troll i eske februar

kommende filmer fra filmweb.no, minus de som vises på gimle filmfest og minus de som ikke er "troll-i-eske-genre":

• Fjellet
• Miral
• 80 dager
• 14 kilometer
• onkel boonmee
• the adjustent bureau
• exteriors

netfilter

Linux has a very comprehensive set of modules for filtering and changeing network packets as they flow by the network stack. However, this framework has been through several major and quite a few minor re-designs (the last major one seems to be the introduction of the nf_conntrack subsystem i 2.6.15).

There are vast amounts of documentation available on the web, but very little is up to date with the last changes. I will try to summarize my experiences with kernel 2.6.32.

Some pointers for good places to start:

• This is a good introduction, which also covers the last changes (pdf)
• The authorative source is netfilter.org, but most documentation there is outdated by almost a decade.
• This tutorial from Oskar Andreasson is not too out of date
• You can also take a look at the wikipedia page for iptables which has a nice flowchart

A quick introduction for the impatient:

• Each network packet is sent through a set of tables
• For each table, the packet is sent through a set of chains, which chains depend on the final destination of the package; inbound, outbound or routing through (see the drawing on wikipedia for a full picture
• Each chain has a default rule, and can have a set of additional rules
• Each rule is a filter and a command. The filter can be anything that the netfilter framework can find in the package: interface, source, destination, port, protocol etc. The command is either a pre-defined one (DROP, ACCEPT, REJECT etc) or a user-defined table. The filter kan be regarded as an "if"-statement, and the command as a functin call. But pay attention that not all commands make sense in all tables or all chains. Read the documentation for details.
  

udhcpc

One of the utilities bundled in BusyBox is the udhcpc DHCP client.  This is a tool according to the unix principle of: do one thing and do it well.  The udhcpc command handles the DHCP protocol as described in RFC 2131, but it doesn't actually configure the network based on the replies.

However, the documentation available from busybox is not very comprehensive.  There is a man-page available which can be found by googling udhcpc - very small DHCP client.

The operation of udhcpc is simple and unix-y.  When it receives a reply from a DHCP-server, it calls a script with one parameter, which is one of:

• deconfig: remove configuration (when lease is lost or udhcpc starts)
• bound: moving from unbound to bound state (receives configuration)
• renew: lease is renewed
• nak: nak received from server
• leasefail: (not documented in the man-page): run if there is no reply after configured timeouts and retries

lots of other configuration parameters available as environment variables.  The example scripts included with busybox implements these by configuring udhcpd to call a script which calls: simple.$1 (and of course there are 4 scripts: simple.deconfig, simple.bound, simple.renew, simple.nak).  Simple and easy!

I have basically used the sample scripts that came with BusyBox (examples/udhcpc/*), but converted them to using the ip(8)-command instead of ifconfig(8). I also added logging to syslog with the following function:

log() {
  logger -p daemon.info -t dhcp $*
}