netfilter submit day

Since 2.4.21 has finally been released and the 2.4.22-preX series are coming up, I'v decided to feed lots of pending patches to DaveM... currently its 18 seperate patches. Let's see if he likes some more mails in his inbox ;)

Apart from that, I'm mostly working on netfilter rule loading optimiziation. That is, removing some O^2 complexity code from libiptc, and optimizing the loop detection code insie the kernel.

When I find some spare time, I play with the new Dual Opteron Box below my desk...

... well... another long time since the last entry.

what happened in the meantime?

• have hacked a virtual ethernet transport (based on multicast) for user-mode-linux, so now we can have virtual ethernets between user-mode-linux'es on multiple machines
• lots of netfilter+iptables stuff. Mainly the new infrastructure for conntrack + nat helper modules, and various bugfixing as well as releasing 1.2.2
• digging into Wireless LAN, reading IEEE 802.11 specs, finding a shop where to buy a reasonable priced PRISM2 based card for 802.11 link-layer sniffing...
• reading into IEEE1394 and the OHCI1394 specs, and the linux ieee1394 stack.
• reading into SNA in general, as well as linux-sna
• some minor enhancements for ulogd
• Given a QoS talk at Linux Expo Sao Paulo
• Given the same QoS talk at CEFET-PR (brazilian university in Curitiba)

some future stuff... I'm going to give talks at the following conferences/events:

• LSM2001, Bordeaux, FR (about netfilter/iptables)
• OLS2001, Ottawa, CA (no talk, just netfilter BOF)
• HAL2001, Twente, NL (netfilter/iptables)
• LBW2001, Bouillon, BE (netfilter/iptables)
• Linux Expo Birmingham, Birmingham, UK (netfilter/iptables tutorial)

... three months since my last diary entry, when is this ever going to change.

Well, quite a lot happened since then, though. Arrived four weeks ago in Brazil, and really enjoy it here.
News regarding free software development:

• netfilter/iptables
  • a lot of support on mailinglists and newsgroups, mainly alone - Rusty is on holiday
  • released iptables 1.2.1 and 1.2.1a
  • further work on making conntrack work with multiple related connections per master-connection
  • generic sequence offset api for nat helpers seems stable
  • integrating and testing a lot of user-contributed patches
• released new ulogd (0.93) revision
• spent multiple days trying to debug the uml virtual ethernet, no success so far
• started a completely new project (see http://www.gnumonks.org/projects called ASIS. it is a asynchronous streaming imap synchronizer, replicating imap mailboxes on other machines and capable of propagating state changes (read, unread, flagged, replied) back to the server. This enables me to hav eall my emails replicated on two notebooks, workstation in brazil and server in germany.

Oops.. it's been almost two month since my last diary entry at advogato.

I really have to change this lousiness and write more regularly.

Well... let's see what happened in the meantime:

• decided to work with Conectiva in Brazil
• the 17th Chaos Communication Congress where I did a renewal of my netfilter talk and met a lot of really cool hackers :)
• more netfilter hacking. IPv6 fixes, iptables-save/restore, ...
• bought a sony DV-Camera, still have no success in using it in combination with Linux libraw1394 / video1394
• got a Apple G4 to have a big-endian platform for development. It's a really cool machine, GBit ethernet onboard, airport, 64bit PCI, ...
• registered for OLS2001

Now I have only one week left till departure to linux.conf.au... and there is a _LOT_ of work left, especially all the preparations for the 'big move' to .br

To make it even worse, the TODO list is growing all the time. Apart from all the netfilter stuff, the 2.4 port of the international kernel patch still needs a lot of work...

I've arrived two days ago in Curitiba, Brazil. Spent most of the weekend together with acme talking about a lot of things, mostly about Brazil of course.

On the flight from Germany to Brazil I had enough time to do some more netfilter work:

• extended ttl match (not only ttl=n but also ttl<n, ttl>n)
• IPv6tables icmp bugfixes
• MARK target and mark match for IPv6 fixed
• REJECT target for IPv6 added
• mangle table for ipv6