List of presentations
From 9th netfilter workshop
This is a record of the presentations given during the 2-days closed developer-only meeting of Netfilter Workshop.
- A total of 22 talks were given during these 2-days
- Slides have been added to some of the talks
- but these talks are highly discussion based, which is difficult to capture on slides
- (we have video recorded some of the talks, but the video is still on the editing table...)
Contents |
Monday 11th
09:00
Introductions and setup
09:30
- Kronosnet (Fabio)
- Description: VPNs on steroids
- Timing: 20 min
10:40
- Removing the routing cache (DaveM)
- Slides
- Description: Dave presents an overview about the changes as a result of the routing cache removal and how we actually got more performance out of it by doing less operations.
- Timing: 35 minutes
11:15
- DDoS and netfilter (Topholm)
- Description: a DDoS use-case and netfilter approaches
- Timing: 15 minutes
- Caused long discussion and interaction with Eric Dumazet
- Blog summary which reference rejected patchset (May-2012)
12:00
Lunch. At the hotel.
13:00
- NF summary of changes since last workshop (Pablo)
- Description: Short summary of changes in netfilter since the last workshop
- Timing: 15 min
- Recent and Not So Recent Developments in IPVS (Simon)
- Description: Summary of the past 2½ years of IPVS development.
- Timing: 5 min (Pablo covered most of Simons updates)
- TCP stack scalability (Eric Dumazet)
14:20
Cake ... Happy Birthday to Patrick McHardy
- Hallway "track"
15:00
- flowtop a top-like view of ConnTracks (Daniel)
- Slides
- Description: A new minimal tool for top-like conntracking with geo locating (part of netsniff-ng)
- Timing: 10min
- New iptables automated testing framework (Pablo)
- Descrition: A new python script to run automated tests on iptables
- Type: Presentation
- Timing: 15 min
- Helpers in userspace (Pablo)
- Description: The new userspace infrastructure for connection tracking helpers
- Type: Presentation
- Timing: 15 min
15:30
- WTF (Eric Leblond)
- Description: Word Transfer Finds, a method to detect Office Word documents using Suricata and rate limiting the connections through which such document is passed. :-)
- Timing: 15 min
- Suricata vs Netfilter (Victor/Eric)
- Slides
- Description: How could Suricata and Netfilter be better friends?
- Timing: 20 min
16:00
Coffee brake — hallway track ;-)
16:30
- MPLS Enlightened Open vSwitch (Simon)
- Description: Brief tour of my struggle to add MPLS support to Open vSwitch.
- Timing: 15 min
17:00
End of presentations.
Light hacking.
18:00
Copenhagen "tourist" tour around Kongens Nytorv, Nyhavn, Amalienborg Slotsplats and Frederiks Kirke.
19:15
Dinner at Den Tatoverde Enke ("the tatoo-ed widow" [widow as in the spider])
Tuesday 12th
09:00
- nftables - kernel framework to replace iptables (Pablo)
- Slides
- Description: New kernel packet filtering framework to replace iptables (includes a commandline backward compatible mode).
- Timing: 30 min (expect long discussions) real time approx 2 hours
11:00
(short coffee break)
- ipset - status are recent development (Jozsef)
- Slides
- Description: ipset status report
- Timing: 15 min
12:00
Lunch at the hotel.
13:00
- ebtables sucks, how can we make it suck less? (Jesper)
- Slides
- Description: Initial problem statement and follow-up open discussion
- Type: Discussion
- Timing: 20 min
- connman (Tomasz)
- Slides
- Description: internet connection manager, usage of netfilter
- Timing: 15 minutes
- Group picture
14:00
- “Merge Me” (Jan)
- Description: Proposing xt2 for merging - a retry at a discussion after it was cut off in Dec2012 ML post
- Type: Discussion
- Timing: 45 min (real time approx 2 hours)
16:00
- netfilter.org infrastructure updates (Pablo)
- Description: the new netfilter.org infrastructure
- Timing: 15 min
- Find a word starting by "doc" (Eric)
- Description: Discussion around the documentation of the different Netfilter components
- Timing: 15min
- Automatic tests ? (Eric)
- Description: How can we avoid "buggy" release and discussion about automated testing?
- Timing: 15min
17:00
- netsniff-ng toolkit for devel/debugging (Daniel)
- Slides and blog writeup
- Description: Tools we can use to (stress-)test e.g. the Linux Network stack or netfilter
- Just short demo of some tools
- Full-length talk given at DevConf.cz is avail on YouTube
- Timing: 15 min
17:20
- Netlink attribute alignment (Thomas Graf)
- Description: Discussion around fixing 64bit Netlink attribute alignments
- Timing: 10 minutes
Wednesday and Thursday
Below talks were giving Thursday hacking-days/hackathon:
- ulogd2 (Eric Leblond)
- Description: what's new and what's the next step
- Timing: 20min
- generalizing CT template & Jamal's conntrack at ingress (Pablo)
- Description: Jamal wants to use CT from ingress
- Timing: 15 min