Added port 80 ddos check in normal path #103
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: release | |
on: [push] | |
env: | |
APP_NAME: 'zfw' | |
MAINTAINER: 'Robert Caamano' | |
DESC: 'An ebpf based statefull fw for openziti edge-routers and tunnelers' | |
jobs: | |
build_amd64_release: | |
runs-on: ubuntu-22.04 | |
outputs: | |
version: ${{ steps.version.outputs.version }} | |
strategy: | |
matrix: | |
goos: [linux] | |
ziti_type: [tunnel, router] | |
goarch: [amd64] | |
steps: | |
- name: Check out code | |
uses: actions/checkout@v3 | |
- name: Install EBPF Packages | |
run: | | |
sudo apt-get update -qq | |
sudo apt-get upgrade -yqq | |
sudo apt-get install -y jq gcc clang libc6-dev-i386 libbpfcc-dev libbpf-dev libjson-c-dev | |
- name: Compile Object file from Source | |
run: | | |
clang -D BPF_MAX_ENTRIES=100000 -g -O2 -Wall -Wextra -target bpf -c -o files/bin/zfw_tc_ingress.o src/zfw_tc_ingress.c | |
clang -g -O2 -Wall -Wextra -target bpf -c -o files/bin/zfw_xdp_tun_ingress.o src/zfw_xdp_tun_ingress.c | |
clang -g -O2 -Wall -Wextra -target bpf -c -o files/bin/zfw_tc_outbound_track.o src/zfw_tc_outbound_track.c | |
clang -D BPF_MAX_ENTRIES=100000 -O2 -lbpf -Wall -Wextra -o files/bin/zfw src/zfw.c | |
gcc -o files/bin/zfw_tunnwrapper src/zfw_tunnel_wrapper.c -l json-c | |
- name: Get version | |
run: echo "version=`files/bin/zfw -V`" >> $GITHUB_OUTPUT | |
id: version | |
- name: Deb directory | |
run: echo "deb_dir=${{ env.APP_NAME }}-${{ matrix.ziti_type }}_${{ steps.version.outputs.version }}_${{ matrix.goarch }}" >> $GITHUB_OUTPUT | |
id: deb_dir | |
- name: Deb Object File | |
run: | | |
mkdir -p ${{ steps.deb_dir.outputs.deb_dir }}/DEBIAN | |
touch ${{ steps.deb_dir.outputs.deb_dir }}/DEBIAN/control | |
echo Package: ${{ env.APP_NAME }}-${{ matrix.ziti_type }} >> ${{ steps.deb_dir.outputs.deb_dir }}/DEBIAN/control | |
echo Version: ${{ steps.version.outputs.version }} >> ${{ steps.deb_dir.outputs.deb_dir }}/DEBIAN/control | |
echo Architecture: ${{ matrix.goarch }} >> ${{ steps.deb_dir.outputs.deb_dir }}/DEBIAN/control | |
echo Maintainer: ${{ env.MAINTAINER }} >> ${{ steps.deb_dir.outputs.deb_dir }}/DEBIAN/control | |
echo Description: ${{ env.DESC }} >> ${{ steps.deb_dir.outputs.deb_dir }}/DEBIAN/control | |
mkdir -p ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/user | |
mkdir -p ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/etc | |
mkdir -p ${{ steps.deb_dir.outputs.deb_dir }}/etc/systemd/system | |
mkdir -p ${{ steps.deb_dir.outputs.deb_dir }}/usr/sbin | |
mkdir -p ${{ steps.deb_dir.outputs.deb_dir }}/etc/logrotate.d | |
cp -p files/bin/zfw_tc_ingress.o ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/ | |
cp -p files/bin/zfw_tc_outbound_track.o ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/ | |
cp -p files/bin/zfw ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/ | |
cp -p files/scripts/start_ebpf_${{ matrix.ziti_type }}.py ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/ | |
cp -p files/scripts/user_rules.sh.sample ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/user/ | |
cp -p files/scripts/zfwlogs ${{ steps.deb_dir.outputs.deb_dir }}/etc/logrotate.d/ | |
cp -p files/json/ebpf_config.json.sample ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/etc/ | |
cp -p files/services/zfw-logging.service ${{ steps.deb_dir.outputs.deb_dir }}/etc/systemd/system/ | |
chmod 744 ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/zfw | |
chmod 744 ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/start_ebpf_${{ matrix.ziti_type }}.py | |
chmod 744 ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/user/user_rules.sh.sample | |
ln -s /opt/openziti/bin/zfw ${{ steps.deb_dir.outputs.deb_dir }}/usr/sbin/zfw | |
- name: Set Deb Predepends | |
if: ${{ matrix.ziti_type == 'tunnel' }} | |
run: | | |
echo 'Pre-Depends: ziti-edge-tunnel (>= 0.22.5)' >> ${{ steps.deb_dir.outputs.deb_dir }}/DEBIAN/control | |
cp -p files/services/ziti-fw-init.service ${{ steps.deb_dir.outputs.deb_dir }}/etc/systemd/system/ | |
cp -p files/services/ziti-wrapper.service ${{ steps.deb_dir.outputs.deb_dir }}/etc/systemd/system/ | |
cp -p files/bin/zfw_tunnwrapper ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/ | |
cp -p files/scripts/set_xdp_redirect.py ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/ | |
cp -p files/bin/zfw_xdp_tun_ingress.o ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/ | |
chmod 744 ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/zfw_tunnwrapper | |
chmod 744 ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/set_xdp_redirect.py | |
- name: Standalone FW service and router revert | |
if: ${{ matrix.ziti_type == 'router' }} | |
run: | | |
cp -p files/services/fw-init.service ${{ steps.deb_dir.outputs.deb_dir }}/etc/systemd/system/ | |
cp -p files/scripts/revert_ebpf_router.py ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/ | |
cp -p files/scripts/start_ebpf_controller.py ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/ | |
cp -p files/scripts/revert_ebpf_controller.py ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/ | |
chmod 744 ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/revert_ebpf_router.py | |
chmod 744 ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/start_ebpf_controller.py | |
chmod 744 ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/revert_ebpf_controller.py | |
- name: Build Deb package | |
run: | | |
dpkg-deb --build -Z gzip --root-owner-group ${{ steps.deb_dir.outputs.deb_dir }} | |
- uses: actions/upload-artifact@v3 | |
with: | |
name: artifact-${{ matrix.ziti_type }}-amd64-deb | |
path: | | |
./*.deb | |
build_arm64_release: | |
runs-on: [self-hosted, linux, ARM64] | |
outputs: | |
version: ${{ steps.version.outputs.version }} | |
strategy: | |
matrix: | |
goos: [linux] | |
ziti_type: [tunnel, router] | |
goarch: [arm64] | |
steps: | |
- name: Check out code | |
uses: actions/checkout@v3 | |
- name: Install EBPF Packages | |
run: | | |
sudo apt-get update -qq | |
sudo apt-get upgrade -yqq | |
sudo apt-get install -y jq gcc clang libbpfcc-dev libbpf-dev libjson-c-dev | |
sudo apt-get install -y linux-headers-$(uname -r) | |
- name: Compile Object file from Source | |
run: | | |
clang -D BPF_MAX_ENTRIES=100000 -g -O2 -Wall -I /usr/include/aarch64-linux-gnu/ -Wextra -target bpf -c -o files/bin/zfw_tc_ingress.o src/zfw_tc_ingress.c | |
clang -g -O2 -Wall -I /usr/include/aarch64-linux-gnu/ -Wextra -target bpf -c -o files/bin/zfw_xdp_tun_ingress.o src/zfw_xdp_tun_ingress.c | |
clang -g -O2 -Wall -I /usr/include/aarch64-linux-gnu/-Wextra -target bpf -c -o files/bin/zfw_tc_outbound_track.o src/zfw_tc_outbound_track.c | |
clang -D BPF_MAX_ENTRIES=100000 -O2 -lbpf -Wall -I /usr/include/aarch64-linux-gnu/ -Wextra -o files/bin/zfw src/zfw.c | |
gcc -o files/bin/zfw_tunnwrapper src/zfw_tunnel_wrapper.c -l json-c | |
- name: Get version | |
run: echo "version=`files/bin/zfw -V`" >> $GITHUB_OUTPUT | |
id: version | |
- name: Deb directory | |
run: echo "deb_dir=${{ env.APP_NAME }}-${{ matrix.ziti_type }}_${{ steps.version.outputs.version }}_${{ matrix.goarch }}" >> $GITHUB_OUTPUT | |
id: deb_dir | |
- name: Deb artifact directory setup | |
run: | | |
mkdir -p ${{ steps.deb_dir.outputs.deb_dir }}/DEBIAN | |
touch ${{ steps.deb_dir.outputs.deb_dir }}/DEBIAN/control | |
echo Package: ${{ env.APP_NAME }}-${{ matrix.ziti_type }} >> ${{ steps.deb_dir.outputs.deb_dir }}/DEBIAN/control | |
echo Version: ${{ steps.version.outputs.version }} >> ${{ steps.deb_dir.outputs.deb_dir }}/DEBIAN/control | |
echo Architecture: ${{ matrix.goarch }} >> ${{ steps.deb_dir.outputs.deb_dir }}/DEBIAN/control | |
echo Maintainer: ${{ env.MAINTAINER }} >> ${{ steps.deb_dir.outputs.deb_dir }}/DEBIAN/control | |
echo Description: ${{ env.DESC }} >> ${{ steps.deb_dir.outputs.deb_dir }}/DEBIAN/control | |
mkdir -p ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/user | |
mkdir -p ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/etc | |
mkdir -p ${{ steps.deb_dir.outputs.deb_dir }}/etc/systemd/system | |
mkdir -p ${{ steps.deb_dir.outputs.deb_dir }}/usr/sbin | |
mkdir -p ${{ steps.deb_dir.outputs.deb_dir }}/etc/logrotate.d | |
cp -p files/bin/zfw_tc_ingress.o ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/ | |
cp -p files/bin/zfw_tc_outbound_track.o ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/ | |
cp -p files/bin/zfw ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/ | |
cp -p files/scripts/start_ebpf_${{ matrix.ziti_type }}.py ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/ | |
cp -p files/scripts/user_rules.sh.sample ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/user/ | |
cp -p files/scripts/zfwlogs ${{ steps.deb_dir.outputs.deb_dir }}/etc/logrotate.d/ | |
cp -p files/json/ebpf_config.json.sample ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/etc/ | |
cp -p files/services/zfw-logging.service ${{ steps.deb_dir.outputs.deb_dir }}/etc/systemd/system/ | |
chmod 744 ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/zfw | |
chmod 744 ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/start_ebpf_${{ matrix.ziti_type }}.py | |
chmod 744 ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/user/user_rules.sh.sample | |
ln -s /opt/openziti/bin/zfw ${{ steps.deb_dir.outputs.deb_dir }}/usr/sbin/zfw | |
- name: Set Deb Predepends | |
if: ${{ matrix.ziti_type == 'tunnel' }} | |
run: | | |
echo 'Pre-Depends: ziti-edge-tunnel (>= 0.22.5)' >> ${{ steps.deb_dir.outputs.deb_dir }}/DEBIAN/control | |
cp -p files/services/ziti-fw-init.service ${{ steps.deb_dir.outputs.deb_dir }}/etc/systemd/system/ | |
cp -p files/services/ziti-wrapper.service ${{ steps.deb_dir.outputs.deb_dir }}/etc/systemd/system/ | |
cp -p files/bin/zfw_tunnwrapper ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/ | |
cp -p files/scripts/set_xdp_redirect.py ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/ | |
cp -p files/bin/zfw_xdp_tun_ingress.o ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/ | |
chmod 744 ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/zfw_tunnwrapper | |
chmod 744 ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/set_xdp_redirect.py | |
- name: Standalone FW service and router revert | |
if: ${{ matrix.ziti_type == 'router' }} | |
run: | | |
cp -p files/services/fw-init.service ${{ steps.deb_dir.outputs.deb_dir }}/etc/systemd/system/ | |
cp -p files/scripts/revert_ebpf_router.py ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/ | |
cp -p files/scripts/start_ebpf_controller.py ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/ | |
cp -p files/scripts/revert_ebpf_controller.py ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/ | |
chmod 744 ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/revert_ebpf_router.py | |
chmod 744 ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/start_ebpf_controller.py | |
chmod 744 ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/revert_ebpf_controller.py | |
- name: Build Deb package | |
run: | | |
dpkg-deb --build -Z gzip --root-owner-group ${{ steps.deb_dir.outputs.deb_dir }} | |
- uses: actions/upload-artifact@v3 | |
with: | |
name: artifact-${{ matrix.ziti_type }}-arm64-deb | |
path: | | |
./*.deb |