Date: Thu, 20 Aug 2009 19:10:02 +0200 From: marta carbone <marta@freebsd.org> To: soc-status@freebsd.org Subject: ipfw, status update and final report Message-ID: <b62a99a60908201010o23175a7dkdf015b7efff2e3e4@mail.gmail.com>
index | next in thread | raw e-mail
During the last week I worked on the ipfw userland configuration tool and on the userland-kernel interface. The default behavior of the ipfw configuration tool is to silently accept different syntax to specify the rules. Now it has a new "strict" option which implements stronger error checking. The userland-kernel interface allowed to transfer the whole ruleset for each userland request. Rules transfer is now split in two parts, static and dynamic, allowing to request only a subset of rules. This reduces the size of transfers and contention on kernel data structures. Now that the project is at the end, I summarized the work done so far. - the ipfw and dummynet source code was moved in a separate directory; - the ipfw_chk() function, composed by a very huge switch statement, is now implemented by a dispatching table, making the code more readable. Before an after this change, I did a set of performance measurements to profile the ipfw_chk() execution times; - the microinstruction compiler is now built as a library, splitting the ipfw compilation and decompilation functions from the socket I/O functions; - the userland ipfw configuration tool is built using such `libipfw' library; - the userland-kernel rule interface allows distinct transfers for static or dynamic rules; - the ipfw userland code has a new options to implement strict checks on rule parsing. The code related to this work was uploaded on the perforce server, on the soc2009/marta_ipfw project. martahome | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?b62a99a60908201010o23175a7dkdf015b7efff2e3e4>