Date: Mon, 03 Aug 2015 08:15:19 +0000 From: Daniel Peyrolon <tuchalia@gmail.com> To: George Neville-Neil <gnn@freebsd.org> Cc: soc-status@freebsd.org Subject: Re: Status reports for "JIT for firewalling" Message-ID: <CA%2ByaQw-SZtDunZ%2B6Mk=zLm-MyedkUotpmQ10AYJQ4xgxcRrPhA@mail.gmail.com> In-Reply-To: <CA%2ByaQw-884no1GMHhQ201VDTV3OipRJgaaT1mfWErNj2Ls2rzQ@mail.gmail.com> References: <CA%2ByaQw-vHcz6e=ugDx4g0APtV6C9nAzPoOm5ZfTcdHb=4wfamg@mail.gmail.com> <CA%2ByaQw9G9TjKb2vfz0OAyg0rryWD2gM_r9sV3VoWoQq7De_wug@mail.gmail.com> <358A0094-61DE-4685-933F-EDED85A6A07C@freebsd.org> <CA%2ByaQw-884no1GMHhQ201VDTV3OipRJgaaT1mfWErNj2Ls2rzQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello,
Finally we have the firewall working!
I get a kernel panic whenever I try to filter an unbounded number of
packets, but it doesn't when filtering a small amount of packets.
The things to do now are:
- Test that the emission of all the new rules is working properly, and
test that rule.
- Avoid kernel panic. This will take a longer time, but we need this in
order to get the firewall working in real-world systems.
- Write flow modifying rules: Given that I've been out of the game for
so long, I haven't been able to get those rules written yet, but luckily
they are only two rules, and its implementation shouldn't be hard.
El lun., 27 jul. 2015 a las 20:36, Daniel Peyrolon (<tuchalia@gmail.com>)
escribi=C3=B3:
> Hi again,
>
> Unfortunately I haven't been able to make any further progress.
> I've been having a lot of problems to get the compiler working. I tested
> many different hypotheses about the bug with no success so far, and I've
> talked with David Chisnall to see if he could lend me a hand and he has
> given me some pointers. So, hopefully, I'll be past this stage this week.
>
> El lun., 20 jul. 2015 a las 15:43, George Neville-Neil (<gnn@freebsd.org>=
)
> escribi=C3=B3:
>
>> Seems like the next thing to do is build from source as David suggests.
>>
>> Best,
>> George
>>
>>
>> On 20 Jul 2015, at 4:47, Daniel Peyrolon wrote:
>>
>> > Hi everyone,
>> >
>> > This has not been a productive week. I've been so far unable to get
>> > the
>> > compiler working, I contacted David Chinsall as I said, and I have
>> > been
>> > looking to make everything works. The initialization process of LLVM
>> > is not
>> > working as expected, which may be related to a bad install (we have
>> > already
>> > disarded that), a bad building process, or a bad LLVM initialization
>> > process. Given the fact that the LLVM API has changed a lot since the
>> > last
>> > time, that may be possible.
>> >
>> > El s=C3=A1b., 11 jul. 2015 a las 12:24, Daniel Peyrolon
>> > (<tuchalia@gmail.com>)
>> > escribi=C3=B3:
>> >
>> >> Hi everyone,
>> >>
>> >> This last pair of weeks I've written the code needed to compile
>> >> almost all
>> >> the rules, except those that modify control flow: call and skipto.
>> >> For
>> >> those ones I will have to write them by hand on LLVM IR.
>> >>
>> >> I also started working on the testing code. I'm using conductor to
>> >> control the different hosts. I already have reserved a pair of hosts
>> >> from
>> >> the netperf cluster in order to get that running.
>> >>
>> >> So far I haven't been able to test anything because the compiler is
>> >> not
>> >> working yet, there has been a change in the API of LLVM since I last
>> >> worked
>> >> with it, I sent an email to my past mentor, David Chisnall asking for
>> >> advice.
>> >> --
>> >> Daniel
>> >>
>> > --
>> > Daniel
>>
> --
> Daniel
>
--=20
Daniel
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CA%2ByaQw-SZtDunZ%2B6Mk=zLm-MyedkUotpmQ10AYJQ4xgxcRrPhA>