should not send bpfire user profile to ipfire
to confuse ipfire community, bpfire could setup
such profile collection in the future.
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
To block or rate limit DNS query from green
network client, the xdp-dns program should
be attached to green0 interface to scan the
DNS query. attach to red0 interface only get
the DNS response packet from red0(WAN), not
matching the DNS query we want.
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
when add loxilb development tree, loxilb requires go >= 1.23.0
ranlib libloxilbdp.a
make[3]: Leaving directory '/usr/src/loxilb-0.9.x/loxilb-ebpf/kernel'
make[2]: Leaving directory '/usr/src/loxilb-0.9.x/loxilb-ebpf'
go: go.mod requires go >= 1.23.0 (running go 1.22.0)
make[1]: *** [Makefile:14: build] Error 1
make[1]: Leaving directory '/usr/src/loxilb-0.9.x'
make: *** [loxilb:76: /usr/src/log/loxilb-0.9.x] Error 2
after upgrading golang to 1.23.0, loxilb development tree result in error
make[2]: Leaving directory '/usr/src/loxilb-0.9.x/loxilb-ebpf'
# runtime
/usr/lib/go/src/runtime/mbitmap_noallocheaders.go:53:2: mallocHeaderSize redeclared in this block
/usr/lib/go/src/runtime/mbitmap.go:71:2: other declaration of mallocHeaderSize
/usr/lib/go/src/runtime/mbitmap_noallocheaders.go:54:2: minSizeForMallocHeader redeclared in this block
the workaround is to remove build/usr/lib/go directory, then
rm log/go-1.23.0, ./make.sh build to re-add go 1.23.0
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
save IP/LB/FW configuration from loxilb UI so
when loxilb restart or bpfire reboot, the configuration
can be restored.
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
allow syscall tracing with eBPF like
bcc libbpf-tools opensnoop to trouble
shoot open syscall for UI user nobody
unable to run loxicmd save -a -c /var/ipfire/loxilib/
see https://github.com/vincentmli/BPFire/issues/30
mount -t debugfs none /sys/kernel/debug/
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
add dummy ip 192.0.2.1 in virutal_ipaddress from (TEST-NET-1)
according to https://www.rfc-editor.org/rfc/rfc5737#section-3
for keepalived HA state tracking, the Master will always
have the dummy ip assigned to green0.
add refresh button for HA state refresh
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
when mouse select, vim automatically turns into
visual mode, this is not convienent when copy
and paste in vim with mouse select. create this
setting for root user.
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
in HA scenario, the shared/floating VIP
is not configured on the red0 interface
when setup LoxiLB lb from the UI in standby
BPFire, some VIPs are missing since these
VIPs are only configured in the active BPFire.
get VIPs from /var/ipfire/loxilb/ipconfigfile
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
when run loxicmd save -a -c /var/ipfire/loxilb/
ipconfig directory will be created, which conflicts
with loxilb UI that also save virtual ip to
/var/ipfire/loxilb/ipconfig, so rename ipconfig to
ipconfigfile.
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
when loxilb is enabled and started, enable the
firewall SNAT for green network so green network
could have initiate outgoing traffic like internet
access.
we can achieve this by restoring firewall SNAT setting
from default /var/ipfire/loxilb/FWconfig.txt when loxilb
start up with --config-path=/var/ipfire/loxilb thanks
to the enhancement addressed in issue:
https://github.com/loxilb-io/loxilb/issues/706
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
LoxiLB 0.9.4 lack of SNAT feature for egress traffic
initiated from BPFire green network, when loxilb is
enabled, it breaks BPFire green network client Internet
access, this issue is fixed in the loxilb development
branch, temporarily I make loxilb development branch
as 0.9.5 in BPFire so I could test the SNAT feature and
it works.
see detail in https://github.com/loxilb-io/loxilb/issues/718
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
When loxilb and keepalived are enabled, after BPFire
rebooted, loxilb and keepalived failed to start and
shows as "STOPPED" from UI, this is not expected since
we want to loxilb and keepalived to continue to be enabled
after reboot based on the enabled state of loxilb and
keepalived before reboot.
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
remove @nosaved from /var/ipfire/loxilb/settings
as it could interfere with running state of
loxilb
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
remove @nosaved item from form submission
before writehash to each setting file because
it could interfere with each other.
for example, when change keepalived configuration
for green or red interface from the UI,
without removing @nosaved which has 'ENABLE_HA'
before writehash, 'ENABLE_HA=off' would be saved
in '/var/ipfire/keepalived/settings', this would
trigger the UI to show keepalived being "STOPPED"
or it could actually stopoped keepalived.
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
In BPFire HA deployment, a floating/shared router IP
is required for backend/endpoint server. by default
BPFire uses the primary IP on green0 when running
setup script. Now the floating/shared router IP can
be added to green0 interface as secondary IP through
loxilb UI, keepalived UI can configure the secondary
IP as virtual ipaddress, when HA failover happens,
keepalived will move the virtual ipaddress to new active
BPFire.
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
BPFire red0 does not support multicast, need to
have unicast peer configured, then the virtual
ipaddress can be added to red0 interface.
the UI requires /var/ipfire/keepalived/runsettings
/var/ipfire/keepalived/settings to be created, so
add them lfs/configroot
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
change keepalived default config to
/var/ipfire/keepalived/keepalived.conf so keepalived WebUI
could read/write the configuration file. also add
/var/ipfire/keepalived directory
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
keepalived: create /var/ipfire/keepalived
since we added loxilb ip management to add ip on
red0 interface, we can select the virtual ip from
red0 interface.
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
This reverts commit 2624a47e88.
the name change seems making the iso build downloading
image from upstream ipfire image during instalation. revert
it
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
this change would build iso/img with bpfire name.
note make.sh has toolchain name with ipfire,
so this rename may break something, revert this
commit if running into issue in future.
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
upgrade procedure:
git clone https://github.com/loxilb-io/loxicmd.git
cd loxicmd
git checkout -b v0.9.4 v0.9.4
go mod vendor
cd ..
mv loxicmd loxicmd-0.9.4
tar cvf loxicmd-0.9.4.tar loxicmd-0.9.4
gzip loxicmd-0.9.4.tar
cp loxicmd-0.9.4.tar.gz <BPFire source>/cache/
b2sum <BPFire source>/cache/loxicmd-0.9.4.tar.gz
modify lfs/loxicmd to change the version and b2sum checksum
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
upgrade procedure:
git clone --recurse-submodules https://github.com/loxilb-io/loxilb.git
cd loxilb
git checkout -b v0.9.4 v0.9.4
go mod vendor
cd ..
mv loxilb loxilb-0.9.4
tar cvf loxilb-0.9.4.tar loxilb-0.9.4
gzip loxilb-0.9.4.tar
cp loxilb-0.9.4.tar.gz <BPFire source>/cache/
b2sum <BPFire source>/cache/loxilb-0.9.4.tar.gz
modify lfs/loxilb to change the version and b2sum checksum
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
learned from ChatGPT to print dynamic options.
add semi column ';' right after heredoc like:
print <<END;
...
...
END
following result in error
print <<END
...
...
END; #<<<< ERROR
following is correct
print <<END
...
...
END
;
so better use the first format
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
