Kernel Log: Coming in 2.6.39 (Part 1) - Network drivers and infrastructure
by Thorsten Leemhuis
The addition of ipset support makes it easier to run a firewall, as it means that only one table needs to be modified in order to block a specific IP address. The situation with regard to drivers for WLAN chips continues to improve, with Ralink and Realtek now actively involved in developing the Linux kernel drivers.
Linus Torvalds' release emails for the second and third pre-release versions of Linux kernel 2.6.39 both note a comparative lack of changes. The calm prior to the RC2 release even prompted him to speculate whether the kernel developers were "up to something". More jocularity of this ilk was evident on the release of RC3 on Tuesday, but both emails make it clear that he welcomes the tranquillity and is looking forward to a quiet development cycle.
As usual, the bulk of the changes in the next major kernel revision found their way into the main development tree during the merge window. Kernel Log is therefore already in a position to offer a comprehensive overview of the major changes in kernel 2.6.39, scheduled for release in mid to late May. A range of articles will deal with different functional areas of the kernel in turn. The "Coming in 2.6.39" series opens here with the major changes in the network stack and associated drivers. Over the next few weeks, this will be followed by articles covering graphics drivers, storage support, file systems, architecture code, infrastructure and drivers for other hardware.
Following a long kernel-independent development process, support for the latest generation of ipset now makes its way into the Linux kernel (see e.g. 1). Ipset is a command line program which generates tables typically containing IP addresses or TCP/UDP ports (e.g. a list of IP addresses which should be blocked) in memory. Firewall code is able to consult these tables when checking packets and requires just a single iptables rule specifying the table to be used.
This can simplify firewall deployment. Updating tables is also much simpler and quicker than adding or removing iptables rules, making it easier to temporarily block an attacker. The kernel is also able to process these tables significantly faster than a comparable set of iptables rules.
Consequently, some Linux distributions specially designed for firewall operation have long included support for ipset. The ipset website lists the program's major functions and offers tips and examples. Background information on using ipset can be found in the ipset and iptables main pages on the site.
The TCP protocol code has been modified to increase the default size of the initial congestion window. This can reduce perceived latencies during network communication by 10 per cent. The change is the brainchild of Google developers, whose research on various operating systems found that some of the default specs in the Linux TCP stack were not well-suited to modern internet communication. Kernel hackers adjusted the initial receive window in 2.6.38. Background information on these two changes can be found in the LWN.net article "Increasing the TCP initial congestion window".
Kernel developers have merged the rtl8192cu WLAN driver for Realtek's RTL8192CU and RTL8188CU USB WLAN components (see e.g. 1, 2). Like Realtek's rtl8192ce WLAN driver merged in 2.6.38, it sits on top of the kernel's WLAN stack and was largely developed by Realtek. Older GPLv2-licensed Realtek WLAN drivers included their own WLAN stack, for which reason they rarely made it past the staging area. In practice these drivers are often a little tricky, as some distributions do not include staging drivers. They can also sometimes cause problems in conjunction with programs such as NetworkManger.
Realtek has not, however, been the driving force behind the merger of these two drivers – that honour goes primarily to Larry Finger, who undertook substantial clean-up work and mediated between Realtek and other WLAN driver hackers. Thanks to his efforts, the state of drivers for Realtek WLAN chips gradually appears to be improving. Whether there will be improved drivers for the Realtek chips currently only supported by staging drivers is anyone's guess.