Developers Workshop

The Developers Workshop will take place from 5th to 6th Oct, plus two extra days of hacking on code days from 7th to 8th Oct.

The invited participants are the current netfilter coreteam members and about 10 developers. During the workshop some important aspects related with the development will be discussed. The attendance is free but requires an invitation. It is worth to come if you are involved in any kind of the Netfilter development, otherwise we suggest you to attend the users conferences. Note that the proposed schedule could be modified if developers decide to do so. If you've got any question, contact .

Developers workshop schedule
Oct 5th (Wednesday)

10h30 - 11h15
GPG signing party (Henrik  Nordström)
Type: Social
Timing: 45 minutes (~2m30s per people, no need to rush)
Fine on Oct 5th morning.
If everyone sends their keys or registered key fingerprints in time the
required time for this session will be fairly short (ca a minute per
person) as this allows me to prepare the information in a suitable manner.
Each person participating with a wish of having their keys signed
without first sending their key info adds a bit of time to that,
depending on how strict each participant is about key validation and if
everyone has network connectivity at the time or not (if not each such
key adds considerable time to the session as the fingerprints needs to
be copied by hand..).

11h25 - 11h45
nf_conntrack (Yasuyuki Kozakai)
Type: Presentation/Discussion
Timing: 20 Minutes
Status and tuple size issue of nf_conntrack, and some
IPv6 related improvements.

11h55 - 12h05
ct_sync (Harald Welte/ Krisztian Kovacs)
Type: Presentation
Timing: 10 minutes
short status report

12h15 - 12h30
Conntrack hashtrie (Martin Josefsson)
Type: Presentation
Timing: 15 Minutes
The hashtrie is a datastructure that could be a possible replacement of
the current conntrack hashtable. Its sizing is dynamic and it's faster
in some aspects, but it has some drawbacks as well. It's still a work in

12h40 - 13h
ipset (Jozsef Kadlecsik)
Timing: 15 minutes
I'll mainly focus on the pecularities of several set types and on the
questionable features which resulted the split between ippool and ipset.
Then I'm going to show the problems which slow down (prevent?) the
introducing of even wilder and more questionable features.

13h10 - 13h15
32/64 bits issues (Patrick McHardy)
Type: Presentation
Timing: 5 minutes

13h15 - 13h30
Short report of the first morning: Free discussion

Stop: lunch time

15h30 - 16h
{nf_,nfnetlink_,libnfnetlink_}{queue,log} (Harald Welte)
Type: Presentation
Timing: 30 minutes
short presentation about architecture and API

16h10 - 16h30
TCP connection tracking (Jozsef Kadlecsik)
Type: Presentation
Timing: 20 minutes
Status of TCP conntrack in the 2.6 tree. How it tries to cope with
the dark corners of the possible states. The corresponding nfsim
tests will be shown. There'll be a special session on
"SACKing here, SACKing there, should we care?"

16h40 - 17h10
Transparent proxying without NAT (Rusty, Balazs, Harald)
Type: Discussion
Timing: 30 minutes
the basic idea and missing bits

17h20 - 18h00
Short report of the day: Free discussion about open issues

Oct 6th (Thursday)

10h30 - 10h40
Short report from netconf'05 (Patrick)
Type: Presentation
Timing: 10 minutes
skb diet
generalization of connection socket code

10h50 - 10h55
Netfilter and IPSec (Patrick McHardy)
Type: Presentation
Timing: 5 minutes
Remaining problems

11h05 - 11h20
nfsim (Rusty)
Timing: 15 minutes
who adds all 2.6.14 features to it?

11h30 - 11h50
netbios conntrack/broadcast connection tracking
H323 helper (Patrick)
Timing: 20 minutes

12h00 - 12h15
string matching bits (Pablo Neira)
Timing: 15 minutes
New string match and the string matching infrastructure

12h - 12h15
pkttables, the urban myth (Harald Welte)
Type: Presentation/Discussion
Timing: 15 minutes
embarrasingly, still no progress.

12h25 - 13h25
nf-hipac (Michael Bellion, Henrik Nordstrom)
Type: Presentation/Discussion
Timing: 60 minutes
short overview of nf-HiPAC
current status
future directions
nf-HiPAC is a full featured packet filter for Linux. It provides the
same rich feature set as iptables but uses an advanced algorithm to
reduce the number of memory lookups per packet. The presentation will
give a  short overview of nf-HiPAC, but then focus on its current state
and future directions. current state of affairs

13h30 - stop - lunch time

15h30 - 15h40
conntrack netlink and the conntrack tool (Pablo Neira)
Type: Presentation
libconntrack, libnfnetlink_conntrack
Short demo of the conntrack tool

15h50 - 16h20
Problems I see with netfilter development. (Patrick McHardy)
Type: Discussion
Timing: 30 minutes

16h30 - 17h00
pom-ng vs git netfilter tree (Patrick McHardy)
Type: Presentation
Timing: 30 minutes
new policy for what goes in patch-o-matic
drop support for old kernels
traditional "iterate over list, decide what to submit"

17h10 - 18h
final discussion - short report of the workshop