-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
doc: add readme and github release workflow
Signed-off-by: Florian Bauer <[email protected]>
- Loading branch information
Showing
2 changed files
with
78 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,30 @@ | ||
| name: goreleaser | ||
|
|
||
| on: | ||
| pull_request: | ||
| push: | ||
|
|
||
| permissions: | ||
| contents: write | ||
|
|
||
| jobs: | ||
| goreleaser: | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - | ||
| name: Checkout | ||
| uses: actions/checkout@v4 | ||
| with: | ||
| fetch-depth: 0 | ||
| - | ||
| name: Set up Go | ||
| uses: actions/setup-go@v5 | ||
| - | ||
| name: Run GoReleaser | ||
| uses: goreleaser/goreleaser-action@v6 | ||
| with: | ||
| distribution: goreleaser | ||
| version: 'latest' | ||
| args: release --clean | ||
| env: | ||
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,48 @@ | ||
| # bird-flowspec-daemon | ||
|
|
||
| This is a daemon that connects to the Bird (version 2 required) routing daemon and regularly applies the flowspec rules to the host. | ||
| Currently, the following actions are supported (see https://datatracker.ietf.org/doc/html/rfc8955#traffic_extended_communities for more information): | ||
| - `traffic-rate-bytes` | ||
| - `traffic-rate-packets` | ||
|
|
||
| ### Requirements | ||
| - Bird 2 or newer | ||
| - Nftables (see installation instructions for further information) | ||
|
|
||
| ### Installation | ||
| This project requires the following structure in nftables: | ||
| ```shell | ||
| #!/usr/sbin/nft -f | ||
|
|
||
| table inet filter { | ||
| chain flowspec {} # Flowspec rules will be managed in here | ||
| chain input { | ||
| type filter hook input priority filter; policy accept; | ||
| } | ||
| chain forward { | ||
| type filter hook forward priority filter; policy accept; | ||
| jump flowspec # Jump to the flowspec chain to apply the rules | ||
| } | ||
| chain output { | ||
| type filter hook output priority filter; policy accept; | ||
| } | ||
| } | ||
| ``` | ||
| The flowspec rules will be inserted into the `flowspec` chain. A jump / goto to this chain is required in order to apply the rules. | ||
|
|
||
| ### Configuration | ||
| Configuration can be done via command line arguments or environment variables. | ||
| This repository contains an example systemd service file that can be used to start the daemon. | ||
|
|
||
| The following options are available: | ||
| ``` | ||
| Flags: | ||
| -h, --[no-]help Show context-sensitive help (also try --help-long and --help-man). | ||
| -d, --[no-]debug Enable debug mode | ||
| --bird-socket=/run/bird/bird.ctl | ||
| Path to BIRD socket ($BIRD_SOCKET_PATH) | ||
| --metrics.listen-address="127.0.0.1:9302" | ||
| Address to listen on for metrics | ||
| --interval=10s Interval to check for new routes ($CHECK_INTERVAL) | ||
| --[no-]enable-counter Enable counter in nftables rules ($ENABLE_COUNTER) | ||
| ``` |