Free Software programmer
rusty@rustcorp.com.au
Subscribe
Subscribe to a syndicated
feed of my weblog, brought to you by the wonders of
RSS.
This blog existed before my current employment, and obviously reflects my own opinions and not theirs.
This work is licensed under a Creative Commons Attribution 2.1 Australia License.
Categories of this blog:
IP issues
Technical issues
Personal issues
Restaurants
Older issues:
All 2008 posts
All 2007 posts
All 2006 posts
All 2005 posts
All 2004 posts
Older posts
Tue, 11 Oct 2005
Netfilter Workshop / Summit
Good weather in Savilla. I imbibed a little too much on the Friday night celebrating the cluefulness of the Australian High Court, so was less effective on the second hacking day than I would have liked.
Some points included:
- A solution for Peer-to-peer NAT and BEHAVE: Jesse Peng provided the idea. Basically, a P2PNAT target which keeps a hash table to ensure we don't allocate the same source IP/port to two NAT connections. This allows us to do hairpin NAT (it probably needs to set up an expectation to catch these). Also needs to set a flag so TCP window tracking will allow simultaneous open, and not drop immediately on RST (the latter can happen if the other end firewalls).
- Nfsim seems to be attracting more of a following in the core team. Joszef committed window tracking tests! Harald wants netlink support, and also an actual nfsim release. I applied updates for 2.6.14 (thanks to Max Kellerman), and cleaned up the tests a little.
- More thinking on the use of a hash trie and progress. There are several benefits for speed and scalability, although the are still fairly sizable tuning questions. Martin Josefsson is playing here.
- Possible simplification and scalability improvements on the expectation code. It's more general than it needs to be at the moment.
[/tech] permanent link
