add tcpddosctrl to start/stop/status XDP
TCP DDoS program from tcp-ddos.cgi safely.
permission of tcpddosctrl
chown root.nobody /usr/local/bin/tcpddosctrl
chmod u+s /usr/local/bin/tcpddosctrl
result:
-rwsr-x--- 1 root nobody 14672 Mar 19 09:58 /usr/local/bin/ddosctrl
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
note config/etc/* is copied through lfs/stage2
so changes made in config/etc/* requires to
rm stage2 build log to rebuild stage2.
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
add xdp_ddos XDP main program with bpf tail
call table and user space xdp-ddos program
to load and insert protocol DDoS program like
TCP or UDP or ICMP into bpf tail call table.
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
add ddos init to load/attach XDP DDoS main
program with empty tail call table as place
holder for tcp, udp, icmp...etc XDP DDoS program
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
loxilb ebpf program relies on libbpf 0.8
which does not have loongarch64 support.
backported libbpf 1.2.3 loongarch support
to libbpf 0.8
loxilb 0.9.8 now load ebpf program through
libbpf, no external ntc command required, so
remove ntc
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
Loongarch64 does not support bpf trampoline
and freplace, so we can't use libxdp to attach
multiple XDP program to same network interface.
Loongarch64 supports bpf tail call, so we can still
use xdp-loader to load XDP program, and use bpf tail
call to call each XDP program. now we can tail call
DNS and TLS SNI XDP program on green0 interface
change user space program to take bpf map path as
command line argument so X86 and Loongarch64 can share
same user space program
https://github.com/vincentmli/xdp-tools
commit d18f8a7b48094c861a8ee0d5c0d52e93a01edca4
Author: Vincent Li <vincent.mc.li@gmail.com>
Date: Tue Jan 7 22:14:40 2025 -0800
xdp-tools: add bpf map path as cmd line argument
add XDP DNS and TLS SNI user space program command
line argument for bpf map so X86 and Loongarch can
share the same XDP user space program
commit 5d713b40dd2d0ce399f618179a2add6c07882e2a
Author: Vincent Li <vincent.mc.li@gmail.com>
Date: Mon Jan 6 21:09:25 2025 -0800
xdp-tailcall: add DNS XDP program
add DNS XDP program as tail called program
commit ad2a4e600140f8bf7a577470566efcdf11f6e214
Author: Vincent Li <vincent.mc.li@gmail.com>
Date: Mon Jan 6 20:36:43 2025 -0800
xdp-tailcall: add XDP tailcall
Loongarch64 does not support bpf trampoline and
freplace, so use tail call to call XDP program.
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
Initial list of changes required to build iso
and flash image successfully:
1 softwares require config.guess and config.stub
update with loongarch support
2 no rust build and no suricata which depends on rust
3 comment out python 3.10 lib-dynload and config-3.10-xxxMACHINExxx-linux-gnu
4 lfs/cdrom lfs/Config loongarch seems requiring capital EFI boot image name
to boot properly
5 comment out a few softwares that are not needed for now
iso can be installed to loongarch PC hard drive, but
fail to boot.
flash image can be dd to USB drive, then boot loongarch
PC from USB drive, then dd from USB drive to loongarch
PC hard drive
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
This patch adds the prosibility to place additional *.config files in /etc/ssh/sshd_config.d/
which will be included and loaded during the daemon startup process.
Because this files will not be overwritten by any update, they can be used to place custom
or other persistent settings.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
the /etc/collectd.d/ folder must have at least one file in it
so this add an file with a comment that custom configs should placed
there.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
This is a feature more and more tools start using now and will help to
keep performance of the OS up.
This was enabled on riscv64 already.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- removal of lfs, rootfile, backup, paks, misc-progs, mpfire perl, language file
content, mpfire.cgi, mpfire menu references and files, mpfire specific image,
web-user-interface references and references in manualpages.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version commit e1266c7 to 2.5.1
- Version 2.5.1 has around 34 additional commits from e1266c7. To me all look minor
changes, some related to other system types such as Solaris that we don't use.
- Update of rootfile
- They have added example to the configuration files to prevent accidental overwriting
of configuration systems.
- Changelog - There is no longer any changelog provided. Even the one that used to
exist for version 2.5.0 has been removed. The only option now is to look through the
commits - https://github.com/ppp-project/ppp/commits/master/?before=d5aeec65752d4a9b3bb46771d0b221c4a4a6539e+35
- Some of the patches had to be updated as the changes were enough that some hunks did
not get found for patching. Patch file number 6 has been removed as the sed lines are
no longer to be found in the configure file. The other files that patched successfully
were renamed to 2.5.1
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- miniupnpc is required for the build of transmiossion but the bundled version was not
working properly with version 4.0.6 and we prefer to not use bundled versions.
- Only used for the build so rootfile is 100% commented out. No miniupnpc installed
on IPFire.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
