Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 06 Aug 2015 09:38:02 +0100
From:      "George Neville-Neil" <gnn@freebsd.org>
To:        "Daniel Peyrolon" <tuchalia@gmail.com>
Cc:        soc-status@freebsd.org
Subject:   Re: Status reports for "JIT for firewalling"
Message-ID:  <D3BDBE8F-EDD3-444E-88CF-2D0B961A8347@freebsd.org>
In-Reply-To: <CA%2ByaQw_Tm0Ciwsbe-_PY_tVvpAT_rsaujz54Nv6jAFDXxZH7nw@mail.gmail.com>
References:  <CA%2ByaQw-vHcz6e=ugDx4g0APtV6C9nAzPoOm5ZfTcdHb=4wfamg@mail.gmail.com> <CA%2ByaQw9G9TjKb2vfz0OAyg0rryWD2gM_r9sV3VoWoQq7De_wug@mail.gmail.com> <358A0094-61DE-4685-933F-EDED85A6A07C@freebsd.org> <CA%2ByaQw-884no1GMHhQ201VDTV3OipRJgaaT1mfWErNj2Ls2rzQ@mail.gmail.com> <CA%2ByaQw-SZtDunZ%2B6Mk=zLm-MyedkUotpmQ10AYJQ4xgxcRrPhA@mail.gmail.com> <C3C0FABA-0178-4F69-9675-71E82807CF11@freebsd.org> <CA%2ByaQw_Tm0Ciwsbe-_PY_tVvpAT_rsaujz54Nv6jAFDXxZH7nw@mail.gmail.com>

next in thread | previous in thread | raw e-mail | index | archive | help
Great, I'll go look at the update etc.

Best,
George


On 5 Aug 2015, at 22:49, Daniel Peyrolon wrote:

> Yes, all of that is commited at my repo.
>
> El mar., 4 ago. 2015 a las 14:13, George Neville-Neil (<gnn@freebsd.org>)
> escribió:
>
>> Sounds very promising.
>> Have you committed an pushed the changes that made everything
>> start to work?  Even if that's just a set of notes, rather than code,
>> that ought to be preserved.
>>
>> Best,
>> George
>> On 3 Aug 2015, at 9:15, Daniel Peyrolon wrote:
>>
>>> Hello,
>>>
>>> Finally we have the firewall working!
>>> I get a kernel panic whenever I try to filter an unbounded number of
>>> packets, but it doesn't when filtering a small amount of packets.
>>>
>>> The things to do now are:
>>> - Test that the emission of all the new rules is working properly, and
>>> test that rule.
>>> - Avoid kernel panic. This will take a longer time, but we need this in
>>> order to get the firewall working in real-world systems.
>>> - Write flow modifying rules: Given that I've been out of the game for
>>> so long, I haven't been able to get those rules written yet, but luckily
>>> they are only two rules, and its implementation shouldn't be hard.
>>>
>>> El lun., 27 jul. 2015 a las 20:36, Daniel Peyrolon (<tuchalia@gmail.com
>>> )
>>> escribió:
>>>
>>>> Hi again,
>>>>
>>>> Unfortunately I haven't been able to make any further progress.
>>>> I've been having a lot of problems to get the compiler working. I tested
>>>> many different hypotheses about the bug with no success so far, and I've
>>>> talked with David Chisnall to see if he could lend me a hand and he has
>>>> given me some pointers. So, hopefully, I'll be past this stage this
>> week.
>>>>
>>>> El lun., 20 jul. 2015 a las 15:43, George Neville-Neil (<
>> gnn@freebsd.org>)
>>>> escribió:
>>>>
>>>>> Seems like the next thing to do is build from source as David suggests.
>>>>>
>>>>> Best,
>>>>> George
>>>>>
>>>>>
>>>>> On 20 Jul 2015, at 4:47, Daniel Peyrolon wrote:
>>>>>
>>>>>> Hi everyone,
>>>>>>
>>>>>> This has not been a productive week. I've been so far unable to get
>>>>>> the
>>>>>> compiler working, I contacted David Chinsall as I said, and I have
>>>>>> been
>>>>>> looking to make everything works. The initialization process of LLVM
>>>>>> is not
>>>>>> working as expected, which may be related to a bad install (we have
>>>>>> already
>>>>>> disarded that), a bad building process, or a bad LLVM initialization
>>>>>> process. Given the fact that the LLVM API has changed a lot since the
>>>>>> last
>>>>>> time, that may be possible.
>>>>>>
>>>>>> El sáb., 11 jul. 2015 a las 12:24, Daniel Peyrolon
>>>>>> (<tuchalia@gmail.com>)
>>>>>> escribió:
>>>>>>
>>>>>>> Hi everyone,
>>>>>>>
>>>>>>> This last pair of weeks I've written the code needed to compile
>>>>>>> almost all
>>>>>>> the rules, except those that modify control flow: call and skipto.
>>>>>>> For
>>>>>>> those ones I will have to write them by hand on LLVM IR.
>>>>>>>
>>>>>>> I also started working on the testing code. I'm using conductor to
>>>>>>> control the different hosts. I already have reserved a pair of hosts
>>>>>>> from
>>>>>>> the netperf cluster in order to get that running.
>>>>>>>
>>>>>>> So far I haven't been able to test anything because the compiler is
>>>>>>> not
>>>>>>> working yet, there has been a change in the API of LLVM since I last
>>>>>>> worked
>>>>>>> with it, I sent an email to my past mentor, David Chisnall asking for
>>>>>>> advice.
>>>>>>> --
>>>>>>> Daniel
>>>>>>>
>>>>>> --
>>>>>> Daniel
>>>>>
>>>> --
>>>> Daniel
>>>>
>>> --
>>> Daniel
>>
> -- 
> Daniel



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?D3BDBE8F-EDD3-444E-88CF-2D0B961A8347>