bpfire

mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-09 18:45:54 +02:00

Author	SHA1	Message	Date
Vincent Li	1d9414d761	firewall: Add support for WireGuard peers to groups commit 1de96a83d6d6cec5d4d3eda1792aa80bfbd8fafe Author: Michael Tremer <michael.tremer@ipfire.org> Date: Wed Apr 23 12:35:52 2025 +0200 firewall: Add support for WireGuard peers to groups Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-06-27 11:58:04 -07:00
Vincent Li	8cb4ea1e31	firewall: Add WireGuard RW to the UI commit 5a1c02df8973b3acc5c3101a94e86fe6df4b43b6 Author: Michael Tremer <michael.tremer@ipfire.org> Date: Thu Sep 12 19:39:26 2024 +0200 firewall: Add WireGuard RW to the UI Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-06-27 08:28:11 -07:00
Vincent Li	f4c22fcd54	wireguard.cgi: Add CGI to configure wireguard commit 06dbc836a47160d51ab10f8b9d4ca356beaa7cdb Author: Michael Tremer <michael.tremer@ipfire.org> Date: Tue Apr 16 18:06:47 2024 +0200 wireguard.cgi: Add a basic CGI to configure the global settings Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-06-26 15:18:50 -07:00
Vincent Li	95b06e6e28	wireguard: install empty config and UI functions Author: Michael Tremer <michael.tremer@ipfire.org> Date: Wed Sep 11 02:24:49 2024 +0200 wireguard: Move functions into their own file Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> commit 85ec8363a873100fc1bb49e3c01f9f63bf97c6e1 Author: Michael Tremer <michael.tremer@ipfire.org> Date: Wed Aug 14 15:55:06 2024 +0000 wireguard: Install empty configuration files Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-06-26 08:53:27 -07:00
Vincent Li	6e6cf9e463	wireguard: Add wireguard initscript commit b78ba3624f0a11c060ad06dbd65741b82684d93e Author: Michael Tremer <michael.tremer@ipfire.org> Date: Tue Apr 16 16:17:59 2024 +0200 wireguard: Add initscript Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-06-26 08:07:13 -07:00
Vincent Li	09073df309	wireguard-tools: add wireguard tools backport IPFire wireguard-tools to loongfire Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-06-25 17:08:53 -07:00
Vincent Li	9d20e54edc	knot: upgrade to 3.4.7 enable XDP and add kxdpgun utility for dnsdist AF_XDP performance test [0] [0]: https://www.dnsdist.org/advanced/xsk.html Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-06-23 10:07:29 -07:00
Vincent Li	59e389cbfe	dnsdist: correct xsk sample config when use /etc/rc.d/init.d/dnsdist to start dnsdist with the sample xsk config, it results in startup error [0]. correct the xsk sample config. [0]: https://github.com/PowerDNS/pdns/discussions/15713 Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-06-23 08:58:02 -07:00
Vincent Li	a166b8644c	dnsdist: add sample xsk AF_XDP config a simple working config sample for xsk AF_XDP Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-06-19 20:28:10 -07:00
Vincent Li	21b5b4abfc	xdp-tools: add dnsdist_xdp.bpf.o upgrade xdp-tools to 1.5.5 and add dnsdist_xdp.bpf.o for dnsdist xsk AF_XDP Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-06-19 15:58:48 -07:00
Vincent Li	9217ea3ca4	dnsdist: move dnsdist to core package install the default dnsdist configuration file Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-06-18 11:13:34 -07:00
Vincent Li	31af08151a	pwru: ebpf pwru tool addon for network diagnosis pwru is ebpf based kernel tracing tool for network issue diagnosis. pwru build issue on loongfire [0] to prepare to run pwru on loongfire: mount -t debugfs none /sys/kernel/debug echo 0 > /proc/sys/kernel/kptr_restrict [0]: https://github.com/cilium/pwru/issues/559#issuecomment-2949507451 Signed-off-by: Vinent Li <vincent.mc.li@gmail.com>	2025-06-09 09:00:18 -07:00
Vincent Li	e475873eda	linux: enable config kprobe multi attachment We are going to add pwru for packet drop related trouble shooting, pwru by default requires kernel with kprobe multi attachment, enable kernel config for that. Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-06-06 17:39:30 -07:00
Vincent Li	fb79d84593	ply: add ply addon for tracing Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-06-04 17:57:52 -07:00
Vincent Li	abdbcb16ad	yt6801: match yt6801 driver with kernel kernel upgraded to 6.15.0. yt6801 kernel modules should match to 6.15.0 Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-06-04 17:55:27 -07:00
Vincent Li	2a075de538	libbpf-bootstrap: add netqtop netqtop requires tracepoint, need to: mount -t tracefs tracefs /sys/kernel/tracing Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-06-03 09:18:45 -07:00
Vincent Li	5376c3b290	libbpf-bootstrap: port bcc libbpf-tools profile add bcc libbpf-tools profile to libbpf-bootstrap Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-05-19 11:57:54 -07:00
Vincent Li	52604d1d8f	libbpf-bootstrap: add ebpf tracing program Similar to xdp-tools to add ebpf network program. we can use libbpf-bootstrap as facility to add ebpf tracing program. Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-05-19 08:38:25 -07:00
Vincent Li	01b6865f4b	Perl: Add Net ISP load balancer Perl Net-ISP-Balance can be used for ISP Internet connection load balancing [0], it depends on Net-Netmask module. [0]: https://lstein.github.io/Net-ISP-Balance/ Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-05-16 14:06:08 -07:00
Vincent Li	a43dcad754	xdp-tools: add tc-loader and tc-dummy.bpf program Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-05-14 11:41:23 -07:00
Vincent Li	b359042d4d	xdp-tools: upgrade to upstream 1.5.4 rebase xdp-tools from upstream xdp-tools 1.5.4. there is Makefile conflict when rebase because 1.5.4 added xdp-forward. manually resolve the rebase conflict by put loongfire xdp program at the end: for example instruction from deepseek: Open the Makefile in a text editor and locate the conflict: makefile ifneq ($(BPFTOOL),) <<<<<<< HEAD UTILS += xdp-bench xdp-forward xdp-monitor xdp-trafficgen ======= UTILS += xdp-bench xdp-monitor xdp-trafficgen xdp-synproxy >>>>>>> d8ebb16 (Add xdp-synproxy) endif Understand the conflict: The HEAD (upstream/main) version includes xdp-forward. Your commit (d8ebb16) adds xdp-synproxy but removes xdp-forward. Resolve the conflict by including both changes: Keep xdp-forward from HEAD. Add xdp-synproxy from your commit. The merged line should look like this: makefile UTILS += xdp-bench xdp-forward xdp-monitor xdp-trafficgen xdp-synproxy Remove the conflict markers (<<<<<<<, =======, >>>>>>>). edit result: ifneq ($(BPFTOOL),) UTILS += xdp-bench xdp-forward xdp-monitor xdp-trafficgen xdp-synproxy endif Save the file after making these changes. Stage the resolved Makefile and continue the rebase: git add Makefile git rebase --continue repeat editing Makefile and git rebase --continue for below program xdp-dnsrrl xdp-udp xdp-dns xdp-sni xdp-geoip xdp-udpddos xdp-tailcall xdp-synproxy-tailcall xdp-ddos Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-05-09 10:36:54 -07:00
Vincent Li	b9262e849b	haproxy: move haproxy to core Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-04-29 09:45:28 -07:00
Vincent Li	5df5d88abd	loxilb: add loxilb init script add loxilb init script and initial loxilb FW settings Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-04-27 10:48:42 -07:00
Vincent Li	dd845dd9a2	suricata: legacy eBPF map to BTF map backport legacy eBPF map is deprecated by installed libbpf, backport the https://github.com/OISF/suricata/pull/9969 to suricata 7.0.7. add suricata sample XDP configuration in IPS mode Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-04-21 14:13:43 -07:00
Vincent Li	f27e7b914c	suricata: enable eBPF build Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-04-21 14:13:31 -07:00
Vincent Li	cb07f32583	firewall: add firewall bridge IP for UI access when firewall switched to bridge mode, we want to have WebUI access to manage the firewall, allow user setup IP address on the firewall bridge interface through the UI. Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-04-17 09:13:50 -07:00
Vincent Li	04f60a6291	firewall: replace echo initial optionsfw settings use echo initial optionsfw settings seems creating duplicated optionsfw settings. Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-04-17 09:13:50 -07:00
Vincent Li	6eef7f8535	firewall: add firewall bridge mode add firewall bridge mode so it can be used as layer 2 inline bridge for either DDoS protection or firewall filter by iptable rules configured in netfilter filter table forward chain. Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-04-17 09:13:50 -07:00
Vincent Li	76a3e13006	tcp ddos: add XDP TCP DDoS UI Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-04-17 09:13:38 -07:00
Vincent Li	725f7278be	tcp ddos: add tcpddosctrl for safe execution add tcpddosctrl to start/stop/status XDP TCP DDoS program from tcp-ddos.cgi safely. permission of tcpddosctrl chown root.nobody /usr/local/bin/tcpddosctrl chmod u+s /usr/local/bin/tcpddosctrl result: -rwsr-x--- 1 root nobody 14672 Mar 19 09:58 /usr/local/bin/ddosctrl Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-04-02 14:19:28 -07:00
Vincent Li	967a0319b4	syslog: log kernel message to kern.log note config/etc/* is copied through lfs/stage2 so changes made in config/etc/* requires to rm stage2 build log to rebuild stage2. Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-04-01 17:42:01 -07:00
Vincent Li	245634dacd	initscripts: add TCP DDoS XDP program init script Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-04-01 13:38:09 -07:00
Vincent Li	6aaec8d485	xdp-tools: Add xdp-ddos XDP main program add xdp_ddos XDP main program with bpf tail call table and user space xdp-ddos program to load and insert protocol DDoS program like TCP or UDP or ICMP into bpf tail call table. Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-04-01 13:38:09 -07:00
Vincent Li	88c90aadcd	ddos: add ddos init script add ddos init to load/attach XDP DDoS main program with empty tail call table as place holder for tcp, udp, icmp...etc XDP DDoS program Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-04-01 13:38:02 -07:00
Vincent Li	6ff3d8e48e	Firewall UI: Add iptables rules for XDP SYNPROXY Add firewall WebUI and firewall iptables rules for XDP SYNPROXY Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-03-27 19:24:05 -07:00
Vincent Li	0f9937c78f	xdp-tools: Add XDP synproxy tailcall program LoongArch does not support bpf trampoline, so use tail call to call XDP synproxy program Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-03-25 19:41:42 -07:00
Vincent Li	42f3680941	linux: switch CONFIG_DWMAC_LOONGSON to module bpftool net unable to show attached tc BPF program, switch dwmac_loongson to module to use rmsmod dwmac_loongson; insmod dwmac_loongson as workaround [0] [0]:https://github.com/libbpf/bpftool/issues/185#issuecomment-2744477168 Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-03-25 19:41:42 -07:00
Vincent Li	532063b124	linux: enable kernel CONFIG_BPF_JIT_ALWAYS_ON Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-03-08 18:31:57 -08:00
Vincent Li	79e0a3fcdb	linux: enable bootparam softlockup/hardlockup enable hardlockup/softlockup to dump backtrace if kernel hit hardlockup/softlockup Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-02-16 13:51:52 -08:00
Vincent Li	04a4907087	loxicmd: add loxicmd for loongarch64 Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-01-29 08:36:00 -08:00
Vincent Li	beb7cdabf7	loxilb: add loxilb 0.9.8 addon for loongarch64 loxilb ebpf program relies on libbpf 0.8 which does not have loongarch64 support. backported libbpf 1.2.3 loongarch support to libbpf 0.8 loxilb 0.9.8 now load ebpf program through libbpf, no external ntc command required, so remove ntc Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-01-28 19:09:10 -08:00
Vincent Li	c0a92ea299	packages: add loongarch64 directory add loongarch64 directory similar to riscv with samba. missing loongarch64 directory and a package under it will result package build error: ERROR: No such file or directory: BASEDIR/README.md fix: https://github.com/vincentmli/BPFire/issues/71 Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-01-14 12:14:55 -08:00
Vincent Li	5cafdf74f8	packages: remove packages with package error these packages ended up with error tar: Exiting with failure status due to previous errors remove them for now Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-01-14 10:26:38 -08:00
Vincent Li	b4ffafc531	XDP UI: add XDP DNS monitor block logging Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-01-11 10:19:34 -08:00
Vincent Li	ec28da3453	XDP UI: add UI for XDP TLS SNI logging Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-01-11 10:13:54 -08:00
Vincent Li	8c30bad8f8	xdp-tailcall: add xdp-tailcall init script xdp-tailcall init script to start/stop XDP tail call program DNS and TLS SNI on green0 interface Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-01-10 10:56:15 -08:00
Vincent Li	dec6a99c77	xdp-tools: add xdp-tailcall Loongarch64 does not support bpf trampoline and freplace, so we can't use libxdp to attach multiple XDP program to same network interface. Loongarch64 supports bpf tail call, so we can still use xdp-loader to load XDP program, and use bpf tail call to call each XDP program. now we can tail call DNS and TLS SNI XDP program on green0 interface change user space program to take bpf map path as command line argument so X86 and Loongarch64 can share same user space program https://github.com/vincentmli/xdp-tools commit d18f8a7b48094c861a8ee0d5c0d52e93a01edca4 Author: Vincent Li <vincent.mc.li@gmail.com> Date: Tue Jan 7 22:14:40 2025 -0800 xdp-tools: add bpf map path as cmd line argument add XDP DNS and TLS SNI user space program command line argument for bpf map so X86 and Loongarch can share the same XDP user space program commit 5d713b40dd2d0ce399f618179a2add6c07882e2a Author: Vincent Li <vincent.mc.li@gmail.com> Date: Mon Jan 6 21:09:25 2025 -0800 xdp-tailcall: add DNS XDP program add DNS XDP program as tail called program commit ad2a4e600140f8bf7a577470566efcdf11f6e214 Author: Vincent Li <vincent.mc.li@gmail.com> Date: Mon Jan 6 20:36:43 2025 -0800 xdp-tailcall: add XDP tailcall Loongarch64 does not support bpf trampoline and freplace, so use tail call to call XDP program. Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-01-07 15:41:25 -08:00
Vincent Li	61f117be83	linux: set CONFIG_ARCH_STRICT_ALIGN=n set CONFIG_ARCH_STRICT_ALIGN=n to enable CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS. this allows loading BPF program with unaligned memory access generated by clang, see [0]. this change might cause BPF program fail to load in loongarch CPU models that require strict aligned memory access. [0]: https://github.com/vincentmli/BPFire/issues/69 Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-01-02 10:04:17 -08:00
Vincent Li	304abcd541	tcpdump: move tcpdump strace to core package Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2024-12-25 11:46:30 -08:00
Vincent Li	cfefb2a884	xdp-tools: add xdp-tools Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2024-12-22 11:28:31 -08:00

1 2 3 4 5 ...

12436 Commits