bpfire

mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-22 17:02:58 +02:00

Author	SHA1	Message	Date
Vincent Li	a81b1f8f2b	arpwatch: add arpwatch as common package Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-09-25 15:37:51 +00:00
Vincent Li	ca64eb8761	initscripts: add kdump scripts this is initial kdump and kdump scripts, it looks when run kdump-config load the first time, the kdump kernel can be loaded, and test crash dump with echo c > /proc/sysrq-trigger result in system hang forever, then had to power reset. after power reset, kdump-config load could no longer load the kdump kernel, errors out with: [root@bpfire-3 crash]# kdump-config load cp: cannot stat '/etc/kdump/sysctl.conf': No such file or directory Creating symlink /var/lib/kdump/vmlinuz. ln: failed to create symbolic link '/var/lib/kdump/vmlinuz': No such file or directory Unable to locate kernel hook ... failed! Can't find kernel text map area from kcore Cannot load /boot/vmlinuz-6.15.6-ipfire failed to load kdump kernel ... failed! so kdump is not working properly, but add the kdump scripts anyway, the issue can be investigated later in future. Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-08-22 18:18:11 +00:00
Vincent Li	4045f9fbc2	makedumpfile: add makedumpfile for kdump tool makedumpfile build by default in BPFire use static libdw.a, libelf.a but libdw.a, libelf.a are not build with zstd which makdedumpfile static build requires, so build makedumpfile dynamically, see [0]. [0]: https://github.com/vincentmli/bpfire/issues/109 Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-08-16 02:58:33 +00:00
Vincent Li	1475ef5093	kexec-tools: add kexec-tool for kernel dump Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-08-15 16:05:19 +00:00
Vincent Li	638483ff08	wireguard.cgi: Add CGI to configure wireguard commit 06dbc836a47160d51ab10f8b9d4ca356beaa7cdb Author: Michael Tremer <michael.tremer@ipfire.org> Date: Tue Apr 16 18:06:47 2024 +0200 wireguard.cgi: Add a basic CGI to configure the global settings Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-07-03 17:03:32 +00:00
Vincent Li	3710ff2af7	misc-progs: Add wireguardctrl commit f552e23da404adf4555299c887a0279016323df4 Author: Michael Tremer <michael.tremer@ipfire.org> Date: Wed Apr 17 17:13:32 2024 +0000 misc-progs: Add wireguardctrl Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-07-03 16:12:31 +00:00
Vincent Li	3eb0ec8b1b	wireguard: install UI empty config and functions Author: Michael Tremer <michael.tremer@ipfire.org> Date: Wed Sep 11 02:24:49 2024 +0200 wireguard: Move functions into their own file Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> commit 85ec8363a873100fc1bb49e3c01f9f63bf97c6e1 Author: Michael Tremer <michael.tremer@ipfire.org> Date: Wed Aug 14 15:55:06 2024 +0000 wireguard: Install empty configuration files Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-07-03 15:56:40 +00:00
Vincent Li	2d55d3c672	wireguard: Add wireguard initscript commit b78ba3624f0a11c060ad06dbd65741b82684d93e Author: Michael Tremer <michael.tremer@ipfire.org> Date: Tue Apr 16 16:17:59 2024 +0200 wireguard: Add initscript Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-07-03 15:43:15 +00:00
Vincent Li	dd9a60e720	wireguard-tools: backport IPFire wireguard-tools Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-07-02 16:04:52 +00:00
Vincent Li	b78ee945cd	xdp-tools: add dnsdist XDP program upgrade xdp-tools to 1.5.5 and add dnsdist_xdp.bpf.o for dnsdist xsk AF_XDP xdp-loader load green0 -P 90 -p /sys/fs/bpf/dnsdist \ -n xdp_dns_filter /usr/lib/bpf/dnsdist_xdp.bpf.o Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-06-21 17:40:40 +00:00
Vincent Li	d81f2b838e	dnsdist: add sample xsk AF_XDP config Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-06-21 17:37:01 +00:00
Vincent Li	e51ee79752	dnsdist: move dnsdist to core package Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-06-21 17:32:06 +00:00
Vincent Li	2e3ea0ae64	pwru: ebpf pwru addon for network diagnosis preparation for pwru: mount -t debugfs none /sys/kernel/debug echo 0 > /proc/sys/kernel/kptr_restrict Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-06-11 23:00:56 +00:00
Vincent Li	bdee533f04	libbpf-bootstrap: base for importing libbpf-tools add libbpf-bootstrap as base to import bcc libbpf-tools Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-05-23 20:05:48 +00:00
Vincent Li	465f1e2328	Perl: add Net-ISP-Balance addon Perl Net-ISP-Balance can be used for ISP Internet connection load balancing [0], it depends on Net-Netmask module. [0]: https://lstein.github.io/Net-ISP-Balance/ Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-05-21 15:53:12 +00:00
Vincent Li	3b672339ef	keepalived: remove keepalived.conf.sample keepalived configuration is moved to /var/ipfire/keepalived fix: https://github.com/vincentmli/BPFire/issues/92 Reported-by: Harvey Li <lhw365@gmail.com> Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-05-21 15:53:12 +00:00
Vincent Li	33f4a2b1b1	haproxy: remove /etc/haproxy/haproxy.cfg remove /etc/haproxy/haproxy.cfg since lfs/haproxy installed haproxy.cfg to /var/ipfire/haproxy fix: https://github.com/vincentmli/BPFire/issues/92 Reported-by: Harvey Li <lhw365@gmail.com> Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-05-21 15:53:12 +00:00
Vincent Li	93a5a7af7b	xdp-tools: rebased on upstream 1.5.4 included recent changes: 1 fix for xdp-dns for [0] 2 tc-loader to load tc ebpf program [0]: https://github.com/vincentmli/BPFire/issues/87 Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-05-14 20:35:57 +00:00
Vincent Li	e2856c1c7e	loxilb-tc: remove loxilb-tc loxilb 0.9.8 load tc BPF program through libbpf so iproute tc utility is not needed. Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-03-03 17:19:15 +00:00
Vincent Li	2daee785d4	lunatik: remove lunatik Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-02-04 17:07:13 +00:00
Vincent Li	0ba17ebe5d	lfs/linux: perf tool install missed perf tool is built alone with Linux, but missed to install the perf tool in image fix: https://github.com/vincentmli/BPFire/issues/65 Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2024-12-03 03:46:09 +00:00
Vincent Li	09c182c75a	xdp-tools: XDP UDP DDoS for online game protection UDP DDoS has pattern of flooding game server with random source IP and UDP with random payload. game server UDP traffic requires certain payload pattern, so this XDP program can serve as example to stop UDP DDoS attack with UDP payload that does not match game UDP traffic payload pattern. without UDP DDoS protection, under DDoS attack: BPFire UI RED Traffic: in 9xx Mbit/s. with UDP DDoS protection, under DDoS attack: BPFire UI RED Traffic: in 1xx Mbit/s. Tested-by: Muhammad Haikal <eykalpirates@gmail.com> Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2024-11-27 18:32:10 +00:00
Vincent Li	0a726a99ac	haproxy: move haproxy to core package move haproxy to core package prepare /var/ipfire/haproxy for haproxy UI, use /var/ipfire/haproxy/haproxy.cfg Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2024-10-28 02:44:48 +00:00
Vincent Li	25da9eb467	ddos: Load/Attach XDP DDoS when reboot fix: https://github.com/vincentmli/BPFire/issues/58 Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2024-10-22 18:48:11 +00:00
Vincent Li	40c097ff8a	libbpf: upgrade to 1.4.6 xdp-tools libxdb requires libbpf 1.4.0 and above to fix stack smashing issue. see: https://github.com/xdp-project/xdp-tools/issues/446 Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2024-10-18 17:16:09 +00:00
Vincent Li	1eceb143ed	suricata: add suricata ebpf xdp capture mode Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2024-10-17 02:11:19 +00:00
Vincent Li	f689a70b7e	Revert "Revert "lunatik: 'bpf_luaxdp_run': BTF not found in kernel"" This reverts commit `0e29b73703`. switch to libbpf 1.3	2024-10-15 15:25:50 +00:00
Vincent Li	8d6014683f	xdp-geoip: safe call to xdpgeoip init script Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2024-10-13 20:59:48 +00:00
Vincent Li	9c28bd419d	xdp-geoip: Add XDP GeoIP location init Add XDP GeoIP country/region location block init script Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2024-10-13 20:35:44 +00:00
Vincent Li	86a9264a25	xdp-geoip: add XDP GeoIP program Add XDP GeoIP program to do location IP block in XDP. Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2024-10-12 20:33:12 +00:00
Vincent Li	b21febe3e1	xdp-sni UI: XDP TLS/SSL SNI UI management XDP TLS/SSL SNI UI to manage the web blocklist Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2024-10-09 20:38:13 +00:00
Vincent Li	e6ac495dfb	xdp-sni: safe call wrapper program to xdpsni init safe call wrapper program to xdpsni init script for UI to call Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2024-10-08 17:41:17 +00:00
Vincent Li	34f9da85dd	xdp-sni: add XDP TLS SNI init script xdpsni add xdpsni init script and enable XDP TLS SNI by default on first boot and reboot. Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2024-10-08 02:21:17 +00:00
Vincent Li	d334d39e3f	xdp-sni: add XDP TLS SNI logging add XDP TLS SNI logging with bpf ringbuf drop xdp_sni.bpf.o reverse_string due to bpf verifier complaining program is too large. Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2024-10-08 01:05:01 +00:00
Vincent Li	cdbaa41364	xdp-dns UI: web interface to add XDP DNS blocklist Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2024-10-04 04:05:53 +00:00
Vincent Li	cc8ccb35bf	xdp-dns: enable XDP DNS block when reboot if XDP DNS is enabled, and BPFire reboot, XDP DNS program should be attached and DNS query being monitored after reboot. Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2024-10-03 17:29:16 +00:00
Vincent Li	f9c8259050	Add xdpdnsctrl program for safe execution add xdpdnsctrl to start/stop/status XDP program from xdpdns.cgi safely. permission of xdpdnsctrl chown root.nobody /usr/local/bin/xdpdnsctrl chmod u+s /usr/local/bin/xdpdnsctrl result: -rwsr-x--- 1 root nobody 14672 Mar 19 09:58 /usr/local/bin/xdpdnsctrl	2024-10-02 18:31:21 +00:00
Vincent Li	d30a7b2318	xdp-dns: add start/stop init script and settings add xdpdns init script to load/unload xdp_dns_denylist program and run xdp_dns_log to log dns query to system log rm log/configroot log/initscripts to build image Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2024-10-02 18:23:44 +00:00
Vincent Li	652ab98e1a	xdp-tools: add xdp-dns system logging add bpf ringbuf to xdp-dns program and user space program to log DNS query to system log. Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2024-10-01 23:45:03 +00:00
Vincent Li	32c15c3fe3	xdp-tools: add xdp-sni add XDP TLS/SSL SNI parsing Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2024-09-30 03:24:30 +00:00
Vincent Li	ecad4000f2	lunatik: change /lib/modules kernel path to 6.10 whenever compile kernel due to kernel change lunatik needs to be recompiled too since lunatik depends on kernel change filter example Makefile to depend on current kernel build version diff --git a/examples/filter/Makefile b/examples/filter/Makefile index f7eb0f6d..e30566a2 100644 --- a/examples/filter/Makefile +++ b/examples/filter/Makefile @@ -1,10 +1,12 @@ # SPDX-FileCopyrightText: (c) 2023-2024 Ring Zero Desenvolvimento de Software LTDA # SPDX-License-Identifier: MIT OR GPL-2.0-only +VMLINUX_BTF_PATH = /lib/modules/${shell uname -r}/build + all: vmlinux https.o vmlinux: - bpftool btf dump file /sys/kernel/btf/vmlinux format c > vmlinux.h + bpftool btf dump file $(VMLINUX_BTF_PATH)/vmlinux format c > vmlinux.h Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2024-09-21 02:41:51 +00:00
Vincent Li	0e29b73703	Revert "lunatik: 'bpf_luaxdp_run': BTF not found in kernel" This reverts commit `cacf5f209d`. libbpf version is irrelevant, revert the change Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2024-09-17 17:23:27 +00:00
Vincent Li	cacf5f209d	lunatik: 'bpf_luaxdp_run': BTF not found in kernel xdp-loader to load https.o result in error below: libbpf: loading kernel BTF '/sys/kernel/btf/vmlinux': 0 libbpf: extern (func ksym) 'bpf_luaxdp_run': not found in kernel or module BTFs libbpf: failed to load object '/usr/lib/bpf/https.o' libxdp: Failed to load program filter_https: Invalid argument Couldn't attach XDP program on iface 'green0': Invalid argument(-22) xdp-tools/xdp-loader is built statically with libbpf 1.2 should not be xdp-loader libbpf issue still try to upgrade bpfire libbpf to 1.3.0 for testing Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2024-09-16 01:00:40 +00:00
Vincent Li	dc97ffb40e	lunatik: Unknown symbol in module lunatik requires lunatik_sym.h before build generate the symbols in chroot build. remove lunatik_sym.h in origin lunatik source Makefile root@r210:/home/vincent/go/src/github.com/vincentmli/BPFire/cache/lunatik-5.3.2# git diff diff --git a/Makefile b/Makefile index ec172541..1c72f3e1 100644 --- a/Makefile +++ b/Makefile @@ -3,14 +3,14 @@ MODULES_INSTALL_PATH = /lib/modules/${shell uname -r} SCRIPTS_INSTALL_PATH = /lib/modules/lua -LUNATIK_INSTALL_PATH = /usr/local/sbin -LUA_API = lua/lua.h lua/lauxlib.h lua/lualib.h +LUNATIK_INSTALL_PATH = /usr/sbin +LUNATIK_EBPF_INSTALL_PATH = /usr/lib/bpf KDIR ?= ${MODULES_INSTALL_PATH}/build RM = rm -f MKDIR = mkdir -p -m 0755 INSTALL = install -o root -g root -all: lunatik_sym.h +all: ${MAKE} -C ${KDIR} M=${PWD} CONFIG_LUNATIK=m \ CONFIG_LUNATIK_RUN=m CONFIG_LUNATIK_RUNTIME=y CONFIG_LUNATIK_DEVICE=m \ CONFIG_LUNATIK_LINUX=m CONFIG_LUNATIK_NOTIFIER=m CONFIG_LUNATIK_SOCKET=m \ @@ -46,6 +46,7 @@ examples_install: ${INSTALL} -m 0644 examples/echod/.lua ${SCRIPTS_INSTALL_PATH}/examples/echod ${MKDIR} ${SCRIPTS_INSTALL_PATH}/examples/filter ${INSTALL} -m 0644 examples/filter/.lua ${SCRIPTS_INSTALL_PATH}/examples/filter + ${INSTALL} -m 0644 examples/filter/.o ${LUNATIK_EBPF_INSTALL_PATH} ${MKDIR} ${SCRIPTS_INSTALL_PATH}/examples/dnsblock ${INSTALL} -m 0644 examples/dnsblock/.lua ${SCRIPTS_INSTALL_PATH}/examples/dnsblock ${MKDIR} ${SCRIPTS_INSTALL_PATH}/examples/dnsdoctor @@ -69,7 +70,3 @@ install: scripts_install modules_install uninstall: scripts_uninstall modules_uninstall depmod -a - -lunatik_sym.h: $(LUA_API) - ${shell ./gensymbols.sh $(LUA_API) > lunatik_sym.h} - Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2024-09-15 18:48:48 +00:00
Vincent Li	c690c0c447	lunatik: add lunatik addon lunatik has LuaXDP that supports scripting XDP for TLS SNI parsing and many other scripting featuers for kernel. see lunatik build workaround in detail https://github.com/luainkernel/lunatik/issues/189 https://github.com/vincentmli/BPFire/issues/40 Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2024-09-14 22:46:06 +00:00
Vincent Li	74cf8a3943	xdp-tools: add XDP DNS domain denylist upgrade xdp-tools and add XDP DNS domain denylist bpf and user space program. Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2024-09-12 17:12:16 +00:00
Vincent Li	56a1588f96	vim: Disable vim automatic visual mode on mouse select when mouse select, vim automatically turns into visual mode, this is not convienent when copy and paste in vim with mouse select. create this setting for root user. Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2024-07-09 02:41:58 +00:00
Vincent Li	aa7d243558	langs: installer/setup Chinese translation complete the chinese translation referenced below https://git.ipfire.org/?p=people/ummeegge/ipfire-2.x.git;a=commit;h=ca149dc8e2e24f3cfcf7bbc1e2333b2b6d43e0e4 Asked ChatGPT to translate English in msgid to msgstr in Chinese and ChatGPT did the translation automatically with correct format. copied from ChatGPT and pasted in po.zh Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2024-07-09 01:47:46 +00:00
Vincent Li	0f54cfef92	keepalived/ipvs: move ipvsadm to core package prepare keepalived with ipvs for layer 4 load balancer Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2024-07-02 20:52:49 +00:00
Vincent Li	fa69bf1da3	openssh: update openssh due to CVE-2024-6387 Update from version 9.7p1 to 9.8p1 Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2024-07-02 19:36:16 +00:00

1 2 3 4 5 ...

3659 Commits