The FreeBSD Project is proud to be taking part in the Google The FreeBSD Project is proud to have taken part in the Google Summer of Code 2007. We received more high quality applications this year than ever before. In the end it was a very tough decision to narrow it - down to the 25 students selected for funding by Google. The student - projects are listed below. For more detailed information about the - plans for each project, please see the FreeBSD - Summer of Code 2007 wiki.
+ down to the 25 students selected for funding by Google. + These student projects included security research, + improved installation tools, new utilities, and more. Many of the + students have continued working on their FreeBSD projects even after + the official close of the program. + +We are happy to report than all students made some progress towards + their goals for the summer, and the 22 students listed below + completed the program successfully.
+ +Information about the student projects is available from our Summer of Code + wiki and all of the code is checked into Perforce. + The summaries below were submitted by the individual students and + their mentors.
A front-end to freebsd-update using GTK+. It includes:
+Multicast DNS (mDNS) is a part of Zero Configuration + Networking (Zeroconf) and provides the ability to address + hosts using DNS-like names without the need of an existing + (unicast), managed DNS server.
+ +The Multicast DNS responder (mdnsd), is more or less feature + complete and is currently in a bug fixing and testing phase. + A few more features are planned, most notably mdns proxy + support. The daemon performs multicast dns queries on behalf + of clients and acts as a unified cache to all clients. + Provides the ability to announce its own mdns records onto the + network.
+ +The daemons abilities are exposed to clients through libmdns, + it provides an API to do mDNS queries and to add/remove/list + records and view/flush cache. Two consumers exists, one + console based basic debugging and administrative utility + (mdns) which simply provides whatever libmdns provides and a + NSS module (nss_mdns) which integrates mDNS lookups with the + systems name lookup routines.
+This project aims to revise FreeBSD's package tools + (/usr/src/usr.sbin/pkg_install) to use Berkeley DB files for + storing information held in /var/db/pkg/*, and use Hash table + structures. It also aims to devise a frontend for dealing + with package and ports installation and management and insert + virtuals into ports infrastructure to support modular + components functionality, for dealing with ports installed + components vs base installed components (OpenSSL, OpenSSH, + Kerberos).
The aim of this project is to implement the Super Tunnel + Daemon, a tunneling daemon using plugins for different + encapsulations and automagically selecting the best + encapsulation in each environment. Should the environment + change, the user would not notice the transition to a + different encapsulation except for a small delay. Connections + estabilished within the tunnel would seamlessly be migrated to + a different encapsulation. In this way, mobility would be + supported as well, even to the extent of changing between + different physical network interfaces, e.g. disabling the + wireless interface and plugging in an ethernet cable. New + encapsulations could easily be added in the future using the + plugin interface.
This project involves rewriting the lockmgr syncronization + primitive since recent efforts (in particular sun4v porting) + evicted that this is a strong bottleneck for fs workloads (due + to its spreadness in VFS land). One of the main goal of the + rewriting is offering a more customed interface, trimming all + unused (and possibily bugged) features of lockmgr and offering + a more intelligent interface (that would help a lot in + debugging and lock assertions).
Apple's MacBook computers are nicely designed and have neat + features that other laptops don't. While Mac OS X is a nice + operating system, UNIX folks (like me) would prefer to run + other operating systems like FreeBSD. This project aims to + bring bug fixes and new drivers to FreeBSD that would help + running this OS on this platform.
This project involved testing the correctness of FreeBSD + Mandatory Access Control Framework including correctly passing + the security label from userland to kernel and + non-bypassibility of Mandatory Access Control Hooks. + Specific contributions include:
+ ++
This project aims at a testing suite for any host's + perform-ability in TCP/IP networks. N. Li implemented it on a + FreeBSD machine using libpcap (a library of BSD Packet Filter) + to sniff frames on MAC layer, decode them into human-readable + format, and send crafted ones to exam if the target host + follows RFC793's requirements.
At the moment the setproctitle call is implemented with a + sysctl, this has the unfortunate side effect that this simple + call locks the Giant-lock. As this call is a simple matter of + setting a value, it could be better implemented with shared + memory between the kernel and user-space.
+This project purposes a scheme to securely share process + specific data, between the kernel and a user-space + process. This is done by having each process allocate a + special memory page, on which the kernel and user-space + process can share data. This will give the security needed, as + the VM-system will make sure that no outside processes can + fiddle with a process' data. As everything is going on it + user-space, there is no concern about a rogue process could + write inside the kernel memory. There is still a locking + concern, which will be addressed either by locking the entire + page, or micro-locking each data field on the page. To test + the scheme, I will implement the setproctitle call with share + memory as oppose to the current syscall version.
+ +Update: Howard Su has sugested a a multi page scheme, where a + read/write page is used for things like get/setproctitle and a + read-only page for things like getpid. And maybe a system wide + read-only page for things like getdomain, gethostname + etc. More on this to follow.
+ +This project involves porting sysctl hw.sensors framework and + related utilities from OpenBSD to FreeBSD. Apart from the + framework itself, lm(4) and it(4) will be ported, and patches + to FreeBSD's internal drivers that have temperature sensors + will be provided, e.g. dev/iicbus/ad7418.c. The goal is to + enable users to access temperature and other sensors in a + unified fashion from sysctl, systat, sensorsd and + ports/sysutils/symon.
The basic idea behind this project is to implement secure and + reliable log file shipping to remote hosts. While the + implementation focuses on audit logs, the goal is to build + tools that will make it possible to perform distributed + logging for any application by using a simple API and linking + with a shared library.
Originally selected to design and implement common way to + retrieve and process data from input devices, the project + resulted in code base of a bigger and more generic project + Enhanced NewBus. The following features are introduced by + now: basic functional devices support, filter drivers and + NewBus input/output subsystem. Functional devices + (ex. demuxing, muxing, terminals) are supposed to coordinate + real devices. Each device is handled by a stack of drivers + (low-level and filters). Filter drivers are to simplify code + reuse. The NewBus input/output subsystem is designed to push + io requests through the NewBus graph.
Currently, many devices in FreeBSD's source tree use + excessively verbose methods of resource allocation and + deallocation. Numerous calls to bus_alloc_resource() or + bus_alloc_resource_any() are used to allocate resources, and + subsequently, multiple calls to bus_release_resource() are + used to free the resources after an error in allocation or + when the device is detached.
+ +Recently, however, the bus_alloc_resources() and + bus_release_resources() functions have been added. These + simple wrappers around bus_alloc_resource_any() and + bus_release_resource() both operate on the same resource + description, so that much of the repetition once needed to + allocate and free resources can be mitigated.
+ +This project is to update driver source code where necessary + using the new functions to make the code related to allocation + and deallocation simpler and clearer, while making other + refinements as needed.
This project plans to re-implement part of the GNU binutils + based on the libelf and libarchive libraries. It will bring + FreeBSD a BSD Licensed toolchain for processing ELF binary + file. First part of the project, which is scheduled to + complete within this summer, mainly concentrate on + re-implementing tools including ar(1), ranlib(1), objcopy(1), + strip(1) and composing corresponding manual pages.
A GTK+ graphical audit log + analysis tool.
+
Main purpose of this project - to write extendable (as much + as possible - C) code wrappers to provided by PXE and UNDI + APIs to support downloading of files via TCP-based protocols + in preboot environment. Goal - to introduce code, able to + download and prepare booting of FreeBSD kernel from remote + server via direct connection or http proxy.
This project aims to create a user-friendly graphical + installer for FreeBSD & FreeBSD-derived systems. The project + should yield something usable for 7.0-RELEASE, but the + intention is to keep it as a "second" installer system during + 7.x, alongside sysinstall. In any case, sysinstall will be + kept for architectures not supported by finstall (e.g. all + except i386 and amd64).
Linux KVM is a Virtual Machine Monitor, part of the Linux + kernel, that uses Intel VT-x Intel VT-x or AMD-V extensions + for x86 processors to create a full virtualization + environment. This project will consist in porting Linux KVM to + the FreeBSD kernel.
-We would also like to recognize Christopher Lindsay who was - originally selected for his BSD-licensed Text-Processing Tools - project but had to withdraw from the program this summer.
+Since Linux KVM has a structure similar to that of a device + driver (actually, it is a device driver, from many points of + view,) core kernel changes will not be required, and the final + product of this project will be an external loadable kernel + module, exporting an interface based on ioctl() calls to a + device descriptor. Part of the project will be also the + porting of the userspace client for that interface, a modified + qemu that uses KVM for host execution.
+