Contributed by merdely on from the wannabe-beer dept.
Mark's account continues below with interviews and more pictures.
Ryan was one of the main guys responsible for bringing high availability clusters to OpenBSD, along with Mickey Shalayeff (mickey@), Christopher Pascoe (pascoe@) and Marco Pfatschbacher (mpf@). Henning has either written and/or rewritten more privilege separated daemons (bgpd(8), dhcpd(8), dhclient(8), dhcrelay(8), ntpd(8), mopd(8), tftpd(8) and httpd(8)) than any other OpenBSD developer. Yet, as you'll see below, what they are doing together is very important and daunting if done on their own. Their efforts now are paving the way for great things to come in OpenBSD! I have the pleasure of working very closely with Ryan on a daily basis. His OpenBSD contributions are long and impressive on their own. Besides CARP and PFSYNC, he added IPv6 support for PF, PF layer 3/4 load balancing, tons of pf.conf(5) improvements along with sane defaults and managed to trick/encourage Henning to do the heavy lifting on other PF things. Yet, I can tell you that Ryan is every bit the Security Professional that I strive to be. I've got my work cut out for me. :-) Ryan is a very experienced OpenBSD kernel and network stack developer. He is technical to the core, extremely professional when it comes to security and experienced beyond his years. He can also be very theatrical at times when giving talks. ;-)
Here is what Ryan had to say about his work at the Network Hackathon:
Henning and I are on a multi-year project to reorganise PF's internals. Since we have two hackathons in quick succession, we're trying to do the major work over the next few months. So I knew I already had my work cut out for me this hackathon. I needed a bit of a warm up, so I first fixed some longstanding issues with carp logging, making it much more tunable and making it log state changes (now enabled by default).
Then, while Henning worked on the next phase of the state table reorganisation, I helped David Gwynne (dlg@) on his project to make PF handle asymmetrical routing correctly, making some minor changes to pfsync(4) handling of state insertion (still uncommitted).
While I was finishing this, Henning finished his rework of the state handling code, with one "minor" caveat: All the parts of PF that deal with translation (nat, rdr, binat) were commented out and needed to be rewritten. I spent the last two days of the hackathon slowly working through this; it should be completed soon with a goal of committing this work before the general hackathon this June.
For me, Henning Brauer has always been one of the main OpenBSD icons. His work is formidable and he has added so much functionality to OpenBSD. His code is exemplary for anyone interested in writing bloat-free, secure privilege-separated daemons. ripd(8) and ospfd(8) are good examples of where Henning's framework used in bgpd(8) was used in other daemons that he didn't write.
Henning is every bit a character in person as he is on misc@. Well, on misc@, he is more like a demi-God; at least that was my impression of him. His replies to misc@ posts were usually authoritative and to the point. You couldn't help but learn something insightful. In person, this is also true.
Henning couldn't help but make fun of the beer that I brought to the hackathon. Rather than bring only Japanese beer, I brought along some Corona and Heineken. It was the only thing that I could get in bulk at CostCo. Actually, I brought too much beer, if you can believe it. Anyhow, after bringing the beer into the hacking room, I noticed a note on the white board in Henning's chicken scratch, of course. It had some derogatory comments about the beer selection in descending order with the last choice akin to some beer wannabe. The funny thing is that when I questioned him later after many beers and a beer wannabe in hand, he replied, "after four beers, they all taste the same! *hiccup*" Later I was thanking myself for not wasting the expensive beer on Henning. ;-)
Here is what Henning had to say about his work at the Network Hackathon:
Two years ago (or three already?) Ryan and I were on a ferry in the Vancouver Island region and were talking about PF internals. We had wild ideas about structural changes, linking states together to save lookups, and link other states to that. This, unfortunately, requires a major rework of the state table logic - besides other not exactly easy modifications. We have worked on preliminary stuff during previous hackathons and a bit in between and got that in. Now it was time for the big state table changes. For the first couple days I was writing the new state insertion and search routines. After that, I went through the code ripping out the old routines and replacing them with the new ones. While doing so, I dropped features nobody needs anyway: all forms of NAT and pfsync. For some reason Ryan is interested in having these, so I passed my diff over to him to add that stuff back.
While he was doing that, I spent some time on further integrating Claudio Jeker's (claudio@) route priority code. This is another multi-year project. Claudio and I first came up with it certainly more than a year ago -- maybe two. I looked for and found cases where the route priority was not set appropriately (arp, cloning) and fixed that. I had all routing daemons inserting their routes with an appropriate priority. For the routing daemons themselves, there will be much more required though. Routing priorities, which allow you to have multiple routes to the same destination -- the one with the highest priority wins, help to make the routing daemons more efficient since they can just blindly insert their routes and don't have to care if there already is a route. This is especially important for bgpd, though, since it needs to verify whether next hops are reachable. There are some other parts that require looking at the current routing situation which are a bit more complicated. I expect the other routing daemons' kroute code to profit big time from route priorities and they nicely make sure the interaction between the routing daemons is right (whoms route has priority over whoms? now it is easy). I started looking at bgpd's kroute code, but haven't finish that yet.
In between, I worked on the time code in bgpd, now using a timewheel there, allowing us to move some stuff to regular times that use manual checks now.
And I learned some Japanese words, had weird Japanese food, beer and sake.
(n2k8 hackathon summary to be continued)
Thank you Mark, Ryan and Henning for sharing a bit from n2k8 with us.
(Comments are closed)
By Anonymous Coward (84.196.93.224) on
By Anonymous Coward (151.61.216.54) on
In the second picture Henning looks like Tom Hanks :D
Comments
By Brynet (Brynet) on
> In the second picture Henning looks like Tom Hanks :D
>
>
Woah! Celebrity hacker! Howdy Partna! :-)
By Ryan Graham (64.114.199.1) on
Now we'll all be really disappointed if there isn't as much coverage for c2k8.
Comments
By Bob Beck (129.128.11.43) beck@openbsd.org on
>
> Now we'll all be really disappointed if there isn't as much coverage for c2k8.
Then perhaps I'll have to bludgeon^H^H^H^H^H^Hcoerce^H^H^H^H^H^H^Hbribe^H^H^H^H^Hbeg Mark to help us all and do the same thing at c2k8 ;)
I'm nowhere near as good at writing this stuff up here :)
Maybe everyone can tell mark what a great job he's done on these
so he'll do it in Edmonton ;)
-Bob
By henning (213.39.144.46) henning@ on
Comments
By Miod Vallat (miod) on
Was the minibar empty at the end of the hackathon?
Comments
By henning (213.39.130.122) henning@ on
>
> Was the minibar empty at the end of the hackathon?
the bar was as mini as a canadian minivan is mini...
besides, we were hacking all day, and the evil twin was not with us
By Anonymous Coward (24.20.137.107) on