Monday, January 24, 2005

Maximizing My Pipe in Both Directions


Well this was originally going to be titled 'How else would you spend a Saturday?', but in a conversation with Bryn today I was convinced on the new one.

This saturday I decided to finally upgrade the kernel on my router. Yeah. I know. Whippty-freeking-doo. But it was actually a bunch of fun, and a good diversion from the eye-strain of hours upon hours of reading the Dark Tower series (I'm working on a big post for that one when I finish the last book) which is how I spent the rest of my Saturday.

So first off, you need to know how much I needed to upgrade my router. The poor little box (A Pentium with MMX) was running a 2.2.17 kernel. They're currently on 2.6.10, which puts it about 3 or 4 years worth of security patches out of date (that goodness no one besides the MPAA really cares about that IP address). But the thing is that for security purposes, my gateway was running on a 200M (yes M) hard drive with absolutely no dev tools on it. And since the CPU is so out of date I was pretty much cross-compiling for it. Oh, and the box had no video card. So, if I messed anything up I had to play video-card musical chairs.

So very carefully, I got my shining new gentoo system to compile a new kernel with exactly the support I needed. My two ethernet cards, iptables, ext2 and pretty much nothing else. I copied it over, re-ran lilo (my goodness, everything on that box is so old), crossed my fingers and rebooted.

Up it came with exactly one good interface. Thankfully it was the one inside my firewall so I could still talk to it. Two or three more attepts at compiling the kernel laters, and I find I do in fact have to turn on module support for my NE2000 card because i need to pass an io= options to it since PnP wasn't exactly humming along when they made the motherboard.

And here's where trouble starts. This would be the point at which I learn that somewhere beteen 2.2.17 and 2.6.10 they made the kernel module loading interface incompatible. This means that I finally have to find a video card, and start working on the box from a terminal. (Of course in retrospect, I can now see a way that this wouldn't have been necessary, but it's probably a good idea to be able to rip the network cables out of that box and log on in an emergency anyway).

So now I also get to learn how to cross-comile modutils, and muck with the Makefile to install in a separate tar-able directory. But this is good practice for the user space iptables programs I'll need later.

And so I eventually get full support for my hardwarre, and I get to spend the rest of the day playing with iptables to set up all sorts of fun little network tweaks (like closing all inbound ports, and then opening up an http port forward from work through my gateway to a home dev box).

And this finally brings me to the title, because one of the hacks that I did was to look for small ACKs in the TCP stream and prioritice them with Minimize-Delay. What this means is that when my upstream bandwidth is maxed out, I can still download stuff because the little 'yeah I got that' packets get to the server I'm downloading from faster, so I can maximize downstream at the same time.


No comments: