refactor: FreeBSD platform support cleanup (#205)

domcyrus · web-flow · commit eec74e4126da · 2026-04-06T18:38:37.000+02:00
* refactor: FreeBSD platform support cleanup#205
diff --git a/ROADMAP.md b/ROADMAP.md
@@ -19,6 +19,12 @@ This document outlines the planned features and improvements for RustNet.
   - BPF device access and permissions setup
   - Native libpcap packet capture
   - Cross-compilation support from Linux
+- [ ] **FreeBSD Capsicum Full Sandbox** (`cap_enter()`): Replace per-FD `cap_rights_limit()` with full capability mode to prevent file access and data exfiltration. Requires:
+  - Switch from `sockstat` subprocess to `libprocstat(3)` library calls for process lookup (eliminates `fork()`/`execve()` dependency)
+  - Integrate `libcasper` for privileged sysctl access from inside capability mode (`kern.proc.filedesc` is blocked in `cap_enter()`)
+  - Architecture: pre-fork a Casper service before `cap_enter()`, communicate over socket pair at runtime
+  - Write FFI bindings for `libprocstat` and `libcasper` (no Rust crate exists)
+  - Link against `-lprocstat -lcasper -lcap_sysctl` (system libraries on FreeBSD 10+)
 - [ ] **OpenBSD and NetBSD Support**: Future platforms to support
 - [x] **Linux Process Identification**: **Experimental eBPF Support Implemented** - Basic eBPF-based process identification now available with `--features ebpf`. Provides efficient kernel-level process-to-connection mapping with lower overhead than procfs. Currently has limitations (see eBPF Improvements section below).
 
diff --git a/SECURITY.md b/SECURITY.md
@@ -6,6 +6,7 @@ RustNet processes untrusted network data, making defense-in-depth security criti
 
 - [Landlock Sandboxing (Linux)](#landlock-sandboxing-linux)
 - [Seatbelt Sandboxing (macOS)](#seatbelt-sandboxing-macos)
+- [FreeBSD Sandboxing](#freebsd-sandboxing)
 - [Privilege Requirements](#privilege-requirements)
 - [Read-Only Operation](#read-only-operation)
 - [No External Communication](#no-external-communication)
@@ -116,6 +117,10 @@ Unlike Linux Landlock, clipboard copy (`c` key) works normally under Seatbelt. m
 
 On Linux, clipboard requires access to Wayland sockets (`/run/user/UID/wayland-0`) or X11 sockets (`/tmp/.X11-unix/`). Landlock's deny-default model blocks these because they are not in the write-path allowlist, so clipboard is unavailable when Landlock is active.
 
+## FreeBSD Sandboxing
+
+FreeBSD does not currently have sandboxing enabled. A full Capsicum sandbox using `cap_enter()` with `libcasper` for privileged process lookup is planned — see [ROADMAP.md](ROADMAP.md) for details.
+
 ## Privilege Requirements
 
 RustNet requires privileged access for packet capture:
diff --git a/src/network/platform/freebsd/interface_stats.rs b/src/network/platform/freebsd/interface_stats.rs
@@ -23,28 +23,28 @@ impl InterfaceStatsProvider for FreeBSDStatsProvider {
 
             while let Some(ifa) = current.as_ref() {
                 // Only process AF_LINK entries (data link layer)
-                if let Some(addr) = ifa.ifa_addr.as_ref() {
-                    if addr.sa_family as i32 == libc::AF_LINK {
-                        let name = CStr::from_ptr(ifa.ifa_name).to_string_lossy().to_string();
+                if let Some(addr) = ifa.ifa_addr.as_ref()
+                    && addr.sa_family as i32 == libc::AF_LINK
+                {
+                    let name = CStr::from_ptr(ifa.ifa_name).to_string_lossy().to_string();
 
-                        // Get if_data from ifa_data
-                        #[cfg(target_os = "freebsd")]
-                        {
-                            if let Some(if_data) = (ifa.ifa_data as *const libc::if_data).as_ref() {
-                                stats.push(InterfaceStats {
-                                    interface_name: name,
-                                    rx_bytes: if_data.ifi_ibytes,
-                                    tx_bytes: if_data.ifi_obytes,
-                                    rx_packets: if_data.ifi_ipackets,
-                                    tx_packets: if_data.ifi_opackets,
-                                    rx_errors: if_data.ifi_ierrors,
-                                    tx_errors: if_data.ifi_oerrors,
-                                    rx_dropped: if_data.ifi_iqdrops,
-                                    tx_dropped: 0, // Not typically available on FreeBSD
-                                    collisions: if_data.ifi_collisions,
-                                    timestamp: SystemTime::now(),
-                                });
-                            }
+                    // Get if_data from ifa_data
+                    #[cfg(target_os = "freebsd")]
+                    {
+                        if let Some(if_data) = (ifa.ifa_data as *const libc::if_data).as_ref() {
+                            stats.push(InterfaceStats {
+                                interface_name: name,
+                                rx_bytes: if_data.ifi_ibytes,
+                                tx_bytes: if_data.ifi_obytes,
+                                rx_packets: if_data.ifi_ipackets,
+                                tx_packets: if_data.ifi_opackets,
+                                rx_errors: if_data.ifi_ierrors,
+                                tx_errors: if_data.ifi_oerrors,
+                                rx_dropped: if_data.ifi_iqdrops,
+                                tx_dropped: 0, // Not typically available on FreeBSD
+                                collisions: if_data.ifi_collisions,
+                                timestamp: SystemTime::now(),
+                            });
                         }
                     }
                 }
diff --git a/src/network/platform/mod.rs b/src/network/platform/mod.rs
@@ -105,7 +105,7 @@ mod windows;
 
 // Re-export factory functions and types from platform modules
 #[cfg(target_os = "freebsd")]
-pub use freebsd::{FreeBSDProcessLookup, FreeBSDStatsProvider, create_process_lookup};
+pub use freebsd::{FreeBSDStatsProvider, create_process_lookup};
 #[cfg(all(target_os = "linux", feature = "landlock"))]
 pub use linux::sandbox;
 #[cfg(target_os = "linux")]
diff --git a/src/ui.rs b/src/ui.rs
@@ -2010,8 +2010,8 @@ fn draw_stats_panel(
         ]
     };
 
-    // Non-Linux/non-macOS unix (FreeBSD) or macOS without macos-sandbox feature:
-    // show privilege info
+    // Other unix platforms (FreeBSD, macOS without macos-sandbox feature, etc.):
+    // show privilege info only
     #[cfg(all(
         unix,
         not(target_os = "linux"),
