webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-09 18:45:54 +02:00
Code Issues Packages Projects Releases Wiki Activity
21,722 Commits 2 Branches 1 Tag
main
Commit Graph

777 Commits

Author SHA1 Message Date
Vincent Li
ec74268fa7 linux: upgrade to stable kernel 6.15.6 
6.15.6 include:

From 06a34f7db773e01efa8a90c5b4d912207a80dd60 Mon Sep 17 00:00:00 2001
From: Daniel Borkmann <daniel@iogearbox.net>
Date: Sun, 17 Nov 2024 22:20:30 +0100
Subject: [PATCH] wireguard: device: support big tcp GSO

Advertise GSO_MAX_SIZE as TSO max size in order support BIG TCP for wireguard.
This helps to improve wireguard performance a bit when enabled as it allows
wireguard to aggregate larger skbs in wg_packet_consume_data_done() via
napi_gro_receive(), but also allows the stack to build larger skbs on xmit
where the driver then segments them before encryption inside wg_xmit().
We've seen a 15% improvement in TCP stream performance.

Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Link: https://patch.msgid.link/20241117212030.629159-5-Jason@zx2c4.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
---
 drivers/net/wireguard/device.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/drivers/net/wireguard/device.c b/drivers/net/wireguard/device.c
index a2ba71fbbed46..6cf173a008e78 100644
--- a/drivers/net/wireguard/device.c
+++ b/drivers/net/wireguard/device.c
@@ -302,6 +302,8 @@ static void wg_setup(struct net_device *dev)
 	/* We need to keep the dst around in case of icmp replies. */
 	netif_keep_dst(dev);

+	netif_set_tso_max_size(dev, GSO_MAX_SIZE);
+
 	wg->dev = dev;
 }

Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
 2025-07-12 16:09:44 +00:00
Vincent Li
8af09f38e0 README: update README 
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
 2025-05-09 20:19:35 +00:00
Vincent Li
1cbd76f718 linux: upgrade kernel to 6.12.5 
loxilb dev branch has fix for kernel 6.12. now
we can upgrade kernel to 6.12.5

Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
 2025-02-11 23:44:14 +00:00
Vincent Li
2daee785d4 lunatik: remove lunatik 
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
 2025-02-04 17:07:13 +00:00
Vincent Li
064136634c linux: downgrade kernel to 6.10.11 
workaround https://github.com/vincentmli/BPFire/issues/75

Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
 2025-02-04 16:56:51 +00:00
Vincent Li
17d49c9d64 linux: upgrade kernel to 6.12.5 
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
 2025-01-02 18:11:19 +00:00
Vincent Li
2cf44838bf lfs/linux: install perf tool from linux source 
compile and install perf tool from linux
source for performance monitoring.

change the setting before run perf

echo -1 > /proc/sys/kernel/perf_event_paranoid
echo 0 > /proc/sys/kernel/kptr_restrict

Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
 2024-09-23 23:44:53 +00:00
Vincent Li
f89feeb197 kernel: use BPFire logo in kernel 
how to generate logo format:

apt-get install netpbm

1 convert png format to ppm format

pngtopnm bpfire-logo.png > bpfire-logo.ppm

2 reduce the color count to 224

ppmquant 224 bpfire-logo.ppm > bpfire-logo-224.ppm

3 convert ppm raw format to ascii format

pnmnoraw bpfire-logo-224.ppm > bpfire-logo-ascii.ppm
cp bpfire-logo-ascii.ppm config/kernel/

Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
 2024-09-21 02:41:51 +00:00
Vincent Li
1f42b720d0 kernel: upgrade to 6.10.11 
upgrade kernel to recent stable release 6.10.11

1, scripts/kconfig/merge_config.sh does not work for 6.10.11
2, vmlinux BTF binary name changed in 6.10.11
3, remove rtl8812au for now since it has compiling error
4, remove 5.15 nfqueue patch since it does not apply cleanly

also see [0]

[0]: https://github.com/vincentmli/BPFire/issues/41

Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
 2024-09-21 02:39:49 +00:00
Vincent Li
6723112498 lunatik: missing module BTF kfuncs not regstered 
error when run lunatik which loads lunatik kernel modules

root@bpfire-2 lua]# lunatik run examples/filter/sni false

[root@bpfire-2 lua]# dmesg

[  330.411665] lunatik: loading out-of-tree module taints kernel.
[  330.411680] lunatik: module verification failed: signature and/or required key missing - tainting kernel
[  330.433955] Kernel module BTF mismatch detected, BTF debug info may be unavailable for some modules
[  330.767701] missing module BTF, cannot register kfuncs

BPFire chroot build mount /sys/kernel/btf/vmlinux which is
the host binary vmlinux BTF to build against lunatik kernel module,
which result in above error. adjust BPFire kernel build to save
the binary vmlinux BTF to chroot
/lib/modules/6.6.15-ipfire/build/vmlinux for lunatik kernel module.

create the vmlinux.h from the same binary vmlinux BTF for the ebpf https.o

lunatik kernel module is depending on kernel build, adjust the lunatik
build accordingly when kerne upgrade in future.

See https://github.com/vincentmli/BPFire/issues/40
see https://github.com/luainkernel/lunatik/issues/189

Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
 2024-09-17 17:22:22 +00:00
Vincent Li
7212a66761 lunatik: re-arrange lunatik and kernel build order 
lunatik kernel modules requires kernel to be built first
so /lib/modules is available for lunatik

lunatik also requires resolve_btfids under:

/lib/modules/$(VER)-$(VERSUFIX)/build/tools/bpf/resolve_btfids/

Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
 2024-09-15 02:27:17 +00:00
Vincent Li
d7544e6192 Enable kernel BPF without tracing capability 
enable kernel BPF XDP/TC capability, no tracing

Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
 2024-04-09 01:50:14 +00:00
Vincent Li
ff7a427189 strip kernel module to reduce image size 
set strip option to 1 which is to strip modules
debug info. tried to strip all but result in file
system not found during iso installation.

fix: https://github.com/vincentmli/FireBeeOS/issues/3

Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
 2024-04-06 18:43:15 +00:00
Vincent Li
e97d70d152 Add bpftool 
bpftool comes with Linux kernel source and
it is handy to have bpftool on ipfire kernel
with BPF/BTF enabled to diagnosis BPF related
issue.

Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
 2024-03-01 04:08:01 +00:00
Arne Fitzenreiter
8c43d1481a kernel: update to 6.6.15 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2024-02-02 07:52:09 +00:00
Arne Fitzenreiter
0722f42ed2 kernel: update to 6.6.13 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2024-01-21 19:10:22 +01:00
Arne Fitzenreiter
a93525c0ca kernel: update to 6.6.12 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2024-01-16 12:41:08 +01:00
Arne Fitzenreiter
19e66d7e2b kernel: update to 6.6.11 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2024-01-11 10:30:13 +01:00
Arne Fitzenreiter
d303f7c154 kernel: update to 6.6.10 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2024-01-07 16:08:31 +01:00
Arne Fitzenreiter
3920ba127f kernel: update to 6.6.9 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2024-01-02 09:54:10 +01:00
Arne Fitzenreiter
bf92e55968 kernel: update to 6.6.8 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2023-12-21 13:50:59 +01:00
Arne Fitzenreiter
0108697131 kernel: update to 6.6.6 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2023-12-12 21:12:37 +01:00
Arne Fitzenreiter
5109f8ee7f kernel: update to 6.6.5 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2023-12-08 16:12:17 +01:00
Arne Fitzenreiter
a7c9eca495 kernel: update to 6.6.4 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2023-12-05 17:17:40 +00:00
Arne Fitzenreiter
941190cb3a kernel: update to 6.6.3 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
 2023-12-05 17:17:35 +00:00
Arne Fitzenreiter
95f9d9350d kernel: update to 6.6.2 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2023-12-05 17:15:48 +00:00
Arne Fitzenreiter
8a37e7f0e3 kernel: update to 6.1.61 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2023-11-03 14:27:58 +00:00
Arne Fitzenreiter
cfe911bab5 kernel: update to 6.1.60 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2023-10-27 08:43:35 +00:00
Arne Fitzenreiter
cce398bca5 kernel: update to 6.1.59 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2023-10-25 11:01:30 +00:00
Arne Fitzenreiter
2b834ef42a kernel: update to 6.1.58 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2023-10-25 11:01:30 +00:00
Arne Fitzenreiter
554e339b9e kernel: update to 6.1.57 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2023-10-13 08:13:12 +00:00
Arne Fitzenreiter
e275a07b67 kernel: update to 6.1.56 
this also builds the dtb files on riscv64

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2023-10-09 08:13:02 +00:00
Arne Fitzenreiter
e5ad33d9ee kernel: update 6.1.53 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2023-09-28 09:29:29 +00:00
Arne Fitzenreiter
14bd32221e kernel: update to 6.1.52 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2023-09-28 09:29:23 +00:00
Arne Fitzenreiter
162a068448 kernel: update to 6.1.45 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2023-08-11 23:25:37 +02:00
Arne Fitzenreiter
6084fa89bf kernel: update to 6.1.42 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2023-07-28 16:34:59 +00:00
Arne Fitzenreiter
50c07b4938 kernel: update to 6.1.41 
fix for CVE-2023-20593 (Zenbleed)

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2023-07-26 16:01:20 +00:00
Arne Fitzenreiter
719864d37e kernel: update to 6.1.40 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2023-07-25 10:39:22 +00:00
Arne Fitzenreiter
f2d5cb7c99 kernel: update to 6.1.39 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2023-07-21 09:34:12 +00:00
Arne Fitzenreiter
f7447b1b8e kernel: update to 6.1.38 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
 2023-07-13 14:20:18 +00:00
Arne Fitzenreiter
1a44c7a638 kernel: update to 6.1.37 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
 2023-07-09 14:57:38 +00:00
Arne Fitzenreiter
25aa552258 kernel: update to 6.1.30 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2023-05-30 09:21:34 +00:00
Arne Fitzenreiter
c6c78f8e11 kernel: update to 6.1.29 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2023-05-19 12:05:52 +00:00
Arne Fitzenreiter
6a005bd9aa kernel: update to 6.1.28 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2023-05-16 18:53:01 +00:00
Arne Fitzenreiter
cb73ca19a6 kernel: patch CVE-2023-32233 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
 2023-05-11 19:48:40 +00:00
Arne Fitzenreiter
6a0c5ef65a kernel: update to 6.1.27 
the layer7 patch is rebased to apply without fuzzing.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2023-05-03 05:07:17 +00:00
Arne Fitzenreiter
2b1a701ec4 kernel: add OrangePi R1 Plus LTS 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2023-05-02 19:33:16 +00:00
Arne Fitzenreiter
acb3aa6abd kernel: add nanopi r2c patches 
https://git.ipfire.org/?p=people/arne_f/kernel.git;a=commit;h=4a06c119e0065bf8794a98bd21a71ff6236d32d1
https://git.ipfire.org/?p=people/arne_f/kernel.git;a=commit;h=716f69f11cf3bf328453cc3e284d5bce7feb9a0e

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2023-04-24 19:00:45 +00:00
Peter Müller
6aa0837d24 linux: Update to 6.1.24 
Compiling the kernel has automatically introduced
CONFIG_INIT_STACK_ALL_ZERO=y and removed GCC's structleak plugin (not to
be confused with its stackleak counterpart). However, according to
related documentation, this neither introduces a security nor
performance disadvantage.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
 2023-04-19 09:33:38 +00:00
Michael Tremer
a4a39bb97d linux: Re-add accidentially dropped download URL 
This line has accidentially been dropped when fixing a merge conflict.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2023-02-12 09:06:13 +00:00