incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Daniel Stefan Haischt" <>
Subject [PROPOSAL] Bennu, a Router, Firewall & Wi-Fi perimeter
Date Sun, 02 Dec 2007 22:16:04 GMT
= Bennu Project Proposal =

Author:         Daniel S. Haischt <dsh at apache dot org>
Date:           December 2007
Online version:

== Bennu, a Router, Firewall & Wi-Fi perimeter Proposal ==

=== 0. Abstract ===

Bennu, a service management abstraction layer for router, firewall & Wi-Fi
perimeter implementations.

=== 1. Proposal ===

Bennu Router, Firewall & Wi-Fi Perimeter is a modularised and
extensible service
management abstraction layer. Bennu allows administering BSD based router,
firewall and Wi-Fi platforms through a web service or web interface. Bennu will
be a continuation of the now stale m0n0wall project.

=== 2. Background ===

For some background information about m0n0wall and the domain of firewalling
and routing, please have a look at:

* []

=== 3. Rational ===

The fundamental goal of the project is to provide a modularised and extensible
service management abstraction layer that allows implementing reusable and
interchangeable router, firewall or Wi-Fi software management services.

Abstraction will be provided to shield the specific implementation of an
underlying operating system service such as a firewall rule engine. Thus Bennu
will provide an universal layer to several kinds of operating system
services each
having the same goal but each having a different implementation. If necessary,
one system management service may be interchangeable by an equivalent system
management service that exposes the same service interface (e.g. an equivalent
system management service may be required that provides increased QoS

The provided system management service interfaces are not tightly
coupled to the
domain of firewalls and routers. Interfaces such as file system
service interfaces
may be provided as well with the help of the accompanying abstraction layer.

In a wider perspective the goal of the Bennu project will be to implement the
principles found in service oriented architectures in general and the Service
Component Architecture to mention a specific implementation of a SOA principle.

Trivia: The Bennu bird serves as the Egyptian correspondence to the
phoenix, and
is said to be the soul of the Sun-God Ra (Source: Wikipedia).

=== 4. Initial Goals ===

* Integrate the m0n0wall code donation into Bennu
* Various m0n0wall extensions
  * Package manager
  * PHP V5
  * FreeBSD 6.3
* Refine the currently envisioned Bennu artifacts:
  * Service Management Abstraction Layer
  * Service Management Web Service Interface
  * Service Management Web Interface (Client)
  * Central Administration Facility (Server)
  * Various Core Service Implementations
    * Implement the Package Manager as a Service
    * Firewall Rule Generation Service
* Establish a build system for the various Bennu artifacts

==== 5 Current Status ====

===== 5.1 Meritocracy =====

Apache was chosen for an incubator for the guidance the community can provide.

===== 5.2 Community =====

The Bennu community will consist of Apache committers, possibly French
already developing a firewall solution. They do have in-depth knowledge in this
kind of domain. Additionally, several individuals will contribute to
the project.

Users from the m0n0wall, FreeNAS and pfSense community are welcome to join the
Bennu community. Special migration support to such kind of users will
be provided
by Bennu devs having already gained experience with m0n0wall, FreeNAS
or pfSense.

===== 5.3 Core Developers =====

Bennu was founded by Daniel S. Haischt because there was a tremendous need to
streamline the current m0n0wall based forks and because each of them
are suffering
from the same software design weakness which is a rather evolutionary and
monolithic and unfortunately failure-prone system.

Daniel S. Haischt has in-depth knowledge of the pfSense system. He contributed
the second most amount of features during the year 2006 to the pfSense
code base.
Additionally he ported the complete FreeNAS system as an add-on
package to pfSense
and finally became a FreeNAS committer.

Mohammad Nour El-Din is a Java EE specialist and an Apache committer
in the Apache
OpenEJB project.

===== 5.4 Alignment =====

An initial implementation will be written in C/C++ using the API provided by
Apache Tuscany. The HTML GUI portions will probably be written in PHP because
Apache Tuscany provides appropriate PHP bindings.

By having made the decision to use Apache Tuscany, Bennu as a SOA
application may
challenge Apache Tuscany in a positive way by proving its stability
and maturity
in a real life scenario.

On an embedded environment, programming language such as Java or CLI based
languages won't be used. Because of the performance constraints which
exist on embedded devices, such devices may not be able to run Java
SE based application due to the lack of computing power.

However, the implementation language of the central management interface may be
any kind of programming language, as it runs on a desktop, workstation
or server.
a workstation or a server.

==== 6. Known Risks ====

===== 6.1 Orphaned products =====

Due to its small number of committers, there is a risk of being orphaned. The
main knowledge of the code base is still mainly owned by Daniel S.
Haischt. Even
if Daniel has no plan to leave Bennu development, this is a problem we
are aware
of and know that needs to be worked on so that the project becomes
less dependent
on an individual (taken from the Ivy example but it perfectly describes the
current situation of Bennu).

===== 6.2 Inexperience with open source =====

All of the Bennu developers are familiar with open source. They are or
have been
committers to several mid or large scale open source projects like OpenEJB, for
example. In-depth knowledge of challenges and risks coming along with open
source in general and legal issues specific to open source exists.

===== 6.3 Homogeneous developers =====

The current list of committers includes developers from several different
companies plus independent volunteers. The committers are currently
distributed across Europe and Africa. They are experienced with working in a
distributed environment.

===== 6.4 Reliance on salaried developers =====

Developers work on a volunteer basis. The project does not rely on salaried

===== 6.5 Relationships with Other Apache Products =====

* Apache Tuscany: Service Management Abstraction Layer
* Apache Tuscany:Service Management Web Service Interface
* Apache Ant: Build system

===== 6.6 A Excessive Fascination with the Apache Brand =====

The committers are intent on developing a strong open source community. We
believe that the Apache Software Foundation's emphasis on community development
makes it the most suitable choice.

=== 7. Documentation ===

* [ Initial Bennu Readme]
* [ Birds eye
architectural overview of Bennu]

* [ FreeBSD]
* [
* [ Packet Filter]

* [ m0n0wall]
* [ pfSense (m0n0wall based)]
* [ FreeNAS (m0n0wall based)]
* [ AskoziaPBX (m0n0wall based)]

* [ Soekris embedded boards]
* [ Alix embedded boards]

=== 8. Initial Source ===

The initial source for the project was originally written by Manuel Kasper. He
will be donating the current code base to the Apache Software Foundation. A
snapshot of the initial source is available at

=== 9. Source and Intellectual Property Submission Plan ===

The current m0n0wall code base is BSD licensed (new BSD license as it can be
found in FreeBSD). The following people contributed to m0n0wall where Manuel
Kasper is the project lead and wrote the majority of the m0n0wall code base.

* Chris Buechler (cbuechler) <cbuechler at gmail dot com>
     o Documentation
* Dinesh Nair (dinesh) <dinesh at alphaque dot com>
* Jonathan de Graeve (jdegraeve) <Jonathan dot De dot Graeve at imelda dot be>
     o Captive portal
* Manuel Kasper (mkasper) <mk at neon1 dot net>
* Paul Taylor (ptaylor) <PaulTaylor at winn dash dixie dot com>
* Michael Iedema (michael.iedema) <michael at askozia dot com>
* Marcel Wiget (mwiget) <mwiget at gmail dot com>

The complete list of m0n0wall contributors can be found at the
m0n0wall web site:

* [ list of m0n0wall contributors]

Manuel Kasper will be donating the complete m0n0wall code base to the ASF and
will provide assistance (answering questions and so on) during the IP clearance
process. Manuel sent the software grant form to the ASF via facsimile on 28th
of November 2007.

=== 10. External Dependencies ===

The core dependencies all have Apache compatible licenses. These include BSD,
CDDL, CPL, MPL and MIT licensed dependencies.

* Servlet Container: Jetty (central management facility)
* Service Management Web Interface (Client): lighttpd
* Hosting operating system: FreeBSD
* SCA/SDO implementation: PECL (PHP extension)

=== 11. Scope of the sub projects ===

The below artifacts are being proposed to make up the initial core Bennu system
(See: 4. Initials Goals as well).

* Bennu mediation core (i.e. the service management abstraction layer)
* Management Web service
* HTML based management interface (Ajax/RIA based)
* Various Core Service Implementations
* Central administration facility (may reassemble parts of the HTML GUI)

=== 12. Cryptography ===

Cryptographic software such as OpenSSL, which will be provided by the operating
system, may be utilised by Bennu (i.e. Bennu source code may link
against OpenSSL

=== 13. Required Resources ===

==== 13.1 mailing list(s) ====


==== 13.2 Subversion repository ====

* []

==== 13.3 Issue Tracking ====

* JIRA Bennu (BENNU)

=== 14.Initial Committers ===

* Daniel S. Haischt <dsh at apache dot org> (**)
* Mohammad Nour El-Din <mnour at apache dot org> (**)

=== 15. Affiliations ===

* Daniel S. Haischt - an IBM Employee and OpenEJB Committer
* Mohammad Nour El-Din - an IBM Employee and OpenEJB Committer

=== 16. Sponsors ===

==== 16.1 Champion ====

==== 16.2 Nominated Mentors ====

==== 16.3 Sponsoring Entity ====

* The Apache Incubator

=== 17. Annotations ===

(*) CLA filed. (**) CLA acknowledged.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message