_UDP_DDOS" == "off" ]; then
unload_xdpudp unload_xdpudp
fi fi
if [ "$ENABLE_DNS_DDOS" == "off" ]; then
unload_xdpdns
fi
;; ;;
restart) restart)