porting of dladm

dan_partelly dan_partelly at rdsor.ro
Fri Nov 20 15:18:48 UTC 2015 

 As I am not that good to decide if that is a good approach or not, I
> will start porting it to freebsd and on the way figure out, what might
> be good to change to make it work in a better way.
>
>   http://illumos.org/man/1M/dladm
> 
> dladm is implemented as a client/server program, where the server runs
> in the background and handles the network interface configuration. The
> command line client sends messages to the server on what the user wants
> it to do.
> 


It is a good approach. From multiple reasons such as :

-ability to separate privileges (for ex keep config file parser in a
separate process, 
  parsers are notoriously troublesome components.
- ability to run clients in capabilities modes. 
-possibility to delegate administration to other users (requires
additional fine grained permission mechanism in FreeBSD)
-server presents a central IPC point which can be called by multiple
components. Solaris uses a synchronous fast IPC 
mechanism called doors in many of their administrative daemons, at the
present time FreEBSD doesn't have a similar one,
but you can use unix domain just OK

It is my opinion that you would be well served by:

1. abstract FreeBSD specific code  libraries (not for portability reasons.
But to enable others to reuse those very important entry points easily)
2. use a transactional database model for the files where you will keep
your settings
3. look at capabilities mode in FreeBSD capsicum to implement the
protection model in clients and co-processes.
4. look at nvlist library which will apear in FreEBSD 11 to help you
design your IPC entry points
5. design with the possibility for delegated administration in mind,
although most likely you would have to add it later.
6. think to other candiates which can be assimilated in same control
daemon (or in separate, but similar ones )
   most obvious candidates: dhcp, rtsol .. in adition to ifconfig and wpa


this is the way of the future in enterprise OSes. Efforts like this are
part, or will be soon,  of the plans in 
many operating systems today. Solaris has wonderful Enterprise features.

It will not be easy to design this to fit cleanly with FreeBSD as it is
now, but it is possible. 
It is a great project, in my opinion.

More information about the freebsd-net mailing list