More Information on Package Development



  • I've already read the documentation on package creation from this page: https://doc.pfsense.org/index.php/Developing_Packages and I've installed a package and looked at the artifact files in the file system, but I still don't feel like I know what's involved in creating a package. Is there a tutorial or a basic starting point or overview I can read that will clue me in on how this works? A wholistic example with sample code would be awesome.

    Another question I have is do I really need to make a package for if I'm not interested in making this pretty and available to everyone? If, for instance, I just want to inject a custom script into the pipeline and I'm fine with hard coding the whitelist and allowed hosts aliases so I don't need a GUI for the script is there an easier alternative to packages? It would be awesome if I could just write a script with a single function. That function receives input from pfsense when it is called that passes it the request information. I look at the request information and return a value based on some logic I write. If this is possible it would seem like it would greatly simplify what I'm trying to do right now.



  • umm what pipeline? input from pfsense?

    If you can just add some php and inc files to pfSense to create your 'feature' there is no need to make a package of it, but it will likely be lost when pfSense is updated..

    Creating a actual 'package' from it is like the last few percent of work.. I would focus first on creating at least part the feature, or at least a little 'proof of concept'..



  • Yeah, I don't know a lot about the verbiage in the PFSense world, but when I said pipeline I meant the process that a packet goes through when it comes into PFSense and then is either abandoned or goes out. By input from PFSense I was referring to a coding pattern that I've used in the past that is awesome for these types of workflows. PFSense gets a packet, in order to process that packet it delegates to a bunch of different modules that can inspect the packet and give PFSense direction on what to do with it. In this case, PFSense's core routing subroutines would make up some of the modules and someone wanting to augment the behavior of this process could do so by writing their own module and registering it.

    If I hear you correctly, you're saying I can worry about turning my scripts into packages later and can ad-hoc write and test some PHP scripts against PFSense now to get a proof of concept. Can you help me understand how to do that? I can't find documentation that is geared toward providing just that information about PFSense script writing.



  • Well.. if you want to block/inspect traffic packets passing through pfSense, then that is not something that php will do. if you take the basic concept of pfSense it is just the php 'glue' that makes all parts work together with a nice webgui. Changing or adding new parts of that 'glue' is relatively easy.

    The packet processing is mostly being done by FreeBSD (the OS) and PF (the firewall).

    Or perhaps you would like to do something more like Snort and Suricata, and maybe create a custom 'ruleset' for one of those two with your packet inspection rules as far as they can support your intended case..

    But developing on any those software parts is a entirely different thing than the usual 'pfSense package' which takes a existing binary application and wraps in into a easy to use php webgui without actually changing the binary code of the application or changing the internal flow of network packets, well a package like 'tinc' does add mesh vpn capabilities, but the 'pfSense package' just installs and configures that existing piece of software.. If your intending to go make changes in those parts then a little knowledge about script writing wont really help much. Would need some good general programming knowledge preferably in C or C++ .. its imho not something that can be learned by reading a single wiki page..