SlideShare a Scribd company logo
1 of 34
Download to read offline
FreeBSD and Drivers
Gili Yankovitch, Nyx Software Security Solutions
Key Points
● What is FreeBSD?
● FreeBSD Drivers: How to create, compile and run a driver.
● Char devices
● Network Hooking
○ L3
○ L2
● Interaction with the network stack
What is FreeBSD?
● “FreeBSD is a free UNIX-like operating system descended from Research
Unix via the Berkeley Software Distribution (BSD).” - Wikipedia
● The BSD Project was founded in 1976 by Bill Joy.
● Contained code written by AT&T (Who later sued people related to BSD)
● In 1993 the first FreeBSD distribution was released.
○ Two years AFTER the Linux Kernel was founded.
What is FreeBSD?
● https://www.freebsd.org/
● Unlike Linux, it comes with a lot of user mode tools
● Doesn’t come in many flavours (distributions)
● Supported architectures: amd64, i386, ia64, powerpc, powerpc64, sparc64,
mips, armv6, aarch64.
● Unfortunately, lacks a lot of features implemented in Linux.
○ Namespaces, Good L2 hooking (yay -_-) and more…
● It is very unfortunate but there is very little documentation on
FreeBSD on the internet. :(
○ This means that if you are stuck, you need to deal with it on your own.
■ True story.
How to get FreeBSD
● Download
○ https://www.freebsd.org/where.html
● Git:
○ https://github.com/freebsd
■ Yes they use GitHub.
● On a FreeBSD system, the sources are usually at:
○ /usr/src/sys/
Folder Structure
● In contrast to Linux, FreeBSD has a lot of folders in its root directory.
○ kern/ - Core kernel implementation.
○ libkern/ - Core kernel libraries (printf, uprintf, strcpy etc…).
○ fs/ - File systems implementation.
○ net/ netinet/ - Core net and Inet implementation.
○ sys/ - Include directory. Contains a lot of *.h files.
○ amd64/ arm/ mips/ … - Architecture specific sources.
○ modules/ dev/ - Drivers.
○ ...
First And Foremost - Prints!
● There are two types of prints from the kernel:
○ printf
○ uprintf
● Both appear in dmesg
● uprintf prints to your current console
● printf prints to tty0
Char Devices
Compiling Our First Driver
static int nethook_loader (struct module *m, int what, void *arg)
{
int err = 0;
switch (what)
{
case MOD_LOAD : /* kldload */
uprintf ("Nethook KLD loaded. n");
break;
case MOD_UNLOAD :
uprintf ("Nethook KLD unloaded. n");
break;
}
return err;
}
static moduledata_t nethook_mod =
{
"nethook",
nethook_loader ,
NULL
};
DECLARE_MODULE (nethook, nethook_mod , SI_SUB_KLD , SI_ORDER_ANY );
nethook.c
Don’t return anything different than 0!
Different value will prevent you from unloading the module!!
Compiling Our First Driver
● Yep. That simple.
SRCS=nethook.c
KMOD=nethook
.include <bsd.kmod.mk>
Makefile
Running the Driver
● Just like Linux, we need to inject it to the Kernel:
$ kldload ./nethook.ko
$ kldunload ./nethook.ko
$ kldstat
● Removing from Kernel:
● Modules list:
Creating A Char Device
● This actually has a very good tutorial:
○ https://www.freebsd.org/doc/en/books/arch-handbook/driverbasics-char.html
● But here’s the snippets anyhow:
○ Create a struct with function pointers to read, write, open, close.
■ ioctl seems to fail with this method...
/* Character device entry points */
static struct cdevsw echo_cdevsw = {
.d_version = D_VERSION ,
.d_open = echo_open ,
.d_close = echo_close ,
.d_read = echo_read ,
.d_write = echo_write ,
.d_name = "echo",
};
● Just like Linux...
Creating A Char Device
● Then all you need to do is register:
static struct cdev *echo_dev ;
static int nethook_loader (struct module *m, int what, void *arg)
{
...
error = make_dev_p (MAKEDEV_CHECKNAME | MAKEDEV_WAITOK ,
&echo_dev ,
&echo_cdevsw ,
0,
UID_ROOT ,
GID_WHEEL ,
0600,
"echo");
…
}
Char Device Kernel Object
Pointer to File Operations
Owner UID of File System Node
Owner GID of File System Node
File System Node Permissions
Name of File System Node
Creating A Char Device
● Read operation
● Note the struct uio:
○ uio_resid - Space left in buffer sent from user mode (read length usually)
○ uio_offset - Current write offset
● uio knows whether it’s a read or a write depending on current action.
○ Here uiomove() writes from kernel buffer to user mode buffer.
static int echo_read (struct cdev *dev __unused , struct uio *uio, int ioflag __unused )
{
size_t amt;
int error;
amt = MIN(uio->uio_resid , uio->uio_offset >= echomsg ->len + 1 ? 0 :
echomsg ->len + 1 - uio->uio_offset );
if ((error = uiomove (echomsg->msg, amt, uio)) != 0)
uprintf("uiomove failed! n");
return (error);
}
Creating A Char Device
● Corresponding write().
static int echo_write (struct cdev *dev __unused , struct uio *uio, int ioflag __unused )
{
size_t amt;
int error;
if (uio->uio_offset != 0 && (uio->uio_offset != echomsg ->len))
return (EINVAL);
/* Copy the string in from user memory to kernel memory */
amt = MIN(uio->uio_resid , (BUFFERSIZE - echomsg ->len));
error = uiomove (echomsg->msg + uio->uio_offset , amt, uio);
if (error != 0)
uprintf("Write failed: bad address! n");
return (error);
}
Networking
● DISCLAIMER:
○ Before you begin to build your own network driver, be absolutely sure you understand the
below.
● OK lets continue...
Network Stack
Networking
● Just like Linux has its skb structure, FreeBSD has a basic buffer system
● It’s called: mbuf
● mbufs are buffer chains of size 256
○ Larger buffers are possible in an mbuf cluster but unfortunately usually it’s not the case.
● When you get a packet larger than 256 bytes, you get an mbuf chain
● Mellanox created a module called OFED to help port drivers from Linux to
Freebsd.
○ It’s a great place to start learning about networking in FreeBSD.
○ Unfortunately it lacks a HELL LOT of functionality sometimes needed.
Meet struct mbuf
● Yeah I know it’s weird and complicated.
○ Our interest is in m_hdr and in m_dat.M_databuf (Which means a normal packet)
struct mbuf {
struct m_hdr m_hdr ;
union {
struct {
struct pkthdr MH_pkthdr ; /* M_PKTHDR set */
union {
struct m_ext MH_ext ; /* M_EXT set */
char MH_databuf [MHLEN];
} MH_dat;
} MH;
char M_databuf [MLEN]; /* !M_PKTHDR, !M_EXT */
} M_dat;
};
/sys/mbuf.h
Meet struct m_hdr
● mh_next - Already mentioned this is an mbuf chain
● mh_nextpkt - mbufs provide us with a linked-list of packets storage place.
● mh_data - Pointer to beginning of data within the data buffer
● mh_len - Length of data in this mbuf
struct m_hdr {
struct mbuf *mh_next; /* next buffer in chain */
struct mbuf *mh_nextpkt ; /* next chain in queue/record */
caddr_t mh_data ; /* location of data */
int32_t mh_len ; /* amount of data in this mbuf */
uint32_t mh_type :8, /* type of data in this mbuf */
mh_flags :24; /* flags; see below */
#if !defined(__LP64__ )
uint32_t mh_pad ; /* pad for 64bit alignment */
#endif
};
/sys/mbuf.h
nbuf Structure
mbuf
mh_data
mbuf aaaaa
mh_next
mh_len
mbuf aaaaa
mbuf aaaaa
mh_nextpkt
Whatever you do, do NOT access these directly!
● Seriously. For everything you need there’s a function.
● When in doubt, see man mbuf (9).
● mbuf function names are non indicative, so I’ll explain a few here:
Allocating and freeing buffers
● m_get(int how, int type) - Allocates a new mbuf and sets its type.
● m_free(struct mbuf *m) - Frees a single mbuf.
● m_freem(struct mbuf *m) - Frees an entire mbuf chain.
● m_dup(struct mbuf *m, int how) - Duplicates an entire mbuf.
● m_copym(struct mbuf *mbuf, int offset, int len, int how) - Copy only a portion
of the mbuf to a new mbuf chain.
● m_copydata(const struct mbuf *mbuf, int offset, int len, caddr_t buf) - Copy
the mbuf data to a different buffer.
● m_length(struct mbuf *m, struct mbuf ** last) - Returns the entire mbuf chain
length (in bytes).
Shorten or Lengthen the Buffer
● m_adj(struct mbuf *m, int len) - Shorten the buffer from the beginning.
mbuf aaaaa mbuf
mh_data
mh_next
mbuf
mh_len mh_lenmh_len
mbuf
mh_data
void shorten_my_mbuf (struct mbuf *m)
{
m_adj (m);
}
m
is
stillpointing
to
the
firstm
buf!!
Shorten or Lengthen the Buffer
● m_prepend(struct mbuf *m, int len, int how) - Prepend len bytes in te
beginning.
mbuf aaaaa mbuf
mh_data
mh_next
mh_len mh_len
mbuf aaaaa
mh_next
mh_data mh_data
mh_len mh_len
mbuf
Accessing data
● Because mbufs are divided to 256-bytes parts, header might fall between two
mbufs.
● Accessing the header linearly might cause an unexpected behaviour.
mbuf aaaaa mbufhea der
Write.. OVERFLOW...
● NEVER access directly, or before using this:
● m_pulldown(struct mbuf *mbuf, int offset, int len, int *offsetp)
mbuf aaaaa mbufhea dermbuf a mbufheader
Might allocate a new mbuf
Interfaces
● Interfaces in FreeBSD are represented by struct ifnet
struct ifnet {
struct vnet *if_vnet; /* pointer to network stack instance */
TAILQ_ENTRY (ifnet) if_link ; /* all struct ifnets are chained */
...
char if_xname [IFNAMSIZ ]; /* external name (name + unit) */
...
struct ifaddrhead if_addrhead ; /* linked list of addresses per if */
...
u_short if_index ; /* numeric abbreviation for this if */
int (*if_output ) /* output routine (enqueue) */
(struct ifnet *, struct mbuf *, const struct sockaddr *,
struct route *);
void (*if_input ) /* input routine (from h/w driver) */
(struct ifnet *, struct mbuf *);
…
void (*if_transmit ) /* initiate output routine */
(struct ifnet *, struct mbuf *);
u_int if_fib ; /* interface FIB */
...
};
/net/if_var.h
L3 Hooking
● Just like Linux has netfilter, FreeBSD has a framework called pfil
● It enables to create a list of filters for both IN and OUT packets.
● Unlike Linux, pfil allows hooking in only one place for incoming and outgoing
packets.
L3 Hooking
● Hooking is easy. Use:
struct pfil_head *pfh_inet ;
/* Initializing L3 Hooking */
if (!(pfh_inet = pfil_head_get (PFIL_TYPE_AF , AF_INET )))
{
uprintf ("Failed getting packet filter head n");
return ESRCH;
}
pfil_add_hook(in_filter, NULL, PFIL_IN | PFIL_WAITOK, pfh_inet);
static int in_filter(void *arg, struct mbuf **m, struct ifnet *ifp, int dir, struct inpcb *inp)
● Then, register the callback:
● Hook signature:
The L2-L3 Input Stack Driver
ifp->if_input()
ether_input_internal
BPF
LAGG
ng_ether
Bridging
Hooks
ether_demuxVLAN Handlingvlan_input_p()
IP: ip_input() IPv6 ARP: arpintr() ATALK AARP
pfil_run_hooks()
PFil
The L2-L3 Input Stack
Driver
ip_output
pfil_run_hooks()
if_output()
ether_output
Bridge
ng_ether
PFil
Hooks
ifp->if_transmit()
L2 Hooking
● Apparently, it’s not as trivial hooking to the network stack in L2
● For example, in order to make Libpcap work, NIC drivers need to explicitly call
Libpcap kernel hooks to redirect L2 flow to it.
● Suggested implementation in user mode:
○ BPF - Explained in previous lectures
○ Libpcap - Explained above
○ Nethook - Memory-mapping based network handling. Exists in both Linux, Windows and
FreeBSD.
● Despite what is said above, you can use netgraph to attach to ng_ether.
○ There is a way to use it more easily. Source code will be uploaded later.
● DDB is the static kernel debugger. You can read about it here:
○ https://www.freebsd.org/cgi/man.cgi?ddb(4)
● Compile kernel with:
○ Options DDB
● Compiling the kernel:
○ Configs are in:
■ amd64/conf/GENERIC
■ Always copy GENERIC to a new file and edit it.
Other useful tips
$ cd /usr/src/
$ make buildkernel KERNCONF=GENERIC.MYCONF && make installkernel KERNCONF=GENERIC.MYCONF && shutdown -r now
● If kernel hangs, useful VirtualBox command (Opens DDB):
$ VBoxManage debugvm <VM Name> injectnmi
Questions? :)

More Related Content

What's hot

Booting Android: bootloaders, fastboot and boot images
Booting Android: bootloaders, fastboot and boot imagesBooting Android: bootloaders, fastboot and boot images
Booting Android: bootloaders, fastboot and boot imagesChris Simmonds
 
品質管理グループ Linux 勉強会
品質管理グループ Linux 勉強会品質管理グループ Linux 勉強会
品質管理グループ Linux 勉強会Shin-ya Koga
 
Linux MMAP & Ioremap introduction
Linux MMAP & Ioremap introductionLinux MMAP & Ioremap introduction
Linux MMAP & Ioremap introductionGene Chang
 
Develop Your Own Operating Systems using Cheap ARM Boards
Develop Your Own Operating Systems using Cheap ARM BoardsDevelop Your Own Operating Systems using Cheap ARM Boards
Develop Your Own Operating Systems using Cheap ARM BoardsNational Cheng Kung University
 
Learning AOSP - Android Linux Device Driver
Learning AOSP - Android Linux Device DriverLearning AOSP - Android Linux Device Driver
Learning AOSP - Android Linux Device DriverNanik Tolaram
 
How Linux Processes Your Network Packet - Elazar Leibovich
How Linux Processes Your Network Packet - Elazar LeibovichHow Linux Processes Your Network Packet - Elazar Leibovich
How Linux Processes Your Network Packet - Elazar LeibovichDevOpsDays Tel Aviv
 
malloc & vmalloc in Linux
malloc & vmalloc in Linuxmalloc & vmalloc in Linux
malloc & vmalloc in LinuxAdrian Huang
 
Anatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxCon
Anatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxConAnatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxCon
Anatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxConJérôme Petazzoni
 
Physical Memory Management.pdf
Physical Memory Management.pdfPhysical Memory Management.pdf
Physical Memory Management.pdfAdrian Huang
 
Broken Linux Performance Tools 2016
Broken Linux Performance Tools 2016Broken Linux Performance Tools 2016
Broken Linux Performance Tools 2016Brendan Gregg
 
Hardware Probing in the Linux Kernel
Hardware Probing in the Linux KernelHardware Probing in the Linux Kernel
Hardware Probing in the Linux KernelKernel TLV
 
DPDK in Containers Hands-on Lab
DPDK in Containers Hands-on LabDPDK in Containers Hands-on Lab
DPDK in Containers Hands-on LabMichelle Holley
 
syzkaller: the next gen kernel fuzzer
syzkaller: the next gen kernel fuzzersyzkaller: the next gen kernel fuzzer
syzkaller: the next gen kernel fuzzerDmitry Vyukov
 
Kubernetes University, Cap sur l’orchestration Docker
Kubernetes University, Cap sur l’orchestration DockerKubernetes University, Cap sur l’orchestration Docker
Kubernetes University, Cap sur l’orchestration DockerJean-Baptiste Claramonte
 
qemu + gdb: The efficient way to understand/debug Linux kernel code/data stru...
qemu + gdb: The efficient way to understand/debug Linux kernel code/data stru...qemu + gdb: The efficient way to understand/debug Linux kernel code/data stru...
qemu + gdb: The efficient way to understand/debug Linux kernel code/data stru...Adrian Huang
 

What's hot (20)

Booting Android: bootloaders, fastboot and boot images
Booting Android: bootloaders, fastboot and boot imagesBooting Android: bootloaders, fastboot and boot images
Booting Android: bootloaders, fastboot and boot images
 
品質管理グループ Linux 勉強会
品質管理グループ Linux 勉強会品質管理グループ Linux 勉強会
品質管理グループ Linux 勉強会
 
Linux MMAP & Ioremap introduction
Linux MMAP & Ioremap introductionLinux MMAP & Ioremap introduction
Linux MMAP & Ioremap introduction
 
Linux device drivers
Linux device drivers Linux device drivers
Linux device drivers
 
Develop Your Own Operating Systems using Cheap ARM Boards
Develop Your Own Operating Systems using Cheap ARM BoardsDevelop Your Own Operating Systems using Cheap ARM Boards
Develop Your Own Operating Systems using Cheap ARM Boards
 
systemd
systemdsystemd
systemd
 
Learning AOSP - Android Linux Device Driver
Learning AOSP - Android Linux Device DriverLearning AOSP - Android Linux Device Driver
Learning AOSP - Android Linux Device Driver
 
How Linux Processes Your Network Packet - Elazar Leibovich
How Linux Processes Your Network Packet - Elazar LeibovichHow Linux Processes Your Network Packet - Elazar Leibovich
How Linux Processes Your Network Packet - Elazar Leibovich
 
malloc & vmalloc in Linux
malloc & vmalloc in Linuxmalloc & vmalloc in Linux
malloc & vmalloc in Linux
 
Anatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxCon
Anatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxConAnatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxCon
Anatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxCon
 
Physical Memory Management.pdf
Physical Memory Management.pdfPhysical Memory Management.pdf
Physical Memory Management.pdf
 
Broken Linux Performance Tools 2016
Broken Linux Performance Tools 2016Broken Linux Performance Tools 2016
Broken Linux Performance Tools 2016
 
Linux device drivers
Linux device driversLinux device drivers
Linux device drivers
 
Hardware Probing in the Linux Kernel
Hardware Probing in the Linux KernelHardware Probing in the Linux Kernel
Hardware Probing in the Linux Kernel
 
DPDK in Containers Hands-on Lab
DPDK in Containers Hands-on LabDPDK in Containers Hands-on Lab
DPDK in Containers Hands-on Lab
 
Linux Device Driver’s
Linux Device Driver’sLinux Device Driver’s
Linux Device Driver’s
 
syzkaller: the next gen kernel fuzzer
syzkaller: the next gen kernel fuzzersyzkaller: the next gen kernel fuzzer
syzkaller: the next gen kernel fuzzer
 
PCI Drivers
PCI DriversPCI Drivers
PCI Drivers
 
Kubernetes University, Cap sur l’orchestration Docker
Kubernetes University, Cap sur l’orchestration DockerKubernetes University, Cap sur l’orchestration Docker
Kubernetes University, Cap sur l’orchestration Docker
 
qemu + gdb: The efficient way to understand/debug Linux kernel code/data stru...
qemu + gdb: The efficient way to understand/debug Linux kernel code/data stru...qemu + gdb: The efficient way to understand/debug Linux kernel code/data stru...
qemu + gdb: The efficient way to understand/debug Linux kernel code/data stru...
 

Viewers also liked

Introduction to DPDK
Introduction to DPDKIntroduction to DPDK
Introduction to DPDKKernel TLV
 
Modern Linux Tracing Landscape
Modern Linux Tracing LandscapeModern Linux Tracing Landscape
Modern Linux Tracing LandscapeKernel TLV
 
Linux Kernel Cryptographic API and Use Cases
Linux Kernel Cryptographic API and Use CasesLinux Kernel Cryptographic API and Use Cases
Linux Kernel Cryptographic API and Use CasesKernel TLV
 
Userfaultfd and Post-Copy Migration
Userfaultfd and Post-Copy MigrationUserfaultfd and Post-Copy Migration
Userfaultfd and Post-Copy MigrationKernel TLV
 
WiFi and the Beast
WiFi and the BeastWiFi and the Beast
WiFi and the BeastKernel TLV
 
grsecurity and PaX
grsecurity and PaXgrsecurity and PaX
grsecurity and PaXKernel TLV
 
Windows Internals for Linux Kernel Developers
Windows Internals for Linux Kernel DevelopersWindows Internals for Linux Kernel Developers
Windows Internals for Linux Kernel DevelopersKernel TLV
 
Linux Locking Mechanisms
Linux Locking MechanismsLinux Locking Mechanisms
Linux Locking MechanismsKernel TLV
 
Fun with Network Interfaces
Fun with Network InterfacesFun with Network Interfaces
Fun with Network InterfacesKernel TLV
 
Specializing the Data Path - Hooking into the Linux Network Stack
Specializing the Data Path - Hooking into the Linux Network StackSpecializing the Data Path - Hooking into the Linux Network Stack
Specializing the Data Path - Hooking into the Linux Network StackKernel TLV
 
High Performance Storage Devices in the Linux Kernel
High Performance Storage Devices in the Linux KernelHigh Performance Storage Devices in the Linux Kernel
High Performance Storage Devices in the Linux KernelKernel TLV
 
Linux Interrupts
Linux InterruptsLinux Interrupts
Linux InterruptsKernel TLV
 
FD.IO Vector Packet Processing
FD.IO Vector Packet ProcessingFD.IO Vector Packet Processing
FD.IO Vector Packet ProcessingKernel TLV
 
Switchdev - No More SDK
Switchdev - No More SDKSwitchdev - No More SDK
Switchdev - No More SDKKernel TLV
 
Linux Kernel Init Process
Linux Kernel Init ProcessLinux Kernel Init Process
Linux Kernel Init ProcessKernel TLV
 
Berkeley Packet Filters
Berkeley Packet FiltersBerkeley Packet Filters
Berkeley Packet FiltersKernel TLV
 
Linux Security Overview
Linux Security OverviewLinux Security Overview
Linux Security OverviewKernel TLV
 
Denial of Service Mitigation Tactics in FreeBSD
Denial of Service Mitigation Tactics in FreeBSDDenial of Service Mitigation Tactics in FreeBSD
Denial of Service Mitigation Tactics in FreeBSDSteven Kreuzer
 
Rewriting the Rules for DDoS Protection in 2015
Rewriting the Rules for DDoS Protection in 2015Rewriting the Rules for DDoS Protection in 2015
Rewriting the Rules for DDoS Protection in 2015Stephanie Weagle
 
Introduction to RCU
Introduction to RCUIntroduction to RCU
Introduction to RCUKernel TLV
 

Viewers also liked (20)

Introduction to DPDK
Introduction to DPDKIntroduction to DPDK
Introduction to DPDK
 
Modern Linux Tracing Landscape
Modern Linux Tracing LandscapeModern Linux Tracing Landscape
Modern Linux Tracing Landscape
 
Linux Kernel Cryptographic API and Use Cases
Linux Kernel Cryptographic API and Use CasesLinux Kernel Cryptographic API and Use Cases
Linux Kernel Cryptographic API and Use Cases
 
Userfaultfd and Post-Copy Migration
Userfaultfd and Post-Copy MigrationUserfaultfd and Post-Copy Migration
Userfaultfd and Post-Copy Migration
 
WiFi and the Beast
WiFi and the BeastWiFi and the Beast
WiFi and the Beast
 
grsecurity and PaX
grsecurity and PaXgrsecurity and PaX
grsecurity and PaX
 
Windows Internals for Linux Kernel Developers
Windows Internals for Linux Kernel DevelopersWindows Internals for Linux Kernel Developers
Windows Internals for Linux Kernel Developers
 
Linux Locking Mechanisms
Linux Locking MechanismsLinux Locking Mechanisms
Linux Locking Mechanisms
 
Fun with Network Interfaces
Fun with Network InterfacesFun with Network Interfaces
Fun with Network Interfaces
 
Specializing the Data Path - Hooking into the Linux Network Stack
Specializing the Data Path - Hooking into the Linux Network StackSpecializing the Data Path - Hooking into the Linux Network Stack
Specializing the Data Path - Hooking into the Linux Network Stack
 
High Performance Storage Devices in the Linux Kernel
High Performance Storage Devices in the Linux KernelHigh Performance Storage Devices in the Linux Kernel
High Performance Storage Devices in the Linux Kernel
 
Linux Interrupts
Linux InterruptsLinux Interrupts
Linux Interrupts
 
FD.IO Vector Packet Processing
FD.IO Vector Packet ProcessingFD.IO Vector Packet Processing
FD.IO Vector Packet Processing
 
Switchdev - No More SDK
Switchdev - No More SDKSwitchdev - No More SDK
Switchdev - No More SDK
 
Linux Kernel Init Process
Linux Kernel Init ProcessLinux Kernel Init Process
Linux Kernel Init Process
 
Berkeley Packet Filters
Berkeley Packet FiltersBerkeley Packet Filters
Berkeley Packet Filters
 
Linux Security Overview
Linux Security OverviewLinux Security Overview
Linux Security Overview
 
Denial of Service Mitigation Tactics in FreeBSD
Denial of Service Mitigation Tactics in FreeBSDDenial of Service Mitigation Tactics in FreeBSD
Denial of Service Mitigation Tactics in FreeBSD
 
Rewriting the Rules for DDoS Protection in 2015
Rewriting the Rules for DDoS Protection in 2015Rewriting the Rules for DDoS Protection in 2015
Rewriting the Rules for DDoS Protection in 2015
 
Introduction to RCU
Introduction to RCUIntroduction to RCU
Introduction to RCU
 

Similar to FreeBSD and Drivers

Linuxdd[1]
Linuxdd[1]Linuxdd[1]
Linuxdd[1]mcganesh
 
Linux kernel tracing superpowers in the cloud
Linux kernel tracing superpowers in the cloudLinux kernel tracing superpowers in the cloud
Linux kernel tracing superpowers in the cloudAndrea Righi
 
Char Drivers And Debugging Techniques
Char Drivers And Debugging TechniquesChar Drivers And Debugging Techniques
Char Drivers And Debugging TechniquesYourHelper1
 
Linux kernel modules
Linux kernel modulesLinux kernel modules
Linux kernel modulesEddy Reyes
 
Kernel Recipes 2014 - What I’m forgetting when designing a new userspace inte...
Kernel Recipes 2014 - What I’m forgetting when designing a new userspace inte...Kernel Recipes 2014 - What I’m forgetting when designing a new userspace inte...
Kernel Recipes 2014 - What I’m forgetting when designing a new userspace inte...Anne Nicolas
 
Grub and dracut ii
Grub and dracut iiGrub and dracut ii
Grub and dracut iiplarsen67
 
The TCP/IP Stack in the Linux Kernel
The TCP/IP Stack in the Linux KernelThe TCP/IP Stack in the Linux Kernel
The TCP/IP Stack in the Linux KernelDivye Kapoor
 
A million ways to provision embedded linux devices
A million ways to provision embedded linux devicesA million ways to provision embedded linux devices
A million ways to provision embedded linux devicesMender.io
 
Linux Capabilities - eng - v2.1.5, compact
Linux Capabilities - eng - v2.1.5, compactLinux Capabilities - eng - v2.1.5, compact
Linux Capabilities - eng - v2.1.5, compactAlessandro Selli
 
The TCP/IP stack in the FreeBSD kernel COSCUP 2014
The TCP/IP stack in the FreeBSD kernel COSCUP 2014The TCP/IP stack in the FreeBSD kernel COSCUP 2014
The TCP/IP stack in the FreeBSD kernel COSCUP 2014Kevin Lo
 
U-Boot presentation 2013
U-Boot presentation  2013U-Boot presentation  2013
U-Boot presentation 2013Wave Digitech
 
Auditing the Opensource Kernels
Auditing the Opensource KernelsAuditing the Opensource Kernels
Auditing the Opensource KernelsSilvio Cesare
 
Description of GRUB 2
Description of GRUB 2Description of GRUB 2
Description of GRUB 2iamumr
 
Exploitation of counter overflows in the Linux kernel
Exploitation of counter overflows in the Linux kernelExploitation of counter overflows in the Linux kernel
Exploitation of counter overflows in the Linux kernelVitaly Nikolenko
 

Similar to FreeBSD and Drivers (20)

Driver_linux
Driver_linuxDriver_linux
Driver_linux
 
Linuxdd[1]
Linuxdd[1]Linuxdd[1]
Linuxdd[1]
 
Linux Kernel Debugging
Linux Kernel DebuggingLinux Kernel Debugging
Linux Kernel Debugging
 
Fun with FUSE
Fun with FUSEFun with FUSE
Fun with FUSE
 
Linux
LinuxLinux
Linux
 
Linux kernel tracing superpowers in the cloud
Linux kernel tracing superpowers in the cloudLinux kernel tracing superpowers in the cloud
Linux kernel tracing superpowers in the cloud
 
Char Drivers And Debugging Techniques
Char Drivers And Debugging TechniquesChar Drivers And Debugging Techniques
Char Drivers And Debugging Techniques
 
Linux kernel modules
Linux kernel modulesLinux kernel modules
Linux kernel modules
 
Kernel Recipes 2014 - What I’m forgetting when designing a new userspace inte...
Kernel Recipes 2014 - What I’m forgetting when designing a new userspace inte...Kernel Recipes 2014 - What I’m forgetting when designing a new userspace inte...
Kernel Recipes 2014 - What I’m forgetting when designing a new userspace inte...
 
Grub and dracut ii
Grub and dracut iiGrub and dracut ii
Grub and dracut ii
 
The TCP/IP Stack in the Linux Kernel
The TCP/IP Stack in the Linux KernelThe TCP/IP Stack in the Linux Kernel
The TCP/IP Stack in the Linux Kernel
 
A million ways to provision embedded linux devices
A million ways to provision embedded linux devicesA million ways to provision embedded linux devices
A million ways to provision embedded linux devices
 
Linux Capabilities - eng - v2.1.5, compact
Linux Capabilities - eng - v2.1.5, compactLinux Capabilities - eng - v2.1.5, compact
Linux Capabilities - eng - v2.1.5, compact
 
The TCP/IP stack in the FreeBSD kernel COSCUP 2014
The TCP/IP stack in the FreeBSD kernel COSCUP 2014The TCP/IP stack in the FreeBSD kernel COSCUP 2014
The TCP/IP stack in the FreeBSD kernel COSCUP 2014
 
U-Boot presentation 2013
U-Boot presentation  2013U-Boot presentation  2013
U-Boot presentation 2013
 
Auditing the Opensource Kernels
Auditing the Opensource KernelsAuditing the Opensource Kernels
Auditing the Opensource Kernels
 
Description of GRUB 2
Description of GRUB 2Description of GRUB 2
Description of GRUB 2
 
Linux kernel modules
Linux kernel modulesLinux kernel modules
Linux kernel modules
 
Writing MySQL UDFs
Writing MySQL UDFsWriting MySQL UDFs
Writing MySQL UDFs
 
Exploitation of counter overflows in the Linux kernel
Exploitation of counter overflows in the Linux kernelExploitation of counter overflows in the Linux kernel
Exploitation of counter overflows in the Linux kernel
 

More from Kernel TLV

Building Network Functions with eBPF & BCC
Building Network Functions with eBPF & BCCBuilding Network Functions with eBPF & BCC
Building Network Functions with eBPF & BCCKernel TLV
 
SGX Trusted Execution Environment
SGX Trusted Execution EnvironmentSGX Trusted Execution Environment
SGX Trusted Execution EnvironmentKernel TLV
 
Kernel Proc Connector and Containers
Kernel Proc Connector and ContainersKernel Proc Connector and Containers
Kernel Proc Connector and ContainersKernel TLV
 
Bypassing ASLR Exploiting CVE 2015-7545
Bypassing ASLR Exploiting CVE 2015-7545Bypassing ASLR Exploiting CVE 2015-7545
Bypassing ASLR Exploiting CVE 2015-7545Kernel TLV
 
Present Absence of Linux Filesystem Security
Present Absence of Linux Filesystem SecurityPresent Absence of Linux Filesystem Security
Present Absence of Linux Filesystem SecurityKernel TLV
 
OpenWrt From Top to Bottom
OpenWrt From Top to BottomOpenWrt From Top to Bottom
OpenWrt From Top to BottomKernel TLV
 
Make Your Containers Faster: Linux Container Performance Tools
Make Your Containers Faster: Linux Container Performance ToolsMake Your Containers Faster: Linux Container Performance Tools
Make Your Containers Faster: Linux Container Performance ToolsKernel TLV
 
Emerging Persistent Memory Hardware and ZUFS - PM-based File Systems in User ...
Emerging Persistent Memory Hardware and ZUFS - PM-based File Systems in User ...Emerging Persistent Memory Hardware and ZUFS - PM-based File Systems in User ...
Emerging Persistent Memory Hardware and ZUFS - PM-based File Systems in User ...Kernel TLV
 
File Systems: Why, How and Where
File Systems: Why, How and WhereFile Systems: Why, How and Where
File Systems: Why, How and WhereKernel TLV
 
netfilter and iptables
netfilter and iptablesnetfilter and iptables
netfilter and iptablesKernel TLV
 
KernelTLV Speaker Guidelines
KernelTLV Speaker GuidelinesKernelTLV Speaker Guidelines
KernelTLV Speaker GuidelinesKernel TLV
 
Userfaultfd: Current Features, Limitations and Future Development
Userfaultfd: Current Features, Limitations and Future DevelopmentUserfaultfd: Current Features, Limitations and Future Development
Userfaultfd: Current Features, Limitations and Future DevelopmentKernel TLV
 
The Linux Block Layer - Built for Fast Storage
The Linux Block Layer - Built for Fast StorageThe Linux Block Layer - Built for Fast Storage
The Linux Block Layer - Built for Fast StorageKernel TLV
 
DMA Survival Guide
DMA Survival GuideDMA Survival Guide
DMA Survival GuideKernel TLV
 

More from Kernel TLV (15)

DPDK In Depth
DPDK In DepthDPDK In Depth
DPDK In Depth
 
Building Network Functions with eBPF & BCC
Building Network Functions with eBPF & BCCBuilding Network Functions with eBPF & BCC
Building Network Functions with eBPF & BCC
 
SGX Trusted Execution Environment
SGX Trusted Execution EnvironmentSGX Trusted Execution Environment
SGX Trusted Execution Environment
 
Kernel Proc Connector and Containers
Kernel Proc Connector and ContainersKernel Proc Connector and Containers
Kernel Proc Connector and Containers
 
Bypassing ASLR Exploiting CVE 2015-7545
Bypassing ASLR Exploiting CVE 2015-7545Bypassing ASLR Exploiting CVE 2015-7545
Bypassing ASLR Exploiting CVE 2015-7545
 
Present Absence of Linux Filesystem Security
Present Absence of Linux Filesystem SecurityPresent Absence of Linux Filesystem Security
Present Absence of Linux Filesystem Security
 
OpenWrt From Top to Bottom
OpenWrt From Top to BottomOpenWrt From Top to Bottom
OpenWrt From Top to Bottom
 
Make Your Containers Faster: Linux Container Performance Tools
Make Your Containers Faster: Linux Container Performance ToolsMake Your Containers Faster: Linux Container Performance Tools
Make Your Containers Faster: Linux Container Performance Tools
 
Emerging Persistent Memory Hardware and ZUFS - PM-based File Systems in User ...
Emerging Persistent Memory Hardware and ZUFS - PM-based File Systems in User ...Emerging Persistent Memory Hardware and ZUFS - PM-based File Systems in User ...
Emerging Persistent Memory Hardware and ZUFS - PM-based File Systems in User ...
 
File Systems: Why, How and Where
File Systems: Why, How and WhereFile Systems: Why, How and Where
File Systems: Why, How and Where
 
netfilter and iptables
netfilter and iptablesnetfilter and iptables
netfilter and iptables
 
KernelTLV Speaker Guidelines
KernelTLV Speaker GuidelinesKernelTLV Speaker Guidelines
KernelTLV Speaker Guidelines
 
Userfaultfd: Current Features, Limitations and Future Development
Userfaultfd: Current Features, Limitations and Future DevelopmentUserfaultfd: Current Features, Limitations and Future Development
Userfaultfd: Current Features, Limitations and Future Development
 
The Linux Block Layer - Built for Fast Storage
The Linux Block Layer - Built for Fast StorageThe Linux Block Layer - Built for Fast Storage
The Linux Block Layer - Built for Fast Storage
 
DMA Survival Guide
DMA Survival GuideDMA Survival Guide
DMA Survival Guide
 

Recently uploaded

Sending Calendar Invites on SES and Calendarsnack.pdf
Sending Calendar Invites on SES and Calendarsnack.pdfSending Calendar Invites on SES and Calendarsnack.pdf
Sending Calendar Invites on SES and Calendarsnack.pdf31events.com
 
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...Matt Ray
 
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...OnePlan Solutions
 
Cyber security and its impact on E commerce
Cyber security and its impact on E commerceCyber security and its impact on E commerce
Cyber security and its impact on E commercemanigoyal112
 
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...Angel Borroy López
 
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)jennyeacort
 
Exploring Selenium_Appium Frameworks for Seamless Integration with HeadSpin.pdf
Exploring Selenium_Appium Frameworks for Seamless Integration with HeadSpin.pdfExploring Selenium_Appium Frameworks for Seamless Integration with HeadSpin.pdf
Exploring Selenium_Appium Frameworks for Seamless Integration with HeadSpin.pdfkalichargn70th171
 
Innovate and Collaborate- Harnessing the Power of Open Source Software.pdf
Innovate and Collaborate- Harnessing the Power of Open Source Software.pdfInnovate and Collaborate- Harnessing the Power of Open Source Software.pdf
Innovate and Collaborate- Harnessing the Power of Open Source Software.pdfYashikaSharma391629
 
20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...
20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...
20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...Akihiro Suda
 
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...OnePlan Solutions
 
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...Cizo Technology Services
 
Unveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesUnveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesŁukasz Chruściel
 
Powering Real-Time Decisions with Continuous Data Streams
Powering Real-Time Decisions with Continuous Data StreamsPowering Real-Time Decisions with Continuous Data Streams
Powering Real-Time Decisions with Continuous Data StreamsSafe Software
 
Unveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsUnveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsAhmed Mohamed
 
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfGOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfAlina Yurenko
 
Patterns for automating API delivery. API conference
Patterns for automating API delivery. API conferencePatterns for automating API delivery. API conference
Patterns for automating API delivery. API conferencessuser9e7c64
 
A healthy diet for your Java application Devoxx France.pdf
A healthy diet for your Java application Devoxx France.pdfA healthy diet for your Java application Devoxx France.pdf
A healthy diet for your Java application Devoxx France.pdfMarharyta Nedzelska
 
Understanding Flamingo - DeepMind's VLM Architecture
Understanding Flamingo - DeepMind's VLM ArchitectureUnderstanding Flamingo - DeepMind's VLM Architecture
Understanding Flamingo - DeepMind's VLM Architecturerahul_net
 
Real-time Tracking and Monitoring with Cargo Cloud Solutions.pptx
Real-time Tracking and Monitoring with Cargo Cloud Solutions.pptxReal-time Tracking and Monitoring with Cargo Cloud Solutions.pptx
Real-time Tracking and Monitoring with Cargo Cloud Solutions.pptxRTS corp
 
How to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion ApplicationHow to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion ApplicationBradBedford3
 

Recently uploaded (20)

Sending Calendar Invites on SES and Calendarsnack.pdf
Sending Calendar Invites on SES and Calendarsnack.pdfSending Calendar Invites on SES and Calendarsnack.pdf
Sending Calendar Invites on SES and Calendarsnack.pdf
 
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
 
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
 
Cyber security and its impact on E commerce
Cyber security and its impact on E commerceCyber security and its impact on E commerce
Cyber security and its impact on E commerce
 
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
 
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
 
Exploring Selenium_Appium Frameworks for Seamless Integration with HeadSpin.pdf
Exploring Selenium_Appium Frameworks for Seamless Integration with HeadSpin.pdfExploring Selenium_Appium Frameworks for Seamless Integration with HeadSpin.pdf
Exploring Selenium_Appium Frameworks for Seamless Integration with HeadSpin.pdf
 
Innovate and Collaborate- Harnessing the Power of Open Source Software.pdf
Innovate and Collaborate- Harnessing the Power of Open Source Software.pdfInnovate and Collaborate- Harnessing the Power of Open Source Software.pdf
Innovate and Collaborate- Harnessing the Power of Open Source Software.pdf
 
20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...
20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...
20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...
 
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
 
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
 
Unveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesUnveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New Features
 
Powering Real-Time Decisions with Continuous Data Streams
Powering Real-Time Decisions with Continuous Data StreamsPowering Real-Time Decisions with Continuous Data Streams
Powering Real-Time Decisions with Continuous Data Streams
 
Unveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsUnveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML Diagrams
 
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfGOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
 
Patterns for automating API delivery. API conference
Patterns for automating API delivery. API conferencePatterns for automating API delivery. API conference
Patterns for automating API delivery. API conference
 
A healthy diet for your Java application Devoxx France.pdf
A healthy diet for your Java application Devoxx France.pdfA healthy diet for your Java application Devoxx France.pdf
A healthy diet for your Java application Devoxx France.pdf
 
Understanding Flamingo - DeepMind's VLM Architecture
Understanding Flamingo - DeepMind's VLM ArchitectureUnderstanding Flamingo - DeepMind's VLM Architecture
Understanding Flamingo - DeepMind's VLM Architecture
 
Real-time Tracking and Monitoring with Cargo Cloud Solutions.pptx
Real-time Tracking and Monitoring with Cargo Cloud Solutions.pptxReal-time Tracking and Monitoring with Cargo Cloud Solutions.pptx
Real-time Tracking and Monitoring with Cargo Cloud Solutions.pptx
 
How to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion ApplicationHow to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion Application
 

FreeBSD and Drivers

  • 1. FreeBSD and Drivers Gili Yankovitch, Nyx Software Security Solutions
  • 2. Key Points ● What is FreeBSD? ● FreeBSD Drivers: How to create, compile and run a driver. ● Char devices ● Network Hooking ○ L3 ○ L2 ● Interaction with the network stack
  • 3. What is FreeBSD? ● “FreeBSD is a free UNIX-like operating system descended from Research Unix via the Berkeley Software Distribution (BSD).” - Wikipedia ● The BSD Project was founded in 1976 by Bill Joy. ● Contained code written by AT&T (Who later sued people related to BSD) ● In 1993 the first FreeBSD distribution was released. ○ Two years AFTER the Linux Kernel was founded.
  • 4. What is FreeBSD? ● https://www.freebsd.org/ ● Unlike Linux, it comes with a lot of user mode tools ● Doesn’t come in many flavours (distributions) ● Supported architectures: amd64, i386, ia64, powerpc, powerpc64, sparc64, mips, armv6, aarch64. ● Unfortunately, lacks a lot of features implemented in Linux. ○ Namespaces, Good L2 hooking (yay -_-) and more… ● It is very unfortunate but there is very little documentation on FreeBSD on the internet. :( ○ This means that if you are stuck, you need to deal with it on your own. ■ True story.
  • 5. How to get FreeBSD ● Download ○ https://www.freebsd.org/where.html ● Git: ○ https://github.com/freebsd ■ Yes they use GitHub. ● On a FreeBSD system, the sources are usually at: ○ /usr/src/sys/
  • 6. Folder Structure ● In contrast to Linux, FreeBSD has a lot of folders in its root directory. ○ kern/ - Core kernel implementation. ○ libkern/ - Core kernel libraries (printf, uprintf, strcpy etc…). ○ fs/ - File systems implementation. ○ net/ netinet/ - Core net and Inet implementation. ○ sys/ - Include directory. Contains a lot of *.h files. ○ amd64/ arm/ mips/ … - Architecture specific sources. ○ modules/ dev/ - Drivers. ○ ...
  • 7. First And Foremost - Prints! ● There are two types of prints from the kernel: ○ printf ○ uprintf ● Both appear in dmesg ● uprintf prints to your current console ● printf prints to tty0
  • 9. Compiling Our First Driver static int nethook_loader (struct module *m, int what, void *arg) { int err = 0; switch (what) { case MOD_LOAD : /* kldload */ uprintf ("Nethook KLD loaded. n"); break; case MOD_UNLOAD : uprintf ("Nethook KLD unloaded. n"); break; } return err; } static moduledata_t nethook_mod = { "nethook", nethook_loader , NULL }; DECLARE_MODULE (nethook, nethook_mod , SI_SUB_KLD , SI_ORDER_ANY ); nethook.c Don’t return anything different than 0! Different value will prevent you from unloading the module!!
  • 10. Compiling Our First Driver ● Yep. That simple. SRCS=nethook.c KMOD=nethook .include <bsd.kmod.mk> Makefile
  • 11. Running the Driver ● Just like Linux, we need to inject it to the Kernel: $ kldload ./nethook.ko $ kldunload ./nethook.ko $ kldstat ● Removing from Kernel: ● Modules list:
  • 12. Creating A Char Device ● This actually has a very good tutorial: ○ https://www.freebsd.org/doc/en/books/arch-handbook/driverbasics-char.html ● But here’s the snippets anyhow: ○ Create a struct with function pointers to read, write, open, close. ■ ioctl seems to fail with this method... /* Character device entry points */ static struct cdevsw echo_cdevsw = { .d_version = D_VERSION , .d_open = echo_open , .d_close = echo_close , .d_read = echo_read , .d_write = echo_write , .d_name = "echo", }; ● Just like Linux...
  • 13. Creating A Char Device ● Then all you need to do is register: static struct cdev *echo_dev ; static int nethook_loader (struct module *m, int what, void *arg) { ... error = make_dev_p (MAKEDEV_CHECKNAME | MAKEDEV_WAITOK , &echo_dev , &echo_cdevsw , 0, UID_ROOT , GID_WHEEL , 0600, "echo"); … } Char Device Kernel Object Pointer to File Operations Owner UID of File System Node Owner GID of File System Node File System Node Permissions Name of File System Node
  • 14. Creating A Char Device ● Read operation ● Note the struct uio: ○ uio_resid - Space left in buffer sent from user mode (read length usually) ○ uio_offset - Current write offset ● uio knows whether it’s a read or a write depending on current action. ○ Here uiomove() writes from kernel buffer to user mode buffer. static int echo_read (struct cdev *dev __unused , struct uio *uio, int ioflag __unused ) { size_t amt; int error; amt = MIN(uio->uio_resid , uio->uio_offset >= echomsg ->len + 1 ? 0 : echomsg ->len + 1 - uio->uio_offset ); if ((error = uiomove (echomsg->msg, amt, uio)) != 0) uprintf("uiomove failed! n"); return (error); }
  • 15. Creating A Char Device ● Corresponding write(). static int echo_write (struct cdev *dev __unused , struct uio *uio, int ioflag __unused ) { size_t amt; int error; if (uio->uio_offset != 0 && (uio->uio_offset != echomsg ->len)) return (EINVAL); /* Copy the string in from user memory to kernel memory */ amt = MIN(uio->uio_resid , (BUFFERSIZE - echomsg ->len)); error = uiomove (echomsg->msg + uio->uio_offset , amt, uio); if (error != 0) uprintf("Write failed: bad address! n"); return (error); }
  • 16. Networking ● DISCLAIMER: ○ Before you begin to build your own network driver, be absolutely sure you understand the below. ● OK lets continue...
  • 18. Networking ● Just like Linux has its skb structure, FreeBSD has a basic buffer system ● It’s called: mbuf ● mbufs are buffer chains of size 256 ○ Larger buffers are possible in an mbuf cluster but unfortunately usually it’s not the case. ● When you get a packet larger than 256 bytes, you get an mbuf chain ● Mellanox created a module called OFED to help port drivers from Linux to Freebsd. ○ It’s a great place to start learning about networking in FreeBSD. ○ Unfortunately it lacks a HELL LOT of functionality sometimes needed.
  • 19. Meet struct mbuf ● Yeah I know it’s weird and complicated. ○ Our interest is in m_hdr and in m_dat.M_databuf (Which means a normal packet) struct mbuf { struct m_hdr m_hdr ; union { struct { struct pkthdr MH_pkthdr ; /* M_PKTHDR set */ union { struct m_ext MH_ext ; /* M_EXT set */ char MH_databuf [MHLEN]; } MH_dat; } MH; char M_databuf [MLEN]; /* !M_PKTHDR, !M_EXT */ } M_dat; }; /sys/mbuf.h
  • 20. Meet struct m_hdr ● mh_next - Already mentioned this is an mbuf chain ● mh_nextpkt - mbufs provide us with a linked-list of packets storage place. ● mh_data - Pointer to beginning of data within the data buffer ● mh_len - Length of data in this mbuf struct m_hdr { struct mbuf *mh_next; /* next buffer in chain */ struct mbuf *mh_nextpkt ; /* next chain in queue/record */ caddr_t mh_data ; /* location of data */ int32_t mh_len ; /* amount of data in this mbuf */ uint32_t mh_type :8, /* type of data in this mbuf */ mh_flags :24; /* flags; see below */ #if !defined(__LP64__ ) uint32_t mh_pad ; /* pad for 64bit alignment */ #endif }; /sys/mbuf.h
  • 22. Whatever you do, do NOT access these directly! ● Seriously. For everything you need there’s a function. ● When in doubt, see man mbuf (9). ● mbuf function names are non indicative, so I’ll explain a few here:
  • 23. Allocating and freeing buffers ● m_get(int how, int type) - Allocates a new mbuf and sets its type. ● m_free(struct mbuf *m) - Frees a single mbuf. ● m_freem(struct mbuf *m) - Frees an entire mbuf chain. ● m_dup(struct mbuf *m, int how) - Duplicates an entire mbuf. ● m_copym(struct mbuf *mbuf, int offset, int len, int how) - Copy only a portion of the mbuf to a new mbuf chain. ● m_copydata(const struct mbuf *mbuf, int offset, int len, caddr_t buf) - Copy the mbuf data to a different buffer. ● m_length(struct mbuf *m, struct mbuf ** last) - Returns the entire mbuf chain length (in bytes).
  • 24. Shorten or Lengthen the Buffer ● m_adj(struct mbuf *m, int len) - Shorten the buffer from the beginning. mbuf aaaaa mbuf mh_data mh_next mbuf mh_len mh_lenmh_len mbuf mh_data void shorten_my_mbuf (struct mbuf *m) { m_adj (m); } m is stillpointing to the firstm buf!!
  • 25. Shorten or Lengthen the Buffer ● m_prepend(struct mbuf *m, int len, int how) - Prepend len bytes in te beginning. mbuf aaaaa mbuf mh_data mh_next mh_len mh_len mbuf aaaaa mh_next mh_data mh_data mh_len mh_len mbuf
  • 26. Accessing data ● Because mbufs are divided to 256-bytes parts, header might fall between two mbufs. ● Accessing the header linearly might cause an unexpected behaviour. mbuf aaaaa mbufhea der Write.. OVERFLOW... ● NEVER access directly, or before using this: ● m_pulldown(struct mbuf *mbuf, int offset, int len, int *offsetp) mbuf aaaaa mbufhea dermbuf a mbufheader Might allocate a new mbuf
  • 27. Interfaces ● Interfaces in FreeBSD are represented by struct ifnet struct ifnet { struct vnet *if_vnet; /* pointer to network stack instance */ TAILQ_ENTRY (ifnet) if_link ; /* all struct ifnets are chained */ ... char if_xname [IFNAMSIZ ]; /* external name (name + unit) */ ... struct ifaddrhead if_addrhead ; /* linked list of addresses per if */ ... u_short if_index ; /* numeric abbreviation for this if */ int (*if_output ) /* output routine (enqueue) */ (struct ifnet *, struct mbuf *, const struct sockaddr *, struct route *); void (*if_input ) /* input routine (from h/w driver) */ (struct ifnet *, struct mbuf *); … void (*if_transmit ) /* initiate output routine */ (struct ifnet *, struct mbuf *); u_int if_fib ; /* interface FIB */ ... }; /net/if_var.h
  • 28. L3 Hooking ● Just like Linux has netfilter, FreeBSD has a framework called pfil ● It enables to create a list of filters for both IN and OUT packets. ● Unlike Linux, pfil allows hooking in only one place for incoming and outgoing packets.
  • 29. L3 Hooking ● Hooking is easy. Use: struct pfil_head *pfh_inet ; /* Initializing L3 Hooking */ if (!(pfh_inet = pfil_head_get (PFIL_TYPE_AF , AF_INET ))) { uprintf ("Failed getting packet filter head n"); return ESRCH; } pfil_add_hook(in_filter, NULL, PFIL_IN | PFIL_WAITOK, pfh_inet); static int in_filter(void *arg, struct mbuf **m, struct ifnet *ifp, int dir, struct inpcb *inp) ● Then, register the callback: ● Hook signature:
  • 30. The L2-L3 Input Stack Driver ifp->if_input() ether_input_internal BPF LAGG ng_ether Bridging Hooks ether_demuxVLAN Handlingvlan_input_p() IP: ip_input() IPv6 ARP: arpintr() ATALK AARP pfil_run_hooks() PFil
  • 31. The L2-L3 Input Stack Driver ip_output pfil_run_hooks() if_output() ether_output Bridge ng_ether PFil Hooks ifp->if_transmit()
  • 32. L2 Hooking ● Apparently, it’s not as trivial hooking to the network stack in L2 ● For example, in order to make Libpcap work, NIC drivers need to explicitly call Libpcap kernel hooks to redirect L2 flow to it. ● Suggested implementation in user mode: ○ BPF - Explained in previous lectures ○ Libpcap - Explained above ○ Nethook - Memory-mapping based network handling. Exists in both Linux, Windows and FreeBSD. ● Despite what is said above, you can use netgraph to attach to ng_ether. ○ There is a way to use it more easily. Source code will be uploaded later.
  • 33. ● DDB is the static kernel debugger. You can read about it here: ○ https://www.freebsd.org/cgi/man.cgi?ddb(4) ● Compile kernel with: ○ Options DDB ● Compiling the kernel: ○ Configs are in: ■ amd64/conf/GENERIC ■ Always copy GENERIC to a new file and edit it. Other useful tips $ cd /usr/src/ $ make buildkernel KERNCONF=GENERIC.MYCONF && make installkernel KERNCONF=GENERIC.MYCONF && shutdown -r now ● If kernel hangs, useful VirtualBox command (Opens DDB): $ VBoxManage debugvm <VM Name> injectnmi