After my last kernel upgrade I tried to build the iptables mirror target published here. The iptables mirror target takes the packet sent to your machine and returns the same packet to the machine the packet came from. Thus, let’s say someone tries to scan your machine or tries an attack he would scan his own machine or even attack his own machine. Guess what happened when I tried it with kernel versions 3.1 and 3.2 , it did not build anymore with the current linux kernel. There were some changes in the  kernels network stack. So I had to modify the iptables mirror target again to make the module work with current kernel versions. You can download the newer release for kernel version 3.1 and probably future kernels here:

MIRROR.3.1.0.tar.gz (11165 downloads )

The kernel module has been tested with kernel version 3.2.1 and 3.1. To build the module, boot the kernel you want to use the module with. Afterwards unpack the archive and run the compile.sh script to build the module. Then run the install.sh script for installing the compiled module into the /lib/modules directory for your kernel.

Now you may use the mirror target in place of the REJECT or DROP target in the INPUT, FORWARD and PREROUTING chains, like this in your firewall script:

$IPTABLES -A INPUT -j MIRROR

Beware: The use of the mirror target may lead to strange results, in example if you want to connect to an iptables protected machine which uses the mirror target, you may end up connecting to the local machine without recognizing it. It also may use much bandwith. The worst case occurs if you have two machines using the module. These machines may end up playing ping pong. So you have been warned, use with caution and at your own risk. For more information see: MIRROR target.

Downloads for older kernel versions are below. Notice the version numbering 2.6.25 works for kernels up to 2.6.27. 2.6.28 also works for 2.6.29 and 2.6.30 kernels. The 2.6.13 version of the module should work up to kernel version 2.6.16.

MIRROR.3.0.7.tar.gz (11471 downloads ) MIRROR.2.6.37.tar.gz (11882 downloads ) MIRROR.2.6.36.tar.gz (12001 downloads ) MIRROR.2.6.35.tar.gz (12011 downloads ) MIRROR.2.6.31 (12070 downloads ) MIRROR.2.6.28.tar.gz (12496 downloads ) MIRROR.2.6.25.tar.gz (12381 downloads ) MIRROR.2.6.24.tar.gz (13036 downloads ) MIRROR.2.6.13.tar.gz (12421 downloads )

regards
Jürgen

(1 votes, average: 5.00 out of 5)

Loading...

Posted in kernel, linux, networking, security | 3 Comments »

Starting with the 2.6.36 kernel, tuxonice has been removed from zen-sources. The latest tuxonice patch that is available is for the linux kernel 3.0.  So I patched the zen-stable-3.0 sources with tuxonice. Hopefully a patch for more recent kernel versions will be available soon.

Suspend to RAM works with this kernel, at least on my Dell Precison M65 and my Desktop, as well as suspend to disk does.

To get things to work, download the zen-stable-3.0 kernel tree from zen-kernel.org and extract it. Afterwards download the tuxonice patch from tuxonice.net and apply it. For getting the zcache feature, to work you have to download and apply this patch: linux-3.0-zcache-fix.patch.bz2 (1270 downloads ) The zcache feature doubles RAM efficiency while providing a significant performance boosts on many workloads.  The patch has been extracted from vserver-sources-2.3.2.5 with working zcache feature.  After applying the patch  you can continue with the standard kernel building process. The zcache feature is located under staging drivers in the kernel tree and depends on the cleancache feature, which is located  under processor types and features. To enable the zcache feature, you have to pass the zcache keyword to your kernel, in example in your grub.conf.

Example: kernel /bzImage panic=60 root=/dev/hda3 zcache

For Gentoo users there is a more easy way: Download my modified overlay from zen-sources-3.0.tar.gz (1134 downloads ) and extract it in /usr/local/portage. Be sure to include the following line in your /etc/make.conf:

PORTDIR_OVERLAY=”/usr/local/portage”

If you want to use tuxonice include tuxonice in your USE-flags. Then emerge zen-sources and build the kernel as you wish.

Tuxonice is not officially supported in current zen-sources. So If you’re using the files above, don’t report any bugs to zen-sources.org. You are on your own.

For my Precision M65 I used the following kernel config: config_zen_3.0_dell_m65.zip (1166 downloads )

For more information on the zen-sources patchset see www.zen-sources.org.

best regards

Jürgen

(No Ratings Yet)

Loading...

Posted in gentoo, kernel, linux, zen-sources | No Comments »

After my last kernel upgrade I recognized that the iptables mirror target I published here does not work anymore with kernel version 3.0. There were some changes in kernel code. Thus I had to modify the iptables mirror target again to make it work with current kernel versions. You can download the newer release for kernel version 3.0 and probably future kernels here:

MIRROR.3.0.7.tar.gz (11471 downloads )

The kernel module has been tested with kernel version 3.0.7. According to the kernel changelog it should work with kernels since 2.6.39. If you have tried the mirror module with other kernel versions  than 3.0.7, please leave a reply for others to know whether other versions work, or not.

To build the module, boot the kernel you want to use the module with. Afterwards unpack the archive and run the compile.sh script to build the module. Then run the install.sh script for installing the compiled module into the /lib/modules directory for your kernel.

Now you may use the mirror target in place of the reject or drop target in the INPUT, FORWARD and PREROUTING chains, like this in your firewall script:

$IPTABLES -A INPUT -j MIRROR

Beware: The use of the mirror target may have strange results, in example if you want to connect to an iptables protected machine which uses the mirror target, you may end up connecting to the local machine without recognizing it. It also may use much bandwith. The worst case occurs if you have two machines using the module.  These machines may end up playing pingpong. So you have been warned, use with caution and at your own risk. For more information see: MIRROR target.

Downloads for older kernel versions are below. Notice the version numbering 2.6.25 works for kernels up to 2.6.27. 2.6.28 also works for 2.6.29 and 2.6.30 kernels. The 2.6.13 version of the module should work up to kernel version 2.6.16.

MIRROR.2.6.37.tar.gz (11882 downloads ) MIRROR.2.6.36.tar.gz (12001 downloads ) MIRROR.2.6.35.tar.gz (12011 downloads ) MIRROR.2.6.31 (12070 downloads ) MIRROR.2.6.28.tar.gz (12496 downloads ) MIRROR.2.6.25.tar.gz (12381 downloads ) MIRROR.2.6.24.tar.gz (13036 downloads ) MIRROR.2.6.13.tar.gz (12421 downloads )

regards
Jürgen

(1 votes, average: 5.00 out of 5)

Loading...

Posted in kernel, linux, networking, security | 1 Comment »

In the post Flightgear with quad buffered stereo I have written about how to get quad buffered stereo to work with the famous flight simulator FlightGear.  Recently FlightGear-2.4.0 has been released. The problem with quad buffered stereo still persists with FlightGear-2.4.0 .

One expects to enable stereoscopic mode in FlightGear starting it with the following line:

export OSG_STEREO_MODE=QUAD_BUFFER;export OSG_STEREO=ON; fgfs

When starting flightgear this way, one gets the following console output and no stereoscopic view:

Warning: detected OpenGL error ‘invalid operation’ after RenderBin::draw(,)

Getting FlightGear to work with quad-buffered stereo

The reason for the above error message and the resulting broken stereo mode is, that the stereo context does not get initialized properly.  The details are described here: Flightgear with quad buffered stereo. However, the  good news is, that the patch I proposed in the mentioned post, still works with FlightGear-2.4.0. You can download the patch from here: flightgear-2.0.0-stereoscopic.patch (1942 downloads )

As usual for quad buffered stereo, you have to use a professional graphics board that supports quad buffered stereo, like a NVIDIA Quadro FX or a Ati FireGL and proper display hardware, like shutter glasses, a HMD or a stereoscopic projection system, to benefit from it. To use the quad buffered stereo mode start flightgear with the environment variables mentioned above. Afterwards you probably have to enable quad buffered stereo mode by selecting the Stereoscopic View Options Item in the the View menu.

With the previous version, when using the quad buffered stereo mode in flightgear, there occurred some graphics errors. Some cockpit controls and other scene details contained yellow lines, like a wireframe, which were not there when starting FlightGear in “normal” display mode. These problems seem to be gone with Flightgear-2.4.0. At least I did not notice them  anymore.

The Gentoo way

For gentoo users I have created an overlay. Like the previous one it contains patches and modified ebuilds for flightgear with working quad buffer support.  You may get the overlay from here: flightgear-2.4.0 overlay (1386 downloads ) Download the overlay and extract it in /usr/local/portage. Be sure to include the following line in your /etc/make.conf:

PORTDIR_OVERLAY=”/usr/local/portage”

Then emerge flightgear and enjoy it in three dimensions.

Have fun

Jürgen

(1 votes, average: 5.00 out of 5)

Loading...

Posted in 3d, gentoo, graphics, linux | No Comments »

Yesterday the new mplayer-1.0_rc4_p20110322 ebuild appeared in portage.  In the post stereoscopic mplayer working again part 2 I provided a modified patch for stereoscopic support in mplayer-1.0_rc4_p20101114. This patch still works with the current version.  To use it, just download the patch from there and copy it to:

/etc/portage/patches/media-video/mplayer-1.0_rc4_p20110322-r1/

afterwards emerge mplayer and play stereoscopic movies with

mplayer -vo gl2:stereo some_movie_file.avi

mithrandir

(1 votes, average: 5.00 out of 5)

Loading...

Posted in 3d, linux, multimedia | 1 Comment »

Starting yesterday, the Google Pagerank of all sites is being displayed as 0 or n/a.  Pagerank is not that important for determining the quality of a site as it was once. It can still be a hint to see how good search engine optimizations (SEO) are for a site, or if the site needs improvements.

Many bloggers wondered what happened to their sites. Then there were the usual rumors, about Google disabling the Pagerank completely and Googles License for the Pagerank expiring.  The Pagerank algorithm weightens websites by importance. This is done by weighting inbound links to a site by the Pagerank of the referring site. So links from sites with a higher Pagerank are more valuable than links from sites with a lower one. The algorithm was developed by  the Google founders Brin and Page, but the patent for the algorithm was assigned to Stanford University. Google has got an exclusive license till 2011, afterwards the license becomes non-exclusive. Thus the expiring of this license has no impact on the availability of Pagerank at all, it only means, that others also could get a license for the algorithm and use it. The real cause for the Pagerank displays not working anymore is being discussed in [1]. It is quite simple: The Google API for inquiring the Pagerank has changed. For most scripts it is sufficient to replace the string toolbarqueries.google.com/search with toolbarqueries.google.com/tbr.

Some Firefox extensions, like SEOQuake, can be fixed by running the following command line in the extensions folder of the firefox profile:

grep -rl toolbarqueries.google.com/search . | xargs -t sed -i -e ‘s/toolbarqueries.google.com\/search/toolbarqueries.google.com\/tbr/’

After a firefox restart the Pagerank in i.e. SEOQuake is being displayed correctly again. For some other extensions there has to be done some more work and one has to wait for the next update to get this fixed. The pages providing online Pagerank information, like seitwert.de, can also be expected to get fixed soon. In the meanwhile one can use the Online Pagerank Checker of Jens Altmann to check the Pagerank.

Jürgen

References:

[1] seomonitor.de

[2] wikipedia.org

[3] cickconf5.org

(No Ratings Yet)

Loading...

Posted in programming, web | No Comments »

Today I recognized my Staroffice 8 not starting any more on my gentoo box.  I know, StarOffice is old, but it is still doing the job and most newer word processors just have tons of more features that, to be honest, most people do not use. For most real work I use Latex, but StarOffice enables me to write a short document on the fly and to open Microsoft Office files.

When trying to start StarOffice it instantly crashed with the following dialog (Translated to english language with export LC_ALL=C):

No further Information in the console or where ever was available.  I already thought about unistalling StarOffice and installing a newer word processor like OpenOffice, then I remembered that StarOffice is a 32bit application, which uses the 32bit emulation libraries on an amd64 system.  Well, I also have remembered, that there recently has been  an upgrade of the  emul-linux-x86-libs to version 20110722.  With try and error I found out that emul-linux-x86-baselibs-20110722 was the one which was causing the problem. Most probably emul-linux-x86-baselibs-20110722 is also incompatible to other applications.

To solve the problem include

>=app-emulation/emul-linux-x86-baselibs-20110722

into your /etc/portage/package.mask file to prevent the newer emul-linux-x86-baselibs from getting emerged.

Well, emul-linux-x86-motif-20110722 requires a recent version of emul-linux-x86-baselibs as dependency and refuses to install afterwards. To fix this include

app-emulation/emul-linux-x86-baselibs-20110722-r99

into your /etc/portage/profile/package.provided file. This may break some 32bit motif applications. In this case it may be necessary to downgrade the emul-linux-x86-motif package, also. Since I do not have any 32bit motiv based applications on my system I did not try that out.

Afterwards StarOffice 8 starts as usual. Hopefully the next version of emul-linux-x86-baselibs is compatible with StarOffice again.

Jürgen

(1 votes, average: 4.00 out of 5)

Loading...

Posted in gentoo, linux | No Comments »