Schedule Proposals

From 7th netfilter workshop
Revision as of 12:42, 29 October 2010 by Hawk (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Please add your proposed schedule topic here.

Notice this is not the real schedule, only proposals. Accepted proposals will be listed on a different page.

Example:

  • Speaker: (name of presenter)
  • Proposed by: (name of person, if any)
  • Link: (if any required)
  • Type: one or more of: Project status, Presentation, Proposal, Discussion, Tutorial, (Software) release, Administrative
  • Target audience: non-exhaustive list of target audience
    • End users
    • Developers e.g. library users / gurus for implementation internals (INT))
    • or others (specify)
  • Time required: x minutes
  • Language: probably English, though last NFWS also seen local
  • Description: (short description)

Contents


There is still plenty of room here. Most recent summation builds up to 9h20min.

Advances in the development of high availability for stateful firewalls

  • Speaker: Pablo Neira Ayuso
  • Proposed by: self
  • Type: Presentation, project status
  • Target audience: System administrators
  • Time required: 20 minutes
  • Description: Availability of stateful firewalls is crucial to ensure uptime of network services. The Netfilter project provides the conntrack-tools package which enables high-availability of stateful firewalls for GNU/Linux. This talk covers the advances in this regard and new directions in the development.

Fun with conntrack expectations in user-space with libnetfilter libraries

  • Speaker: Pablo Neira Ayuso
  • Proposed by: self
  • Type: project status and proposals
  • Time required: 15 minutes
  • Description: Since 2.6.37-rc, Netfilter will provide the basic infrastructure to implement conntrack helpers in user-space. This talk will cover this new feature and proposes some new developments in this direction.

libmnl: a minimalistic library for Netlink developers

  • Speaker: Pablo Neira Ayuso
  • Proposed by: self
  • Type: New product and release
  • Target audience: Developers (API users)
  • Time required: 15 minutes
  • Description: Libmnl is a minimalistic library targeted to Netlink developers. In this talk, we will introduce this new library and make the official release of the 1.0 version.

Challenges and experiences with IPTV from a network point of view

  • Speaker: Jesper Dangaard Brouer
  • Proposed by: self
  • Type: Presentation and product release
  • Target audience: End users
  • Time required: 45 minutes
  • Description: I will explain our real-life challenges with IPTV multicast signals on loaded Ethernet switches, with bursty traffic patterns. To face these challenges, I have developed a iptables module for analyzing IPTV/MPEG2-TS streams.

Sysadm tasks for netfilter.org

  • Speaker: Jesper Dangaard Brouer, Pablo or Patrick
  • Proposed by: Jesper Dangaard Brouer
  • Type: Administrative + Discussion
  • Target audience: Netfilter Core Team and direct associates
  • Link: Sysadm Tasks
  • Time required: 30 minutes
  • Description: We need to assign persons to the netfilter.org system administration maintenance tasks and responsibilities. Discuss which services we want to provide on netfilter.org.

Ingress Bandwidth Shaping: IFB vs. iptables

  • Speaker: Jesper Dangaard Brouer
  • Proposed by: self
  • Type: Proposal + Discussion
  • Target audience: Developers (INT)
  • Time required: 30 minutes
  • Description: The IFB (Intermediate Functional Block) device is the successor to the IMQ (InterMediate Queueing) device. We want to use IFB together with the iptables classifier, which is currently not possible. We propose that we add a new Netfilter hook, before the ingress step.

Netfilter vs. dhcpd vs. raw sockets

  • Speaker: Jesper Dangaard Brouer
  • Proposed by: self
  • Type: Proposal + Discussion
  • Target audience: Developers (INT)
  • Time required: 15 minutes
  • Description: Currently, it is not possible to firewall traffic to and from the DHCP daemon on a server. This poses a practical problem for us (as an ISP), as some customer equipment can go into a DHCP request-ack loop. Normally it is possible to protect the service by means of an iptables trick with hashlimit or recent match. The reason it is not possible to block the traffic is because dhcpd uses a raw socket. We propose that we add a new Netfilter hook, before the raw socket branch-off.

Sharing: Git tricks and tips

  • Speaker: Jan Engelhardt
  • Proposed by: Jesper Dangaard Brouer
  • Type: tutorial
  • Target audience: Developers (toolchain end users)
  • Time required: 15 minutes
  • Description: Practical hints and tricks of howto use Git by the Git gurus. Explaining the stg tool, StackedGit, and how it makes it easier to work with large patch sets.

Core: RPS, RFS, and SKB list handling

  • Speaker: David S. Miller
  • Proposed by: David S. Miller
  • Type: Presentation
  • Target audience: Developers (INT)
  • Time required: 30 minutes
  • Description: The state and development of software packet and flow steering, as well as the ongoing challenges in converting sk_buff over to generic list_head.

State of Xtables-addons

  • Speaker: Jan Engelhardt
  • Proposed by: self
  • Type: Presentation
  • Target audience: End users
  • Time required: 15 minutes
  • Description: Xtables-addons has caught on in the real world (after roughly two years). This talk tries to encourage users who still fiddle with patch-o-matic-ng, and developers who have single patches floating around, to make use of Xt-a to ease the amount of work required to make things work across many kernel versions.

Lifetime of an Xtables module

  • Speaker: Jan Engelhardt
  • Proposed by: self
  • Type: Tutorial
  • Target audience: Developers (API users)
  • Time required: 15 minutes
  • Description: A currently external module of the community's choice will be subject to transformation to compile and run within Xtables-addons. In a second step, it will be prepared from there for (technical) inclusion into the Linux kernel.

Xtables2: Love for blobs

  • Speaker: Jan Engelhardt
  • Proposed by: self
  • Type: Presentation, project status
  • Target audience: Developers (INT)
  • Time required: 45 minutes
  • Description: The packed serialized ruleset (“blob”) such as the one currently in use by Xtables will remain with us for the foreseeable future. Linked lists have undesired big issues at hand, so more efficient means of manipulating packed rulesets need to be devised. The current ideas for that are showcased.


ipset: The new branch

  • Speaker: Jozsef Kadlecsik
  • Proposed by: self
  • Type: Presentation
  • Target audience: Developers (INT)
  • Time required: 60 minutes
  • Description: After much redesigning and rewriting, the new ipset code is ready to be released. In the talk, the background questions like hash functions and hashing methods are discussed first. Then, the communication protocol on top of netlink is presented, together with the required slight extension to the netlink core. Implementation details of the kernel part of ipset (locking questions, timeouts and garbage collection, code generation for compiling) are explained. In the second part, the userspace tool is presented, both the internals and the syntax. At the end, a little tool on top of the new ipset is shown, which can help to manage large iptables/ip6tables rulesets.

Uplink balancing

  • Speaker: Ulrich Weber
  • Proposed by: self
  • Type: Presentation
  • Target audience: End users
  • Time required: 30 minutes
  • Description: Multiple Internet uplinks without the help of dynamic routing protocols require heavy use of MARK and CONNMARK to get running. There are some architectural limitations, e.g. SNAT being done after the routing decision is made, or local sockets being bound to an IP address before iptables is involved, which make it even harder to setup and understand. We made some modifications to get multiple Internet uplinks running without the use of MARK/CONNMARK. There is also granular connection balancing based on protocol/port and uplink failover functionality.

Recent and pending IPVS developments

  • Speaker: Simon Horman
  • Proposed by: self
  • Type: Discussion
  • Time required: 60 minutes
  • Description: Recently, there has been much activity on the IPVS front and it seems there is more to come. I would like to give a brief overview of what the recent developments have been, and have a discussion about the design of pending changes — in particular, a new connection synchronisation protocol.

Netfilter developments since the last workshop

  • Speaker: Patrick McHardy
  • Proposed by: self
  • Type: Presentation
  • Time required: 30 minutes
  • Description: Overview of netfilter developments since the last workshop, current state of Netfilter development.

nftables status update

  • Speaker: Patrick McHardy
  • Proposed by: self
  • Type: Presentation
  • Time required: 30 minutes
  • Description: There have been quite a lot architectural changes to nftables since it was first released. This presentation will present those changes and the remaining problems.

Oowall: technologies and software architecture behind the fun

  • Speaker: Eric Leblond
  • Proposed by: Pierre Chifflier
  • Type: Presentation
  • Time required: 15 minutes
  • Description: Following a famous quote by a previous French culture minister, Pierre Chifflier has developed oowall, the openoffice firewall. Behind the geek joke, the conception shows an interesting work with Netfilter high-level language binding.

Ulogd2: finding the way to 1.0

  • Speaker: Eric Leblond
  • Proposed by: self
  • Type: Discussion
  • Time required: 15 minutes
  • Description: Ulogd2 is now on beta stage for a couple of years. The aim of this discussion is to decide what remains to be done to reach the stable stage. Further evolution will also be discussed.

Libnetfilter_queue: to 1.0 and beyond, new API proposal

  • Speaker: Eric Leblond
  • Proposed by: self
  • Type: Proposal
  • Time required: 15 minutes
  • Description: Libnetfilter_queue has had a few evolutions in the past two years. Extensibility of the current API is clearly suboptimal, mainly because it uses the old-style API.

Userspace decision: performance issues

  • Speaker: Eric Leblond
  • Proposed by: self
  • Type: Discussion
  • Time required: 15 minutes
  • Description: libnetfilter_queue is used by an IPS like suricata. In this scope, it suffers from a lack of performance in terms of packet rate. The aim of this discussion is to present these performance limits and to try to find new paths to a fast and efficient queuing system.

TProxy for IPv6 & bugfixes

  • Speaker: Krisztián Kovács & Balázs Scheidler
  • Proposed by: self
  • Type: Discussion
  • Time required: 15 minutes
  • Description: We have some pending bugfixes for TProxy and the new shiny feature of support transparent proxying for IPv6.

Open vSwitch Overview

  • Speaker: Simon Horman
  • Proposed by: self
  • Type: Discussion
  • Time required: 45 minutes
  • Description: A brief introduction to Open vSwitch, what it is, why it is interesting and some ideas for how it could be improved

Using the perf tool

  • Speaker: Eric Dumazet
  • Proposed by: Jesper Dangaard Brouer
  • Type: Tutorial
  • Time required: 15 minutes
  • Description: Short introduction to the performance measurement tool 'perf', which comes together with the kernel tree.