add tcpddosctrl to start/stop/status XDP
TCP DDoS program from tcp-ddos.cgi safely.
permission of tcpddosctrl
chown root.nobody /usr/local/bin/tcpddosctrl
chmod u+s /usr/local/bin/tcpddosctrl
result:
-rwsr-x--- 1 root nobody 14672 Mar 19 09:58 /usr/local/bin/ddosctrl
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
note config/etc/* is copied through lfs/stage2
so changes made in config/etc/* requires to
rm stage2 build log to rebuild stage2.
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
add xdp_ddos XDP main program with bpf tail
call table and user space xdp-ddos program
to load and insert protocol DDoS program like
TCP or UDP or ICMP into bpf tail call table.
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
add ddos init to load/attach XDP DDoS main
program with empty tail call table as place
holder for tcp, udp, icmp...etc XDP DDoS program
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
loxilb ebpf program relies on libbpf 0.8
which does not have loongarch64 support.
backported libbpf 1.2.3 loongarch support
to libbpf 0.8
loxilb 0.9.8 now load ebpf program through
libbpf, no external ntc command required, so
remove ntc
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
add loongarch64 directory similar to riscv
with samba. missing loongarch64 directory and
a package under it will result package build
error:
ERROR: No such file or directory: BASEDIR/README.md
fix: https://github.com/vincentmli/BPFire/issues/71
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
these packages ended up with error
tar: Exiting with failure status due to previous errors
remove them for now
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
Loongarch64 does not support bpf trampoline
and freplace, so we can't use libxdp to attach
multiple XDP program to same network interface.
Loongarch64 supports bpf tail call, so we can still
use xdp-loader to load XDP program, and use bpf tail
call to call each XDP program. now we can tail call
DNS and TLS SNI XDP program on green0 interface
change user space program to take bpf map path as
command line argument so X86 and Loongarch64 can share
same user space program
https://github.com/vincentmli/xdp-tools
commit d18f8a7b48094c861a8ee0d5c0d52e93a01edca4
Author: Vincent Li <vincent.mc.li@gmail.com>
Date: Tue Jan 7 22:14:40 2025 -0800
xdp-tools: add bpf map path as cmd line argument
add XDP DNS and TLS SNI user space program command
line argument for bpf map so X86 and Loongarch can
share the same XDP user space program
commit 5d713b40dd2d0ce399f618179a2add6c07882e2a
Author: Vincent Li <vincent.mc.li@gmail.com>
Date: Mon Jan 6 21:09:25 2025 -0800
xdp-tailcall: add DNS XDP program
add DNS XDP program as tail called program
commit ad2a4e600140f8bf7a577470566efcdf11f6e214
Author: Vincent Li <vincent.mc.li@gmail.com>
Date: Mon Jan 6 20:36:43 2025 -0800
xdp-tailcall: add XDP tailcall
Loongarch64 does not support bpf trampoline and
freplace, so use tail call to call XDP program.
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
set CONFIG_ARCH_STRICT_ALIGN=n to enable
CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS. this
allows loading BPF program with unaligned memory
access generated by clang, see [0].
this change might cause BPF program fail to load
in loongarch CPU models that require strict aligned
memory access.
[0]: https://github.com/vincentmli/BPFire/issues/69
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
rebase the kernel config from fedora loongarch kernel
6.12, and enable kernel BTF/BPF feature config
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
Initial list of changes required to build iso
and flash image successfully:
1 softwares require config.guess and config.stub
update with loongarch support
2 no rust build and no suricata which depends on rust
3 comment out python 3.10 lib-dynload and config-3.10-xxxMACHINExxx-linux-gnu
4 lfs/cdrom lfs/Config loongarch seems requiring capital EFI boot image name
to boot properly
5 comment out a few softwares that are not needed for now
iso can be installed to loongarch PC hard drive, but
fail to boot.
flash image can be dd to USB drive, then boot loongarch
PC from USB drive, then dd from USB drive to loongarch
PC hard drive
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
This patch adds the prosibility to place additional *.config files in /etc/ssh/sshd_config.d/
which will be included and loaded during the daemon startup process.
Because this files will not be overwritten by any update, they can be used to place custom
or other persistent settings.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
the /etc/collectd.d/ folder must have at least one file in it
so this add an file with a comment that custom configs should placed
there.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
When we import all static leases, their remark will be used as hostname
(because WTF?) and might be overwritten if the device is not sending any
or even the same hostname.
This patch avoids that static leases will be modified.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Reviewed-by: Bernhard Bitsch <bbitsch@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
