[NetBSD logo]    &    [Google logo]

NetBSD-SoC: A tool to dump / restore pf state table

What is it?

Pf is a quite famous stateful firewall, first developed for OpenBSD, and then integrated in both FreeBSD and NetBSD. Pf has a large number of features but still missing some features existing in other BSD firewall. One of the missing feature is the possibility to dump the content of state table, store it, and restore it after for example a reboot (for maintenance issue, for example). The idea of this GSoC is to provide such a tool for pf, first for the NetBSD Project, but I hope it will be integrated in other BSD system.

Status

Deliverables

Exact details need to be discussed with at least, pf mainteners. There is two different parts :

The subject of the GSoC is really close of pfsync. If I get some time at end of the GSoC, I will finish the integration of pfsync in NetBSD.

How to get it ?

As said previously, there are two different parts : You need to apply the patch and compile a new kernel (with pf at least). The tool can be compiled separatly, with bmake. Pfs tool come with a man page, or you can retrieve the documentation here . If you get any issues, please send me a mail, with if possible the attached ascii dump.

Documentation

To be described when the first prototypes are available.

Technical Details

The handling of pf state and proposal to lock state is done here .

NetBSD reference (code and manpage)

Pf source is available in NetBSD tree in src/sys/dist/pf/net. Documentation is available in pf(4). Unfortunately, there is no documentation of pf internal kernel.

Pfctl source is available in NetBSD tree in src/dist/pf/sbin/pfctl. Documentation is available in pfctl(8).

During the project, we will need to use the ioctl interface (ioctl(9)) for the communication between kernel and userland. We may use proplib to exchange data / store data (proplib(3)). Other option is to use the pfsync internal data (no man page, the structure can be found in src/sys/dist/pf/net/pfvar.h).


Get NetBSD Summer of Code projects at SourceForge.net. Fast, secure and Free Open Source software downloads
Arnaud Degroote <degroote@NetBSD.org>
$Id: index.html,v 1.4 2009/07/20 18:46:11 zul_ Exp $