Recent blog entries for LaForge

netfilter submit day

Since 2.4.21 has finally been released and the 2.4.22-preX series are coming up, I'v decided to feed lots of pending patches to DaveM... currently its 18 seperate patches. Let's see if he likes some more mails in his inbox ;)

Apart from that, I'm mostly working on netfilter rule loading optimiziation. That is, removing some O^2 complexity code from libiptc, and optimizing the loop detection code insie the kernel.

When I find some spare time, I play with the new Dual Opteron Box below my desk...

... well... another long time since the last entry.

what happened in the meantime?

• have hacked a virtual ethernet transport (based on multicast) for user-mode-linux, so now we can have virtual ethernets between user-mode-linux'es on multiple machines
• lots of netfilter+iptables stuff. Mainly the new infrastructure for conntrack + nat helper modules, and various bugfixing as well as releasing 1.2.2
• digging into Wireless LAN, reading IEEE 802.11 specs, finding a shop where to buy a reasonable priced PRISM2 based card for 802.11 link-layer sniffing...
• reading into IEEE1394 and the OHCI1394 specs, and the linux ieee1394 stack.
• reading into SNA in general, as well as linux-sna
• some minor enhancements for ulogd
• Given a QoS talk at Linux Expo Sao Paulo
• Given the same QoS talk at CEFET-PR (brazilian university in Curitiba)

some future stuff... I'm going to give talks at the following conferences/events:

• LSM2001, Bordeaux, FR (about netfilter/iptables)
• OLS2001, Ottawa, CA (no talk, just netfilter BOF)
• HAL2001, Twente, NL (netfilter/iptables)
• LBW2001, Bouillon, BE (netfilter/iptables)
• Linux Expo Birmingham, Birmingham, UK (netfilter/iptables tutorial)

... three months since my last diary entry, when is this ever going to change.

Well, quite a lot happened since then, though. Arrived four weeks ago in Brazil, and really enjoy it here.
News regarding free software development:

• netfilter/iptables
  • a lot of support on mailinglists and newsgroups, mainly alone - Rusty is on holiday
  • released iptables 1.2.1 and 1.2.1a
  • further work on making conntrack work with multiple related connections per master-connection
  • generic sequence offset api for nat helpers seems stable
  • integrating and testing a lot of user-contributed patches
• released new ulogd (0.93) revision
• spent multiple days trying to debug the uml virtual ethernet, no success so far
• started a completely new project (see http://www.gnumonks.org/projects called ASIS. it is a asynchronous streaming imap synchronizer, replicating imap mailboxes on other machines and capable of propagating state changes (read, unread, flagged, replied) back to the server. This enables me to hav eall my emails replicated on two notebooks, workstation in brazil and server in germany.

Oops.. it's been almost two month since my last diary entry at advogato.

I really have to change this lousiness and write more regularly.

Well... let's see what happened in the meantime:

• decided to work with Conectiva in Brazil
• the 17th Chaos Communication Congress where I did a renewal of my netfilter talk and met a lot of really cool hackers :)
• more netfilter hacking. IPv6 fixes, iptables-save/restore, ...
• bought a sony DV-Camera, still have no success in using it in combination with Linux libraw1394 / video1394
• got a Apple G4 to have a big-endian platform for development. It's a really cool machine, GBit ethernet onboard, airport, 64bit PCI, ...
• registered for OLS2001

Now I have only one week left till departure to linux.conf.au... and there is a _LOT_ of work left, especially all the preparations for the 'big move' to .br

To make it even worse, the TODO list is growing all the time. Apart from all the netfilter stuff, the 2.4 port of the international kernel patch still needs a lot of work...

I've arrived two days ago in Curitiba, Brazil. Spent most of the weekend together with acme talking about a lot of things, mostly about Brazil of course.

On the flight from Germany to Brazil I had enough time to do some more netfilter work:

• extended ttl match (not only ttl=n but also ttl<n, ttl>n)
• IPv6tables icmp bugfixes
• MARK target and mark match for IPv6 fixed
• REJECT target for IPv6 added
• mangle table for ipv6

mmh... spend most of the last two days in volunteer work for KNF.

• Moved a bunch of mailinglists from majordomo to mailman,
• Set up a PPTP server based on a LDAP authentication backend
• built a MPPE aware PPPd RPM package

And then there are the three nasty libiptc bugs I've been hunting for the last four days or so... During the debugging I wanted to use ltrace, but unfortunately it doesn't work on a 2.4.x kernel. Unfortunately libiptc, a part of netfilter, only runs on 2.4.x - so I have to debug without ltrace.

anyway, I have to fix those bugs soon.

Arranged a meeting with Marc Boucher (one of the other netfilter core-team people) on Sunday... this is great. I have a lot of netfilter-related stuff to discuss.

I finally found enough time to put the first version of my new website online. It's based on Zope and backened by mySQL. The most interesting thing so far is the projects page.

I was following the recent discussions on linux-ipsec. People are asking if there is support for hardware crypto acceleratores. We need a generic cipher API for that - in fact we already have one in the international kernel patch. Unfortunately the FreeSWAN people don't want to use the kerneli patch, because it is only available for 2.2

So I decided to port the kerneli cryptographic patches to recent 2.4 kernels, which is what I did over the last two days.

I did lots of work for KNF, a non-for-profit internet organization. Had to update some boxes, reconfigure the routing, ... took me almost three days of this week.

So I didn't have enough time for netfilter and my other projects, but I'm going to catch up over the weekend.

I have to get iptables-save and iptables-restore done before continuing any work on the failover stuff.

Rusty finally invited me to join the netfilter core team! Great! (although this means I'm no longer leader of the scoreboard :)

Spent most of the last two days thinking about how to implement the features needed for firwewall failover in netfilter. Actually started some experimenting...

Did some work for my new homepage in zope, although almost everything else is more interesting than this homepage ;) but I have to have some better means to publish my work. At least I hope I'll be able to publish stuff more automatically, without doing any HTML from hand :)

It's been a long time since my last entry here.

Fixed a braindead bug in my ip_conntrack_irc module. And the worst thing is: It took me an hour to find it. argh. It was that obvious.

But it has a good side: I now finally know how DCC RESUME works and maybe I have some motivation to add support for DCC RESUME to ip_nat_irc in the next days

Currently I'm thinking about some api extensions to allow manipulation of the conntrack database from userspace. Maybe I'll end up adding some features needed for failover, too.