How stable is nf-HiPAC? Can it be used in a production environment?

nf-HiPAC is a matured software product which has evolved over several development cycles in the past years. To ensure correctness, robustness and stability of the algorithmic core (HiPAC), we have developed a verification framework which runs a number of extensive stress tests including memory leak monitoring and progressive failure simulation. The latter triggers all error cases one after the other and ensures that every piece of code is actually touched. Each algorithmic layer is verified independently to increase the probability of detecting possible bugs. The most valuable part of the framework is a randomized workload generator which generates and verifies ruleset updates and classification operations. The verification tests are run with valgrind (http://www.valgrind.org ) to perform leak, read/write checks and other checks offered by this great tool. All this helps us to deliver code quality which is impossible to achieve by manual testing and debugging.

The verification tests ran on 40 computers non-stop for nearly two weeks. No errors occurred during the tests.

Those tests ensure both stability and correctness of the algorithmic core (HiPAC) but of cause they cannot ensure that the whole nf-HiPAC implementation is free of bugs. The rest of the nf-HiPAC implementation like the kernel <-> userspace communication, /proc handling and the interface manager can only be tested in kernel space. We did tests on those parts by hand and tried very hard not to overlook any piece of code.

We consider nf-HiPAC stable and we run a nf-HiPAC based firewall in several production environments.