Status reports for "JIT for firewalling"

Mon Aug 10 09:16:49 UTC 2015

Hi everyone,

This week I managed to get code emission and compilation right for all
rules, except the three that modify the control flow. (skipto, call and
return).
These will be done this week.

El jue., 6 ago. 2015 a las 10:38, George Neville-Neil (<gnn at freebsd.org>)
escribió:

> Great, I'll go look at the update etc.
>
> Best,
> George
>
>
> On 5 Aug 2015, at 22:49, Daniel Peyrolon wrote:
>
> > Yes, all of that is commited at my repo.
> >
> > El mar., 4 ago. 2015 a las 14:13, George Neville-Neil (<gnn at freebsd.org
> >)
> > escribió:
> >
> >> Sounds very promising.
> >> Have you committed an pushed the changes that made everything
> >> start to work?  Even if that's just a set of notes, rather than code,
> >> that ought to be preserved.
> >>
> >> Best,
> >> George
> >> On 3 Aug 2015, at 9:15, Daniel Peyrolon wrote:
> >>
> >>> Hello,
> >>>
> >>> Finally we have the firewall working!
> >>> I get a kernel panic whenever I try to filter an unbounded number of
> >>> packets, but it doesn't when filtering a small amount of packets.
> >>>
> >>> The things to do now are:
> >>> - Test that the emission of all the new rules is working properly, and
> >>> test that rule.
> >>> - Avoid kernel panic. This will take a longer time, but we need this in
> >>> order to get the firewall working in real-world systems.
> >>> - Write flow modifying rules: Given that I've been out of the game for
> >>> so long, I haven't been able to get those rules written yet, but
> luckily
> >>> they are only two rules, and its implementation shouldn't be hard.
> >>>
> >>> El lun., 27 jul. 2015 a las 20:36, Daniel Peyrolon (<
> tuchalia at gmail.com
> >>> )
> >>> escribió:
> >>>
> >>>> Hi again,
> >>>>
> >>>> Unfortunately I haven't been able to make any further progress.
> >>>> I've been having a lot of problems to get the compiler working. I
> tested
> >>>> many different hypotheses about the bug with no success so far, and
> I've
> >>>> talked with David Chisnall to see if he could lend me a hand and he
> has
> >>>> given me some pointers. So, hopefully, I'll be past this stage this
> >> week.
> >>>>
> >>>> El lun., 20 jul. 2015 a las 15:43, George Neville-Neil (<
> >> gnn at freebsd.org>)
> >>>> escribió:
> >>>>
> >>>>> Seems like the next thing to do is build from source as David
> suggests.
> >>>>>
> >>>>> Best,
> >>>>> George
> >>>>>
> >>>>>
> >>>>> On 20 Jul 2015, at 4:47, Daniel Peyrolon wrote:
> >>>>>
> >>>>>> Hi everyone,
> >>>>>>
> >>>>>> This has not been a productive week. I've been so far unable to get
> >>>>>> the
> >>>>>> compiler working, I contacted David Chinsall as I said, and I have
> >>>>>> been
> >>>>>> looking to make everything works. The initialization process of LLVM
> >>>>>> is not
> >>>>>> working as expected, which may be related to a bad install (we have
> >>>>>> already
> >>>>>> disarded that), a bad building process, or a bad LLVM initialization
> >>>>>> process. Given the fact that the LLVM API has changed a lot since
> the
> >>>>>> last
> >>>>>> time, that may be possible.
> >>>>>>
> >>>>>> El sáb., 11 jul. 2015 a las 12:24, Daniel Peyrolon
> >>>>>> (<tuchalia at gmail.com>)
> >>>>>> escribió:
> >>>>>>
> >>>>>>> Hi everyone,
> >>>>>>>
> >>>>>>> This last pair of weeks I've written the code needed to compile
> >>>>>>> almost all
> >>>>>>> the rules, except those that modify control flow: call and skipto.
> >>>>>>> For
> >>>>>>> those ones I will have to write them by hand on LLVM IR.
> >>>>>>>
> >>>>>>> I also started working on the testing code. I'm using conductor to
> >>>>>>> control the different hosts. I already have reserved a pair of
> hosts
> >>>>>>> from
> >>>>>>> the netperf cluster in order to get that running.
> >>>>>>>
> >>>>>>> So far I haven't been able to test anything because the compiler is
> >>>>>>> not
> >>>>>>> working yet, there has been a change in the API of LLVM since I
> last
> >>>>>>> worked
> >>>>>>> with it, I sent an email to my past mentor, David Chisnall asking
> for
> >>>>>>> advice.
> >>>>>>> --
> >>>>>>> Daniel
> >>>>>>>
> >>>>>> --
> >>>>>> Daniel
> >>>>>
> >>>> --
> >>>> Daniel
> >>>>
> >>> --
> >>> Daniel
> >>
> > --
> > Daniel
>
-- 
Daniel