From owner-soc-status@FreeBSD.ORG Thu Aug 20 17:10:04 2009 Return-Path: Delivered-To: soc-status@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8DC49106568F for ; Thu, 20 Aug 2009 17:10:04 +0000 (UTC) (envelope-from marta.carbone@gmail.com) Received: from qw-out-2122.google.com (qw-out-2122.google.com [74.125.92.27]) by mx1.freebsd.org (Postfix) with ESMTP id 48EAD8FC6B for ; Thu, 20 Aug 2009 17:10:03 +0000 (UTC) Received: by qw-out-2122.google.com with SMTP id 3so28768qwe.7 for ; Thu, 20 Aug 2009 10:10:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:sender:received:date :x-google-sender-auth:message-id:subject:from:to:content-type :content-transfer-encoding; bh=LYI2L1yJ3mUBK4+eq15kGFLABFgIEd0+Yg2+OF+bwkM=; b=GaHKVEz7L92CBAMRciRjKkuAdjgfgiYnpZQPJx6o02WJxAoABOD4sk0WlZd6z6jzGP AlRqValbbR1kTXHKYh/uWCn1viHD+npkmMeksAnceHtquf+EUgHTIglVUZs2QDRl8FxC /C18LjTbIll0jAmF/+Q5lHLpiooLtTeLucZBw= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:date:x-google-sender-auth:message-id:subject :from:to:content-type:content-transfer-encoding; b=Wpd2+34c6tuwkXJy2Ue2BrQuQwcDUAtcAu6i5/IV/TwcKMtxHPRU3/eSM49VJGxCzP rFcOokMuItBEd3XqUAtKP13tQGXNZVjRNHS38KMrnlz71bza6Hk00XFheoAzZZqYGCnT Nm1L0EXg4PwR2hpE6/GKZQO57F5xVLhp3Vsck= MIME-Version: 1.0 Sender: marta.carbone@gmail.com Received: by 10.229.46.145 with SMTP id j17mr10598qcf.6.1250788202895; Thu, 20 Aug 2009 10:10:02 -0700 (PDT) Date: Thu, 20 Aug 2009 19:10:02 +0200 X-Google-Sender-Auth: 3b7445e6158c7ee8 Message-ID: From: marta carbone To: soc-status@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Subject: ipfw, status update and final report X-BeenThere: soc-status@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Summer of Code Status Reports and Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Aug 2009 17:10:04 -0000 During the last week I worked on the ipfw userland configuration tool and on the userland-kernel interface. The default behavior of the ipfw configuration tool is to silently accept different syntax to specify the rules. Now it has a new "strict" option which implements stronger error checking. The userland-kernel interface allowed to transfer the whole ruleset for each userland request.=A0 Rules transfer is now split in two parts, static and dynamic, allowing to request only a subset of rules. This reduces the size of transfers and contention on kernel data structures. Now that the project is at the end, I summarized the work done so far. - the ipfw and dummynet source code was moved in a separate directory; - the ipfw_chk() function, composed by a very huge switch statement, =A0 is now implemented by a dispatching table, making the code more =A0 readable. Before an after this change, I did a set of performance =A0 measurements to profile the ipfw_chk() execution times; - the microinstruction compiler is now built as a library, splitting =A0 the ipfw compilation and decompilation functions from the socket I/O =A0 functions; - the userland ipfw configuration tool is built using such `libipfw' =A0 library; - the userland-kernel rule interface allows distinct transfers for =A0 static or dynamic rules; - the ipfw userland code has a new options to implement strict =A0 checks on rule parsing. The code related to this work was uploaded on the perforce server, on the soc2009/marta_ipfw project. marta