Subject: Re: m0n0wall on NetBSD for SoC?
To: Christian Hattemer <c.hattemer@arcor.de>
From: David Young <dyoung@pobox.com>
List: tech-embed
Date: 04/19/2006 15:33:47
On Wed, Apr 19, 2006 at 07:41:10PM +0200, Christian Hattemer wrote:
> Hi,
> 
> I recently stumbled on m0n0wall (http://www.m0n0.ch/wall/) when I wanted to
> build a DSL router for my parents. However the project was aborted because
> it turned out to be more expensive than the current solution.
> 
> But m0n0wall looked nice and I wondered whether it would be possible to do
> the same with NetBSD. Well, that question should quite certainly be
> answered with "yes", but does it make sense?

Last I checked, m0n0wall was heavyweight (i.e., not very suitable for
embedded systems), owing (I believe) to its using PHP.  It was distributed
as a monolithic tarball instead of as a build-from-source type system
(so it is not very portable).  Also, owing to its using PHP, there is
not a great separation between the web presentation and logic.

IMO, NetBSD is in need of some embeddable web technology for
router/firewall UIs.  To the best of my knowledge, the best C-language
library for embedded web stuff is ClearSilver, but I find its native <?cs
?cs> markup deficient.  I would like to see ClearSilver extended to work
with Template Attribute Language (TAL) instead of the native <?cs cs?>
interpolation strings, since this eases cooperation between programmers
and designers.  Many of the elements of an embeddable ClearSilver+TAL
solution exist in the form of expat, scew, clearsilver (of course), and
the TAL spec.  (ISTR all but scew is under BSD license, which is a plus.)

Something else that NetBSD is missing is a configuration manager that
can speak with SNMP/CLI/Web clients and call the right userland utils
or ioctls to change a router's operating state.  For high availability,
it needs to have some kind of automatic rollback facility, so that if
you're configuring some router that's halfway around the world (or up
on somebody's roof...), you cannot lose control of the system.

Anyway, I can work with you to develop specs for either TAL extensions
to ClearSilver, or a configuration manager.

Dave

-- 
David Young             OJC Technologies
dyoung@ojctech.com      Urbana, IL * (217) 278-3933