commit 06dbc836a47160d51ab10f8b9d4ca356beaa7cdb
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue Apr 16 18:06:47 2024 +0200
wireguard.cgi: Add a basic CGI to configure the global settings
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
Similar to xdp-tools to add ebpf network program.
we can use libbpf-bootstrap as facility to add ebpf
tracing program.
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
rebase xdp-tools from upstream xdp-tools 1.5.4. there is
Makefile conflict when rebase because 1.5.4 added xdp-forward.
manually resolve the rebase conflict by put loongfire xdp program
at the end:
for example instruction from deepseek:
Open the Makefile in a text editor and locate the conflict:
makefile
ifneq ($(BPFTOOL),)
<<<<<<< HEAD
UTILS += xdp-bench xdp-forward xdp-monitor xdp-trafficgen
=======
UTILS += xdp-bench xdp-monitor xdp-trafficgen xdp-synproxy
>>>>>>> d8ebb16 (Add xdp-synproxy)
endif
Understand the conflict:
The HEAD (upstream/main) version includes xdp-forward.
Your commit (d8ebb16) adds xdp-synproxy but removes xdp-forward.
Resolve the conflict by including both changes:
Keep xdp-forward from HEAD.
Add xdp-synproxy from your commit.
The merged line should look like this:
makefile
UTILS += xdp-bench xdp-forward xdp-monitor xdp-trafficgen xdp-synproxy
Remove the conflict markers (<<<<<<<, =======, >>>>>>>).
edit result:
ifneq ($(BPFTOOL),)
UTILS += xdp-bench xdp-forward xdp-monitor xdp-trafficgen xdp-synproxy
endif
Save the file after making these changes.
Stage the resolved Makefile and continue the rebase:
git add Makefile
git rebase --continue
repeat editing Makefile and git rebase --continue for below program
xdp-dnsrrl
xdp-udp
xdp-dns
xdp-sni
xdp-geoip
xdp-udpddos
xdp-tailcall
xdp-synproxy-tailcall
xdp-ddos
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
add tcpddosctrl to start/stop/status XDP
TCP DDoS program from tcp-ddos.cgi safely.
permission of tcpddosctrl
chown root.nobody /usr/local/bin/tcpddosctrl
chmod u+s /usr/local/bin/tcpddosctrl
result:
-rwsr-x--- 1 root nobody 14672 Mar 19 09:58 /usr/local/bin/ddosctrl
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
note config/etc/* is copied through lfs/stage2
so changes made in config/etc/* requires to
rm stage2 build log to rebuild stage2.
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
add xdp_ddos XDP main program with bpf tail
call table and user space xdp-ddos program
to load and insert protocol DDoS program like
TCP or UDP or ICMP into bpf tail call table.
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
add ddos init to load/attach XDP DDoS main
program with empty tail call table as place
holder for tcp, udp, icmp...etc XDP DDoS program
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
loxilb ebpf program relies on libbpf 0.8
which does not have loongarch64 support.
backported libbpf 1.2.3 loongarch support
to libbpf 0.8
loxilb 0.9.8 now load ebpf program through
libbpf, no external ntc command required, so
remove ntc
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
add loongarch64 directory similar to riscv
with samba. missing loongarch64 directory and
a package under it will result package build
error:
ERROR: No such file or directory: BASEDIR/README.md
fix: https://github.com/vincentmli/BPFire/issues/71
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
these packages ended up with error
tar: Exiting with failure status due to previous errors
remove them for now
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
Loongarch64 does not support bpf trampoline
and freplace, so we can't use libxdp to attach
multiple XDP program to same network interface.
Loongarch64 supports bpf tail call, so we can still
use xdp-loader to load XDP program, and use bpf tail
call to call each XDP program. now we can tail call
DNS and TLS SNI XDP program on green0 interface
change user space program to take bpf map path as
command line argument so X86 and Loongarch64 can share
same user space program
https://github.com/vincentmli/xdp-tools
commit d18f8a7b48094c861a8ee0d5c0d52e93a01edca4
Author: Vincent Li <vincent.mc.li@gmail.com>
Date: Tue Jan 7 22:14:40 2025 -0800
xdp-tools: add bpf map path as cmd line argument
add XDP DNS and TLS SNI user space program command
line argument for bpf map so X86 and Loongarch can
share the same XDP user space program
commit 5d713b40dd2d0ce399f618179a2add6c07882e2a
Author: Vincent Li <vincent.mc.li@gmail.com>
Date: Mon Jan 6 21:09:25 2025 -0800
xdp-tailcall: add DNS XDP program
add DNS XDP program as tail called program
commit ad2a4e600140f8bf7a577470566efcdf11f6e214
Author: Vincent Li <vincent.mc.li@gmail.com>
Date: Mon Jan 6 20:36:43 2025 -0800
xdp-tailcall: add XDP tailcall
Loongarch64 does not support bpf trampoline and
freplace, so use tail call to call XDP program.
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
Initial list of changes required to build iso
and flash image successfully:
1 softwares require config.guess and config.stub
update with loongarch support
2 no rust build and no suricata which depends on rust
3 comment out python 3.10 lib-dynload and config-3.10-xxxMACHINExxx-linux-gnu
4 lfs/cdrom lfs/Config loongarch seems requiring capital EFI boot image name
to boot properly
5 comment out a few softwares that are not needed for now
iso can be installed to loongarch PC hard drive, but
fail to boot.
flash image can be dd to USB drive, then boot loongarch
PC from USB drive, then dd from USB drive to loongarch
PC hard drive
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
This patch adds the prosibility to place additional *.config files in /etc/ssh/sshd_config.d/
which will be included and loaded during the daemon startup process.
Because this files will not be overwritten by any update, they can be used to place custom
or other persistent settings.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
the /etc/collectd.d/ folder must have at least one file in it
so this add an file with a comment that custom configs should placed
there.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
