You are not logged in. Please login or register.
Please post questions or comments you have about wolfSSL products here. It is helpful to be as descriptive as possible when asking your questions.
ReferenceswolfSSL - Embedded SSL Library → wolfSSL → Port Wolfsentry to the Nuttx
hello,
Recently, I discovered the Wolfsentry project and I am extremely excited about it. I would like to try porting it to run on the Nuttx system. I noticed in the project description that it is possible to port Wolfsentry to Nuttx, but currently, I have no idea where to start, and I haven't found any relevant information. Could you please guide me on how to proceed? I would be immensely grateful for your assistance.
Hi @lemonicesprite!
The first thing to do is git clone the wolfSentry repository (https://github.com/wolfSSL/wolfsentry), then "make test" on a Linux or similar host, to start learning your way around.
And you've picked a good time to kick the tires -- we've just merged detailed documentation for the configuration JSON syntax.
The port to NuttX should be super-easy, because NuttX has POSIX implementations for all of the intrinsics that wolfSentry depends on. In particular it has pthreads and semaphore APIs that cover everything needed, so on first look I think you should be able to do a straight POSIX build of the library.
And that's something to point out early -- wolfSentry is a library that your application calls into. So your initial goal is just to pass the right values to make for the cross compilation, to get the library to build. Have a look at the "ifdef RUNTIME" section of the Makefile, and the freertos-arm32-build-test recipe in Makefile.analyzers, to see some setup examples.
The only substantive obstacle I see is that NuttX uses the uIP stack, and we currently only have lwIP stack integration ready to go. So that integration work would be needed, to get full functionality. You can have a look at lwip/LWIP_PACKET_FILTER_API.patch to get a sense of the changes needed for full integration. If uIP already has hooks in it for packet filtering, it will be fairly easy to port to it, but if not, it will be hard like lwIP.
Hi @douzzer!
I encountered a little problem in the "wolfSentry lwIP Echo Test"(https://www.wolfssl.com/documentation/manuals/wolfsentry/chapter04.html#wolfsentry-lwip-echo-test) experiment under docker according to the wolfSentry Examples guide document.
In my test, none of the nodes worked as expected. Each node was able to communicate with the server without any issues, instead of being rejected as described in the manual, where 'Tester 1 will be rejected for the TCP connection and tester 3 will be rejected for MAC address'
Here are my operation steps:
1.git clone https://github.com/wolfSSL/wolfsentry.git
2.cd wolfsentry/examples/Linux-LWIP/
3.sudo docker-compose -f docker-compose.yml up --build -d
4.sudo docker-compose -f docker-compose.yml logs -f
I noticed that when I tracked the logs of the echo server, there were some logs that didn't look normal:
Attaching to linux-lwip_tester3_1, linux-lwip_echoserver_1, linux-lwip_tester2_1, linux-lwip_tester1_1
echoserver_1 | json_feed failed at offset 844, line 37, col 1, with code -23 (Configuration contains an invalid key), src 8 (json/load_config.c), line 523
echoserver_1 | error while loading wolfSentry config filejson_feed failed at offset 844, line 37, col 1, with code -23 (Configuration contains an invalid key), src 8 (json/load_config.c), line 523
echoserver_1 | error while loading wolfSentry config filejson_feed failed at offset 844, line 37, col 1, with code -23 (Configuration contains an invalid key), src 8 (json/load_config.c), line 523
echoserver_1 | error while loading wolfSentry config filejson_feed failed at offset 844, line 37, col 1, with code -23 (Configuration contains an invalid key), src 8 (json/load_config.c), line 523
echoserver_1 | error while loading wolfSentry config filejson_feed failed at offset 844, line 37, col 1, with code -23 (Configuration contains an invalid key), src 8 (json/load_config.c), line 523
echoserver_1 | error while loading wolfSentry config filejson_feed failed at offset 844, line 37, col 1, with code -23 (Configuration contains an invalid key), src 8 (json/load_config.c), line 523
echoserver_1 | error while loading wolfSentry config fileMAC Sentry action returned code 0 (OK, operation succeeded), src 4 (routes.c), line 1848
Oh dear, yes that example is a sticky wicket. The config file that failed out on you (`examples/Linux-LWIP/echo-config.json`) hasn't been updated in well over a year, and has a couple clauses in it that were deprecated in release v0.6.0-preview-6. I'm fixing that config file for the next release, at least.
I believe the only changes that are absolutely needed, btw, are changing `"default-policy-static"` to `"default-policy"`, and similarly `"default-event-static"` to `"default-event"`, in the `"default-policies"` section.
But even if you get it to load successfully, it won't quite work right, because the demo is just using libpcap to generate the raw input packets to lwIP. This allows you to exercise and explore the traffic evaluation dynamics of wolfSentry, which is particularly useful with `WOLFSENTRY_DEBUG_LWIP` and/or `DEBUG_ROUTE_LOOKUP` defined in the build.
But it doesn't allow actual filtration, because libpcap is just tapping the packet flow, not intercepting it. The Linux kernel (and its in-tree IP stack) still receives the traffic unfiltered. Worse yet, it still generates the regular replies to it, like ICMP echo reply and TCP unreachable-reset. With wolfSentry configured to generate its own replies, the client sees double replies. E.g. "DUP" ping replies. And in fact, lwIP and Linux can disagree on what to do, e.g. lwIP accepting a connection, but Linux resetting it. It's a mess.
We should probably remove this (2 year old) example because of these glitches, but it has proven useful for internal development+testing at least.
In `examples-notification-demo` there's an example that actually works right as-is, though it doesn't demo the lwIP integration.
Some time soon we'll be adding an updated turnkey lwIP-RTOS example, but for now you could do worse than just review the new documentation in `doc/freertos-lwip-app.md`.
wolfSSL - Embedded SSL Library → wolfSSL → Port Wolfsentry to the Nuttx
Powered by PunBB, supported by Informer Technologies, Inc.
Generated in 0.017 seconds (91% PHP - 9% DB) with 9 queries