This is a record of the presentations given during the 2-days closed developer-only meeting of Netfilter Workshop.

• A total of 22 talks were given during these 2-days

• Slides have been added to some of the talks
  • but these talks are highly discussion based, which is difficult to capture on slides
  • (we have video recorded some of the talks, but the video is still on the editing table...)

Contents 1 Monday 11th 1.1 09:00 1.2 09:30 1.3 10:40 1.4 11:15 1.5 12:00 1.6 13:00 1.7 14:20 1.8 15:00 1.9 15:30 1.10 16:00 1.11 16:30 1.12 17:00 1.13 18:00 1.14 19:15 2 Tuesday 12th 2.1 09:00 2.2 11:00 2.3 12:00 2.4 13:00 2.5 14:00 2.6 16:00 2.7 17:00 2.8 17:20 3 Wednesday and Thursday

Monday 11th

09:00

Introductions and setup

09:30

• Kronosnet (Fabio)
  • Description: VPNs on steroids
  • Timing: 20 min

10:40

• Removing the routing cache (DaveM)
  • Slides
  • Description: Dave presents an overview about the changes as a result of the routing cache removal and how we actually got more performance out of it by doing less operations.
  • Timing: 35 minutes

11:15

• DDoS and netfilter (Topholm)
  • Description: a DDoS use-case and netfilter approaches
  • Timing: 15 minutes
  • Caused long discussion and interaction with Eric Dumazet
  • Blog summary which reference rejected patchset (May-2012)

12:00

Lunch. At the hotel.

13:00

• NF summary of changes since last workshop (Pablo)
  • Description: Short summary of changes in netfilter since the last workshop
  • Timing: 15 min

• Recent and Not So Recent Developments in IPVS (Simon)
  • Description: Summary of the past 2½ years of IPVS development.
  • Timing: 5 min (Pablo covered most of Simons updates)

• TCP stack scalability (Eric Dumazet)
  • Slides
  • Description: Addressing the listener lock contention.
  • Timing: 25 min (very interesting discussions with DaveM)
  • (We might have solved all SYN/SYNACK based DoS attacks) G+

14:20

Cake ... Happy Birthday to Patrick McHardy

• Hallway "track"

15:00

• flowtop a top-like view of ConnTracks (Daniel)
  • Slides
  • Description: A new minimal tool for top-like conntracking with geo locating (part of netsniff-ng)
  • Timing: 10min

• New iptables automated testing framework (Pablo)
  • Descrition: A new python script to run automated tests on iptables
  • Type: Presentation
  • Timing: 15 min

• Helpers in userspace (Pablo)
  • Description: The new userspace infrastructure for connection tracking helpers
  • Type: Presentation
  • Timing: 15 min

15:30

• WTF (Eric Leblond)
  • Description: Word Transfer Finds, a method to detect Office Word documents using Suricata and rate limiting the connections through which such document is passed. :-)
  • Timing: 15 min

• Suricata vs Netfilter (Victor/Eric)
  • Slides
  • Description: How could Suricata and Netfilter be better friends?
    • Blog description
  • Timing: 20 min

16:00

Coffee brake — hallway track ;-)

16:30

• MPLS Enlightened Open vSwitch (Simon)
  • Description: Brief tour of my struggle to add MPLS support to Open vSwitch.
    • Blog article
  • Timing: 15 min

17:00

End of presentations.

Light hacking.

18:00

Copenhagen "tourist" tour around Kongens Nytorv, Nyhavn, Amalienborg Slotsplats and Frederiks Kirke.

19:15

Dinner at Den Tatoverde Enke ("the tatoo-ed widow" [widow as in the spider])

Tuesday 12th

09:00

• nftables - kernel framework to replace iptables (Pablo)
  • Slides
  • Description: New kernel packet filtering framework to replace iptables (includes a commandline backward compatible mode).
    • Blog article
  • Timing: 30 min (expect long discussions) real time approx 2 hours
    • Involved deep dive into the code

11:00

(short coffee break)

• ipset - status are recent development (Jozsef)
  • Slides
  • Description: ipset status report
    • Blog summary
  • Timing: 15 min

12:00

Lunch at the hotel.

13:00

• ebtables sucks, how can we make it suck less? (Jesper)
  • Slides
  • Description: Initial problem statement and follow-up open discussion
  • Type: Discussion
  • Timing: 20 min

• connman (Tomasz)
  • Slides‎
  • Description: internet connection manager, usage of netfilter
    • Blog record
  • Timing: 15 minutes

• Group picture
  • Blog link and Google plus link

14:00

• “Merge Me” (Jan)
  • Description: Proposing xt2 for merging - a retry at a discussion after it was cut off in Dec2012 ML post
  • Type: Discussion
  • Timing: 45 min (real time approx 2 hours)

16:00

• netfilter.org infrastructure updates (Pablo)
  • Description: the new netfilter.org infrastructure
  • Timing: 15 min

• Find a word starting by "doc" (Eric)
  • Description: Discussion around the documentation of the different Netfilter components
  • Timing: 15min

• Automatic tests ? (Eric)
  • Description: How can we avoid "buggy" release and discussion about automated testing?
  • Timing: 15min

17:00

• netsniff-ng toolkit for devel/debugging (Daniel)
  • Slides and blog writeup
  • Description: Tools we can use to (stress-)test e.g. the Linux Network stack or netfilter
    • Just short demo of some tools
  • Full-length talk given at DevConf.cz is avail on YouTube
    • Slides for DevConf.cz YouTube talk
  • Timing: 15 min

17:20

• Netlink attribute alignment (Thomas Graf)
  • Description: Discussion around fixing 64bit Netlink attribute alignments
  • Timing: 10 minutes

Wednesday and Thursday

See: Hacking Days Hackathon

Below talks were giving Thursday hacking-days/hackathon:

• ulogd2 (Eric Leblond)
  • Description: what's new and what's the next step
  • Timing: 20min

• generalizing CT template & Jamal's conntrack at ingress (Pablo)
  • Description: Jamal wants to use CT from ingress
  • Timing: 15 min