OpenBSD Journal

Alexander Bluhm (bluhm@) t2k13 report: network stack cleanup, PF, checksums, routing

Contributed by jj on from the it's all a bunch of tubes dept.

The newest entry in our continuing series of t2k13 hackathon reports comes from Alexander Bluhm (bluhm@), who offers some insight into his work in various parts of the network stack:

As a starter, I cleaned up some code in the IPv4 and IPv6 network stack. A hackathon is a great time to work as the other developers are around. You get fast OKs and can ask questions while doing the review. So I also looked into rtadvd, UTF-8 locale support, pf, IPv4 checksum calculation and IPv4 source routing.

To make pf states and IP sockets cooperate better, I added a tighter linking between TCP sockets and pf states. The goal is to delete pf divert-to states when the socket gets closed for all protocols. This is necessary to allow fast reconnects to relayd. This feature must be added in small steps. There are some bugs lurking under the surface.

There were some corner cases with pf divert-to and divert-reply that did not work as expected. So I wrote a test framework for that feature in /usr/src/regress/sys/net/pf_divert/. On the master machine the tests are executed. On a second machine the kernel with the pf being tested is running. This target machine is controlled via an ssh connection. Network client and server are started on both machines to excange the IP packets. The pf divert rule is installed on the target machine automatically. My tests check in the client and server logs that the packets have been sent and received as expected. Summing up, I test TCP, UDP, raw IP, ICMP, both for IPv4 and IPv6 with divert-to and divert-reply.

After all this preparation, it was easy to add divert-to for raw IPv6 and ICMP. While doing that, my tests found an independent bug in pf, which I fixed quickly.

To prevent regression, I added another test to my relayd test framework. It explicitly checks for the HTTP keepalive filter bug that reyk@ fixed during the hackathon.

To relax, I reviewed and updated some perl modules in ports on the final hacking day.

Thank you, Alexander for the work and the report!

(Comments are closed)


Comments
  1. By eddie (75.177.14.253) eddie.shaw@mail.com on

    Awesome work and some many talent guys within the OpenBSD group.

Credits

Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]