Date: Thu, 20 Aug 2009 19:10:02 +0200 From: marta carbone <marta@freebsd.org> To: soc-status@freebsd.org Subject: ipfw, status update and final report Message-ID: <b62a99a60908201010o23175a7dkdf015b7efff2e3e4@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
During the last week I worked on the ipfw userland configuration tool and on the userland-kernel interface. The default behavior of the ipfw configuration tool is to silently accept different syntax to specify the rules. Now it has a new "strict" option which implements stronger error checking. The userland-kernel interface allowed to transfer the whole ruleset for each userland request.=A0 Rules transfer is now split in two parts, static and dynamic, allowing to request only a subset of rules. This reduces the size of transfers and contention on kernel data structures. Now that the project is at the end, I summarized the work done so far. - the ipfw and dummynet source code was moved in a separate directory; - the ipfw_chk() function, composed by a very huge switch statement, =A0 is now implemented by a dispatching table, making the code more =A0 readable. Before an after this change, I did a set of performance =A0 measurements to profile the ipfw_chk() execution times; - the microinstruction compiler is now built as a library, splitting =A0 the ipfw compilation and decompilation functions from the socket I/O =A0 functions; - the userland ipfw configuration tool is built using such `libipfw' =A0 library; - the userland-kernel rule interface allows distinct transfers for =A0 static or dynamic rules; - the ipfw userland code has a new options to implement strict =A0 checks on rule parsing. The code related to this work was uploaded on the perforce server, on the soc2009/marta_ipfw project. marta
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?b62a99a60908201010o23175a7dkdf015b7efff2e3e4>