Reyk Floeter (reyk@): From BSDCan to t2k13
Contributed by jj on Thu Jun 13 15:23:03 2013 (GMT)
from the dont-get-laid-get-relayd dept.
I came to Canada to speak about OpenIKED at BSDCan 2013 in Ottawa, moved on with an amazing road trip through Eastern U.S., and finally arrived at the t2k13 OpenBSD Hackathon in Toronto. I usually don't have a fixed agenda for hackathons, so I arrived there, talked with fellow developers and decided about my coding tasks.
After I talked about OpenIKED at BSDCan,
some people kind of
expected that I would work on iked(8). But I didn't. I started with
helping our new developer Masao Uebayashi (uebayasi@-san) to get the
new vmx(4) driver into the tree and contributed a manual page based on
my original vic(4) page.
vmx is a driver for the latest VMXNET3 virtual Ethernet chipset that
is found in recent versions of VMware. In difference to vic, that was
written by dlg@ and me to support VMXNET2 and older, vmx and the
VMXNET3 protocol emulate a modern PCI Express chipset with support for
MSI (Message-Signaled Interrupts), proper checksum offloading,
VMware's VLAN Guest Tagging (VGT) mode and many other features. And
it's going to be faster.
Besides some discussions about PF and the networking stack itself, my
main task for the hackathon turned out to be relayd(8). I finally
finished the implementation to add support for SSL Inspection to relayd
that allows to "transparently" intercept SSL connections and to
filter them like normal unencrypted connections. This is especially
useful for enforcing policies in a corporate network by running relayd
as a transparent HTTP/HTTPS proxy.
I also worked with benno@ in the maintenance section by finding and
fixing some known bugs. He is running relayd in production but is
also doing a good job in handling bug reports from our lists and the
OpenBSD community. I sometimes get some fame and talks for
implementing new stuff, but benno@ deserves lots of fame for fixing
all these tiny things in relayd and making it even more reliable.
Regarding new stuff, during the n2k12 Hackathon in Starnberg, Bavaria,
I started working on a new filtering subsystem for relayd and
continued this work at t2k13. I basically ripped out the complete
"protocol filters" that can filter and manipulate HTTP headers, and
started reimplementing them from the beginning. The new filters will
use a pf-like grammar and provide a much advanced flexibility. It
will not even be limited to HTTP anymore as we are working on adding a
few more application layer protocols to relayd. The reimplementation
is also required to add some long demanded features, like support for
path-based target selection on the load balancer - send all requests
for /images to backend A, send all other requests to backend B.
The change is complex and quite intrusive but I'm doing it to move
forward but not for the sake of changing things. Promised. You can
watch my progress on the filters in an exported GIT repository
outside of the OpenBSD tree. Also have a look at the example
relayd.conf file that uses the new grammar and even the famous
path-based target selection.
I had a great time at t2k13 and the location at the UofT (University
of Toronto) was actually really good. Thanks to krw@ for being the
host and organizing everything! Also lots of thanks to Ross from the
UofT who supported us and even invited our bunch of wild developers
to his house for the hackathon BBQ. That was amazing and even his
whole family helped to have an excellent BBQ!
After all, I spent almost a month in North America, far away from my
home in Europe, and I enjoyed t2k13, the U.S. road trip, and BSDCan.
It is always nice to meet other developers, users and the people from
the BSD community. So see you at EuroBSDCon in Malta or at one of the
next OpenBSD hackathons - If you want to get invited to a hackathon:
simply stop slacking and contribute nice things for OpenBSD that
interest other developers. OK?
<< Alexander Bluhm (bluhm@) t2k13 report: network stack cleanup, PF, checksums, routing | Reply | Flattened | Expanded | Mike Larkin (mlarkin@) t2k13 report: amd64 & i386 hibernate+resume >>