Install from Sources

Instructions below are describes compilation from sources on Ubuntu 22.04, which is the preferred build and execution environment for the moment. But with a bit of changes the instructions can be applied to other GNU/Linux distributions.

Build requirements

• 35-40 GB of free disk space.
• At least 2GB RAM.
• GNU Make 3.82 or higher with Flex and Bison.
• GCC and G++ compilers of versions 4.8 or higher (g++ package on Ubuntu)
• Boost library of version 1.53 or higher (libboost-all-dev package on Debian-based systems).
• OpenSSL development library
• bc
• fakeroot.

apt-get install make flex bison gcc g++ libboost-all-dev libssl-dev bc fakeroot dwarves libelf-dev

Compiling the patched Kernel

Install build dependencies

The easiest way to install all the build dependencies for the Linux kernel is to use information from sources repository.

Make sure that the line

deb-src http://ru.archive.ubuntu.com/ubuntu focal main restricted

is present in /etc/apt/sources.list or add it if it missing.

Then all the build dependencies can be simply installed with single command:

apt-get update
apt-get build-dep linux

Obtain kernel sources

For the build of 0.7 (current), get Linux kernel 5.10.35 with Tempesta-Tech patches:

git clone https://github.com/tempesta-tech/linux-5.10.35-tfw

Or apply the patch set to 5.10.35 kernel sources.

Configure Kernel

Before build Linux Kernel must be configured. Recommended way is to reuse current kernel's configuration with TempestaFw-specific changes.

Ensure that the kernel tree is absolutely clean:

cd <path-to-tempesta-patched-kernel>
make clean && make mrproper

Copy current kernel's configuration:

cp /boot/config-$(uname -r) .config

Comment the following lines in copied .config file in a text editor if set to "y" before proceed:

• CONFIG_SYSTEM_TRUSTED_KEYRING
• CONFIG_SYSTEM_TRUSTED_KEYS

Comment also the lines if you wish CONFIG_LSM option set with make olddefconfig automatically:

• all CONFIG_DEFAULT_SECURITY_* lines
• CONFIG_LSM line

Use default options:

make olddefconfig

Or update the configuration to suit the sources interactively, this will ask about the differences:

make oldconfig

Or

Use a text editor to manually set all that options to "y" in .config file:

• CONFIG_SLUB
• CONFIG_HUGETLB_PAGE
• CONFIG_SECURITY
• CONFIG_SECURITY_NETWORK
• CONFIG_SECURITY_TEMPESTA
• CONFIG_DEFAULT_SECURITY_TEMPESTA
• "tempesta" listed first in CONFIG_LSM, e.g.

CONFIG_LSM="tempesta,lockdown,yama,loadpin,safesetid,integrity,selinux,smack,tomoyo,apparmor,bpf"

For Linux kernel 5.10.35 and version 0.7 (current) the next config options should be set as well:

• CONFIG_SOCK_CGROUP_DATA (Needs CONFIG_NET, CONFIG_CGROUPS and CONFIG_CGROUP_NET_PRIO to be selected)

For integration of HTTP tables with iptables and nftables the next config options should be set as well (Tempesta works without these options):

• CONFIG_NF_TABLES_IPV4, CONFIG_NF_TABLES_IPV6 and CONFIG_NF_TABLES.

Compile and install Kernel

The recommended way is to compile the kernel and prepare packages to be installed via package manager:

make deb-pkg -j$(nproc)
dpkg -i ../linux-headers-* ../linux-image-*

Traditional way is to compile the kernel and manually install modules and kernel image:

make -j$(nproc)
make modules_install
make install

Compiling TempestaFW

Install build dependencies

Install build dependencies by calling the next command:

apt-get install build-essential libboost-dev libboost-program-options-dev

Obtain sources

Get TempestaFW from Github repository:

git clone https://github.com/tempesta-tech/tempesta
cd tempesta

Compile TempestaFW

TempestaFW is out-of-tree kernel module. It is recommended to reboot into Tempesta's patched kernel and install kernel headers before building the module. Simply run make to prepare the module:

make

It is also possible to build the module against target kernel sources directory:

make KERNEL=<path-to-kernel>