Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
NetBSD/sys/rump
History
riastradh 8e07b51739 Switch from NIST CTR_DRBG with AES to NIST Hash_DRBG with SHA-256. 
Benefits:

- larger seeds -- a 128-bit key alone is not enough for `128-bit security'
- better resistance to timing side channels than AES
- a better-understood security story (https://eprint.iacr.org/2018/349)
- no loss in compliance with US government standards that nobody ever
  got fired for choosing, at least in the US-dominated western world
- no dirty endianness tricks
- self-tests

Drawbacks:

- performance hit: throughput is reduced to about 1/3 in naive measurements
  => possible to mitigate by using hardware SHA-256 instructions
  => all you really need is 32 bytes to seed a userland PRNG anyway
  => if we just used ChaCha this would go away...

XXX pullup-7
XXX pullup-8
XXX pullup-9
 		2019-09-02 20:09:29 +00:00
..
dev Merge isaki-audio2 branch, the overhaul of audio subsystem. 2019-05-08 13:40:13 +00:00
fs Cleanup modules "solaris" and "zfs": 2019-05-07 08:51:09 +00:00
include Regen. 2019-06-03 06:05:39 +00:00
kern Switch from NIST CTR_DRBG with AES to NIST Hash_DRBG with SHA-256. 2019-09-02 20:09:29 +00:00
librump Switch from NIST CTR_DRBG with AES to NIST Hash_DRBG with SHA-256. 2019-09-02 20:09:29 +00:00
net NPF improvements: 2019-07-23 00:52:01 +00:00
share Remove Pp without effect. 2019-03-08 08:24:41 +00:00
Makefile
Makefile.rump
README.compileopts
README.dirs
TODO
ldscript.rump
ldscript_sun.rump
linksyms_sun.c
listsrcdirs npfctl needs externalbsd/libnv. 2019-02-17 23:50:53 +00:00
makerumpsyscalls.sh
rump.sysmap
sunldgen.sh

README.dirs 

	$NetBSD: README.dirs,v 1.12 2013/01/08 13:12:26 pooka Exp $


The following is a quick rundown of the current directory structure.
First, components in the kernel namespace, i.e. compiled with -D_KERNEL

sys/rump/librump - rump kernel base and factions
  /rumpkern	- kernel core, e.g. syscall, interrupt and lock support

  /rumpdev	- device support, e.g. autoconf subsystem
  /rumpnet	- networking support and sockets layer
  /rumpvfs	- file system support

sys/rump/include
  /machine - used for architectures where the rump kernel ABI is not yet the
	     same as the kernel module ABI.  will eventually disappear
	     completely
  /rump    - kernel headers installed to userspace

sys/rump/dev - device components, e.g. audio, raidframe, usb drivers

sys/rump/fs - file system components
  /lib/lib${fs}  - kernel file system code

sys/rump/net - networking components
  /lib/libnet	  - subroutines from sys/net, e.g. route and if_ethersubr
  /lib/libnetinet - TCP/IP
  /lib/libvirtif  - a virtual interface which uses host tap(4) to shovel
		    packets.  This is used by netinet and if_ethersubr.
  /lib/libshmif   - a virtual interface which uses a memory mapped file
		    as an ethernet bus.  works completely unprivileged.
  /lib/libsockin  - implements PF_INET using host kernel sockets.  This is
		    mutually exclusive with net, netinet and virtif.



The rest are out-of-kernel components (i.e. no -D_KERNEL).

hypercall interface:
src/lib/librumpuser
  The "rumpuser" hypercall interfaces are used by a rump kernel to
  access host resources.

remote client interface:
src/lib/librumpclient
  The rumpclient library provides remote access to rump kernel servers.

system call hijacking:
src/lib/librumphijack
  The rumphijack library allows intercepting system calls and redirecting
  them to a rump kernel server instead of the host kernel.  In other
  words, it allows existing binaries to request indicated services from
  a rump kernel instead of from the host kernel.

Users:
src/lib
  /libp2k  - puffs-to-vfs adaption layer, userspace namespace
  /libukfs - user kernel file system, a library to access file system
	     images (or devices) directly in userspace without going
	     through a system call and puffs.  It provides a slightly
	     higher interface than syscalls.

src/usr.sbin/puffs
  rump_$fs - userspace file system daemons using the kernel fs code

src/share/examples/rump
  Various examples detailing use of rump kernels in different scenarios.
  These are provided source-only.