From owner-soc-status@freebsd.org Mon Aug 10 09:16:49 2015 Return-Path: Delivered-To: soc-status@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id DEA0099D82A for ; Mon, 10 Aug 2015 09:16:48 +0000 (UTC) (envelope-from tuchalia@gmail.com) Received: from mail-lb0-x234.google.com (mail-lb0-x234.google.com [IPv6:2a00:1450:4010:c04::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4C536C48; Mon, 10 Aug 2015 09:16:48 +0000 (UTC) (envelope-from tuchalia@gmail.com) Received: by lbbpo9 with SMTP id po9so91664010lbb.2; Mon, 10 Aug 2015 02:16:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-type; bh=62t1oXci6cDuEIpQkMwSh5Wt4FyWUHsTUj6Thh+cAG0=; b=TotBJS7+uMI2TGveZKGIUHLNRhm3b5i6coHsZSc5pak2ul39WQz+35OPKhpNr8T65Z VQUs8brmwGPl2h0RTrB+xKti2FPeiMY8hG3PNlAeJBlx5BcY1TNdEvSxkD7ztIwlqWQe yeIZV/usgSwbTucYRaEkeP6J4Iq2PmtrgaOUbkZwqL5+Xkv3qQAT6+tjFVEd6ogE83Wc p1UhjVDo8frG5oBhXTqfCeunPO/z4NkD8fEUqN7W3uDIm59vjpV+ZkjpgiTXnQsrt93U Z/lduvnrKFueKIE6f2JWc8NY41qPRPHiM2gaW8lcRPHVapirx6wzf2GbIZac6ZX3zNM0 hhnw== X-Received: by 10.112.142.196 with SMTP id ry4mr19402932lbb.68.1439198205863; Mon, 10 Aug 2015 02:16:45 -0700 (PDT) MIME-Version: 1.0 References: <358A0094-61DE-4685-933F-EDED85A6A07C@freebsd.org> In-Reply-To: From: Daniel Peyrolon Date: Mon, 10 Aug 2015 09:16:36 +0000 Message-ID: Subject: Re: Status reports for "JIT for firewalling" To: George Neville-Neil Cc: soc-status@freebsd.org Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.20 X-BeenThere: soc-status@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Summer of Code Status Reports and Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 Aug 2015 09:16:49 -0000 Hi everyone, This week I managed to get code emission and compilation right for all rules, except the three that modify the control flow. (skipto, call and return). These will be done this week. El jue., 6 ago. 2015 a las 10:38, George Neville-Neil () escribi=C3=B3: > Great, I'll go look at the update etc. > > Best, > George > > > On 5 Aug 2015, at 22:49, Daniel Peyrolon wrote: > > > Yes, all of that is commited at my repo. > > > > El mar., 4 ago. 2015 a las 14:13, George Neville-Neil ( >) > > escribi=C3=B3: > > > >> Sounds very promising. > >> Have you committed an pushed the changes that made everything > >> start to work? Even if that's just a set of notes, rather than code, > >> that ought to be preserved. > >> > >> Best, > >> George > >> On 3 Aug 2015, at 9:15, Daniel Peyrolon wrote: > >> > >>> Hello, > >>> > >>> Finally we have the firewall working! > >>> I get a kernel panic whenever I try to filter an unbounded number of > >>> packets, but it doesn't when filtering a small amount of packets. > >>> > >>> The things to do now are: > >>> - Test that the emission of all the new rules is working properly, an= d > >>> test that rule. > >>> - Avoid kernel panic. This will take a longer time, but we need this = in > >>> order to get the firewall working in real-world systems. > >>> - Write flow modifying rules: Given that I've been out of the game fo= r > >>> so long, I haven't been able to get those rules written yet, but > luckily > >>> they are only two rules, and its implementation shouldn't be hard. > >>> > >>> El lun., 27 jul. 2015 a las 20:36, Daniel Peyrolon (< > tuchalia@gmail.com > >>> ) > >>> escribi=C3=B3: > >>> > >>>> Hi again, > >>>> > >>>> Unfortunately I haven't been able to make any further progress. > >>>> I've been having a lot of problems to get the compiler working. I > tested > >>>> many different hypotheses about the bug with no success so far, and > I've > >>>> talked with David Chisnall to see if he could lend me a hand and he > has > >>>> given me some pointers. So, hopefully, I'll be past this stage this > >> week. > >>>> > >>>> El lun., 20 jul. 2015 a las 15:43, George Neville-Neil (< > >> gnn@freebsd.org>) > >>>> escribi=C3=B3: > >>>> > >>>>> Seems like the next thing to do is build from source as David > suggests. > >>>>> > >>>>> Best, > >>>>> George > >>>>> > >>>>> > >>>>> On 20 Jul 2015, at 4:47, Daniel Peyrolon wrote: > >>>>> > >>>>>> Hi everyone, > >>>>>> > >>>>>> This has not been a productive week. I've been so far unable to ge= t > >>>>>> the > >>>>>> compiler working, I contacted David Chinsall as I said, and I have > >>>>>> been > >>>>>> looking to make everything works. The initialization process of LL= VM > >>>>>> is not > >>>>>> working as expected, which may be related to a bad install (we hav= e > >>>>>> already > >>>>>> disarded that), a bad building process, or a bad LLVM initializati= on > >>>>>> process. Given the fact that the LLVM API has changed a lot since > the > >>>>>> last > >>>>>> time, that may be possible. > >>>>>> > >>>>>> El s=C3=A1b., 11 jul. 2015 a las 12:24, Daniel Peyrolon > >>>>>> () > >>>>>> escribi=C3=B3: > >>>>>> > >>>>>>> Hi everyone, > >>>>>>> > >>>>>>> This last pair of weeks I've written the code needed to compile > >>>>>>> almost all > >>>>>>> the rules, except those that modify control flow: call and skipto= . > >>>>>>> For > >>>>>>> those ones I will have to write them by hand on LLVM IR. > >>>>>>> > >>>>>>> I also started working on the testing code. I'm using conductor t= o > >>>>>>> control the different hosts. I already have reserved a pair of > hosts > >>>>>>> from > >>>>>>> the netperf cluster in order to get that running. > >>>>>>> > >>>>>>> So far I haven't been able to test anything because the compiler = is > >>>>>>> not > >>>>>>> working yet, there has been a change in the API of LLVM since I > last > >>>>>>> worked > >>>>>>> with it, I sent an email to my past mentor, David Chisnall asking > for > >>>>>>> advice. > >>>>>>> -- > >>>>>>> Daniel > >>>>>>> > >>>>>> -- > >>>>>> Daniel > >>>>> > >>>> -- > >>>> Daniel > >>>> > >>> -- > >>> Daniel > >> > > -- > > Daniel > --=20 Daniel