I’ve also been working on Firestorm, improving the arp decoder and developing my macwatch arpwatch clone. Hopefully this will appear in the latest Firestorm tree soon.

I recently ditched my aging Linux wireless bridge/router/firewall in favour of a little Linksys device that cost no more than 60 pounds, uses considerably less electricity and makes almost no noise. The price is impressive and even the device seems to work ok. One thing it can’t deal with properly at all is the TCP ECN flag. The web admin port just sends a RST. Can you believe a Cisco company would make this mistake? Yes. I can.

Also, I’ve created an rpm2html index of all the RPMs in my downloads tree. Some are old crap I’ve not bothered deleting yet, but there is some stuff in there that will be useful to someone (not just google).

Gianni will be home from Luxembourg soon.

I’ve been playing with keepalived over the last couple of weeks. It’s basically an entire Linux HA cluster system. It does the job of heartbeat for failover and incorporates LVS for load balanced services. It looks really great but I’ve managed to upset it a few times by restarting the daemon too much. Also I’ve found using bonded ethernet interfaces with multicast traffic results in multiple copies of the packets coming out of bond0, which really confuses the keepalived anti-replay sequence numbers (Hey, I’ve seen that packet already!). I’ve reported it to the keepalived guys and will do the same for the bonding people. I’m not sure whose problem it is to solve.

I’ve also been working on Firestorm again, primarily on my mac/arp watcher preprocessor. It now saves state between restarts, and reports on more nefarious ethernet/arp. It’ll be included in the next release of Firestorm.

RedHat’s latest change of support plans for RedHat Linux seems to be doing what was intended, getting more people to purchase Advanced Server (and the new Enterprise Server and Workstation) rather than leeching off them. Good for RedHat. There have been too many idiots selling RedHat Linux-based solutions expecting the coloured headgear company to do the hard work of beta testing, bug fixing etc.etc. for free.

I’m also working with some Cisco PIX firewalls to make them play nice with FreeS/WAN on Linux. I’ll put some example configs up here at some point. I’m going to take the Cisco VPN exam and be one step closer to a CCSP (I’m really not sure if this is a good or a bad thing career-wise). The original Cisco press VPN book has some serious problems with factual content. The authors seems to have little understanding of the underlying technology. I guess you don’t need to know it to parrot-type the Cisco commands in (or copy and paste them, as I often see) and charge 200 quid an hour, but it would be nice to be a bit professional about things.

My Mozilla/Galeon is broken on Debian unstable. Using gdb I found /usr/lib/mozilla/components/libimglib2.so to be the culprit, so just moved it out the way. I now have Galeon working with no images which suits me fine. In fact, as everything loads so quickly and is far less offensive to the eye, I may keep it this way permanently.

Program received signal SIGSEGV, Segmentation fault.
0x0de9de98 in NSGetModule () from/usr/lib/mozilla/components/libimglib2.so

I have also been putting some time into the IPX support in Firestorm I originally started. I’ve fixed a couple of things Gianni broke during his clean-up, and have begun work on a matcher. This adds support for IPX in snort signatures, which is kinda cute.

Having lots of trouble getting Coldfusion “MX”(tm) to work on Linux for a client. It is invariably unstable and crashes thousands of times a second (see diary: Nov 25 2002). Macromedia want to charge us $500 to report this. Apparently we’ll get our money back if it is confirmed as a genuine bug. We’re considering billing for the bug hunting we’re doing for them instead. With the tens of thousands of SIG4 and SIG11 crashes we’d be quids in charging per bug. Now if only an open-source project such as PHP existed.

New patch for IPX support on Firestorm. Fixes a few lame bugs and possible remote DoSs Gianni pointed out to me. Also improved the SAP support a little.