Nice. Microsoft has released the Hyper-V drivers as GPLv2. I know was a hard step for Microsoft to take, since it means acknowledging GPL and respecting the Linux community. The releasing of the drivers is good news for users, developers, and in the end Microsoft as well. Like most GPL related actions, a lot of work was done behind the scenes to get the offending company into compliance.
This saga started when one of the user's on the Vyatta forum inquired about supporting Hyper-V network driver in the Vyatta kernel. A little googling found the necessary drivers, but on closer examination there was a problem. The driver had both open-source components which were under GPL, and statically linked to several binary parts. The GPL does not permit mixing of closed and open source parts, so this was an obvious violation of the license. Rather than creating noise, my goal was to resolve the problem, so I turned to Greg Kroah-Hartman. Since Novell has a (too) close association with Microsoft, my expectation was that Greg could prod the right people to get the issue resolved.
It took longer than expected, but finally Microsoft decided to do the right thing and release the drivers.
Monday, July 20, 2009
Friday, June 5, 2009
Networking at Linux Plumbers Conference
Hey kernel developers, more proposals related to networking submitted for the Linux Plumbers Conference. This is the chance to have in-person discussions about future proposals like receive packet steering, RCU netfilter optimization, unified flow cache, and all those other topics that need need more brainstorming and discussion.
The Netconf 2009 is also being planned to occur before LPC.
The Netconf 2009 is also being planned to occur before LPC.
Tuesday, February 17, 2009
Parallelizing netfilter
The Linux networking receive performance has been mostly single threaded until the advent of MSI-X and multiqueue receive hardware. Now with many cards, it is possible to be processing packets on multiple CPU's and cores at once. All this is great, and improves performance for the simple case.
But most users don't just use simple networking. They use useful features like netfilter to do firewalling, NAT, connection tracking and all other forms of wierd and wonderful things. The netfilter code has been tuned over the years, but there are still several hot locks in the receive path. Most of these are reader-writer locks which are actually the worst kind, much worse than a simple spin lock. The problem with locks on modern CPU's is that even for the uncontested case, a lock operation means a full-stop cache miss.
With the help of Eric Duzmet, Rick Jones, Martin Josefsson and others, it looks like there is a solution to most of these. I am excited to see how it all pans out but it could mean a big performance increase for any kind of netfilter packet intensive processing. Stay tuned.
But most users don't just use simple networking. They use useful features like netfilter to do firewalling, NAT, connection tracking and all other forms of wierd and wonderful things. The netfilter code has been tuned over the years, but there are still several hot locks in the receive path. Most of these are reader-writer locks which are actually the worst kind, much worse than a simple spin lock. The problem with locks on modern CPU's is that even for the uncontested case, a lock operation means a full-stop cache miss.
With the help of Eric Duzmet, Rick Jones, Martin Josefsson and others, it looks like there is a solution to most of these. I am excited to see how it all pans out but it could mean a big performance increase for any kind of netfilter packet intensive processing. Stay tuned.
Thursday, December 18, 2008
GPL violations close to home
Many times I hear about GPL violations in vendors software, especially it seems in embedded routers. There are two cases which hit me in my home.
The first is our FIOS router which is an Actionec MI424-WR which runs Linux inside. You can even get to a telnet prompt. The problem is that it has a crappy DHCP server and always seems to assign different IP addresses even to the same MAC address. This breaks ssh and other services which do strong man-in-the-middle prevention. It seem the vendor hasn't fixed the problem, but as a result of a GPL violations suit the some source is available but the DHCP code is not included probably because it is BSD licensed so they don't have to. Given this I'll just punt and do the lazy solution and just turn it into an dumb Ethernet bridge and use something better like Vyatta V514 test box or Linksys WR54TG, both of which are repairable.
The second is the Asus P6T motherboard which has a SplashVM feature. This allows booting to a lightweight desktop in less than a minute (the BIOS is still slow to get its hardware setup). The desktop is based on Linux with standard kernel and browser. It is kind of a toy, but good for checking gmail etc. Since SplashVM is using GPL, if the vendor was following the GPL license I should be able to find the source on their website. It is possible to find some pieces on the Splashtop vendor website, but it is the responsibility of the system vendor not the subcontractor to make available the source for the actual firmware they are shipping. In this case, it matters to me for a couple of reasons. I wrote the driver for the Marvell Yukon-2 EC Ultra NIC's on this motherboard and would like to know if 1) the vendor fixed some bugs 2) the vendor still has some bugs that other users will pester me about. As copyright holder for this driver, I may have to go nasty to find out; stay tuned.
The first is our FIOS router which is an Actionec MI424-WR which runs Linux inside. You can even get to a telnet prompt. The problem is that it has a crappy DHCP server and always seems to assign different IP addresses even to the same MAC address. This breaks ssh and other services which do strong man-in-the-middle prevention. It seem the vendor hasn't fixed the problem, but as a result of a GPL violations suit the some source is available but the DHCP code is not included probably because it is BSD licensed so they don't have to. Given this I'll just punt and do the lazy solution and just turn it into an dumb Ethernet bridge and use something better like Vyatta V514 test box or Linksys WR54TG, both of which are repairable.
The second is the Asus P6T motherboard which has a SplashVM feature. This allows booting to a lightweight desktop in less than a minute (the BIOS is still slow to get its hardware setup). The desktop is based on Linux with standard kernel and browser. It is kind of a toy, but good for checking gmail etc. Since SplashVM is using GPL, if the vendor was following the GPL license I should be able to find the source on their website. It is possible to find some pieces on the Splashtop vendor website, but it is the responsibility of the system vendor not the subcontractor to make available the source for the actual firmware they are shipping. In this case, it matters to me for a couple of reasons. I wrote the driver for the Marvell Yukon-2 EC Ultra NIC's on this motherboard and would like to know if 1) the vendor fixed some bugs 2) the vendor still has some bugs that other users will pester me about. As copyright holder for this driver, I may have to go nasty to find out; stay tuned.
Wednesday, October 1, 2008
Netfilter workshop day 1
At netfilter workshop, Patrick McHardy described an exciting new feature implementation of netfilter firewalling called nftables. This has the promise of reducing 100's of netfilter modules down to a smaller kernel footprint, and allow for optimization of rulesets. Eric Leblond's blog has more information.
Friday, September 12, 2008
Open Source is alive and well in PDX thank you
I really should stop reading the Oregonian, they do such a poor job of covering high tech and the business section is especially weak. The recent piece about OSCON moving to Silly Valley overlooked so many obvious things like the Linux Plumber's Conference next week, the Kernel Summit not to mention the Open Source technology center, Oracle office in Portland, Portland State, and Free Geek. So the loss of one conference which is mostly attended by out of town people is really no impact on the local open source infrastructure.
Sunday, August 31, 2008
Only aliens can configure selinux?
Sunday 8/31 user friendly cartoon is great.
Do these people look like aliens?
Guess I'll have to give up on trying to setup selinux.
Do these people look like aliens?
Guess I'll have to give up on trying to setup selinux.
Subscribe to:
Posts (Atom)
