how to generate logo format:
apt-get install netpbm
1 convert png format to ppm format
pngtopnm bpfire-logo.png > bpfire-logo.ppm
2 reduce the color count to 224
ppmquant 224 bpfire-logo.ppm > bpfire-logo-224.ppm
3 convert ppm raw format to ascii format
pnmnoraw bpfire-logo-224.ppm > bpfire-logo-ascii.ppm
cp bpfire-logo-ascii.ppm config/kernel/
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
This reverts commit bb773a05d5.
drivers/video/logo/logo_linux_clut224.ppm: Binary PNM is not supported
Use pnmnoraw(1) to convert it to ASCII PNM
make[6]: *** [drivers/video/logo/Makefile:31: drivers/video/logo/logo_linux_clut224.c] Error 1
make[5]: *** [scripts/Makefile.build:485: drivers/video/logo] Error 2
make[4]: *** [scripts/Makefile.build:485: drivers/video] Error 2
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
whenever compile kernel due to kernel change
lunatik needs to be recompiled too since
lunatik depends on kernel
change filter example Makefile to depend on
current kernel build version
diff --git a/examples/filter/Makefile b/examples/filter/Makefile
index f7eb0f6d..e30566a2 100644
--- a/examples/filter/Makefile
+++ b/examples/filter/Makefile
@@ -1,10 +1,12 @@
# SPDX-FileCopyrightText: (c) 2023-2024 Ring Zero Desenvolvimento de Software LTDA
# SPDX-License-Identifier: MIT OR GPL-2.0-only
+VMLINUX_BTF_PATH = /lib/modules/${shell uname -r}/build
+
all: vmlinux https.o
vmlinux:
- bpftool btf dump file /sys/kernel/btf/vmlinux format c > vmlinux.h
+ bpftool btf dump file $(VMLINUX_BTF_PATH)/vmlinux format c > vmlinux.h
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
upgrade kernel to recent stable release 6.10.11
1, scripts/kconfig/merge_config.sh does not work for 6.10.11
2, vmlinux BTF binary name changed in 6.10.11
3, remove rtl8812au for now since it has compiling error
4, remove 5.15 nfqueue patch since it does not apply cleanly
also see [0]
[0]: https://github.com/vincentmli/BPFire/issues/41
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
BTF mismatch is not an issue since
we addressed lunatik kernel module
BTF mismatch issue using the same
chroot binary vmlinux BTF.
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
error when run lunatik which loads lunatik kernel modules
root@bpfire-2 lua]# lunatik run examples/filter/sni false
[root@bpfire-2 lua]# dmesg
[ 330.411665] lunatik: loading out-of-tree module taints kernel.
[ 330.411680] lunatik: module verification failed: signature and/or required key missing - tainting kernel
[ 330.433955] Kernel module BTF mismatch detected, BTF debug info may be unavailable for some modules
[ 330.767701] missing module BTF, cannot register kfuncs
BPFire chroot build mount /sys/kernel/btf/vmlinux which is
the host binary vmlinux BTF to build against lunatik kernel module,
which result in above error. adjust BPFire kernel build to save
the binary vmlinux BTF to chroot
/lib/modules/6.6.15-ipfire/build/vmlinux for lunatik kernel module.
create the vmlinux.h from the same binary vmlinux BTF for the ebpf https.o
lunatik kernel module is depending on kernel build, adjust the lunatik
build accordingly when kerne upgrade in future.
See https://github.com/vincentmli/BPFire/issues/40
see https://github.com/luainkernel/lunatik/issues/189
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
xdp-loader to load https.o result in error below:
libbpf: loading kernel BTF '/sys/kernel/btf/vmlinux': 0
libbpf: extern (func ksym) 'bpf_luaxdp_run': not found in kernel or module BTFs
libbpf: failed to load object '/usr/lib/bpf/https.o'
libxdp: Failed to load program filter_https: Invalid argument
Couldn't attach XDP program on iface 'green0': Invalid argument(-22)
xdp-tools/xdp-loader is built statically with libbpf 1.2
should not be xdp-loader libbpf issue
still try to upgrade bpfire libbpf to 1.3.0 for testing
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
kernel requires module to be signed, disable force
signing for now.
insmod: ERROR: could not insert module /lib/modules/6.6.15-ipfire/lunatik/lunatik.ko: Key was rejected by service
set CONFIG_MODULE_SIG_FORCE=n
failed to validate module [lunatik] BTF: -22
set CONFIG_MODULE_ALLOW_BTF_MISMATCH=y
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
lunatik kernel modules requires kernel to be built first
so /lib/modules is available for lunatik
lunatik also requires resolve_btfids under:
/lib/modules/$(VER)-$(VERSUFIX)/build/tools/bpf/resolve_btfids/
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
should not send bpfire user profile to ipfire
to confuse ipfire community, bpfire could setup
such profile collection in the future.
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
To block or rate limit DNS query from green
network client, the xdp-dns program should
be attached to green0 interface to scan the
DNS query. attach to red0 interface only get
the DNS response packet from red0(WAN), not
matching the DNS query we want.
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
when add loxilb development tree, loxilb requires go >= 1.23.0
ranlib libloxilbdp.a
make[3]: Leaving directory '/usr/src/loxilb-0.9.x/loxilb-ebpf/kernel'
make[2]: Leaving directory '/usr/src/loxilb-0.9.x/loxilb-ebpf'
go: go.mod requires go >= 1.23.0 (running go 1.22.0)
make[1]: *** [Makefile:14: build] Error 1
make[1]: Leaving directory '/usr/src/loxilb-0.9.x'
make: *** [loxilb:76: /usr/src/log/loxilb-0.9.x] Error 2
after upgrading golang to 1.23.0, loxilb development tree result in error
make[2]: Leaving directory '/usr/src/loxilb-0.9.x/loxilb-ebpf'
# runtime
/usr/lib/go/src/runtime/mbitmap_noallocheaders.go:53:2: mallocHeaderSize redeclared in this block
/usr/lib/go/src/runtime/mbitmap.go:71:2: other declaration of mallocHeaderSize
/usr/lib/go/src/runtime/mbitmap_noallocheaders.go:54:2: minSizeForMallocHeader redeclared in this block
the workaround is to remove build/usr/lib/go directory, then
rm log/go-1.23.0, ./make.sh build to re-add go 1.23.0
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
save IP/LB/FW configuration from loxilb UI so
when loxilb restart or bpfire reboot, the configuration
can be restored.
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
allow syscall tracing with eBPF like
bcc libbpf-tools opensnoop to trouble
shoot open syscall for UI user nobody
unable to run loxicmd save -a -c /var/ipfire/loxilib/
see https://github.com/vincentmli/BPFire/issues/30
mount -t debugfs none /sys/kernel/debug/
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
add dummy ip 192.0.2.1 in virutal_ipaddress from (TEST-NET-1)
according to https://www.rfc-editor.org/rfc/rfc5737#section-3
for keepalived HA state tracking, the Master will always
have the dummy ip assigned to green0.
add refresh button for HA state refresh
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
when mouse select, vim automatically turns into
visual mode, this is not convienent when copy
and paste in vim with mouse select. create this
setting for root user.
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
in HA scenario, the shared/floating VIP
is not configured on the red0 interface
when setup LoxiLB lb from the UI in standby
BPFire, some VIPs are missing since these
VIPs are only configured in the active BPFire.
get VIPs from /var/ipfire/loxilb/ipconfigfile
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
when run loxicmd save -a -c /var/ipfire/loxilb/
ipconfig directory will be created, which conflicts
with loxilb UI that also save virtual ip to
/var/ipfire/loxilb/ipconfig, so rename ipconfig to
ipconfigfile.
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
when loxilb is enabled and started, enable the
firewall SNAT for green network so green network
could have initiate outgoing traffic like internet
access.
we can achieve this by restoring firewall SNAT setting
from default /var/ipfire/loxilb/FWconfig.txt when loxilb
start up with --config-path=/var/ipfire/loxilb thanks
to the enhancement addressed in issue:
https://github.com/loxilb-io/loxilb/issues/706
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
LoxiLB 0.9.4 lack of SNAT feature for egress traffic
initiated from BPFire green network, when loxilb is
enabled, it breaks BPFire green network client Internet
access, this issue is fixed in the loxilb development
branch, temporarily I make loxilb development branch
as 0.9.5 in BPFire so I could test the SNAT feature and
it works.
see detail in https://github.com/loxilb-io/loxilb/issues/718
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
When loxilb and keepalived are enabled, after BPFire
rebooted, loxilb and keepalived failed to start and
shows as "STOPPED" from UI, this is not expected since
we want to loxilb and keepalived to continue to be enabled
after reboot based on the enabled state of loxilb and
keepalived before reboot.
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
remove @nosaved from /var/ipfire/loxilb/settings
as it could interfere with running state of
loxilb
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
remove @nosaved item from form submission
before writehash to each setting file because
it could interfere with each other.
for example, when change keepalived configuration
for green or red interface from the UI,
without removing @nosaved which has 'ENABLE_HA'
before writehash, 'ENABLE_HA=off' would be saved
in '/var/ipfire/keepalived/settings', this would
trigger the UI to show keepalived being "STOPPED"
or it could actually stopoped keepalived.
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
In BPFire HA deployment, a floating/shared router IP
is required for backend/endpoint server. by default
BPFire uses the primary IP on green0 when running
setup script. Now the floating/shared router IP can
be added to green0 interface as secondary IP through
loxilb UI, keepalived UI can configure the secondary
IP as virtual ipaddress, when HA failover happens,
keepalived will move the virtual ipaddress to new active
BPFire.
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
BPFire red0 does not support multicast, need to
have unicast peer configured, then the virtual
ipaddress can be added to red0 interface.
the UI requires /var/ipfire/keepalived/runsettings
/var/ipfire/keepalived/settings to be created, so
add them lfs/configroot
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
change keepalived default config to
/var/ipfire/keepalived/keepalived.conf so keepalived WebUI
could read/write the configuration file. also add
/var/ipfire/keepalived directory
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
keepalived: create /var/ipfire/keepalived
since we added loxilb ip management to add ip on
red0 interface, we can select the virtual ip from
red0 interface.
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
