Archives
/
opensense-docs
mirror of https://github.com/opnsense/docs
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
master
dashboard
BGP_ASN_Alias_FR5913
rss
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '020c7c74ec'
${ noResults }
opensense-docs/source/development/architecture.rst

137 lines
4.7 KiB
ReStructuredText
Raw Blame History Unescape Escape

This file contains invisible Unicode characters!

This file contains invisible Unicode characters that may be processed differently from what appears below. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to reveal hidden characters.

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

============
Architecture
============
The main focus of the OPNsense project is to provide a secure and
manageable platform for all your security applications. This means high
quality software that is easily maintainable and bug free. We think that
having a framework with a clear separation of concerns is essential to
achieving these goals.
OPNsense is a fork of pfSense ®. The existing code base of pfSense ®
does not always apply a clear separation of concerns. This means we need
a transition of the old (legacy) code base to a new one with a clear
separation. We have chosen a gradual transition to avoid a big bang and
keep the product feature rich while increasing code quality. This
enables simple addition of new features with less bugs and shorter time
to market.
This article describes how this will be achieved.
-----------------------
High-level architecture
-----------------------
|OPNsense Components.png|
As the above model shows there are two main areas in our stack, the
frontend implemented with PHP/Phalcon and the backend using a custom
service built in Python.
The frontend handles user interaction and communicates with the backend
service. Applying configuration changes, monitoring and controlling
services offered by OPNsense is done by the backend service.
By using a fully configurable backend service, we avoid hardcoding of
services and ease the implementation of new features.
The frontend stack delivers a model driven approach to handle
configuration data, including automatic validation.
Manipulation of the core configuration file is handled at the frontend
model; the backend service is merely a consumer of the information
provided.
--------------------
Backend Architecture
--------------------
|OPNsense backend.png|
Configd, is responsible
for the core system interaction like starting and stopping of daemons
and generating configuration files for used services and applications.
The daemon listens on a unix domain socket and is capable of executing
actions defined in its own configuration directory
(“/usr/local/opnsense/service/conf/actions\_\*.conf”).
Currently there are two types of services implemented in the daemon:
- script : execute external (rc) scripts
- inline : perform inline actions which are part of configd, currently
only template generation.
|
| Template generation is handled by Jinja2 (http://jinja.pocoo.org/),
more information on how to create application templates can be found
at :doc:`/development/backend/templates`.
---------------------
Frontend Architecture
---------------------
|OPNsense frontend.png|
Routing
-------
The OPNsense framework uses components from Phalcon where possible; the
first layer initializes Phalcons routing, which handles requests and
delivers them to the controller based on its url. User content is
generated using Volt templates, which are picked by the controller.
Because Phalcons default Models function with (relational) databases
and we are using XML data, our model implementation is custom. But
wherever possible we use components from Phalcon (for example,
validation is handled using Phalcons classes). For a detailed
description on the routing principles used in OPNsense, visit Frontend
:doc:`/development/frontend/routing`.
Controllers and views
---------------------
Not all parts of the framework are already implemented, but by deriving
all controllers from the base in the OPNsense project its easy to
extend and adapt to future needs. Documentation on how to implement
controllers, with the use of views, can be found at :doc:`/development/frontend/controller`.
Models
------
All models are defined by a combination of a class and an XML containing
a (nested) definition. More information on defining models can be found
at the frontend model page :doc:`/development/frontend/models`.
Communication
-------------
Communication to the backend service is handled via a unix domain
socket.
Core system
-----------
The core of OPNsense is powered by an almost standard FreeBSD ® system
extended with packages using the pkg system. GIT is used for version
control and the repositories are split into 4 parts:
- src : the base (FreeBSD ®) system
- ports : the ports collection containing third party software
- core : the OPNsense gui and system configuration parts
- tools : easy tools to build OPNsense
.. TIP::
| For detailed information about the development workflow see:
| :doc:`OPNsense development workflow </development/workflow>`
.. |OPNsense Components.png| image:: images/OPNsense_Components.png
:width: 600px
:height: 548px
.. |OPNsense backend.png| image:: images/OPNsense_backend.png
:width: 600px
:height: 575px
.. |OPNsense frontend.png| image:: images/OPNsense_frontend.png
:width: 600px
:height: 461px
Reference in New Issue View Git Blame Copy Permalink