Status reports for "JIT for firewalling"

Daniel Peyrolon tuchalia at gmail.com
Tue Aug 18 10:38:00 UTC 2015 

Hi everyone,

This past week I managed to complete one of the two final commands, and
started working on it at the netperf cluster (in order to test it).
I'm going to keep working on this after the SoC in order to get it done
(after all, I'm going to use the firewall for my Master Thesis).

If anyone is interested in how it's going, you can reach me out easily, or
look for changes in my git repository (github.com/dplbsd/netmap-ipfwjit) or
the wiki page.

El lun., 10 ago. 2015 a las 10:16, Daniel Peyrolon (<tuchalia at gmail.com>)
escribió:

> Hi everyone,
>
> This week I managed to get code emission and compilation right for all
> rules, except the three that modify the control flow. (skipto, call and
> return).
> These will be done this week.
>
> El jue., 6 ago. 2015 a las 10:38, George Neville-Neil (<gnn at freebsd.org>)
> escribió:
>
>> Great, I'll go look at the update etc.
>>
>> Best,
>> George
>>
>>
>> On 5 Aug 2015, at 22:49, Daniel Peyrolon wrote:
>>
>> > Yes, all of that is commited at my repo.
>> >
>> > El mar., 4 ago. 2015 a las 14:13, George Neville-Neil (<gnn at freebsd.org
>> >)
>> > escribió:
>> >
>> >> Sounds very promising.
>> >> Have you committed an pushed the changes that made everything
>> >> start to work?  Even if that's just a set of notes, rather than code,
>> >> that ought to be preserved.
>> >>
>> >> Best,
>> >> George
>> >> On 3 Aug 2015, at 9:15, Daniel Peyrolon wrote:
>> >>
>> >>> Hello,
>> >>>
>> >>> Finally we have the firewall working!
>> >>> I get a kernel panic whenever I try to filter an unbounded number of
>> >>> packets, but it doesn't when filtering a small amount of packets.
>> >>>
>> >>> The things to do now are:
>> >>> - Test that the emission of all the new rules is working properly, and
>> >>> test that rule.
>> >>> - Avoid kernel panic. This will take a longer time, but we need this
>> in
>> >>> order to get the firewall working in real-world systems.
>> >>> - Write flow modifying rules: Given that I've been out of the game for
>> >>> so long, I haven't been able to get those rules written yet, but
>> luckily
>> >>> they are only two rules, and its implementation shouldn't be hard.
>> >>>
>> >>> El lun., 27 jul. 2015 a las 20:36, Daniel Peyrolon (<
>> tuchalia at gmail.com
>> >>> )
>> >>> escribió:
>> >>>
>> >>>> Hi again,
>> >>>>
>> >>>> Unfortunately I haven't been able to make any further progress.
>> >>>> I've been having a lot of problems to get the compiler working. I
>> tested
>> >>>> many different hypotheses about the bug with no success so far, and
>> I've
>> >>>> talked with David Chisnall to see if he could lend me a hand and he
>> has
>> >>>> given me some pointers. So, hopefully, I'll be past this stage this
>> >> week.
>> >>>>
>> >>>> El lun., 20 jul. 2015 a las 15:43, George Neville-Neil (<
>> >> gnn at freebsd.org>)
>> >>>> escribió:
>> >>>>
>> >>>>> Seems like the next thing to do is build from source as David
>> suggests.
>> >>>>>
>> >>>>> Best,
>> >>>>> George
>> >>>>>
>> >>>>>
>> >>>>> On 20 Jul 2015, at 4:47, Daniel Peyrolon wrote:
>> >>>>>
>> >>>>>> Hi everyone,
>> >>>>>>
>> >>>>>> This has not been a productive week. I've been so far unable to get
>> >>>>>> the
>> >>>>>> compiler working, I contacted David Chinsall as I said, and I have
>> >>>>>> been
>> >>>>>> looking to make everything works. The initialization process of
>> LLVM
>> >>>>>> is not
>> >>>>>> working as expected, which may be related to a bad install (we have
>> >>>>>> already
>> >>>>>> disarded that), a bad building process, or a bad LLVM
>> initialization
>> >>>>>> process. Given the fact that the LLVM API has changed a lot since
>> the
>> >>>>>> last
>> >>>>>> time, that may be possible.
>> >>>>>>
>> >>>>>> El sáb., 11 jul. 2015 a las 12:24, Daniel Peyrolon
>> >>>>>> (<tuchalia at gmail.com>)
>> >>>>>> escribió:
>> >>>>>>
>> >>>>>>> Hi everyone,
>> >>>>>>>
>> >>>>>>> This last pair of weeks I've written the code needed to compile
>> >>>>>>> almost all
>> >>>>>>> the rules, except those that modify control flow: call and skipto.
>> >>>>>>> For
>> >>>>>>> those ones I will have to write them by hand on LLVM IR.
>> >>>>>>>
>> >>>>>>> I also started working on the testing code. I'm using conductor to
>> >>>>>>> control the different hosts. I already have reserved a pair of
>> hosts
>> >>>>>>> from
>> >>>>>>> the netperf cluster in order to get that running.
>> >>>>>>>
>> >>>>>>> So far I haven't been able to test anything because the compiler
>> is
>> >>>>>>> not
>> >>>>>>> working yet, there has been a change in the API of LLVM since I
>> last
>> >>>>>>> worked
>> >>>>>>> with it, I sent an email to my past mentor, David Chisnall asking
>> for
>> >>>>>>> advice.
>> >>>>>>> --
>> >>>>>>> Daniel
>> >>>>>>>
>> >>>>>> --
>> >>>>>> Daniel
>> >>>>>
>> >>>> --
>> >>>> Daniel
>> >>>>
>> >>> --
>> >>> Daniel
>> >>
>> > --
>> > Daniel
>>
> --
> Daniel
>
-- 
Daniel

More information about the soc-status mailing list