From owner-soc-status@freebsd.org Mon Aug 3 08:15:31 2015 Return-Path: Delivered-To: soc-status@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 208469AF244 for ; Mon, 3 Aug 2015 08:15:31 +0000 (UTC) (envelope-from tuchalia@gmail.com) Received: from mail-lb0-x22a.google.com (mail-lb0-x22a.google.com [IPv6:2a00:1450:4010:c04::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 9A44BEAD; Mon, 3 Aug 2015 08:15:30 +0000 (UTC) (envelope-from tuchalia@gmail.com) Received: by lbbud7 with SMTP id ud7so69647634lbb.3; Mon, 03 Aug 2015 01:15:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-type; bh=5U+mDk5JgHeFKuRfcmpWQUXABJPu+db/E2RjTgoHf4I=; b=qwbuLqrG7vmypcnG3pC8dKn/MeN8m7xQXSvxzFxKnyy0j4My8DKFyJ+4fcHnZ5J09w CLQwk5eJldYRUXd99yoGFYD/R/X5afX4bITs/PifwrPLZmIKJVnSAeZcod3zYVKYbgJC 5tSu99tIYNR72d9yKfoNXYibD+kEJE8I+0SL31hjh6TRgay2tOO33L/lgXLo8Jepkmgq mpj3r+HtJrIfT9bQ9CXH1292JGWNtXR6THVpYOX/l8RPaDJ6dk75Vybw2qOhJh4bIxCM EQK/JoTSnqHIvrNsyYBwQbFdYroMd1fs8acCCqu3O0nmwff2wgwMa21+ZrVt8hlcPAed xX4w== X-Received: by 10.112.186.35 with SMTP id fh3mr15239791lbc.82.1438589728677; Mon, 03 Aug 2015 01:15:28 -0700 (PDT) MIME-Version: 1.0 References: <358A0094-61DE-4685-933F-EDED85A6A07C@freebsd.org> In-Reply-To: From: Daniel Peyrolon Date: Mon, 03 Aug 2015 08:15:19 +0000 Message-ID: Subject: Re: Status reports for "JIT for firewalling" To: George Neville-Neil Cc: soc-status@freebsd.org Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.20 X-BeenThere: soc-status@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Summer of Code Status Reports and Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Aug 2015 08:15:31 -0000 Hello, Finally we have the firewall working! I get a kernel panic whenever I try to filter an unbounded number of packets, but it doesn't when filtering a small amount of packets. The things to do now are: - Test that the emission of all the new rules is working properly, and test that rule. - Avoid kernel panic. This will take a longer time, but we need this in order to get the firewall working in real-world systems. - Write flow modifying rules: Given that I've been out of the game for so long, I haven't been able to get those rules written yet, but luckily they are only two rules, and its implementation shouldn't be hard. El lun., 27 jul. 2015 a las 20:36, Daniel Peyrolon () escribi=C3=B3: > Hi again, > > Unfortunately I haven't been able to make any further progress. > I've been having a lot of problems to get the compiler working. I tested > many different hypotheses about the bug with no success so far, and I've > talked with David Chisnall to see if he could lend me a hand and he has > given me some pointers. So, hopefully, I'll be past this stage this week. > > El lun., 20 jul. 2015 a las 15:43, George Neville-Neil (= ) > escribi=C3=B3: > >> Seems like the next thing to do is build from source as David suggests. >> >> Best, >> George >> >> >> On 20 Jul 2015, at 4:47, Daniel Peyrolon wrote: >> >> > Hi everyone, >> > >> > This has not been a productive week. I've been so far unable to get >> > the >> > compiler working, I contacted David Chinsall as I said, and I have >> > been >> > looking to make everything works. The initialization process of LLVM >> > is not >> > working as expected, which may be related to a bad install (we have >> > already >> > disarded that), a bad building process, or a bad LLVM initialization >> > process. Given the fact that the LLVM API has changed a lot since the >> > last >> > time, that may be possible. >> > >> > El s=C3=A1b., 11 jul. 2015 a las 12:24, Daniel Peyrolon >> > () >> > escribi=C3=B3: >> > >> >> Hi everyone, >> >> >> >> This last pair of weeks I've written the code needed to compile >> >> almost all >> >> the rules, except those that modify control flow: call and skipto. >> >> For >> >> those ones I will have to write them by hand on LLVM IR. >> >> >> >> I also started working on the testing code. I'm using conductor to >> >> control the different hosts. I already have reserved a pair of hosts >> >> from >> >> the netperf cluster in order to get that running. >> >> >> >> So far I haven't been able to test anything because the compiler is >> >> not >> >> working yet, there has been a change in the API of LLVM since I last >> >> worked >> >> with it, I sent an email to my past mentor, David Chisnall asking for >> >> advice. >> >> -- >> >> Daniel >> >> >> > -- >> > Daniel >> > -- > Daniel > --=20 Daniel From owner-soc-status@freebsd.org Mon Aug 3 13:26:27 2015 Return-Path: Delivered-To: soc-status@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id F3C689B2A78 for ; Mon, 3 Aug 2015 13:26:26 +0000 (UTC) (envelope-from roam@ringlet.net) Received: from nimbus.fccf.net (nimbus.fccf.net [77.77.144.35]) by mx1.freebsd.org (Postfix) with ESMTP id B5ACFEC0 for ; Mon, 3 Aug 2015 13:26:26 +0000 (UTC) (envelope-from roam@ringlet.net) Received: from straylight.m.ringlet.net (unknown [46.233.30.128]) by nimbus.fccf.net (Postfix) with ESMTPSA id 60FCADBA for ; Mon, 3 Aug 2015 16:26:23 +0300 (EEST) Received: from roam (uid 1000) (envelope-from roam@ringlet.net) id 254035f by straylight.m.ringlet.net (DragonFly Mail Agent v0.9); Mon, 03 Aug 2015 16:26:22 +0300 Date: Mon, 3 Aug 2015 16:26:22 +0300 From: Peter Pentchev To: soc-status@FreeBSD.org Subject: Re: Status report: ng_ayiya - an AYIYA Netgraph node Message-ID: <20150803132622.GE3216@straylight.m.ringlet.net> References: <20150620164531.GB2937@straylight.m.ringlet.net> <20150701162743.GA3137@straylight.m.ringlet.net> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="Km1U/tdNT/EmXiR1" Content-Disposition: inline In-Reply-To: <20150701162743.GA3137@straylight.m.ringlet.net> User-Agent: Mutt/1.5.23 (2014-03-12) X-BeenThere: soc-status@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Summer of Code Status Reports and Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Aug 2015 13:26:27 -0000 --Km1U/tdNT/EmXiR1 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi all, The goal of this project is to create a Netgraph node that acts as a link between a socket (TCP, UDP, SCTP, ...) connection to an AYIYA server (for a start, the SixXS POPs) and a local network interface (for a start, one that can route IPv6 traffic). Wiki: https://wiki.freebsd.org/SummerOfCode2015/AYIYASixXSNetgraphNode Subversion: https://svnweb.freebsd.org/socsvn/soc2015/roam/ Testing: https://svnweb.freebsd.org/socsvn/soc2015/roam/README.txt?view=3Dco I am now very close to completing the stated goals of the project - the SixXS AICCU tool now has initial support for using the ng_ayiya Netgraph node for setting up tunnels and passing actual IPv6 traffic through them. Here's what has happened since my last report: - finished up and prepared for release the Net-SixXS Perl interface to the SixXS Tunnel Information and Control protocol that is used to negotiate the IPv6-over-IPv4 AYIYA tunnels - created initial versions of several FreeBSD ports: - ng_ayiya (the GSoC project itself) - Net-SixXS - MooseX-Role-JSONObject (another Perl module that I decided to finish up and release since it came in useful for this project) - Method-Signatures (a third-party Perl module) - imported into the GSoC Subversion repo the FreeBSD port of AICCU, the tool used to set up the AYIYA tunnels - developed an initial version of a patch for the AICCU port to use the ng_ayiya Netgraph node (the final goal of the GSoC project); there is still work to do, but the tunnels are being brought up and IPv6 traffic passes through them G'luck, Peter --=20 Peter Pentchev roam@ringlet.net roam@FreeBSD.org PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint 2EE7 A7A5 17FC 124C F115 C354 651E EFB0 2527 DF13 --Km1U/tdNT/EmXiR1 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJVv2v5AAoJEGUe77AlJ98Te9AQAISKFtOmDWy2aoom5f27rqRd YqmAO6h1PCog27mNtSJlCVXfuCVgMdbfLz0GK0nlXhPdXAUGO1KPmLv9DQzLcMsf rPM/ln+DiAO1gcR8rCxHjQQ1avMTcFyQ8Fg4ZATNT4KqLim235dDExgpyXly7vaL 6oi4qLQBOZJSAmMb+TpTNdcBvYHbOet9xnl613RSWdrCszJFBtgkhZN2jLfKYSpl UDczH4prQusbIMjg5uiirYvI0ZIZlQnN/3N1pjFVOEPrn0YAO4lbe/9+Xr90RUDo shP+esVS8+rySX6UyOnBO8fCxbX7zTHQ1pDr+S/pGeCL/DDLOTel975dleg/gLQd 2zlryunoxK0D/+dprCrliOWiKZEWjL/P2XYJX5sce+dLGsTsMEvhCEmaV6WtuCUO KF3S41+4au7kdZI2zP4LxiX6nLg0BGqJcGd74bCv5GMtilcL+BGQ6AFszyyAsO5o dz8OJFPEgxNkTOQkP74jmCBckU5SopTfo2tsiPCJvi2ObObDgAXh+HneN9s8rHfj Ht5HDTlTt2/RKBGdAi/k2FMjVglBaeeMIsGDC52qVxUpEJ0yxFBA8X+78A9/Cruk rc6h3ij2/xxydDTtumfL+hbY6CQy229AKg4lU3LnlNPSCCY3CrbXCuO6LwGhkhWI GC6mvLL0hUI5ZVBPyal3 =Q0CT -----END PGP SIGNATURE----- --Km1U/tdNT/EmXiR1-- From owner-soc-status@freebsd.org Mon Aug 3 19:31:56 2015 Return-Path: Delivered-To: soc-status@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 764879B2BAD for ; Mon, 3 Aug 2015 19:31:56 +0000 (UTC) (envelope-from prasadjoshi.linux@gmail.com) Received: from mail-ob0-x231.google.com (mail-ob0-x231.google.com [IPv6:2607:f8b0:4003:c01::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 3BC04B69 for ; Mon, 3 Aug 2015 19:31:56 +0000 (UTC) (envelope-from prasadjoshi.linux@gmail.com) Received: by obbop1 with SMTP id op1so107020740obb.2 for ; Mon, 03 Aug 2015 12:31:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=93U2UAuynN9w+X522/0mOfeV0AanYNO1qEEC36FzIi0=; b=sEQsjzPAJXOITIyUeJkJ3jIBE/a9GfKZe/ufELVloQvYzqDDelauIknzc9Z6pZV+Kd KCbGwx1RAwLRmzdyzr9xf/4+bU1O2vrqpkOC9T/CY/nbHxecuANgKrTdmo4sgm32B9qU Iw0DMLxVU+Qi2VGC/HuqW4aszYm+JbGENKpZXNBeo9esma9XMubPb936XUOrcAeGLCqy 6t2N42hUilYGXgBtG6Kua62VRoORAQQ2j4F79bBooF0vy+/GKnoMUpx5x7CtfpkevWyd W+zwOJXc8BZ2yVUij3oT9mowj2oa7CxHGnbkqGeV71BBamqsw15taw+5W8IlsIgZDfZW JblA== MIME-Version: 1.0 X-Received: by 10.182.247.102 with SMTP id yd6mr17693634obc.39.1438630315554; Mon, 03 Aug 2015 12:31:55 -0700 (PDT) Received: by 10.60.27.69 with HTTP; Mon, 3 Aug 2015 12:31:55 -0700 (PDT) In-Reply-To: References: Date: Tue, 4 Aug 2015 01:01:55 +0530 Message-ID: Subject: Re: [gsoc15] dynamically discover bes From: Prasad Joshi To: soc-status@freebsd.org Cc: Xin LI Content-Type: text/plain; charset=UTF-8 X-BeenThere: soc-status@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Summer of Code Status Reports and Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Aug 2015 19:31:56 -0000 Status Report =========== 1. Added flat zap support 2. Removed common, unnecessary code. 3. When machine bootsup, instead of waiting for a keypress to show bootmenu, now it is displayed as soon as machine starts. If no key is pressed, default BE is used for booting in 5 seconds Tasks for coming week ================== 1. Fix broken sort functionality 2. Fix util.c and libstand.a compilation problem 3. Special keys for example arrow keys, home, pageup etc aren't working till now On Tue, Jul 28, 2015 at 1:04 AM, Prasad Joshi wrote: > Status report > ========== > The BEs menu is working. With my code changes, when machine is booted > by default gptzfsboot tries to boot an active BE. However, if user > presses any key, the code finds out all BEs and displays menu for > selection to user. Once user selects a BE to boot from, appropriate > information is passed to next stage of boot loader. > > Tasks for coming week > ================= > 1. I disabled some of the existing gptzfsboot code which handles > serial console. I will try to enable it again and check if menu > functionality works on serial console. > > Thanks and Regards, > Prasad > > On Sun, Jul 12, 2015 at 10:03 PM, Prasad Joshi > wrote: >> Status report for past two weeks >> ========================= >> - Last two weeks I struggled to get non-active BE to boot completely - >> after zfs mount -a all files in /dev/ used to disappear. Finally >> disabling canmount property on each dataset helped me boot non-active >> BEs. >> >> - I added code to pass mountpoint information from gptzfsboot to >> zfsloader, then from zfsloader I could set vfs.root.mountfrom env >> variable. >> >> - Added code to find timestamp of each BE clone, with this change BEs >> could now be sorted on either timestamp, BE name, or object number >> >> Tasks For coming week >> ================== >> 1. start the initial implementation of menu functionality. >> >> On Tue, Jun 30, 2015 at 7:26 PM, Prasad Joshi >> wrote: >>> Week 5 Update >>> >>> - I did not work on GSoC for 3 days in this week. Had to attend full >>> day sessions in the University. >>> - Last week I was faced with a problem with booting alternate >>> (non-active) BE. Plan in this week was to locate the problem. It seems >>> like, during bootup zfsloader needs to initialize libzfs library. The >>> libzfs library initialization fails because '/dev/zfs' cannot be >>> opened. I verified the zfs kernel modules, which create the device are >>> loaded. I think, and as suggested by mentor, I will have to set >>> vfs.root.mountfrom environment variable during bootup. >>> >>> Thanks and Regards, >>> Prasad >>> >>> On Mon, Jun 22, 2015 at 11:42 PM, Prasad Joshi >>> wrote: >>>> Week 4 update >>>> >>>> - I have been able to discover BEs on console. I could detect active BE. >>>> Created list of BEs. Code to sort BEs on object number, name, or timestamp >>>> is added. >>>> >>>> - I am able to boot from nonactive BE to some extent. At the moment, code >>>> requires me to enter BE number to boot from. >>>> >>>> Tasks next week >>>> 1. Identify a problem with be bootup. >>>> 2. Pass mount point info through env variable to loader. >>>> 3. Start with console based menu. >>>> >>>> Thanks and Regards, >>>> Prasad >>>> >>>> On Jun 15, 2015 7:48 PM, "Prasad Joshi" wrote: >>>>> >>>>> Week 3 status >>>>> ========== >>>>> After understanding on disk representation of snapshots and clones, I >>>>> have been able to find names of the BEs created using beadm command. I >>>>> could print the BE names on console. >>>>> >>>>> The next task would be to convert BE names to object numbers, create >>>>> list of BEs. >>>>> >>>>> Thanks and Regards, >>>>> Prasad >>>>> >>>>> On Tue, Jun 9, 2015 at 6:36 AM, Prasad Joshi >>>>> wrote: >>>>> > Last week I mostly worked on understanding beadm and gptzfsboot code >>>>> > >>>>> > beadm create prepares new BE by creating a snapshot and clone of that >>>>> > snapshot. beadm activate command sets bootfs property of the POOL. >>>>> > bootfs property contains object number of active dataset object. >>>>> > During bootup gptzfsboot probes all the disks, creating SPA for any >>>>> > valid pool. gptzfsboot assumes the first pool it finds as a primary >>>>> > pool, it then reads meta object set, then tries to find object nunber >>>>> > of active dataset object either through >>>>> > a. bootfs - it would be set if BE was already created >>>>> > b. mos->properties_zap->root_dataset->dd_head_dataset_obj (through >>>>> > root_datasets bonus buffer) >>>>> > Once the object number is obtaind gptzfsboot mounts the dataset. >>>>> > >>>>> > After mounting, few files are looked up like /boot/config or >>>>> > /boot.config for presense of boot command (did not went into details >>>>> > of this). Then (if keyboard is not hit), gptzfsboot execs >>>>> > /boot/zfsloader. If gptzfsboot is interrupted by keyboard, then it >>>>> > displays default BE or POOL it is trying to boot from (using >>>>> > zfs_rlookup() to map active dataset object to string BE name). Though >>>>> > I haven't checked this but through serial console user would be >>>>> > allowed to enter other pool or BE to boot from. >>>>> > >>>>> > I could not go into details of how gptzfsboot reads /boot/zfsloader from >>>>> > disk. >>>>> > >>>>> > Pending Tasks >>>>> > ============= >>>>> > 1. Understand upon keyboard interruption, how user entered zfs paths >>>>> > (format [zfs:pool/filesystem:][/path/to/loader]) are converted in >>>>> > object numbers? >>>>> > 2. Learn ZFS on disk format in more details so as to identify active >>>>> > dataset object numbers of all BEs. Once the object numbers are >>>>> > available, I can use zfs_rlookup() function to map object number to >>>>> > printable pool name. >>>>> > 3. Prepare library for console based menu. >>>>> > >>>>> > Plan for next week >>>>> > ================== >>>>> > Pending task 2 above From owner-soc-status@freebsd.org Mon Aug 3 23:12:37 2015 Return-Path: Delivered-To: soc-status@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 928269B27B7 for ; Mon, 3 Aug 2015 23:12:37 +0000 (UTC) (envelope-from mdw@freebsd.org) Received: from mehl.mmap.at (static.56.42.47.78.clients.your-server.de [78.47.42.56]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 729FAA60; Mon, 3 Aug 2015 23:12:36 +0000 (UTC) (envelope-from mdw@freebsd.org) Received: from [10.0.0.48] (194-166-191-148.adsl.highway.telekom.at [194.166.191.148]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mehl.mmap.at (Postfix) with ESMTPSA id E87C1B08E4; Tue, 4 Aug 2015 01:12:27 +0200 (CEST) Message-ID: <55BFF55B.8010902@freebsd.org> Date: Tue, 04 Aug 2015 01:12:27 +0200 From: Manuel Wiesinger User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Icedove/31.8.0 MIME-Version: 1.0 To: soc-status@FreeBSD.org Subject: Status: Linux packages for pkg(8) Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-BeenThere: soc-status@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Summer of Code Status Reports and Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Aug 2015 23:12:37 -0000 Hi, I'm a bit behind with "pkgifying" my code. So I did not yet push the database part to Github. Plan for this week: Push clean integrated code for reading the Debian manifest into the db and extract it to prefix (e.g. /compat/linux). How the manifest is imported: It's loosely based on the import of normal packages (binary). I.e. while parsing a hashmap is created (using UT_hash_handles in the particular structs: pkg, pkg_dep, pkg_conflict), in which dependencies and conflicts are stored. These hashmaps are iterated and written to the database then. A detail that I have overseen is that the Debian manifest does not contain the licences of the packages. I'll see if I can get that information to the database from somewhere else if desired. Further todos: make sure, that the event pipe is used for longer tasks (e.g. extracting) add pkg-audit support (easy), write unit-tests Regards, Manuel From owner-soc-status@freebsd.org Tue Aug 4 11:17:32 2015 Return-Path: Delivered-To: soc-status@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C97359B2DEC for ; Tue, 4 Aug 2015 11:17:32 +0000 (UTC) (envelope-from mihai.carabas@gmail.com) Received: from mail-wi0-x233.google.com (mail-wi0-x233.google.com [IPv6:2a00:1450:400c:c05::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 58F2B1A29 for ; Tue, 4 Aug 2015 11:17:32 +0000 (UTC) (envelope-from mihai.carabas@gmail.com) Received: by wibud3 with SMTP id ud3so172235015wib.1 for ; Tue, 04 Aug 2015 04:17:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=IAPtAiQyiah6qFpoLWiM54iN0ZDjsgpOs9xsaslicQo=; b=WqCilyYq+DAYIIHK8lBu3WbHx66uJPLrBWbPHktCpOSoD1HlKrcpa598/b1Yg+dlaq NbroikwwGAjRWuXc8MimGdXBnB2l4snue26RiLiCbscjcwIdJ9UmD9aX0I6jdfJvD97d hZ9MxWcjUSTAlQK8N97aBTQVkM41o1n8ju6At4zDt1IndP2ocZ5cOWdQ9tIcltrBAswA UfrZlYE/dge6C7cALaKq7/MP/1Zfr84asqjNYpnPZEkdVzUQsmtUO2ZvzBO+cViAd7kx UyKBWBvy/jCwOXawfUKPt1ovk4XoJILforFJPshb5psqzK84SNeIMHgYcy4DpVEWrdy1 2smg== MIME-Version: 1.0 X-Received: by 10.195.12.6 with SMTP id em6mr6938049wjd.150.1438687050580; Tue, 04 Aug 2015 04:17:30 -0700 (PDT) Received: by 10.28.21.134 with HTTP; Tue, 4 Aug 2015 04:17:30 -0700 (PDT) In-Reply-To: References: Date: Tue, 4 Aug 2015 14:17:30 +0300 Message-ID: Subject: Re: [GSOC] bhyve port on ARM - weekly status report From: Mihai Carabas To: soc-status@freebsd.org Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.20 X-BeenThere: soc-status@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Summer of Code Status Reports and Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Aug 2015 11:17:32 -0000 Hi everyone, > After a discussion with Peter, the next step was implementing emulation > for memory access, basically to be able to emulate MMIO devices. > > I've started by decoding the HSR (syndrome register) and put prints on > each exception type. Than I've interpreted that Data Abort Exception (DABT) > caused by a stage-2 translation to be able to decode the instruction. I've > saved the decoded instruction (read/write, the register number, the access > size [b,h,w]) and the fault address and sent it to bhyve userspace utility. > Here I've used the MMIO infrastructure taken from X86 to find an emulated > address and call the instruction emulation function > (vmm_emulate_instruction). Further I've implemented the instruction > emulation function in sys/arm/vmm/vmm_instruction_emul.c to get the > register value and call the memread/memwrite callbacks accordingly. > > At this point I have a functional MMIO emulation. I've started modifying > the bvm_console with some conditional code for ARM to replace the inl/outl > calls with some memory acccesses. I've used the consport.c from X86 to > emulate the bvm_console. I've added some instructions to write some > characters to memory, and these are printed ok. > > Further I've compiled a FreeBSD guest with bvm_console and ran it in > bhyve. Here are the first prints of a FreeBSD guest running on bhyve-arm > [1] after solving some tedious bugs (I was trashing some temporary > registers which were saving the SCTRL and I was disabling the MMU in the > guest whenever I was context-switching between host and guest). Further I'm > continuing with solving different guest exceptions this week. > In the past week I managed to boot the guest all the way down to Interrupt Controller initialization [1]. There were minor bugs in the emulation code I had to fix. After that I've start reading the GIC ARM manual and tried to look at other vGIC implementations (virtualization of the Generic Interrupt Controller). I didn't get to write any code yet, I'm still trying to get the whole picture. This would be the last step before being able to run a guest (without timer virtualization - we can use an auxiliary timer mapped to the guest). Thank you, Mihai [1] 0xc034d174(0)... ofwbus0: gic0: mem 0x2c001000-0x2c001fff,0x2c002000-0x 2c003fff,0x2c004000-0x2c005fff,0x2c006000-0x2c007fff on ofwbus0 Unhandled memory access to 0x2c001000 Failed to emulate instruction at 0xc0354ef From owner-soc-status@freebsd.org Tue Aug 4 12:13:03 2015 Return-Path: Delivered-To: soc-status@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id BF7969B1335 for ; Tue, 4 Aug 2015 12:13:03 +0000 (UTC) (envelope-from gnn@freebsd.org) Received: from smtp.hungerhost.com (smtp.hungerhost.com [216.38.53.177]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 984601EAE for ; Tue, 4 Aug 2015 12:13:03 +0000 (UTC) (envelope-from gnn@freebsd.org) Received: from global-1-30.nat.csx.cam.ac.uk ([131.111.184.30]:34344 helo=[172.17.218.186]) by vps.hungerhost.com with esmtpsa (TLSv1:DHE-RSA-AES256-SHA:256) (Exim 4.85) (envelope-from ) id 1ZMb5Z-0007h9-ST; Tue, 04 Aug 2015 08:13:01 -0400 From: "George Neville-Neil" To: "Daniel Peyrolon" Cc: soc-status@freebsd.org Subject: Re: Status reports for "JIT for firewalling" Date: Tue, 04 Aug 2015 13:13:01 +0100 Message-ID: In-Reply-To: References: <358A0094-61DE-4685-933F-EDED85A6A07C@freebsd.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Mailer: MailMate (1.9.2r5107) X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - vps.hungerhost.com X-AntiAbuse: Original Domain - freebsd.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - freebsd.org X-Get-Message-Sender-Via: vps.hungerhost.com: authenticated_id: gnn@neville-neil.com X-Source: X-Source-Args: X-Source-Dir: X-BeenThere: soc-status@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Summer of Code Status Reports and Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Aug 2015 12:13:03 -0000 Sounds very promising. Have you committed an pushed the changes that made everything start to work? Even if that's just a set of notes, rather than code, that ought to be preserved. Best, George On 3 Aug 2015, at 9:15, Daniel Peyrolon wrote: > Hello, > > Finally we have the firewall working! > I get a kernel panic whenever I try to filter an unbounded number of > packets, but it doesn't when filtering a small amount of packets. > > The things to do now are: > - Test that the emission of all the new rules is working properly, and > test that rule. > - Avoid kernel panic. This will take a longer time, but we need this in > order to get the firewall working in real-world systems. > - Write flow modifying rules: Given that I've been out of the game for > so long, I haven't been able to get those rules written yet, but luckily > they are only two rules, and its implementation shouldn't be hard. > > El lun., 27 jul. 2015 a las 20:36, Daniel Peyrolon () > escribió: > >> Hi again, >> >> Unfortunately I haven't been able to make any further progress. >> I've been having a lot of problems to get the compiler working. I tested >> many different hypotheses about the bug with no success so far, and I've >> talked with David Chisnall to see if he could lend me a hand and he has >> given me some pointers. So, hopefully, I'll be past this stage this week. >> >> El lun., 20 jul. 2015 a las 15:43, George Neville-Neil () >> escribió: >> >>> Seems like the next thing to do is build from source as David suggests. >>> >>> Best, >>> George >>> >>> >>> On 20 Jul 2015, at 4:47, Daniel Peyrolon wrote: >>> >>>> Hi everyone, >>>> >>>> This has not been a productive week. I've been so far unable to get >>>> the >>>> compiler working, I contacted David Chinsall as I said, and I have >>>> been >>>> looking to make everything works. The initialization process of LLVM >>>> is not >>>> working as expected, which may be related to a bad install (we have >>>> already >>>> disarded that), a bad building process, or a bad LLVM initialization >>>> process. Given the fact that the LLVM API has changed a lot since the >>>> last >>>> time, that may be possible. >>>> >>>> El sáb., 11 jul. 2015 a las 12:24, Daniel Peyrolon >>>> () >>>> escribió: >>>> >>>>> Hi everyone, >>>>> >>>>> This last pair of weeks I've written the code needed to compile >>>>> almost all >>>>> the rules, except those that modify control flow: call and skipto. >>>>> For >>>>> those ones I will have to write them by hand on LLVM IR. >>>>> >>>>> I also started working on the testing code. I'm using conductor to >>>>> control the different hosts. I already have reserved a pair of hosts >>>>> from >>>>> the netperf cluster in order to get that running. >>>>> >>>>> So far I haven't been able to test anything because the compiler is >>>>> not >>>>> working yet, there has been a change in the API of LLVM since I last >>>>> worked >>>>> with it, I sent an email to my past mentor, David Chisnall asking for >>>>> advice. >>>>> -- >>>>> Daniel >>>>> >>>> -- >>>> Daniel >>> >> -- >> Daniel >> > -- > Daniel From owner-soc-status@freebsd.org Tue Aug 4 16:40:35 2015 Return-Path: Delivered-To: soc-status@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 6417F9B30D5 for ; Tue, 4 Aug 2015 16:40:35 +0000 (UTC) (envelope-from stefanogarzarella@gmail.com) Received: from mail-lb0-x236.google.com (mail-lb0-x236.google.com [IPv6:2a00:1450:4010:c04::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 05C171377; Tue, 4 Aug 2015 16:40:34 +0000 (UTC) (envelope-from stefanogarzarella@gmail.com) Received: by lbbud7 with SMTP id ud7so9452654lbb.3; Tue, 04 Aug 2015 09:40:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:from:date:message-id:subject:to:cc:content-type; bh=CHJVvPp0vb2jI0Aw8HBOaxn0vw6kLYDMWdbP8zxjaiU=; b=LOeZdlmowynlVWJvoBHAGaawd5B15nnEFTjMvq3Tr0WWA2SumGJyd86Kra0FFVURx9 OpVZ/h+qDuSVih5mJIP02uQMH1u4+PuYgDOpnuqJhy1XZl8LRhcPWGPSSbcQ1LNYc/rP WZB8ymmUiYKUu+coPUcxodW7HenJODI/nuqpTZyYiKPrD4WGt5eHmKQraImHLEGG++c1 HYu2fr9rU3tH0hGtUwgVN1xynIUGLOqSRiP1bHTm91MRStY7uY+8kBb5DfdYP6OSARWB aw0ZsnVt0U6VGYf6Y3vAN3tfBw1B0AFrtl8bOzm3hsozrj+vT2KH7Sgz6MAvwqtgOeM0 o09A== X-Received: by 10.152.120.198 with SMTP id le6mr4533106lab.38.1438706432858; Tue, 04 Aug 2015 09:40:32 -0700 (PDT) MIME-Version: 1.0 Received: by 10.25.216.3 with HTTP; Tue, 4 Aug 2015 09:40:13 -0700 (PDT) From: Stefano Garzarella Date: Tue, 4 Aug 2015 18:40:13 +0200 Message-ID: Subject: ptnetmap on bhyve status report To: soc-status@freebsd.org Cc: Luigi Rizzo , Peter Grehan , Neel Natu Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.20 X-BeenThere: soc-status@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Summer of Code Status Reports and Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Aug 2015 16:40:35 -0000 Dear All, I recently ended the implementation of notification mechanism between vm and ptnetmap kernel threads. I needed two methods: 1) notification from ptnetmap kthread to guest VM (interrupt/irq) rx (host -> guest): new packets tx (guest - > host): new free slots vmm.ko already has IOCTL to send interrupt to the guest and I used it in the kernel thread. The bhyve user-space, during netmap configuration, passes the ioctl parameters (fd, com, data) to ptnetmap kthreads. The ptnetmap kthread (attached to bhyve process) uses kern_ioctl() with these parameters to notify the guest VM. 2) notification from guest VM to ptnetmap kthread (write into the specific register) rx (host -> guest): new free slots tx (guest - > host): new packets I added new IOCTL on vmm.ko (VM_IO_REG_HANDLER) to catch write/read on specific I/O address and send notification. These are the parameters: struct vm_io_reg_handler { uint16_t port; /* I/O address */ uint16_t in; /* 0 out (write) - 1 in (read) */ uint32_t mask_data; /* 0 means match anything */ uint32_t data; /* data to match */ enum vm_io_regh_type type; /* type of handler */ void *arg; /* argument used from handler */ }; For now I've implemented only 1 type of handler (VM_IO_REGH_KWEVENTS) to use events in the kernel through wakeup() and tsleep()/msleep(), but I wrote the code to be easily extended to support other type of handler (cond_signal, write/ioctl on fd, etc). With this new IOCTL, when the guest writes on specific register, the vmm.ko invokes wakeup() on the parameter (arg / chan) specified from bhyve user-space application. The same parameter is passed to the ptnetmap kthreads that call tsleep(chan, ...) to wait the event. In this way the netmap.ko and vmm.ko are independent and the event is propagated in the kernel, without passing through the user space. Before the GSoC deadline, I'll do some performance experiments, code cleanup and bug fixing. The code is available on https://svnweb.freebsd.org/socsvn/soc2015/stefano/ptnetmap/stable/10/ Any suggestions are appreciated. Thanks, Stefano Garzarella. From owner-soc-status@freebsd.org Wed Aug 5 21:29:18 2015 Return-Path: Delivered-To: soc-status@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id BC2D09B4DF0 for ; Wed, 5 Aug 2015 21:29:18 +0000 (UTC) (envelope-from ionutalex.teaca@gmail.com) Received: from mail-oi0-x235.google.com (mail-oi0-x235.google.com [IPv6:2607:f8b0:4003:c06::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 815FF1B8D; Wed, 5 Aug 2015 21:29:18 +0000 (UTC) (envelope-from ionutalex.teaca@gmail.com) Received: by oip136 with SMTP id 136so27482415oip.1; Wed, 05 Aug 2015 14:29:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=dskRl+133xRgRbYWco2AiV/coZOoK9sJpb1w7n2H0lU=; b=PW84Ll5axoPpstjiXyO3ZAJINPbEuJ5jv7fk7kEy2l09TRFBUlixUsworhFhVHueRV WqIPPpVIgXQwANT793aYhEcWd8c/LcBJoGohRSZdtDzzU3Z05gURLKmZ3VmxyFSDvRYH ai57S15a4qs60lSFIlIp8bUN2DWm0QQWags43AnmBQ4JFuQuSJ8L60mh3Rs5yrbMoCQ9 56BsVb/mr5nyUCRdOjrAmdPQTIZvKiL0Svywc3ooT8yGqjo4LRqRR5P1AMHN8B7hEf// GmgOpuFQY7/ce8aveeldy8dONMhWQJhV26zRqBQoxIODgOzMArsGzRdpO8RYGLKcWHgF CALw== MIME-Version: 1.0 X-Received: by 10.202.193.2 with SMTP id r2mr3536098oif.1.1438810157569; Wed, 05 Aug 2015 14:29:17 -0700 (PDT) Received: by 10.76.84.37 with HTTP; Wed, 5 Aug 2015 14:29:17 -0700 (PDT) In-Reply-To: References: Date: Thu, 6 Aug 2015 00:29:17 +0300 Message-ID: Subject: Re: GSOC 2015 - NE2000 emulation in bhyve Status From: Alex Teaca To: soc-status@freebsd.org Cc: Gavin Atkinson Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.20 X-BeenThere: soc-status@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Summer of Code Status Reports and Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 05 Aug 2015 21:29:18 -0000 Hi, - handle the received multicast traffic - accept the frames in the Promiscuous mode for the destination addresses that do not match the station's address Thanks, Alex On Wed, Jul 29, 2015 at 7:08 PM, Alex Teaca wrote: > Hi, > > - I've added support for the read-only registers from the page0 > - handle the monitor mode of the NIC > - lock the reception flow with the .pe_barwrite and .pe_barwrite flows > > At the moment I am going to handle the multicast traffic and promiscuous > mode. > > Thanks, > Alex > > > On Sat, Jul 11, 2015 at 12:27 PM, Alex Teaca > wrote: > >> Hi, >> >> I've implemented the reception protocol of the NE2000 nic card. In order >> to test it, I send in both directions (from guest to host and from host to >> guest) big files (about 350M) >> and it works without any problems. >> >> At the moment, I want to implement a mechanism to lock the access on the >> shared resources between the tx and rx flows. >> >> Thanks, >> Alex >> >> >> >> On Sun, Jun 28, 2015 at 7:16 PM, Alex Teaca >> wrote: >> >>> Hi, >>> >>> From the last status report: >>> >>> implement 2 commits: >>> - parse the input string parameter and get the tap name and mac address >>> from it >>> - implement some logging and asserts related with the receive buffer ring >>> >>> Also, I start to think about the receive protocol which is the next step >>> of the implementation by reading the specification from the datasheet >>> and understanding the implementation of the ED driver regarding the way >>> it receives packets from the NE2000 memory. It is pretty clear >>> what we need to implement and after a short design I will be able to >>> implement. >>> >>> Thanks, >>> Alex >>> >>> >>> On Sun, Jun 14, 2015 at 11:37 PM, Alex Teaca >>> wrote: >>> >>>> Hi, >>>> >>>> At the moment I am able to configure an IP address on the network >>>> interface corresponding to the NE2000 NIC. When I ping >>>> to the host IP, the tcpdump catches both ARP Request (sent by the guest >>>> using the NE2000 card) and an ARP Reply >>>> sent by the host OS. So, there is implemented the transmission >>>> protocol. For reception, the packets are only read >>>> from the tap device when it is notified by the mevent mechanism. >>>> >>>> For mode details, see the commits. >>>> >>>> Thanks, >>>> Alex >>>> >>>> >>>> On Tue, Jun 2, 2015 at 7:45 PM, Alex Teaca >>>> wrote: >>>> >>>>> Hi, >>>>> >>>>> I've started the implementation of the NE2000 module. At the moment >>>>> the ED driver is able to probe the emulated device (RealTek 8029) and add >>>>> it as a network interface. >>>>> >>>>> Some of the features which are implemented: >>>>> - implement some logging support >>>>> - clone the /usr/src/sys/dev/ed/if_edreg.h register interface from the >>>>> ed driver into the bhyve tree sources >>>>> - implement the NE2000 registers support and an API to access the NIC >>>>> registers (get and set by offset) >>>>> - design and implement the Remote DMA protocol so the ED driver can >>>>> store and load from the NIC's RAM memory >>>>> >>>>> Thanks, >>>>> Alex >>>>> >>>>> >>>> >>> >> > From owner-soc-status@freebsd.org Wed Aug 5 21:49:48 2015 Return-Path: Delivered-To: soc-status@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 243C19B41BE for ; Wed, 5 Aug 2015 21:49:48 +0000 (UTC) (envelope-from tuchalia@gmail.com) Received: from mail-la0-x230.google.com (mail-la0-x230.google.com [IPv6:2a00:1450:4010:c03::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 8C6EE8D1; Wed, 5 Aug 2015 21:49:47 +0000 (UTC) (envelope-from tuchalia@gmail.com) Received: by labkb6 with SMTP id kb6so15612603lab.2; Wed, 05 Aug 2015 14:49:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-type; bh=A8/3jdlaRIKkbSRpjbvLKm/9Osj6qtuBc/RwOoC5ltg=; b=aH31p2XdCkfHEXZrcQDk6vS2iHKbNknh8dbp5K1jQHDhWEtO29Fb9q6xfJ1YqlC35X wEAZz5Qh1rr0a1P8WnIfPezahbTyxp8RADKcM8ZuRZJrgBNAM/dyoj3bn0ToccmRNpGn ow4vwqUmk+mxSIIvUTx997EqNU196Q2qa87c2D6BOXRcH7qXp+c0nDl+1+hVfHFqajWX 7hb/cvAbQvVmZlT+x0J95aL4Ksgdqmt2r/wF7fWvTVtnEqhfsNoETwjlzJAV51TsEyml eun1peIC2zcxPSlLrk/9jyozWrS/Fs2gps3rxcod+izJoZS6tZzIcLArLm0M+EUprKqV TN+w== X-Received: by 10.152.9.103 with SMTP id y7mr11432048laa.111.1438811385538; Wed, 05 Aug 2015 14:49:45 -0700 (PDT) MIME-Version: 1.0 References: <358A0094-61DE-4685-933F-EDED85A6A07C@freebsd.org> In-Reply-To: From: Daniel Peyrolon Date: Wed, 05 Aug 2015 21:49:36 +0000 Message-ID: Subject: Re: Status reports for "JIT for firewalling" To: George Neville-Neil Cc: soc-status@freebsd.org Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.20 X-BeenThere: soc-status@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Summer of Code Status Reports and Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 05 Aug 2015 21:49:48 -0000 Yes, all of that is commited at my repo. El mar., 4 ago. 2015 a las 14:13, George Neville-Neil () escribi=C3=B3: > Sounds very promising. > Have you committed an pushed the changes that made everything > start to work? Even if that's just a set of notes, rather than code, > that ought to be preserved. > > Best, > George > On 3 Aug 2015, at 9:15, Daniel Peyrolon wrote: > > > Hello, > > > > Finally we have the firewall working! > > I get a kernel panic whenever I try to filter an unbounded number of > > packets, but it doesn't when filtering a small amount of packets. > > > > The things to do now are: > > - Test that the emission of all the new rules is working properly, an= d > > test that rule. > > - Avoid kernel panic. This will take a longer time, but we need this = in > > order to get the firewall working in real-world systems. > > - Write flow modifying rules: Given that I've been out of the game fo= r > > so long, I haven't been able to get those rules written yet, but luckil= y > > they are only two rules, and its implementation shouldn't be hard. > > > > El lun., 27 jul. 2015 a las 20:36, Daniel Peyrolon ( >) > > escribi=C3=B3: > > > >> Hi again, > >> > >> Unfortunately I haven't been able to make any further progress. > >> I've been having a lot of problems to get the compiler working. I test= ed > >> many different hypotheses about the bug with no success so far, and I'= ve > >> talked with David Chisnall to see if he could lend me a hand and he ha= s > >> given me some pointers. So, hopefully, I'll be past this stage this > week. > >> > >> El lun., 20 jul. 2015 a las 15:43, George Neville-Neil (< > gnn@freebsd.org>) > >> escribi=C3=B3: > >> > >>> Seems like the next thing to do is build from source as David suggest= s. > >>> > >>> Best, > >>> George > >>> > >>> > >>> On 20 Jul 2015, at 4:47, Daniel Peyrolon wrote: > >>> > >>>> Hi everyone, > >>>> > >>>> This has not been a productive week. I've been so far unable to get > >>>> the > >>>> compiler working, I contacted David Chinsall as I said, and I have > >>>> been > >>>> looking to make everything works. The initialization process of LLVM > >>>> is not > >>>> working as expected, which may be related to a bad install (we have > >>>> already > >>>> disarded that), a bad building process, or a bad LLVM initialization > >>>> process. Given the fact that the LLVM API has changed a lot since th= e > >>>> last > >>>> time, that may be possible. > >>>> > >>>> El s=C3=A1b., 11 jul. 2015 a las 12:24, Daniel Peyrolon > >>>> () > >>>> escribi=C3=B3: > >>>> > >>>>> Hi everyone, > >>>>> > >>>>> This last pair of weeks I've written the code needed to compile > >>>>> almost all > >>>>> the rules, except those that modify control flow: call and skipto. > >>>>> For > >>>>> those ones I will have to write them by hand on LLVM IR. > >>>>> > >>>>> I also started working on the testing code. I'm using conductor to > >>>>> control the different hosts. I already have reserved a pair of host= s > >>>>> from > >>>>> the netperf cluster in order to get that running. > >>>>> > >>>>> So far I haven't been able to test anything because the compiler is > >>>>> not > >>>>> working yet, there has been a change in the API of LLVM since I las= t > >>>>> worked > >>>>> with it, I sent an email to my past mentor, David Chisnall asking f= or > >>>>> advice. > >>>>> -- > >>>>> Daniel > >>>>> > >>>> -- > >>>> Daniel > >>> > >> -- > >> Daniel > >> > > -- > > Daniel > --=20 Daniel From owner-soc-status@freebsd.org Thu Aug 6 08:38:04 2015 Return-Path: Delivered-To: soc-status@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 31B989B4649 for ; Thu, 6 Aug 2015 08:38:04 +0000 (UTC) (envelope-from gnn@freebsd.org) Received: from smtp.hungerhost.com (smtp.hungerhost.com [216.38.53.177]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 06330D27 for ; Thu, 6 Aug 2015 08:38:03 +0000 (UTC) (envelope-from gnn@freebsd.org) Received: from global-1-30.nat.csx.cam.ac.uk ([131.111.184.30]:3063 helo=[172.17.217.49]) by vps.hungerhost.com with esmtpsa (TLSv1:DHE-RSA-AES256-SHA:256) (Exim 4.85) (envelope-from ) id 1ZNGgc-00066x-Or; Thu, 06 Aug 2015 04:38:02 -0400 From: "George Neville-Neil" To: "Daniel Peyrolon" Cc: soc-status@freebsd.org Subject: Re: Status reports for "JIT for firewalling" Date: Thu, 06 Aug 2015 09:38:02 +0100 Message-ID: In-Reply-To: References: <358A0094-61DE-4685-933F-EDED85A6A07C@freebsd.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Mailer: MailMate (1.9.2r5107) X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - vps.hungerhost.com X-AntiAbuse: Original Domain - freebsd.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - freebsd.org X-Get-Message-Sender-Via: vps.hungerhost.com: authenticated_id: gnn@neville-neil.com X-Source: X-Source-Args: X-Source-Dir: X-BeenThere: soc-status@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Summer of Code Status Reports and Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 06 Aug 2015 08:38:04 -0000 Great, I'll go look at the update etc. Best, George On 5 Aug 2015, at 22:49, Daniel Peyrolon wrote: > Yes, all of that is commited at my repo. > > El mar., 4 ago. 2015 a las 14:13, George Neville-Neil () > escribió: > >> Sounds very promising. >> Have you committed an pushed the changes that made everything >> start to work? Even if that's just a set of notes, rather than code, >> that ought to be preserved. >> >> Best, >> George >> On 3 Aug 2015, at 9:15, Daniel Peyrolon wrote: >> >>> Hello, >>> >>> Finally we have the firewall working! >>> I get a kernel panic whenever I try to filter an unbounded number of >>> packets, but it doesn't when filtering a small amount of packets. >>> >>> The things to do now are: >>> - Test that the emission of all the new rules is working properly, and >>> test that rule. >>> - Avoid kernel panic. This will take a longer time, but we need this in >>> order to get the firewall working in real-world systems. >>> - Write flow modifying rules: Given that I've been out of the game for >>> so long, I haven't been able to get those rules written yet, but luckily >>> they are only two rules, and its implementation shouldn't be hard. >>> >>> El lun., 27 jul. 2015 a las 20:36, Daniel Peyrolon (>> ) >>> escribió: >>> >>>> Hi again, >>>> >>>> Unfortunately I haven't been able to make any further progress. >>>> I've been having a lot of problems to get the compiler working. I tested >>>> many different hypotheses about the bug with no success so far, and I've >>>> talked with David Chisnall to see if he could lend me a hand and he has >>>> given me some pointers. So, hopefully, I'll be past this stage this >> week. >>>> >>>> El lun., 20 jul. 2015 a las 15:43, George Neville-Neil (< >> gnn@freebsd.org>) >>>> escribió: >>>> >>>>> Seems like the next thing to do is build from source as David suggests. >>>>> >>>>> Best, >>>>> George >>>>> >>>>> >>>>> On 20 Jul 2015, at 4:47, Daniel Peyrolon wrote: >>>>> >>>>>> Hi everyone, >>>>>> >>>>>> This has not been a productive week. I've been so far unable to get >>>>>> the >>>>>> compiler working, I contacted David Chinsall as I said, and I have >>>>>> been >>>>>> looking to make everything works. The initialization process of LLVM >>>>>> is not >>>>>> working as expected, which may be related to a bad install (we have >>>>>> already >>>>>> disarded that), a bad building process, or a bad LLVM initialization >>>>>> process. Given the fact that the LLVM API has changed a lot since the >>>>>> last >>>>>> time, that may be possible. >>>>>> >>>>>> El sáb., 11 jul. 2015 a las 12:24, Daniel Peyrolon >>>>>> () >>>>>> escribió: >>>>>> >>>>>>> Hi everyone, >>>>>>> >>>>>>> This last pair of weeks I've written the code needed to compile >>>>>>> almost all >>>>>>> the rules, except those that modify control flow: call and skipto. >>>>>>> For >>>>>>> those ones I will have to write them by hand on LLVM IR. >>>>>>> >>>>>>> I also started working on the testing code. I'm using conductor to >>>>>>> control the different hosts. I already have reserved a pair of hosts >>>>>>> from >>>>>>> the netperf cluster in order to get that running. >>>>>>> >>>>>>> So far I haven't been able to test anything because the compiler is >>>>>>> not >>>>>>> working yet, there has been a change in the API of LLVM since I last >>>>>>> worked >>>>>>> with it, I sent an email to my past mentor, David Chisnall asking for >>>>>>> advice. >>>>>>> -- >>>>>>> Daniel >>>>>>> >>>>>> -- >>>>>> Daniel >>>>> >>>> -- >>>> Daniel >>>> >>> -- >>> Daniel >> > -- > Daniel