{"id":78,"date":"2013-06-19T20:42:42","date_gmt":"2013-06-19T18:42:42","guid":{"rendered":"https:\/\/www.timk.de\/it-blog\/?p=78"},"modified":"2013-06-19T21:16:46","modified_gmt":"2013-06-19T19:16:46","slug":"a_deeper_view_of_sonicwall_kerne","status":"publish","type":"post","link":"https:\/\/www.timk.de\/it-blog\/a_deeper_view_of_sonicwall_kerne\/","title":{"rendered":"A deeper view of SonicWALL kernel on NSA-Series (5.8.x)"},"content":{"rendered":"

Sonicwall NSA works in my option on VxWorks Operation System (Wind River Systems, Inc) based on Linux Kernel 2.6.x. Additional they use ZebOS for Layer2\/3.<\/p>\n

The following informations are extract from an NSA 4500 running on Firmware 5.8.1.9.<\/p>\n

Informations from traceLog_xxxx.wri (see diag.html):<\/p>\n

All Files:
\nfile: \/ata0\/log3.dat, time: Jun 12 15:04:4
\nFirmware Version: SonicOS Enhanced 5.8.1.9-58o
\nDirectory: \/depot-155518-18\/Octeon\/5.8.1\/m2\/target\/oct_mips64\/sw_octeon4500-cp-base
\nBuild Time: Nov 20 2012, 16:42:20
\nUname: Linux sjc0bld44.eng.sonicwall.com 2.6.18-274.3.1.el5<\/strong><\/span> #1 SMP Tue Sep 6 20:14:03 EDT 2011 i686 athlon i38
\n…<\/p><\/blockquote>\n

Informations on booting a SonicWALL (over serial):<\/p>\n

U-boot 5.0.3.3 (Production build) (Build time: May 11 2009 – 19:40:30)<\/p>\n

OCTEON ASH-4 CN5840-SCP pass 1.1, Core clock: 550 MHz, DDR clock: 266 MHz (532 Mhz data rate)
\nDRAM:\u00a0 512 MB
\nFlash: 16 MB ( Bank 0: 16 MB Bank 1:\u00a0 0 kB )
\n+
\n..
\nUncompressed 0x1a38c0 bytes
\nELF file is 32 bit
\nAllocating memory for ELF: Base addr, 0x2000000, size: 0xe000000
\nLoading .text @ 0x82008000 (1530304 bytes)
\nLoading .data @ 0x8217e000 (177376 bytes)
\nLoading .cvmx_shared @ 0x821a94e0 (424 bytes)
\nClearing .bss @ 0x821a9700 (1199728 bytes)
\n## Loading ELF image with entry point: 0x82008000 …
\nBootloader: Done loading app on coremask: 0x1<\/p>\n

dosChkLib : CLOCK_REALTIME is being reset to FRI JUN 14 10:24:16 2013
\nValue obtained from file system volume descriptor pointer: 0x8236c010
\nThe old setting was THU JAN 01 00:00:00 1970
\nAccepted system dates are greater than THU DEC 27 00:00:00 1990<\/p>\n

\/ata0\/\/\u00a0 – Volume is OK
\nLoading system information…
\nReading system info from flash…
\nHost Name: bootHost
\nTarget Name: vxTarget<\/span> <\/strong>
\nUser: target
\nAttaching interface lo0… done
\nflashStartup: no LAN bypass support.
\nLoading firmware…<\/p>\n

Booting…
\nELF file is 32 bit
\nRe-using existing memory for ELF: Base addr, 0x2000000, size: 0xe000000
\nLoading .text @ 0x82008000 (16150976 bytes)
\nLoading .data @ 0x82f70000 (1487536 bytes)
\nLoading .cvmx_shared @ 0x830db2b0 (424 bytes)
\nClearing .bss @ 0x830db480 (16997600 bytes)
\n## Loading ELF image with entry point: 0x82008000 …
\nBootloader: Done loading app on coremask: 0x1
\nUSB2 Host Stack Initialized.
\nUSB Hub Driver Initialized
\nUSBD\u00a0 Wind River Systems, Inc. 562 Initialized<\/span><\/strong>
\nHost Name: bootHost
\nTarget Name: vxTarget<\/strong> <\/span>
\nUser: target
\nAttaching interface lo0… done
\nStarting SonicSetup Watchdog
\nStarting real-time clock
\nInitializing clock
\nTuning clock and timezone<\/p>\n

Memory Setup Info:
\nInit memory pool start: 0x84111160 (2215711072)
\nInit memory pool end:\u00a0\u00a0 0x88000000 (2281701376)
\nISR stack start: 0x84111160 (2215711072)
\nISR stack size:\u00a0 0x00001388 (\u00a0\u00a0\u00a0\u00a0\u00a0 5000)
\nOS memory pool start: 0x841124e8 (2215716072)
\nOS memory pool size:\u00a0 0x03ee07c8 (\u00a0 65931208)
\ntRootTask exception stack start:\u00a0 0x87ff2cb0 (2281647280)
\ntRootTask exception stack size:\u00a0\u00a0 0x00001000 (\u00a0\u00a0\u00a0\u00a0\u00a0 4096)
\ntRootTask stack start:\u00a0 0x87ff3cb0 (2281651376)
\ntRootTask stack size:\u00a0\u00a0 0x0000c350 (\u00a0\u00a0\u00a0\u00a0 50000)
\nOS memory pool info:
\nsection 0 start:\u00a0 0x841124f0, size: 0x03ee07c0 (\u00a0 65931200)
\nsection 1 start:\u00a0 0x88000000, size: 0x07ef0000 ( 133103616)
\nsection 2 start:\u00a0 0xc0000000, size: 0x0fffff00 ( 268435200)
\nsection 3 start:\u00a0 0x01140000, size: 0x00ec0000 (\u00a0 15466496)<\/p>\n

Initializing Memory Zones
\nInitializing Buffer Zones
\nInitializing Common Zones
\nStarting LCD controller
\nInitializing Semaphores
\nInitializing read-write locks
\nInitializing System Monitor
\nInitializing trace call history
\nInitializing Flash
\nWriting Trace Log to Flash
\nClearing Trace Log
\n*** warmboot ***
\nAdjusting SonicSetup Watchdog if necessary for large prefs
\nInitialize FDR log
\nInitializing Ramdisk
\nInstalling date\/time hook
\nCreating File System
\nfilesystem
\nInitializing CFS
\nConstructing HTTPS Server dependencies
\nSetting NTP parameters
\nEnabling ARP table support
\nInitializing core IP packet handler
\nInitializing memory buffer driver
\nInitializing Branding
\nInitializing parameters table
\nInterfaces Group init-stage 1
\nStarting Routing engine
\nInitializing action table search tree
\nAllocating IPSec SA space
\nStarting Bandwidth Management scheduler
\nStarting Global Bandwidth Management
\nInitializing Policy lookup table
\nInitializing NAT Policy structure
\nBuilding DHCP Network Objects
\nStarting network monitor module
\nStarting the NAT module
\nStarting common gateway interface handler
\nStarting the system timer
\nStarting random number generator
\nInitalizing IPSec handle
\nAllocating DHCP server lease ranges
\nInitializing Memory for Application Firewall Config Objects
\nBuilding IPS Config Objects
\nBuilding AppControl Config Objects
\nBuilding AntiSpyware Config Objects
\nInitializing multiple interfaces handler
\nInitializing MAC-IP Anti-Spoofing
\nInitializing flow reporting
\nInitializing Ip Helper
\nStarting capture Buffer
\nInitializing QoS Mapping module
\nStarting dynamic routing
\nInitializing Support Services
\nInitializing backend dynamic update support
\nInitializing users
\nPre-Initializing LDAP client
\nPre-initializing Terminal Services support for SSO
\n1st zebos init<\/span><\/strong>
\nSet default packet capture settings
\nInitializing Memory for CFS
\nValidating FLASH parameters
\nInitializing preference export memory buffer devices
\nStarting IPH compatibility flags
\nInitializing proper connection count
\nAdjust memory partitions
\nStarting synflood protection
\nComplete Network Object initialization
\nSetting Time Zone and updating Daylight savings time
\nInitializing ARP table
\nEHCI Controller found.
\nWaiting to attach to USBD…Done.
\nReading Network Interface configurations
\nUpdating global BWM data
\nListen to BSP Interface State events
\nInitialize ACTIVE WAN
\nStarting firewall logger
\nStarting Stateful Packet Inspection engine
\nDetermining High Availability state
\nInitializing Active\/Active UTM
\nInitializing Ethernet links
\nGenerating system ARP
\nGenerating dynamic Address Objects
\n2nd zebos init
\nBuild routing table
\nInitializing IP Helper
\nStarting capture Buffer during startup
\nInitializing SQLite
\nStarting SwFlow during startup
\nStarting GeoIP
\nInitial GUI Interface Statistics Counters
\nInitializing DNS Rebind Detection
\nBuilding NAT tables
\nGenerating gratuitous ARP for NAT
\nGenerating gratuitous ARP for Transparent Mode IPs
\nStarting registration services
\nStarting DNS client
\nStarting DNS client
\nInitializing syslog client
\nStarting DNS request task
\nStarting DAO manager
\nLog initializations dependent on preferences
\nStarting RBL driver
\nStarting licensing services
\nInitializing connection cache
\nActivating Ethernet hooks
\nInitializing HTTP Server
\nStarting user authentication routines
\nStarting Zone Policy manager
\nInitializing Viewpoint reporting
\nInitializing PPP timers
\nInitializing L2TP client system
\nInitializing L2TP Server
\nInitializing PPTP system
\nStarting DHCP client
\nInitializing Acceptable Use Policies
\nStarting NTP client
\nStarting IP fragmentation\/reassembly handlers
\nStarting IPSec engine
\nInitializing HTTPS Server
\nInitializing web proxy support
\nInitializing diagnostic admin tools
\nReading Qos Conversion Configuration
\nStarting H323 handlers
\nStarting SIP handlers
\nInitializing RADIUS client
\nInitializing LDAP client
\nInitializing SSO Authentication
\nInitializing Terminal Services support for SSO
\nInitializing PPPoE support
\nPreparing auto-configurator
\nStarting DHCP server
\nInitializing DHCP relay over VPN
\nStarting IGMP Mcast
\nInitializing Deep Packet Inspection framework
\nPre-init Client AV
\nInitializing Distributed Enforcement Architecture
\nBuilding CFS rating database
\nSet CFS version
\nApply BWM Settings for Application Firewall policy
\nStarting Auto-Update timers
\nSNMP Initialization
\nVerifying management policy rules
\nInitializing High Availability routines
\nInitializing state sync
\nInitializing Content Filtering Services
\nInitializing webSense monitor services
\nInitializing SSL Control Service
\nStarting SSL Inspection Engine
\nStarting Auto-Update timers
\nComplete One Touch Overrides
\nStarting hardware watchdog
\nFirmware Version: SonicOS Enhanced 5.8.1.9-58o
\nDirectory: \/depot-155518-18\/Octeon\/5.8.1\/m2\/target\/oct_mips64\/sw_octeon4500-cp-base
\nInitializing FIPS mode
\nWAN Load Balancing module started
\nUpdate Interfaces Groups from prefs
\nInitializing for TSR generation
\nInitializing SDP and SSPP (discovery and provision protocol)
\nInitializing Wireless Zone Module
\nInitializing Guest Services
\nStarting Bandwidth Optimization engine
\nInitializing Flash Dynamic Update
\nVerifying transaction groups
\nProtecting prefs
\nStart processing Interface State Changes
\nInitializing Reboot Notifier
\nCheck for Diag Restart Requests
\nCheck for Periodic Gratuitous ARP Requests
\nChecking for Enhanced Upgrade
\nInitializing ARS
\nInitializing VPN route monitor
\nInitializing SSH Service
\nInitializing CLI interface
\nLog Firewall activated
\nRemote Backup Initialization
\nIf configured, send SNMP Cold Start Trap
\nStarting Hot Swap Controllers
\nIf configured, send IPSEC Trap for Manual SAs
\nStarting Anti-Spam Service
\nStarting Subsystem Detection
\nInitializing SSLVPN Server
\nsslvpn sslvpnCustomerizedLogo:\/VirtualOffice.gif!
\nAdded 1539 oui to vendor mappings
\nAdd an entry to the firmware history<\/p>\n

Product Model:\u00a0\u00a0\u00a0 NSA 4500
\nProduct Code:\u00a0\u00a0\u00a0\u00a0 61xx
\nFirmware Version: SonicOS Enhanced 5.8.1.9-58o
\nSerial Number:\u00a0\u00a0\u00a0 0017xxxxxxxx
\nX0 IP Addresses:\u00a0 x.x.x.x<\/p><\/blockquote>\n

Here some information of a DELL SonicWALL Job offer:<\/p>\n

\n
\n

Dell SonicWALL Linux Kernel Software Dev Sr. Engineer San Jose, CA<\/h1>\n
…<\/div>\n
Responsibilities:- Linux kernel hardening
\n– Software design at BSP or kernel level
\n– Design and porting device drivers
\n– Understand functionality of the system to provide better hardware abstraction layer
\n– Communicate with Hardware team during board bring-up phase
\n– Document design details, collaborate with team members during design and review phase<\/p>\n<\/div>\n
<\/div>\n
Qualifications\/Knowledge
\n– Knowledge of Linux kernel programming
\n– Knowledge of kernel details, design in multitasking environment, synchronization objects, etc
\n– Knowledge of generic CPU architecture and infrastructure: core, peripherals, etc. MIPS experience is plus.
\n– Prior experience in software design for multi-core\/multi-blade systems is big plus
\n– Knowledge of C, GNU tools, Make, generic source control systems
\n– Knowledge of scripting language such as bash, Perl, python, is a plus
\n– Basic knowledge of networking protocols: TCP\/IP
\n– Knowledge\/experience of the vxWorks<\/span><\/strong> is big plus
\n…<\/div>\n

Job Requisition Number: 12000XF8<\/p>\n<\/div>\n<\/blockquote>\n","protected":false},"excerpt":{"rendered":"

Sonicwall NSA works in my option on VxWorks Operation System (Wind River Systems, Inc) based on Linux Kernel 2.6.x. Additional they use ZebOS for Layer2\/3. The following informations are extract from an NSA 4500 running on Firmware 5.8.1.9.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[10],"tags":[],"class_list":["post-78","post","type-post","status-publish","format-standard","hentry","category-sonicwall"],"_links":{"self":[{"href":"https:\/\/www.timk.de\/it-blog\/wp-json\/wp\/v2\/posts\/78","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.timk.de\/it-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.timk.de\/it-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.timk.de\/it-blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.timk.de\/it-blog\/wp-json\/wp\/v2\/comments?post=78"}],"version-history":[{"count":2,"href":"https:\/\/www.timk.de\/it-blog\/wp-json\/wp\/v2\/posts\/78\/revisions"}],"predecessor-version":[{"id":83,"href":"https:\/\/www.timk.de\/it-blog\/wp-json\/wp\/v2\/posts\/78\/revisions\/83"}],"wp:attachment":[{"href":"https:\/\/www.timk.de\/it-blog\/wp-json\/wp\/v2\/media?parent=78"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.timk.de\/it-blog\/wp-json\/wp\/v2\/categories?post=78"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.timk.de\/it-blog\/wp-json\/wp\/v2\/tags?post=78"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}