Older blog entries for ingvar (starting at number 234)

Job-hunting still in progress. Just got an email from a semi-satisfied PCAP user. Semi-satisfied, because I managed t opackage v 0.2 only once (when I thought it was done) instead of twice (when I, half an hour later, realised that the Common Lisp CASE statement is only similar, but not equivalent, to the C swicth statement. So after testing the code, I then had to revert almost all "replace numbers with symbolic constants" with "re-insert numbers".

That has now been done. Still not much coding happening, though there's an almost-done CPU core for a BESK emulator in place, waiting for a front panel (still haven't decided if I should roll taht by hand, in lovingly crafted CLX or be adventurous and look to CLIM).

Noctool has just grown a relatively generic tcp-connection monitor (well, anything that can be tested by a single roundtrip of "connect, write data, read data, other end disconnects" followed by "substring or regexp match of response").

In the normal fashion of noctool, there is a class for the specific test, with a subclasss for HTTP monitoring (the method is identical, but we fail to use the static string in the parent class, instead specialising the access method for the slot, to build a suitable HTTP protocol request based on protocol version, request method and (if any) server name.

There's also a timing component, if the request/response takes more time than the delay parameter, add a *WARNING* worth of alert-level.

The job hunt progresses apace. Should (hopefully) hear back from one place soon and tha place that interviewed me today (second tech interview, third in total) should be letting me know within 10-or-so days. A few more are in the "should be coming back to me" stage, though the timimng is slightly less sure on those.

Snooper has been extended with links to port-description pages and now also has a weekly-updated 28-day stats page.

I'm considering tarting the "monthy" page up with some graphics, detailing most prolific sources. Possibly some code to generate "drill-downs", but I am slightly less sure about that, since it'd probably require on-line processing rather than statically prepared pages.

The stress that has been mentioned in the past is now (slowly) lessening. As most don't know, I was recently made redundant and am now looking for work full-time. There's a fair few promising leads, but my "natural" coding window is no longer.

Nonetheless, I have managed to make some slight progress on noctool (the system/network monitor slowly and painfully making itself into code). More specifically, I have been working on a configuration language. It's going to be lisp- like (well, in fact, as-is, it's a whole bunch of lisp macros in a dedicated scratch package) and I will also need a way of turning a set of monitored objects into a configuration file.

There's some things that needs sorted with snooper too. Stage 1 is links from ports to description pages (looking at that soon) and second is a slightly more compact formatting, since it's currently hard to ge an overview.

The immediate PCAP library hacking is done. First product, a packet capture combined with some daily analysis, producing rather unpretty graphs of random packet-bys. I just realised that the stats need fleshing out somewhat (so I get a breakdown of TCP SYNs, UDP packets and ICMP echo; the current breakdown doesn't, quite, give that data).

Anyway, what's there at the moment is here and at some point in the hopefully near future, the pcap code will be available.

I've recently (as in "this morning") started coding on noctool again, currently working on the configuration interface. Some success, some not-success, though that may clear itself up in the future.

For interested readers, a brief explanation of my code wrangling. I code in the time left over between "feed the cats" and "get dressed" in the morning. I have about 90 minutes from when the alarm clock starts going off until I need to start leaving home. This is so I have a bit of a time buffer for those mornings when it's hard to get up. Out of those 90 minutes, I usually end up having about 50 left available for assorted sitting in front of the computer. That time is divcided between "poke the computer", "poke code" and "randomly click around in a browser". Most of the code I've posted about and/or published over the last 2-3 years has been done in that approximate time window (on a daily basis). The only thing I can think of that was done significantly out of that was the code to read cflowd data files and that was because it started out as a work project.

Home network is back up and seems stable.

In the "new and interesting data collection" department, I have one IP on my /29 that is filtered so that it will silently drop all incoming packets and has a tcpdump process hooked in to dump packets intp PCAP files for later perusal and statistics gathering (yes, this ties in with me writing CL code to parse the resulting PCAP files).

The CL code is slowly taking shape, my morning hacking time has been rather heavily hit by "being tired", caused by less than completely restful nights, caused by slight stress. Things are slowly returning to sanity, more about that later. But, at this point in time, it recognises ethernet frames and can extract both IP and ARP from there. Once it's extracted IP it can then extract TCP or UDP from there (no further protocol extraction has been attempted). All parsed frames returned also has pointers to "parsed payload" and "enclosing frame", so given one parsed piece of content, it's possible to wander in and out of the encapsulation layers.

I hope to have (some) pretty-printing done, soon, so there's something exciting to show.

Ooops!

Seems I forgot to update one VITALLY important piece of configuration in this weekend's IP change-over. I forgot to update the Apache config file with the relevant IP details, leaving the old netblock in place.

Unfortunately, this means that quite a few virtuals were not up and running. I do apologise for anyone having had to suffer 404s since Saturday. It should be fixed now, though.

Things have been a bit... tense the last week and a bit. There are reasons for this, but I shan't expand on that here.

I have done almost no coding as a result of this (well, a partial unpacker for PCAP files, but that doesn't count). This might change, but as of now, I wouldn't expect any immediate changes, it's stressing and fretting rather than relaxed coding for me. I might (possibly) squeeze out an NTAR reader, because it's close enough to the PCAP reader (and should have a lot of code in common, once you're down at "ethernet frame" level, you should be able to go from there).

Oh, thought... It might be handy to have a writer, too.

Look forward to a new release of Gamelib soon.

Primary reason? It's hard to actually judge what needs and needs not be exposed from a library unless one actually tries USING the library. Yes, I'm writing a new game, this time it's 3D and navigating through a labyrinth (16x16x16 rooms, guaranteed minimum one solution, requires joystick).

At some point, I probably should look at Windows portability and/or OpenGL, shouldn't I? Ah, well, not today.

Gamelib 0.4 released. The only change is the addition of (linux-only) is joystick support (and a small stick-using demo application).