chrishowie.com

Purely out of boredom (even though I have plenty of homework to do) I decided to hack out a managed wrapper around libpcap. Though it’s only a few hours later, the implementation is complete enough to read packets off the wire. Here is a quick example of how it could be used:

using System;
using PcapSharp;

public class MainClass {
	public static void Main(string[] args) {
		Console.WriteLine("Using {0}", Pcap.LibraryVersion);

		PcapHandle handle = Pcap.OpenLive("eth2", short.MaxValue, true, 5000);

		handle.Loop(-1, delegate(Packet p) {
			Console.WriteLine("At {0}, recieved a {1}-byte packet.", p.Time, p.RealLength);

			Console.Write("   The first five bytes are:");

			for (int i = 0; i < 5; i++)
				Console.Write(" {0}", p[i]);

			Console.WriteLine();
		});
	}
}

Which does something like this:

# ./pcaptest.exe
Using libpcap version 0.9.5
At 2/27/2007 9:26:49 AM, recieved a 60-byte packet.
   The first five bytes are: 255 255 255 255 255
At 2/27/2007 9:26:49 AM, recieved a 60-byte packet.
   The first five bytes are: 255 255 255 255 255
At 2/27/2007 9:26:49 AM, recieved a 60-byte packet.
   The first five bytes are: 255 255 255 255 255
At 2/27/2007 9:26:49 AM, recieved a 60-byte packet.
   The first five bytes are: 255 255 255 255 255
At 2/27/2007 9:26:49 AM, recieved a 60-byte packet.
   The first five bytes are: 255 255 255 255 255
At 2/27/2007 9:26:50 AM, recieved a 243-byte packet.
   The first five bytes are: 255 255 255 255 255
At 2/27/2007 9:26:50 AM, recieved a 60-byte packet.
   The first five bytes are: 255 255 255 255 255
At 2/27/2007 9:26:50 AM, recieved a 60-byte packet.
   The first five bytes are: 255 255 255 255 255
At 2/27/2007 9:26:50 AM, recieved a 62-byte packet.
   The first five bytes are: 0 20 94 34 48
At 2/27/2007 9:26:50 AM, recieved a 60-byte packet.
   The first five bytes are: 255 255 255 255 255
At 2/27/2007 9:26:50 AM, recieved a 161-byte packet.
   The first five bytes are: 255 255 255 255 255
At 2/27/2007 9:26:50 AM, recieved a 60-byte packet.
   The first five bytes are: 255 255 255 255 255
At 2/27/2007 9:26:50 AM, recieved a 60-byte packet.
   The first five bytes are: 255 255 255 255 255
At 2/27/2007 9:26:51 AM, recieved a 60-byte packet.
   The first five bytes are: 255 255 255 255 255
At 2/27/2007 9:26:51 AM, recieved a 60-byte packet.
   The first five bytes are: 255 255 255 255 255
...

The library is in my public Subversion repository (svn co https://layla.chrishowie.com/svn/pcap-sharp) and is available under the terms of the MIT license.

I’ve written before about how the academic world has frustrated me. The feeling is coming back, only this time related to my major, not the required liberal arts courses. And more related to the students than the professors.

I realize this is a dangerous thing to say, as many of my friends read this blog, but I feel like I have to say something.

My entire elementary and high school education was gained through homeschooling. The only other student I came into contact with on a daily basis was my brother. While this restricted my social development, I quickly learned how to teach myself. This resulted in a different frame of mind: education is about the student seeking knowledge. Hanging out online in various computer-related IRC channels further strengthened this notion, as geeks are reluctant to help someone with a problem unless they’ve demonstrated that they’ve tried to solve it on their own and failed.

At college I see the antithesis of this idea played out daily. Students ask for help with trivial homework, expect a direct “this-is-what-you-must-do” answer, and are frustrated when the professor responds with a question that (if the student took any time at all to think about) would solve their problem. I am sick of students who expect to be spoonfed answers. I am even more sick of professors who comply.

This is the machine of education. This is the machine that creates “computer scientists” who barely understand the concept of data type casting, who, if you asked them to modify a simple sorting algorithm to return elements in reverse order, would stare at you as if you had just asked them to change the laws of physics.

Computer science is not memorization of past solutions. It is a constantly changing field, and education is creating students that can barely grasp last year’s technology.

Computer science is a lost art.

My laptop hard drive finally died yesterday. Fortunately, this is the second time I have seen hard drive failure coming and made a full backup, and just in time. Like the last case (which was my desktop) after the backup finished, I could not boot the machine. Here’s to intuition. (And noticing a metal grinding noise doesn’t hurt either.)

Today I’ll head to Fry’s to get a new one, which hopefully will last a bit longer.

At my school, we have been using Visible Virtual Machine in our Computer Architecture class. There is nothing more frustrating to me than having professors require that I use some Windows software for homework.

So I wrote my own version, which I have released under the GPL. It uses Gtk# for the user interface, but the virtual machine implementation is a separate class and could easily be used by a winforms interface.

Unlike VVM, I do not require any silly activation keys to fully utilize the software.

The sources can be checked out from my public Subversion repository: svn co https://layla.chrishowie.com/svn/LMC.

It’s true. For the first time in my life, I am head over heels in love. I’m not even sure what to write; words are about as inadequate to express love as a glass is to contain the ocean. But since this is mainly a technology blog, it may be useful to explain it like this.

When I receive a SYN packet from her IP address, every other packet in my outbound queue is deferred for the reply SYN+ACK. When I receive the inevitable ACK the PSU voltage is slightly increased, and the CPU frequency accelerates a bit (sometimes increasing the error rate). The GPU starts blurring and desaturating irrelevant portions of the output video buffer. Every packet transferred in this connection is logged to disk. For the life of the connection, the RTC fires much less often, sometimes as little as a fifth of what it should, requiring frequent synchronization of the system clock using an external time server. Existing connections may be randomly disconnected, and incoming SYNs have a greater chance of being ignored (based, of course, on the importance of the remote host). Most processes are reniced to 19 or sent SIGSTOP.

When the FIN is received, the reply FIN+ACK is placed at the very end of the outbound queue and delayed as long as possible. Then the ACK response is received. The CPU frequency and PSU voltage drop a bit, but remain higher than usual. Incoming connections are again accepted, and processes are gradually restored, being reniced back to 0 or sent SIGCONT. The RTC begins firing normally, while the GPU still blurs the output buffer for some time, eventually returning to normal operation.

Several times a day, the kernel inexplicably assigns real-time scheduling to a process whose only job is to analyze the logs of previous connections. Some of the effects described above may be experienced while this process executes. Interrupting this process or altering the scheduling may take several minutes. When this finally occurs, the inbound packet buffer may have overflowed due to the lack of time slices given to the networking stack, resulting in varying degrees of packet loss on established connections, and possibly a missed connection or two.

Periodically a SYN will be sent to her IP address. If no connection is established within several hours, the PSU voltage may drop below normal and the CPU error rate may increase dramatically.

That’s about as close as I can get. Don’t bother calling me a geek; I already know.

I love you, De.

Okay, I lied. KQEMU is not the only open-source virtualization solution. VirtualBox is another, and is partially GPLed. Features that are attractive to corporate consumers (iSCSI and USB support, among others) are available only in their proprietary product, but the rest (including the required kernel module) are released on their public Subversion server under the GPL.

I compiled and messed with it last night. The performance is amazing. By amazing, I mean that it boots Windows XP faster than VMWare… and faster than it boots natively on my computer. There are “additions” that are comparable to VMWare Tools, such as a graphics driver and a mouse driver that enable tighter integration with the host interface.

It did crash several times last night while running Windows XP. Today I recompiled it after updating from Subversion and have not seen any crashes yet, so I’m not sure if whatever it was got fixed. There are still some bugs with snapshots that cause the VirtualBox server to crash, but so far they haven’t damaged any of my virtual machines.

After all considerations, I’m ready to ditch VMWare. Open-source virtualization is finally here, and it kicks butt.

The author of QEMU has finally released his previously closed KQEMU accelerator kernel module under the GPL! FOSS people should be very pleased by this; it’s the first fully open virtualization system that does not require a CPU providing VT extensions.