Tim's IT-Blog

Just a blog about IT and IT-Problems…

A deeper view of SonicWALL kernel on NSA-Series (5.8.x)

by admin on 19/06/2013

Sonicwall NSA works in my option on VxWorks Operation System (Wind River Systems, Inc) based on Linux Kernel 2.6.x. Additional they use ZebOS for Layer2/3.

The following informations are extract from an NSA 4500 running on Firmware

Informations from traceLog_xxxx.wri (see diag.html):

All Files:
file: /ata0/log3.dat, time: Jun 12 15:04:4
Firmware Version: SonicOS Enhanced
Directory: /depot-155518-18/Octeon/5.8.1/m2/target/oct_mips64/sw_octeon4500-cp-base
Build Time: Nov 20 2012, 16:42:20
Uname: Linux sjc0bld44.eng.sonicwall.com 2.6.18-274.3.1.el5 #1 SMP Tue Sep 6 20:14:03 EDT 2011 i686 athlon i38

Informations on booting a SonicWALL (over serial):

U-boot (Production build) (Build time: May 11 2009 – 19:40:30)

OCTEON ASH-4 CN5840-SCP pass 1.1, Core clock: 550 MHz, DDR clock: 266 MHz (532 Mhz data rate)
DRAM:  512 MB
Flash: 16 MB ( Bank 0: 16 MB Bank 1:  0 kB )
Uncompressed 0x1a38c0 bytes
ELF file is 32 bit
Allocating memory for ELF: Base addr, 0x2000000, size: 0xe000000
Loading .text @ 0x82008000 (1530304 bytes)
Loading .data @ 0x8217e000 (177376 bytes)
Loading .cvmx_shared @ 0x821a94e0 (424 bytes)
Clearing .bss @ 0x821a9700 (1199728 bytes)
## Loading ELF image with entry point: 0x82008000 …
Bootloader: Done loading app on coremask: 0x1

dosChkLib : CLOCK_REALTIME is being reset to FRI JUN 14 10:24:16 2013
Value obtained from file system volume descriptor pointer: 0x8236c010
The old setting was THU JAN 01 00:00:00 1970
Accepted system dates are greater than THU DEC 27 00:00:00 1990

/ata0//  – Volume is OK
Loading system information…
Reading system info from flash…
Host Name: bootHost
Target Name: vxTarget
User: target
Attaching interface lo0… done
flashStartup: no LAN bypass support.
Loading firmware…

ELF file is 32 bit
Re-using existing memory for ELF: Base addr, 0x2000000, size: 0xe000000
Loading .text @ 0x82008000 (16150976 bytes)
Loading .data @ 0x82f70000 (1487536 bytes)
Loading .cvmx_shared @ 0x830db2b0 (424 bytes)
Clearing .bss @ 0x830db480 (16997600 bytes)
## Loading ELF image with entry point: 0x82008000 …
Bootloader: Done loading app on coremask: 0x1
USB2 Host Stack Initialized.
USB Hub Driver Initialized
USBD  Wind River Systems, Inc. 562 Initialized
Host Name: bootHost
Target Name: vxTarget
User: target
Attaching interface lo0… done
Starting SonicSetup Watchdog
Starting real-time clock
Initializing clock
Tuning clock and timezone

Memory Setup Info:
Init memory pool start: 0x84111160 (2215711072)
Init memory pool end:   0x88000000 (2281701376)
ISR stack start: 0x84111160 (2215711072)
ISR stack size:  0x00001388 (      5000)
OS memory pool start: 0x841124e8 (2215716072)
OS memory pool size:  0x03ee07c8 (  65931208)
tRootTask exception stack start:  0x87ff2cb0 (2281647280)
tRootTask exception stack size:   0x00001000 (      4096)
tRootTask stack start:  0x87ff3cb0 (2281651376)
tRootTask stack size:   0x0000c350 (     50000)
OS memory pool info:
section 0 start:  0x841124f0, size: 0x03ee07c0 (  65931200)
section 1 start:  0x88000000, size: 0x07ef0000 ( 133103616)
section 2 start:  0xc0000000, size: 0x0fffff00 ( 268435200)
section 3 start:  0x01140000, size: 0x00ec0000 (  15466496)

Initializing Memory Zones
Initializing Buffer Zones
Initializing Common Zones
Starting LCD controller
Initializing Semaphores
Initializing read-write locks
Initializing System Monitor
Initializing trace call history
Initializing Flash
Writing Trace Log to Flash
Clearing Trace Log
*** warmboot ***
Adjusting SonicSetup Watchdog if necessary for large prefs
Initialize FDR log
Initializing Ramdisk
Installing date/time hook
Creating File System
Initializing CFS
Constructing HTTPS Server dependencies
Setting NTP parameters
Enabling ARP table support
Initializing core IP packet handler
Initializing memory buffer driver
Initializing Branding
Initializing parameters table
Interfaces Group init-stage 1
Starting Routing engine
Initializing action table search tree
Allocating IPSec SA space
Starting Bandwidth Management scheduler
Starting Global Bandwidth Management
Initializing Policy lookup table
Initializing NAT Policy structure
Building DHCP Network Objects
Starting network monitor module
Starting the NAT module
Starting common gateway interface handler
Starting the system timer
Starting random number generator
Initalizing IPSec handle
Allocating DHCP server lease ranges
Initializing Memory for Application Firewall Config Objects
Building IPS Config Objects
Building AppControl Config Objects
Building AntiSpyware Config Objects
Initializing multiple interfaces handler
Initializing MAC-IP Anti-Spoofing
Initializing flow reporting
Initializing Ip Helper
Starting capture Buffer
Initializing QoS Mapping module
Starting dynamic routing
Initializing Support Services
Initializing backend dynamic update support
Initializing users
Pre-Initializing LDAP client
Pre-initializing Terminal Services support for SSO
1st zebos init
Set default packet capture settings
Initializing Memory for CFS
Validating FLASH parameters
Initializing preference export memory buffer devices
Starting IPH compatibility flags
Initializing proper connection count
Adjust memory partitions
Starting synflood protection
Complete Network Object initialization
Setting Time Zone and updating Daylight savings time
Initializing ARP table
EHCI Controller found.
Waiting to attach to USBD…Done.
Reading Network Interface configurations
Updating global BWM data
Listen to BSP Interface State events
Initialize ACTIVE WAN
Starting firewall logger
Starting Stateful Packet Inspection engine
Determining High Availability state
Initializing Active/Active UTM
Initializing Ethernet links
Generating system ARP
Generating dynamic Address Objects
2nd zebos init
Build routing table
Initializing IP Helper
Starting capture Buffer during startup
Initializing SQLite
Starting SwFlow during startup
Starting GeoIP
Initial GUI Interface Statistics Counters
Initializing DNS Rebind Detection
Building NAT tables
Generating gratuitous ARP for NAT
Generating gratuitous ARP for Transparent Mode IPs
Starting registration services
Starting DNS client
Starting DNS client
Initializing syslog client
Starting DNS request task
Starting DAO manager
Log initializations dependent on preferences
Starting RBL driver
Starting licensing services
Initializing connection cache
Activating Ethernet hooks
Initializing HTTP Server
Starting user authentication routines
Starting Zone Policy manager
Initializing Viewpoint reporting
Initializing PPP timers
Initializing L2TP client system
Initializing L2TP Server
Initializing PPTP system
Starting DHCP client
Initializing Acceptable Use Policies
Starting NTP client
Starting IP fragmentation/reassembly handlers
Starting IPSec engine
Initializing HTTPS Server
Initializing web proxy support
Initializing diagnostic admin tools
Reading Qos Conversion Configuration
Starting H323 handlers
Starting SIP handlers
Initializing RADIUS client
Initializing LDAP client
Initializing SSO Authentication
Initializing Terminal Services support for SSO
Initializing PPPoE support
Preparing auto-configurator
Starting DHCP server
Initializing DHCP relay over VPN
Starting IGMP Mcast
Initializing Deep Packet Inspection framework
Pre-init Client AV
Initializing Distributed Enforcement Architecture
Building CFS rating database
Set CFS version
Apply BWM Settings for Application Firewall policy
Starting Auto-Update timers
SNMP Initialization
Verifying management policy rules
Initializing High Availability routines
Initializing state sync
Initializing Content Filtering Services
Initializing webSense monitor services
Initializing SSL Control Service
Starting SSL Inspection Engine
Starting Auto-Update timers
Complete One Touch Overrides
Starting hardware watchdog
Firmware Version: SonicOS Enhanced
Directory: /depot-155518-18/Octeon/5.8.1/m2/target/oct_mips64/sw_octeon4500-cp-base
Initializing FIPS mode
WAN Load Balancing module started
Update Interfaces Groups from prefs
Initializing for TSR generation
Initializing SDP and SSPP (discovery and provision protocol)
Initializing Wireless Zone Module
Initializing Guest Services
Starting Bandwidth Optimization engine
Initializing Flash Dynamic Update
Verifying transaction groups
Protecting prefs
Start processing Interface State Changes
Initializing Reboot Notifier
Check for Diag Restart Requests
Check for Periodic Gratuitous ARP Requests
Checking for Enhanced Upgrade
Initializing ARS
Initializing VPN route monitor
Initializing SSH Service
Initializing CLI interface
Log Firewall activated
Remote Backup Initialization
If configured, send SNMP Cold Start Trap
Starting Hot Swap Controllers
If configured, send IPSEC Trap for Manual SAs
Starting Anti-Spam Service
Starting Subsystem Detection
Initializing SSLVPN Server
sslvpn sslvpnCustomerizedLogo:/VirtualOffice.gif!
Added 1539 oui to vendor mappings
Add an entry to the firmware history

Product Model:    NSA 4500
Product Code:     61xx
Firmware Version: SonicOS Enhanced
Serial Number:    0017xxxxxxxx
X0 IP Addresses:  x.x.x.x

Here some information of a DELL SonicWALL Job offer:

Dell SonicWALL Linux Kernel Software Dev Sr. Engineer San Jose, CA

Responsibilities:- Linux kernel hardening
– Software design at BSP or kernel level
– Design and porting device drivers
– Understand functionality of the system to provide better hardware abstraction layer
– Communicate with Hardware team during board bring-up phase
– Document design details, collaborate with team members during design and review phase

– Knowledge of Linux kernel programming
– Knowledge of kernel details, design in multitasking environment, synchronization objects, etc
– Knowledge of generic CPU architecture and infrastructure: core, peripherals, etc. MIPS experience is plus.
– Prior experience in software design for multi-core/multi-blade systems is big plus
– Knowledge of C, GNU tools, Make, generic source control systems
– Knowledge of scripting language such as bash, Perl, python, is a plus
– Basic knowledge of networking protocols: TCP/IP
– Knowledge/experience of the vxWorks is big plus

Job Requisition Number: 12000XF8