Hyper-V ICS 1.0 (w/Synthethic Network Driver) for pfSense 2.1 & 2.1.1
-
@gonzopancho:
I thought I already outlined that. I'm willing to make it happen, but I'm going to need some help (perhaps from zootie),
and it will (of necessity) need to be buildable from source. Once that happens, we can produce an official 'snapshot' for
people (like you) to test, as well as setup for the test harness at work.Many thanks for replying, it's much appreciated, it's great to finally have a an acknowledgment and a response from the pfSense team!
Hopefully zootie will be more than happy to help out.
Yes, I'd be happy to help. In Option C, the drivers were compiled from lightly modified hyperv for FreeBSD 8.3 port source (the only modifications were to Makefiles to get the patch to apply, but we can probably forgo these changes by creating a patch that only applies to sys/modules/hyperv - something I didn't know when I started, hence the more inclusive patch). The source compiles using pfSense-tools and get the ko modules included on the ISO (they're included with the other kernel modules). However, I just need some help to get the drivers installed/used by the installation process.
I can try to keep digging, figuring out pfsense-tools by trial an error (since I haven't found any documentation on the tools other than inline comments). However, I'd only be struggling to figure out info that someone more familiar with the build process already knows (saving me hours of running in circles). Maybe someone that worked to integrate the virtio drivers? Or someone that would know how to instruct the installer/builder to modify /boot/loader.conf (if that is the best way to do this, maybe there is a way to have the installer only make the modification only when Hyper-V is detected).
gonzopancho, can you put me in touch with someone more knowledgeable on the tools? I'll probably need access to the tools repo (as instructed in the development list, I emailed a week ago with an SSH key to gain access, didn't hear back).
Thank you
-
hmm,
Well difficult to stay positive on this aspect :-)
we where actually planning on fixing up the CARP issue with hyper-v and your iso but few months later and it's no longer there.(so now it seems we are going to build it from scratch like we did with XenServer).
Actually it's funny you mention the commercial edition rumors, as thats the feeling i had when reading about what happened with hyper-v + pfsense (and why we are now looking for more real community driven firewalls).
vyatta did that too.. even gone as far as removing the web gui from community.. now bought by another company and no more updates since 2012.
There's only very few who survive going from opensource to commercial with maybe a community branch, most just die out :-)
As far as how it's developped: we pretty much used freebsd 10 kernel as a roadmap so it's not easy to deploy on a existing pfsense (we do have a neat pre-build iso which also fixes even the xen guest boot and reboot issues, or the delayed press i to install where xen console tends to not refresh properly so we auto install :P)
-
@gonzopancho:
I'm sorry you feel that way. Perhaps you would like to explain your viewpoint more.
Uhm… explain what? Already posted my thoughts here and on another related threads, pretty clearly. Instead of providing people with a build tools switch to build unbranded code stripped of your trademarks, you nuke the repo access and red-tape an open-source project with tons of legal BS. Sigh.
-
The perversion of the project brought on by one person building and distributing, which was taken down after a request I think is far worse. Now we have an opensource project that isn't buildable?
Is the solution going to be to have an internal branded buildtoolset and a unbranded copy of that on public git?
-
The perversion of the project brought on by one person building and distributing, which was taken down after a request I think is far worse.
Knee-jerk reaction, borderline paranoia.
Now we have an opensource project that isn't buildable?
Which - for me - is a complete and utter fail of the BSD license…
-
Yes, I'd be happy to help. In Option C, the drivers were compiled from lightly modified hyperv for FreeBSD 8.3 port source (the only modifications were to Makefiles to get the patch to apply, but we can probably forgo these changes by creating a patch that only applies to sys/modules/hyperv - something I didn't know when I started, hence the more inclusive patch). The source compiles using pfSense-tools and get the ko modules included on the ISO (they're included with the other kernel modules). However, I just need some help to get the drivers installed/used by the installation process.
I can try to keep digging, figuring out pfsense-tools by trial an error (since I haven't found any documentation on the tools other than inline comments). However, I'd only be struggling to figure out info that someone more familiar with the build process already knows (saving me hours of running in circles). Maybe someone that worked to integrate the virtio drivers? Or someone that would know how to instruct the installer/builder to modify /boot/loader.conf (if that is the best way to do this, maybe there is a way to have the installer only make the modification only when Hyper-V is detected).
gonzopancho, can you put me in touch with someone more knowledgeable on the tools? I'll probably need access to the tools repo (as instructed in the development list, I emailed a week ago with an SSH key to gain access, didn't hear back).
Thank you
I'm certain that I have access to pfsense-tools. Several people I work with do, too. (This is because CMB and I own ESF.)
The larger issue is 'testing', and setup of a Hyper-V environment to do so. -
The perversion of the project brought on by one person building and distributing, which was taken down after a request I think is far worse.
Knee-jerk reaction, borderline paranoia.
Now we have an opensource project that isn't buildable?
Which - for me - is a complete and utter fail of the BSD license…
You apparently are unfamiliar with trademark law. I tried to explain, but you seem to not be listening.
-
Outch.
Even threatning with legal action to something what i see as a major contribution (helping pfsense work on a hypervisor).
We where about to release a fully working pfsense with Citrix Xenserver 6.2 for the community.but i guess we will keep that build to our selfs after reading this.
For the admins in question: i would really wonder if thats a right way of handling things if you say you depend on the community yet shoot it down when they do actually contribute :-)
Regards,
MarcoWhen the -tools repo comes back, you'll be able to build something called "pfsense" with your changes, but you won't be able to distribute it without prior permission (a license) from ESF.
-
The perversion of the project brought on by one person building and distributing, which was taken down after a request I think is far worse. Now we have an opensource project that isn't buildable?
Is the solution going to be to have an internal branded buildtoolset and a unbranded copy of that on public git?
No, I'd considered this, but I'm not going to unbrand pfSense for the 57 companies that all want that from us now.'
Someone else could do this, of course. The BSD license allows it. Some have even been successful.
-
@gonzopancho:
You apparently are unfamiliar with trademark law. I tried to explain, but you seem to not be listening.
And I tried multiple times to suggest that if you are so paranoid about your trademarks, you should provide people with way to build unbranded code instead of removing access to build tools. I tried to explain, but you seem to not be listening. :o
(As for what I'm familiard with, I'd suggest reading the other thread.)
@gonzopancho:
When the -tools repo comes back, you'll be able to build something called "pfsense" with your changes, but you won't be able to distribute it without prior permission (a license) from ESF.
So the code is no longer BSD-licensed? Good that it's clear now that it's not just Jim T. going wild. Pretty much finished this as open-source project. >:(
@gonzopancho:
No, I'd considered this, but I'm not going to unbrand pfSense for the 57 companies that all want that from us now.'
Someone else could do this, of course. The BSD license allows it. Some have even been successful.Yah. Pissing people off with legal threats is surely a way to accomplish volunteer effort and motivation. You must be kidding. (Actually, they could not do it now, not without using the forked outdated repos at least.)
-
@gonzopancho:
You apparently are unfamiliar with trademark law. I tried to explain, but you seem to not be listening.
And I tried multiple times to suggest that if you are so paranoid about your trademarks, you should provide people with way to build unbranded code instead of removing access to build tools. I tried to explain, but you seem to not be listening. :o
(As for what I'm familiard with, I'd suggest reading the other thread.)
@gonzopancho:
When the -tools repo comes back, you'll be able to build something called "pfsense" with your changes, but you won't be able to distribute it without prior permission (a license) from ESF.
So the code is no longer BSD-licensed? Good that it's clear now that it's not just Jim T. going wild. Pretty much finished this as open-source project. >:(
@gonzopancho:
No, I'd considered this, but I'm not going to unbrand pfSense for the 57 companies that all want that from us now.'
Someone else could do this, of course. The BSD license allows it. Some have even been successful.Yah. Pissing people off with legal threats is surely a way to accomplish volunteer effort and motivation. You must be kidding. (Actually, they could not do it now, not without using the forked outdated repos at least.)
Doing as you suggest, building a -tools repo with no branding, helps you, but it also helps many companies who want to rip-off pfSense and build their own 'firewall'. Right now, several companies actually pay for that.
Your thoughts seem to mostly consist of rants that ignore the legal realities. Even here you speak of "tons of legal BS", but
it is not BS.What do we do, doktornotor, when someone eventually builds a version of 'pfSense' that contains a hostile payload? Remember that this is a security project/product.
I'm offering to open a dialogue, you're refusing. We both lose.
Yes, the project is still BSD-licensed. The BSD license covers copyright, not trademark (nor patents, which is why we have the MPL.)
-
doktornotor
Which part is it that concerns you most:
-
not currently having access to -tools
-
not being able to distribute your personal build and still call it pfsense
The situation with #1 will change.
The situation with #2 can not. -
-
@gonzopancho:
Doing as you suggest, building a -tools repo with no branding, helps you, but it also helps many companies who want to rip-off pfSense and build their own 'firewall'.
Rip off? LOL. Yeah, and people rip off Ubuntu daily. And Debian. And… (Read the other thread, really.)
@gonzopancho:
Right now, several companies actually pay for that.
They do? Looks like the rebranding service no longer exists, plus you clearly refuse to do it - "I'm not going to unbrand pfSense for the 57 companies that all want that from us now."
@gonzopancho:
Yes, the project is still BSD-licensed. The BSD license covers copyright, not trademark (nor patents, which is why we have the MPL.)
Well, sorry, no. It is NOT BSD-licensed any more. Since "you won't be able to distribute it without prior permission (a license) from ESF." is directly incompatible with the BSD license.
@gonzopancho:
Which part is it that concerns you most:
-
not currently having access to -tools
-
not being able to distribute your personal build and still call it pfsense
The situation with #1 will change.
The situation with #2 can not.Ad 1/ It won't for change anything for me. Clearly I'm NOT going to sign any licensing agreements to get access to build tools.
Ad 2/ Yes, because there's no –without-branding switch to build the code. Right, you feel ripped off, so there won't be one. -
-
Perhaps you need to read the BSD license again.
It does not, and never did, allow you to use the associated trademarks.
I do not feel "ripped off", I am simply preserving the trademark rights of ESF.
The reason for the delay is I'm trying to restore access to -tools without requiring a written agreement.
(contributions, however, require an associated contributor agreement.)
-
Copyright <year>, <owner>All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
The three clause adds:
3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.</owner></year>
-
We are going in circles. See, I'd have no problem if you simply and honestly stated "We want/need more $$$$, so screw you, guys, this no longer is an open-source project, the ideas won't pay our mortgage!" Instead of trying to make a mountain out of a molehill (oh noes, someone did build something and called it pfSense, the end of the world is near! and hide this simple fact behind tons of legal blurb as a "justification". (Ever looked at XDA? People do it daily there, and I have yet to hear about how the companies like HTC, Samsung etc. are losing trademarks en masse, so yeah, let me state again - this is legal BS, plain and simple.)
P.S. Need to ask Manuel Kasper whether he feels "ripped off" as well. ::)
P.P.S. No idea how's the "3-clause BSD" license relevant here. That's not how the code is licensed.
-
Ehmm..
Just a silly question but if we take out every pfsense out of the build (so pfsense is no longer mentioned) and name it something else BUT leave everything you made in tact.. then we did not publish anything under the pfsense name.
Would this mean you prefer a total rebrand so people can publish for example a stable Xen / hyper-v iso "with pfsense" but then just call it "Based up on PFSense" (with their own name) ?
As removing the pfsense name from our build isn't a issue, just seems kind of a dick move which is why we don't/didn't.
but considering i can see how much requests of PFSense with Xen had (as Xen currently lacks good supported firewall distributions) it would be something i would consider doing to "give back" to the community -
To conclude this - since "Your intent, however noble, doesn't matter" - see, this is the exact problem people have with this nonsense. What you've done is preventing honest development efforts by the community (not rip-offs), this thread being the prime example. Heck, it even prevents people from using pfSense, since they, as it is, cannot even build the code now, to make is usable on their virtualization platform.
And then Jim T. comes and asks at the mailing list how do forks help the project. WTH? What's you have done is what causes forks. Plain and simple, again. (BTW, your ML archive is still down.)
As removing the pfsense name from our build isn't a issue, just seems kind of a dick move which is why we don't/didn't.
Yeah, this. People are leaving the pfSense brand there as a credit to the project. Unfortunately, when paranoia kicks in, common sense no longer matters. Actually, thinking about it, must be some kind of schizo paranoia - leave the branding there, you're a trademark offender. Remove it, and you are the bad "rip-off" guy. That, or the motivation is completely elsewhere and has nothing to do with trademarks, as I've suggested above. ::)
-
It's not paranoia, it's what the law requires in order to maintain the marks.
We're not taking the project "closed source".
I've already stepped up to provide an official build.
You're spreading FUD.
-
You mentioned Ubuntu. Here is ubuntu's IPR policy:
http://www.canonical.com/intellectual-property-rights-policy