bpfire

mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-09 18:45:54 +02:00

Author	SHA1	Message	Date
Vincent Li	59e389cbfe	dnsdist: correct xsk sample config when use /etc/rc.d/init.d/dnsdist to start dnsdist with the sample xsk config, it results in startup error [0]. correct the xsk sample config. [0]: https://github.com/PowerDNS/pdns/discussions/15713 Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-06-23 08:58:02 -07:00
Vincent Li	f2b2d9c076	README: update README update README for feature addition and build howto Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-06-22 15:32:57 -07:00
Vincent Li	a166b8644c	dnsdist: add sample xsk AF_XDP config a simple working config sample for xsk AF_XDP Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-06-19 20:28:10 -07:00
Vincent Li	21b5b4abfc	xdp-tools: add dnsdist_xdp.bpf.o upgrade xdp-tools to 1.5.5 and add dnsdist_xdp.bpf.o for dnsdist xsk AF_XDP Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-06-19 15:58:48 -07:00
Vincent Li	f1f13b95aa	dnsdist: change the xsk v4/v6 destination map name We use xdp-loader to load dnsdist_xdp.bpf.o for dnsdist running AF_XDP: xdp-loader load green0 -P 90 -p /sys/fs/bpf/dnsdist -n xdp_dns_filter /usr/lib/bpf/dnsdist_xdp.bpf.o so the xsk v4/v6 destination map would be: /sys/fs/bpf/dnsdist/xskDestinationsV4 /sys/fs/bpf/dnsdist/xskDestinationsV6 but dnsdist-xsk.cc has: static std::string getDestinationMap(bool isV6) { return !isV6 ? "/sys/fs/bpf/dnsdist/xsk-destinations-v4" : "/sys/fs/bpf/dnsdist/xsk-destinations-v6"; } we can't use xsk-destinations-v4/v6 in dnsdist_xdp.bpf.o because bpf map could not use '-' in map definition, '-' would result in compiling error. so we patch dnsdist-xsk.cc to use xskDestinationsV4/V6 that matches the map name in dnsdist_xdp.bpf.o Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-06-19 09:35:23 -07:00
Vincent Li	9217ea3ca4	dnsdist: move dnsdist to core package install the default dnsdist configuration file Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-06-18 11:13:34 -07:00
Vincent Li	51e2f6ff37	dnsdist: upgrade to 1.9.10 enable ebpf AF_XDP Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-06-13 09:29:14 -07:00
Vincent Li	31af08151a	pwru: ebpf pwru tool addon for network diagnosis pwru is ebpf based kernel tracing tool for network issue diagnosis. pwru build issue on loongfire [0] to prepare to run pwru on loongfire: mount -t debugfs none /sys/kernel/debug echo 0 > /proc/sys/kernel/kptr_restrict [0]: https://github.com/cilium/pwru/issues/559#issuecomment-2949507451 Signed-off-by: Vinent Li <vincent.mc.li@gmail.com>	2025-06-09 09:00:18 -07:00
Vincent Li	18c621c687	go: upgrade golang to 1.24.4 pwru requires golang > 1.24.1 Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-06-09 08:51:30 -07:00
Vincent Li	e475873eda	linux: enable config kprobe multi attachment We are going to add pwru for packet drop related trouble shooting, pwru by default requires kernel with kprobe multi attachment, enable kernel config for that. Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-06-06 17:39:30 -07:00
Vincent Li	fb79d84593	ply: add ply addon for tracing Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-06-04 17:57:52 -07:00
Vincent Li	abdbcb16ad	yt6801: match yt6801 driver with kernel kernel upgraded to 6.15.0. yt6801 kernel modules should match to 6.15.0 Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-06-04 17:55:27 -07:00
Vincent Li	99358518b2	linux: upgrade to 6.15.0 Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-06-03 09:19:20 -07:00
Vincent Li	2a075de538	libbpf-bootstrap: add netqtop netqtop requires tracepoint, need to: mount -t tracefs tracefs /sys/kernel/tracing Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-06-03 09:18:45 -07:00
Vincent Li	5376c3b290	libbpf-bootstrap: port bcc libbpf-tools profile add bcc libbpf-tools profile to libbpf-bootstrap Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-05-19 11:57:54 -07:00
Vincent Li	52604d1d8f	libbpf-bootstrap: add ebpf tracing program Similar to xdp-tools to add ebpf network program. we can use libbpf-bootstrap as facility to add ebpf tracing program. Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-05-19 08:38:25 -07:00
Vincent Li	8c8be5e746	bcc: add bcc libbcc for bpftrace bpftrace depends on libbcc, so add bcc in build. bcc build depends on zip, but loongfire does not have zip workaround: copy loongson host Fedora zip command to chroot build cp /usr/bin/zip to build_loongarch64/usr/bin Fedora zip depends on libbz2.so.1, libbz2 is from bzip2 addon that loongfire already has, so make symbolic link cd build_loongarch64/lib64; ln -s libbz2.so.1.0.8 libbz2.so.1 we should build zip addon for loongfire but zip has build error need to resolve zip build error as long term solution Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-05-17 17:31:27 -07:00
Vincent Li	01b6865f4b	Perl: Add Net ISP load balancer Perl Net-ISP-Balance can be used for ISP Internet connection load balancing [0], it depends on Net-Netmask module. [0]: https://lstein.github.io/Net-ISP-Balance/ Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-05-16 14:06:08 -07:00
Vincent Li	a43dcad754	xdp-tools: add tc-loader and tc-dummy.bpf program Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-05-14 11:41:23 -07:00
Vincent Li	b359042d4d	xdp-tools: upgrade to upstream 1.5.4 rebase xdp-tools from upstream xdp-tools 1.5.4. there is Makefile conflict when rebase because 1.5.4 added xdp-forward. manually resolve the rebase conflict by put loongfire xdp program at the end: for example instruction from deepseek: Open the Makefile in a text editor and locate the conflict: makefile ifneq ($(BPFTOOL),) <<<<<<< HEAD UTILS += xdp-bench xdp-forward xdp-monitor xdp-trafficgen ======= UTILS += xdp-bench xdp-monitor xdp-trafficgen xdp-synproxy >>>>>>> d8ebb16 (Add xdp-synproxy) endif Understand the conflict: The HEAD (upstream/main) version includes xdp-forward. Your commit (d8ebb16) adds xdp-synproxy but removes xdp-forward. Resolve the conflict by including both changes: Keep xdp-forward from HEAD. Add xdp-synproxy from your commit. The merged line should look like this: makefile UTILS += xdp-bench xdp-forward xdp-monitor xdp-trafficgen xdp-synproxy Remove the conflict markers (<<<<<<<, =======, >>>>>>>). edit result: ifneq ($(BPFTOOL),) UTILS += xdp-bench xdp-forward xdp-monitor xdp-trafficgen xdp-synproxy endif Save the file after making these changes. Stage the resolved Makefile and continue the rebase: git add Makefile git rebase --continue repeat editing Makefile and git rebase --continue for below program xdp-dnsrrl xdp-udp xdp-dns xdp-sni xdp-geoip xdp-udpddos xdp-tailcall xdp-synproxy-tailcall xdp-ddos Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-05-09 10:36:54 -07:00
Vincent Li	82e8cd92a2	llvm: add lldb llvm missing lld in Fedora result in bpf selftest build error for liburandom_read.so [0], LoongFire build does not build kernel bpf selftests, but still it is better to add llvm lld in LoongFire build environment in case future eBPF apps require llvm lld. [0]: https://lore.kernel.org/loongarch/8f375e63-c4d5-b9cc-64c4-7563ba5c2763@loongson.cn/ Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-05-08 11:04:56 -07:00
Vincent Li	125fb5b6d6	linux: upgrade kernel to 6.15-rc4 Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-04-29 21:13:57 -07:00
Vincent Li	b9262e849b	haproxy: move haproxy to core Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-04-29 09:45:28 -07:00
Vincent Li	5f3086a6f0	loxicmd: upgrade to 0.9.8.3 Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-04-28 13:16:00 -07:00
Vincent Li	5df5d88abd	loxilb: add loxilb init script add loxilb init script and initial loxilb FW settings Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-04-27 10:48:42 -07:00
Vincent Li	e0353f023c	yt6801: 6.15-rc1 kernel build error CC [M] fuxi-efuse.o fuxi-gmac-phy.c: In function 'fxgmac_phy_timer_destroy': fuxi-gmac-phy.c:493:5: error: implicit declaration of function 'del_timer_sync'; did you mean 'dev_mc_sync'? [-Wimplicit-function-declaration] 493 \| del_timer_sync(&pdata->expansion.phy_poll_tm); \| ^~~~~~~~~~~~~~ \| dev_mc_sync make[4]: *** [/lib/modules/6.15.0-rc1-ipfire/build/scripts/Makefile.build:203: fuxi-gmac-phy.o] Error 1 replace del_timer_sync with timer_delete_sync Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-04-21 14:13:43 -07:00
Vincent Li	10df80a921	suricata: downgrade suricata to 6.0.20 suricata 7.0.7 af-packet(XDP) IPS mode cause slow Internet access, 6.0.20 does not have this issue. see https://github.com/vincentmli/BPFire/issues/81 Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-04-21 14:13:43 -07:00
Vincent Li	387bd0c744	Revert "Revert "linux: upgrade kernel to 6.15-rc1"" This reverts commit `cb5313ec87`.	2025-04-21 14:13:43 -07:00
Vincent Li	dd845dd9a2	suricata: legacy eBPF map to BTF map backport legacy eBPF map is deprecated by installed libbpf, backport the https://github.com/OISF/suricata/pull/9969 to suricata 7.0.7. add suricata sample XDP configuration in IPS mode Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-04-21 14:13:43 -07:00
Vincent Li	f27e7b914c	suricata: enable eBPF build Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-04-21 14:13:31 -07:00
Vincent Li	14dce6df0c	firewall: allow SSH access to bridge interface Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-04-17 09:13:50 -07:00
Vincent Li	07fa3e0edf	firewall: add firewall bridge netfilter UI add UI to enable netfilter/firewall function for firewall in bridge mode Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-04-17 09:13:50 -07:00
Vincent Li	cb07f32583	firewall: add firewall bridge IP for UI access when firewall switched to bridge mode, we want to have WebUI access to manage the firewall, allow user setup IP address on the firewall bridge interface through the UI. Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-04-17 09:13:50 -07:00
Vincent Li	57bafb9410	firewall: add UI for firewall bridge mode Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-04-17 09:13:50 -07:00
Vincent Li	04f60a6291	firewall: replace echo initial optionsfw settings use echo initial optionsfw settings seems creating duplicated optionsfw settings. Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-04-17 09:13:50 -07:00
Vincent Li	6eef7f8535	firewall: add firewall bridge mode add firewall bridge mode so it can be used as layer 2 inline bridge for either DDoS protection or firewall filter by iptable rules configured in netfilter filter table forward chain. Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-04-17 09:13:50 -07:00
Vincent Li	cb5313ec87	Revert "linux: upgrade kernel to 6.15-rc1" This reverts commit 284c7c99881b7cbec8cbd462f667789d8d726057. yt6801 NIC driver fail to compile with 6.15-rc1, revert the change till yt6801 driver code is updated. Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-04-17 09:13:50 -07:00
Vincent Li	4496092bb8	linux: upgrade kernel to 6.15-rc1 6.15-rc1 officially included LoongArch BPF JIT fix Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-04-17 09:13:50 -07:00
Vincent Li	76a3e13006	tcp ddos: add XDP TCP DDoS UI Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-04-17 09:13:38 -07:00
Vincent Li	725f7278be	tcp ddos: add tcpddosctrl for safe execution add tcpddosctrl to start/stop/status XDP TCP DDoS program from tcp-ddos.cgi safely. permission of tcpddosctrl chown root.nobody /usr/local/bin/tcpddosctrl chmod u+s /usr/local/bin/tcpddosctrl result: -rwsr-x--- 1 root nobody 14672 Mar 19 09:58 /usr/local/bin/ddosctrl Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-04-02 14:19:28 -07:00
Vincent Li	967a0319b4	syslog: log kernel message to kern.log note config/etc/* is copied through lfs/stage2 so changes made in config/etc/* requires to rm stage2 build log to rebuild stage2. Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-04-01 17:42:01 -07:00
Vincent Li	245634dacd	initscripts: add TCP DDoS XDP program init script Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-04-01 13:38:09 -07:00
Vincent Li	6aaec8d485	xdp-tools: Add xdp-ddos XDP main program add xdp_ddos XDP main program with bpf tail call table and user space xdp-ddos program to load and insert protocol DDoS program like TCP or UDP or ICMP into bpf tail call table. Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-04-01 13:38:09 -07:00
Vincent Li	88c90aadcd	ddos: add ddos init script add ddos init to load/attach XDP DDoS main program with empty tail call table as place holder for tcp, udp, icmp...etc XDP DDoS program Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-04-01 13:38:02 -07:00
Vincent Li	6ff3d8e48e	Firewall UI: Add iptables rules for XDP SYNPROXY Add firewall WebUI and firewall iptables rules for XDP SYNPROXY Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-03-27 19:24:05 -07:00
Vincent Li	0f9937c78f	xdp-tools: Add XDP synproxy tailcall program LoongArch does not support bpf trampoline, so use tail call to call XDP synproxy program Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-03-25 19:41:42 -07:00
Vincent Li	42f3680941	linux: switch CONFIG_DWMAC_LOONGSON to module bpftool net unable to show attached tc BPF program, switch dwmac_loongson to module to use rmsmod dwmac_loongson; insmod dwmac_loongson as workaround [0] [0]:https://github.com/libbpf/bpftool/issues/185#issuecomment-2744477168 Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-03-25 19:41:42 -07:00
Vincent Li	bb3d53e660	loxilb: upgrade to loxilb 0.9.8.3 Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-03-25 19:41:42 -07:00
Vincent Li	6d2033cf2f	linux: fix loongarch bpf jit apply two loongarch bpf jit fixes [0] [1] by Hengqi Chen [0]: https://lore.kernel.org/loongarch/20250315080320.4193821-1-hengqi.chen@gmail.com/ [1]: https://lore.kernel.org/loongarch/20250317015755.2760716-1-hengqi.chen@gmail.com/ Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-03-25 19:41:35 -07:00
Vincent Li	a19a0bf167	linux: upgrade kernel to current upstream 6.14 rc5 Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-03-08 18:35:58 -08:00

1 2 3 4 5 ...

22872 Commits