[ ] the ethernet stack need to be tested/audited, maybe some fuzzing tests can be used?
[ ] the speed of the unikernel should be improved (see #130, to me the main issue is the absence of TCP Segmentation Offload which shows lower bandwidth in iperf-like tests, but as a daily fw it's not a bottleneck on my laptop, and with TSO desactivated it has not so far performances from linux)
And as side note:
[X] it now can use *BSD as netvm, and at least one user is using it like that (netvm is HardenedBSD, fw is qubes-mirage-firewall, AppVM are classic linuxes)
[X] @dinosaure started a code review/update/simplification of the unikernel (see #197)
[ ] maybe another round of review/update/simplification can be done
As stated in @DemiMarie's comment (https://github.com/QubesOS/qubes-issues/issues/3792#issuecomment-379574673), a few improvements need be done to have qubes-mirage-firewall a replacement for the default linux sys-firewall. So far:
And as side note:
Any comments, and other requests, are welcome :)