bpfire

mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-09 18:45:54 +02:00

Author	SHA1	Message	Date
Vincent Li	cb5313ec87	Revert "linux: upgrade kernel to 6.15-rc1" This reverts commit 284c7c99881b7cbec8cbd462f667789d8d726057. yt6801 NIC driver fail to compile with 6.15-rc1, revert the change till yt6801 driver code is updated. Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-04-17 09:13:50 -07:00
Vincent Li	4496092bb8	linux: upgrade kernel to 6.15-rc1 6.15-rc1 officially included LoongArch BPF JIT fix Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-04-17 09:13:50 -07:00
Vincent Li	76a3e13006	tcp ddos: add XDP TCP DDoS UI Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-04-17 09:13:38 -07:00
Vincent Li	725f7278be	tcp ddos: add tcpddosctrl for safe execution add tcpddosctrl to start/stop/status XDP TCP DDoS program from tcp-ddos.cgi safely. permission of tcpddosctrl chown root.nobody /usr/local/bin/tcpddosctrl chmod u+s /usr/local/bin/tcpddosctrl result: -rwsr-x--- 1 root nobody 14672 Mar 19 09:58 /usr/local/bin/ddosctrl Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-04-02 14:19:28 -07:00
Vincent Li	967a0319b4	syslog: log kernel message to kern.log note config/etc/* is copied through lfs/stage2 so changes made in config/etc/* requires to rm stage2 build log to rebuild stage2. Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-04-01 17:42:01 -07:00
Vincent Li	245634dacd	initscripts: add TCP DDoS XDP program init script Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-04-01 13:38:09 -07:00
Vincent Li	6aaec8d485	xdp-tools: Add xdp-ddos XDP main program add xdp_ddos XDP main program with bpf tail call table and user space xdp-ddos program to load and insert protocol DDoS program like TCP or UDP or ICMP into bpf tail call table. Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-04-01 13:38:09 -07:00
Vincent Li	88c90aadcd	ddos: add ddos init script add ddos init to load/attach XDP DDoS main program with empty tail call table as place holder for tcp, udp, icmp...etc XDP DDoS program Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-04-01 13:38:02 -07:00
Vincent Li	6ff3d8e48e	Firewall UI: Add iptables rules for XDP SYNPROXY Add firewall WebUI and firewall iptables rules for XDP SYNPROXY Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-03-27 19:24:05 -07:00
Vincent Li	0f9937c78f	xdp-tools: Add XDP synproxy tailcall program LoongArch does not support bpf trampoline, so use tail call to call XDP synproxy program Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-03-25 19:41:42 -07:00
Vincent Li	42f3680941	linux: switch CONFIG_DWMAC_LOONGSON to module bpftool net unable to show attached tc BPF program, switch dwmac_loongson to module to use rmsmod dwmac_loongson; insmod dwmac_loongson as workaround [0] [0]:https://github.com/libbpf/bpftool/issues/185#issuecomment-2744477168 Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-03-25 19:41:42 -07:00
Vincent Li	bb3d53e660	loxilb: upgrade to loxilb 0.9.8.3 Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-03-25 19:41:42 -07:00
Vincent Li	6d2033cf2f	linux: fix loongarch bpf jit apply two loongarch bpf jit fixes [0] [1] by Hengqi Chen [0]: https://lore.kernel.org/loongarch/20250315080320.4193821-1-hengqi.chen@gmail.com/ [1]: https://lore.kernel.org/loongarch/20250317015755.2760716-1-hengqi.chen@gmail.com/ Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-03-25 19:41:35 -07:00
Vincent Li	a19a0bf167	linux: upgrade kernel to current upstream 6.14 rc5 Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-03-08 18:35:58 -08:00
Vincent Li	532063b124	linux: enable kernel CONFIG_BPF_JIT_ALWAYS_ON Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-03-08 18:31:57 -08:00
Vincent Li	79e0a3fcdb	linux: enable bootparam softlockup/hardlockup enable hardlockup/softlockup to dump backtrace if kernel hit hardlockup/softlockup Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-02-16 13:51:52 -08:00
Vincent Li	1e8868a1af	loxilb: upgrade loxilb to upstream main branch loxilb upstream main branch fixed issue for kernel 6.12. test loxilb for loongfire Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-02-13 08:17:00 -08:00
Vincent Li	04a4907087	loxicmd: add loxicmd for loongarch64 Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-01-29 08:36:00 -08:00
Vincent Li	beb7cdabf7	loxilb: add loxilb 0.9.8 addon for loongarch64 loxilb ebpf program relies on libbpf 0.8 which does not have loongarch64 support. backported libbpf 1.2.3 loongarch support to libbpf 0.8 loxilb 0.9.8 now load ebpf program through libbpf, no external ntc command required, so remove ntc Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-01-28 19:09:10 -08:00
Vincent Li	c0a92ea299	packages: add loongarch64 directory add loongarch64 directory similar to riscv with samba. missing loongarch64 directory and a package under it will result package build error: ERROR: No such file or directory: BASEDIR/README.md fix: https://github.com/vincentmli/BPFire/issues/71 Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-01-14 12:14:55 -08:00
Vincent Li	5cafdf74f8	packages: remove packages with package error these packages ended up with error tar: Exiting with failure status due to previous errors remove them for now Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-01-14 10:26:38 -08:00
Vincent Li	185ee78dd7	README: add loognfire build howto Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-01-14 08:54:34 -08:00
Vincent Li	ba2e5b4323	make.sh: add build_package to build packages sometime we only want to build package so we can just ./make.sh build_package and skip other build processes. Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-01-13 18:36:51 -08:00
Vincent Li	8d178105b1	go: add go for loongarch64 add go in build for packages depending on go Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-01-13 18:27:35 -08:00
Vincent Li	43dd019fb3	xdp-tools: fix XDP dns log stack smashing error commit f938e63dc6b2cd8a271bb4aa58d8371f4a9fa94c Author: Vincent Li <vincent.mc.li@gmail.com> Date: Sat Jan 11 10:55:23 2025 -0800 xdp-dns: fix XDP dns log stack smashing error gdb --args xdp_dns_log /sys/fs/bpf/xdp-tailcall/dns_ringbuf result in backtrace: (gdb) bt 0x00007ffff7d5fa80 in ?? () from /lib64/libc.so.6 0x00007ffff7d0be1c in raise () from /lib64/libc.so.6 0x00007ffff7cf49fc in abort () from /lib64/libc.so.6 0x00007ffff7d50ff0 in ?? () from /lib64/libc.so.6 0x00007ffff7de32d4 in __fortify_fail () from /lib64/libc.so.6 0x00007ffff7de42b0 in __stack_chk_fail () from /lib64/libc.so.6 0x000000012000f248 in handle_event () 0x00007ffff7eca0fc in ?? () from /usr/lib64/libbpf.so.1 0x00007ffff7eca8c8 in ring_buffer.poll () from /usr/lib64/libbpf.so.1 0x000000012000372c in main () Paste the gdb backtrace in ChatGPT and ChatGPT suggested the fix Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-01-11 11:06:15 -08:00
Vincent Li	b4ffafc531	XDP UI: add XDP DNS monitor block logging Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-01-11 10:19:34 -08:00
Vincent Li	ec28da3453	XDP UI: add UI for XDP TLS SNI logging Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-01-11 10:13:54 -08:00
Vincent Li	8c30bad8f8	xdp-tailcall: add xdp-tailcall init script xdp-tailcall init script to start/stop XDP tail call program DNS and TLS SNI on green0 interface Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-01-10 10:56:15 -08:00
Vincent Li	959f35e44b	README: update README for loongfire Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-01-07 15:43:37 -08:00
Vincent Li	dec6a99c77	xdp-tools: add xdp-tailcall Loongarch64 does not support bpf trampoline and freplace, so we can't use libxdp to attach multiple XDP program to same network interface. Loongarch64 supports bpf tail call, so we can still use xdp-loader to load XDP program, and use bpf tail call to call each XDP program. now we can tail call DNS and TLS SNI XDP program on green0 interface change user space program to take bpf map path as command line argument so X86 and Loongarch64 can share same user space program https://github.com/vincentmli/xdp-tools commit d18f8a7b48094c861a8ee0d5c0d52e93a01edca4 Author: Vincent Li <vincent.mc.li@gmail.com> Date: Tue Jan 7 22:14:40 2025 -0800 xdp-tools: add bpf map path as cmd line argument add XDP DNS and TLS SNI user space program command line argument for bpf map so X86 and Loongarch can share the same XDP user space program commit 5d713b40dd2d0ce399f618179a2add6c07882e2a Author: Vincent Li <vincent.mc.li@gmail.com> Date: Mon Jan 6 21:09:25 2025 -0800 xdp-tailcall: add DNS XDP program add DNS XDP program as tail called program commit ad2a4e600140f8bf7a577470566efcdf11f6e214 Author: Vincent Li <vincent.mc.li@gmail.com> Date: Mon Jan 6 20:36:43 2025 -0800 xdp-tailcall: add XDP tailcall Loongarch64 does not support bpf trampoline and freplace, so use tail call to call XDP program. Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-01-07 15:41:25 -08:00
Vincent Li	61f117be83	linux: set CONFIG_ARCH_STRICT_ALIGN=n set CONFIG_ARCH_STRICT_ALIGN=n to enable CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS. this allows loading BPF program with unaligned memory access generated by clang, see [0]. this change might cause BPF program fail to load in loongarch CPU models that require strict aligned memory access. [0]: https://github.com/vincentmli/BPFire/issues/69 Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2025-01-02 10:04:17 -08:00
Vincent Li	bda777582c	strace: fix compile error after moving strace to core package and recompile strace, it errors out with: macros.h:141:9: error: static assertion failed: "Unexpected size of sysoff.rsv (sizeof(unsigned int) * 3 expected). --enabled-bundled=yes configure option may be used to work around that." fix the error as the error log message suggested Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2024-12-25 12:43:37 -08:00
Vincent Li	304abcd541	tcpdump: move tcpdump strace to core package Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2024-12-25 11:46:30 -08:00
Vincent Li	bbc206cb5f	flash-imgages: only double the root size only double the root size, so dd from usb to hard drive takes less time and size. Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2024-12-24 16:05:15 -08:00
Vincent Li	fab6187016	Revert "flash-images: add serial console linux command" the serial change affect installing IPFire on real Loongson hardware where no output from the screen. Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2024-12-24 16:01:47 -08:00
Vincent Li	3aea115577	langs: Add UI Chinese language Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2024-12-23 13:59:15 -08:00
Vincent Li	cf5df05796	flash-images: add serial console linux command Add the missing serial linux command so the flash image can be converted to qcow2, the bpfire qcow2 image can be deployed in KVM virtual environment through serial console installation. for exmaple: virsh define BPFire-VM.xml virsh start BPFire-VM virsh console BPFire-VM we will have serial console access to BPFire VM and the installation will start. Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2024-12-22 17:46:39 -08:00
Vincent Li	4f473b785a	flash-images: mount bpffs for XDP program Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2024-12-22 17:45:04 -08:00
Vincent Li	bc2ac2db5b	yt6801: remove xz compression of driver no need to compress since other drivers are not compressed. had one instance that when system boots up from the flash image USB drive, and when setup the network, the driver is not loaded. it is caused when kernel is rebuilt, yt6801 also need to be rebuilt, but linux-initrd initramfs is not rebuilt which actually runs the module dependencies, so linux-initrd also need to rebuilt together. Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2024-12-22 11:40:38 -08:00
Vincent Li	cfefb2a884	xdp-tools: add xdp-tools Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2024-12-22 11:28:31 -08:00
Vincent Li	d88bdd74b3	perf: add linux perf tool Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2024-12-21 18:00:47 -08:00
Vincent Li	51ff36eb32	bpftool: add bpftool Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2024-12-21 17:57:09 -08:00
Vincent Li	708556b443	libbpf: add libbpf Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2024-12-21 17:56:33 -08:00
Vincent Li	379faf9f47	suricata: enable compile and install suricata add rust back and enable compile and install suricata Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2024-12-21 15:50:47 -08:00
Vincent Li	5d628cf3bf	flash-images: increase disk space build error when create flash image, increase the size tar: var/lib/location/ipset: Cannot mkdir: No space left on device Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2024-12-21 15:38:41 -08:00
Vincent Li	1c3c9da5cf	llvm-project: add llvm/clang to compile BPF program Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2024-12-21 10:20:12 -08:00
Vincent Li	2e5f7966ac	yt6801: add yt6801 driver for loongson NUC yt6801 ethernet driver is out of kernel tree add lfs/yt6801 to build yt6801 driver Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2024-12-20 14:05:08 -08:00
Vincent Li	e3dff6fb65	kernel: enable BPF/BTF config rebase the kernel config from fedora loongarch kernel 6.12, and enable kernel BTF/BPF feature config Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2024-12-20 09:07:23 -08:00
Vincent Li	ae6af66e21	pahole: add pahole for kernel BTF generation CONFIG_DEBUG_INFO_BTF=y requires pahole installed steps to prepare pahole: git clone --recurse-submodules https://kernel.googlesource.com/pub/scm/devel/pahole/pahole.git cd pahole git checkout -b v1.28 v1.28 cd .. mv pahole pahole-1.28 tar czvf pahole-1.28.tar.gz pahole-1.28 b2sum pahole-1.28.tar.gz Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2024-12-20 08:06:59 -08:00
Vincent Li	342323fa0c	initscripts: stop fireinfo startup during boot fireinfo startup script requires user intervention due to python error, remove it for now Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>	2024-12-19 12:42:27 -08:00

1 2 3 4 5 ...

22836 Commits