From owner-freebsd-hackers Wed Feb 23 4:41:30 2000 Delivered-To: freebsd-hackers@freebsd.org Received: from knight.cons.org (nebula.cons.org [194.233.237.86]) by hub.freebsd.org (Postfix) with ESMTP id AC0DD37B863 for ; Wed, 23 Feb 2000 04:41:26 -0800 (PST) (envelope-from cracauer@knight.cons.org) Received: (from cracauer@localhost) by knight.cons.org (8.9.3/8.9.3) id NAA05900; Wed, 23 Feb 2000 13:41:14 +0100 (CET) Date: Wed, 23 Feb 2000 13:41:14 +0100 From: Martin Cracauer To: Christoph Kukulies Cc: Martin Cracauer , hackers@FreeBSD.ORG Subject: Re: FreeBSD as high speed router Message-ID: <20000223134113.A5723@cons.org> References: <200002220935.KAA14202@gil.physik.rwth-aachen.de> <20000223114214.A45619@cons.org> <20000223115722.A23927@gil.physik.rwth-aachen.de> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: <20000223115722.A23927@gil.physik.rwth-aachen.de>; from kuku@gilberto.physik.RWTH-Aachen.DE on Wed, Feb 23, 2000 at 11:57:22AM +0100 Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG In <20000223115722.A23927@gil.physik.rwth-aachen.de>, Christoph Kukulies wrote: > On Wed, Feb 23, 2000 at 11:42:14AM +0100, Martin Cracauer wrote: > > The thing is bootet from floppy and is a pure filtering router, no > > NAT, no applications/server, no proxies (which is suicide on a > > firewall anyway). > > Would be interesting to tell how you managed to produce a bootable floppy > with the subsequent scripting that starts the OS and all that. This setup is still 2.2.8-stable as the same thing done with 3.x will not fit onto the floppy. It was done before PicoBSD, otherwise I would have based by work on that. Basically, a small and kzip'ed kernel and needed stuff are put into a 1.44 MB file that is disklabeled and newfs'd as a BSD FFS. The trick I used is that I have a custom `init` binary, which looks at getpid() and argv[0] and depending on that bahaves like: - init - df - login (against md5'ed passwd stored in binary) - dmesg - a simple more - sleep - route You can hardlink it to these names and it will then get its intended behaviour from argv[0]. To save inodes, you may also choose the behaviour by switches to the name 'init' (which behaves like a real init only when it is pid 1). The advantage is of course that you have just one binary, this saves a lot of space, especially when you don't want shared libraries. Other stuff on the floppy are telnet, ls, /bin/sh, ifconfig, tcpdump and ipfw in maximaum stripped versions and with many #ifdef's turned off. Some of that is compressed, after evaluating advantages and disadvantages. I am not allowed to post the whole setup here, because if contains much of our network achitekture. However, I planned to switch to PicoBSD anyway (mostly to get to FreeBSD-3.x) and hope that I'm allowed to contribute the init(8) as described above. Martin -- %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% Martin Cracauer http://www.cons.org/cracauer/ Tel.: (private) +4940 5221829 Fax.: (private) +4940 5228536 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message