simple Loadable Kernel Module (LKM) in freebsd

oksss……. sick of love today, and enjoying this life. hmm look like a serius topic. LKM, a.k.a Loadable Kernel Module. hohohohho. if you are a freebsd User, or maybe Linux Users, often found something like that, loading A module, loading B module, and etc, in freebsd you can using kldload module_module. (you can find lot of freebsd kernel module in /boot/defaults/loader.conf), in Linux??? sorry, i’m forget it

okeyy…. lets start our first LKM…. have a good programmer skill, will help you lot, (i’m still newbie ). just simple LKM, when you load this module, this will give you an output “first LKM freebsd ^_^”. okeyyy, seriuss now.

when LKM is loaded or unloaded, module event handler is called. this function handles all the runtime, when you load the module, unloading the module, shutdown the module. the prototype for the event handle will look like this (you can find these line in /usr/include/sys/module.h)

typedef int (*modeventhand_t)(module_t, int /* modeventtype_t */, void *);



typedef enum modeventtype {
MOD_LOAD,
MOD_UNLOAD,
MOD_SHUTDOWN,
MOD_QUIESCE
} modeventtype_t;


confuse???? hahahahahahah, me too
next, when LKM is loaded or unloaded, it must linked with the kernel. its easy step, just calling DECLARE_MODULE macroo. (you can find these in /usr/include/sys/module.h). the header will look like this :

#define DECLARE_MODULE(name, data, sub, order) \
MODULE_METADATA(_md_##name, MDT_MODULE, &data, #name); \
SYSINIT(name##module, sub, order, module_register_init, &data) \
struct __hack


okeeyyy, lets start coding (filename is kld.c)

#include <sys/param.h>
#include <sys/module.h>
#include <sys/kernel.h>
#include <sys/systm.h>

static int load_module(struct module *m, int _c, void *arg)
{
 int error = 0;
 switch (_c)
 {
 	case MOD_LOAD:
 		uprintf("first LKM freebsd ^_^ \n");
 		break;

		case MOD_UNLOAD:
 		uprintf("unloading the frist LKM \n");
 		break;

		default:
 		error = EOPNOTSUPP;
 		break;
 }
 return(error);
}

static moduledata_t first_module =
{
 "hello_world",
 load_module,
 NULL
};

DECLARE_MODULE(hello_world, first_module, SI_SUB_DRIVERS, SI_ORDER_MIDDLE);

to compile this code, create simple Makefile file located same directory with kld.c, Makefile contain these line :

KMOD= hello_world
SRCS= kld.c
.include <bsd.kmod.mk>

just simply execute this comment make.
output will look like these :

su-2.05b# make
Warning: Object directory not changed from original /usr/home/tunky/lat/bsdkernel/lagi
@ -> /usr/src/sys
machine -> /usr/src/sys/i386/include
cc -O2 -fno-strict-aliasing -pipe -Werror -D_KERNEL -DKLD_MODULE -nostdinc -I- -I. -I@ -I@/contrib/altq -I@/../include -I/usr/include -finline-limit=8000 -fno-common -mno-align-long-strings -mpreferred-stack-boundary=2 -mno-mmx -mno-3dnow -mno-sse -mno-sse2 -ffreestanding -Wall -Wredundant-decls -Wnested-externs -Wstrict-prototypes -Wmissing-prototypes -Wpointer-arith -Winline -Wcast-qual -fformat-extensions -std=c99 -c kld.c
ld -d -warn-common -r -d -o hello_world.kld kld.o
:> export_syms
awk -f /sys/conf/kmod_syms.awk hello_world.kld export_syms | xargs -J% objcopy % hello_world.kld
ld -Bshareable -d -warn-common -o hello_world.ko hello_world.kld
objcopy --strip-debug hello_world.ko
so, how we can load these module??? just simply  kldload ./hello_world.ko. output will look like this :

su-2.05b# kldload ./hello_world.ko
first LKM freebsd ^_^
unloading the module : kldunload ./hello_world.ko
su-2.05b# kldunload ./hello_world.ko
unloading the frist LKM


hmmmmmmmmmmm, simple LKM, wanna more?? just keep ngoprek

NAT in FreeBSD with PF

sebenernya iseng iseng doang sih nyobain NAT di jaringan STT + bandwidth management di FreeBSD 6.1. Dari pada di leb ga ada kerjaan yang jelas, ya dari situlah dapet ide bikin mini tutorial ini. NAT dan bandwidth management disini menggunakan PF (packet filter). Sebelum menggunakan PF sebaiknya kompile kernel anda terlebih dahulu. Caranya dapet dilihat di tutorial sebelumnya. Lengkap kok. skema jaringan bisa di liat di gambar.

seperti yang terlihat di gambar, terdapat BSD nat Machine yang berfungsi sebagai gateway untuk jaringan 192.168.0.0/24. terdapat 2 buah interface di BSD nat Machine, yaitu rl0 dan xl0. rl0 adalah interface ke jaringan luar, sedang xl0 adalah untuk jaringan private. IP address untuk interface rl0 adalah 10.14.3.7, sedang interface untuk xl0 adalah 192.168.0.1. Nah yang menjadi masalah sekarang, bagaimana cara client di jaringan 192.168.0.0/24 bisa mengakses jaringan internal STT ???? salah satu caranya adalah dengan menggunakan mekanisme NAT (network address translation). Untuk mekanisme NAT, silakan baca dokumen-dokumen di internet.

konfigurasi BSD nat Machine adalah sebagai berikut :

1. pastikan dahulu ip forwarding telah di set 1. Caranya, buka file /etc/sysctl.conf, kemudian tambahkan baris berikut net.inet.ip.forwarding=1

2. setting IP address untuk kedua interface tersebut, caranya bisa pake ifconfig ato edit file /etc/rc.conf, kemudian tambahkan baris berikut :
ifconfig_rl0=”inet 10.14.3.7 netmask 255.255.255.0″
ifconfig_xl0=”inet 192.168.0.1 netmask 255.255.255.0″
defaultrouter=”10.14.3.1″
3. saat yang paling mengasyikan, yaitu setting nat dengan pf.Ini adalah konfigurasi nat dan bandwidth managementnya ( file /etc/pf.conf):

ext_if=”rl0″ #variable external interface
ext_addr=”10.14.3.7/32″ #IP address untuk ext_if
priv_addr=”192.168.0.0/24″ #subnet untuk private address

#antispoof for $ext_addr

set loginterface $ext_if #digunakan untuk mengumpulkan informasi pada interface rl0
set optimization aggressive #firewall akan menggunakan memory dan CPU time yang lebih sedikit. (llengkapnya baca manual PF)
scrub in on $ext_if all fragment reassemble (packet normalization)

altq on $ext_if priq bandwidth 10Mb queue {dns,ssh,www,chatting,other} ()
queue dns priority 14 priq(red)
queue ssh priority 13 priq(red)
queue www priority 12 priq(red)
queue chatting priority 11 priq(red)
queue other priority 1 priq(default)
#queue test_b priority 10

nat on $ext_if proto {tcp, udp, icmp} from $priv_addr to any -> $ext_addr

#pass in on xl0 all
block drop all
pass in on xl0 proto {tcp, udp, icmp} all
pass out on xl0 proto {tcp, udp,icmp} all
pass in on $ext_if proto udp from any to any port 53 keep state queue dns

pass out on $ext_if proto {tcp,udp} from any to any port 53 keep state queue dns
pass out on $ext_if proto tcp from any to any port { 80, 443 } keep state queue www
pass out on $ext_if proto tcp from any to any port {6666, 6667, 6668} keep state queue chatting
pass in on $ext_if proto tcp from any to any port 22 keep state queue ssh

penjelasan :
altq on $ext_if priq bandwidth 10Mb queue {dns,ssh,www,chatting,other} ()
queue dns priority 14 priq(red)
queue ssh priority 13 priq(red)
queue www priority 12 priq(red)
queue chatting priority 11 priq(red)
queue other priority 1 priq(default)
#queue test_b priority 10

syntax diatas menjelaskan tentang bandwidth management dengan menggunakan priq. sebenarnya ada beberapa algoritma queue management di FreeBSD, diantaranya CBQ(class-Based Queue), priq(priority), HFSC (Hierarchial Fair Service Curve). disini saya hanya menjelaskan menggunakan algoritma priq(priority queuing). Priority Queuing merupakan algoritma yang paling sederhana ketimbang CBQ maupun HFSC. Mekanismenya adalah sebagai berikut, kita memiliki alokasi bandwidth sebesar X Mb, dengan bandwidth sebesar X tsb, kita ingin membagi-bagi bandwidth tsb menjadi beberapa alokasi, misalkan untuk koneksi ssh, www, mail, chatting, dll. Nah, cara kerja PRIQ adalah dengan prioritas. Contohnya gini, koneksi ssh lebih penting daripada koneksi www, dan koneksi www lebih penting ketimbang koneksi mail. Intinya disini adalah prioritas koneksi (dapat dilihat di skrip diatas). suatu koneksi dengan prioritas yang lebih besar memiliki prioritas koneksi yang lebih tinggi pula. nilai priority mulai dari 0-14. semakin tinggi nilai priority-nya, semakin tinggi pula kemungkinan alokasi bandwidth untuk koneksi tersebut. Dari syntax firewall diatas dapat dilihat bahwa koneksi DNS memiliki prioritas paling tinggi, sedang koneksi other memiliki prioritas bandwidth paling rendah. Nah setelah kita bikin bandwidth managementnya, tinggal kita panggil aja lewat script dibawah ini:
pass out on $ext_if proto {tcp,udp} from any to any port 53 keep state queue dns
pass out on $ext_if proto tcp from any to any port { 80, 443 } keep state queue www
pass out on $ext_if proto tcp from any to any port {6666, 6667, 6668} keep state queue chatting
pass in on $ext_if proto tcp from any to any port 22 keep state queue ssh

yang ditulis tebal diatas, digunakan untuk memanggil queue yang telah dibuat.

setelah membuat bandwidth management, maka tinggal kita bikin NAT nya. untuk penjelasan NAT, silakan baca manuual di internet. settingnya gini :

nat on $ext_if proto {tcp, udp, icmp} from $priv_addr to any -> $ext_addr

dari syntax diatas, dapat diartikan bahwa semua koneksi yang lewat interface $ext_if (rl0) yang berasal dari $priv_addr(192.168.0.0/24) yang menuju ke any (bisa ke semua tujuan), akan diubah menjadi 10.14.3.7 . Gampangnya, ketika suatu host A yg memiliki IP address 192.168.0.23 yang mengakses misalkan tele.stttelkom.ac.id, maka, di tele.stttelkom.ac.id akan mengenali host A memiliki IP address 10.14.3.7. begitu prinsip NAT.

Untuk skrip yang dibawahnya, saya rasa anda sudah mengerti maksudnya. nah untuk menjalankan firewall tsb jalankan perintah berikut (jangan lupa, setiap kali menjalankan script baru flush dulu firewall nya):

• pfctl -F all (untuk nge flush firewall)
• pfctl -f /etc/pf.conf

setelah firewall nya jalan, anda dapat melihat settingan yang sedang berjalan, caranya adalah :

• pfctl -s all |more

output dari rule /etc/pf.conf adalah sebagai berikut :
TRANSLATION RULES:
nat on rl0 inet proto tcp from 192.168.0.0/24 to any -> 10.14.3.7
nat on rl0 inet proto udp from 192.168.0.0/24 to any -> 10.14.3.7
nat on rl0 inet proto icmp from 192.168.0.0/24 to any -> 10.14.3.7

FILTER RULES:
scrub in on rl0 all fragment reassemble
block drop all
pass in on xl0 proto tcp all
pass in on xl0 proto udp all
pass in on xl0 proto icmp all
pass out on xl0 proto tcp all
pass out on xl0 proto udp all
pass out on xl0 proto icmp all
pass in on rl0 proto udp from any to any port = domain keep state queue dns
pass out on rl0 proto tcp from any to any port = domain keep state queue dns
pass out on rl0 proto udp from any to any port = domain keep state queue dns
pass out on rl0 proto tcp from any to any port = http keep state queue www
pass out on rl0 proto tcp from any to any port = https keep state queue www
pass out on rl0 proto tcp from any to any port = 6666 keep state queue chatting
pass out on rl0 proto tcp from any to any port = ircd keep state queue chatting
pass out on rl0 proto tcp from any to any port = 6668 keep state queue chatting
pass in on rl0 proto tcp from any to any port = ssh keep state queue ssh

ALTQ:
queue dns priority 14 priq( red )
queue ssh priority 13 priq( red )
queue www priority 12 priq( red )
queue chatting priority 11 priq( red )
queue other priq( default )

STATES:
self tcp 10.14.3.7:22 <- 10.14.5.3:45374 ESTABLISHED:ESTABLISHED
self tcp 192.168.0.3:56849 -> 10.14.3.7:60543 -> 10.14.200.231:6667 ESTABLISHED:ESTABLISHED

sebenernya outputnya banyak banget sihh, tapi saya coba mengambil yang penting penting aja.

mungkin cukup sekian dulu sedikit informasi mengenai PF dan bandwidth dengan PF. thanks to temon yang udah banyak ngajarin saya……….

semoga bermanfaat buat temen temen semua

NB : skema jaringannya :

php-GD enabled in FreeBSD

hohohoho…………………….. i finally found how to solve error in GD + php.Useally, when we try to install php + gd enabled, we will get some error, not error when we complie php or gd, but error in your web. like your image won’t display properly in your web.. why i wrote this article, because i’ve got experience. when i migrate my system from linux to freebsd, because the HD error T_T, i install php with gd. i think, it will same from the old system. but, when i finished installing php+ gd, iv got the problem. jpeg or jpg image wont display properly. my expericence is, when i try to upload a jpeg or jpg image, i ve got some error, altough the web is normal, work properly. jpeg or jpg image thumbnail view  wont displayed. damn!!!!!!! i’ve install gd from the freebsd ports and compile php from source manually. hooooooooooo, then my partner check the php info. shit!!!! jpeg not enabled in php……waaaaaaaaaaaaaaaa.. what happen????    my friend told me, gd in freebsd still got some error. beuuuuuu….. ive try many times with different options in php, but still got same problem, jpeg/jpg image wont display properly. T_T…………. i finally realize i must install libpng + libjpeg manually, not from the bsd ports….. ckckcckkcckckk, just waste my time (almost 2 monhts, ive got this problem T_T). hmmmm. i must solve it!!!!! then, i remember, my students mirror still up ^_^. i try to install libjpeg and libpng manualy and gd from ports. first still error, those packets got error when i compile it. and the second. hoohohoho it works (my friend said that)….. almost 8 hours with my daemon ^_^ just to enabling GD in php in freebsd. but how i solve it??????

hmmmm……………… frist you should fetch it manually thoose packets (i install thoose packets in freebsd fresh install ^_^), here there are :

libxml2-2.6.22.tar.gz
zlib-1.2.3.tar.gz
libpng-1.2.9.tar.gz
jpegsrc.v6b.tar.gz

after you fetched it follow this steps :
1. you should install mysql first, if you plan your web using databases
cd /usr/ports/databases/mysql-server/
make WITH_LINUXTHREADS=yes install clean (and so on….. i wont explain in         here)
2.install httpd. im using httpd-2.x.x…….. just up to you (using httpd-2.x.x                 versions). i think you know how to install httpd apache server from source. i’ve         explained it before
3. install your libxml2 first
tar xzvf libxml2-2.6.22.tar.gz
cd libxml2-2.6.22
./configure
make
make install
4. install your zlib.
    tar xzvf zlib-1.2.3.tar.gz
cd zlib-1.2.3
./configure
make
make install
make clean
5. libpng
tar xzvf libpng-1.2.9.tar.gz
cd libpng-1.2.9
cp scripts/makefile.std makefile
edit your makefile, find “prefix= ………..” (i dont remember it), change it to
prefix=/usr/local/libpng2
make
mkdir /usr/local/libpng2
make install
make clean
6. install your jpeg library.
tar -zxvf jpegsrc.v6b.tar.gz
cd jpeg-6b
./configure –prefix=/usr/local/jpeg6 –enable-shared
make
mkdir /usr/local/jpeg6
mkdir /usr/local/jpeg6/include
mkdir /usr/local/jpeg6/lib
mkdir /usr/local/jpeg6/bin
mkdir /usr/local/jpeg6/man
mkdir /usr/local/jpeg6/man/man1
make install-lib
make install
make clean   
7.    install GD
cd /usr/ports/graphics/gd
make install clean

huhhhhh……… finished installing library GD support.. then, finally install your php.
just follow this steps..
tar xzvf php-5.x.x.tar.gz
cd php-5.x.x
./configure –prefix=/usr/local/httpd/php –with-gd –with-apxs2=/usr/local/httpd/bin/apxs –with-xml –with-mysql –with-zlib –with-jpeg-dir=/usr/local/jpeg6 –with-png-dir=/usr/local/libpng2 –disable-debug –enable-trans-sid –enable-sockets –enable-memory-limit (one line of course, i assume that you install your httpd apache server in /usr/local/httpd, and php in /usr/local/httpd/php)
make
make install
then copy your php.ini in /usr/local/httpd/php/lib/

next step just adding “AddType application/x-httpd-php .php” in your httpd.conf….

just wait and see the difference……….. i check my web, hmmmm looks fine. then i asked my partner (web programer), “did the GD still error????” my partner told me “hoho, thats worksss”………….huaaahhhhhahahaha finally finish it !!!!!!!

hmmmmm……… just share my experience with the daemon ^_^ thanks to allDelta for the team works ^_^. solved one problem, another problem still wait. like Indonesian peole said, “derita tiada akhir” hahahahahhaahha.. just kidding. hope it will help you too…………

thanks

tunk

troubleshouting error in PF firewall

 

moga aja pada ga bosen kalo artikelnya tentang PF lagi. ini sebenernya cuman mo nambahin aja. Tenang aja, gw disini ga akan bahas gimana cara bikin rule firewall, seting parameter PF, ato NAT+RDR de-el-el.
tadi pagi, sekitar jam 3 pagi-an, gw setting PF lagi…….. hmmmmmmmmm tapi lagi lagi error lagi lagi error, padahal sintaks nya udah bener……. duh, gimana ini???? gw liat di settingan pf.conf default bawaan dari *BSD, ga banyak membantu. ternyata dalam PF, ada aturan-aturan yang harus kita patuhi ketika kita bikin firewall. waaaaaaaaaaaa, apa aja itu????

gini aturannya

#1. set variable
#2. options rule
#3. scrub rules
#4. nat,rdr,binat
#5. rules, block pass, antispoof
kalo ga match ma urutan itu, ga bakalan jalan.

ini contohnya (di /etc/pf.conf)
###################aturan 1, set variable#############
if=”rl0″
dns=”{10.14.203.7,202.154.1.2,202.134.0.155,202.134.2.5}”
ga_penting= “{137,138,139,81}”
#voip=”{5060, 4569, 5036, 9999 >< 20001, 2727}”
irc=”{6666,6667,6668}”
ob_state = “flags S/SA keep state”
ib_state = “flags S/SA keep state”
################end set variable####################

##############aturan 2, options rule###################
set block-policy drop
set state-policy if-bound

set loginterface $if
set fingerprints “/etc/pf.os”
##############end options rule######################

#######aturan 3, scrub rules##########################
scrub in on $if all random-id
scrub reassemble tcp
############ end scrub rules #######################

################ aturan 4 nat rules#################
nat on fxp0 proto {tcp,udp,icmp} from 10.14.x.x to any -> 21.1.3.5
##############end aturan 4 nat rules#################
########silakan baca tutorial sebelumnya tentang NAT#########

###############aturan 5, antispoof, block, pass rules########
antispoof for $if
pass quick on lo0 all
pass out quick on $if proto tcp from any to $dns port 53 $ob_state
pass out quick on $if proto udp from any to $dns port 53 keep state
#####dan seterusmnya, silakan baca di artikel sebelumnya#########
############end aturan 5, antispoof, block,pass, rules#########

heheee, tinggal di save, trus jalanin aja pake pfctl -f /etc/pf.conf, and gotcha!!!!!!!!!!!!!!!!!!!!!!!!! jalan

semoga pengalaman gw bermain main dengan PF bisa berguna bagi temen temen semua. oh iya, rule nya enggak lengkap, udah ada di artikel sebelumnya (males nulisnya lagi). tinggal baca aja di artikel sebelumnya.

hehehe……………. sekian dan tingkyuuu dah baca artikel gw