OpenBSD Journal

Reyk Floeter (reyk@): From BSDCan to t2k13

Contributed by jj on from the dont-get-laid-get-relayd dept.

I came to Canada to speak about OpenIKED at BSDCan 2013 in Ottawa, moved on with an amazing road trip through Eastern U.S., and finally arrived at the t2k13 OpenBSD Hackathon in Toronto. I usually don't have a fixed agenda for hackathons, so I arrived there, talked with fellow developers and decided about my coding tasks.
After I talked about OpenIKED at BSDCan, some people kind of expected that I would work on iked(8). But I didn't. I started with helping our new developer Masao Uebayashi (uebayasi@-san) to get the new vmx(4) driver into the tree and contributed a manual page based on my original vic(4) page.

vmx is a driver for the latest VMXNET3 virtual Ethernet chipset that is found in recent versions of VMware. In difference to vic, that was written by dlg@ and me to support VMXNET2 and older, vmx and the VMXNET3 protocol emulate a modern PCI Express chipset with support for MSI (Message-Signaled Interrupts), proper checksum offloading, VMware's VLAN Guest Tagging (VGT) mode and many other features. And it's going to be faster.

Besides some discussions about PF and the networking stack itself, my main task for the hackathon turned out to be relayd(8). I finally finished the implementation to add support for SSL Inspection to relayd that allows to "transparently" intercept SSL connections and to filter them like normal unencrypted connections. This is especially useful for enforcing policies in a corporate network by running relayd as a transparent HTTP/HTTPS proxy.

I also worked with benno@ in the maintenance section by finding and fixing some known bugs. He is running relayd in production but is also doing a good job in handling bug reports from our lists and the OpenBSD community. I sometimes get some fame and talks for implementing new stuff, but benno@ deserves lots of fame for fixing all these tiny things in relayd and making it even more reliable.

Regarding new stuff, during the n2k12 Hackathon in Starnberg, Bavaria, I started working on a new filtering subsystem for relayd and continued this work at t2k13. I basically ripped out the complete "protocol filters" that can filter and manipulate HTTP headers, and started reimplementing them from the beginning. The new filters will use a pf-like grammar and provide a much advanced flexibility. It will not even be limited to HTTP anymore as we are working on adding a few more application layer protocols to relayd. The reimplementation is also required to add some long demanded features, like support for path-based target selection on the load balancer - send all requests for /images to backend A, send all other requests to backend B.

The change is complex and quite intrusive but I'm doing it to move forward but not for the sake of changing things. Promised. You can watch my progress on the filters in an exported GIT repository outside of the OpenBSD tree. Also have a look at the example relayd.conf file that uses the new grammar and even the famous path-based target selection.

I had a great time at t2k13 and the location at the UofT (University of Toronto) was actually really good. Thanks to krw@ for being the host and organizing everything! Also lots of thanks to Ross from the UofT who supported us and even invited our bunch of wild developers to his house for the hackathon BBQ. That was amazing and even his whole family helped to have an excellent BBQ!

After all, I spent almost a month in North America, far away from my home in Europe, and I enjoyed t2k13, the U.S. road trip, and BSDCan. It is always nice to meet other developers, users and the people from the BSD community. So see you at EuroBSDCon in Malta or at one of the next OpenBSD hackathons - If you want to get invited to a hackathon: simply stop slacking and contribute nice things for OpenBSD that interest other developers. OK?


Reyk

(Comments are closed)


  1. By Peter Ljung (82.197.239.199) ljung.peter@gmail.com on http://www.lounge.se

    I have followed OpenBSD now for 7-8 years and I think the progress right now is astonishing.

    OpenBSD has always been super strong on server features. The quality and finesse in the details in the core OS has always been great and are obviously being improved with features like time_t replacement, PF improvements, buffer_cache features, opensmtpd etc. But at the same the user desktop features are also taking big leaps forward with the likes of KMS, WebRTC, hibernate support, WebKit 2 and impressive port support etc.

    I don't know if this partly imaginary because such good reports from the hackathons are written, but it is anyhow very nice to read such great reports which show how much impressive work are being done! Adding to that a fresh "Absolute OpenBSD" book makes it a very exiting time for OpenBSD.

    I know that OpenBSD is being made for the developers foremost, but I still think OpenBSD deserve a little more time in the limelight.

  2. By Adam P (adamrt) adam@adamrt.com on

    Just wanted to say that these updates are always greatly appreciated as is all the work done to create them.

    Thanks to everyone.

Credits

Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]