Contents 1 Monday 1.1 09:15 1.2 09:30 1.3 10:00 1.4 10:30 1.5 11:00 1.6 11:30 1.7 11.45 1.8 12:30 1.9 13:00 1.10 15:00 1.11 15:30 1.12 17:00 2 Tuesday 2.1 09:30 2.2 10:00 2.3 11:00 2.4 11:30 2.5 12:00 2.6 13:00 2.7 15:00 3 Wednesday 3.1 09:30 3.2 10:00 3.3 10:45 3.4 11:45 3.5 12:00 3.6 13:00 3.7 15:00 3.8 15:30 3.9 17:00 4 Thursday 4.1 09:30 4.2 10:00 5 Friday 5.1 09:30 5.2 10:00

Monday

09:15

• Arrival at the university, setup

09:30

• Topic: Welcome
• Who: Patrick McHardy
• Timeframe: 30 min

10:00

• Title: userspace security for network syscalls - snet
• Author: samir bellabes
• Description: status update and possible link with conntrack
• Timeframe: 15 mins + discussion

10:30

• Title: Degree of freedom in connection tracking helpers
• Author: Eric Leblond
• Description: A study of freedom offered by conntrack protocol helpers
• Timeframe: 15 min presentation + 15 min (discussion)

11:00

• Title: ipset status
• Author: József Kadlecsik
• Description: Status report about ipset and the possibilities to extend its functionality for more flexibility.
• Timeframe: 15 min presentation, ? min discussion

11:30

Coffe break (15 min)

11.45

• Title: An alternate way to use IPSet framework for increasing firewall throughput
• Author: Sanket Shah
• Description:
• Timeframe: 15 min + discussion

12:30

• Title: irqd: a replacement for irqbalance in an RPS/RFS/XPS world
• Author: Holger Eitzenberger
• Timeframe: 30 min

13:00

Lunch time

15:00

• Title: IPTV-analyzer
• Author: Jesper Dangaard Brouer
• Description: The netfilter module 'mp2t' (talk at NFSW2010) is now a separate Open Source project named IPTV-analyzer.
• Timeframe: 30 min

15:30

• Title: memory mapped netlink and nfnetlink_queue
• Author: Patrick McHardy
• Description: Implementation of memory mapped netlink and nfnetlink_queue, performance, open problems.
• Timeframe: 30 min + 15 min discussion

17:00

Leave the university

Tuesday

09:30

• Arrival at the university, setup

10:00

• Title: In need of reverse path filtering
• Author: Eric Leblond
• Description: Why reverse path filtering is necessay on IPv4 and IPv6
• Timeframe: 30 min presentation, ? minutes discussion

11:00

• Title: Moving rp_filter into netfilter
• Author: Florian Westphal
• Description: A reverse path filter match for netfilter, supporting both IPv4 and IPv6. Discussion about a few open questions and remaining problems wrt. multipath routing.
• Timeframe: 30 minutes presentation, ? minutes discussion

11:30

Coffe break (15 min)

12:00

• Title: Freeform discussions
• Author: Jan E.
• Topical inquiries, by Jan E.: L10N of iptables, Xtables2 spec revisit, Who's maintaining Netfilter/iptables?

13:00

lunchtime

15:00

• Title: Conntrack: Where is the out-of-conn garbage collector?
• Author: Jesper Dangaard Brouer
• Description: (Discussion topic) Why don't we have a garbage collector that kicks in when the conntrack table runs full, or dynamically increase conn limit? This is one of most observed problems, especially on small routers.
• Timeframe: 10 min + 15 min (discussion)

Wednesday

09:30

• Arrival at the university, setup

10:00

TCP Session Load-balancing in Active-Active HA Cluster

• Author: Nishit Shah & Jimit Mahadevia
• Description: This presentation describes an approach to achieve TCP Session Load-balancing in HA Cluster using virtual mac, arp proxy and netfilter framework.
• Timeframe: 25 min + discussion

10:45

• nfgrep: layer-7 traffic classification for netfilter
• Author: Pablo Neira Ayuso
• Description: Pablo will present his progress with a simplistic extension for Netfilter to allow layer-7 traffic classification. Nfgrep does not use regular expression, and it has nothing to do with grep, but its name sounds cool. This is work in progress, I'll provide access to the git trees with the current user-space and kernel code.
• Timeframe: 30 minutes, 15 minutes of discussion.

11:45

coffe break (15 min)

12:00

• Title: IPv6 NAT
• Author: Ulrich Weber
• Description: IPv6 NAT integration in netfilter.
• Timeframe: 30 minute presentation, 1 hour discussion (during the lunch)

13:00

Lunch time

15:00

• Status: CPAN module IPTables::libiptc
• Author: Jesper Dangaard Brouer
• Description: I maintain the CPAN module IPTables::libiptc, which integrates iptables with Perl. An iptables shared lib exporting the function do_command() would make my integration a lot easier.
• Timeframe: 15 min

15:30

• Status: Introduction to coccinelle and coccigrep
• Author: Eric Leblond
• Description: Introduction to coccinelle and its possible usage in Netfilter scope
• Timeframe: 30 min

17:00

Leave the university

Thursday

09:30

• Arrival at the university, setup

10:00

• Hacking days

Friday

09:30

• Arrival at the university, setup

10:00

• Hacking days