Schedule Proposals

From 8th netfilter workshop
Jump to: navigation, search

Contents

nfgrep: layer-7 traffic classification for netfilter

  • Author: Pablo Neira Ayuso
  • Description: Pablo will present his progress with a simplistic extension for Netfilter to allow layer-7 traffic classification. Nfgrep does not use regular expression, and it has nothing to do with grep, but its name sounds cool. This is work in progress, I'll provide access to the git trees with the current user-space and kernel code.
  • Timeframe: 30 minutes, 30 minutes of discussion.

IPv6 NAT

  • Author: Ulrich Weber
  • Description: IPv6 NAT integration in netfilter.
  • Timeframe: 30 minute presentation, 1 hour discussion

How ipset saved the day for Astaro

  • Author: Holger Eitzenberger
  • Description:
  • Timeframe:

irqd: a replacement for irqbalance in an RPS/RFS/XPS world

  • Author: Holger Eitzenberger
  • Description:
  • Timeframe:

Degree of freedom in connection tracking helpers

  • Author: Eric Leblond
  • Description: A study of freedom offered by conntrack protocol helpers
  • Timeframe: 15 min presentation, ? minutes discussion

In need of reverse path filtering

  • Author: Eric Leblond
  • Description: Why reverse path filtering is necessay on IPv4 and IPv6
  • Timeframe: 30 min presentation, ? minutes discussion

Moving rp_filter into netfilter

  • Author: Florian Westphal
  • Description: A reverse path filter match for netfilter, supporting both IPv4 and IPv6. Discussion about a few open questions and remaining problems wrt. multipath routing.
  • Timeframe: 30 minutes presentation, ? minutes discussion

ipset status

  • Author: József Kadlecsik
  • Description: Status report about ipset and the possibilities to extend its functionality for more flexibility.
  • Timeframe: 15 min presentation, ? min discussion

memory mapped netlink and nfnetlink_queue

  • Author: Patrick McHardy
  • Description: Implementation of memory mapped netlink and nfnetlink_queue, performance, open problems.
  • Timeframe: 30 min + 15 min discussion

Status: IPTV-analyzer

  • Author: Jesper Dangaard Brouer
  • Description: The netfilter module 'mp2t' (talk at NFSW2010) is now a separate Open Source project named IPTV-analyzer.
  • Timeframe: 10 min

Status: CPAN module IPTables::libiptc

  • Author: Jesper Dangaard Brouer
  • Description: I maintain the CPAN module IPTables::libiptc, which integrates with Perl. An iptables shared lib exporting the function do_command() would make my integration a lot easier.
  • Timeframe: 15 min

Conntrack: Where is the out-of-conn garbage collector?

  • Author: Jesper Dangaard Brouer
  • Description: Why don't we have a garbage collector that kicks in when the conntrack table runs full, or dynamically increase conn limit? This is one of most observed problems, especially on small routers.
  • Timeframe: 20 min

userspace security for network syscalls - snet

  • Author: samir bellabes
  • Description: status update and possible link with conntrack
  • Timeframe: 15 mins + discussion

TCP Session Load-balancing in Active-Active HA Cluster

  • Author: Nishit Shah & Jimit Mahadevia
  • Description: This presentation describes an approach to achieve TCP Session Load-balancing in HA Cluster using virtual mac, arp proxy and netfilter framework.
  • Timeframe: 25 min + discussion

An alternate way to use IPSet framework for increasing firewall throughput

  • Author: Sanket Shah
  • Description:
  • Timeframe: 15 min + discussion

Freeform discussions

Topical inquiries, by Jan E.:

  • L10N of iptables
  • Xtables2 spec revisit
  • “Who's maintaining Netfilter/iptables?”

As a whole maybe.. 60 min?