From nobody Thu Nov 02 10:36:58 2023 X-Original-To: freebsd-ipfw@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4SLhMS4Rcbz5002R; Thu, 2 Nov 2023 11:23:32 +0000 (UTC) (envelope-from dsl@FreeBSD.org) Received: from smtp.freebsd.org (smtp.freebsd.org [96.47.72.83]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4SLhMR6ldlz3WTR; Thu, 2 Nov 2023 11:23:31 +0000 (UTC) (envelope-from dsl@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1698924211; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type; bh=tymiN3Bpo9An6klKbEjkncw+w2WECobk9TGldINQ8LM=; b=tp7iQhrOskg60MvR3DjzbGhRJd5WI0rTbev8kuUTrFN8Rc76WoyT1ZhwlZMI9VMtZIUy4o WSwXy0WLbjBf6RjGPzAqzQizVBSmKa/Qa2mdLuqHPS/SAB1NsZE7OSRDwbxWVgVnpL6eOL 5XQywFJmT3qB4WtLLz0u66aI8iyaD5BZziJCGDmVxdUUN7i4RVeYwb/yFp/++S7WFTLeZQ gT19a/rLOLi6BCI9TlSK9sPSEIcgb3zI+XgAopYKTcjWLDCJ3QdqG1tXL4V32RNeJay3UC 8WUgPlBhn7F5JtfzqjIxvM8IKJ9K7QM08EM8tgnxw6EPHsIbrmCE5D90BNRboA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1698924211; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type; bh=tymiN3Bpo9An6klKbEjkncw+w2WECobk9TGldINQ8LM=; b=VwXXIib2u6ZcT81mm2B6hIDaPrt90dsvZ686GLVZG6LHweGWFvUx7Lrz1Fvd7ImxIxyF6s 4ZFS/vWKHgO/z1oLAtUBU1pImwplhsJaiFMDxunmCTBVm58FKK/+gbAbGcoWPNTyb6mqUh XTDxLyzXki5SYMO96fbLNtmorvT7bZcoifmyJ6GMpjvY7ltPDzRXZRUIAnezJ+0qrRv06H youY0/MdRtk0f3RZ6YCx9R7Udp4f4WvYF75BwEZ1tI1/Z76maV9Fe8P4mgU/QtiEk7TQE0 x4093b6kE0rfFUmCvyDZ43mXlUm/Jq9Pe5d5gnEY3xA1+NZFG8dBOlAEoB4vtQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1698924211; a=rsa-sha256; cv=none; b=RUoLj7h/rT+Cmcmk/lWrVFqsLrvqnK0SThyS35V3XV5rcM3wtSi6ge7m+TYndK/9RU9vRc 0SxEgcz1D9imH9WaDlud0Xzpl6aksHl4VfGXROu4WMN+luQEQEzMRGmubTRU9iwY86s1l+ Zar+tLk6CY4nRG2JsGEgosx42DHQtUmIR6qyxUX3Xtcar+GMLtXZcfahuaYEUY23M7efNI txkzROFVYljzl0MQGR1LGLdkcmRsY55BC28WOkhlvlEUDkf3LwYSsgz9LvXIOA3KetNREf SPY8eSn/bK1iYZSk+LSsOyCnS9r8t0zJ4KutMt3yDz+gI5y52AqZ+1/boBHf6w== Received: from localhost (unknown [91.226.51.235]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) (Authenticated sender: dsl) by smtp.freebsd.org (Postfix) with ESMTPSA id 4SLhMR3mQSz1Xk6; Thu, 2 Nov 2023 11:23:31 +0000 (UTC) (envelope-from dsl@FreeBSD.org) User-agent: mu4e 1.8.13; emacs 29.1 From: Dmitry Salychev To: freebsd-pf@FreeBSD.org, freebsd-ipfw@FreeBSD.org, freebsd-embedded@FreeBSD.org Subject: Porting firewall to RTOS Date: Thu, 02 Nov 2023 11:36:58 +0100 Message-ID: <86ttq42ybz.fsf@peasant.tower.home> List-Id: IPFW Technical Discussions List-Archive: https://lists.freebsd.org/archives/freebsd-ipfw List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-ipfw@freebsd.org MIME-Version: 1.0 Content-Type: text/plain Dear all, My employer is considering different proprietary firewall/IDS solutions at the moment to be utilized on the Marvell Brightlane managed automotive Ethernet switches (there are Cortex-R52 cores on the same IC connected to the switch fabric). I've proposed to consider porting existing open source firewalls instead, but I'd like to ask your opinion. Generally speaking, Marvell provides a light-weight RTOS to run on their switches together with the Titan SDK to develop user applications. I haven't had a chance to tinker with the RTOS or SDK yet, but trying to understand whether porting PF/IPFW/IPF feasible taking the fact that PF has been ported to different OSes (including QNX) into account. Which of the firewalls would you choose if you had to do something similar and why? Which restrictions of the RTOSes would you consider (no dynamic memory allocation, no virtual memory, etc.) if you had to estimate the whole work to port the open source firewall? Personally, I've been looking for some ways to bring FreeBSD into the automotive domain, but haven't had an opportunity to do so till this very moment. Regards, Dmitry -- https://wiki.freebsd.org/DmitrySalychev