commit ced17feca631f6963a2439f41ef09a7db048f316 (HEAD -> main)
Author: Vincent Li <vincent.mc.li@gmail.com>
Date: Mon Oct 20 21:28:17 2025 -0700
tc-basic-classifier: fix tcp port Endianess bug by AI
AI generated class_filter program stored the tcp port in network order,
but in bpf program the tcp port is converted to host order, and result in
tcp port lookup failure, unable to get the correct classid, fail to do rate
classification.
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
commit a18fe4be0374ab1efb21c1228a5c5790ded7636e
Author: Vincent Li <vincent.mc.li@gmail.com>
Date: Mon Oct 20 19:15:34 2025 -0700
tc-basic-classifier: classify port and IP from bpf map
add port and IP rate classification based on bpf map so user could
add or remove port/IP rate classification dynamically at run time
since TC class works on egress direction, so port rate classification
works on red0 egress, and IP rate classification works on green0 egress
port rate classification:
class_filter -a -b ./class_filter.bpf.o -i red0 -v
class_filter -i red0 --add-port 8080:10:80mbit
class_filter -i red0 --add-port 8081:20:40mbit
class_filter -i red0 --delete-port 8080
class_filter -i red0 --list-ports
IP rate classification:
class_filter -a -b ./class_filter.bpf.o -i green0 -v
class_filter -i red0 --add-ip 192.168.1.0/24:40:30mbit
class_filter -i red0 --delete-ip 192.168.1.0/24
class_filter -i red0 --list-ips
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
commit 12280ef22ae49f75eda047144ed3e9dc0f73e04a
Author: Vincent Li <vincent.mc.li@gmail.com>
Date: Fri Oct 17 19:45:07 2025 -0700
tc-basic-classifier: add user space program
the bpf skel header is generated only if USER_TARGETS
is added in Makefile, so add a dummy user space program.
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
commit fe5cc1814af4c995f61ec08708110deef7a65c45
Author: Vincent Li <vincent.mc.li@gmail.com>
Date: Fri Oct 17 19:28:45 2025 -0700
xdp-tools: rebase on upstream xdp-tools main branch
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
commit 7dee7fd954c06a3c58bedbb5561b9ee65c3f749f
Author: Vincent Li <vincent.mc.li@gmail.com>
Date: Fri Oct 17 18:39:59 2025 -0700
tc-basic-classifier: rename the class filter
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
- The regex code does not extract out the chain and so it is missed off from the log output
when it is exported.
- Changed code tested out on my vm testbed and confirmed to work and include the chain in
the output.
Fixes: Bug13492
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Bernhard Bitsch <bbitsch@ipfre.org>
- Configure Zabbix Agent to log to syslog instead of its own logs.
- Remove old zabbix log-dir and logrotate settings from rootfile, lfs
and install-script.
- Update log.dat to view Zabbix Agent logging from syslog.
Signed-off-by: Robin Roevens <robin.roevens@disroot.org>
- Most of the packages being searched for in the system logs section only put hostname into
the logs. However HAProxy puts the FQDN. Reviewing RFC 5424 shows that this is following
the requirements. The preferred order fromn the RFC is
1. FQDN
2. Static IP address
3. hostname
4. Dynamic IP address
5. the NILVALUE
- Most of the programs are using option 3 but option 1 is valid for HAProxy
- The regex change filters out the hostname from the FQDN if an extra 'dot' is present
Fixes: Bug#12922
Suggested-by: Michael <ip.fire@die-fritzens.de>
Tested-by: Michael <ip.fire@die-fritzens.de>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Patch tested out on my production system that has apcupsd running on it. APCUPS was
in the list of options in the system logs and entries from apcupsd were extracted
correctly in the wui.
Fixes: Bug#12950
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
- Removed remnant from IPCop on URL Filter Logs Export page.
Signed-off-by: Jon Murphy <jon.murphy@ipfire.org>
Reviewed-by: Bernhard Bitsch <bbitsch@ipfire.org>
The support for themes has been removed since ages, so we
do not need this anymore and may crash the page.
Signed-off-by: Rob Brewer <rob.brewer@ipfire.org>
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Bumping across one of our scripts with very long trailing whitespaces, I
thought it might be a good idea to clean these up. Doing so, some
missing or inconsistent licence headers were fixed.
There is no need in shipping all these files en bloc, as their
functionality won't change.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
This patch changes that we no longer interpret any dates put in by the
user as UTC. They used to be converted into localtime because, although
they have already been in local time.
This went unnoticed since in Europe we are close (enough) to UTC that
there is no significant discrepancy on the report. However, being in
North America is enough to generate confusing reports.
Reported-by: Paul <kairis@gmail.com>
Fixes: #12768
Tested-by: Jon Murphy <jon.murphy@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
In some cases iptables logs the protocol number instead of the name.
When accessing the logs via the WUI, this number has been displayed as used
protocol, which is very hard to read and understand.
This commit adds a new function to the general-functions.pl, which
generates a hash to translate the protocol number into the protocol
name.
Fixes#11282.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Reviewed-by: Bernhard Bitsch <bbitsch@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
This disables the theme support and makes it impossible to use any other
themes than the ipfire default theme.
The only intention of this patch is to hardcode the theme to ipfire.
To change any cgi we have is an ugly way, but the only way to do this
fast. The colour handling needs certainly to be improved as well, but
this will and should be done in other patches.
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
