IPTables and conntrack

When you are using LANforge as a virtual router doing NAT, you might need to see how many NAT table entries you’re handling.  This can be important because NAT entries take memory, and if you want to handle 65,000 simultaneous connections, you might be heading for trouble.

If your LANforge is only generating traffic, you won’t see NAT entries…rather you want to use netstat -ntp to see how many open connections there are.

LANforge uses iptables PREROUTING heavily, forcing each port to have it’s own set of tables. When you type iptables -nvL and see nothing…that’s because nothing is in the tables for your default route, which is probably eth0. You get close with the raw table. Try iptables -S -t raw. You will see PREROUTING entries for every interface:

# iptables -S -t raw
-P PREROUTING ACCEPT
-P OUTPUT ACCEPT
-A PREROUTING -i br2000 -j CT --zone 10001
-A PREROUTING -i eth1 -j CT --zone 10001
-A PREROUTING -i vap13 -j CT --zone 10001
-A PREROUTING -i vap14 -j CT --zone 10001
-A PREROUTING -i eth2 -j CT --zone 10001

This shows we have a CT chain and a zone note for that chain.

When you create a virtual router, add NAT to a port in it, you can view the NAT table entries with conntrack.

* conntrack -L will list them all, but that’s probably not super useful
If you’re running TCP-multicon connections, expect thousands of connections.
* conntrack -C will show how many NAT entries are present, so you can avoid doing a conntrack -L | wc -l

Happy networking!

ath10k-ct firmware released

I am pleased to announce the latest release of the ath10k-ct firmware for QCA WiFi chips.  The 10.1 (wave-1) firmware has improved survey support, changes to how rate-ctrl retries frames, and includes PMF support.  Full release notes here:  http://www.candelatech.com/downloads/ath10k_release_notes.txt

The 10.4 wave-2 firmware includes some significant rate-ctrl improvements, PMF support, and various bug fixes and small features.  Full release notes are here:  http://www.candelatech.com/downloads/ath10k-10-4/ath10k_release_notes_5.txt

In addition, I have uploaded a beta 10.4 firmware that is a rebase of all 900+ Candela patches on top of a more recent upstream QCA firmware.  This is easier to bisect for regressions and has some fixes and other improvements from the QCA firmware itself.  See the beta section if you want to try this out:  http://www.candelatech.com/ath10k-10.4.php

Please report bugs to the ath10k-ct github project or to greearb@candelatech.com

Pack a Gateworks Full of Radios

Candelatech strives to provide products that are flexible and quiet. The Gateworks Ventana platform provides a great opportunity to provide a high density virtual access point emulation platform. With a bit of shrewd of modification, this GW5400 model can provide 30 or more virtual WiFi access points.

Keeping that many radios cool is what is important. A bit of aluminium plate and heat conductive tape worked wonders for this platform. We’ve seen it run for a month straight without heat related issues. This is effectively a sealed system. It was warm to the touch, but nowhere near hot.

gateworks_n2

gateworks_n1

LANforge 5.3.2 Released

We at Candela Technologies have been busy improving LANforge. In 5.3.2 we have a couple of great new features:

  • WiFi HotSpot 2.0-R2 Support
  • WiFi HS 2.0-R2 Automatic Server Setup
  • Linux 4.0 support
  • Improved 802.11AC support, plus Linux 4.0 features
  • Improved NFS support for mitigating stuck mounts
  • DHCP Vendor-ID extension
  • More WiFi Capacity testing features

We are excited about this release!

Open Engineer Position

Hello!

We are considering hiring another engineer for our business here in Ferndale, WA.

Our best candidate would meet these requirements below, but we will also consider CS or similar students/new-grads with fewer skills and experience but willingness and ability to learn. And if nothing else, we would consider hiring someone just to do some soldering and other relatively straight-forward work for hourly wage on an as-needed basis.

We make network test equipment, including Wifi load generators, RF attenuators, and network impairment emulators. The interesting work is done on Linux, but we also cross-compile a subset of features to Windows and support our GUI on Windows.

We currently have 4 employees, and have just rented a nice new office space in Ferndale. Pay depends on experience and such, but typically we offer very competitive salary (or hourly wages).

* Excellent C++ and/or Java programmer. Perl, html and other such languages are a plus.
* Linux skills (admin, install, configure, trouble-shoot issues)
* Ethernet, Wifi, and other networking skills.
* System Test skills.
* Ability to solder and assemble relatively simple electronics boards.
* And above all, a willingness to learn and do new things with good attitude.

If you are interested, please send resume to greearb x40 candelatech x2E com.

And feel free to forward this to anyone you know who might be interested.

Thanks,
Ben