bpfire

mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-09 18:45:54 +02:00

Author	SHA1	Message	Date
Vincent Li	82e8cd92a2	llvm: add lldb llvm missing lld in Fedora result in bpf selftest build error for liburandom_read.so [0], LoongFire build does not build kernel bpf selftests, but still it is better to add llvm lld in LoongFire build environment in case future eBPF apps require llvm lld. [0]: https://lore.kernel.org/loongarch/8f375e63-c4d5-b9cc-64c4-7563ba5c2763@loongson.cn/ Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-05-08 11:04:56 -07:00
Vincent Li	125fb5b6d6	linux: upgrade kernel to 6.15-rc4 Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-04-29 21:13:57 -07:00
Vincent Li	b9262e849b	haproxy: move haproxy to core Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-04-29 09:45:28 -07:00
Vincent Li	5f3086a6f0	loxicmd: upgrade to 0.9.8.3 Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-04-28 13:16:00 -07:00
Vincent Li	5df5d88abd	loxilb: add loxilb init script add loxilb init script and initial loxilb FW settings Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-04-27 10:48:42 -07:00
Vincent Li	e0353f023c	yt6801: 6.15-rc1 kernel build error CC [M] fuxi-efuse.o fuxi-gmac-phy.c: In function 'fxgmac_phy_timer_destroy': fuxi-gmac-phy.c:493:5: error: implicit declaration of function 'del_timer_sync'; did you mean 'dev_mc_sync'? [-Wimplicit-function-declaration] 493 \| del_timer_sync(&pdata->expansion.phy_poll_tm); \| ^~~~~~~~~~~~~~ \| dev_mc_sync make[4]: *** [/lib/modules/6.15.0-rc1-ipfire/build/scripts/Makefile.build:203: fuxi-gmac-phy.o] Error 1 replace del_timer_sync with timer_delete_sync Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-04-21 14:13:43 -07:00
Vincent Li	10df80a921	suricata: downgrade suricata to 6.0.20 suricata 7.0.7 af-packet(XDP) IPS mode cause slow Internet access, 6.0.20 does not have this issue. see https://github.com/vincentmli/BPFire/issues/81 Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-04-21 14:13:43 -07:00
Vincent Li	387bd0c744	Revert "Revert "linux: upgrade kernel to 6.15-rc1"" This reverts commit `cb5313ec87`.	2025-04-21 14:13:43 -07:00
Vincent Li	dd845dd9a2	suricata: legacy eBPF map to BTF map backport legacy eBPF map is deprecated by installed libbpf, backport the https://github.com/OISF/suricata/pull/9969 to suricata 7.0.7. add suricata sample XDP configuration in IPS mode Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-04-21 14:13:43 -07:00
Vincent Li	f27e7b914c	suricata: enable eBPF build Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-04-21 14:13:31 -07:00
Vincent Li	14dce6df0c	firewall: allow SSH access to bridge interface Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-04-17 09:13:50 -07:00
Vincent Li	07fa3e0edf	firewall: add firewall bridge netfilter UI add UI to enable netfilter/firewall function for firewall in bridge mode Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-04-17 09:13:50 -07:00
Vincent Li	cb07f32583	firewall: add firewall bridge IP for UI access when firewall switched to bridge mode, we want to have WebUI access to manage the firewall, allow user setup IP address on the firewall bridge interface through the UI. Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-04-17 09:13:50 -07:00
Vincent Li	57bafb9410	firewall: add UI for firewall bridge mode Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-04-17 09:13:50 -07:00
Vincent Li	04f60a6291	firewall: replace echo initial optionsfw settings use echo initial optionsfw settings seems creating duplicated optionsfw settings. Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-04-17 09:13:50 -07:00
Vincent Li	6eef7f8535	firewall: add firewall bridge mode add firewall bridge mode so it can be used as layer 2 inline bridge for either DDoS protection or firewall filter by iptable rules configured in netfilter filter table forward chain. Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-04-17 09:13:50 -07:00
Vincent Li	cb5313ec87	Revert "linux: upgrade kernel to 6.15-rc1" This reverts commit 284c7c99881b7cbec8cbd462f667789d8d726057. yt6801 NIC driver fail to compile with 6.15-rc1, revert the change till yt6801 driver code is updated. Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-04-17 09:13:50 -07:00
Vincent Li	4496092bb8	linux: upgrade kernel to 6.15-rc1 6.15-rc1 officially included LoongArch BPF JIT fix Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-04-17 09:13:50 -07:00
Vincent Li	76a3e13006	tcp ddos: add XDP TCP DDoS UI Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-04-17 09:13:38 -07:00
Vincent Li	725f7278be	tcp ddos: add tcpddosctrl for safe execution add tcpddosctrl to start/stop/status XDP TCP DDoS program from tcp-ddos.cgi safely. permission of tcpddosctrl chown root.nobody /usr/local/bin/tcpddosctrl chmod u+s /usr/local/bin/tcpddosctrl result: -rwsr-x--- 1 root nobody 14672 Mar 19 09:58 /usr/local/bin/ddosctrl Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-04-02 14:19:28 -07:00
Vincent Li	967a0319b4	syslog: log kernel message to kern.log note config/etc/* is copied through lfs/stage2 so changes made in config/etc/* requires to rm stage2 build log to rebuild stage2. Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-04-01 17:42:01 -07:00
Vincent Li	245634dacd	initscripts: add TCP DDoS XDP program init script Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-04-01 13:38:09 -07:00
Vincent Li	6aaec8d485	xdp-tools: Add xdp-ddos XDP main program add xdp_ddos XDP main program with bpf tail call table and user space xdp-ddos program to load and insert protocol DDoS program like TCP or UDP or ICMP into bpf tail call table. Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-04-01 13:38:09 -07:00
Vincent Li	88c90aadcd	ddos: add ddos init script add ddos init to load/attach XDP DDoS main program with empty tail call table as place holder for tcp, udp, icmp...etc XDP DDoS program Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-04-01 13:38:02 -07:00
Vincent Li	6ff3d8e48e	Firewall UI: Add iptables rules for XDP SYNPROXY Add firewall WebUI and firewall iptables rules for XDP SYNPROXY Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-03-27 19:24:05 -07:00
Vincent Li	0f9937c78f	xdp-tools: Add XDP synproxy tailcall program LoongArch does not support bpf trampoline, so use tail call to call XDP synproxy program Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-03-25 19:41:42 -07:00
Vincent Li	42f3680941	linux: switch CONFIG_DWMAC_LOONGSON to module bpftool net unable to show attached tc BPF program, switch dwmac_loongson to module to use rmsmod dwmac_loongson; insmod dwmac_loongson as workaround [0] [0]:https://github.com/libbpf/bpftool/issues/185#issuecomment-2744477168 Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-03-25 19:41:42 -07:00
Vincent Li	bb3d53e660	loxilb: upgrade to loxilb 0.9.8.3 Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-03-25 19:41:42 -07:00
Vincent Li	6d2033cf2f	linux: fix loongarch bpf jit apply two loongarch bpf jit fixes [0] [1] by Hengqi Chen [0]: https://lore.kernel.org/loongarch/20250315080320.4193821-1-hengqi.chen@gmail.com/ [1]: https://lore.kernel.org/loongarch/20250317015755.2760716-1-hengqi.chen@gmail.com/ Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-03-25 19:41:35 -07:00
Vincent Li	a19a0bf167	linux: upgrade kernel to current upstream 6.14 rc5 Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-03-08 18:35:58 -08:00
Vincent Li	532063b124	linux: enable kernel CONFIG_BPF_JIT_ALWAYS_ON Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-03-08 18:31:57 -08:00
Vincent Li	79e0a3fcdb	linux: enable bootparam softlockup/hardlockup enable hardlockup/softlockup to dump backtrace if kernel hit hardlockup/softlockup Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-02-16 13:51:52 -08:00
Vincent Li	1e8868a1af	loxilb: upgrade loxilb to upstream main branch loxilb upstream main branch fixed issue for kernel 6.12. test loxilb for loongfire Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-02-13 08:17:00 -08:00
Vincent Li	04a4907087	loxicmd: add loxicmd for loongarch64 Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-01-29 08:36:00 -08:00
Vincent Li	beb7cdabf7	loxilb: add loxilb 0.9.8 addon for loongarch64 loxilb ebpf program relies on libbpf 0.8 which does not have loongarch64 support. backported libbpf 1.2.3 loongarch support to libbpf 0.8 loxilb 0.9.8 now load ebpf program through libbpf, no external ntc command required, so remove ntc Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-01-28 19:09:10 -08:00
Vincent Li	c0a92ea299	packages: add loongarch64 directory add loongarch64 directory similar to riscv with samba. missing loongarch64 directory and a package under it will result package build error: ERROR: No such file or directory: BASEDIR/README.md fix: https://github.com/vincentmli/BPFire/issues/71 Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-01-14 12:14:55 -08:00
Vincent Li	5cafdf74f8	packages: remove packages with package error these packages ended up with error tar: Exiting with failure status due to previous errors remove them for now Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-01-14 10:26:38 -08:00
Vincent Li	185ee78dd7	README: add loognfire build howto Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-01-14 08:54:34 -08:00
Vincent Li	ba2e5b4323	make.sh: add build_package to build packages sometime we only want to build package so we can just ./make.sh build_package and skip other build processes. Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-01-13 18:36:51 -08:00
Vincent Li	8d178105b1	go: add go for loongarch64 add go in build for packages depending on go Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-01-13 18:27:35 -08:00
Vincent Li	43dd019fb3	xdp-tools: fix XDP dns log stack smashing error commit f938e63dc6b2cd8a271bb4aa58d8371f4a9fa94c Author: Vincent Li <vincent.mc.li@gmail.com> Date: Sat Jan 11 10:55:23 2025 -0800 xdp-dns: fix XDP dns log stack smashing error gdb --args xdp_dns_log /sys/fs/bpf/xdp-tailcall/dns_ringbuf result in backtrace: (gdb) bt 0x00007ffff7d5fa80 in ?? () from /lib64/libc.so.6 0x00007ffff7d0be1c in raise () from /lib64/libc.so.6 0x00007ffff7cf49fc in abort () from /lib64/libc.so.6 0x00007ffff7d50ff0 in ?? () from /lib64/libc.so.6 0x00007ffff7de32d4 in __fortify_fail () from /lib64/libc.so.6 0x00007ffff7de42b0 in __stack_chk_fail () from /lib64/libc.so.6 0x000000012000f248 in handle_event () 0x00007ffff7eca0fc in ?? () from /usr/lib64/libbpf.so.1 0x00007ffff7eca8c8 in ring_buffer.poll () from /usr/lib64/libbpf.so.1 0x000000012000372c in main () Paste the gdb backtrace in ChatGPT and ChatGPT suggested the fix Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-01-11 11:06:15 -08:00
Vincent Li	b4ffafc531	XDP UI: add XDP DNS monitor block logging Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-01-11 10:19:34 -08:00
Vincent Li	ec28da3453	XDP UI: add UI for XDP TLS SNI logging Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-01-11 10:13:54 -08:00
Vincent Li	8c30bad8f8	xdp-tailcall: add xdp-tailcall init script xdp-tailcall init script to start/stop XDP tail call program DNS and TLS SNI on green0 interface Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-01-10 10:56:15 -08:00
Vincent Li	959f35e44b	README: update README for loongfire Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-01-07 15:43:37 -08:00
Vincent Li	dec6a99c77	xdp-tools: add xdp-tailcall Loongarch64 does not support bpf trampoline and freplace, so we can't use libxdp to attach multiple XDP program to same network interface. Loongarch64 supports bpf tail call, so we can still use xdp-loader to load XDP program, and use bpf tail call to call each XDP program. now we can tail call DNS and TLS SNI XDP program on green0 interface change user space program to take bpf map path as command line argument so X86 and Loongarch64 can share same user space program https://github.com/vincentmli/xdp-tools commit d18f8a7b48094c861a8ee0d5c0d52e93a01edca4 Author: Vincent Li <vincent.mc.li@gmail.com> Date: Tue Jan 7 22:14:40 2025 -0800 xdp-tools: add bpf map path as cmd line argument add XDP DNS and TLS SNI user space program command line argument for bpf map so X86 and Loongarch can share the same XDP user space program commit 5d713b40dd2d0ce399f618179a2add6c07882e2a Author: Vincent Li <vincent.mc.li@gmail.com> Date: Mon Jan 6 21:09:25 2025 -0800 xdp-tailcall: add DNS XDP program add DNS XDP program as tail called program commit ad2a4e600140f8bf7a577470566efcdf11f6e214 Author: Vincent Li <vincent.mc.li@gmail.com> Date: Mon Jan 6 20:36:43 2025 -0800 xdp-tailcall: add XDP tailcall Loongarch64 does not support bpf trampoline and freplace, so use tail call to call XDP program. Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-01-07 15:41:25 -08:00
Vincent Li	61f117be83	linux: set CONFIG_ARCH_STRICT_ALIGN=n set CONFIG_ARCH_STRICT_ALIGN=n to enable CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS. this allows loading BPF program with unaligned memory access generated by clang, see [0]. this change might cause BPF program fail to load in loongarch CPU models that require strict aligned memory access. [0]: https://github.com/vincentmli/BPFire/issues/69 Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-01-02 10:04:17 -08:00
Vincent Li	bda777582c	strace: fix compile error after moving strace to core package and recompile strace, it errors out with: macros.h:141:9: error: static assertion failed: "Unexpected size of sysoff.rsv (sizeof(unsigned int) * 3 expected). --enabled-bundled=yes configure option may be used to work around that." fix the error as the error log message suggested Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2024-12-25 12:43:37 -08:00
Vincent Li	304abcd541	tcpdump: move tcpdump strace to core package Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2024-12-25 11:46:30 -08:00
Vincent Li	bbc206cb5f	flash-imgages: only double the root size only double the root size, so dd from usb to hard drive takes less time and size. Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2024-12-24 16:05:15 -08:00

1 2 3 4 5 ...

22852 Commits