From owner-soc-status@freebsd.org Tue Aug 18 10:38:00 2015 Return-Path: Delivered-To: soc-status@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 243079BC67E for ; Tue, 18 Aug 2015 10:38:00 +0000 (UTC) (envelope-from tuchalia@gmail.com) Received: from mail-lb0-x22c.google.com (mail-lb0-x22c.google.com [IPv6:2a00:1450:4010:c04::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 8A53288C; Tue, 18 Aug 2015 10:37:59 +0000 (UTC) (envelope-from tuchalia@gmail.com) Received: by lbbtg9 with SMTP id tg9so100684623lbb.1; Tue, 18 Aug 2015 03:37:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-type; bh=fnP8zjgoM2/ZDRwKAT0PGD58uBjK6B/sm8bH5D1Jbtg=; b=wiv0VZW1CksK+EE8+XKxUGx0ja4fUA4l73srRf84jOCGWjaVGLxtqRGcGe/6Q5hYU+ e4RIth9ibAdUQRCayLk5OmcePpOcwIJYl5Cb52BYXzjfrJNUhBxfsRVt/jlLXGiGzrT3 yGyrKATaVeJl53K1kcyIhQSW/caa9TnNHUbOxfJjembr7+rNFTUXNbF3WeKh4qgH6N4J jQfuiz/0q0EG3MKB13TcWEAMn9ccYVnVP3J3z+gRD217nsaKQKstYHKxzYSJO98IXE06 fueyp/N8vK4nY1ZGxHpPGe3rd1WARf3a1W2VMgXXXD0G5eQDkFeY8h5rS9RCvLhwS/YM SaQA== X-Received: by 10.152.37.67 with SMTP id w3mr5676857laj.123.1439894277387; Tue, 18 Aug 2015 03:37:57 -0700 (PDT) MIME-Version: 1.0 References: <358A0094-61DE-4685-933F-EDED85A6A07C@freebsd.org> In-Reply-To: From: Daniel Peyrolon Date: Tue, 18 Aug 2015 10:37:47 +0000 Message-ID: Subject: Re: Status reports for "JIT for firewalling" To: George Neville-Neil Cc: soc-status@freebsd.org Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.20 X-BeenThere: soc-status@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Summer of Code Status Reports and Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Aug 2015 10:38:00 -0000 Hi everyone, This past week I managed to complete one of the two final commands, and started working on it at the netperf cluster (in order to test it). I'm going to keep working on this after the SoC in order to get it done (after all, I'm going to use the firewall for my Master Thesis). If anyone is interested in how it's going, you can reach me out easily, or look for changes in my git repository (github.com/dplbsd/netmap-ipfwjit) or the wiki page. El lun., 10 ago. 2015 a las 10:16, Daniel Peyrolon () escribi=C3=B3: > Hi everyone, > > This week I managed to get code emission and compilation right for all > rules, except the three that modify the control flow. (skipto, call and > return). > These will be done this week. > > El jue., 6 ago. 2015 a las 10:38, George Neville-Neil () > escribi=C3=B3: > >> Great, I'll go look at the update etc. >> >> Best, >> George >> >> >> On 5 Aug 2015, at 22:49, Daniel Peyrolon wrote: >> >> > Yes, all of that is commited at my repo. >> > >> > El mar., 4 ago. 2015 a las 14:13, George Neville-Neil (> >) >> > escribi=C3=B3: >> > >> >> Sounds very promising. >> >> Have you committed an pushed the changes that made everything >> >> start to work? Even if that's just a set of notes, rather than code, >> >> that ought to be preserved. >> >> >> >> Best, >> >> George >> >> On 3 Aug 2015, at 9:15, Daniel Peyrolon wrote: >> >> >> >>> Hello, >> >>> >> >>> Finally we have the firewall working! >> >>> I get a kernel panic whenever I try to filter an unbounded number of >> >>> packets, but it doesn't when filtering a small amount of packets. >> >>> >> >>> The things to do now are: >> >>> - Test that the emission of all the new rules is working properly, a= nd >> >>> test that rule. >> >>> - Avoid kernel panic. This will take a longer time, but we need this >> in >> >>> order to get the firewall working in real-world systems. >> >>> - Write flow modifying rules: Given that I've been out of the game f= or >> >>> so long, I haven't been able to get those rules written yet, but >> luckily >> >>> they are only two rules, and its implementation shouldn't be hard. >> >>> >> >>> El lun., 27 jul. 2015 a las 20:36, Daniel Peyrolon (< >> tuchalia@gmail.com >> >>> ) >> >>> escribi=C3=B3: >> >>> >> >>>> Hi again, >> >>>> >> >>>> Unfortunately I haven't been able to make any further progress. >> >>>> I've been having a lot of problems to get the compiler working. I >> tested >> >>>> many different hypotheses about the bug with no success so far, and >> I've >> >>>> talked with David Chisnall to see if he could lend me a hand and he >> has >> >>>> given me some pointers. So, hopefully, I'll be past this stage this >> >> week. >> >>>> >> >>>> El lun., 20 jul. 2015 a las 15:43, George Neville-Neil (< >> >> gnn@freebsd.org>) >> >>>> escribi=C3=B3: >> >>>> >> >>>>> Seems like the next thing to do is build from source as David >> suggests. >> >>>>> >> >>>>> Best, >> >>>>> George >> >>>>> >> >>>>> >> >>>>> On 20 Jul 2015, at 4:47, Daniel Peyrolon wrote: >> >>>>> >> >>>>>> Hi everyone, >> >>>>>> >> >>>>>> This has not been a productive week. I've been so far unable to g= et >> >>>>>> the >> >>>>>> compiler working, I contacted David Chinsall as I said, and I hav= e >> >>>>>> been >> >>>>>> looking to make everything works. The initialization process of >> LLVM >> >>>>>> is not >> >>>>>> working as expected, which may be related to a bad install (we ha= ve >> >>>>>> already >> >>>>>> disarded that), a bad building process, or a bad LLVM >> initialization >> >>>>>> process. Given the fact that the LLVM API has changed a lot since >> the >> >>>>>> last >> >>>>>> time, that may be possible. >> >>>>>> >> >>>>>> El s=C3=A1b., 11 jul. 2015 a las 12:24, Daniel Peyrolon >> >>>>>> () >> >>>>>> escribi=C3=B3: >> >>>>>> >> >>>>>>> Hi everyone, >> >>>>>>> >> >>>>>>> This last pair of weeks I've written the code needed to compile >> >>>>>>> almost all >> >>>>>>> the rules, except those that modify control flow: call and skipt= o. >> >>>>>>> For >> >>>>>>> those ones I will have to write them by hand on LLVM IR. >> >>>>>>> >> >>>>>>> I also started working on the testing code. I'm using conductor = to >> >>>>>>> control the different hosts. I already have reserved a pair of >> hosts >> >>>>>>> from >> >>>>>>> the netperf cluster in order to get that running. >> >>>>>>> >> >>>>>>> So far I haven't been able to test anything because the compiler >> is >> >>>>>>> not >> >>>>>>> working yet, there has been a change in the API of LLVM since I >> last >> >>>>>>> worked >> >>>>>>> with it, I sent an email to my past mentor, David Chisnall askin= g >> for >> >>>>>>> advice. >> >>>>>>> -- >> >>>>>>> Daniel >> >>>>>>> >> >>>>>> -- >> >>>>>> Daniel >> >>>>> >> >>>> -- >> >>>> Daniel >> >>>> >> >>> -- >> >>> Daniel >> >> >> > -- >> > Daniel >> > -- > Daniel > --=20 Daniel