summaryrefslogtreecommitdiff
path: root/2005/netfilter_nextgen-lk2005/abstract.txt
diff options
context:
space:
mode:
Diffstat (limited to '2005/netfilter_nextgen-lk2005/abstract.txt')
-rw-r--r--2005/netfilter_nextgen-lk2005/abstract.txt32
1 files changed, 32 insertions, 0 deletions
diff --git a/2005/netfilter_nextgen-lk2005/abstract.txt b/2005/netfilter_nextgen-lk2005/abstract.txt
new file mode 100644
index 0000000..0d3f97c
--- /dev/null
+++ b/2005/netfilter_nextgen-lk2005/abstract.txt
@@ -0,0 +1,32 @@
+First steps towards the next generation netfilter subsystem
+
+Until 2.6, every new kernel version came with its own incarnation of a packet
+filter: ipfw, ipfwadm, ipchains, iptables. 2.6.x still had iptables. What was
+wrong? Or was iptables good enough to last even two generations?
+
+In reality the netfilter project is working on gradually transforming the
+existing framework into something new. Some of those changes are transparent
+to the user, so they slip into a kernel release almost unnoticed. However,
+for expert users and developers those changes are noteworthy anyway.
+
+Some other changes just extend the existing framework, so most users again
+won't even notice them - they just don't take advantage of those new features.
+
+The 2.6.14 kernel release will mark a milestone, since it is scheduled to
+contain nfnetlink, ctnetlink, nfnetlink_queue and nfnetlink_log - basically a
+totally new netlink-based kernel/userspace interface for most parts of the
+netfilter subsystem.
+
+nf_conntrack, a generic layer-3 independent connection tracking subsystem,
+initially supporting IPv4 and IPv6, is also in the queue of pending patches.
+Chances are high that it will be included in the mainline kernel at the time
+this paper is presented at Linux Kongress.
+
+Another new subsystem within the framework is the "ipset" filter, basically an
+alternative to using iptables in certain areas.
+
+The presentation will cover a timeline of recent advances in the netfilter
+world, and describe each of the new features in detail. It will also summarize
+the results of the annual netfilter development workshop, which is scheduled
+just the week before Linux Kongress.
+
personal git repositories of Harald Welte. Your mileage may vary