Back in October, Daniel Ouellet asked about NAT in IPv6 on the OpenBSD misc@ mailing list. It was thus destined to become a legendary thread. I’m going to post a few interesting responses here, since there is much confusion and doubt associated with the topic. Enjoy!
Category: technology
Next Generation Nothingness
Yesteryear’s predictions
It’s time to shed a light on the following question: are Next Generation Firewall (NGFW) growth projections up until 2016 realistic? The assertion in question has been made just a year ago. Channelnomics wrote the following on the topic:
“By 2016, NGFWs will secure 35 percent of all Internet connections, in what will become a $10 billion market (including VPNs and intrusion prevention systems).”
Dealing with dead C code
Browsing the OpenBSD source (yes, I use git for that because CVS is horrible – don’t deny it!), I find a lot of spots doing things like the following, which is just a minor variation to the “#if 0” idea :
Invoke directories recursively with GNU make
Hi folks, I guess we all have had this problem and we mostly solve it in a crude way by hardcoding directories into static targets. But since fiddling around with BSD make, here’s a way to make this a bit more flexible for GNU make. Your Makefile will look like this:
SUBDIR= dir1 dir2 dir3 include recurse.mk
Granted this isn’t much, because the logic is hidden in the file recurse.mk, which is put into the project’s root directory:
Bye bye OpenDPI
I was there when they announced the proud arrival of the open source DPI engine OpenDPI. Totally in awe, I may add. A generous move towards the community. A chance to better the bitter fight in the field of net neutrality. The promise of easing the fear-mongering between governments and digital rights activists. Or just a clever marketing move? The industry cried out, but nobody heard their screams. The masses rejoiced, at least for a while.
Reinventing the wheel of DPI
So there I was reading up on the latest advancements of DPI (Deep Packet Inspection) while stumbling upon on this promising achievement. It goes like this:
In order to create a rock-solid IPS (Intrusion Prevention System), capable of handling network speeds of up to 1 gigabit with standard Intel hardware, we had to devise a technology breakthrough in Layer 7 processing. Existing technologies were just too slow to keep up with network speed expectations.
C debugging code ‘peak’ released
Hey folks, as promised earlier, I released a bunch of code dubbed ‘peak’, which mainly features nuts and bolts for C projects. What’s so special? There are memory allocation wrappers checking consistency in your C code so you’ll always get a sensitive error message with file and line attached. This helps you to better trace buffer overflow/underflow issues. It also features a preallocated memory pool, print wrappers and byte access macros for little and big endian architectures alike. Mind you, this is still work in progress. Comments and contributions welcome.