Status reports for "JIT for firewalling"

George Neville-Neil gnn at freebsd.org
Tue Aug 4 12:13:03 UTC 2015 

Sounds very promising.
Have you committed an pushed the changes that made everything
start to work?  Even if that's just a set of notes, rather than code,
that ought to be preserved.

Best,
George
On 3 Aug 2015, at 9:15, Daniel Peyrolon wrote:

> Hello,
>
> Finally we have the firewall working!
> I get a kernel panic whenever I try to filter an unbounded number of
> packets, but it doesn't when filtering a small amount of packets.
>
> The things to do now are:
>   - Test that the emission of all the new rules is working properly, and
> test that rule.
>   - Avoid kernel panic. This will take a longer time, but we need this in
> order to get the firewall working in real-world systems.
>   - Write flow modifying rules: Given that I've been out of the game for
> so long, I haven't been able to get those rules written yet, but luckily
> they are only two rules, and its implementation shouldn't be hard.
>
> El lun., 27 jul. 2015 a las 20:36, Daniel Peyrolon (<tuchalia at gmail.com>)
> escribió:
>
>> Hi again,
>>
>> Unfortunately I haven't been able to make any further progress.
>> I've been having a lot of problems to get the compiler working. I tested
>> many different hypotheses about the bug with no success so far, and I've
>> talked with David Chisnall to see if he could lend me a hand and he has
>> given me some pointers. So, hopefully, I'll be past this stage this week.
>>
>> El lun., 20 jul. 2015 a las 15:43, George Neville-Neil (<gnn at freebsd.org>)
>> escribió:
>>
>>> Seems like the next thing to do is build from source as David suggests.
>>>
>>> Best,
>>> George
>>>
>>>
>>> On 20 Jul 2015, at 4:47, Daniel Peyrolon wrote:
>>>
>>>> Hi everyone,
>>>>
>>>> This has not been a productive week. I've been so far unable to get
>>>> the
>>>> compiler working, I contacted David Chinsall as I said, and I have
>>>> been
>>>> looking to make everything works. The initialization process of LLVM
>>>> is not
>>>> working as expected, which may be related to a bad install (we have
>>>> already
>>>> disarded that), a bad building process, or a bad LLVM initialization
>>>> process. Given the fact that the LLVM API has changed a lot since the
>>>> last
>>>> time, that may be possible.
>>>>
>>>> El sáb., 11 jul. 2015 a las 12:24, Daniel Peyrolon
>>>> (<tuchalia at gmail.com>)
>>>> escribió:
>>>>
>>>>> Hi everyone,
>>>>>
>>>>> This last pair of weeks I've written the code needed to compile
>>>>> almost all
>>>>> the rules, except those that modify control flow: call and skipto.
>>>>> For
>>>>> those ones I will have to write them by hand on LLVM IR.
>>>>>
>>>>> I also started working on the testing code. I'm using conductor to
>>>>> control the different hosts. I already have reserved a pair of hosts
>>>>> from
>>>>> the netperf cluster in order to get that running.
>>>>>
>>>>> So far I haven't been able to test anything because the compiler is
>>>>> not
>>>>> working yet, there has been a change in the API of LLVM since I last
>>>>> worked
>>>>> with it, I sent an email to my past mentor, David Chisnall asking for
>>>>> advice.
>>>>> --
>>>>> Daniel
>>>>>
>>>> --
>>>> Daniel
>>>
>> --
>> Daniel
>>
> -- 
> Daniel

More information about the soc-status mailing list