From owner-soc-status@FreeBSD.ORG Tue Jun 10 15:17:00 2014 Return-Path: Delivered-To: soc-status@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 98513E9F for ; Tue, 10 Jun 2014 15:17:00 +0000 (UTC) Received: from mail-la0-x22d.google.com (mail-la0-x22d.google.com [IPv6:2a00:1450:4010:c03::22d]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 23DAF2152 for ; Tue, 10 Jun 2014 15:16:59 +0000 (UTC) Received: by mail-la0-f45.google.com with SMTP id s18so4055337lam.4 for ; Tue, 10 Jun 2014 08:16:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=tlM3g1Ifs/xBlgkLZZWWQNKQLA/M4GUcyjIn660tTR0=; b=GKAdndA1T+cJ3+/VmSgd0Zr2xUJQl5g8+0MVpcFrqZnodylHoJ9nQtD++vL1xNUxGa mLawKCxo2BL4WsE7OL2fmMA4bjUUaZPY9SCq/HmCSzvtQ2XivBDtuaeWqIhIx/x+5KpL nqamXCxNxQiBSk/1q/zRl32+DGEI1Sf5moOFFXRk/8adLLdMieahzCmqKiI7p0iH/FZx 1Cnzp1QawhYQCGGM6wpC+BtF7nMvjG3VWvMGvK3GqPfuL1CmK2ANalGun2rKg1fA+2aH eM4TWvHkHxaMnXPN9SH1oxz3ZKcv44eV3PgLcw4pPcvKM58Ykeo9d6NNbSc6hrctlHi9 5NFg== MIME-Version: 1.0 X-Received: by 10.152.27.134 with SMTP id t6mr7693963lag.41.1402413418001; Tue, 10 Jun 2014 08:16:58 -0700 (PDT) Received: by 10.112.50.129 with HTTP; Tue, 10 Jun 2014 08:16:57 -0700 (PDT) Date: Tue, 10 Jun 2014 17:16:57 +0200 Message-ID: Subject: Status reports for: Userspace netmap-powered JIT-compiled firewall From: Daniel Peyrolon To: soc-status@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.18 X-BeenThere: soc-status@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Summer of Code Status Reports and Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Jun 2014 15:17:00 -0000 Hello everyone, Sorry for the delay, but I've been unable to work on this project until this and the last week. (Due to university work, mainly). I'm working on the "Userspace netmap-powered JIT-compiled firewall", it's wiki page can be seen at [1]. It's mainly a project to add LLVM support in order to JIT-compile the rules. I've been working mainly on isolating the code that is executed when checking if a packet does match the given rule, that way, this code could be compiled into LLVM IR, and optimize it, in order to JIT compile, and execute them. Once I'm done with isolating the rules (which won't take more than a week), I plan to start emitting the IR code of these checks, and integrate it into the firewall so that it can get executed. It will also be possible to interpret the rules, as it has been done traditionally. I will work on this until all the rules are implemented. After that, it will be a matter of trying with complex rules and benchmarking and profiling the firewall. [1]:https://wiki.freebsd.org/SummerOfCode2014/ConvertingIPFWRulesets -- Daniel