Merge pull request #13 from netfoundry/v0.4.3_release_candidate

Refactored logging/debug to use ring buffer rather than bpf_prink add…
netfoundry · Jul 27, 2023 · dd1ce45 · dd1ce45
2 parents b62abd5 + f2829d1
commit dd1ce45
Show file tree

Hide file tree

Showing 9 changed files with 758 additions and 276 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -34,7 +34,7 @@ jobs:
           clang -D BPF_MAX_ENTRIES=100000 -g -O2 -Wall -Wextra -target bpf -c -o files/bin/zfw_tc_ingress.o src/zfw_tc_ingress.c
           clang -g -O2 -Wall -Wextra -target bpf -c -o files/bin/zfw_xdp_tun_ingress.o src/zfw_xdp_tun_ingress.c
           clang -g -O2 -Wall -Wextra -target bpf -c -o files/bin/zfw_tc_outbound_track.o src/zfw_tc_outbound_track.c
-          clang -D BPF_MAX_ENTRIES=100000 -O2 -Wall -Wextra -o files/bin/zfw src/zfw.c
+          clang -D BPF_MAX_ENTRIES=100000 -O2 -lbpf -Wall -Wextra -o files/bin/zfw src/zfw.c
           gcc -o files/bin/zfw_tunnwrapper src/zfw_tunnel_wrapper.c -l json-c
       
       - name: Get version
@@ -124,7 +124,7 @@ jobs:
           clang -D BPF_MAX_ENTRIES=100000 -g -O2 -Wall -I /usr/include/aarch64-linux-gnu/ -Wextra -target bpf -c -o files/bin/zfw_tc_ingress.o src/zfw_tc_ingress.c
           clang -g -O2 -Wall -I /usr/include/aarch64-linux-gnu/ -Wextra -target bpf -c -o files/bin/zfw_xdp_tun_ingress.o src/zfw_xdp_tun_ingress.c
           clang -g -O2 -Wall -I /usr/include/aarch64-linux-gnu/-Wextra -target bpf -c -o files/bin/zfw_tc_outbound_track.o src/zfw_tc_outbound_track.c
-          clang -D BPF_MAX_ENTRIES=100000 -O2 -Wall -I /usr/include/aarch64-linux-gnu/ -Wextra -o files/bin/zfw src/zfw.c
+          clang -D BPF_MAX_ENTRIES=100000 -O2 -lbpf -Wall -I /usr/include/aarch64-linux-gnu/ -Wextra -o files/bin/zfw src/zfw.c
           gcc -o files/bin/zfw_tunnwrapper src/zfw_tunnel_wrapper.c -l json-c
 
       - name: Get version

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -35,7 +35,7 @@ jobs:
           clang -D BPF_MAX_ENTRIES=100000 -g -O2 -Wall -Wextra -target bpf -c -o files/bin/zfw_tc_ingress.o src/zfw_tc_ingress.c
           clang -g -O2 -Wall -Wextra -target bpf -c -o files/bin/zfw_xdp_tun_ingress.o src/zfw_xdp_tun_ingress.c
           clang -g -O2 -Wall -Wextra -target bpf -c -o files/bin/zfw_tc_outbound_track.o src/zfw_tc_outbound_track.c
-          clang -D BPF_MAX_ENTRIES=100000 -O2 -Wall -Wextra -o files/bin/zfw src/zfw.c
+          clang -D BPF_MAX_ENTRIES=100000 -O2 -lbpf -Wall -Wextra -o files/bin/zfw src/zfw.c
           gcc -o files/bin/zfw_tunnwrapper src/zfw_tunnel_wrapper.c -l json-c
       
       - name: Get version
@@ -125,7 +125,7 @@ jobs:
           clang -D BPF_MAX_ENTRIES=100000 -g -O2 -Wall -I /usr/include/aarch64-linux-gnu/ -Wextra -target bpf -c -o files/bin/zfw_tc_ingress.o src/zfw_tc_ingress.c
           clang -g -O2 -Wall -I /usr/include/aarch64-linux-gnu/ -Wextra -target bpf -c -o files/bin/zfw_xdp_tun_ingress.o src/zfw_xdp_tun_ingress.c
           clang -g -O2 -Wall -I /usr/include/aarch64-linux-gnu/-Wextra -target bpf -c -o files/bin/zfw_tc_outbound_track.o src/zfw_tc_outbound_track.c
-          clang -D BPF_MAX_ENTRIES=100000 -O2 -Wall -I /usr/include/aarch64-linux-gnu/ -Wextra -o files/bin/zfw src/zfw.c
+          clang -D BPF_MAX_ENTRIES=100000 -O2 -lbpf -Wall -I /usr/include/aarch64-linux-gnu/ -Wextra -o files/bin/zfw src/zfw.c
           gcc -o files/bin/zfw_tunnwrapper src/zfw_tunnel_wrapper.c -l json-c
 
       - name: Get version

diff --git a/BUILD.md b/BUILD.md
@@ -22,7 +22,7 @@
         clang -g -O2 -Wall -Wextra -target bpf -c -o zfw_tc_ingress.o zfw_tc_ingress.c
         clang -g -O2 -Wall -Wextra -target bpf -c -o zfw_xdp_tun_ingress.o zfw_xdp_tun_ingress.c
         clang -g -O2 -Wall -Wextra -target bpf -c -o zfw_tc_outbound_track.o zfw_tc_outbound_track.c
-        clang -O2 -Wall -Wextra -o zfw zfw.c
+        clang -O2 -lbpf -Wall -Wextra -o zfw zfw.c
         gcc -o zfw_tunnwrapper zfw_tunnel_wrapper.c -l json-c
     ```  
 
@@ -48,7 +48,7 @@
         clang -g -O2 -Wall -I /usr/include/aarch64-linux-gnu/ -Wextra -target bpf -c -o zfw_tc_ingress.o zfw_tc_ingress.c
         clang -g -O2 -Wall -I /usr/include/aarch64-linux-gnu/ -Wextra -target bpf -c -o zfw_xdp_tun_ingress.o zfw_xdp_tun_ingress.c
         clang -g -O2 -Wall -I /usr/include/aarch64-linux-gnu/ -Wextra -target bpf -c -o zfw_tc_outbound_track.o zfw_tc_outbound_track.c
-        clang -O2 -Wall -I /usr/include/aarch64-linux-gnu/ -Wextra -o zfw zfw.c
+        clang -O2 -lbpf -Wall -I /usr/include/aarch64-linux-gnu/ -Wextra -o zfw zfw.c
         gcc -o zfw_tunnwrapper zfw_tunnel_wrapper.c -l json-c
     ```     
 

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -3,6 +3,14 @@
 All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 ---
+# [0.4.3] - 2023-07-25
+
+###
+
+-- Refactored monitoring to use ring buffer and removed all bpf_printk() helper calls
+-- Added ring buffer monitoring to zfw via -M, --monitor <interface | all> flags 
+-- General Code cleanup in zfw.c  
+
 # [0.4.2] - 2023-07-15
 
 ###

diff --git a/README.md b/README.md
@@ -341,22 +341,18 @@ sudo zfw -F
 Example: Monitor ebpf trace messages
 
 ```
-sudo zfw -v <ifname>|all
-sudo cat /sys/kernel/debug/tracing/trace_pipe
+sudo zfw -M <ifname>|all
+
 ```
 
 ```
-<idle>-0       [007] dNs.. 167940.070727: bpf_trace_printk: ens33
-<idle>-0       [007] dNs.. 167940.070728: bpf_trace_printk: source_ip = 0xA010101
-<idle>-0       [007] dNs.. 167940.070728: bpf_trace_printk: dest_ip = 0xAC10F001
-<idle>-0       [007] dNs.. 167940.070729: bpf_trace_printk: protocol_id = 17
-<idle>-0       [007] dNs.. 167940.070729: bpf_trace_printk: tproxy_mapping->5060 to 59423
-
-<idle>-0       [007] dNs.. 167954.255414: bpf_trace_printk: ens33
-<idle>-0       [007] dNs.. 167954.255414: bpf_trace_printk: source_ip = 0xA010101
-<idle>-0       [007] dNs.. 167954.255415: bpf_trace_printk: dest_ip = 0xAC10F001
-<idle>-0       [007] dNs.. 167954.255415: bpf_trace_printk: protocol_id = 6
-<idle>-0       [007] dNs.. 167954.255416: bpf_trace_printk: tproxy_mapping->22 to 39839
+Jul 26 2023 01:42:24.108913490 : ens33 : TCP :172.16.240.139:51166[0:c:29:6a:d1:61] > 192.168.1.1:5201[0:c:29:bb:24:a1] redirect ---> ziti0
+Jul 26 2023 01:42:24.108964534 : ziti0 : TCP :192.168.1.1:0[0:c:29:bb:24:a1] > 172.16.240.139:0[0:c:29:6a:d1:61] redirect ---> ens33
+Jul 26 2023 01:42:24.109011595 : ziti0 : TCP :192.168.1.1:0[0:c:29:bb:24:a1] > 172.16.240.139:0[0:c:29:6a:d1:61] redirect ---> ens33
+Jul 26 2023 01:42:24.109036999 : ziti0 : TCP :192.168.1.1:0[0:c:29:bb:24:a1] > 172.16.240.139:0[0:c:29:6a:d1:61] redirect ---> ens33
+Jul 26 2023 01:42:24.108913490 : ens33 : TCP :172.16.240.139:51166[0:c:29:6a:d1:61] > 192.168.1.1:5201[0:c:29:bb:24:a1] redirect ---> ziti0
+Jul 26 2023 01:42:24.108964534 : ziti0 : TCP :192.168.1.1:0[0:c:29:bb:24:a1] > 172.16.240.139:0[0:c:29:6a:d1:61] redirect ---> ens33
+Jul 26 2023 01:42:24.109011595 : ziti0 : TCP :192.168.1.1:0[0:c:29:bb:24:a1] > 172.16.240.139:0[0:c:29:6a:d1:61] redirect ---> ens33
 ```
 
 Example: List all rules in Firewall