Seems that the merge window for the upcomming 3.2 close. In davem’s net-next for 3.3 there are a couple of network emulator improvements: rate extension allows to shape the traffic to n bytes/second Currently netem is not in the ability to emulate channel bandwidth. Only static delay (and optional random jitter) can be configured. To emulate the channel rate the token bucket filter (sch_tbf) can be used. But TBF has some major emulation flaws....

Wow, two new git diff options: –minimal to spend extra CPU cycles to generate a shorter diff –function-context to display the whole function that was affected by the change. Nice for reviews by people without the whole context in mind.

I started to inform how Cisco ASA, Cisco PIX and Cisco FWSM firewall appliance secure their domain from DNS traffic. What is possible, what can I transport over DNS without increased drop probability. I question myself what DNS flags can be touched without any flaw. I must admit that I’m no Cisco expert - not at all. If I look at the configuration possibilities I have to say “wow”: class-map inspection_default match default-inspection-traffic policy-map type inspect dns preset_dns_map parameters dns-guard id-randomization message-length maximum 512 id-mismatch count 10 duration 2 action log exit match header-flag RD drop policy-map global_policy class inspection_default inspect dns preset_dns_map service-policy global_policy global What administrator knows DNS at this level?...

The translation lookaside buffer is a high-speed memory page cache for virtual to physical address translation. It follows the local principle to avoid time consuming lookups for recently used pages. But what happened in a virtual environment (e.g. kvm, xen, vmware)? Host mappings are not coherent to the guest and vice versa. Each guest has it’s own address space, the mapping table cannot be re-used in another guest (or host). Therefore first generation VMs like Intel Core 2 (VMX) flush the TLB on each vm-enter (resume) and vm-exit....

Davem wrote that he sometimes accidentally type make -j 128 on his Intel platform (btw: davem is Sparc maintainer). Rusty wrote that this was the main purpose to write ccontrol. A wrapper to control distcc, ccache and make. Via ccontrol you can configure the current setup for the local machine. After that you use ccontrol instead of make and ccontrol will use the configured setting for this environment. A standard configuration, generated via ccontrol-init on a Dual Core Processor looks like the following (~/....

Matthew Garrett blogged one more time about UEFI isses. To cite the most criticial problem: “This is a little awkward for a couple of reasons. First, it means that any updates to the bootloader would require the user to manually accept the binary again. Second, as we’ve seen with https, there’s the risk of uesrs just blindly accepting things. If it’s acceptable to do this off internal media[5] then malware could just rely on some number of users saying “yes”....

Category: unlimited. The ELF spec has no real (artificial) symbol name limitation. It only restricts offsets in string table by 4 bytes. And gcc/gdb are consequent: they also introduce no artificial limitation. Of course, resolving dynamic linked object requires hashing and strcmp’ing these symbol names. Especially larger projects with lots of symbols will suffer from this (you may notice this for C++ symbols because of namespace bloat).

Today is one of these wacky days where nothing works (problems with kvm-tool, problems with RAM backed block device driver and kvm interaction and so on. But today was also the day of another Round of Vladimir Makarov gcc-versus-llvm round (gcc mailing list). To summary the highlights: LLVM is not faster as GCC (this is a often repeated lie): If you need the same generated code quality and compilation speed as LLVM -O2/-O3 you should use GCC with -O If you want 10%-40% faster generated code, you should use GCC with -O2/-O3 and you need 20%-40% more time for compilation (150%-200% if you use GCC LTO) Vladimir believe that LLVM code performance is far away from GCC because it is sufficiently easy to get first percents of code improvement, it becomes much harder to get subsequent percents Vladimir used this year -Ofast -flto -fwhole-program instead of -O3 for GCC and -O3 -ffast-math for LLVM....

The last two days I programmed an system with n input channels and n output channels. The system multiplex the input packet to the actual output channel, depending on packet IP destination address (and do some packet mangling, but this does not matter here). But the output channel can block (the socket returns EAGAIN, e.g. if TCP peer close the window). Each received packet is enqueued in the input queue. If the output channel is blocked then the input queue is stalled, no new packet can be transmitted, although the packet is indent for another output queue - this is bad....

Some thoughts about recent activity here at TCPM and some other places. Since several years vendors and web companies try to address web performance problems by adjusting TCP. Congestion control, slow start (IW10), timeouts and the like are addressed like a function of time: IW10 seems adequate for 2011, IW15 for 2013, IW20 for 2016 and so on. Timeouts are adjusted to current “consumer” networks. But the actual network characteristic is hardly a function of date, it is a function of the effective link characteristic between two endpoints in a packet switched networks with no a priori bandwidth guarantee....