gamemann / XDP-Firewall

A firewall that utilizes the Linux kernel's XDP hook. The XDP hook allows for very fast network processing on Linux systems. This is great for dropping malicious traffic from a (D)DoS attack. IPv6 is supported with this firewall! I hope this helps network engineers/programmers interested in utilizing XDP!
https://deaconn.net/
MIT License
556 stars 91 forks source link

Build issues #30

Closed craig closed 1 year ago

craig commented 1 year ago

Hi Christian,

I'm trying to build the repo on debian 11 / Kernel 5.10.0-19-amd64 like this:

git clone https://github.com/gamemann/XDP-Firewall.git
cd XDP-Firewall
apt install clang libconfig++-dev
git clone https://github.com/libbpf/libbpf
cd libbpf/src
make
cd ../../

Unfortunately, I'm hitting a build error:

# make
mkdir -p build/
clang -O2 -c -o build/config.o src/config.c
clang -O2 -c -o build/cmdline.o src/cmdline.c
make -C libbpf/src
make[1]: Entering directory '/root/XDP-Firewall/libbpf/src'
make[1]: Leaving directory '/root/XDP-Firewall/libbpf/src'
mkdir -p build/
clang -lconfig -lelf -lz -I libbpf/src -o build/xdpfw libbpf/src/staticobjs/bpf_prog_linfo.o libbpf/src/staticobjs/bpf.o libbpf/src/staticobjs/btf_dump.o libbpf/src/staticobjs/btf.o libbpf/src/staticobjs/hashmap.o libbpf/src/staticobjs/libbpf_errno.o libbpf/src/staticobjs/libbpf_probes.o libbpf/src/staticobjs/libbpf.o libbpf/src/staticobjs/netlink.o libbpf/src/staticobjs/nlattr.o libbpf/src/staticobjs/str_error.o  libbpf/src/staticobjs/xsk.o build/config.o build/cmdline.o src/xdpfw.c
clang: error: no such file or directory: 'libbpf/src/staticobjs/xsk.o'
make: *** [Makefile:33: xdpfw] Error 1

Any hints on this? Could you share how you're building?

gamemann commented 1 year ago

Hey!

It appears you're using a newer version of LibBPF that breaks the build process. I'll have to look into this further, but for now I'd recommend going back to LibBPF 7fc4d50 by either doing cd libbpf && git checkout 7fc4d50 or re-cloning the repository (or deleting the libbpf clone) and performing git submodule update --init which should automatically checkout the commit that works with the firewall.

You may also use the following to clone the repository and its submodules (e.g. LibBPF using the correct commit).

git clone --recursive https://github.com/gamemann/XDP-Firewall

I'm going to keep this issue open since I want to get the tool working with the latest version of LibBPF or the newer XDP loader (libxdp) in the future once I have the time. The last time I used libxdp, it was pretty unorganized, but that was months ago. So it has probably changed since.

craig commented 1 year ago

Thanks for the hint! Yea, it would be great if newest libxdp worked of course. I'm pretty happy this runs on stock Debian 11, thank you for your work! :)

gamemann commented 1 year ago

No problem and thank you! I agree it's awesome things can work on vanilla Linux OS's for XDP compared to other network libraries such as the DPDK which usually require additional changes :smile:

jens4topsnet commented 1 year ago

Thanks for the hint! Yea, it would be great if newest libxdp worked of course. I'm pretty happy this runs on stock Debian 11, thank you for your work! :)

This workaround also works with Ubuntu 20 / 22. Thanks.

gamemann commented 1 year ago

I finally got around to implementing support for LibXDP today! You can read more about this here.

GitHub's workflow builds and runs everything successfully along with a vanilla Ubuntu 23.04 VM I tried it on today.

I am going to close this issue for now.