CC [M] fuxi-efuse.o
fuxi-gmac-phy.c: In function 'fxgmac_phy_timer_destroy':
fuxi-gmac-phy.c:493:5: error: implicit declaration of function
'del_timer_sync'; did you mean 'dev_mc_sync'?
[-Wimplicit-function-declaration]
493 | del_timer_sync(&pdata->expansion.phy_poll_tm);
| ^~~~~~~~~~~~~~
| dev_mc_sync
make[4]: *** [/lib/modules/6.15.0-rc1-ipfire/build/scripts/Makefile.build:203:
fuxi-gmac-phy.o] Error 1
replace del_timer_sync with timer_delete_sync
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
add firewall bridge mode so it can be used as
layer 2 inline bridge for either DDoS protection
or firewall filter by iptable rules configured in
netfilter filter table forward chain.
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
This reverts commit 284c7c99881b7cbec8cbd462f667789d8d726057.
yt6801 NIC driver fail to compile with 6.15-rc1, revert the
change till yt6801 driver code is updated.
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
note config/etc/* is copied through lfs/stage2
so changes made in config/etc/* requires to
rm stage2 build log to rebuild stage2.
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
add xdp_ddos XDP main program with bpf tail
call table and user space xdp-ddos program
to load and insert protocol DDoS program like
TCP or UDP or ICMP into bpf tail call table.
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
add ddos init to load/attach XDP DDoS main
program with empty tail call table as place
holder for tcp, udp, icmp...etc XDP DDoS program
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
loxilb ebpf program relies on libbpf 0.8
which does not have loongarch64 support.
backported libbpf 1.2.3 loongarch support
to libbpf 0.8
loxilb 0.9.8 now load ebpf program through
libbpf, no external ntc command required, so
remove ntc
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
commit f938e63dc6b2cd8a271bb4aa58d8371f4a9fa94c
Author: Vincent Li <vincent.mc.li@gmail.com>
Date: Sat Jan 11 10:55:23 2025 -0800
xdp-dns: fix XDP dns log stack smashing error
gdb --args xdp_dns_log /sys/fs/bpf/xdp-tailcall/dns_ringbuf
result in backtrace:
(gdb) bt
0x00007ffff7d5fa80 in ?? () from /lib64/libc.so.6
0x00007ffff7d0be1c in raise () from /lib64/libc.so.6
0x00007ffff7cf49fc in abort () from /lib64/libc.so.6
0x00007ffff7d50ff0 in ?? () from /lib64/libc.so.6
0x00007ffff7de32d4 in __fortify_fail () from /lib64/libc.so.6
0x00007ffff7de42b0 in __stack_chk_fail () from /lib64/libc.so.6
0x000000012000f248 in handle_event ()
0x00007ffff7eca0fc in ?? () from /usr/lib64/libbpf.so.1
0x00007ffff7eca8c8 in ring_buffer.poll () from /usr/lib64/libbpf.so.1
0x000000012000372c in main ()
Paste the gdb backtrace in ChatGPT and ChatGPT suggested the fix
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
Loongarch64 does not support bpf trampoline
and freplace, so we can't use libxdp to attach
multiple XDP program to same network interface.
Loongarch64 supports bpf tail call, so we can still
use xdp-loader to load XDP program, and use bpf tail
call to call each XDP program. now we can tail call
DNS and TLS SNI XDP program on green0 interface
change user space program to take bpf map path as
command line argument so X86 and Loongarch64 can share
same user space program
https://github.com/vincentmli/xdp-tools
commit d18f8a7b48094c861a8ee0d5c0d52e93a01edca4
Author: Vincent Li <vincent.mc.li@gmail.com>
Date: Tue Jan 7 22:14:40 2025 -0800
xdp-tools: add bpf map path as cmd line argument
add XDP DNS and TLS SNI user space program command
line argument for bpf map so X86 and Loongarch can
share the same XDP user space program
commit 5d713b40dd2d0ce399f618179a2add6c07882e2a
Author: Vincent Li <vincent.mc.li@gmail.com>
Date: Mon Jan 6 21:09:25 2025 -0800
xdp-tailcall: add DNS XDP program
add DNS XDP program as tail called program
commit ad2a4e600140f8bf7a577470566efcdf11f6e214
Author: Vincent Li <vincent.mc.li@gmail.com>
Date: Mon Jan 6 20:36:43 2025 -0800
xdp-tailcall: add XDP tailcall
Loongarch64 does not support bpf trampoline and
freplace, so use tail call to call XDP program.
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
after moving strace to core package and
recompile strace, it errors out with:
macros.h:141:9: error: static assertion failed:
"Unexpected size of sysoff.rsv (sizeof(unsigned int) * 3 expected).
--enabled-bundled=yes configure option may be used to work around that."
fix the error as the error log message suggested
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
the serial change affect installing IPFire on
real Loongson hardware where no output from
the screen.
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
Add the missing serial linux command so the
flash image can be converted to qcow2, the
bpfire qcow2 image can be deployed in KVM
virtual environment through serial console
installation.
for exmaple:
virsh define BPFire-VM.xml
virsh start BPFire-VM
virsh console BPFire-VM
we will have serial console access to BPFire
VM and the installation will start.
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
no need to compress since other drivers are
not compressed.
had one instance that when system boots up
from the flash image USB drive, and when
setup the network, the driver is not loaded.
it is caused when kernel is rebuilt, yt6801
also need to be rebuilt, but linux-initrd
initramfs is not rebuilt which actually
runs the module dependencies, so linux-initrd
also need to rebuilt together.
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
build error when create flash image, increase the size
tar: var/lib/location/ipset: Cannot mkdir: No space left on device
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
rebase the kernel config from fedora loongarch kernel
6.12, and enable kernel BTF/BPF feature config
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
Initial list of changes required to build iso
and flash image successfully:
1 softwares require config.guess and config.stub
update with loongarch support
2 no rust build and no suricata which depends on rust
3 comment out python 3.10 lib-dynload and config-3.10-xxxMACHINExxx-linux-gnu
4 lfs/cdrom lfs/Config loongarch seems requiring capital EFI boot image name
to boot properly
5 comment out a few softwares that are not needed for now
iso can be installed to loongarch PC hard drive, but
fail to boot.
flash image can be dd to USB drive, then boot loongarch
PC from USB drive, then dd from USB drive to loongarch
PC hard drive
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
1. add loongarch64 in make.sh
2. updated many source tar balls with config.guss
and config.sub with loongarch64 support
3. remove rust and surricata for now
4. workaround binary env dynamic linker missing
by symbolic link tools_loongarch64/lib to lib64
when ./make.sh build
cd build_loongarch64; ln -s tools_loongarch64/lib lib64
./make.sh toolchain to build tool chain
./make clean to start fresh
./make.sh gettoolchain to extract tool chaina from cache
./make.sh build to build software and image
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
We recently started to have problems when a new installation was
launched from the flash image that creating the journal corrupted the
filesystem on the next mount operation.
Since we would like all IPFire installations to have a journal, we
create this now when we create the image and won't try to add it later.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
When we are searching for changes in rootfiles, we walk through each
file that we have found in the build and check if it exists in the
rootfile. That check interpreted filenames as regular expressions which
caused a problem in the case of "/usr/bin/[".
This patch changes that grep will only search for an exact string match
(-F) and the string must be the entire line (-x).
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Reviewed-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This patch adds the prosibility to place additional *.config files in /etc/ssh/sshd_config.d/
which will be included and loaded during the daemon startup process.
Because this files will not be overwritten by any update, they can be used to place custom
or other persistent settings.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
