Merge pull request #14 from netfoundry/v0.4.4_release_candidate

Added Makefile anf install.sh to src/ to give support for make based …
netfoundry · Aug 1, 2023 · ed68638 · ed68638
2 parents dd1ce45 + b07d5ed
commit ed68638
Show file tree

Hide file tree

Showing 7 changed files with 129 additions and 18 deletions.
diff --git a/BUILD.md b/BUILD.md
@@ -19,12 +19,9 @@
         cd repos
         git clone https://github.com/r-caamano/zfw.git 
         cd zfw/src
-        clang -g -O2 -Wall -Wextra -target bpf -c -o zfw_tc_ingress.o zfw_tc_ingress.c
-        clang -g -O2 -Wall -Wextra -target bpf -c -o zfw_xdp_tun_ingress.o zfw_xdp_tun_ingress.c
-        clang -g -O2 -Wall -Wextra -target bpf -c -o zfw_tc_outbound_track.o zfw_tc_outbound_track.c
-        clang -O2 -lbpf -Wall -Wextra -o zfw zfw.c
-        gcc -o zfw_tunnwrapper zfw_tunnel_wrapper.c -l json-c
-    ```  
+        make all
+        sudo make install ARGS=<router|tunnel>
+        ```  
 
 - OS/Platform: Ubuntu 22.04 / arm64
     1. install libraries
@@ -45,12 +42,9 @@
         cd repos
         git clone https://github.com/r-caamano/zfw.git
         cd zfw/src
-        clang -g -O2 -Wall -I /usr/include/aarch64-linux-gnu/ -Wextra -target bpf -c -o zfw_tc_ingress.o zfw_tc_ingress.c
-        clang -g -O2 -Wall -I /usr/include/aarch64-linux-gnu/ -Wextra -target bpf -c -o zfw_xdp_tun_ingress.o zfw_xdp_tun_ingress.c
-        clang -g -O2 -Wall -I /usr/include/aarch64-linux-gnu/ -Wextra -target bpf -c -o zfw_tc_outbound_track.o zfw_tc_outbound_track.c
-        clang -O2 -lbpf -Wall -I /usr/include/aarch64-linux-gnu/ -Wextra -o zfw zfw.c
-        gcc -o zfw_tunnwrapper zfw_tunnel_wrapper.c -l json-c
-    ```     
+        make all
+        sudo make install ARGS=<router|tunnel>
+        ```     
 
 
 
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -3,6 +3,16 @@
 All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 ---
+# [0.4.4] - 2023-08-01
+
+###
+
+- Added Makefile and install.sh in src folder to allow 
+  build via make.
+
+- Fixed issue where start_ebpf_router.py was not   
+  properly updating the ziti-router.service file.
+
 # [0.4.3] - 2023-07-25
 
 ###

diff --git a/README.md b/README.md
@@ -10,7 +10,7 @@ edge-routers deb package.
 
 ## Build
 
-[To build zfw from source. Click here!](./BUILD.md)
+[To build / install zfw from source. Click here!](./BUILD.md)
 
 ## Ziti-Edge-Tunnel Deployment 
 
@@ -21,19 +21,25 @@ have ziti-edge-tunnel installed and an operational OpenZiti network built, follo
 
 
 - Install
+  ubuntu 22.04 only (binary deb package)
 ```
 sudo dpkg -i zfw-tunnel_<ver>_<arch>.deb
 ```
+Install from source ubuntu 22.04+ / Debian 12
+[build / install zfw from source](./BUILD.md)
 
 ## Ziti-Router Deployment
 
 The program is designed to integrated into an existing Openziti ziti-router installation if ziti router has been deployed via ziti_auto_enroll
  [instructions](https://docs.openziti.io/docs/guides/Local_Gateway/EdgeRouter). 
 
 - Install
+  ubuntu 22.04 only (binary deb package)
 ```
 sudo dpkg -i zfw-router_<ver>_<arch>.deb
 ```
+Install from source ubuntu 22.04+ / Debian 12
+[build / install zfw from source](./BUILD.md)
 
 **The following instructions pertain to both zfw-tunnel and zfw-router. Platform specific functions will be noted explicitly**
 

diff --git a/files/scripts/start_ebpf_router.py b/files/scripts/start_ebpf_router.py
@@ -420,10 +420,7 @@ def set_local_rules(resolver):
         os.system("sed -i 's/ExecStartPre\=\-\/opt\/netfoundry\/ebpf\/objects\/etables \-F \-r/#ExecStartPre\=-\/opt\/netfoundry\/ebpf\/objects\/etables \-F \-r/g' /etc/systemd/system/ziti-router.service")
         os.system("sed -i 's/ExecStartPre\=\-\/opt\/netfoundry\/ebpf\/scripts\/tproxy_splicer_startup.sh/#ExecStartPre\=\-\/opt\/netfoundry\/ebpf\/scripts\/tproxy_splicer_startup.sh/g' /etc/systemd/system/ziti-router.service")
         test1 = 1
-        if(netfoundry):
-            test1 = os.system("sed -i '/ExecStart=\/opt\/netfoundry\/ziti\/ziti-router\/ziti router run \/opt\/netfoundry\/ziti\/ziti-router\/config.yml/i ExecStartPre\=\-\/opt\/openziti\/bin\/start_ebpf_router.py' /etc/systemd/system/ziti-router.service")
-        else:
-            test1 = os.system("sed -i '/ExecStart=\/opt\/openziti\/ziti-router\/ziti router run \/opt\/openziti\/ziti-router\/config.yml/i ExecStartPre\=\-\/opt\/openziti\/bin\/start_ebpf_router.py' /etc/systemd/system/ziti-router.service")
+        test1 = os.system("sed -i '/ExecStart=/i ExecStartPre\=\-\/opt\/openziti\/bin\/start_ebpf_router.py' /etc/systemd/system/ziti-router.service")
         if(not test1):
             test1 = os.system("systemctl daemon-reload")
             if(not test1):

diff --git a/src/Makefile b/src/Makefile
@@ -0,0 +1,36 @@
+SHELL=/bin/bash
+IDIR = /usr/include/aarch64-linux-gnu/
+CFLAGS=-I$(IDIR)
+CC=clang
+uname_m := $(shell uname -m)
+all: zfw zfw_tc_ingress.o zfw_tc_ingress.o zfw_xdp_tun_ingress.o zfw_tc_outbound_track.o zfw_tunnwrapper
+zfw: zfw.c
+ifeq    ($(uname_m),aarch64)
+	$(CC) -D BPF_MAX_ENTRIES=100000 -O1 -lbpf -o zfw  zfw.c $(CFLAGS)
+else
+	$(CC) -D BPF_MAX_ENTRIES=100000 -O1 -lbpf -o zfw  zfw.c
+endif
+zfw_tc_ingress.o: zfw_tc_ingress.c
+ifeq    ($(uname_m),aarch64)
+	$(CC) -D BPF_MAX_ENTRIES=100000 -g -O2 -Wall -Wextra -target bpf -c zfw_tc_ingress.c -o zfw_tc_ingress.o $(CFLAGS)
+else
+	$(CC) -D BPF_MAX_ENTRIES=100000 -g -O2 -Wall -Wextra -target bpf -c zfw_tc_ingress.c -o zfw_tc_ingress.o
+endif
+zfw_xdp_tun_ingress.o: zfw_xdp_tun_ingress.c
+ifeq    ($(uname_m),aarch64)
+	$(CC) -O2 -g -Wall -target bpf -c zfw_xdp_tun_ingress.c -o zfw_xdp_tun_ingress.o $(CFLAGS)
+else
+	$(CC) -O2 -g -Wall -target bpf -c zfw_xdp_tun_ingress.c -o zfw_xdp_tun_ingress.o
+endif
+zfw_tc_outbound_track.o: zfw_tc_outbound_track.c
+ifeq    ($(uname_m),aarch64)
+	$(CC) -g -O2 -Wall -Wextra -target bpf -c -o zfw_tc_outbound_track.o zfw_tc_outbound_track.c $(CFLAGS)
+else
+	$(CC) -g -O2 -Wall -Wextra -target bpf -c -o zfw_tc_outbound_track.o zfw_tc_outbound_track.c
+endif
+zfw_tunnwrapper: zfw_tunnel_wrapper.c
+	$(CC) -o zfw_tunnwrapper zfw_tunnel_wrapper.c -l json-c
+clean:
+	rm -fr zfw zfw_tc_ingress.o zfw_tunnwrapper zfw_tc_ingress.o zfw_xdp_tun_ingress.o zfw_tc_outbound_track.o
+install:
+	./install.sh $(ARGS)
diff --git a/src/install.sh b/src/install.sh
@@ -0,0 +1,68 @@
+#!/bin/bash
+if [ $# -lt 1 ]; then
+   echo ""
+   echo "Usage:"
+   echo "     $0 <router|tunnel>"
+   exit
+fi
+if [ $1 == "router" ]
+then
+   if [ ! -d "/opt/openziti/bin" ]
+   then
+       mkdir -p /opt/openziti/bin/user
+   fi
+   if [ ! -d "/opt/openziti/etc" ]
+   then
+       mkdir -p /opt/openziti/etc
+   fi
+   cp -p zfw /opt/openziti/bin
+   cp -p zfw_tc_ingress.o /opt/openziti/bin
+   cp -p zfw_tc_outbound_track.o /opt/openziti/bin
+   cp -p ../files/scripts/start_ebpf_router.py /opt/openziti/bin
+   cp -p ../files/scripts/revert_ebpf_router.py /opt/openziti/bin
+   cp -p ../files/scripts/revert_ebpf_router.py /opt/openziti/bin
+   cp -p ../files/scripts/user_rules.sh.sample /opt/openziti/bin/user
+   cp -p ../files/json/ebpf_config.json.sample /opt/openziti/etc
+   chmod 744 /opt/openziti/bin/start_ebpf_router.py
+   chmod 744 /opt/openziti/bin/revert_ebpf_router.py
+   chmod 744 /opt/openziti/bin/user/user_rules.sh.sample
+   chmod 744 /opt/openziti/bin/zfw
+   if [ ! -L "/usr/sbin/zfw" ]
+      then
+          ln -s /opt/openziti/bin/zfw /usr/sbin/zfw
+   fi
+elif [ $1 == "tunnel" ]
+then
+   if [ -d "/opt/openziti/bin" ] && [ -d "/opt/openziti/etc" ]
+   then
+      if [ ! -d "/opt/openziti/bin/user" ]
+      then
+         mkdir -p /opt/openziti/bin/user
+      fi
+      cp -p zfw /opt/openziti/bin
+      cp -p zfw_tc_ingress.o /opt/openziti/bin
+      cp -p zfw_tc_outbound_track.o /opt/openziti/bin
+      cp -p zfw_xdp_tun_ingress.o /opt/openziti/bin
+      cp -p  zfw_tunnwrapper /opt/openziti/bin
+      cp -p ../files/scripts/start_ebpf_tunnel.py /opt/openziti/bin
+      cp -p ../files/scripts/set_xdp_redirect.py /opt/openziti/bin
+      cp -p ../files/scripts/user_rules.sh.sample /opt/openziti/bin/user
+      cp -p ../files/json/ebpf_config.json.sample /opt/openziti/etc
+      cp -p ../files/services/ziti-wrapper.service /etc/systemd/system
+      cp -p ../files/services/ziti-fw-init.service /etc/systemd/system
+      chmod 744 /opt/openziti/bin/start_ebpf_tunnel.py
+      chmod 744 /opt/openziti/bin/set_xdp_redirect.py
+      chmod 744 /opt/openziti/bin/user/user_rules.sh.sample
+      chmod 744 /opt/openziti/bin/zfw_tunnwrapper
+      chmod 744 /opt/openziti/bin/zfw
+
+      if [ ! -L "/usr/sbin/zfw" ]
+      then
+          ln -s /opt/openziti/bin/zfw /usr/sbin/zfw
+      fi
+   else
+      echo "ziti-edge-tunnel not installed!"
+      exit 1
+   fi
+fi
+exit 0
diff --git a/src/zfw.c b/src/zfw.c
@@ -147,7 +147,7 @@ char *monitor_interface;
 char *tc_interface;
 char *object_file;
 char *direction_string;
-const char *argp_program_version = "0.4.3";
+const char *argp_program_version = "0.4.4";
 struct ring_buffer *ring_buffer;
 
 __u8 if_list[MAX_IF_LIST_ENTRIES];