Date: Mon, 10 Aug 2015 09:16:36 +0000 From: Daniel Peyrolon <tuchalia@gmail.com> To: George Neville-Neil <gnn@freebsd.org> Cc: soc-status@freebsd.org Subject: Re: Status reports for "JIT for firewalling" Message-ID: <CA%2ByaQw9eMxeH0=ZHXofhP9jjSNpRNTArPKVONtqgQTCOQUDZPQ@mail.gmail.com> In-Reply-To: <D3BDBE8F-EDD3-444E-88CF-2D0B961A8347@freebsd.org> References: <CA%2ByaQw-vHcz6e=ugDx4g0APtV6C9nAzPoOm5ZfTcdHb=4wfamg@mail.gmail.com> <CA%2ByaQw9G9TjKb2vfz0OAyg0rryWD2gM_r9sV3VoWoQq7De_wug@mail.gmail.com> <358A0094-61DE-4685-933F-EDED85A6A07C@freebsd.org> <CA%2ByaQw-884no1GMHhQ201VDTV3OipRJgaaT1mfWErNj2Ls2rzQ@mail.gmail.com> <CA%2ByaQw-SZtDunZ%2B6Mk=zLm-MyedkUotpmQ10AYJQ4xgxcRrPhA@mail.gmail.com> <C3C0FABA-0178-4F69-9675-71E82807CF11@freebsd.org> <CA%2ByaQw_Tm0Ciwsbe-_PY_tVvpAT_rsaujz54Nv6jAFDXxZH7nw@mail.gmail.com> <D3BDBE8F-EDD3-444E-88CF-2D0B961A8347@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi everyone, This week I managed to get code emission and compilation right for all rules, except the three that modify the control flow. (skipto, call and return). These will be done this week. El jue., 6 ago. 2015 a las 10:38, George Neville-Neil (<gnn@freebsd.org>) escribi=C3=B3: > Great, I'll go look at the update etc. > > Best, > George > > > On 5 Aug 2015, at 22:49, Daniel Peyrolon wrote: > > > Yes, all of that is commited at my repo. > > > > El mar., 4 ago. 2015 a las 14:13, George Neville-Neil (<gnn@freebsd.org > >) > > escribi=C3=B3: > > > >> Sounds very promising. > >> Have you committed an pushed the changes that made everything > >> start to work? Even if that's just a set of notes, rather than code, > >> that ought to be preserved. > >> > >> Best, > >> George > >> On 3 Aug 2015, at 9:15, Daniel Peyrolon wrote: > >> > >>> Hello, > >>> > >>> Finally we have the firewall working! > >>> I get a kernel panic whenever I try to filter an unbounded number of > >>> packets, but it doesn't when filtering a small amount of packets. > >>> > >>> The things to do now are: > >>> - Test that the emission of all the new rules is working properly, an= d > >>> test that rule. > >>> - Avoid kernel panic. This will take a longer time, but we need this = in > >>> order to get the firewall working in real-world systems. > >>> - Write flow modifying rules: Given that I've been out of the game fo= r > >>> so long, I haven't been able to get those rules written yet, but > luckily > >>> they are only two rules, and its implementation shouldn't be hard. > >>> > >>> El lun., 27 jul. 2015 a las 20:36, Daniel Peyrolon (< > tuchalia@gmail.com > >>> ) > >>> escribi=C3=B3: > >>> > >>>> Hi again, > >>>> > >>>> Unfortunately I haven't been able to make any further progress. > >>>> I've been having a lot of problems to get the compiler working. I > tested > >>>> many different hypotheses about the bug with no success so far, and > I've > >>>> talked with David Chisnall to see if he could lend me a hand and he > has > >>>> given me some pointers. So, hopefully, I'll be past this stage this > >> week. > >>>> > >>>> El lun., 20 jul. 2015 a las 15:43, George Neville-Neil (< > >> gnn@freebsd.org>) > >>>> escribi=C3=B3: > >>>> > >>>>> Seems like the next thing to do is build from source as David > suggests. > >>>>> > >>>>> Best, > >>>>> George > >>>>> > >>>>> > >>>>> On 20 Jul 2015, at 4:47, Daniel Peyrolon wrote: > >>>>> > >>>>>> Hi everyone, > >>>>>> > >>>>>> This has not been a productive week. I've been so far unable to ge= t > >>>>>> the > >>>>>> compiler working, I contacted David Chinsall as I said, and I have > >>>>>> been > >>>>>> looking to make everything works. The initialization process of LL= VM > >>>>>> is not > >>>>>> working as expected, which may be related to a bad install (we hav= e > >>>>>> already > >>>>>> disarded that), a bad building process, or a bad LLVM initializati= on > >>>>>> process. Given the fact that the LLVM API has changed a lot since > the > >>>>>> last > >>>>>> time, that may be possible. > >>>>>> > >>>>>> El s=C3=A1b., 11 jul. 2015 a las 12:24, Daniel Peyrolon > >>>>>> (<tuchalia@gmail.com>) > >>>>>> escribi=C3=B3: > >>>>>> > >>>>>>> Hi everyone, > >>>>>>> > >>>>>>> This last pair of weeks I've written the code needed to compile > >>>>>>> almost all > >>>>>>> the rules, except those that modify control flow: call and skipto= . > >>>>>>> For > >>>>>>> those ones I will have to write them by hand on LLVM IR. > >>>>>>> > >>>>>>> I also started working on the testing code. I'm using conductor t= o > >>>>>>> control the different hosts. I already have reserved a pair of > hosts > >>>>>>> from > >>>>>>> the netperf cluster in order to get that running. > >>>>>>> > >>>>>>> So far I haven't been able to test anything because the compiler = is > >>>>>>> not > >>>>>>> working yet, there has been a change in the API of LLVM since I > last > >>>>>>> worked > >>>>>>> with it, I sent an email to my past mentor, David Chisnall asking > for > >>>>>>> advice. > >>>>>>> -- > >>>>>>> Daniel > >>>>>>> > >>>>>> -- > >>>>>> Daniel > >>>>> > >>>> -- > >>>> Daniel > >>>> > >>> -- > >>> Daniel > >> > > -- > > Daniel > --=20 Daniel
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CA%2ByaQw9eMxeH0=ZHXofhP9jjSNpRNTArPKVONtqgQTCOQUDZPQ>