Status reports for: Userspace netmap-powered JIT-compiled firewall
Daniel Peyrolon
tuchalia at gmail.com
Tue Jun 10 15:17:00 UTC 2014
Hello everyone,
Sorry for the delay, but I've been unable to work on this project until
this and the last week. (Due to university work, mainly).
I'm working on the "Userspace netmap-powered JIT-compiled firewall", it's
wiki page can be seen at [1].
It's mainly a project to add LLVM support in order to JIT-compile the
rules.
I've been working mainly on isolating the code that is executed when
checking if a packet does match the given rule, that way, this code could
be compiled into LLVM IR, and optimize it, in order to JIT compile, and
execute them.
Once I'm done with isolating the rules (which won't take more than a week),
I plan to start emitting the IR code of these checks, and integrate it into
the firewall so that it can get executed. It will also be possible to
interpret the rules, as it has been done traditionally. I will work on this
until all the rules are implemented.
After that, it will be a matter of trying with complex rules
and benchmarking and profiling the firewall.
[1]:https://wiki.freebsd.org/SummerOfCode2014/ConvertingIPFWRulesets
--
Daniel
More information about the soc-status
mailing list