Harald Welte's blog

Categories

Root (573)
- ccc (15)
- electronics (3)
- gsm (2)
- knf (4)
- linux (437)
  - a780 (38)
  - ath-driver (1)
  - conferences (66)
  - cyberjack (4)
  - gnuradio (4)
  - gpl-violations (95)
  - gspc (6)
  - mrtd (24)
  - netfilter (108)
    - ct sync (6)
  - opentom (7)
- misc (3)
- personal (64)
  - bollywood (11)
- photography (9)
- politics (14)
  - swpat (3)

Archives

2006 (121)
- September (8)
- August (10)
- July (13)
- June (21)
- May (13)
- April (23)
- March (6)
- February (14)
- January (13)
2005 (248)
- December (8)
- November (25)
- October (33)
- September (22)
- August (17)
- July (30)
- June (27)
- May (21)
- April (14)
- March (22)
- February (13)
- January (16)
2004 (198)
- December (8)
- November (18)
- October (18)
- September (15)
- August (19)
- July (17)
- June (11)
- May (5)
- April (22)
- March (13)
- February (24)
- January (28)
2003 (5)
- December (3)
- November (1)
- September (1)
2002 (1)
- February (1)

Harald's Web
gnumonks.org
hmw-consulting.com
dunkelromantik.org

Projects
netfilter/iptables
ulogd
asis
gspc
opentom.org
librfid
openmrtd
gpl-devices.org
gpl-violations.org

Other Bloggers
Rusty Russell
David Miller
Martin Pool
Lawrence Lessig
Sirtaj Singh Kang
Jeremy Kerr
Atul Chitnis
Frank Rosengart (German)
Tim Pritlove
fukami

Aggregators
kernelplanet.org
planet.netfilter.org
planet.openezx.org
planet.foss.in

Articles on this blog/journal are licensed under a Creative Commons Attribution-NoDerivs 2.5 License.

Wed, 29 Jun 2005

ct_sync, kernel 2.6.10, NAT and masquerade

Following up some thorough testing and debugging, I finally got both (SNAT, DNAT) and MASQUERADe to work with ct_sync on a 2.6.10 kernel.

Apart from forgetting to disable TCP window tracking, there were some subtle mistakes in #ifdef/endif of the code that actually prevented whole sections from being built ;)

Debugging the problem however has forced me to update the ct_sync ethereal plugin (screenshot) to parse almost every bit within the ct_sync protocol.

[ /linux/netfilter/ct_sync | permanent link ]

Wed, 04 May 2005

Back to ct_sync

I've managed to get back to work on ct_sync again. The final steps towards full multi-master operation are underway. Apart from some changes to the protocol on the wire, there is a major reorganization of almost all involved data structures.

I'm deeply sorry for not having been able to continue at the pace that I wanted (and promised some customers), but there have been lots of issues that I couldn't push back and had to deal with them immediately.

[ /linux/netfilter/ct_sync | permanent link ]

Sat, 12 Mar 2005

ct_sync now fully modular

ct_sync is now able to run multiple instances on one node, allowing vrrp-like setups! Thanks go to http://svn.netfilter.org/netfilter/branches/netfilter-ha/linux-2.6-actact/

The next couple of weeks will be focusing on testing and real active-active setups with multiple masters. My brain is already smoking from all the synchronization issues ;)

[ /linux/netfilter/ct_sync | permanent link ]

Tue, 08 Mar 2005

Picked up working on ct_sync again

I've recently again picked up the work on ct_sync. The final goal ist to support real active-active fail-over setups. Before the real work on that particular issue can start, there are a number of prerequisites, like:

multiple cluster instances on one node
new sysfs-based configuration interface

[ /linux/netfilter/ct_sync | permanent link ]

Thu, 10 Feb 2005

Some more ct_sync fixes

The latest bug (endless loop) was caused by one of my last bugfixes. Apparently I introduced an endless loop into a linked list (the nat bysource hash).

[ /linux/netfilter/ct_sync | permanent link ]

Sat, 22 Jan 2005

Work starting on ct_sync active-active

The swiss company dremalab wants to sponsor me to work on an extension of ct_sync for active-active setups. More detailed news will appear very soon on the netfilter page and/or on this blog. Stay tuned.

[ /linux/netfilter/ct_sync | permanent link ]

Harald Welte's blog

	RSS Categories Root (573) ccc (15) electronics (3) gsm (2) knf (4) linux (437) a780 (38) ath-driver (1) conferences (66) cyberjack (4) gnuradio (4) gpl-violations (95) gspc (6) mrtd (24) netfilter (108) ct sync (6) opentom (7) misc (3) personal (64) bollywood (11) photography (9) politics (14) swpat (3) Archives 2006 (121) September (8) August (10) July (13) June (21) May (13) April (23) March (6) February (14) January (13) 2005 (248) December (8) November (25) October (33) September (22) August (17) July (30) June (27) May (21) April (14) March (22) February (13) January (16) 2004 (198) December (8) November (18) October (18) September (15) August (19) July (17) June (11) May (5) April (22) March (13) February (24) January (28) 2003 (5) December (3) November (1) September (1) 2002 (1) February (1) Harald's Web gnumonks.org hmw-consulting.com dunkelromantik.org Projects netfilter/iptables ulogd asis gspc opentom.org librfid openmrtd gpl-devices.org gpl-violations.org Other Bloggers Rusty Russell David Miller Martin Pool Lawrence Lessig Sirtaj Singh Kang Jeremy Kerr Atul Chitnis Frank Rosengart (German) Tim Pritlove fukami Aggregators kernelplanet.org planet.netfilter.org planet.openezx.org planet.foss.in Articles on this blog/journal are licensed under a Creative Commons Attribution-NoDerivs 2.5 License.	Wed, 29 Jun 2005 ct_sync, kernel 2.6.10, NAT and masquerade Following up some thorough testing and debugging, I finally got both (SNAT, DNAT) and MASQUERADe to work with ct_sync on a 2.6.10 kernel. Apart from forgetting to disable TCP window tracking, there were some subtle mistakes in #ifdef/endif of the code that actually prevented whole sections from being built ;) Debugging the problem however has forced me to update the ct_sync ethereal plugin (screenshot) to parse almost every bit within the ct_sync protocol. [ /linux/netfilter/ct_sync \| permanent link ] Wed, 04 May 2005 Back to ct_sync I've managed to get back to work on ct_sync again. The final steps towards full multi-master operation are underway. Apart from some changes to the protocol on the wire, there is a major reorganization of almost all involved data structures. I'm deeply sorry for not having been able to continue at the pace that I wanted (and promised some customers), but there have been lots of issues that I couldn't push back and had to deal with them immediately. [ /linux/netfilter/ct_sync \| permanent link ] Sat, 12 Mar 2005 ct_sync now fully modular ct_sync is now able to run multiple instances on one node, allowing vrrp-like setups! Thanks go to http://svn.netfilter.org/netfilter/branches/netfilter-ha/linux-2.6-actact/ The next couple of weeks will be focusing on testing and real active-active setups with multiple masters. My brain is already smoking from all the synchronization issues ;) [ /linux/netfilter/ct_sync \| permanent link ] Tue, 08 Mar 2005 Picked up working on ct_sync again I've recently again picked up the work on ct_sync. The final goal ist to support real active-active fail-over setups. Before the real work on that particular issue can start, there are a number of prerequisites, like: multiple cluster instances on one node new sysfs-based configuration interface [ /linux/netfilter/ct_sync \| permanent link ] Thu, 10 Feb 2005 Some more ct_sync fixes The latest bug (endless loop) was caused by one of my last bugfixes. Apparently I introduced an endless loop into a linked list (the nat bysource hash). [ /linux/netfilter/ct_sync \| permanent link ] Sat, 22 Jan 2005 Work starting on ct_sync active-active The swiss company dremalab wants to sponsor me to work on an extension of ct_sync for active-active setups. More detailed news will appear very soon on the netfilter page and/or on this blog. Stay tuned. [ /linux/netfilter/ct_sync \| permanent link ]