Evan Martin (evan) wrote in evan_tech,
Evan Martin

filtering, caml, monotone

Tom (my roommate) is a medium-level tech-type fellow. As a way of describing him: he's going to school for A+ certification, and has a modded case but he bought it that way. I haven't been around someone who uses Windows in a such a long time... it's surprisingly awful, and really incredible what people will put up with just because there's no alternative. (He's into the newest games, so he really has no other option.)

One program I noticed him using was kinda neat: it'd pop up a window before letting any program access the network, asking him whether he'd like to permit it or not. It's actually pretty alarming how many programs doing various sneaky things, from Windows Media Player 9 calling Microsoft back whenever you load a file (what for?) to random processes with names like "system" connecting to random IPs (most likely a virus / spyware).

I was thinking it'd be neat to make a similar system for my computer. After some digging, it looks like netfilter supports userspace packet queueing/filtering and neatly wraps it up with libipq. Unfortunately, it looks like there's no way to figure out the sending PID of a given packet:
/* Messages sent from kernel */
typedef struct ipq_packet_msg {
        u_int64_t packet_id;    /* ID of queued packet */
        u_int64_t mark;         /* Netfilter mark value */
        int64_t timestamp_sec;  /* Packet arrival time (seconds) */
        int64_t timestamp_usec; /* Packet arrvial time (+useconds) */
        unsigned int hook;              /* Netfilter hook we rode in on */
        char indev_name[IFNAMSIZ];      /* Name of incoming interface */
        char outdev_name[IFNAMSIZ];     /* Name of outgoing interface */
        unsigned short hw_protocol;     /* Hardware protocol (network order) */
        unsigned short hw_type;         /* Hardware type */
        unsigned char hw_addrlen;       /* Hardware address length */
        unsigned char hw_addr[8];       /* Hardware address */
        u_int64_t data_len;             /* Length of packet data */
        unsigned char payload[0];       /* Optional packet data */
} ipq_packet_msg_t;
I'm not sure it'd even be too useful on a typical Linux system. I do know that some of the XSL software in Debian used to (or maybe still does?) download files off the internet every time you used them, including when they were installed... but I guess that was a bug and a side-effect of Debian not having a working XML catalog, and someone just uploaded a preliminary XML catalog manager last week or so.

Aside from the usual stuff, I spent some more time with ocaml. It turns out that right on the ocaml tutorial page there's a talk by graydon, who is indirectly responsible for getting me into this whole mess: "One-Day Compilers" or How I learned to stop worrying and love static metaprogramming. It's well worth reading, if only for the ocaml rosetta stone, but the slides around that is where the good stuff is. And this slide made me giggle.

While I'm pimping Graydon, then, go check out monotone. (Hey, whatever happened to sweetcode? This seems like the sort of project that would belong there... Oh wait, there it is, in April.)

  • blog moved

    As described elsewhere, I've quit LiveJournal. If you're interested in my continuing posts, you should look at one of these (each contains feed…

  • dremel

    They published a paper on Dremel, my favorite previously-unpublished tool from the Google toolchest. Greg Linden discusses it: "[...] it is capable…

  • treemaps

    I finally wrote up my recent adventures in treemapping, complete with nifty clickable visualizations.

  • Post a new comment


    default userpic
    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.