List of presentations
From 11th Netfilter Workshop
Developer days presentations
- Who: Linux netdev/netfilter developers.
- When: From 23th to 26th of June. From 9 am to 4 pm. Lunch break from 12.45 pm to 2 pm.
- Where: Hungarian NREN (Victor Hugo street).
Remember that we have meeting at the lobby by 8:15 am to depart together to the workshop venue.
Tuesday 23th
NREN/NIIF welcome
- Who: Mohácsi János
- What: Short intro on the Hungarian NREN from host institution.
Welcome
- Short introduction round
Netfilter updates
- Who: Pablo Neira
- What: A short summary on the Netfilter kernel changes since the last workshop.
- Estimated time: 20 minutes
ipset
- Who: Jozsef Kadlecsik
- What: Updates on ipset.
- Estimated time: 15min
Flow/Route based tunneling/encapsulation - Open design challenges
- Who: Thomas Graf
- What: Discuss final steps for lightweight flow/route based encapsulation for VXLAN/MPLS/Geneve/...
- Estimated time: 20min
ebtables/bridge netfilter problem statement
- Who: Florian Westphal
- What: features we have in bridge netfilter, why call-iptables is a PITA, what do to about it
- Estimated time: 15min
Stack performance challenges
- Who: Jesper Dangaard Brouer (+ Hannes and Florian)
- What: Where lies the performance challenges in the kernel network stack, and what can we do about it?
- Estimated time: 45 minutes
- Slides avail here and here Media:Net_stack_challenges_100G_NFWS2015.pdf
Making ipvs work for Facebook
- Who: Alex Gartrell
- What: Things we've had to do to make ipvs work that should go upstream and additional changes that are probably a good idea.
- Estimated time: 15-30 minutes
bpf in tracing and user space tools update ?
- Who: Alexei Starovoitov
- What: Update on bpf in tracing, user space tools and bpf in networking use cases
- Estimated time: 15min
Accelerate NFT with BPF JIT ?
- Who: Alexei Starovoitov
- What: Discuss feasibility of using BPF JIT to accelerate NFT processing in some cases. Pros/Cons.
- Estimated time: 20 minutes
Wednesday 24th
Connection tracking performance
- Who: Joe Stringer
- What: Benchmarking how conntrack performs today in various configurations, then where to next?
- Estimated time: 15 minutes
Multipath Routing
- Who: Ulrich Weber
- What: Current solutions for IPv4/IPv6 multipath routing, challenges and possible improvements.
- Estimated time: 20 minutes
xt_cgroups
- Who: Daniel Borkmann
- What: How to move forward with enabling xt_cgroup (resp. cgroups for nft) for input path (http://thread.gmane.org/gmane.comp.security.firewalls.netfilter.devel/56864/).
- Estimated time: ~15 minutes
Firewalld
- Who: Thomas Woerner
- What: What is firewalld and why does it exist. The way it is using netfilter - the good, bad and ugly things. Also the expectations from nftables and the issues I discovered so far with tests for nftables support in firewalld. Additionally about the wish list to have a better integration with netfilter and also nftables.
- Estimated time: ?
nftables, what's next?
- Who: Pablo
- What: Ongoing works and pending stuff regarding nftables
- Estimated time: 20 min
Thursday 25th
- Hacking days.
Friday 26th
- Hacking days.