In association with heise online


Following a long kernel-independent development process, support for the latest generation of ipset now makes its way into the Linux kernel (see 1). Ipset is a command line program which generates tables typically containing IP addresses or TCP/UDP ports (e.g. a list of IP addresses which should be blocked) in memory. Firewall code is able to consult these tables when checking packets and requires just a single iptables rule specifying the table to be used. This can simplify firewall deployment. Updating tables is also much simpler and quicker than adding or removing iptables rules, making it easier to temporarily block an attacker. The kernel is also able to process these tables significantly faster than a comparable set of iptables rules.

Kernel developers have merged the rtl8192cu WLAN driver for Realtek's RTL8192CU and RTL8188CU USB WLAN components (see 1, 2). As in 2.6.37 and 2.6.38, kernel hackers have further developed the b43 driver code for addressing Broadcom 802.11n chips, with the result that the driver also now addresses third generation 802.11n PHYs (see 1, 2). A good overview of which Broadcom chips the driver is now able or better able to address can be gleaned from the updated wiki page on the driver. The iwlwifi driver now supports Intel 2000 series WLAN chips (see 1, 2).

Infrastructure and Virtualisation

In the past few months, the kernel hackers got rid of the Big Kernel Lock (BKL) on all common systems, and now the mechanism is gone for good; in the commit entitled "BKL: That's all, folks", Arnd Bergmann thanks all of the main kernel developers who helped him in the effort.

KVM now also handles the asynchronous processing of page faults; in other words, the guest system can temporarily execute another thread while the host takes a memory page requested by the current thread out of storage. The basic infrastructure for operation as a Xen host was integrated (Dom0) in 2.6.37 and now kernel 2.6.39 includes a network backend to allow the front-end drivers in Xen guests (DomU) to communicate with other systems.

The "Forced Threaded Interrupt Handlers" shift the processing of almost all interrupts into kernel threads if the kernel is launched with the parameter "threadirqs". This process means that the .39 series now has one of the last major functions in the main development branch of Linux that the real-tme branch uses to give Linux real-time capabilities; there, the technology is, however, used by default to avoid the long latencies in the processing of interrupts.

Next: File systems, Storage and Drivers

Print Version | Permalink:
  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit