bpfire

mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-17 06:23:00 +02:00

Author	SHA1	Message	Date
Vincent Li	86a9264a25	xdp-geoip: add XDP GeoIP program Add XDP GeoIP program to do location IP block in XDP. Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2024-10-12 20:33:12 +00:00
Vincent Li	b21febe3e1	xdp-sni UI: XDP TLS/SSL SNI UI management XDP TLS/SSL SNI UI to manage the web blocklist Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2024-10-09 20:38:13 +00:00
Vincent Li	5db52b1717	xdp-sni UI: XDP TLS/SSL SNI log view from UI Signed-off-by: Vincent Li <vincent.mc.li@gmail.com.	2024-10-09 00:34:07 +00:00
Vincent Li	e6ac495dfb	xdp-sni: safe call wrapper program to xdpsni init safe call wrapper program to xdpsni init script for UI to call Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2024-10-08 17:41:17 +00:00
Vincent Li	34f9da85dd	xdp-sni: add XDP TLS SNI init script xdpsni add xdpsni init script and enable XDP TLS SNI by default on first boot and reboot. Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2024-10-08 02:21:17 +00:00
Vincent Li	d334d39e3f	xdp-sni: add XDP TLS SNI logging add XDP TLS SNI logging with bpf ringbuf drop xdp_sni.bpf.o reverse_string due to bpf verifier complaining program is too large. Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2024-10-08 01:05:01 +00:00
Vincent Li	07c6172576	xdp-dns: missing xdpdns-settings and domainfile add the missing config/cfgroot/xdpdns-settings file and use ENABLE_DNSBLOCK=on by default, so XDP DNS Blocklist is enabled by default. also add domainfile so when BPFire reboot first time and when xdpdns init startup, it will not complain missing domainfile Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2024-10-07 03:01:36 +00:00
Vincent Li	2c233eac63	xdp-dns log UI: view DNS query log allow user to view DNS query logged by xdp_dns_log from UI Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2024-10-04 21:36:03 +00:00
Vincent Li	cdbaa41364	xdp-dns UI: web interface to add XDP DNS blocklist Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2024-10-04 04:05:53 +00:00
Vincent Li	cc8ccb35bf	xdp-dns: enable XDP DNS block when reboot if XDP DNS is enabled, and BPFire reboot, XDP DNS program should be attached and DNS query being monitored after reboot. Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2024-10-03 17:29:16 +00:00
Vincent Li	f9c8259050	Add xdpdnsctrl program for safe execution add xdpdnsctrl to start/stop/status XDP program from xdpdns.cgi safely. permission of xdpdnsctrl chown root.nobody /usr/local/bin/xdpdnsctrl chmod u+s /usr/local/bin/xdpdnsctrl result: -rwsr-x--- 1 root nobody 14672 Mar 19 09:58 /usr/local/bin/xdpdnsctrl	2024-10-02 18:31:21 +00:00
Vincent Li	d30a7b2318	xdp-dns: add start/stop init script and settings add xdpdns init script to load/unload xdp_dns_denylist program and run xdp_dns_log to log dns query to system log rm log/configroot log/initscripts to build image Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2024-10-02 18:23:44 +00:00
Vincent Li	652ab98e1a	xdp-tools: add xdp-dns system logging add bpf ringbuf to xdp-dns program and user space program to log DNS query to system log. Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2024-10-01 23:45:03 +00:00
Vincent Li	32c15c3fe3	xdp-tools: add xdp-sni add XDP TLS/SSL SNI parsing Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2024-09-30 03:24:30 +00:00
Vincent Li	e5ee2e8127	grub2: use bpfire logo in grub2 splash Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2024-09-21 02:41:51 +00:00
Vincent Li	89baa34b8d	Revert "grub: replace ipfire logo with bpfire logo" This reverts commit `bb773a05d5`. drivers/video/logo/logo_linux_clut224.ppm: Binary PNM is not supported Use pnmnoraw(1) to convert it to ASCII PNM make[6]: * [drivers/video/logo/Makefile:31: drivers/video/logo/logo_linux_clut224.c] Error 1 make[5]: * [scripts/Makefile.build:485: drivers/video/logo] Error 2 make[4]: *** [scripts/Makefile.build:485: drivers/video] Error 2 Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2024-09-21 02:41:51 +00:00
Vincent Li	ecad4000f2	lunatik: change /lib/modules kernel path to 6.10 whenever compile kernel due to kernel change lunatik needs to be recompiled too since lunatik depends on kernel change filter example Makefile to depend on current kernel build version diff --git a/examples/filter/Makefile b/examples/filter/Makefile index f7eb0f6d..e30566a2 100644 --- a/examples/filter/Makefile +++ b/examples/filter/Makefile @@ -1,10 +1,12 @@ # SPDX-FileCopyrightText: (c) 2023-2024 Ring Zero Desenvolvimento de Software LTDA # SPDX-License-Identifier: MIT OR GPL-2.0-only +VMLINUX_BTF_PATH = /lib/modules/${shell uname -r}/build + all: vmlinux https.o vmlinux: - bpftool btf dump file /sys/kernel/btf/vmlinux format c > vmlinux.h + bpftool btf dump file $(VMLINUX_BTF_PATH)/vmlinux format c > vmlinux.h Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2024-09-21 02:41:51 +00:00
Vincent Li	1f42b720d0	kernel: upgrade to 6.10.11 upgrade kernel to recent stable release 6.10.11 1, scripts/kconfig/merge_config.sh does not work for 6.10.11 2, vmlinux BTF binary name changed in 6.10.11 3, remove rtl8812au for now since it has compiling error 4, remove 5.15 nfqueue patch since it does not apply cleanly also see [0] [0]: https://github.com/vincentmli/BPFire/issues/41 Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2024-09-21 02:39:49 +00:00
Vincent Li	bb773a05d5	grub: replace ipfire logo with bpfire logo Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2024-09-20 21:31:43 +00:00
Vincent Li	7586e5e517	kernel: disable BTF mismatch BTF mismatch is not an issue since we addressed lunatik kernel module BTF mismatch issue using the same chroot binary vmlinux BTF. Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2024-09-18 22:27:39 +00:00
Vincent Li	0e29b73703	Revert "lunatik: 'bpf_luaxdp_run': BTF not found in kernel" This reverts commit `cacf5f209d`. libbpf version is irrelevant, revert the change Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2024-09-17 17:23:27 +00:00
Vincent Li	cacf5f209d	lunatik: 'bpf_luaxdp_run': BTF not found in kernel xdp-loader to load https.o result in error below: libbpf: loading kernel BTF '/sys/kernel/btf/vmlinux': 0 libbpf: extern (func ksym) 'bpf_luaxdp_run': not found in kernel or module BTFs libbpf: failed to load object '/usr/lib/bpf/https.o' libxdp: Failed to load program filter_https: Invalid argument Couldn't attach XDP program on iface 'green0': Invalid argument(-22) xdp-tools/xdp-loader is built statically with libbpf 1.2 should not be xdp-loader libbpf issue still try to upgrade bpfire libbpf to 1.3.0 for testing Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2024-09-16 01:00:40 +00:00
Vincent Li	dc97ffb40e	lunatik: Unknown symbol in module lunatik requires lunatik_sym.h before build generate the symbols in chroot build. remove lunatik_sym.h in origin lunatik source Makefile root@r210:/home/vincent/go/src/github.com/vincentmli/BPFire/cache/lunatik-5.3.2# git diff diff --git a/Makefile b/Makefile index ec172541..1c72f3e1 100644 --- a/Makefile +++ b/Makefile @@ -3,14 +3,14 @@ MODULES_INSTALL_PATH = /lib/modules/${shell uname -r} SCRIPTS_INSTALL_PATH = /lib/modules/lua -LUNATIK_INSTALL_PATH = /usr/local/sbin -LUA_API = lua/lua.h lua/lauxlib.h lua/lualib.h +LUNATIK_INSTALL_PATH = /usr/sbin +LUNATIK_EBPF_INSTALL_PATH = /usr/lib/bpf KDIR ?= ${MODULES_INSTALL_PATH}/build RM = rm -f MKDIR = mkdir -p -m 0755 INSTALL = install -o root -g root -all: lunatik_sym.h +all: ${MAKE} -C ${KDIR} M=${PWD} CONFIG_LUNATIK=m \ CONFIG_LUNATIK_RUN=m CONFIG_LUNATIK_RUNTIME=y CONFIG_LUNATIK_DEVICE=m \ CONFIG_LUNATIK_LINUX=m CONFIG_LUNATIK_NOTIFIER=m CONFIG_LUNATIK_SOCKET=m \ @@ -46,6 +46,7 @@ examples_install: ${INSTALL} -m 0644 examples/echod/.lua ${SCRIPTS_INSTALL_PATH}/examples/echod ${MKDIR} ${SCRIPTS_INSTALL_PATH}/examples/filter ${INSTALL} -m 0644 examples/filter/.lua ${SCRIPTS_INSTALL_PATH}/examples/filter + ${INSTALL} -m 0644 examples/filter/.o ${LUNATIK_EBPF_INSTALL_PATH} ${MKDIR} ${SCRIPTS_INSTALL_PATH}/examples/dnsblock ${INSTALL} -m 0644 examples/dnsblock/.lua ${SCRIPTS_INSTALL_PATH}/examples/dnsblock ${MKDIR} ${SCRIPTS_INSTALL_PATH}/examples/dnsdoctor @@ -69,7 +70,3 @@ install: scripts_install modules_install uninstall: scripts_uninstall modules_uninstall depmod -a - -lunatik_sym.h: $(LUA_API) - ${shell ./gensymbols.sh $(LUA_API) > lunatik_sym.h} - Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2024-09-15 18:48:48 +00:00
Vincent Li	133baf8fc0	lunatik : kernel config change kernel requires module to be signed, disable force signing for now. insmod: ERROR: could not insert module /lib/modules/6.6.15-ipfire/lunatik/lunatik.ko: Key was rejected by service set CONFIG_MODULE_SIG_FORCE=n failed to validate module [lunatik] BTF: -22 set CONFIG_MODULE_ALLOW_BTF_MISMATCH=y Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2024-09-15 18:41:35 +00:00
Vincent Li	c690c0c447	lunatik: add lunatik addon lunatik has LuaXDP that supports scripting XDP for TLS SNI parsing and many other scripting featuers for kernel. see lunatik build workaround in detail https://github.com/luainkernel/lunatik/issues/189 https://github.com/vincentmli/BPFire/issues/40 Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2024-09-14 22:46:06 +00:00
Vincent Li	74cf8a3943	xdp-tools: add XDP DNS domain denylist upgrade xdp-tools and add XDP DNS domain denylist bpf and user space program. Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2024-09-12 17:12:16 +00:00
Vincent Li	acc96d0726	kernel: enable CONFIG_DEBUG_FS allow syscall tracing with eBPF like bcc libbpf-tools opensnoop to trouble shoot open syscall for UI user nobody unable to run loxicmd save -a -c /var/ipfire/loxilib/ see https://github.com/vincentmli/BPFire/issues/30 mount -t debugfs none /sys/kernel/debug/ Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2024-07-13 02:14:51 +00:00
Vincent Li	56a1588f96	vim: Disable vim automatic visual mode on mouse select when mouse select, vim automatically turns into visual mode, this is not convienent when copy and paste in vim with mouse select. create this setting for root user. Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2024-07-09 02:41:58 +00:00
Vincent Li	aa7d243558	langs: installer/setup Chinese translation complete the chinese translation referenced below https://git.ipfire.org/?p=people/ummeegge/ipfire-2.x.git;a=commit;h=ca149dc8e2e24f3cfcf7bbc1e2333b2b6d43e0e4 Asked ChatGPT to translate English in msgid to msgstr in Chinese and ChatGPT did the translation automatically with correct format. copied from ChatGPT and pasted in po.zh Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2024-07-09 01:47:46 +00:00
Vincent Li	02724e7427	LoxiLB: enable firewall SNAT for green network when loxilb is enabled and started, enable the firewall SNAT for green network so green network could have initiate outgoing traffic like internet access. we can achieve this by restoring firewall SNAT setting from default /var/ipfire/loxilb/FWconfig.txt when loxilb start up with --config-path=/var/ipfire/loxilb thanks to the enhancement addressed in issue: https://github.com/loxilb-io/loxilb/issues/706 Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2024-07-09 01:47:46 +00:00
Vincent Li	0f54cfef92	keepalived/ipvs: move ipvsadm to core package prepare keepalived with ipvs for layer 4 load balancer Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2024-07-02 20:52:49 +00:00
Vincent Li	fa69bf1da3	openssh: update openssh due to CVE-2024-6387 Update from version 9.7p1 to 9.8p1 Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2024-07-02 19:36:16 +00:00
Vincent Li	e7e1e67fc7	initscripts: start loxilb keepalived after reboot When loxilb and keepalived are enabled, after BPFire rebooted, loxilb and keepalived failed to start and shows as "STOPPED" from UI, this is not expected since we want to loxilb and keepalived to continue to be enabled after reboot based on the enabled state of loxilb and keepalived before reboot. Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2024-07-01 17:30:54 +00:00
Vincent Li	6f8ab2d9ec	menu: remove pakfire menu pakfire addon install may cause conflict with BPFire, remove it for now. Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2024-06-30 15:05:49 +00:00
Vincent Li	2cddcb14f6	keepalived: add keepalivedctrl program Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2024-06-29 20:57:01 +00:00
Vincent Li	ed89f965bf	keepalived UI: add keepalived UI BPFire red0 does not support multicast, need to have unicast peer configured, then the virtual ipaddress can be added to red0 interface. the UI requires /var/ipfire/keepalived/runsettings /var/ipfire/keepalived/settings to be created, so add them lfs/configroot Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2024-06-29 20:55:28 +00:00
Vincent Li	5955087887	keepalived: move keepalived to core package change keepalived default config to /var/ipfire/keepalived/keepalived.conf so keepalived WebUI could read/write the configuration file. also add /var/ipfire/keepalived directory Signed-off-by: Vincent Li <vincent.mc.li@gmail.com> keepalived: create /var/ipfire/keepalived	2024-06-29 19:13:10 +00:00
Vincent Li	61d054216d	LoxiLB UI: select virtual ip from red0 interface since we added loxilb ip management to add ip on red0 interface, we can select the virtual ip from red0 interface. Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2024-06-20 02:49:02 +00:00
Vincent Li	3f1e411f95	move tcpdump and strace to core package tcpdump and strace are essential for trouble shooting ship it as core package Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2024-06-18 03:14:29 +00:00
Vincent Li	0003dd9c8c	Loxilb UI: add loxilb firewall UI Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2024-06-13 04:22:02 +00:00
Vincent Li	8608700ba9	menu: adjust menu titles Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2024-06-01 14:15:48 +00:00
Vincent Li	6994edf40b	Add loxilb lb config UI Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2024-06-01 14:15:41 +00:00
Vincent Li	f60a419e84	BPFire menu re-arrange Re-arrange the menu to have BPF centric main menu, this also easy the developing of loxilb load balancer GUI since loxilb will have multiple functions like enable loxilb, create loxilb lb, create loxilb ip ...etc, so each loxilb function has their own CGI UI. Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2024-05-29 18:18:31 +00:00
Vincent Li	9c58dcd145	Add WebUI loxilb.cgi for ebpf load balancer Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2024-05-27 18:23:17 +00:00
Vincent Li	a9c944483b	Add loxilb load balancer menu run command below when update language menu perl -e "require '/var/ipfire/lang.pl'; &Lang::BuildCacheLang" Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2024-05-27 18:23:17 +00:00
Vincent Li	61caf1c5eb	Add loxilb safe call program when rebuild image: do rm log/misc-progs Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2024-05-27 18:23:17 +00:00
Vincent Li	0c2b510130	add loxilb start/stop init script and settings when rebuid the image, do: rm log/configroot rm log/initscripts Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2024-05-27 18:23:09 +00:00
Vincent Li	fb763397b4	loxilb: add loxilb load balancer addon build loxilb in BPFire requires golang 1.22.0, but then had issue [0], run go mod vendor to prepare the loxilb to download golang dependencies package beforehand to avoid issue [0] loxilb-ebpf build also requires gnu/stubs-32.h use [1] as workaround [0]: https://github.com/vincentmli/BPFire/issues/18 [1]: https://github.com/vincentmli/BPFire/issues/16 Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2024-05-13 18:00:30 +00:00
Vincent Li	927b3dfe54	loxicmd addon Avoid downloading golang dependency packages during build time due to issue [0], run go mod vendor so loxicmd source include vendor directory to include golang dependency packages [0]: https://github.com/vincentmli/BPFire/issues/18 Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2024-05-13 14:33:10 +00:00
Vincent Li	0000eed295	Add Loxilb ntc and libmd libbsd addon Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2024-05-11 17:41:01 +00:00

1 2 3 4 5 ...

11752 Commits