340 likes | 621 Vues
FreeBSD. Yasser Sobhdel DNSL Lab. Why FreeBSD?. FreeBSD is built in a modular manner. Access to source code. Aimed at stability not user desktops. Industrial strength TCP/IP stack. Very, very good track record for stability and security. Scales to very large sizes for services.
E N D
FreeBSD Yasser Sobhdel DNSL Lab
Why FreeBSD? • FreeBSD is built in a modular manner. • Access to source code. • Aimed at stability not user desktops. • Industrial strength TCP/IP stack. • Very, very good track record for stability and security. • Scales to very large sizes for services. • Superior file system. • Superior password store (hashed db for passwords). • Has a very rich collection of available software.
Why UNIX? Note that FreeBSD and “UNIX” are very similar systems. That is, if you use Solaris, any other “BSD”, etc. then understanding FreeBSD is of a great help. It's important to understand this idea: Linux != UNIX Linux and UNIX look very similar, but underlying design is different. Still, if you know Linux or UNIX well, then using the other should be conceptually easy.
Why UNIX cont.? Along with the strengths of FreeBSD, when you use UNIX you get (in general): • Basic services scale to huge numbers. • Incredibly stable (crashing is unusual). • Security model is modular and relatively easy to implement. • Extremely few memory leaks in core services. • Very mature multi-processor and multi-process subsystems at the kernel level. • Does not require a GUI to provide services. • Extremely interoperable as standards are followed.
Virtual Machine • Windows XP • Use Virtual PC or VMware server • Linux • Use VMware server or QEMU • Mac OSX • Try QEMU or Vmware fusion
FreeBSD Disk Organization If you come to disk partitioning from a Windows perspective you will find that UNIX (FreeBSD, Linux, Solaris, etc.) partitions data very effectively and easily. In FreeBSD a “slice” is what you may consider to a “partition” under Windows. • A very good install instruction • http://www.freebsd.org/doc/handbook/install.html
/etc/group Format is: wheel:*:0:root,hervey,test • Group name. 8 characters or less. • Encrypted password. Rarely used. “*” as placeholder. • Group Identifying number (GID). • List of group members seperated by commas. • User's login shell.
Topics • System Call • Kernel Loadable Modules
System Calls • Not a “normal” procedure call • Just like normal procedure but executes in privileged mode • It is a software trap “into” the kernel • Hardware interrupt • Hardware trap • Software trap
System Entry • Hardware interrupt • Asynchronous, might not relate to the context of the executing process • Hardware trap • Related to the current executing process, e.g., divided by zero • Software-initiated trap • Instructions, int
System Calls • Loaded in System entry vector • Think it as an array of function pointers • We add new system call through kernel loadable module
System Entry Vector fork() Trap : :
System Entry Vector fork() Trap Reserved for loadable system calls : : XYZ()
kldload fork() Trap XYZ() : :
Kernel Loadable Modules • LKM, a.k.a Loadable Kernel Module • # man kld • kldstat – status of dynamic kernel linker • kldload – load a file.ko into kernel • kldunload – unload a file.ko from kernel • you can find lots of freebsd kernel module in /boot/defaults/loader.conf
when LKM is loaded or unloaded, module event handler is called. this function handles all the runtime, when you load the module, unloading the module, shutdown the module. the prototype for the event handle will look like this (you can find these line in /usr/include/sys/module.h)
next, when LKM is loaded or unloaded, it must linked with the kernel. its easy step, just calling DECLARE_MODULEmacro. (you can find these in /usr/include/sys/module.h). the header will look like this :
to compile this code, create simple Makefile file located same directory with kld.c, Makefile contain these line just simply execute this comment make.
kldload ./hello_world.ko kldunload ./hello_world.ko This example is taken from http://cipitunk.wordpress.com/2008/01/11/ simple-loadable-kernel-module-lkm-in-freebsd/
Kernel Loadable Module • Common function prototype: • static int hello (struct proc *p, void *arg) • Instance of a sysent • Will hold basic info like # of parameters and actual function pointer • static structsysenthello_sysent = {0, hello}; • Save the location of System Entry Vector • static int offset = NO_SYSCALL;//Will be populated later
Kernel Loadable Module • Define load method • Used for initializing/freeing resource (analogous to C++ construct/destructor) • Decide action based on MOD_LOAD/MOD_UNLOAD • Assemble all the separate parts • SYSCALL_MODULE(hello, &offset, &hello_sysent, load, NULL);
Kernel Loadable Module Peculiarity • Can’t return value in traditional way • curthread->td_retval[0] = retVal; • You can’t take more than one parameter! • Use structure to wrap multiple parameter • static int multipleArg(struct proc *p, struct argStruct *uap) • uap->param1, uap->param2 etc. • Calling doesn’t require struct instantiation! • syscall(syscall_num, param1, param2, param3…);
Compiling Kernel Loadable Module • Save this in a makefile SRCS = helloworld.c KMOD = helloworld KO = ${KMOD}.ko KLDMOD = t .include <BSD.KMOD.MK> • Just type make! • You will get helloworld.ko
Using Kernel Loadable Module • Load your helloworld.ko • kldload ./helloworld.ko • Write a sample program • Find the desired system call using modstat and modfind • Call that by using syscall api • More • http://www.packetstormsecurity.org/papers/unix/bsdkern.htm