diff --git a/CHANGELOG.md b/CHANGELOG.md index 1ae79a0..87a77bf 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,14 @@ All notable changes to this project will be documented in this file. The format --- ### +# [0.9.2] - 2024-10-01 + +- adding environmental path option for the ```sudo zfw -H, --init-tc ```. if ZFW_OBJECT_PATH= is populated then this command will + follow otherwise it will follow the default path ```/opt/openziti/bin```. +- Fixed help menu formatting issue. + +### + # [0.9.1] - 2024-10-01 - Added code to test if masquerade dst ip and src_port/dst_port/protocol combination is free before allocating new random diff --git a/src/zfw.c b/src/zfw.c index e76a3bf..a308c3a 100644 --- a/src/zfw.c +++ b/src/zfw.c @@ -40,6 +40,7 @@ #include #include #include +#include #ifndef BPF_MAX_ENTRIES #define BPF_MAX_ENTRIES 100 // MAX # PREFIXES @@ -261,7 +262,7 @@ char *direction_string; char *masq_interface; char check_alt[IF_NAMESIZE]; -const char *argp_program_version = "0.9.1"; +const char *argp_program_version = "0.9.2"; struct ring_buffer *ring_buffer; __u32 if_list[MAX_IF_LIST_ENTRIES]; @@ -6309,9 +6310,9 @@ static struct argp_option options[] = { {"delete", 'D', NULL, 0, "Delete map rule", 0}, {"list-diag", 'E', NULL, 0, "", 0}, {"flush", 'F', NULL, 0, "Flush all map rules", 0}, - {"list-gc-sessions", 'G', NULL, 0, "", 0}, + {"list-gc-sessions", 'G', NULL, 0, "List masquerade sessions ", 0}, {"insert", 'I', NULL, 0, "Insert map rule", 0}, - {"init-tc", 'H', "", 0, "sets ingress and egress tc filters for ", 0}, + {"init-tc", 'H', "", 0, "sets ingress and egress tc filters for ", 0}, {"bind-saddr-delete", 'J', "", 0, "Unbind loopback route with scope host", 0}, {"list", 'L', NULL, 0, "List map rules", 0}, {"monitor", 'M', "", 0, "Monitor ebpf events for interface", 0}, @@ -6325,7 +6326,7 @@ static struct argp_option options[] = { {"write-log", 'W', "", 0, "Write to monitor output to /var/log/ ", 0}, {"set-tc-filter", 'X', "", 0, "Add/remove TC filter to/from interface", 0}, {"list-ddos-saddr", 'Y', NULL, 0, "List source IP Addresses currently in DDOS IP whitelist", 0}, - {"init-xdp", 'Z', "", 0, "sets ingress xdp for (used for setting xdp on zet tun interface) ", 0}, + {"init-xdp", 'Z', "", 0, "sets ingress xdp for (used for setting xdp on zet tun interface)", 0}, {"ddos-filtering", 'a', "", 0, "Manually enable/disable ddos filtering on interface", 0}, {"outbound-filtering", 'b', "", 0, "Manually enable/disable ddos filtering on interface", 0}, {"ipv6-enable", '6', "", 0, "Enable/disable IPv6 packet processing on interface", 0}, @@ -7040,12 +7041,24 @@ static error_t parse_opt(int key, char *arg, struct argp_state *state) void zfw_init_tc(){ tcfilter = true; - object_file = "/opt/openziti/bin/zfw_tc_ingress.o"; + char objpath[PATH_MAX]; + char *object_path = getenv("ZFW_OBJECT_PATH"); + if(object_path && strlen(object_path)){ + sprintf(objpath,"%s/%s", object_path, "zfw_tc_ingress.o"); + object_file = objpath; + }else{ + object_file = "/opt/openziti/bin/zfw_tc_ingress.o"; + } ingress = true; direction_string = "ingress"; interface_tc(); ingress = false; - object_file = "/opt/openziti/bin/zfw_tc_outbound_track.o"; + if(object_path && strlen(object_path)){ + sprintf(objpath,"%s/%s", object_path, "zfw_tc_outbound_track.o"); + object_file = objpath; + }else{ + object_file = "/opt/openziti/bin/zfw_tc_outbound_track.o"; + } egress = true; direction_string = "egress"; interface_tc(); diff --git a/src/zfw_monitor.c b/src/zfw_monitor.c index 2684a07..81299b6 100644 --- a/src/zfw_monitor.c +++ b/src/zfw_monitor.c @@ -87,7 +87,7 @@ char check_alt[IF_NAMESIZE]; char doc[] = "zfw_monitor -- ebpf firewall monitor tool"; const char *rb_map_path = "/sys/fs/bpf/tc/globals/rb_map"; const char *tproxy_map_path = "/sys/fs/bpf/tc/globals/zt_tproxy_map"; -const char *argp_program_version = "0.9.1"; +const char *argp_program_version = "0.9.2"; union bpf_attr rb_map; int rb_fd = -1;