Add FreeBSD PF Firewall to libbsd

Christian Mauderer christian.mauderer at embedded-brains.de
Tue Aug 2 11:27:24 UTC 2016 

Hello,

I've been working on a port of the FreeBSD firewall PF to libbsd. The
first results are available in the libbsd HEAD (commits b5db3321b5b22 to
f1941b2b828e).

The patch set introduced the following new features:

- A basic support for the FreeBSD cdev subsystem. This subsystem uses
devfs which I implementation based on the RTEMS IMFS.

- The PF modules can now be linked by using the SYSINIT_NEED_FIREWALL_PF
and SYSINIT_NEED_FIREWALL_PFLOG configuration macros.

- I ported the control tool for the firewall (pfctl) to libbsd.

- I added a chapter on how to use PF to libbsd.txt. An example can be
found in the pf01 test.

- The method that I used for the pfctl port slightly improves the
approach that is currently used for most other user space tools. A basic
guide how to port a tool using the new method can be found in the
libbsd.txt in the chapter "Porting of user space utilities".

Basically I made two changes to the current approach:

1. I used a new method to handle the global variables. Basically they
are put into a linker section that is saved before the program call and
restored afterwards.

2. Beneath that I added some wrappers to calls like open / close or
malloc / free. These wrappers create a list of opened files and
allocated resources. After the program main function has finished, the
resources are closed / freed.

Please note: The method described in 1. makes it necessary to pull
function static variables out of their functions. This works but is not
really an optimal solution. The FreeBSD people are not really happy with
this kind of patches. Currently I'm trying to evaluate an alternative
solution (manipulating the object files to put the variables into a
section) in this thread:

https://lists.rtems.org/pipermail/devel/2016-August/015749.html

Kind regards

Christian Mauderer
-- 
--------------------------------------------
embedded brains GmbH
Christian Mauderer
Dornierstr. 4
D-82178 Puchheim
Germany
email: christian.mauderer at embedded-brains.de
Phone: +49-89-18 94 741 - 18
Fax:   +49-89-18 94 741 - 08
PGP: Public key available on request.

Diese Nachricht ist keine geschäftliche Mitteilung im Sinne des EHUG.

More information about the devel mailing list