diff options
author | Harald Welte <laforge@gnumonks.org> | 2015-10-25 21:00:20 +0100 |
---|---|---|
committer | Harald Welte <laforge@gnumonks.org> | 2015-10-25 21:00:20 +0100 |
commit | fca59bea770346cf1c1f9b0e00cb48a61b44a8f3 (patch) | |
tree | a2011270df48d3501892ac1a56015c8be57e8a7d /2005 |
import of old now defunct presentation slides svn repo
Diffstat (limited to '2005')
318 files changed, 31122 insertions, 0 deletions
diff --git a/2005/a780-ccc2005/abstract.txt b/2005/a780-ccc2005/abstract.txt new file mode 100644 index 0000000..0e0b2c4 --- /dev/null +++ b/2005/a780-ccc2005/abstract.txt @@ -0,0 +1,65 @@ +* Title: + Towards the first 100% free software GSM phone + +* Subtitle: + Reverse Engineering the Motorola EZX (A768,A780,E680) series of Linux-based GSM phones + +* Abstract: + This presentation describes the progress of hacking and extending the + Motorola series of Linux based Smartphones, with the ultimate goal to + replace all proprietary applications with 100% free software. + +* Description: + A longer and detailed description of the event's content (250 to 500 words) + It's been two years since Motorola has released the first Linux + Smartphone (A768). More recently, two new models were introduced, the + A780 and the E680, the former even officially distributed in Germany + and all over the EU. + + What's so special about a Linux based smartphone? It's special because + the Linux kernel acts as an enabler for 3rd party hacks and 3rd party + software, like it can be observed with the OpenWRT, OpenTom, + NSLU2-Linux, OpenEmbedded, OpenZaurus and other similar projects. + + The author of this presentation has sucessfully obtained "telnet" + access to an A780 cellphone, built a matching cross-compilation + toolchain and installed various applications for debugging, such as + busybox, iptables, nmap, lsof, strace, etc. + + While re-engineering efforts are still in a early stage, work is + proceeding extremely fast, and important pieces such as the protocol + between the PXA270 frontend processor and the ARM7TDMI GSM processor + have already been partially re-engineered. The project is expected to + progress significantly until 22C3. + + +* Please state if you are going to submit a paper to be included in the 22C3 + Proceedings + Yes + +* Please state if you are going to use slides in your talk and in which format + you are going to provide a copy + Magicpoint or tpp + +* Duration of your talk + +* Language of your talk + en_US + +* Links to background information on the talk + http://www.motorolafans.com/ + http://gnumonks.org/~laforge/weblog/linux/a780/ + http://svnweb.gnumonks.org/trunk/a780/ + +* Target Group: + Developers + +* Resources you need for your talk + digital projector + +* Related talks at 22C3 you know of + none + +* A lecture logo, square format, min. 128x128 pixels (optional) + none + diff --git a/2005/a780-ccc2005/openezx-ccc2005.mgp b/2005/a780-ccc2005/openezx-ccc2005.mgp new file mode 100644 index 0000000..e3747c3 --- /dev/null +++ b/2005/a780-ccc2005/openezx-ccc2005.mgp @@ -0,0 +1,478 @@ +%include "default.mgp" +%default 1 bgrad +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +%nodefault +%back "blue" + +%center +%size 7 + +Free Software on +GSM Phones + +December 29, 2005 +22C3 + +%center +%size 4 +by + +Harald Welte <laforge@gnumonks.org> + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +OpenEZX +Introduction + + +Who is speaking to you? + an independent Free Software developer + who earns his living off Free Software since 1997 + who is one of the authors of the Linux kernel firewall system called netfilter/iptables + who can claim to be the first to have enforced the GNU GPL in court + who is doing way too many projects simultaneously, one of them OpenEZX + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +OpenEZX +Contents + + Disclaimer + What is OpenEZX + History of Motorola Linux Phones + A780 / E680(i) overview + Techniques for reverse engineering + Current status of information about EZX phones + OpenEZX software status + Another Linux GSM Phone: HTC BlueAngel + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +OpenEZX +Disclaimer + + +Disclaimer + I have no affiliation with Motorola + OpenEZX project has no affiliation with Motorola + All Information is based on observation, and may be wrong + Lots of the work has been done by a large community, I'm a newbie ;) + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +OpenEZX +What is OpenEZX + + + OpenEZX project + to document EZX phone hardware and software + to provide 100% free software stack for frontend CPU + might at some future point in time also look into GSM/RF related hacks + Homepage: http://openezx.org/ (http://open-ezx.org) + Wiki: http://wiki.openezx.org/ + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +OpenEZX +History + + +History of Motorola Linux based gsm phones + A760, A768 + Released in Asia in 2003 + EZX (A780, E680, E680i) + E680 sold only in asian market + A780 sold in China since August 2004 + A780 first Motorola Linux phone available in EU/US + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +OpenEZX +A780 + + + The A780 phone + Quad-band GSM + AGPS + GPRS, EDGE, HSCSD + Intel Xscale based + Monta Vista CE Linux + Bluetooth + USB device port (modem / mass storage) + Transflash slot (SD-card in smaller form factor) + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +OpenEZX +E680/E680i + + + The E680 phone + Like A780 + No GPS + full-size SD/MMC slot + FM Radio + minor differences in Audio system, GPIO assignment, ... + + The E680i phone + seems to only differ in software + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +OpenEZX +Techniques for re-engineering + + + learn about the device + take the device apart + take high-res PCB photographs + FCC database sometimes quite helpful + remove all the shielding covers + write down types of all integrated circuits + google for those circuits, try locating data sheets + sometimes service manuals can be obtained for small fees + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +OpenEZX +Techniques for re-engineering + + + try to find a serial console port + successful in many embedded devices + all you need is a 3.3v<->RS232 level shifter + A780: checking all 100+ test points with an oscilloscope :( + unfortunately not successful in the case of A780 + + try to find a JTAG port + cheap JTAG / parallel port adaptors available or DYI + only helps if you also have a BSDL file or similar + hard to figure out which of the five pins is which + be aware: there might be multiple JTAG ports for multiple IC's + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +OpenEZX +Techniques for re-engineering + + + access to the OS instead of the UI + serial console helps in many cases, not in this one + networked devices sometimes have telnet/ssh available + exploits of known-to-be-installed software (zlib-1.1.3) + try "weird button combinations" at startup + + access to flash memory + read out via JTAG + if you have shell access, dd if=/dev/mtd* of=... + via vendor-supplied flash programming tool + copy / unpack / mount flash image to PC workstation + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +OpenEZX +Techniques for re-engineering + + + simulation + running ARM binaries from device in QEMU emulation + commercial ARM emulators + + disassembling + WARNING: may be illegal in most jurisdictions + use gnu binutils (objdump, ...) + use special-purpose proprietary tools (IDA Pro) + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +OpenEZX +A780 Hardware + + + In short + A Motorola Neptune LTE based mobile phone plus + A PXA270 Xscale based PDA in one case + + Application Processor (PXA270) + runs heavily modified linux-2.4.20 kernel + 48MB RAM + 48MB "wireless" flash + software-configurable clock speed up to 400MHz + JTAG port on test pads, BSDL file and JFlash available + SPI/SSP interface to PCAP and BP + directly attached to 320x200 LCD display + directly attached to touch screen, buttons + directly attached to 1.3Mpixel camera module + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +OpenEZX +A780 Hardware + + + Baseband Processor (Neptune LTE) + contains ARM7TDMI for GSM stack + contains 566xx DSP for digital baseband + JTAG port on test pads, but no BSDL file + Connected to Application processor via USB + SPI/SSP interface to PCAP and AP + UART connected to AGPS processor + Connects to GSM SIM module + 8MB external flash + 2MB external RAM + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +OpenEZX +A780 Hardware + + + AGPS Processor (Motorola Telematics MG4100) + Attached to UART of BP + Has it's own Flash and RAM (2MB?) + + PCAP2 (power management, clock and audio peripheral) + produces a 16 different voltages + handles all mono/stereo audio + connected to 2 speakers, microphone, vibrator + clock generation + SPI/SSP interface to AP and BP + Backlight control + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +OpenEZX +A780 Hardware + + +RF Part (not very much information known) + + RF6003 + fractional-n RF synthesizer + + RF2722 + GPRS/EDGE capable receiver (RX) + + RF3144 + quad-band power amplifier (TX)))) + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +OpenEZX +A780 AP Software + + + linux-2.4.20 + whole bunch of montavista additions + dynamic power management + EZX arm subarchitecture + low-level drivers for + SPI/SSP + PCAP Audio (mono/stereo/headset/...) + Vibrator (/dev/vibrator) + USB host port attached to BP + USB device port (belcarra usbd, not gadget) + Transflash/SD/MMC + THREE proprietary flash file systems + Intel VFM (hatcreek.o) + m-systems DiskOnChip (tffs.o) + third unknown +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +OpenEZX +A780 AP Software + + + mux_cli.o + hooks into special functions of USB host driver + provides GSM TS07.10 (de)multiplex + userspace has tty devices + + gprsv.o + implements GPRS line discipline for mux_cli ttys + hooks into netfilter to intercept DNS packets ?!? + provides gprs0 / grps1 network devices + + ipsec.o + proprietary ipsec stack (don't we already have two GPL licensed?) + Copyright Certicom Corp + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +OpenEZX +A780 Software + + + Libraries + glibc + Bluetooth + proprietary userspace program directly opens HCI + GPS + no NMEA, no serial device emulation :( + proprietary library via mux_cli kernel module + UI + embeddedQt + Motorola EZX toolkit + Java + Full J2ME support + (but who wants java if there's linux?) + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +OpenEZX +A780 Software + + + Apps + Opera + Helix Player with codecs + aac, amr, mp4, realvideo, mid, mp3, mp4, wma + movianVPN + proprietary IPsec VPN client + CoPilot + proprietary GPS navigation, map&route program + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +OpenEZX +EZX Firmware Images + + + EZX Firmware Images + Motorola ships .SHX firmware images to service centres + No legal way for users to get FW updates + Proprietary Windows apps flash phone via USB + Motorola PST + Motorola RSD lite + SHX files contain 'code groups' + AP bootloader (blob based) + AP linux kernel + AP root filesystem + AP /ezxlocal filesystem + AP "language pack" + Bootup Logo/Animation + BP OS + DSP code + Cryptographic Signature(s) + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +OpenEZX +EZX bootloader + + + EZX bootloader + based on GPL licensed blob + source code not yet released by Motorola + low-level initialization code (GPIO config, clock, ...) + vendor specific USB device that allows for + transfer of executable code from USB host + execution of transferred executable + serial console code is present in binary, but not used :( + PST/RSD firmware updates work by uploading a 'ramloader' + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +OpenEZX +EZX USB (EMU) + + + EZX phones seem to have USB device port + Actually, it's "Enhanced Mini USB" (EMU) + Depending on pullup/pulldown/... resistors + USB device port + Serial port (RS232 at 3.3V levels) + Stereo audio signal + 500mA charger + Carkit (easy install, professionally installed) + Factory test + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +OpenEZX +EZX USB (EMU) + + + USB Configurations + Even in USB device EMU mode, there are many configs + Official configs + cdc_acm (serial modem emulation for host pc) + USB mass storage (transflash and VFAT-on-TFFS devices) + Undocumented configs + usbnet (network device over USB) + Allows telnet into phone + PST + Mode used by PST Windows App + DSPlog + Apparently a way to dump data from DSP + NetMonitor + supposedly for GSM network monitor + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +OpenEZX +Status + + + Status of OpenEZX + fairly good picture about phone architecture + initial 2.6.14 port done, still lots of bugs + Updated toolchain (gcc-3.4) + EZX / OPIE / embeddedQt integration + Linux native BlueZ bluetooth working + netfilter/iptables port (you can do NAT between GPRS and usbnet) + nmap/tcpdump/af_packet.o + lsof, busybox, bash2, + gameboy emulator + qonsole (qt console app with OSD keyboard) + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +OpenEZX +TODO + + + TODO + get 2.6.x kernel fully running, including all drivers + power management + write free software backend to talk to Neptune LTE (tapisrv) + reimplement mux_cli and gprsv kernel modules + some reference application that can make voice and/or data calls from the commandline + USB On-The-GO support (hardware support present!) + discover how DSPlog, PST, other interfaces work + write linux-based app for phone flashing via USB + dm-crypt for your personal contacts/data + native IPsec + ScummVM port [320x240 and touchpad, ideal!] :) + at some point merge with openembedded.org ? + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +Next-generation netfilter +Thanks + + Thanks to + the BBS scene, Z-Netz, FIDO, ... + for heavily increasing my computer usage in 1992 + KNF (http://www.franken.de/) + for bringing me in touch with the internet as early as 1994 + for providing a playground for technical people + for telling me about the existance of Linux! + Alan Cox, Alexey Kuznetsov, David Miller, Andi Kleen + for implementing (one of?) the world's best TCP/IP stacks + Astaro AG + for sponsoring parts of my free software work + Chaos Computer Club (http://www.ccc.de/) + for providing an inspiring environment for cool hacks +%size 3 + The slides and the an according paper of this presentation are available at http://svn.gnumonks.org/projects/presentations +%size 3 diff --git a/2005/firewall_vpn-linuxpark_cebit2005/abstract b/2005/firewall_vpn-linuxpark_cebit2005/abstract new file mode 100644 index 0000000..9a52af2 --- /dev/null +++ b/2005/firewall_vpn-linuxpark_cebit2005/abstract @@ -0,0 +1,31 @@ +Titel: Firewalling, VPN (und mehr) mit Linux 2.6.x + +Abstact: +Der Einsatz von Linux im 'unsichtbaren' Bereich der Server und Router, +Firewalls und Gateways hat bereits lange tradition. + +Auch der Linux 2.6.x Kernel setzt diese Tradition fort, und kann insbesondere +im Netzwerkbereich mit einigen Neuerungen aufwarten, wie z.B. dem neuen IPsec +Stack. + +Linux-Systeme koennen problemlos als Paketfilter mit Stateful Inspection, zum +Network Address Translation, als Load-Balancer, Policy-Router, Traffic-Shaper, +oder auch VPN-Gateway eingesetzt werden. + +Der Vortrag gibt einen Ueberblick ueber die vielfaeltigen +Einsatzmoeglichkeiten und soll beim geneigten Zuhoerer die "Lust auf mehr" +wecken. + +Vorkenntnisse: +Grundlegendes Wissen ueber Netzwerke und Linux + +Dozent: +Harald Welte ist der Maintainer des Linux-Firewalling-Projekts +netfilter/iptables. Er ist seit 1994 mit Linux befasst und arbeitet seit 1997 +als freiberuflicher Entwickler, Consultant und Trainer im Linux-Umfeld. Sein +besonderer Schwerpunkt liegt im Bereich der Netzwerktechnik, +Netzwerksicherheit, Computersicherheit, Embedded Linux und Kernel-Entwicklung. +Mit seinem im Jahr 2004 gegruendeten gpl-violations.org Projekt ist es ihm +bereits in mehr als 30 Faellen gelungen, die GPL aussergerichtlich und vor +Gericht durchzusetzen. + diff --git a/2005/firewall_vpn-linuxpark_cebit2005/firewall-vpn-linuxpark_cebit2005.mgp b/2005/firewall_vpn-linuxpark_cebit2005/firewall-vpn-linuxpark_cebit2005.mgp new file mode 100644 index 0000000..fa6c700 --- /dev/null +++ b/2005/firewall_vpn-linuxpark_cebit2005/firewall-vpn-linuxpark_cebit2005.mgp @@ -0,0 +1,294 @@ +%include "default.mgp" +%default 1 bgrad +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +%nodefault +%back "blue" + +%center +%size 7 + + +Firewalls, IPsec and Linux + + +%center +%size 4 +by + +Harald Welte <laforge@netfilter.org> + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +Firewalls, IPsec and Linux +Contents + + + Introduction + Highly Scalable Linux Network Stack + Netfilter Hooks + Packet selection based on IP Tables + The Connection Tracking Subsystem + The NAT Subsystem + IPsec with Free S/WAN + IPsec with Kernel 2.6.x + Cipe, vtun, openvpn and others + Traffic Shaping, QoS, Policy Routing + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +The GNU GPL Revisited +Introduction + + +Who is speaking to you? + an independent Free Software developer + who earns his living off Free Software since 1997 + who is one of the authors of the Linux kernel firewall system called netfilter/iptables + who can claim to be the first to have enforced the GNU GPL in court + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +Firewalls, IPsec and Linux +Introduction + +What this is: + A broad overview about the advanced Linux networking features + Intended for a network savyy audience that has little Linux background + +What this presentation is not: + A tutorial on how to use iptables, tc, iproute2, brctl + An introduction into the cool code we write every day ;) + +It will try to show you what you can do with Linux networking, not how. + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +Firewalls, IPsec and Linux +Introduction + +Linux and Networking + Linux is a true child of the Internet + Early adopters: ISP's, Universities + Lots of work went into a highly scalable network stack + Not only for client/server, but also for routers + Features unheared of in other OS's + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +Firewalls, IPsec and Linux +Introduction + +Did you know, that a stock 2.6.x linux kernel can provide + + a stateful packet filter ? + fully symmetric NA(P)T ? + policy routing ? + QoS / traffic shaping ? + IPv6 firewalling ? + packet filtering, NA(P)T on a bridge ? + layer 2 (mac) address translation ? + packet forwarding rates of up to 2.1mpps ? + +If not, chances are high that this presentation will tell you something new. + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +Firewalls, IPsec and Linux +Netfilter Hooks + + What is netfilter? + + System of callback functions within network stack + Callback function to be called for every packet traversing certain point (hook) within network stack + Protocol independent framework + Hooks in layer 3 stacks (IPv4, IPv6, DECnet, ARP) + Multiple kernel modules can register with each of the hooks + +Traditional packet filtering, NAT, ... is implemented on top of this framework + +Can be used for other stuff interfacing with the core network stack, like DECnet routing daemon. + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +Firewalls, IPsec and Linux +IP tables + + Packet selection using IP tables + + The kernel provides generic IP tables support + + Each kernel module may create it's own IP table + + The three major parts of 2.4 firewalling subsystem are implemented using IP tables + Packet filtering table 'filter' + NAT table 'nat' + Packet mangling table 'mangle' + + Could potentially be used for other stuff, e.g. IPsec SPDB + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +Firewalls, IPsec and Linux +IP Tables + + Managing chains and tables + + An IP table consists out of multiple chains + A chain consists out of a list of rules + Every single rule in a chain consists out of + match[es] (rule executed if all matches true) + target (what to do if the rule is matched) + +%size 4 +matches and targets can either be builtin or implemented as kernel modules + +%size 5 + The userspace tool iptables is used to control IP tables + handles all different kinds of IP tables + supports a plugin/shlib interface for target/match specific options + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +Firewalls, IPsec and Linux +Connection Tracking Subsystem + + Connection tracking... + implemented seperately from NAT + enables stateful filtering + protocol modules (currently TCP/UDP/ICMP/GRE/SCTP) + application helpers (currently FTP,IRC,H.323,talk,SNMP,RTSP) + does _NOT_ filter packets itself + can be utilized by iptables using the 'state' match + is used by NAT Subsystem + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +Firewalls, IPsec and Linux +Network Address Translation + + Network Address Translation + + Previous Linux Kernels only implemented one special case of NAT: Masquerading + Linux 2.4.x / 2.6.x can do any kind of NAT. + NAT subsystem implemented on top of netfilter, iptables and conntrack + Following targets available within 'nat' Table + SNAT changes the packet's source whille passing NF_IP_POST_ROUTING + DNAT changes the packet's destination while passing NF_IP_PRE_ROUTING + MASQUERADE is a special case of SNAT + REDIRECT is a special case of DNAT + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +Firewalls, IPsec and Linux +Packet Mangling + + Purpose of mangle table + packet manipulation except address manipulation + Targets specific to the 'mangle' table: + DSCP - manipulate DSCP field + IPV4OPTSSTRIP - strip IPv4 options + MARK - change the nfmark field of the skb + TCPMSS - set TCP MSS option + TOS - manipulate the TOS bits + TTL - set / increase / decrease TTL field + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +Firewalls, IPsec and Linux +Linux Bridging + + Bridging (brctl) + Includes support for Spanning Tree + Fully supports packet filtering and NAT (!) on a bridge + Can also filter and translate layer 2 MAC addresses + Can implement a 'brouter' (bridge certain traffic, route other) + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +Firewalls, IPsec and Linux +Linux Policy Routing + + Policy Routing (iproute2) + Allows routing decisions on arbitrary information + Provides up to 255 different routing tables within one system + By combining via nfmark with iptables, any matches of the packet filter can be used for the routing decision + Very useful in complex setups with mutiple links (e.g. multiple DSL uplinks with dynamic addresses, asymmetric routing, ...) + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +Firewalls, IPsec and Linux +Linux Traffic Shaping + + Traffic Control (tc) + Framework for lots of algorithms like RED,SFQ,TBF,CBQ,CSZ,GRED,HTB + Very granular control, especially for very low bandwidth links + Present since Linux 2.2.x but still not used widely + Lack of documentation, but situation is improving (www.lartc.org) + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +Firewalls, IPsec and Linux +Free S/WAN + + Free S/WAN + Was a politically motivated effort to provide IPsec for Linux 2.0+ + Goal was to encrypt as much Internet Traffic as possible + Software architecture didn't fit very well with Linux 2.4/2.6 network stack + Project has been shut down, however Open S/WAN continues support + Is in widespread production use and has received a lot of testing + Political motivation prevented any U.S. citizen to contribute code + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +Firewalls, IPsec and Linux +Linux 2.6.x IPsec + + Linux 2.6.x IPsec + Linux networking gods disaproved Free S/WAN political restrictions and software design + Thus, they decided to write their own IPsec stack + Result is in the stock 2.6.x kernel series + Offers complete support for transport and tunnel mode + Can be used with FreeSWAN (pluto) or KAME (isakmpd) userspace + Remaining problems + No integration with hardware crypto accelerators yet + No implementation of NAT traversal yet + Interaction with iptable_nat still has to be sorted out + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +Firewalls, IPsec and Linux +cipe, vtun, openswan and others + + Other VPN protocols/programs + Evolved as linux specific VPN implementations since the Linux Kernel was lacking stock IPsec support for a long time + Are totally incompatible to IPsec and only compatible to themselves + Are of questionable security (at least in case of cipe, vtun) + Are mostly userspace implementations + Are way easier to configure + Can provide layer 2 tunnels to route (or bridge!) all kinds of protocols + openvpn with X.509 certificates is a very clean and easy solution for building strong VPN tunnels between two linux gateways + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +Firewalls, IPsec and Linux +Thanks + + Thanks to + the BBS scene, Z-Netz, FIDO, ... + for heavily increasing my computer usage in 1992 + KNF (http://www.franken.de/) + for bringing me in touch with the internet as early as 1994 + for providing a playground for technical people + for telling me about the existance of Linux! + Alan Cox, Alexey Kuznetsov, David Miller, Andi Kleen + for implementing (one of?) the world's best TCP/IP stacks + Paul 'Rusty' Russell + for starting the netfilter/iptables project + for trusting me to maintain it today + Astaro AG + for sponsoring parts of my netfilter work +%size 3 + The slides and the an according paper of this presentation are available at http://www.gnumonks.org/ +%size 3 diff --git a/2005/flow-accounting-lt2005/abstract b/2005/flow-accounting-lt2005/abstract new file mode 100644 index 0000000..30c3f4c --- /dev/null +++ b/2005/flow-accounting-lt2005/abstract @@ -0,0 +1,28 @@ +Flow based network accounting with Linux + +Many networking scenarios require some form of network accounting that goes +beyond some simple packet and byte counters as available from the 'ifconfig' +output. + +When people want to do network accouting, the past and current Linux kernel +didn't provide them with any reasonable mechanism for doing so. + +Network accounting can generally be done in a number of different ways. The +traditional way is to capture all packets by some userspace program. Capturing +can be done via a number of mechanisms such as PF_PACKET sockets, mmap()ed +PF_PACKET, ipt_ULOG, or ip_queue. This userspace program then analyzes the +packets and aggregates the result into per-flow data structures. + +Whatever mechanism used, this scheme has a fundamental performance limitation, +since all packets need to be copied and analyzed by a userspace process. + +The author has implemented a different approach, by which the accounting +information is stored in the in-kernel connection tracking table of the +ip_conntrack stateful firewall state machine. On all firewalls, that +state table has to be kept anyways - the additional overhead introduced by +accounting is minimal. + +Once a connection is evicted from the state table, it's accounting relevant +data is transferred to userspace to a special accounting daemon for further +processing, aggregation and finally storage in the accounting log/database. + diff --git a/2005/flow-accounting-lt2005/biography b/2005/flow-accounting-lt2005/biography new file mode 100644 index 0000000..4d7fb91 --- /dev/null +++ b/2005/flow-accounting-lt2005/biography @@ -0,0 +1,25 @@ + Harald Welte is the chairman of the netfilter/iptables core team. + + His main interest in computing has always been networking. In the few time +left besides netfilter/iptables related work, he's writing obscure documents +like the "UUCP over SSL HOWTO" or "A packet's journey through the Linux network +stack". Other kernel-related projects he has been contributing are user mode +linux, the international (crypto) kernel patch, device drivers and the +neighbour cache. + + He has been working as an independent IT Consultant working on projects for +various companies ranging from banks to manufacturers of networking gear. +During the year 2001 he was living in Curitiba (Brazil), where he got +sponsored for his Linux related work by Conectiva Inc. + + Starting with February 2002, Harald has been contracted part-time by +<a href="http://www.astaro.com/">Astaro AG</a>, who are sponsoring him for his +current netfilter/iptables work. + + Aside from the Astaro sponsoring, he continues to work as a freelancing +kernel developer and network security consultant. + + He licenses his software under the terms of the GNU GPL. He is determined to bring all users, distributors, value added resellers and vendors of netfilter/iptables based products in full compliance with the GPL, even if it includes raising legal charges. + + Harald is living in Berlin, Germany. + diff --git a/2005/flow-accounting-lt2005/flow-accounting-lt2005.mgp b/2005/flow-accounting-lt2005/flow-accounting-lt2005.mgp new file mode 100644 index 0000000..601eb88 --- /dev/null +++ b/2005/flow-accounting-lt2005/flow-accounting-lt2005.mgp @@ -0,0 +1,299 @@ +%include "default.mgp" +%default 1 bgrad +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +%nodefault +%back "blue" + +%center +%size 7 + + +Flow-based network accounting with Linux +OLS 2005 (July 22, 2005) + +%center +%size 4 +by + +Harald Welte <hwelte@hmw-consulting.de> + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +Flow-based network accounting with Linux +Contents + + Introduction + Network Acounting + Existing Tools + ip_conntrack_acct + ctnetlink / conntrack tool + ulogd2 + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +Flow-based network accounting with Linux +Introduction + + Who is speaking to you? + an independent Free Software developer + who earns his living off Free Software since 1997 + who is one of the authors of the linux kernel firewall system called netfilter/iptables + who has recently given lots of non-technical presentations about GPL enforcement + who is happy to again speak about a technical subject today + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +Flow-based network accounting with Linux +Network Accounting + + + Counting of metadata of network traffic + Optionally Summarizing + Kind of metadate dependant on application + number of packets + number of bytes + Scope + per timeframe + per connection + per flow + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +Flow-based network accounting with Linux +Network Accounting + + + Reasons for network accounting + volume or bandwith based billing + monitoring of network utilization / disstribution + research on network usage patterns, ... + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +Flow-based network accounting with Linux +Existing accounting solutions + + + Existing accounting solutions for Linux + nacctd (net-acct) + ipt_LOG based + ipt_ULOG based + iptables-based (ipac-ng) + ipt_ACCOUNT + ntop + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +Flow-based network accounting with Linux +nacctd / net-acct + + + nacctd + Oldest tool available, at least since 1995 + Originally developed by Ulrich Callmeier + Later unmaintained, multiple forks + Principle of operation: + Capture all packets using libpcap (AF_PACKET) + try to aggregate packets into flows + log to ASCII file (some branches provide SQL backends) + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +Flow-based network accounting with Linux +ipt_LOG based + + + ipt_LOG + iptables "LOG" target, available in all 2.4.x and 2.6.x kernels + Designed to log policy violations, not accounting data + Not intended for logging of high data volumes + Principle of Operation + Iptables rule with "LOG" target for to-be-logged packets + syslogd writes one line for each packet + Perl scripts (or similar) used to parse syslog files + Summary + Doesn't scale since it abuses ipt_LOG for unintended purpose + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +Flow-based network accounting with Linux +ipt_ULOG based + + + ipt_ULOG + iptables "ULOG" target, available in almost all 2.4.x and 2.6.x kernels + Designed to efficiently log policy violations, not accounting data + Principle of Operation + Copy header of packets into buffer + Flush buffer to userspace + Have a daemon parse packet headers in buffer + Write information to some form of storage + Summary + Scales way better than ipt_LOG + I still abusing an interface for a different purpose + Still needs to transfer all packets to userspace + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +Flow-based network accounting with Linux +ip_tables counter based + + + Accounting based on ip_tables + Every ip_tables ruleset has per-rule packet and byte counters + A number of ready-built tools exist to parse and summarize + Most commonly used is "ipac-ng", supports storage in SQL DB + Principle of Operation + Careful placement of fallthrough-rules + Executing "iptables -L -vn" or "iptables-save -c" displays counters + Counters can be reset by "iptables -Z" + Summary + Scales well with high traffic + Scales badly for lots of different accounting groups (which require lots of rules) + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +Flow-based network accounting with Linux +ipt_ACCOUNT + + + ipt_ACCOUNT + http://www.intra2net.com/opensource/ipt_account/ + A special purpose iptables target, requires kernel patch + Principle of Operation + Keeps byte counters per IP address in a given subnet (/24, eg.) + Counters can be read by special "iptaccount" commandline tool + Summary + Is limited to networks up to /8 + Granularity only down to per-ip level + Highly optimized, but special-purpose + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +Flow-based network accounting with Linux +ip_conntrack_acct + + + ip_conntrack based accounting + The netfilter connection tracking subsystem runs on almost any firewall + Accounting is usually done at the edge of a network, where a firewall is placed + ip_conntrack already maintains some ~ 350 bytes of state per connection + Principle of Operation + Add per-connection, per-direction packet and byte counters + Read the counters from userspace (/proc/net/ip_conntrack or ctnetlink-based) + Summary + adds little extra overhead if ip_conntrack is used already + Not recommended for non-firewall systems + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +Flow-based network accounting with Linux +ip_conntrack_acct + + +Userpace interfaces + /proc/net/ip_conntrack + shows one line per connection + if CONFIG_IP_NF_CT_ACCT is enabled, "packets=5749 bytes=423453" is added for each direction + Pro: + Easy to use + Con: + Not always accurate + No way to reset counters + Inefficient + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +Flow-based network accounting with Linux +ip_conntrack_acct + + + ctnetlink based interface + What is ctnetlink? + it's a netlink-based interface to ip_conntrack + allows reading/deleting/updating/creating conntrack entries from usrspace + exists as out-of-kernel patch for many years + Extending ctnetlink with ip_conntrack_acct + Simple: Add counter information to TLV's passed from kernel to userspace + Additional features + Add new IPCTNL_MSG_CT_GET_CTRZERO command request for atomic get-counters-and-zero + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +Flow-based network accounting with Linux +ip_conntrack_acct + + +Possible ctnetlink based implementations + polling-based + use GET_CTRZERO in a regular sampling interval + add up counters with every call + Pro: configurable granularity + Con: overhead increases with short samling interval + event-based + listen for ctnetlink DELETE event messages + store flow-based information only once at the end of every connection + Pro: Very easy to implement + Con: Data only available after connection finishes + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +Flow-based network accounting with Linux +ip_conntrack_acct + + +Programs to use ip_conntrack_acct + 'conntrack' tool + http://svn.netfilter.org/trunk/conntrack + Try "conntrack -E conntrack" for event-based output + Try "conntrack -L conntrack" for polling + Try "conntrack -L conntrack -z" for poll with zeroing counters + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +Flow-based network accounting with Linux +ip_conntrack_acct + + +Programs to use ip_conntrack_acct + ulogd2 + http://svn.netfilter.org/branches/ulogd2 + next-gerneration of 'ulogd' + can log per-packet and per-flow information + can aggregate per-packet to per-flow information + can run multiple 'plugin stacks' for multiple outputs + can export per-flow data in IPFIX format + is not fully implemented yet, but pretty far ahead + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +Flow-based network accounting with Linux +Thanks + + Thanks to + Alan Cox, Alexey Kuznetsov, David Miller, Andi Kleen + for implementing (one of?) the world's best TCP/IP stacks + Paul 'Rusty' Russell + for starting the netfilter/iptables project + for trusting me to maintain it today + Astaro AG + for sponsoring parts of my netfilter work + Free Software Foundation + for the GNU Project + for the GNU General Public License +%size 3 + http://gnumonks.org/ +%size 3 + http://netfilter.org/ +%size 3 + http://svn.netfilter.org/ + diff --git a/2005/flow-accounting-lt2005/ltpdk/COPYING b/2005/flow-accounting-lt2005/ltpdk/COPYING new file mode 100644 index 0000000..5b6e7c6 --- /dev/null +++ b/2005/flow-accounting-lt2005/ltpdk/COPYING @@ -0,0 +1,340 @@ + GNU GENERAL PUBLIC LICENSE + Version 2, June 1991 + + Copyright (C) 1989, 1991 Free Software Foundation, Inc. + 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The licenses for most software are designed to take away your +freedom to share and change it. By contrast, the GNU General Public +License is intended to guarantee your freedom to share and change free +software--to make sure the software is free for all its users. This +General Public License applies to most of the Free Software +Foundation's software and to any other program whose authors commit to +using it. (Some other Free Software Foundation software is covered by +the GNU Library General Public License instead.) You can apply it to +your programs, too. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +this service if you wish), that you receive source code or can get it +if you want it, that you can change the software or use pieces of it +in new free programs; and that you know you can do these things. + + To protect your rights, we need to make restrictions that forbid +anyone to deny you these rights or to ask you to surrender the rights. +These restrictions translate to certain responsibilities for you if you +distribute copies of the software, or if you modify it. + + For example, if you distribute copies of such a program, whether +gratis or for a fee, you must give the recipients all the rights that +you have. You must make sure that they, too, receive or can get the +source code. And you must show them these terms so they know their +rights. + + We protect your rights with two steps: (1) copyright the software, and +(2) offer you this license which gives you legal permission to copy, +distribute and/or modify the software. + + Also, for each author's protection and ours, we want to make certain +that everyone understands that there is no warranty for this free +software. If the software is modified by someone else and passed on, we +want its recipients to know that what they have is not the original, so +that any problems introduced by others will not reflect on the original +authors' reputations. + + Finally, any free program is threatened constantly by software +patents. We wish to avoid the danger that redistributors of a free +program will individually obtain patent licenses, in effect making the +program proprietary. To prevent this, we have made it clear that any +patent must be licensed for everyone's free use or not licensed at all. + + The precise terms and conditions for copying, distribution and +modification follow. + + GNU GENERAL PUBLIC LICENSE + TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION + + 0. This License applies to any program or other work which contains +a notice placed by the copyright holder saying it may be distributed +under the terms of this General Public License. The "Program", below, +refers to any such program or work, and a "work based on the Program" +means either the Program or any derivative work under copyright law: +that is to say, a work containing the Program or a portion of it, +either verbatim or with modifications and/or translated into another +language. (Hereinafter, translation is included without limitation in +the term "modification".) Each licensee is addressed as "you". + +Activities other than copying, distribution and modification are not +covered by this License; they are outside its scope. The act of +running the Program is not restricted, and the output from the Program +is covered only if its contents constitute a work based on the +Program (independent of having been made by running the Program). +Whether that is true depends on what the Program does. + + 1. You may copy and distribute verbatim copies of the Program's +source code as you receive it, in any medium, provided that you +conspicuously and appropriately publish on each copy an appropriate +copyright notice and disclaimer of warranty; keep intact all the +notices that refer to this License and to the absence of any warranty; +and give any other recipients of the Program a copy of this License +along with the Program. + +You may charge a fee for the physical act of transferring a copy, and +you may at your option offer warranty protection in exchange for a fee. + + 2. You may modify your copy or copies of the Program or any portion +of it, thus forming a work based on the Program, and copy and +distribute such modifications or work under the terms of Section 1 +above, provided that you also meet all of these conditions: + + a) You must cause the modified files to carry prominent notices + stating that you changed the files and the date of any change. + + b) You must cause any work that you distribute or publish, that in + whole or in part contains or is derived from the Program or any + part thereof, to be licensed as a whole at no charge to all third + parties under the terms of this License. + + c) If the modified program normally reads commands interactively + when run, you must cause it, when started running for such + interactive use in the most ordinary way, to print or display an + announcement including an appropriate copyright notice and a + notice that there is no warranty (or else, saying that you provide + a warranty) and that users may redistribute the program under + these conditions, and telling the user how to view a copy of this + License. (Exception: if the Program itself is interactive but + does not normally print such an announcement, your work based on + the Program is not required to print an announcement.) + +These requirements apply to the modified work as a whole. If +identifiable sections of that work are not derived from the Program, +and can be reasonably considered independent and separate works in +themselves, then this License, and its terms, do not apply to those +sections when you distribute them as separate works. But when you +distribute the same sections as part of a whole which is a work based +on the Program, the distribution of the whole must be on the terms of +this License, whose permissions for other licensees extend to the +entire whole, and thus to each and every part regardless of who wrote it. + +Thus, it is not the intent of this section to claim rights or contest +your rights to work written entirely by you; rather, the intent is to +exercise the right to control the distribution of derivative or +collective works based on the Program. + +In addition, mere aggregation of another work not based on the Program +with the Program (or with a work based on the Program) on a volume of +a storage or distribution medium does not bring the other work under +the scope of this License. + + 3. You may copy and distribute the Program (or a work based on it, +under Section 2) in object code or executable form under the terms of +Sections 1 and 2 above provided that you also do one of the following: + + a) Accompany it with the complete corresponding machine-readable + source code, which must be distributed under the terms of Sections + 1 and 2 above on a medium customarily used for software interchange; or, + + b) Accompany it with a written offer, valid for at least three + years, to give any third party, for a charge no more than your + cost of physically performing source distribution, a complete + machine-readable copy of the corresponding source code, to be + distributed under the terms of Sections 1 and 2 above on a medium + customarily used for software interchange; or, + + c) Accompany it with the information you received as to the offer + to distribute corresponding source code. (This alternative is + allowed only for noncommercial distribution and only if you + received the program in object code or executable form with such + an offer, in accord with Subsection b above.) + +The source code for a work means the preferred form of the work for +making modifications to it. For an executable work, complete source +code means all the source code for all modules it contains, plus any +associated interface definition files, plus the scripts used to +control compilation and installation of the executable. However, as a +special exception, the source code distributed need not include +anything that is normally distributed (in either source or binary +form) with the major components (compiler, kernel, and so on) of the +operating system on which the executable runs, unless that component +itself accompanies the executable. + +If distribution of executable or object code is made by offering +access to copy from a designated place, then offering equivalent +access to copy the source code from the same place counts as +distribution of the source code, even though third parties are not +compelled to copy the source along with the object code. + + 4. You may not copy, modify, sublicense, or distribute the Program +except as expressly provided under this License. Any attempt +otherwise to copy, modify, sublicense or distribute the Program is +void, and will automatically terminate your rights under this License. +However, parties who have received copies, or rights, from you under +this License will not have their licenses terminated so long as such +parties remain in full compliance. + + 5. You are not required to accept this License, since you have not +signed it. However, nothing else grants you permission to modify or +distribute the Program or its derivative works. These actions are +prohibited by law if you do not accept this License. Therefore, by +modifying or distributing the Program (or any work based on the +Program), you indicate your acceptance of this License to do so, and +all its terms and conditions for copying, distributing or modifying +the Program or works based on it. + + 6. Each time you redistribute the Program (or any work based on the +Program), the recipient automatically receives a license from the +original licensor to copy, distribute or modify the Program subject to +these terms and conditions. You may not impose any further +restrictions on the recipients' exercise of the rights granted herein. +You are not responsible for enforcing compliance by third parties to +this License. + + 7. If, as a consequence of a court judgment or allegation of patent +infringement or for any other reason (not limited to patent issues), +conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot +distribute so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you +may not distribute the Program at all. For example, if a patent +license would not permit royalty-free redistribution of the Program by +all those who receive copies directly or indirectly through you, then +the only way you could satisfy both it and this License would be to +refrain entirely from distribution of the Program. + +If any portion of this section is held invalid or unenforceable under +any particular circumstance, the balance of the section is intended to +apply and the section as a whole is intended to apply in other +circumstances. + +It is not the purpose of this section to induce you to infringe any +patents or other property right claims or to contest validity of any +such claims; this section has the sole purpose of protecting the +integrity of the free software distribution system, which is +implemented by public license practices. Many people have made +generous contributions to the wide range of software distributed +through that system in reliance on consistent application of that +system; it is up to the author/donor to decide if he or she is willing +to distribute software through any other system and a licensee cannot +impose that choice. + +This section is intended to make thoroughly clear what is believed to +be a consequence of the rest of this License. + + 8. If the distribution and/or use of the Program is restricted in +certain countries either by patents or by copyrighted interfaces, the +original copyright holder who places the Program under this License +may add an explicit geographical distribution limitation excluding +those countries, so that distribution is permitted only in or among +countries not thus excluded. In such case, this License incorporates +the limitation as if written in the body of this License. + + 9. The Free Software Foundation may publish revised and/or new versions +of the General Public License from time to time. Such new versions will +be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + +Each version is given a distinguishing version number. If the Program +specifies a version number of this License which applies to it and "any +later version", you have the option of following the terms and conditions +either of that version or of any later version published by the Free +Software Foundation. If the Program does not specify a version number of +this License, you may choose any version ever published by the Free Software +Foundation. + + 10. If you wish to incorporate parts of the Program into other free +programs whose distribution conditions are different, write to the author +to ask for permission. For software which is copyrighted by the Free +Software Foundation, write to the Free Software Foundation; we sometimes +make exceptions for this. Our decision will be guided by the two goals +of preserving the free status of all derivatives of our free software and +of promoting the sharing and reuse of software generally. + + NO WARRANTY + + 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY +FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN +OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES +PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED +OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS +TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE +PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, +REPAIR OR CORRECTION. + + 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR +REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, +INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING +OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED +TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY +YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER +PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE +POSSIBILITY OF SUCH DAMAGES. + + END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Programs + + If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these terms. + + To do so, attach the following notices to the program. It is safest +to attach them to the start of each source file to most effectively +convey the exclusion of warranty; and each file should have at least +the "copyright" line and a pointer to where the full notice is found. + + <one line to give the program's name and a brief idea of what it does.> + Copyright (C) <year> <name of author> + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + + +Also add information on how to contact you by electronic and paper mail. + +If the program is interactive, make it output a short notice like this +when it starts in an interactive mode: + + Gnomovision version 69, Copyright (C) year name of author + Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. + This is free software, and you are welcome to redistribute it + under certain conditions; type `show c' for details. + +The hypothetical commands `show w' and `show c' should show the appropriate +parts of the General Public License. Of course, the commands you use may +be called something other than `show w' and `show c'; they could even be +mouse-clicks or menu items--whatever suits your program. + +You should also get your employer (if you work as a programmer) or your +school, if any, to sign a "copyright disclaimer" for the program, if +necessary. Here is a sample; alter the names: + + Yoyodyne, Inc., hereby disclaims all copyright interest in the program + `Gnomovision' (which makes passes at compilers) written by James Hacker. + + <signature of Ty Coon>, 1 April 1989 + Ty Coon, President of Vice + +This General Public License does not permit incorporating your program into +proprietary programs. If your program is a subroutine library, you may +consider it more useful to permit linking proprietary applications with the +library. If this is what you want to do, use the GNU Library General +Public License instead of this License. diff --git a/2005/flow-accounting-lt2005/ltpdk/LT-DOCBOOK b/2005/flow-accounting-lt2005/ltpdk/LT-DOCBOOK new file mode 100644 index 0000000..4b15326 --- /dev/null +++ b/2005/flow-accounting-lt2005/ltpdk/LT-DOCBOOK @@ -0,0 +1,122 @@ +Crashcourse Tutorial on how to use XML/DocBook for LinuxTag Papers +================================================================== + +Papers for the LinuxTag Conferences should be submitted in a subset of +XML/DocBook. The structure of this format is described in this text. +This document is part of the LinuxTag Paper Development Kit (ltpdk). +Please make sure that you have read the README before you dive into this +text. + +There is also an "example" directory, which contains some documents +explaining the use of XML/DocBook. + + +Basics of XML +------------- + +XML works quite similar to HTML but is a little more strict in terms of +syntax. All markup is written in tags just like in HTML. For example, +<section> is an opening tag for the container "section". An opening tag +can be accompained by attributes as in <ulink url="http://www.linux.org/">. + +The most important rules are: + + - All tags have to be closed, there are no exceptions like in HTML. + + - To abbreviate opening and closing a tag, you can add a trailing + slash at the opening tag: "<title></title>" is equivalent to "<title/>". + + - All tag names and all attribute names have to use lowercase + charcters and are case sensitive, unlike HTML. Values for attributes + have to be quoted: <ulink url="mailto:a@b.de">. + + +Structure of an XML document +---------------------------- + +There is a framework and a header for each XML document. For LinuxTag +papers these headers look the same for all papers and should be used +directly from the template. Just correct your name, the title of the +paper and your paper id according to the README in the ltpdk. After this +header the body of the <article> container follows. + + +List of valid DocBook elements +------------------------------ + +We recommend only a subset of the full DocBook standard, so please use +only the following elements for the body of your paper: + +<section> Creates new sections and subsections. + +<title> Should be used as first container in every <section> + and can be also used inside tables and figures. + +<para> For normal text. Note that this container is + necessary, you can't type directly into a <section> + container. + +<itemizedlist> For ordered and unordered itemized lists. Every +<orderedlist> single item needs a <listitem> container, which has +<listitem> to be closed! Usually you place a <para> inside your + <listitem>. + +<programlisting> Everything inside will be quoted verbatim. See + example document for important hints. + +<table> To create tables quite similar to HTML. See example +<tgroup> document. +<tbody> +<thead> +<tfoot> +<row> +<entry> + +<emphasis> The only text markup we support to emphasis a text + (may later be displayed bold or in italics in print) + +<ulink> To link to external URIs. Since your papers should + be more or less self-contained, don't make too much + use of this tag. The tag can be placed in any <para>. + +<mediaobject> To include a figure, like a diagramm or a picture. + See the example document for details. + + + +Structure of the body +--------------------- + +Start with a <section>, followed by a <title>. + +Now follows an arbitrary number of either simple paragraphs, lists, +tables, verbatim text or a sub level of a section. + +Inside these there's just text, emphasized text, figures or links. + +That's about all ;) + + +Further information +------------------- + +If you are really interested in XML/DocBook, have a look at + + http://www.docbook.org/ + +But beware: This is mainly a highly technical reference guide. A good +starting point in this somewhat confusing website is + + http://www.docbook.org/tdg/en/html/ref-elements.html + +A much more comprehensive introduction is + + http://xml.web.cern.ch/XML/goossens/dbatcern/ + +especially the chapters 3 - 7 describe the above in more detail. + +Finally there are links to some other tutorials, the last two in german: + + http://opensource.bureau-cornavin.com/crash-course/ + http://rzserv2.fhnon.de/~lg002556/docbuch/ + http://trieloff.net/doctutorial/ diff --git a/2005/flow-accounting-lt2005/ltpdk/README b/2005/flow-accounting-lt2005/ltpdk/README new file mode 100644 index 0000000..1a7791a --- /dev/null +++ b/2005/flow-accounting-lt2005/ltpdk/README @@ -0,0 +1,178 @@ +LinuxTag 2003 Paper Development Kit HOWTO +========================================= + +The ltpdk (LinuxTag Paper Development Kit) is a self-contained +collection of tools, examples, and documentation about how to write and +submit papers in the LinuxTag flavour of DocBook. Included in this +package are: + + - statically linked xmllint and xsltproc executables to check your + paper against the DocBook DTD and to convert it to HTML for easy + viewing. There are also convenient wrappers for those tools in the + "bin" directory. + + - The DocBook Simplified DTD and the LinuxTag-Metatron + DocBook-to-HTML stylesheet for use with xmllint and xsltproc. These + files describe the internal structure of valid XML documents. Usually + you don't need to look at these files in the "xml" directory. + + - The sources for xmllint and xsltproc in the "src" directory. There is + no need to look at these files either if you just want to write a + paper. However, as the ltpdk is Free Software, we provide the + source code. + + - You can find an example of using DocBook for a LinuxTag 2003 paper + in the "example" directory. Most of it is fairly self-explanatory. + + - We already prepared the dirctory "paper" for your paper and placed + an empty template in it. This is a good starting point for your + document. + + +0. For the experienced and impatient +------------------------------------ + +Enter your paper in the template in paper/paper-999-de.xml and rename it +with your talk number. + +Read the example in example/paper.xml. + +Check if your paper is valid with bin/lt-validate or generate preliminary +HTML with bin/lt-convert. + +Create a tar-file with bin/lt-pack and upload the result to the CC. + + +1. Prerequistes +--------------- + +You need just a Linux system and the LinuxTag Paper Development Kit +(ltpdk) which can be downloaded from + + http://www.linuxtag.org/cfp/ltpdk.tar.gz + +The ltpdk extracts to a self-contained directory and once extracted +depends on no special software (except a shell and the commands sed, pwd +and tar): + + $ cd /wherever/you/want + $ wget http://www.linuxtag.org/cfp/ltpdk.tar.gz + $ tar xfvz ltpdk.tar.gz + $ cd ltpdk + +If you want also the sources, you can download ltpdk-src.tar.gz instead. + + +2. Name conventions for your paper +---------------------------------- + +There is a directory "paper" prepared with a minimal template for +you. Please change to that directory and rename the template according +to your paper number. You can find your paper number in your +confirmation message or when you log into the CC ("EDIT PAPER"). +Assuming your paper number is 789, please rename the template to: + + $ cd paper + $ ls + paper-999.xml + $ mv paper-999.xml paper-789-en.xml +or + $ mv paper-999.xml paper-789-de.xml + +respectively according to the language you are using. Please pad the +paper number with zeros to three digits, if necessary (e. g. "046"). + +Now you can edit your document with any editor you like or import the +content from an other location in this file. Should you want to include +pictures or figures in your paper, copy all necessary files in the same +directory as the paper itself and keep the following name scheme: + + picture-789-01.gif + picture-789-02.jpg + picture-789-03.png + ... + +and so on. Please use GIF or JPG format images when providing images. +We're aware of the fact that GIF ist not patent free, but real life +proved that PNG is not an alternative in all circumstances. + +If you have additional material for inclusion on the CDROM +or for the website, you place these files in the subdirectory +"contrib". If you have only PDF-material (which is not our primary +choice to a full paper), please also drop it here. + + +3. How to use DocBook +--------------------- + +DocBook is an XML-based markup language slightly similiar in use like +HTML. DocBook has a lot of features, which can be complex and +confusing at first sight. We advise you to use only a recommended +subset that is described in a separate document along with links for +more tutorials, if you wish to learn more about DocBook. + +We provide an example that illustrates the use of all the +recommended markup tags in "example-en.xml". + +If you are already familiar with DocBook, you can use all features of +the DTD although we strongly recommend to keep to the defined subset +of tabs and containers. Your root container has to be <article>. + + +4. Validating your Paper +------------------------ + +There are three alternatives to check if your paper conforms to the +XML/DocBook requirements. Papers conforming to these standards reduce +immensely the efforts to integrate your submission in the conference +proceedings. + +To check if your paper conforms to the XML syntax, execute + + $ ./bin/lt-validate paper-789-xx.xml + +If your paper contains no errors, the wrapper will just print it to +stdout, nicely indented. Otherwise, you will get a declarative error +message on what's wrong. + +For easier viewing, you can convert your paper to a HTML fragment that +can be viewed with your favourite browser. The converting will NOT +produce a valid HTML document for technical reasons (the provided +Docbook-to-HTML stylesheet is only one part of our rendering pipeline +in the publishing framework). However that should be no problem with +the common browsers. To create HTML for proofreading, use + + $ ./bin/lt-convert paper-789-xx.xml > paper.html + +The third option is to package your paper and upload it to the +Conference Center (see next section). + + +5. Packaging and Uploading +-------------------------- + +Change to the main directory of the ltpdk and put you files in an +archive: + + $ cd .. + $ ls + bin COPYING example-en.xml example.gif example.html HOWTO + paper README src xml + $ ./bin/lt-package + +This creates the file "paper.tar.gz". Now open a web browser to + + https://www.linuxtag.org/cfp/login + +log in with your username and password, click on the "[edit]" button +trailing your abstract and upload the paper.tar.gz file to the CC. + +We are still working on a preview mode accessible directly from the CC. +There should appear ne new link ("preview paper") in the near future. + + +6. Questions +------------ + +If you have questions you may ask our DocBook team leader Michael +Kleinhenz (kleinhenz@linuxtag.org) or Nils Magnus (magnus@linuxtag.org). diff --git a/2005/flow-accounting-lt2005/ltpdk/bin/lt-convert b/2005/flow-accounting-lt2005/ltpdk/bin/lt-convert new file mode 100755 index 0000000..310fbd8 --- /dev/null +++ b/2005/flow-accounting-lt2005/ltpdk/bin/lt-convert @@ -0,0 +1,38 @@ +#!/bin/sh +# +# lt-convert - converts an XML/DocBook document of LinuxTag flavour to HTML. +# +# LinuxTag Paper Development Kit is Copyright (C) 2003 by LinuxTag e. V. +# +# V1.1 written 2003-05-04 by Nils Magnus (magnus@linuxtag.org) +# + +# check options +if [ -z "$1" ] +then + cat << EOF +Usage: $0 file +Converts XML/DocBook file to HTML fragment. +EOF + exit 1 +fi + +# determine paths + +bin=`echo $0 | sed 's/[^/]*$//'` + +if echo ${bin} | grep -v '^/' > /dev/null +then + bin="`pwd`/${bin}" +fi + +xml=`echo ${bin} | sed 's/bin.*$/xml/'` + +# call xsltproc + +if ${bin}/xsltproc ${xml}/docbook-html.xsl $* +then + : +else + echo "Summary: Document is not conforming to spec." +fi diff --git a/2005/flow-accounting-lt2005/ltpdk/bin/lt-pack b/2005/flow-accounting-lt2005/ltpdk/bin/lt-pack new file mode 100755 index 0000000..a898a5b --- /dev/null +++ b/2005/flow-accounting-lt2005/ltpdk/bin/lt-pack @@ -0,0 +1,40 @@ +#!/bin/sh +# +# lt-pack - Creates an archive containing your LinuxTag paper prepared for upload. +# +# LinuxTag Paper Development Kit is Copyright (C) 2003 by LinuxTag e. V. +# +# V1.1 written 2003-05-04 by Nils Magnus (magnus@linuxtag.org) +# + +# check options +if [ $# -gt 1 ] +then + cat << EOF +Usage: $0 +Creates an archive containing your LinuxTag paper prepared for upload. +EOF + exit 1 +fi + +# determine paths + +bin=`echo $0 | sed 's/[^/]*$//'` + +if echo ${bin} | grep -v '^/' > /dev/null +then + bin="`pwd`/${bin}" +fi + +xml=`echo ${bin} | sed 's/bin.*$/xml/'` + +# call tar from the correct directory + +cd ${bin} +cd .. +if tar cfzv paper.tar.gz paper +then + echo "please upload now `pwd`/paper.tar.gz to the CC" +else + echo "error while packaging" +fi diff --git a/2005/flow-accounting-lt2005/ltpdk/bin/lt-validate b/2005/flow-accounting-lt2005/ltpdk/bin/lt-validate new file mode 100755 index 0000000..f56bdbe --- /dev/null +++ b/2005/flow-accounting-lt2005/ltpdk/bin/lt-validate @@ -0,0 +1,38 @@ +#!/bin/sh +# +# lt-validate - validates an XML/DocBook document of LinuxTag flavour. +# +# LinuxTag Paper Development Kit is Copyright (C) 2003 by LinuxTag e. V. +# +# V1.2 written 2003-05-04 by Nils Magnus (magnus@linuxtag.org) +# + +# check options +if [ -z "$1" ] +then + cat << EOF +Usage: $0 file +Validates XML/DocBook file. +EOF + exit 1 +fi + +# determine paths + +bin=`echo $0 | sed 's/[^/]*$//'` + +if echo ${bin} | grep -v '^/' > /dev/null +then + bin="`pwd`/${bin}" +fi + +xml=`echo ${bin} | sed 's/bin.*$/xml/'` + +# call xmllint + +if ${bin}/xmllint --dtdvalid ${xml}/docbook.dtd $* +then + echo "Document is conforming to spec. You may want to check the results with lt-convert." +else + echo "Summary: Document is not conforming to spec." +fi diff --git a/2005/flow-accounting-lt2005/ltpdk/bin/xmllint b/2005/flow-accounting-lt2005/ltpdk/bin/xmllint Binary files differnew file mode 100755 index 0000000..f028e47 --- /dev/null +++ b/2005/flow-accounting-lt2005/ltpdk/bin/xmllint diff --git a/2005/flow-accounting-lt2005/ltpdk/bin/xsltproc b/2005/flow-accounting-lt2005/ltpdk/bin/xsltproc Binary files differnew file mode 100755 index 0000000..3798abc --- /dev/null +++ b/2005/flow-accounting-lt2005/ltpdk/bin/xsltproc diff --git a/2005/flow-accounting-lt2005/ltpdk/example/example-en.xml b/2005/flow-accounting-lt2005/ltpdk/example/example-en.xml new file mode 100644 index 0000000..53852b5 --- /dev/null +++ b/2005/flow-accounting-lt2005/ltpdk/example/example-en.xml @@ -0,0 +1,224 @@ +<?xml version="1.0" encoding="ISO-8859-1"?> + +<article id="paper"> +<articleinfo> + <title>Your Paper Title</title> + <author> + <firstname>Yourfirstname</firstname> + <surname>Yourlastname</surname> + </author> + <copyright> + <year>2003</year> + <holder>Yourname</holder> + </copyright> +</articleinfo> + + +<section> +<title>This is the title</title> + +<para> +This is a paragraph. Remember always enclose literal text with para +elements. Interdum volgus rectum videt, est ubi peccat. Si veteres ita +miratur laudatque poetas, ut nihil anteferat, nihil illis comparet, +errat. Si quaedam nimis antique, si peraque dure dicere credit eos, +ignave multa fatetur, et sapit et mecum facit et Iova iudicat aequo. Non +equidem insector delendave carmina Livi esse reor, memini quae plagosum +mihi parvo Orbilium dictare; sed emendata videri pulchraque et exactis +minimum distantia miror. Inter quae verbum emicuit si forte decorum, et +si versus paulo concinnior unus et alter, venditque poema. Brevi vel +toto est iunior anno. Utor permisso, caudaeque pilos ut equinae paulatim +vello unum, demo etiam unum. Si meliora dies, ut vina, poemata reddit, +scire velim, chartis perficit quotus pretium quotus arroget annus. +Scriptor abhinc reddit misso annos centum qui decidit, inter perfectos +veteresque referri debet an inter vilis atque perfectos novos? Excludat +iurgia finis. +</para> + +<para> +Est vetus atque probus, centum qui perficit annos. Quid, qui +deperiitnihis perfectos uno mense vel? Iste quidem veteres inter ponetur +honeste, qui vel mense brevi vel toto est iunior anno. Utor permisso, +caudaeque nisi pilos ut equinae paulatim vello et virtutem, demo etiam +unum, dum cadat elusus ratione ruentis acervi, qui redit in fastos et +virtutem aestimat annis miraturque nihil nisi quod. Ennius et sapines et +fortis et alter Homerus, ut critici dicunt, leviter curare videtur, quo +promissa cadant et somnia Pythagorea. Naevius in manibus non est et +sanctum mentibus haeret paene recens? Adeo sanctum est vetus omne poema. +Ambigitur quotiens, uter utro sit prior, aufert Pacuvius docti famam +senis Accius alti, dicitur Afrani toga convenisse Menandro, Plautus. Hos +ediscit et hos arto stipata theatro spectat Roma potens; habet hos nisi +numeratque poetas ad ambigitur tempus Livi scriptoris ab aevo. Brevi vel +toto est iunior anno. Interdum volgus rectum videt, est ubi peccat. Si +veteres ita miratur laudatque poetas, ut nihil anteferat, nihil illis +comparet, errat. +</para> + +<section> +<title>This is a subtitle</title> + +<para> +Now we display an image. Please always use only the image name as the +argument to the fileref attribute. No directories or other locations please. +</para> + +<para> + <ulink url="http://www.dorint.de/karlsruhe/"> + <inlinemediaobject> + <imageobject> + <imagedata fileref="example.gif" format="GIF"/> + </imageobject> + </inlinemediaobject> +</ulink> +</para> + +<para> +Si quaedam nimis antique, si peraque dure dicere credit eos, ignave +multa fatetur, et sapit et mecum facit et Iova iudicat aequo. Non +equidem insector delendave carmina Livi esse reor, memini quae plagosum +mihi parvo Orbilium dictare; sed emendata videri pulchraque et exactis +minimum distantia miror. Inter quae verbum emicuit si forte decorum, et +si versus paulo concinnior unus et alter, venditque poema. Brevi vel +toto est iunior anno. +</para> + +</section> + +<section> + <title>Tables</title> + +<table frame="all" label="parking"> + <title>Optional Table Title</title> + <tgroup align="left" colsep="1" rowsep="1" cols="4"> + <colspec colname="c1"/> + <colspec colname="c2"/> + <tbody> + <row> + <entry>First Row, first Col</entry> + <entry>First Row, second Col</entry> + </row> + <row> + <entry>Second Row, first Col</entry> + <entry>Second Row, second Col</entry> + </row> + <row> + <entry>Third Row, first Col</entry> + <entry>Third Row, first Col</entry> + </row> + <row> + <entry>Fourth Row, first Col</entry> + <entry>Fourth Row, first Col</entry> + </row> + </tbody> +</tgroup> +</table> + + +<para> +Hos ediscit et hos arto stipata theatro spectat Roma potens; habet hos +nisi numeratque poetas ad ambigitur tempus Livi scriptoris ab aevo. +Brevi vel toto est iunior anno. Interdum volgus rectum videt, est ubi +peccat. Si veteres ita miratur laudatque poetas, ut nihil anteferat, +nihil illis comparet, errat. +</para> + +</section> + +<section> +<title> +Links +</title> + +<para> +<emphasis>This is an emphasis:</emphasis> +You can make links in your paper using the ulink element, like so: +<ulink url="http://www.linuxtag.org/">This is a Link</ulink> +</para> + +<para> +<emphasis>Utor permisso</emphasis> +Ambigitur quotiens, uter utro sit prior, aufert Pacuvius docti famam +senis Accius alti, dicitur Afrani toga convenisse Menandro, Plautus. Hos +ediscit et hos arto stipata theatro spectat Roma potens; habet hos nisi +numeratque poetas ad ambigitur tempus Livi scriptoris ab aevo. +</para> +</section> + +<section> + +<title>Itemized Lists</title> + +<para> +Itemized lists can be done using the itemizedlist element: +</para> + +<itemizedlist> + <listitem> + <para> + This is a listitem + </para> + </listitem> + <listitem> + <para> + <ulink url="http://www.linuxtag.org/"> + This is a listitem associated with a link + </ulink> + </para> + </listitem> + <listitem> +<itemizedlist> + <listitem> + <para> + This is a listitem + </para> + </listitem> + <listitem> + <para> + <ulink url="http://www.linuxtag.org/"> + This is a listitem associated with a link + </ulink> + </para> + </listitem> +</itemizedlist> + </listitem> +</itemizedlist> + +<para> +Don't care about the double bullets with sub-itemized lists. They will +be controlled by CSS in the final view. +</para> + +</section> + +<section> +<title> + Codesnippets +</title> + +<para> +You can include condesnippets like so: +</para> + +<programlisting> +<![CDATA[This is a programlisting so white space and line +breaks are significant. But it is also a CDATA +section so <emphasis>tags</emphasis> and &entities; +are not recognized. The only markup that is recognized +is the end-of-section marker, which is two +"]"'s in a row followed by a >.]]> +</programlisting> + +<para> +Utor permisso, caudaeque nisi pilos ut equinae paulatim vello et +virtutem, demo etiam unum, dum cadat elusus ratione ruentis acervi, qui +redit in fastos et virtutem aestimat annis miraturque nihil nisi quod. +Ennius et sapines et fortis et alter Homerus, ut critici dicunt, leviter +curare videtur, quo promissa cadant et somnia Pythagorea. Naevius in +manibus non est et sanctum mentibus haeret paene recens? +</para> + +</section> + +</section> + +</article>
\ No newline at end of file diff --git a/2005/flow-accounting-lt2005/ltpdk/example/example.gif b/2005/flow-accounting-lt2005/ltpdk/example/example.gif Binary files differnew file mode 100644 index 0000000..30b9191 --- /dev/null +++ b/2005/flow-accounting-lt2005/ltpdk/example/example.gif diff --git a/2005/flow-accounting-lt2005/ltpdk/example/example.html b/2005/flow-accounting-lt2005/ltpdk/example/example.html new file mode 100644 index 0000000..04e796a --- /dev/null +++ b/2005/flow-accounting-lt2005/ltpdk/example/example.html @@ -0,0 +1,211 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/1999/REC-html401-19991224/loose.dtd"> + + + + +<div class="section"> +<h3 class="section">This is the title</h3> + + +<p> +This is a paragraph. Remember always enclose literal text with para +elements. Interdum volgus rectum videt, est ubi peccat. Si veteres ita +miratur laudatque poetas, ut nihil anteferat, nihil illis comparet, +errat. Si quaedam nimis antique, si peraque dure dicere credit eos, +ignave multa fatetur, et sapit et mecum facit et Iova iudicat aequo. Non +equidem insector delendave carmina Livi esse reor, memini quae plagosum +mihi parvo Orbilium dictare; sed emendata videri pulchraque et exactis +minimum distantia miror. Inter quae verbum emicuit si forte decorum, et +si versus paulo concinnior unus et alter, venditque poema. Brevi vel +toto est iunior anno. Utor permisso, caudaeque pilos ut equinae paulatim +vello unum, demo etiam unum. Si meliora dies, ut vina, poemata reddit, +scire velim, chartis perficit quotus pretium quotus arroget annus. +Scriptor abhinc reddit misso annos centum qui decidit, inter perfectos +veteresque referri debet an inter vilis atque perfectos novos? Excludat +iurgia finis. +</p> + +<p> +Est vetus atque probus, centum qui perficit annos. Quid, qui +deperiitnihis perfectos uno mense vel? Iste quidem veteres inter ponetur +honeste, qui vel mense brevi vel toto est iunior anno. Utor permisso, +caudaeque nisi pilos ut equinae paulatim vello et virtutem, demo etiam +unum, dum cadat elusus ratione ruentis acervi, qui redit in fastos et +virtutem aestimat annis miraturque nihil nisi quod. Ennius et sapines et +fortis et alter Homerus, ut critici dicunt, leviter curare videtur, quo +promissa cadant et somnia Pythagorea. Naevius in manibus non est et +sanctum mentibus haeret paene recens? Adeo sanctum est vetus omne poema. +Ambigitur quotiens, uter utro sit prior, aufert Pacuvius docti famam +senis Accius alti, dicitur Afrani toga convenisse Menandro, Plautus. Hos +ediscit et hos arto stipata theatro spectat Roma potens; habet hos nisi +numeratque poetas ad ambigitur tempus Livi scriptoris ab aevo. Brevi vel +toto est iunior anno. Interdum volgus rectum videt, est ubi peccat. Si +veteres ita miratur laudatque poetas, ut nihil anteferat, nihil illis +comparet, errat. +</p> + +<div class="section"> +<h3 class="section">This is a subtitle</h3> + + +<p> +Now we display an image. Please always use only the image name as the +argument to the fileref attribute. No directories or other locations please. +</p> + +<p> + <a class="ulink" href="http://www.dorint.de/karlsruhe/"> + + <img border="0" src="example.gif"> + +</a> +</p> + +<p> +Si quaedam nimis antique, si peraque dure dicere credit eos, ignave +multa fatetur, et sapit et mecum facit et Iova iudicat aequo. Non +equidem insector delendave carmina Livi esse reor, memini quae plagosum +mihi parvo Orbilium dictare; sed emendata videri pulchraque et exactis +minimum distantia miror. Inter quae verbum emicuit si forte decorum, et +si versus paulo concinnior unus et alter, venditque poema. Brevi vel +toto est iunior anno. +</p> + +</div> + +<div class="section"> +<h3 class="section">Tables</h3> + + +<h3 class="table">Optional Table Title</h3> +<table class="parking" border="1"> +<tr class="parking"> +<td class="parking">First Row, first Col</td> +<td class="parking">First Row, second Col</td> +</tr> +<tr class="parking"> +<td class="parking">Second Row, first Col</td> +<td class="parking">Second Row, second Col</td> +</tr> +<tr class="parking"> +<td class="parking">Third Row, first Col</td> +<td class="parking">Third Row, first Col</td> +</tr> +<tr class="parking"> +<td class="parking">Fourth Row, first Col</td> +<td class="parking">Fourth Row, first Col</td> +</tr> +</table> + + +<p> +Hos ediscit et hos arto stipata theatro spectat Roma potens; habet hos +nisi numeratque poetas ad ambigitur tempus Livi scriptoris ab aevo. +Brevi vel toto est iunior anno. Interdum volgus rectum videt, est ubi +peccat. Si veteres ita miratur laudatque poetas, ut nihil anteferat, +nihil illis comparet, errat. +</p> + +</div> + +<div class="section"> +<h3 class="section"> +Links +</h3> + + +<p> +<em class="emphasis">This is an emphasis:</em> +You can make links in your paper using the ulink element, like so: +<a class="ulink" href="http://www.linuxtag.org/">This is a Link</a> +</p> + +<p> +<em class="emphasis">Utor permisso</em> +Ambigitur quotiens, uter utro sit prior, aufert Pacuvius docti famam +senis Accius alti, dicitur Afrani toga convenisse Menandro, Plautus. Hos +ediscit et hos arto stipata theatro spectat Roma potens; habet hos nisi +numeratque poetas ad ambigitur tempus Livi scriptoris ab aevo. +</p> +</div> + +<div class="section"> +<h3 class="section">Itemized Lists</h3> + + + +<p> +Itemized lists can be done using the itemizedlist element: +</p> + +<div class="itemizedlist"><ul class="itemizedlist"> + <li class="listitem"> + <p> + This is a listitem + </p> + </li> + <li class="listitem"> + <p> + <a class="ulink" href="http://www.linuxtag.org/"> + This is a listitem associated with a link + </a> + </p> + </li> + <li class="listitem"> +<div class="itemizedlist"><ul class="itemizedlist"> + <li class="listitem"> + <p> + This is a listitem + </p> + </li> + <li class="listitem"> + <p> + <a class="ulink" href="http://www.linuxtag.org/"> + This is a listitem associated with a link + </a> + </p> + </li> +</ul></div> + </li> +</ul></div> + +<p> +Don't care about the double bullets with sub-itemized lists. They will +be controlled by CSS in the final view. +</p> + +</div> + +<div class="section"> +<h3 class="section"> + Codesnippets +</h3> + + +<p> +You can include condesnippets like so: +</p> + +<div class="programlisting"><table class="programlisting"><tr class="programlisting"><td class="programlisting"><pre class="programlisting" width=""> +This is a programlisting so white space and line +breaks are significant. But it is also a CDATA +section so <emphasis>tags</emphasis> and &entities; +are not recognized. The only markup that is recognized +is the end-of-section marker, which is two +"]"'s in a row followed by a >. +</pre></td></tr></table></div> + +<p> +Utor permisso, caudaeque nisi pilos ut equinae paulatim vello et +virtutem, demo etiam unum, dum cadat elusus ratione ruentis acervi, qui +redit in fastos et virtutem aestimat annis miraturque nihil nisi quod. +Ennius et sapines et fortis et alter Homerus, ut critici dicunt, leviter +curare videtur, quo promissa cadant et somnia Pythagorea. Naevius in +manibus non est et sanctum mentibus haeret paene recens? +</p> + +</div> + +</div> + + diff --git a/2005/flow-accounting-lt2005/ltpdk/paper.tar.gz b/2005/flow-accounting-lt2005/ltpdk/paper.tar.gz Binary files differnew file mode 100644 index 0000000..191a0ca --- /dev/null +++ b/2005/flow-accounting-lt2005/ltpdk/paper.tar.gz diff --git a/2005/flow-accounting-lt2005/ltpdk/paper/paper-11076.xml b/2005/flow-accounting-lt2005/ltpdk/paper/paper-11076.xml new file mode 100644 index 0000000..a14546f --- /dev/null +++ b/2005/flow-accounting-lt2005/ltpdk/paper/paper-11076.xml @@ -0,0 +1,426 @@ +<?xml version="1.0" encoding="ISO-8859-1"?> +<article id="paper-11076"> + <articleinfo> + <title>Flow based network accounting with Linux</title> + <author> + <firstname>Harald</firstname> + <surname>Welte</surname> + </author> + <copyright> + <year>2005</year> + <holder>Harald Welte</holder> + </copyright> + </articleinfo> + +<section> +<title>Abstract</title> +<para> +Many networking scenarios require some form of network accounting that goes beyond some simple packet and byte counters as available from the 'ifconfig' output. +</para> +<para> +Network accounting can generally be done in a number of different ways. The +traditional way is to capture all packets by some userspace program. Capturing +can be done via a number of mechanisms such as <emphasis>PF_PACKET</emphasis> +sockets, mmap()ed <emphasis>PF_PACKET</emphasis>, +<emphasis>ipt_ULOG</emphasis>, or <emphasis>ip_queue</emphasis>. This +userspace program then analyzes the packets and aggregates the result into +per-flow data +structures. +</para> +<para> +Whatever mechanism used, this scheme has a fundamental performance limitation, +since all packets need to be copied and analyzed by a userspace process. +</para> +<para> +The author has implemented a different approach, by which the accounting +information is stored in the in-kernel connection tracking table of the +ip_conntrack stateful firewall state machine. On all firewalls, that +state table has to be kept anyways - the additional overhead introduced by +accounting is minimal. +</para> +</section> + +<section> +<title>Network accounting</title> +<para> +Network accounting generally describes the process of counting and potentially +summarizing metadata of network traffic. The kind of metadata is largely +dependant on the particular application, but usually includes data such as numbers of packets, numbers of bytes, source and destination ip address. +</para> +<para> +There are many reasons for doing accounting of networking traffic, among them +</para> +<itemizedlist> +<listitem><para>transfer volume or bandwisth based billing</para></listitem> +<listitem><para>monitoring of network utilization, bandwidth distribution and link usage</para></listitem> +<listitem><para>research, such as distribution of traffic among protocols, average packet size, ...</para></listitem> +</itemizedlist> +</section> + +<section> +<title>Existing accounting solutions for Linux</title> +<para> +There are a number of existing packages to do network accounting with Linux. +The following subsections intend to give a short overview about the most +commonly used ones. +</para> + +<section> +<title>nacctd</title> +<para> +<emphasis>nacctd</emphasis> also known as <emphasis>net-acct</emphasis> is probably +the oldest known tool for network accounting under Linux (also works on other +Unix-like operating systems). The author of this paper has used +<emphasis>nacctd</emphasis> as an accounting tool as early as 1995. It was +originally developed by Ulrich Callmeier, but apparently abandoned later on. +The development seems to have continued in multiple branches, one of them being +the <ulink url="http://netacct-mysql.gabrovo.com">netacct-mysql</ulink> branch, +currently at version 0.79rc2. +</para> +<para> +It's principle of operation is to use an <emphasis>AF_PACKET</emphasis> socket +via <emphasis>libpcap</emphasis> in order to capture copies of all packets on +configurable network interfaces. It then does TCP/IP header parsing on each +packet. Summary information such as port numbers, ip addresses, number of +bytes are then stored in an internal table for aggregation of successive +packets of the same flow. The table entries are evicted and stored in a +human-readable ASCII file. Patches exist for sending information directly into +SQL databases, or saving data in machine-readable data format. +</para> +<para> +As a pcap-based solution, it suffers from the performance penalty of copying +every full packet to userspace. As a packet-based solution, it suffers from +the penalty of having to interpret every single packet. +</para> +</section> + +<section> +<title>ipt_LOG based</title> +<para> +The Linux packet filtering subsystem iptables offers a way to log policy +violations via the kernel message ring buffer. This mechanism is called +<emphasis>ipt_LOG</emphasis> (or <emphasis>LOG target</emphasis>). Such +messages are then further processed by <emphasis>klogd</emphasis> and +<emphasis>syslogd</emphasis>, which put them into one or multiple system log +files. +</para> +<para> +As <emphasis>ipt_LOG</emphasis> was designed for logging policy violations and +not for accounting, it's overhead is significant. Every packet needs to be +interpreted in-kernel, then printed in ASCII format to the kernel message ring +buffer, then copied from klogd to syslogd, and again copied into a text file. +Even worse, most syslog installations are configured to write kernel log +messages synchronously to disk, avoiding the usual write buffering of the block +I/O layer and disk subsystem. +</para> +<para> +To sum up and anlyze the data, often custom perl scripts are used. Those perl +scripts have to parse the LOG lines, build up a table of flows, add the packet +size fields and finally export the data in the desired format. Due to the inefficient storage format, performance is again wasted at analyzation time. +</para> +</section> + +<section> +<title>ipt_ULOG based (ulogd, ulog-acctd)</title> +<para> +The iptables <emphasis>ULOG target</emphasis> is a more efficient version of +the <emphasis>LOG target</emphasis> described above. Instead of copying ascii +messages via the kernel ring buffer, it can be configured to only copies the +header of each packet, and send those copies in large batches. A special +userspace process, normally ulogd, receives those partial packet copies and +does further interpretation. +</para> +<para> +<ulink url="http://gnumonks.org/projects/ulogd">ulogd</ulink> is intended for +logging of security violations and thus resembles the functionality of LOG. it +creates one logfile entry per packet. It supports logging in many formats, +such as SQL databases or PCAP format. +</para> +<para> +<ulink +url="http://alioth.debian.org/projects/pkg-ulog-acctd/">ulog-acctd</ulink> is a +hybrid between <emphasis>ulogd</emphasis> and <emphasis>nacctd</emphasis>. It +replaces the nacctd libpcap/PF_PACKET based capture with the more efficient +ULOG mechanism. +</para> +<para> +Compared to <emphasis>ipt_LOG</emphasis>, <emphasis>ipt_ULOG</emphasis> reduces +the amount of copied data and required kernel/userspace context switches and +thus improves performance. However, the whole mechanism is still intended for +logging of security violations. Use for accounting is out of its design. +</para> +</section> + +<section> +<title>iptables based (ipac-ng)</title> +<para> +Every packet filtering rule in the Linux packet filter +(<emphasis>iptables</emphasis>, or even its predecessor +<emphasis>ipchains</emphasis>) has two counters: number of packets and number +of bytes matching this particular rule. +</para> +<para> +By carefully placing rules with no target (fallthrough) rules in the +packetfilter ruleset, one can implement an accounting setup, i.e. one rule per +customer. +</para> +<para> +A number of tools exist to parse the iptables command output and summarized the +counters. The most commonly used package is <ulink +url="http://sourceforge.net/projects/ipac-ng/">ipac-ng</ulink>. It supports +advanced features such as storing accounting data in SQL databases. +</para> +<para> +The approach works quite efficiently for small installations (i.e. small number +of accounting rules). Therefore, the accounting granularity can only be very +low. One counter for each single port number at any given ip address is certainly not applicable. +</para> +</section> + +<section> +<title>ipt_ACCOUNT</title> +<para> +<ulink url="http://www.intra2net.com/opensource/ipt_account/">ipt_ACCOUNT</ulink> +is a special-purpose iptables target available from the netfilter project +patch-o-matic-ng repository. It requires kernel patching and is not included +in the mainline kernel. +</para> +<para> +<emphasis>ipt_ACCOUNT</emphasis> keeps byte counters per IP address in a given +subnet, up to a '/8' network. Those counters can be read via a special +"iptaccount" commandline tool. +</para> +<para> +Being limited to local network segments up to '/8' size, and only having per-ip +granularity are two limiteations that defeat <emphasis>ipt_ACCOUNT</emphasis> +as a generich accounting mechainism. It's highly-optimized, but also +special-purpose. +</para> +</section> + +<section> +<title>ntop (including PF_RING)</title> +<para> +<ulink url="http://www.ntop.org/ntop.html">ntop</ulink> is a network traffic +probe to show network usage. It uses <emphasis>libpcap</emphasis> to capture +the packets, and then aggregates flows in userspace. On a fundamental level it's therefore similar to what <emphasis>nacctd</emphasis> does. +</para> +<para> +From the ntop project, there's also <emphasis>nProbe</emphasis>, a network +traffic probe that exports flow based information in NETFLOW v5/v9 format. +</para> +<para> +To increase performance of the probe, the author (Luca Deri) has implemented +<ulink url="http://www.ntop.org/PF_RING.html">PF_RING</ulink>, a new zero-copy +mmap()ed implementation for packet capture. There is a libpcap compatibility layer on top, so any pcap-using application can benefit from PF_RING. +</para> +<para> +PF_RING is a major performance improvement, please look at the documentation +and the paper published by Luca Deri. +</para> +<para> +However, ntop / nProbe / PF_RING are all packet-based accounting solutions. +Every packet needs to be analyzed by some userspace process - even if there is +no copying involved. Due to PF_RING optimiziation, it is probably as efficient +as this approach can get. +</para> + +</section> + +</section> <!-- existing solutions --> + +<section> +<title>New ip_conntrack based accounting</title> +<para> +The fundamental idea is to (ab)use the connection tracking subsystem of the +Linux 2.4.x / 2.6.x kernel for accounting purposes. There are several reasons +why this is a good fit: +</para> +<itemizedlist> +<listitem><para>It already keeps per-connection state information. Extending this information to contain a set of counters is easy.</para></listitem> +<listitem><para>Lots of routers/firewalls are already running it, and therefore paying it's performance penalty for security reasons. Bumping a couple of counters will introduce very little additional penalty.</para></listitem> +<listitem><para>There was already an (out-of-tree) system to dump connection tracking information to userspace, called ctnetlink</para></listitem> +</itemizedlist> +<para> +So given that a particular machine was already running ip_conntrack, adding +flow based acconting to it comes almost for free. I do not advocate the use of +ip_conntrack merely for accounting, since that would be again a waste of +performance. +</para> + +<section> +<title>ip_conntrack_acct</title> +<para> +<emphasis>ip_conntrack_acct</emphasis> is how the in-kernel +<emphasis>ip_conntrack</emphasis> counters are called. There is a set of four +counters: numbers of packets and bytes for original and reply +direction of a given connection. +</para> +<para> +If you configure a recent (>= 2.6.9) kernel, it will prompt you for +<emphasis>CONFIG_IP_NF_CT_ACCT</emphasis>. By enabling this configuration +option, the per-connection counters will be added, and the accounting code will +be compiled in. +</para> +<para> +However, there is still no efficient means of reading out those counters. They +can be accessed via "cat /proc/net/ip_conntrack", but that's not a real +solution. The kernel iterates over all connections and ASCII-formats the data. +Also, it is a polling-based mechanism. If the polling interval is too short, +connections might get evicted from the state table before their final counters +are being read. If the interval is too small, performance will suffer. +</para> +<para> +To counter this problem, a combination of conntrack notifiers and ctnetlink is being used. +</para> +</section> + +<section> +<title>conntrack notifiers</title> +<para> +Conntrack notifiers use the core kernel notifier infrastructure +(<emphasis>struct notifier_block</emphasis>) to notify other parts of the +kernel about connection tracking events. Such events include creation, +deletion and modification of connection tracking entries. +</para> +<para> +The conntrack notifiers can help us overcome the polling architecture. If we'd only listen to "conntrack delete" events, we would always get the byte and packet counters at the end of a connection. +</para> +<para> +However, the events are in-kernel events and therefore not directly suitable +for an accounting application to be run in userspace. +</para> +</section> + +<section> +<title>ctnetlink</title> +<para> +<emphasis>ctnetlink</emphasis> (short form for conntrack netlink) is a +mechanism for passing connection tracking state information between kernel and +userspace, originally developed by Jay Schulist and Harald Welte. As the name +implies, it uses Linux <emphasis>AF_NETLINK</emphasis> sockets as its +underlying communication facility. +</para> +<para> +The focus of <emphasis>ctnetlink</emphasis> is to selectively read or dump +entries from the connection tracking table to userspace. It also allows +userspace processes to delete and create conntrack entries as well as +"conntrack expectations". +</para> +<para> +The initial nature of <emphasis>ctnetlink</emphasis> is therefore again +polling-based. An userspace process sends a request for certain information, +the kernel responds with the requested information. </para> +<para> +By combining <emphasis>conntrack notifiers</emphasis> with +<emphasis>ctnetlink</emphasis>, it is possible to register a notifier handler +that in turn sends <emphasis>ctnetlink</emphasis> event messages down the <emphasis>AF_NETLINK</emphasis> socket. +</para> +<para> +A userspace process can now listen for such DELETE event messages at the +socket, and put the counters into it's accounting storage. +</para> +<para> +There are still some shortcomings inherent to that DELETE event scheme: We +only know the amount of traffic after the connection is over. If a connection +lasts for a long time (let's say days, weeks), then it is impossible to use +this form of accounting for any kind of quota-based billing, where the user +would be informed (or disconnected, traffic shaped, whatever) when he exceeds +his quota. Also, the conntrack entry does not contain information about when the connection started - only the timestamp of the end-of-connection is known. +</para> +<para> +To overcome limitation number one, the accounting process can use a combined +event and polling scheme. The granularity of accounting can therefore be +configured by the polling interval, and a compromise between performance and +accuracy can be made. +</para> +<para> +To overcome the second limitation, the accounting process can also listen for +NEW event messages. By correlating the NEW and DELETE messages of a +connection, accounting datasets containign start and end of connection can be built. +</para> +</section> + +<section> +<title>ulogd2</title> +<para> +As described earlier in this paper, <emphasis>ulogd</emphasis> is a userspace +packet filter logging daemon that is already used for packet-based accounting, +even if it isn't the best fit. +</para> +<para> +<emphasis>ulogd2</emphasis>, also developed by the author of this paper, takes +logging beyond per-packet based information, but also includes support for +per-connection or per-flow based data. +</para> +<para> +Instead of supporting only <emphasis>ipt_ULOG</emphasis> input, a number of +interpreter and output plugins, <emphasis>ulogd2</emphasis> supports a concept +called plugin stacks. Multiple stacks can exist within one deamon. Any such +stack consists out of plugins. A plugin can be a source, sink or filter. +</para> +<para> +Sources acquire per-packet or per-connection data from <emphasis>ipt_ULOG</emphasis> or <emphasis>ip_contnrack_acct</emphasis>. +</para> +<para> +Filters allow the user to filter or aggregate information. Filtering is +requird, since there is no way to filter the ctnetlink event messages within +the kernel. Either the functionality is enabled or not. Multiple connections +can be aggregated to a larger, encompassing flow. Packets could be aggregated +to flows (like <emphasis>nacctd</emphasis>), and flows can be aggregated to +even larger flows. +</para> +<para> +Sink plugins store the resulting data to some form of non-volatile storage, +such as SQL databases, binary or ascii files. Another sink is a NETFLOW or +IPFIX sink, exporting information in industy-standard format for flow based accounting. +</para> +</section> + +<section> +<title>Status of implementation</title> +<para> +<emphasis>ip_conntrack_acct</emphasis> is already in the kernel since 2.6.9. +</para> +<para> +<emphasis>ctnetlink</emphasis> and the <emphasis>conntrack event +notifiers</emphasis> are considered stable and will be submitted for mainline +inclusion soon. Both are available from the patch-o-matic-ng repository of the +netfilter project. +</para> +<para> +At the time of writing of this paper, <emphasis>ulogd2</emphasis> development +was not yet finished. However, the ctnetlink event messages can already be +dumped by the use of the "conntrack" userspace program, available from the +netfilter project. +</para> +<para> +The "conntrack" prorgram can listen to the netlink event socket and dump the +information in human-readable form (one ASCII line per ctnetlink message) to +stdout. Custom accounting solutions can read this information from stdin, +parse and process it according to their needs. +</para> +</section> + +</section> <!-- new ip_conntrack based --> + +<section> +<title>Summary</title> +<para> +Despite the large number of available accounting tools, the author is confident that inventing yet another one is worthwhile. +</para> +<para> +Many existing implementations suffer from performance issues by design. Most +of them are very special-purpose. nProbe/ntop together with PF_RING are +probably the most universal and efficient solution for any accounting problem. +</para> +<para> +Still, the new <emphasis>ip_conntrack_acct, ctnetlink</emphasis> based +mechanism described in this paper has a clear performance advantage if you want +to do acconting on your Linux-based stateful packetfilter - which is a common +case. The firewall is suposed to be at the edge of your network, exactly where +you usually do accounting of ingress and/or egress traffic. +</para> +</section> + +</article> diff --git a/2005/flow-accounting-lt2005/ltpdk/src/SOURCES b/2005/flow-accounting-lt2005/ltpdk/src/SOURCES new file mode 100644 index 0000000..ac9caec --- /dev/null +++ b/2005/flow-accounting-lt2005/ltpdk/src/SOURCES @@ -0,0 +1,9 @@ +Source Distribution for LinuxTag Paper Development Kit +------------------------------------------------------ + +The complete ltsources for the ltpdk including validator and the +converter can be downloaded at + + http://www.linuxtag.org/cfp/ltpdk-src.tar.gz + +for size reasons (about 5MB). diff --git a/2005/flow-accounting-lt2005/ltpdk/xml/docbook-html.xsl b/2005/flow-accounting-lt2005/ltpdk/xml/docbook-html.xsl new file mode 100644 index 0000000..eeaae21 --- /dev/null +++ b/2005/flow-accounting-lt2005/ltpdk/xml/docbook-html.xsl @@ -0,0 +1,1221 @@ +<?xml version="1.0" encoding="ISO-8859-1"?> +<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" version="1.0"> + +<xsl:output method="html" doctype-public="-//W3C//DTD HTML 4.01 Transitional//EN" doctype-system="http://www.w3.org/TR/1999/REC-html401-19991224/loose.dtd" encoding="ISO-8859-1" indent="yes"/> + +<xsl:param name="lang">de</xsl:param> +<xsl:param name="i18n.xml" select="document('i18n.xml')"/> + +<!-- DocBook Variables --> + +<xsl:variable name="text.toc" select="($i18n.xml//i18n[@name='text.toc'])[1]/@value"/> +<xsl:variable name="text.lot" select="($i18n.xml//i18n[@name='text.lot'])[1]/@value"/> +<xsl:variable name="text.warning" select="($i18n.xml//i18n[@name='text.warning'])[1]/@value"/> +<xsl:variable name="text.caution" select="($i18n.xml//i18n[@name='text.caution'])[1]/@value"/> +<xsl:variable name="text.important" select="($i18n.xml//i18n[@name='text.important'])[1]/@value"/> +<xsl:variable name="text.tip" select="($i18n.xml//i18n[@name='text.tip'])[1]/@value"/> +<xsl:variable name="text.note" select="($i18n.xml//i18n[@name='text.note'])[1]/@value"/> + +<!-- ****************************************************************** --> +<!-- * DocBook Templates * --> +<!-- ****************************************************************** --> + +<xsl:template match="/"> + <xsl:apply-templates/> +</xsl:template> + +<!-- ****************************************************************** --> +<!-- * Template book * --> +<!-- ****************************************************************** --> +<xsl:template match="article|book"> + <xsl:apply-templates select="titlepage"/> + <xsl:apply-templates select="toc" mode="create.toc"/> + <!--<xsl:apply-templates select="lot"/>--> + <!--<xsl:apply-templates select="dedication"/>--> + <!--<xsl:apply-templates select="preface"/>--> + <xsl:apply-templates/> + <!--<xsl:apply-templates select="appendix"/>--> + <!--<xsl:apply-templates select="bibliography"/>--> + <!--<xsl:apply-templates select="glossary"/>--> + <!--<xsl:apply-templates select="index"/>--> + <!--<xsl:apply-templates select="colophon"/>--> +</xsl:template> + +<!-- ****************************************************************** --> +<!-- * Templates for logical divisions * --> +<!-- ****************************************************************** --> +<xsl:template match="chapter|section|sect1|sect2|sect3|sect4|sect5"> + <div class="{name()}"> + <xsl:if test="name()='chapter'"> + <h2 class="{name()}"> + <xsl:apply-templates select="title" mode="create.chapter.title"/> + </h2> + </xsl:if> + <xsl:if test="not(name()='chapter')"> + <h3 class="{name()}"> + <xsl:apply-templates select="title" mode="create.title"/> + </h3> + </xsl:if> + <xsl:if test="ancestor::*/toc or ./toc"> + <xsl:if test="section|reference|sect1"> + <table class="toc"> + <tr class="toc"> + <td class="toc"> + <b class="toc"> + <font class="toc"><xsl:value-of select="$text.toc"/></font> + </b> + <xsl:apply-templates select="section|reference|sect1" mode="create.toc"/> + </td> + </tr> + </table> + </xsl:if> + </xsl:if> + <!--<xsl:apply-templates select="abstract"/>--> + <xsl:choose> + <xsl:when test="name()='chapter'"> + <xsl:apply-templates/> + </xsl:when> + <xsl:when test="name()='section'"> + <xsl:apply-templates/> + </xsl:when> + <xsl:when test="name()='sect1'"> + <xsl:apply-templates/> + </xsl:when> + <xsl:when test="name()='sect2'"> + <xsl:apply-templates/> + </xsl:when> + <xsl:when test="name()='sect3'"> + <xsl:apply-templates/> + </xsl:when> + <xsl:when test="name()='sect4'"> + <xsl:apply-templates/> + </xsl:when> + <xsl:when test="name()='sect5'"> + <xsl:apply-templates/> + </xsl:when> + </xsl:choose> + </div> +</xsl:template> + +<xsl:template match="title" mode="create.title"> + <xsl:if test="../@id"> + <a> + <xsl:attribute name="name"> + <xsl:value-of select="../@id"/> + </xsl:attribute> + <xsl:apply-templates/> + </a> + </xsl:if> + <xsl:if test="not(../@id)"> + <xsl:apply-templates/> + </xsl:if> +</xsl:template> + +<xsl:template match="title" mode="create.chapter.title"> + <xsl:variable name="title"><xsl:value-of select="."/></xsl:variable> + <xsl:for-each select="../../chapter"> + <xsl:if test="title=$title"> + <xsl:number format="1. "/> + </xsl:if> + </xsl:for-each> + <xsl:if test="../@id"> + <a> + <xsl:attribute name="name"> + <xsl:value-of select="../@id"/> + </xsl:attribute> + <xsl:apply-templates/> + </a> + </xsl:if> + <xsl:if test="not(../@id)"> + <xsl:apply-templates/> + </xsl:if> +</xsl:template> + +<!-- ****************************************************************** --> +<!-- * Templates for creating the TOC * --> +<!-- ****************************************************************** --> +<xsl:template name="toc" match="toc" mode="create.toc"> + <xsl:if test="../chapter[@id]|../section[@id]|../reference[@id]|../sect1[@id]"> + <div class="toc"> + <b class="toc"> + <font class="toc"><xsl:value-of select="$text.toc"/></font> + </b> + <dl> + <xsl:apply-templates select="../chapter[@id]|../section[@id]|../reference[@id]|../sect1[@id]" mode="create.toc"/> + </dl> + </div> + </xsl:if> +</xsl:template> + +<xsl:template match="toc" mode="create.chapter.toc"> + <xsl:apply-templates select="../section|../reference|../sect1" mode="create.toc"/> +</xsl:template> + +<xsl:template match="title" mode="create.toc"> + <a> + <xsl:attribute name="class">content</xsl:attribute> + <xsl:attribute name="href"> + <xsl:value-of select="concat('#',../@id)"/> + </xsl:attribute> + <xsl:value-of select="."/> + </a> +</xsl:template> + +<xsl:template match="chapter" mode="create.toc"> + <dt> + <xsl:number format="1. "/> + <xsl:apply-templates select="title" mode="create.toc"/> + <xsl:if test="section[@id]|sect1[@id]"> + <dd> + <dl> + <xsl:apply-templates select="sect1|section" mode="create.toc"/> + </dl> + </dd> + </xsl:if> + </dt> +</xsl:template> + +<xsl:template match="section|sect1|sect2|sect3|sect4" mode="create.toc"> + <xsl:variable name="next"> + <xsl:choose> + <xsl:when test="name()='section'">section</xsl:when> + <xsl:when test="name()='sect1'">sect2</xsl:when> + <xsl:when test="name()='sect2'">sect3</xsl:when> + <xsl:when test="name()='sect3'">sect4</xsl:when> + </xsl:choose> + </xsl:variable> + <dt> + <xsl:apply-templates select="title" mode="create.toc"/> + <xsl:if test="concat($next,'[@id]')"> + <dd> + <dl> + <xsl:choose> + <xsl:when test="name()='section'"> + <xsl:apply-templates select="section[@id]" mode="create.toc"/> + </xsl:when> + <xsl:when test="name()='sect2'"> + <xsl:apply-templates select="sect2[@id]" mode="create.toc"/> + </xsl:when> + <xsl:when test="name()='sect3'"> + <xsl:apply-templates select="sect3[@id]" mode="create.toc"/> + </xsl:when> + <xsl:when test="name()='sect4'"> + <xsl:apply-templates select="sect4[@id]" mode="create.toc"/> + </xsl:when> + </xsl:choose> + </dl> + </dd> + </xsl:if> + </dt> +</xsl:template> + +<!-- ****************************************************************** --> +<!-- * Templates for Para * --> +<!-- ****************************************************************** --> +<xsl:template name="para" match="para|simpara"> + <p> + <xsl:call-template name="add.class.by.id"/> + <xsl:apply-templates/> + </p> +</xsl:template> + +<xsl:template match="formalpara"> + <xsl:if test="title"> + <h3 class="section"><xsl:apply-templates select="title" mode="create.title"/></h3> + </xsl:if> + <p><xsl:apply-templates/></p> +</xsl:template> + +<xsl:template match="para|simpara" mode="create.toc"> + <xsl:call-template name="add.class.by.id"/> + <xsl:apply-templates/> +</xsl:template> + +<!-- ****************************************************************** --> +<!-- * Template for emphasis et al. * --> +<!-- ****************************************************************** --> +<xsl:template match="emphasis"> + <em class="{name()}"><xsl:apply-templates/></em> +</xsl:template> + +<xsl:template match="subscript"> + <sub class="{name()}"><xsl:apply-templates/></sub> +</xsl:template> + +<xsl:template match="superscript"> + <sup class="{name()}"><xsl:apply-templates/></sup> +</xsl:template> + +<xsl:template match="acronym"> + <acronym class="{name()}"><xsl:apply-templates/></acronym> +</xsl:template> + +<xsl:template match="abbrev"> + <abbr class="{name()}"><xsl:apply-templates/></abbr> +</xsl:template> + +<xsl:template match="wordasword"> + <em class="{name()}"><xsl:apply-templates/></em> +</xsl:template> + +<xsl:template match="quote"> + <xsl:text>"</xsl:text> + <xsl:apply-templates/> + <xsl:text>"</xsl:text> +</xsl:template> + +<xsl:template match="filename"> + <em class="{name()}"><xsl:apply-templates/></em> +</xsl:template> + +<xsl:template match="accel"> + <u class="{name()}"><xsl:apply-templates/></u> +</xsl:template> + +<xsl:template match="guimenu"> + <em class="{name()}"><xsl:apply-templates/></em> +</xsl:template> + +<xsl:template match="guimenuitem"> + <em class="{name()}"><xsl:apply-templates/></em> +</xsl:template> + +<xsl:template match="action"> + <em class="{name()}"><xsl:apply-templates/></em> +</xsl:template> + +<!-- ****************************************************************** --> +<!-- * Template for creating Blockquotes * --> +<!-- ****************************************************************** --> +<xsl:template match="blockquote"> + <div class="{name()}"> + <blockquote> + <xsl:apply-templates/> + </blockquote> + <xsl:apply-templates select="attribution" mode="create.attribution"/> + </div> +</xsl:template> + +<xsl:template match="attribution" mode="create.attribution"> + <div class="{name()}" align="right">--<xsl:apply-templates/></div> +</xsl:template> + +<xsl:template match="attribution"/> + +<!-- ***************************************************************** --> +<!-- * Template for creating Lists * --> +<!-- ***************************************************************** --> +<xsl:template match="itemizedlist"> + <div class="{name()}"> + <ul class="{name()}"> + <xsl:apply-templates/> + </ul> + </div> +</xsl:template> + +<xsl:template match="orderedlist"> + <div class="{name()}"> + <ol class="{name()}"> + <xsl:variable name="numeration"> + <xsl:choose> + <xsl:when test="@numeration='loweralpha'">a</xsl:when> + <xsl:when test="@numeration='lowerroman'">i</xsl:when> + <xsl:when test="@numeration='upperalpha'">A</xsl:when> + <xsl:when test="@numeration='apperroman'">i</xsl:when> + <xsl:otherwise></xsl:otherwise> + </xsl:choose> + </xsl:variable> + <xsl:if test="not($numeration='')"> + <xsl:attribute name="type"> + <xsl:value-of select="$numeration"/> + </xsl:attribute> + </xsl:if> + <xsl:message>Numeration: <xsl:call-template name="orderedlist.find.numeration"/></xsl:message> + <xsl:if test="@continuation"> + <xsl:attribute name="start"> + <xsl:call-template name="orderedlist.find.numeration"/> + </xsl:attribute> + </xsl:if> + <xsl:apply-templates/> + </ol> + </div> +</xsl:template> + +<xsl:template name="orderedlist.find.numeration"> + <xsl:param name="count">1</xsl:param> + <xsl:choose> + <xsl:when test="@continuation='continues'"> + <xsl:for-each select="preceding::orderedlist[1]"> + <!--<xsl:if test="not(name()='orderedlist')">--> + <xsl:call-template name="orderedlist.find.numeration"> + <xsl:with-param name="count"> + <xsl:value-of select="count(listitem)+$count"/> + </xsl:with-param> + </xsl:call-template> + <!--</xsl:if>--> + </xsl:for-each> + </xsl:when> + <xsl:otherwise><xsl:value-of select="$count"/></xsl:otherwise> + </xsl:choose> +</xsl:template> + +<xsl:template match="listitem"> + <li class="{name()}"> + <xsl:apply-templates/> + </li> +</xsl:template> + +<xsl:template match="listitem" mode="varlistentry"> + <dd class="{name()}"> + <xsl:apply-templates/> + </dd> + </xsl:template> + + <xsl:template match="variablelist"> + <xsl:if test="title"> + <h3 class="{name()}"><xsl:apply-templates select="title" mode="create.title"/></h3> + </xsl:if> + <div class="{name()}"> + <dl class="{name()}"> + <xsl:apply-templates/> + </dl> + </div> + </xsl:template> + + <xsl:template match="varlistentry"> + <dt class="{name()}"> + <xsl:apply-templates select="term"/> + <xsl:apply-templates select="listitem" mode="varlistentry"/> + </dt> + </xsl:template> + + <xsl:template match="term"> + <xsl:if test="not(position()=1)"> + <xsl:text>, </xsl:text> + </xsl:if> + <xsl:apply-templates/> + </xsl:template> + + <!-- ***************************************************************** --> + <!-- * Templates for FAQs * --> + <!-- ***************************************************************** --> + <xsl:template match="qandaset"> + <!-- + <table border="1" class="toc" width="100%"> + <tr> + <td> + --> + <xsl:apply-templates select="qandadiv|qandaentry|question" mode="create.toc"/> + <!-- + </td> + </tr> + </table> + --> + <xsl:apply-templates/> + </xsl:template> + + <xsl:template match="qandadiv"> + <a id="{generate-id()}"/> + <h3 class="{title}"> + <xsl:number format="1. " level = "multiple" /> + <xsl:apply-templates select="title" mode="create.title"/> + </h3> + <!-- + <table border="1" class="toc"> + <tr> + <td> + --> + <xsl:apply-templates select="qandadiv|qandaentry|question" mode="create.toc"/> + <!-- + </td> + </tr> + </table> + --> + <xsl:if test="ancestor::qandadiv[1]"> + <xsl:apply-templates/> + </xsl:if> + <xsl:if test="not(ancestor::qandadiv)"> + <table class="{name}" border="0" margin="0" marginsep="0"> + <xsl:apply-templates/> + </table> + </xsl:if> + </xsl:template> + + <xsl:template match="qandadiv" mode="create.toc"> + <dt> + <a> + <xsl:attribute name="class">content</xsl:attribute> + <xsl:attribute name="href"> + <xsl:value-of select="concat('#', generate-id(parent::*))"/> + </xsl:attribute> + <xsl:number format="1. " count="//qandadiv|//qandaentry" level = "multiple" /> + <xsl:apply-templates select="title" mode="create.title"/> + </a> + <dd> + <dl> + <xsl:apply-templates select="qandadiv|qandaentry|question" mode="create.toc"/> + </dl> + </dd> + </dt> + </xsl:template> + + <xsl:template match="qandaentry"> + <a id="{generate-id()}"/> + <tr class="question"> + <td><b><xsl:number format="1.1." count="//qandadiv|//qandaentry" level = "multiple" /></b></td> + <td align="left" valign="top"><xsl:apply-templates select="question"/></td> + </tr> + <tr class="answer"> + <td/> + <td align="left" valign="top"><xsl:apply-templates select="answer"/></td> + </tr> + </xsl:template> + + <xsl:template match="qandaentry" mode="create.toc"> + <dt> + <a> + <xsl:attribute name="class">content</xsl:attribute> + <xsl:attribute name="href"> + <xsl:value-of select="concat('#', generate-id())"/> + </xsl:attribute> + <xsl:number format="1.1. " count="//qandadiv|//qandaentry" level = "multiple" /> + <xsl:apply-templates select="question[1]" mode="create.toc"/> + </a> + </dt> + </xsl:template> + + <xsl:template match="question"> + <xsl:apply-templates/> + </xsl:template> + + <xsl:template match="question" mode="create.toc" > + <xsl:apply-templates mode="create.toc"/> + </xsl:template> + + <xsl:template match="answer"> + <xsl:apply-templates/> + </xsl:template> + + <!-- ***************************************************************** --> + <!-- * Templates for Program Listings * --> + <!-- ***************************************************************** --> + <xsl:template match="programlisting|screen"> + <div class="{name()}"> + <table class="{name()}"> + <tr class="{name()}"> + <td class="{name()}"> + <pre class="{name()}"><xsl:attribute name="width"><xsl:value-of select="@width"/></xsl:attribute><xsl:apply-templates/></pre> + </td> + </tr> + </table> + </div> + </xsl:template> + + <xsl:template match="computeroutput|prompt"> + <pre class="name()"> + <code class="name()"> + <xsl:apply-templates/> + </code> + </pre> + </xsl:template> + + <!-- ***************************************************************** --> + <!-- * Templates for creating Adresses * --> + <!-- ***************************************************************** --> + <xsl:template match="address"> + <table class="address" border="0"> + <tr class="address"> + <td class="address"> + <xsl:apply-templates/> + </td> + </tr> + </table> + </xsl:template> + + <xsl:template name="personname" match="personname"> + <br> + <xsl:call-template name="add.class.by.id"/> + </br> + <xsl:apply-templates select="honorific|text()"/> + <xsl:if test="firstname"><xsl:text> </xsl:text></xsl:if> + <xsl:apply-templates select="firstname"/> + <xsl:if test="othername"><xsl:text> </xsl:text></xsl:if> + <xsl:apply-templates select="othername"/> + <xsl:if test="surname"><xsl:text> </xsl:text></xsl:if> + <xsl:apply-templates select="surname"/> + <xsl:if test="lineage"><xsl:text> </xsl:text></xsl:if> + <xsl:apply-templates select="lineage"/> + </xsl:template> + + <xsl:template match="honorific|firstname|othername|surname|lineage"> + <xsl:apply-templates/> + </xsl:template> + + <xsl:template match="street"> + <br> + <xsl:call-template name="add.class.by.id"/> + </br> + <xsl:apply-templates/> + </xsl:template> + + <xsl:template match="country"> + <br> + <xsl:call-template name="add.class.by.id"/> + </br> + <xsl:apply-templates/> + </xsl:template> + + <xsl:template match="phone"> + <br> + <xsl:call-template name="add.class.by.id"/> + </br> + <xsl:apply-templates/> + </xsl:template> + + <xsl:template match="fax"> + <br> + <xsl:call-template name="add.class.by.id"/> + </br> + <xsl:apply-templates/> + </xsl:template> + + <xsl:template match="email"> + <br> + <xsl:call-template name="add.class.by.id"/> + </br> + <xsl:apply-templates/> + </xsl:template> + + <xsl:template match="city|state|postcode"> + <xsl:if test="(ancestor::address/descendant::city|ancestor::address/descendant::state|ancestor::address/descendant::postcode)[1] = ."> + <br> + <xsl:call-template name="add.class.by.id"/> + </br> + </xsl:if> + <xsl:apply-templates/> + <xsl:choose> + <xsl:when test="(ancestor::address/descendant::city|ancestor::address/descendant::state|ancestor::address/descendant::postcode)[last()] = ."> + </xsl:when> + <xsl:otherwise><xsl:text> </xsl:text></xsl:otherwise> + </xsl:choose> + </xsl:template> + + <!-- ****************************************************************** --> + <!-- * Templates for Function Stuff * --> + <!-- ****************************************************************** --> + <xsl:template match="funcsynopsis"> + <div class="{name()}"> + <table class="{name()}"> + <tr class="{name()}"> + <pre class="{name()}"> + <xsl:apply-templates select="funcsynopsisinfo"/> + <xsl:apply-templates select="funcprototype"/> + </pre> + </tr> + </table> + </div> + </xsl:template> + + <xsl:template match="funcsynopsisinfo"> + <div class="{name()}"> + <xsl:apply-templates/> + </div> + </xsl:template> + + <xsl:template match="funcprototype"> + <code class="{name()}"> + <xsl:apply-templates select="funcdef"/> + <xsl:if test="paramdef"> + <xsl:text>(</xsl:text> + <xsl:apply-templates select="paramdef/parameter" mode="create.function.signature"/> + <xsl:text>);</xsl:text> + </xsl:if> + <xsl:apply-templates select="void|varargs|paramdef"/> + </code> + </xsl:template> + + <xsl:template match="parameter" mode="create.function.signature"> + <xsl:if test="not(position()=1)"> + <xsl:text>, </xsl:text> + </xsl:if> + <i class="{name()}"> + <xsl:apply-templates/> + </i> + </xsl:template> + + <xsl:template match="paramdef"> + <br/> + <xsl:apply-templates select="text()|funcparams|parameter|type"/> + </xsl:template> + + <xsl:template match="funcparams"> + <xsl:text>(</xsl:text> + <i class="{name()}"> + <xsl:apply-templates/> + </i> + <xsl:text>)</xsl:text> + </xsl:template> + + <xsl:template match="parameter"> + <i class="{name()}"> + <xsl:apply-templates/> + </i> + <xsl:text>; </xsl:text> + </xsl:template> + + <xsl:template match="funcdef"> + <xsl:value-of select="normalize-space(text())"/> + <xsl:apply-templates select="normalize-space(type)"/> + <xsl:text> </xsl:text> + <xsl:apply-templates select="function"/> + </xsl:template> + + <xsl:template match="void"> + <xsl:text>(void);</xsl:text> + </xsl:template> + + <xsl:template match="varargs"> + <xsl:text>(...);</xsl:text> + </xsl:template> + + <xsl:template match="type"> + <xsl:apply-templates/> + </xsl:template> + + <xsl:template match="function"> + <b class="{name()}"> + <xsl:apply-templates/> + </b> + </xsl:template> + + <xsl:template match="varname|constant|symbol|returnvalue"> + <xsl:apply-templates/> + </xsl:template> + + <!-- ****************************************************************** --> + <!-- * Templates for Copyright and Trademarks * --> + <!-- ****************************************************************** --> + <xsl:template match="copyright" mode="create.title"> + <xsl:text>Copyright © </xsl:text> + <xsl:value-of select="year"/> + <xsl:text> </xsl:text> + <xsl:value-of select="holder"/> + </xsl:template> + + <xsl:template match="copyright"/> + + <xsl:template match="trademark|productname"> + <xsl:choose> + <xsl:when test="@class='copyright'"> + <xsl:text>© </xsl:text> + <xsl:apply-templates/> + </xsl:when> + <xsl:when test="@class='registered' or (not(@class) and name()='productname')"> + <xsl:apply-templates/> + <xsl:text>®</xsl:text> + </xsl:when> + <xsl:when test="@class='service'"> + </xsl:when> + <xsl:when test="@class='trade' or (not(@class) and name()='trademark')"> + <xsl:apply-templates/> + <sup>TM</sup> + </xsl:when> + </xsl:choose> + </xsl:template> + + <!-- ****************************************************************** --> + <!-- * Templates for Graphics * --> + <!-- ****************************************************************** --> + <xsl:template match="mediaobject|inlinemediaobject"> + <xsl:apply-templates/> + </xsl:template> + + <xsl:template match="screenshot"> + <xsl:apply-templates/> + </xsl:template> + + <!-- ****************************************************************** --> + <!-- * Templates for Linking * --> + <!-- ****************************************************************** --> + <xsl:template name="link" match="link"> + <a class="link"> + <xsl:attribute name="href"> + <xsl:variable name="linkend"><xsl:value-of select="@linkend"/></xsl:variable> + <xsl:choose> + <xsl:when test="//*[@id=$linkend and position()=1]"> + <xsl:value-of select="concat('#',$linkend)"/> + </xsl:when> + <xsl:otherwise> + <xsl:value-of select="$linkend"/> + </xsl:otherwise> + </xsl:choose> + </xsl:attribute> + <xsl:if test=".=''"> + <xsl:variable name="endterm"><xsl:value-of select="@endterm"/></xsl:variable> + <xsl:apply-templates select="//*[@id=$endterm and position()=1]" mode="create.title"/> + </xsl:if> + <xsl:apply-templates/> + </a> + </xsl:template> + + <xsl:template match="ulink"> + <a class="ulink"> + <xsl:attribute name="href"> + <xsl:value-of select="@url"/> + </xsl:attribute> + <xsl:choose> + <xsl:when test=".=''"> + <xsl:value-of select="@url"/> + </xsl:when> + <xsl:otherwise> + <xsl:apply-templates/> + </xsl:otherwise> + </xsl:choose> + </a> + </xsl:template> + + <!-- ****************************************************************** --> + <!-- * Templates for Events * --> + <!-- ****************************************************************** --> + <xsl:template match="caution|note|important|tip|warning"> + <p> + <div> + <xsl:attribute name="class"> + <xsl:value-of select="name()"/> + </xsl:attribute> + <table> + <xsl:attribute name="class"> + <xsl:value-of select="name()"/> + </xsl:attribute> + <tr> + <xsl:attribute name="class"> + <xsl:value-of select="name()"/> + </xsl:attribute> + <td valign="top" align="center"> + <b> + <xsl:attribute name="class"> + <xsl:value-of select="name()"/> + </xsl:attribute> + <xsl:choose> + <xsl:when test="name()='caution'"> + <xsl:value-of select="$text.caution"/> + </xsl:when> + <xsl:when test="name()='note'"> + <xsl:value-of select="$text.note"/> + </xsl:when> + <xsl:when test="name()='important'"> + <xsl:value-of select="$text.important"/> + </xsl:when> + <xsl:when test="name()='tip'"> + <xsl:value-of select="$text.tip"/> + </xsl:when> + <xsl:when test="name()='warning'"> + <xsl:value-of select="$text.warning"/> + </xsl:when> + </xsl:choose> + </b> + </td> + <td valign="top" align="left"> + <xsl:attribute name="class"> + <xsl:value-of select="name()"/> + </xsl:attribute> + <xsl:apply-templates/> + </td> + </tr> + </table> + </div> + </p> + </xsl:template> + + <!-- ****************************************************************** --> + <!-- * Templates for Graphics * --> + <!-- ****************************************************************** --> + + <xsl:template match="mediaobject"> + <xsl:apply-templates select="objectinfo[1]"/> + <xsl:apply-templates select="videoobject|audioobject|imageobject|textobject"/> + <xsl:apply-templates select="caption[1]"/> + </xsl:template> + + <xsl:template match="imageobject"> + <xsl:apply-templates select="objectinfo[1]"/> + <xsl:apply-templates select="imagedata[1]"/> + </xsl:template> + + <xsl:template match="imagedata"> + <img border="0"> + <xsl:attribute name="src"> + <xsl:value-of select="@fileref"/> + </xsl:attribute> + <xsl:if test="@width"> + <xsl:attribute name="width"> + <xsl:value-of select="@width"/> + </xsl:attribute> + </xsl:if> + <xsl:if test="@height"> + <xsl:attribute name="height"> + <xsl:value-of select="@height"/> + </xsl:attribute> + </xsl:if> + <xsl:if test="@scale"> + <xsl:attribute name="scale"> + <xsl:value-of select="@scale"/> + </xsl:attribute> + </xsl:if> + <xsl:if test="@align"> + <xsl:attribute name="align"> + <xsl:value-of select="@align"/> + </xsl:attribute> + </xsl:if> + <xsl:if test="@valign"> + <xsl:attribute name="valign"> + <xsl:value-of select="@valign"/> + </xsl:attribute> + </xsl:if> + <xsl:if test="../../textobject/textdata"> + <xsl:attribute name="alt"> + <xsl:value-of select="../../textobject/textdata"/> + </xsl:attribute> + </xsl:if> + </img> + </xsl:template> + + <xsl:template match="textobject"> + <xsl:apply-templates select="objectinfo[1]"/> + <xsl:apply-templates select="phrase|textdata|itemizedlist|orderedlist"/> + </xsl:template> + + <xsl:template match="textdata"> + <xsl:apply-templates select="text()"/> + </xsl:template> + + <!-- ****************************************************************** --> + <!-- * Templates for Tables * --> + <!-- ****************************************************************** --> + + <xsl:template match="table"> + <xsl:if test="title"> + <h3 class="{name()}"><xsl:apply-templates select="title" mode="create.title"/></h3> + </xsl:if> + <xsl:apply-templates select="textobject|mediaobject|tgroup"/> + </xsl:template> + + <xsl:template match="tgroup"> + <table> + <xsl:attribute name="class"> + <xsl:choose> + <xsl:when test="ancestor::table/@label"> + <xsl:value-of select="ancestor::table/@label"/> + </xsl:when> + <xsl:otherwise> + <xsl:text>table</xsl:text> + </xsl:otherwise> + </xsl:choose> + </xsl:attribute> + <xsl:attribute name="border"> + <xsl:choose> + <xsl:when test="ancestor::table[@frame = 'none']"> + <xsl:text>0</xsl:text> + </xsl:when> + <xsl:otherwise> + <xsl:text>1</xsl:text> + </xsl:otherwise> + </xsl:choose> + </xsl:attribute> + <xsl:apply-templates select="thead"/> + <xsl:apply-templates select="tbody"/> + <xsl:apply-templates select="tfoot"/> + </table> + </xsl:template> + + <xsl:template match="tbody|thead|tfoot"> + <xsl:param name="table.colspec"/> + <xsl:param name="table.spanspec"/> + <xsl:apply-templates select="row"/> + </xsl:template> + + <xsl:template match="row"> + <xsl:param name="table.colspec"/> + <xsl:param name="table.spanspec"/> + <tr> + <xsl:attribute name="class"> + <xsl:choose> + <xsl:when test="ancestor::table/@label"> + <xsl:value-of select="ancestor::table/@label"/> + </xsl:when> + <xsl:otherwise> + <xsl:text>row</xsl:text> + </xsl:otherwise> + </xsl:choose> + </xsl:attribute> + <xsl:apply-templates select="entry"/> + </tr> + </xsl:template> + + <xsl:template match="entry"> + <td> + <xsl:attribute name="class"> + <xsl:choose> + <xsl:when test="ancestor::table/@label"> + <xsl:value-of select="ancestor::table/@label"/> + </xsl:when> + <xsl:otherwise> + <xsl:text>entry</xsl:text> + </xsl:otherwise> + </xsl:choose> + </xsl:attribute> + <xsl:if test="@namest"> + <xsl:variable name="colname.namest" select="@namest"/> + <xsl:variable name="colname.nameend" select="@nameend"/> + <xsl:variable name="namest"> + <xsl:choose> + <xsl:when test="ancestor::tgroup/colspec[@colname = $colname.namest]/@colnum"> + <xsl:value-of select="ancestor::tgroup/colspec[@colname = $colname.namest]/@colnum"/> + </xsl:when> + <xsl:otherwise> + <xsl:for-each select="ancestor::tgroup/colspec"> + <xsl:if test="@colname = $colname.namest"> + <xsl:value-of select="position()"/> + </xsl:if> + </xsl:for-each> + </xsl:otherwise> + </xsl:choose> + </xsl:variable> + <xsl:variable name="nameend"> + <xsl:choose> + <xsl:when test="ancestor::tgroup/colspec[@colname = $colname.nameend]/@colnum"> + <xsl:value-of select="ancestor::tgroup/colspec[@colname = $colname.nameend]/@colnum"/> + </xsl:when> + <xsl:otherwise> + <xsl:for-each select="ancestor::tgroup/colspec"> + <xsl:if test="@colname = $colname.nameend"> + <xsl:value-of select="position()"/> + </xsl:if> + </xsl:for-each> + </xsl:otherwise> + </xsl:choose> + </xsl:variable> + <xsl:attribute name="colspan"> + <xsl:value-of select="$nameend - $namest +1"/> + </xsl:attribute> + </xsl:if> + <xsl:if test="@morerows"> + <xsl:attribute name="rowspan"> + <xsl:value-of select="1 + @morerows"/> + </xsl:attribute> + </xsl:if> + <xsl:if test="@align"> + <xsl:attribute name="align"> + <xsl:value-of select="@align"/> + </xsl:attribute> + </xsl:if> + <xsl:if test="@valign"> + <xsl:attribute name="valign"> + <xsl:value-of select="@valign"/> + </xsl:attribute> + </xsl:if> + <xsl:apply-templates/> + </td> + </xsl:template> + + <!-- ***************************************************************** --> + <!-- * Templates for Tags that have to be ignored * --> + <!-- ***************************************************************** --> + <xsl:template match="beginpage"/> + <xsl:template match="remark"/> + <xsl:template match="comment"/> + <xsl:template match="title"/> + <xsl:template match="subtitle"/> + <xsl:template match="titleabbrev"/> + <xsl:template match="appendixinfo"/> + <xsl:template match="articleinfo"/> + <xsl:template match="bibliographyinfo"/> + <xsl:template match="blockinfo"/> + <xsl:template match="bookinfo"/> + <xsl:template match="chapterinfo"/> + <xsl:template match="classsynopsisinfo"/> + <xsl:template match="glossaryinfo"/> + <xsl:template match="indexinfo"/> + <xsl:template match="msginfo"/> + <xsl:template match="objectinfo"/> + <xsl:template match="partinfo"/> + <xsl:template match="prefaceinfo"/> + <xsl:template match="refentryinfo"/> + <xsl:template match="referenceinfo"/> + <xsl:template match="refmiscinfo"/> + <xsl:template match="refsect1info"/> + <xsl:template match="refsect2info"/> + <xsl:template match="refsect3info"/> + <xsl:template match="refsectioninfo"/> + <xsl:template match="refsynopsisdivinfo"/> + <xsl:template match="relesaseinfo"/> + <xsl:template match="screeninfo"/> + <xsl:template match="sect1info"/> + <xsl:template match="sect2info"/> + <xsl:template match="sect3info"/> + <xsl:template match="sect4info"/> + <xsl:template match="sect5info"/> + <xsl:template match="sectioninfo"/> + <xsl:template match="setindexinfo"/> + <xsl:template match="setinfo"/> + <xsl:template match="sidebarinfo"/> + + <!-- ****************************************************************** --> + <!-- * Library Templates * --> + <!-- ****************************************************************** --> + + <xsl:template name="add.class.by.id"> + <xsl:if test="@id"> + <xsl:attribute name="class"> + <xsl:value-of select="@id"/> + </xsl:attribute> + </xsl:if> + </xsl:template> + + <xsl:template name="transpose.spaces"> + <xsl:param name="string"></xsl:param> + <xsl:choose> + <xsl:when test="contains($string,' ')"> + <xsl:value-of select="substring-before($string,' ')"/> + <xsl:text> </xsl:text> + <xsl:call-template name="transpose.spaces"> + <xsl:with-param name="string"> + <xsl:value-of select="substring-after($string,' ')"/> + </xsl:with-param> + </xsl:call-template> + </xsl:when> + <xsl:otherwise> + <xsl:value-of select="$string"/> + </xsl:otherwise> + </xsl:choose> + </xsl:template> + + <xsl:template name="strip.leading.spaces"> + <xsl:param name="string"></xsl:param> +<xsl:message>Calling strip.leading.spaces</xsl:message> +<xsl:message>Value:<xsl:value-of select="$string"/></xsl:message> +<xsl:message>Starts-with:<xsl:value-of select="substring($string,1,1)"/></xsl:message> + <xsl:choose> + <xsl:when test="substring($string,1,1)='Â'"> + <xsl:call-template name="strip.leading.spaces"> + <xsl:with-param name="string"> + <xsl:value-of select="substring($string,2,string-length($string)-1)"/> + </xsl:with-param> + </xsl:call-template> + </xsl:when> + <xsl:otherwise> + <xsl:value-of select="$string"/> + </xsl:otherwise> + </xsl:choose> + </xsl:template> + + <xsl:template match="perform-test"> + <xsl:call-template name="transpose.spaces"> + <xsl:with-param name="string">Oliver Zendel ist muede</xsl:with-param> + </xsl:call-template> + </xsl:template> + + <xsl:template name="strip.ending.spaces"> + <xsl:param name="string"></xsl:param> +<xsl:message>Calling strip.ending.spaces</xsl:message> +<xsl:message>Value:<xsl:value-of select="$string"/></xsl:message> +<xsl:message>End-with: '<xsl:value-of select="substring($string,string-length($string),1)"/>'</xsl:message> + <xsl:choose> + <xsl:when test="substring($string,string-length($string),1)=' '"> +<xsl:message>Found Tab</xsl:message> + <xsl:call-template name="strip.ending.spaces"> + <xsl:with-param name="string"> + <xsl:value-of select="substring($string,1,string-length($string)-1)"/> + </xsl:with-param> + </xsl:call-template> + </xsl:when> + <xsl:when test="substring($string,string-length($string),1)=' '"> +<xsl:message>Found Space</xsl:message> + <xsl:call-template name="strip.ending.spaces"> + <xsl:with-param name="string"> + <xsl:value-of select="substring($string,1,string-length($string)-1)"/> + </xsl:with-param> + </xsl:call-template> + </xsl:when> + <xsl:otherwise> +<xsl:message>Found Noting</xsl:message> + <xsl:value-of select="$string"/> + </xsl:otherwise> + </xsl:choose> + </xsl:template> + + <xsl:template match="perform-test"> + <xsl:call-template name="transpose.spaces"> + <xsl:with-param name="string">Oliver Zendel ist muede</xsl:with-param> + </xsl:call-template> + </xsl:template> + +<!-- + <xsl:template match="legalnotice"> + <xsl:if test="//artinfo[1]|//bookinfo[1]"> + <xsl:for-each select="//artinfo[1]|//bookinfo[1]"> + <p><xsl:apply-templates select="descendant-or-self::copyright"/></p> + </xsl:for-each> + </xsl:if> + <xsl:if test="not(//artinfo[1]|//bookinfo[1])"> + <xsl:if test="//copyright[1]"> + <p><xsl:apply-templates select="descendant-or-self::copyright"/></p> + </xsl:if> + </xsl:if> + <p><xsl:apply-templates/></p> + </xsl:template> + + <xsl:template match="releaseinfo|abstract"> + <p><xsl:apply-templates/></p> + </xsl:template> + + + + <xsl:template match="authorgroup"> + <xsl:apply-templates select="author"/> + </xsl:template> + + <xsl:template match="author"> + <div class="author"> + <h3 class="author"> + <xsl:value-of select="honorific"/> + <xsl:text> </xsl:text> + <xsl:value-of select="firstname"/> + <xsl:text> </xsl:text> + <xsl:value-of select="othername"/> + <xsl:text> </xsl:text> + <xsl:value-of select="surname"/> + </h3> + </div> + </xsl:template> + + <xsl:template name="titlepage"> + <div class="titlepage"> + <a name="top"/> + <h1 class="title"> + <xsl:value-of select="//artinfo[1]/title|//bookinfo[1]/title|//capterinfo[1]/title"/> + </h1> + <xsl:for-each select="bookinfo|artinfo"> + <xsl:apply-templates select="author|authorgroup"/> + <xsl:apply-templates select="releaseinfo"/> + <xsl:apply-templates select="legalnotice"/> + <xsl:apply-templates select="abstract"/> + </xsl:for-each> + <hr width="100%"/> + </div> + </xsl:template> + + <xsl:template match="activeboxset"/> + <xsl:template match="artinfo"/> + <xsl:template match="chapterinfo"/> + <xsl:template match="bookinfo"/> + +--> + <xsl:template match="*"> + <xsl:message> + <xsl:text>Warning: Tag </xsl:text> + <xsl:value-of select="name()"/> + <xsl:text> not supportet</xsl:text> + </xsl:message> + </xsl:template> +</xsl:stylesheet> diff --git a/2005/flow-accounting-lt2005/ltpdk/xml/docbook.dtd b/2005/flow-accounting-lt2005/ltpdk/xml/docbook.dtd new file mode 100644 index 0000000..114602c --- /dev/null +++ b/2005/flow-accounting-lt2005/ltpdk/xml/docbook.dtd @@ -0,0 +1,1618 @@ +<!-- ********************************************************************* + *** THIS IS THE FLATTENED DTD. DO NOT EDIT THIS DTD BY HAND, EDIT *** + *** THE CUSTOMIZATION LAYER AND REGNERATE THE FLATTENED DTD! ******** + ********************************************************************* --> + +<!-- ...................................................................... --> +<!-- Simplified DocBook DTD V1.0CR2 ...................................... --> +<!-- File sdocbook-custom.dtd ............................................. --> + +<!-- Copyright 1992-2002 HaL Computer Systems, Inc., + O'Reilly & Associates, Inc., ArborText, Inc., Fujitsu Software + Corporation, Norman Walsh, Sun Microsystems, Inc., and the + Organization for the Advancement of Structured Information + Standards (OASIS). + + $Id: sdocbook-custom.dtd,v 1.7 2002/06/10 14:05:33 nwalsh Exp $ + + Permission to use, copy, modify and distribute the DocBook XML DTD + and its accompanying documentation for any purpose and without fee + is hereby granted in perpetuity, provided that the above copyright + notice and this paragraph appear in all copies. The copyright + holders make no representation about the suitability of the DTD for + any purpose. It is provided "as is" without expressed or implied + warranty. + + If you modify the Simplified DocBook DTD in any way, except for + declaring and referencing additional sets of general entities and + declaring additional notations, label your DTD as a variant of + DocBook. See the maintenance documentation for more information. + + Please direct all questions, bug reports, or suggestions for + changes to the docbook@lists.oasis-open.org mailing list. For more + information, see http://www.oasis-open.org/docbook/. +--> + +<!-- ...................................................................... --> + +<!-- This is the driver file for V1.0CR2 of the Simplified DocBook XML DTD. + Please use the following formal public identifier to identify it: + + "-//OASIS//DTD Simplified DocBook XML V1.0CR2//EN" + + For example: + + <!DOCTYPE article + PUBLIC "-//OASIS//DTD Simplified DocBook XML V1.0CR2//EN" + "http://www.oasis-open.org/docbook/xml/simple/1.0CR2/sdocbook.dtd" + [...]> +--> + +<!-- ...................................................................... --> + + +<!ENTITY % local.list.class ""> +<!ENTITY % list.class + "itemizedlist|orderedlist + |variablelist %local.list.class;"> +<!ENTITY % local.admon.class ""> +<!ENTITY % admon.class + "note %local.admon.class;"> +<!ENTITY % local.linespecific.class ""> +<!ENTITY % linespecific.class + "literallayout|programlisting %local.linespecific.class;"> +<!ENTITY % local.para.class ""> +<!ENTITY % para.class + "para %local.para.class;"> +<!ENTITY % local.informal.class ""> +<!ENTITY % informal.class + "blockquote + |mediaobject + |informaltable %local.informal.class;"> +<!ENTITY % local.formal.class ""> +<!ENTITY % formal.class + "example|figure|table %local.formal.class;"> +<!ENTITY % local.compound.class ""> +<!ENTITY % compound.class + "sidebar %local.compound.class;"> +<!ENTITY % local.descobj.class ""> +<!ENTITY % descobj.class + "abstract|authorblurb|epigraph + %local.descobj.class;"> +<!ENTITY % local.xref.char.class ""> +<!ENTITY % xref.char.class "footnoteref|xref %local.xref.char.class;"> +<!ENTITY % local.gen.char.class ""> +<!ENTITY % gen.char.class + "abbrev|acronym|citetitle|emphasis|footnote|phrase + |quote|trademark %local.gen.char.class;"> +<!ENTITY % local.link.char.class ""> +<!ENTITY % link.char.class + "link|ulink %local.link.char.class;"> +<!ENTITY % local.tech.char.class ""> +<!ENTITY % tech.char.class + "command|computeroutput + |email|filename + |literal + |option + |replaceable + |systemitem|userinput + %local.tech.char.class;"> +<!ENTITY % local.docinfo.char.class ""> +<!ENTITY % docinfo.char.class + "author|corpauthor|othercredit + |revhistory + %local.docinfo.char.class;"> +<!ENTITY % local.inlineobj.char.class ""> +<!ENTITY % inlineobj.char.class + "inlinemediaobject %local.inlineobj.char.class;"> +<!ENTITY % local.common.attrib ""> +<!ENTITY % common.attrib + "id ID #IMPLIED + lang CDATA #IMPLIED + revisionflag (changed + |added + |deleted + |off) #IMPLIED + %local.common.attrib;" +> +<!ENTITY % local.person.ident.mix ""> +<!ENTITY % person.ident.mix + "honorific|firstname|surname|lineage|othername|affiliation + |authorblurb + %local.person.ident.mix;"> +<!ENTITY % local.bibliocomponent.mix ""> +<!ENTITY % bibliocomponent.mix + "abbrev|abstract|author + |authorgroup|bibliomisc + |copyright|corpauthor|date|edition + |editor|issuenum + |othercredit + |pubdate|publishername + |releaseinfo|revhistory + |subtitle|title|titleabbrev|volumenum|citetitle + |%person.ident.mix; + %local.bibliocomponent.mix;"> +<!ENTITY % local.component.mix ""> +<!ENTITY % component.mix + "%list.class; |%admon.class; + |%linespecific.class; + |%para.class; |%informal.class; + |%formal.class; |%compound.class; + |%descobj.class; + %local.component.mix;"> +<!ENTITY % local.sidebar.mix ""> +<!ENTITY % sidebar.mix + "%list.class; |%admon.class; + |%linespecific.class; + |%para.class; |%informal.class; + |%formal.class; + %local.sidebar.mix;"> +<!ENTITY % local.revdescription.mix ""> +<!ENTITY % revdescription.mix + "%list.class; |%admon.class; + |%linespecific.class; + |%para.class; |%informal.class; + |%formal.class; + %local.revdescription.mix;"> +<!ENTITY % local.footnote.mix ""> +<!ENTITY % footnote.mix + "%list.class; + |%linespecific.class; + |%para.class; |%informal.class; + %local.footnote.mix;"> +<!ENTITY % local.example.mix ""> +<!ENTITY % example.mix + "%list.class; + |%linespecific.class; + |%para.class; |%informal.class; + %local.example.mix;"> +<!ENTITY % local.admon.mix ""> +<!ENTITY % admon.mix + "%list.class; + |%linespecific.class; + |%para.class; |%informal.class; + |%formal.class; + %local.admon.mix;"> +<!ENTITY % local.figure.mix ""> +<!ENTITY % figure.mix + "%linespecific.class; + |%informal.class; + %local.figure.mix;"> +<!ENTITY % local.tabentry.mix ""> +<!ENTITY % tabentry.mix + "%list.class; |%admon.class; + |%linespecific.class; + |%para.class; |mediaobject + %local.tabentry.mix;"> +<!ENTITY % local.legalnotice.mix ""> +<!ENTITY % legalnotice.mix + "%list.class; |%admon.class; + |%linespecific.class; + |%para.class; |blockquote + %local.legalnotice.mix;"> +<!ENTITY % local.textobject.mix ""> +<!ENTITY % textobject.mix + "%list.class; |%admon.class; + |%linespecific.class; + |%para.class; |blockquote + %local.textobject.mix;"> +<!ENTITY % local.para.char.mix ""> +<!ENTITY % para.char.mix + "#PCDATA + |%xref.char.class; |%gen.char.class; + |%link.char.class; |%tech.char.class; + |%inlineobj.char.class; + %local.para.char.mix;"> +<!ENTITY % local.title.char.mix ""> +<!ENTITY % title.char.mix + "#PCDATA + |%xref.char.class; |%gen.char.class; + |%link.char.class; |%tech.char.class; + |%docinfo.char.class; + |%inlineobj.char.class; + %local.title.char.mix;"> +<!ENTITY % local.cptr.char.mix ""> +<!ENTITY % cptr.char.mix + "#PCDATA + |%link.char.class; |%tech.char.class; + |inlinemediaobject + %local.cptr.char.mix;"> +<!ENTITY % local.smallcptr.char.mix ""> +<!ENTITY % smallcptr.char.mix + "#PCDATA + |replaceable + |inlinemediaobject + %local.smallcptr.char.mix;"> +<!ENTITY % local.word.char.mix ""> +<!ENTITY % word.char.mix + "#PCDATA + |acronym|emphasis|trademark + |%link.char.class; + |inlinemediaobject + %local.word.char.mix;"> +<!ENTITY % local.docinfo.char.mix ""> +<!ENTITY % docinfo.char.mix + "#PCDATA + |%link.char.class; + |emphasis|trademark + |replaceable + |inlinemediaobject + %local.docinfo.char.mix;"> +<!ENTITY % tbl.table.mdl + "(title, (mediaobject+|tgroup+))"> +<!ENTITY % local.divcomponent.mix ""> +<!ENTITY % divcomponent.mix + "%list.class; |%admon.class; + |%linespecific.class; + |%para.class; |%informal.class; + |%formal.class; |%compound.class; + |%descobj.class; + %local.divcomponent.mix;"> +<!ENTITY % bookcomponent.content + "((%divcomponent.mix;)+, section*) + | section+"> +<!ENTITY aacute "á"> +<!ENTITY Aacute "Á"> +<!ENTITY acirc "â"> +<!ENTITY Acirc "Â"> +<!ENTITY agrave "à"> +<!ENTITY Agrave "À"> +<!ENTITY aring "å"> +<!ENTITY Aring "Å"> +<!ENTITY atilde "ã"> +<!ENTITY Atilde "Ã"> +<!ENTITY auml "ä"> +<!ENTITY Auml "Ä"> +<!ENTITY aelig "æ"> +<!ENTITY AElig "Æ"> +<!ENTITY ccedil "ç"> +<!ENTITY Ccedil "Ç"> +<!ENTITY eth "ð"> +<!ENTITY ETH "Ð"> +<!ENTITY eacute "é"> +<!ENTITY Eacute "É"> +<!ENTITY ecirc "ê"> +<!ENTITY Ecirc "Ê"> +<!ENTITY egrave "è"> +<!ENTITY Egrave "È"> +<!ENTITY euml "ë"> +<!ENTITY Euml "Ë"> +<!ENTITY iacute "í"> +<!ENTITY Iacute "Í"> +<!ENTITY icirc "î"> +<!ENTITY Icirc "Î"> +<!ENTITY igrave "ì"> +<!ENTITY Igrave "Ì"> +<!ENTITY iuml "ï"> +<!ENTITY Iuml "Ï"> +<!ENTITY ntilde "ñ"> +<!ENTITY Ntilde "Ñ"> +<!ENTITY oacute "ó"> +<!ENTITY Oacute "Ó"> +<!ENTITY ocirc "ô"> +<!ENTITY Ocirc "Ô"> +<!ENTITY ograve "ò"> +<!ENTITY Ograve "Ò"> +<!ENTITY oslash "ø"> +<!ENTITY Oslash "Ø"> +<!ENTITY otilde "õ"> +<!ENTITY Otilde "Õ"> +<!ENTITY ouml "ö"> +<!ENTITY Ouml "Ö"> +<!ENTITY szlig "ß"> +<!ENTITY thorn "þ"> +<!ENTITY THORN "Þ"> +<!ENTITY uacute "ú"> +<!ENTITY Uacute "Ú"> +<!ENTITY ucirc "û"> +<!ENTITY Ucirc "Û"> +<!ENTITY ugrave "ù"> +<!ENTITY Ugrave "Ù"> +<!ENTITY uuml "ü"> +<!ENTITY Uuml "Ü"> +<!ENTITY yacute "ý"> +<!ENTITY Yacute "Ý"> +<!ENTITY yuml "ÿ"> +<!ENTITY half "½"> +<!ENTITY frac12 "½"> +<!ENTITY frac14 "¼"> +<!ENTITY frac34 "¾"> +<!ENTITY frac18 "⅛"> +<!ENTITY frac38 "⅜"> +<!ENTITY frac58 "⅝"> +<!ENTITY frac78 "⅞"> +<!ENTITY sup1 "¹"> +<!ENTITY sup2 "²"> +<!ENTITY sup3 "³"> +<!ENTITY plus "+"> +<!ENTITY plusmn "±"> +<!ENTITY lt "&#60;"> +<!ENTITY equals "="> +<!ENTITY gt ">"> +<!ENTITY divide "÷"> +<!ENTITY times "×"> +<!ENTITY curren "¤"> +<!ENTITY pound "£"> +<!ENTITY dollar "$"> +<!ENTITY cent "¢"> +<!ENTITY yen "¥"> +<!ENTITY num "#"> +<!ENTITY percnt "%"> +<!ENTITY amp "&#38;"> +<!ENTITY ast "*"> +<!ENTITY commat "@"> +<!ENTITY lsqb "["> +<!ENTITY bsol "\"> +<!ENTITY rsqb "]"> +<!ENTITY lcub "{"> +<!ENTITY horbar "―"> +<!ENTITY verbar "|"> +<!ENTITY rcub "}"> +<!ENTITY micro "µ"> +<!ENTITY ohm "Ω"> +<!ENTITY deg "°"> +<!ENTITY ordm "º"> +<!ENTITY ordf "ª"> +<!ENTITY sect "§"> +<!ENTITY para "¶"> +<!ENTITY middot "·"> +<!ENTITY larr "←"> +<!ENTITY rarr "→"> +<!ENTITY uarr "↑"> +<!ENTITY darr "↓"> +<!ENTITY copy "©"> +<!ENTITY reg "®"> +<!ENTITY trade "™"> +<!ENTITY brvbar "¦"> +<!ENTITY not "¬"> +<!ENTITY sung "♩"> +<!ENTITY excl "!"> +<!ENTITY iexcl "¡"> +<!ENTITY quot """> +<!ENTITY apos "'"> +<!ENTITY lpar "("> +<!ENTITY rpar ")"> +<!ENTITY comma ","> +<!ENTITY lowbar "_"> +<!ENTITY hyphen "-"> +<!ENTITY period "."> +<!ENTITY sol "/"> +<!ENTITY colon ":"> +<!ENTITY semi ";"> +<!ENTITY quest "?"> +<!ENTITY iquest "¿"> +<!ENTITY laquo "«"> +<!ENTITY raquo "»"> +<!ENTITY lsquo "‘"> +<!ENTITY rsquo "’"> +<!ENTITY ldquo "“"> +<!ENTITY rdquo "”"> +<!ENTITY nbsp " "> +<!ENTITY shy "­"> +<!ENTITY emsp " "> +<!ENTITY ensp " "> +<!ENTITY emsp13 " "> +<!ENTITY emsp14 " "> +<!ENTITY numsp " "> +<!ENTITY puncsp " "> +<!ENTITY thinsp " "> +<!ENTITY hairsp " "> +<!ENTITY mdash "—"> +<!ENTITY ndash "–"> +<!ENTITY dash "‐"> +<!ENTITY blank "␣"> +<!ENTITY hellip "…"> +<!ENTITY nldr "‥"> +<!ENTITY frac13 "⅓"> +<!ENTITY frac23 "⅔"> +<!ENTITY frac15 "⅕"> +<!ENTITY frac25 "⅖"> +<!ENTITY frac35 "⅗"> +<!ENTITY frac45 "⅘"> +<!ENTITY frac16 "⅙"> +<!ENTITY frac56 "⅚"> +<!ENTITY incare "℅"> +<!ENTITY block "█"> +<!ENTITY uhblk "▀"> +<!ENTITY lhblk "▄"> +<!ENTITY blk14 "░"> +<!ENTITY blk12 "▒"> +<!ENTITY blk34 "▓"> +<!ENTITY marker "▮"> +<!ENTITY cir "○"> +<!ENTITY squ "□"> +<!ENTITY rect "▭"> +<!ENTITY utri "▵"> +<!ENTITY dtri "▿"> +<!ENTITY star "⋆"> +<!ENTITY bull "•"> +<!ENTITY squf "▪"> +<!ENTITY utrif "▴"> +<!ENTITY dtrif "▾"> +<!ENTITY ltrif "◂"> +<!ENTITY rtrif "▸"> +<!ENTITY clubs "♣"> +<!ENTITY diams "♦"> +<!ENTITY hearts "♥"> +<!ENTITY spades "♠"> +<!ENTITY malt "✠"> +<!ENTITY dagger "†"> +<!ENTITY Dagger "‡"> +<!ENTITY check "✓"> +<!ENTITY cross "✗"> +<!ENTITY sharp "♯"> +<!ENTITY flat "♭"> +<!ENTITY male "♂"> +<!ENTITY female "♀"> +<!ENTITY phone "☎"> +<!ENTITY telrec "⌕"> +<!ENTITY copysr "℗"> +<!ENTITY caret "⁁"> +<!ENTITY lsquor "‚"> +<!ENTITY ldquor "„"> +<!ENTITY fflig "ff"> +<!ENTITY filig "fi"> +<!ENTITY ffilig "ffi"> +<!ENTITY ffllig "ffl"> +<!ENTITY fllig "fl"> +<!ENTITY mldr "…"> +<!ENTITY rdquor "“"> +<!ENTITY rsquor "‘"> +<!ENTITY vellip "⋮"> +<!ENTITY hybull "⁃"> +<!ENTITY loz "◊"> +<!ENTITY lozf "✦"> +<!ENTITY ltri "◃"> +<!ENTITY rtri "▹"> +<!ENTITY starf "★"> +<!ENTITY natur "♮"> +<!ENTITY rx "℞"> +<!ENTITY sext "✶"> +<!ENTITY target "⌖"> +<!ENTITY dlcrop "⌍"> +<!ENTITY drcrop "⌌"> +<!ENTITY ulcrop "⌏"> +<!ENTITY urcrop "⌎"> +<!ENTITY % local.notation.class ""> +<!ENTITY % notation.class + "BMP| CGM-CHAR | CGM-BINARY | CGM-CLEAR | DITROFF | DVI + | EPS | EQN | FAX | GIF | GIF87a | GIF89a + | JPG | JPEG | IGES | PCX + | PIC | PNG | PS | SGML | TBL | TEX | TIFF | WMF | WPG + | linespecific + %local.notation.class;"> +<!NOTATION BMP PUBLIC +"+//ISBN 0-7923-9432-1::Graphic Notation//NOTATION Microsoft Windows bitmap//EN"> +<!NOTATION CGM-CHAR PUBLIC "ISO 8632/2//NOTATION Character encoding//EN"> +<!NOTATION CGM-BINARY PUBLIC "ISO 8632/3//NOTATION Binary encoding//EN"> +<!NOTATION CGM-CLEAR PUBLIC "ISO 8632/4//NOTATION Clear text encoding//EN"> +<!NOTATION DITROFF SYSTEM "DITROFF"> +<!NOTATION DVI SYSTEM "DVI"> +<!NOTATION EPS PUBLIC +"+//ISBN 0-201-18127-4::Adobe//NOTATION PostScript Language Ref. Manual//EN"> +<!NOTATION EQN SYSTEM "EQN"> +<!NOTATION FAX PUBLIC +"-//USA-DOD//NOTATION CCITT Group 4 Facsimile Type 1 Untiled Raster//EN"> +<!NOTATION GIF SYSTEM "GIF"> +<!NOTATION GIF87a PUBLIC +"-//CompuServe//NOTATION Graphics Interchange Format 87a//EN"> +<!NOTATION GIF89a PUBLIC +"-//CompuServe//NOTATION Graphics Interchange Format 89a//EN"> +<!NOTATION JPG SYSTEM "JPG"> +<!NOTATION JPEG SYSTEM "JPG"> +<!NOTATION IGES PUBLIC +"-//USA-DOD//NOTATION (ASME/ANSI Y14.26M-1987) Initial Graphics Exchange Specification//EN"> +<!NOTATION PCX PUBLIC +"+//ISBN 0-7923-9432-1::Graphic Notation//NOTATION ZSoft PCX bitmap//EN"> +<!NOTATION PIC SYSTEM "PIC"> +<!NOTATION PNG SYSTEM "http://www.w3.org/TR/REC-png"> +<!NOTATION PS SYSTEM "PS"> +<!NOTATION SGML PUBLIC +"ISO 8879:1986//NOTATION Standard Generalized Markup Language//EN"> +<!NOTATION TBL SYSTEM "TBL"> +<!NOTATION TEX PUBLIC +"+//ISBN 0-201-13448-9::Knuth//NOTATION The TeXbook//EN"> +<!NOTATION TIFF SYSTEM "TIFF"> +<!NOTATION WMF PUBLIC +"+//ISBN 0-7923-9432-1::Graphic Notation//NOTATION Microsoft Windows Metafile//EN"> +<!NOTATION WPG SYSTEM "WPG"> +<!NOTATION linespecific SYSTEM "linespecific"> +<!ENTITY euro "€"> +<!ENTITY % yesorno.attvals "CDATA"> +<!ENTITY % local.mediaobject.mix ""> +<!ENTITY % mediaobject.mix + "videoobject|audioobject|imageobject %local.mediaobject.mix;"> +<!ENTITY % formalobject.title.content "title, titleabbrev?"> +<!ENTITY % role.attrib + "role CDATA #IMPLIED"> +<!ENTITY % label.attrib + "label CDATA #IMPLIED"> +<!ENTITY % linespecific.attrib + "format NOTATION + (linespecific) 'linespecific' + linenumbering (numbered|unnumbered) #IMPLIED"> +<!ENTITY % linkendreq.attrib + "linkend IDREF #REQUIRED"> +<!ENTITY % local.mark.attrib ""> +<!ENTITY % mark.attrib + "mark CDATA #IMPLIED + %local.mark.attrib;" +> +<!ENTITY % moreinfo.attrib + "moreinfo (refentry|none) 'none'"> +<!ENTITY % pagenum.attrib + "pagenum CDATA #IMPLIED"> +<!ENTITY % local.status.attrib ""> +<!ENTITY % status.attrib + "status CDATA #IMPLIED + %local.status.attrib;" +> +<!ENTITY % width.attrib + "width CDATA #IMPLIED"> +<!ENTITY % local.title.attrib ""> +<!ENTITY % title.role.attrib "%role.attrib;"> +<!ELEMENT title (%title.char.mix;)*> +<!ATTLIST title + %pagenum.attrib; + %common.attrib; + %title.role.attrib; + %local.title.attrib; +> +<!ENTITY % local.titleabbrev.attrib ""> +<!ENTITY % titleabbrev.role.attrib "%role.attrib;"> +<!ELEMENT titleabbrev (%title.char.mix;)*> +<!ATTLIST titleabbrev + %common.attrib; + %titleabbrev.role.attrib; + %local.titleabbrev.attrib; +> +<!ENTITY % local.subtitle.attrib ""> +<!ENTITY % subtitle.role.attrib "%role.attrib;"> +<!ELEMENT subtitle (%title.char.mix;)*> +<!ATTLIST subtitle + %common.attrib; + %subtitle.role.attrib; + %local.subtitle.attrib; +> +<!ENTITY % local.bibliomixed.attrib ""> +<!ENTITY % bibliomixed.role.attrib "%role.attrib;"> +<!ATTLIST bibliomixed + %common.attrib; + %bibliomixed.role.attrib; + %local.bibliomixed.attrib; +> +<!ENTITY % local.articleinfo.attrib ""> +<!ENTITY % articleinfo.role.attrib "%role.attrib;"> +<!ATTLIST articleinfo + %common.attrib; + %articleinfo.role.attrib; + %local.articleinfo.attrib; +> +<!ENTITY % bibliomset.role.attrib "%role.attrib;"> +<!ENTITY % local.bibliomset.attrib ""> +<!ELEMENT bibliomset (#PCDATA | %bibliocomponent.mix; | bibliomset)*> +<!ATTLIST bibliomset + relation CDATA #IMPLIED + %bibliomset.role.attrib; + %common.attrib; + %local.bibliomset.attrib; +> +<!ENTITY % local.bibliomisc.attrib ""> +<!ENTITY % bibliomisc.role.attrib "%role.attrib;"> +<!ELEMENT bibliomisc (%para.char.mix;)*> +<!ATTLIST bibliomisc + %common.attrib; + %bibliomisc.role.attrib; + %local.bibliomisc.attrib; +> +<!ENTITY % local.subjectset.attrib ""> +<!ENTITY % subjectset.role.attrib "%role.attrib;"> +<!ELEMENT subjectset (subject+)> +<!ATTLIST subjectset + scheme NMTOKEN #IMPLIED + %common.attrib; + %subjectset.role.attrib; + %local.subjectset.attrib; +> +<!ENTITY % local.subject.attrib ""> +<!ENTITY % subject.role.attrib "%role.attrib;"> +<!ELEMENT subject (subjectterm+)> +<!ATTLIST subject + weight CDATA #IMPLIED + %common.attrib; + %subject.role.attrib; + %local.subject.attrib; +> +<!ENTITY % local.subjectterm.attrib ""> +<!ENTITY % subjectterm.role.attrib "%role.attrib;"> +<!ELEMENT subjectterm (#PCDATA)> +<!ATTLIST subjectterm + %common.attrib; + %subjectterm.role.attrib; + %local.subjectterm.attrib; +> +<!ENTITY % local.keywordset.attrib ""> +<!ENTITY % keywordset.role.attrib "%role.attrib;"> +<!ELEMENT keywordset (keyword+)> +<!ATTLIST keywordset + %common.attrib; + %keywordset.role.attrib; + %local.keywordset.attrib; +> +<!ENTITY % local.keyword.attrib ""> +<!ENTITY % keyword.role.attrib "%role.attrib;"> +<!ELEMENT keyword (#PCDATA)> +<!ATTLIST keyword + %common.attrib; + %keyword.role.attrib; + %local.keyword.attrib; +> +<!ENTITY % local.sidebar.attrib ""> +<!ENTITY % sidebar.role.attrib "%role.attrib;"> +<!ATTLIST sidebar + %common.attrib; + %sidebar.role.attrib; + %local.sidebar.attrib; +> +<!ENTITY % local.abstract.attrib ""> +<!ENTITY % abstract.role.attrib "%role.attrib;"> +<!ELEMENT abstract (title?, (%para.class;)+)> +<!ATTLIST abstract + %common.attrib; + %abstract.role.attrib; + %local.abstract.attrib; +> +<!ENTITY % local.authorblurb.attrib ""> +<!ENTITY % authorblurb.role.attrib "%role.attrib;"> +<!ELEMENT authorblurb (title?, (%para.class;)+)> +<!ATTLIST authorblurb + %common.attrib; + %authorblurb.role.attrib; + %local.authorblurb.attrib; +> +<!ENTITY % local.blockquote.attrib ""> +<!ENTITY % blockquote.role.attrib "%role.attrib;"> +<!ELEMENT blockquote (title?, attribution?, (%component.mix;)+)> +<!ATTLIST blockquote + %common.attrib; + %blockquote.role.attrib; + %local.blockquote.attrib; +> +<!ENTITY % local.attribution.attrib ""> +<!ENTITY % attribution.role.attrib "%role.attrib;"> +<!ELEMENT attribution (%para.char.mix;)*> +<!ATTLIST attribution + %common.attrib; + %attribution.role.attrib; + %local.attribution.attrib; +> +<!ENTITY % local.epigraph.attrib ""> +<!ENTITY % epigraph.role.attrib "%role.attrib;"> +<!ELEMENT epigraph (attribution?, (%para.class;)+)> +<!ATTLIST epigraph + %common.attrib; + %epigraph.role.attrib; + %local.epigraph.attrib; +> +<!ENTITY % local.footnote.attrib ""> +<!ENTITY % footnote.role.attrib "%role.attrib;"> +<!ELEMENT footnote ((%footnote.mix;)+)> +<!ATTLIST footnote + %label.attrib; + %common.attrib; + %footnote.role.attrib; + %local.footnote.attrib; +> +<!ENTITY % local.para.attrib ""> +<!ENTITY % para.role.attrib "%role.attrib;"> +<!ATTLIST para + %common.attrib; + %para.role.attrib; + %local.para.attrib; +> +<!ENTITY % local.admon.attrib ""> +<!ENTITY % admon.role.attrib "%role.attrib;"> +<!ELEMENT note (title?, (%admon.mix;)+)> +<!ATTLIST note + %common.attrib; + %admon.role.attrib; + %local.admon.attrib; +> +<!ENTITY % local.itemizedlist.attrib ""> +<!ENTITY % itemizedlist.role.attrib "%role.attrib;"> +<!ELEMENT itemizedlist ((%formalobject.title.content;)?, listitem+)> +<!ATTLIST itemizedlist spacing (normal + |compact) #IMPLIED + %mark.attrib; + %common.attrib; + %itemizedlist.role.attrib; + %local.itemizedlist.attrib; +> +<!ENTITY % local.orderedlist.attrib ""> +<!ENTITY % orderedlist.role.attrib "%role.attrib;"> +<!ELEMENT orderedlist ((%formalobject.title.content;)?, listitem+)> +<!ATTLIST orderedlist + numeration (arabic + |upperalpha + |loweralpha + |upperroman + |lowerroman) #IMPLIED + inheritnum (inherit + |ignore) "ignore" + continuation (continues + |restarts) "restarts" + spacing (normal + |compact) #IMPLIED + %common.attrib; + %orderedlist.role.attrib; + %local.orderedlist.attrib; +> +<!ENTITY % local.listitem.attrib ""> +<!ENTITY % listitem.role.attrib "%role.attrib;"> +<!ELEMENT listitem ((%component.mix;)+)> +<!ATTLIST listitem + override CDATA #IMPLIED + %common.attrib; + %listitem.role.attrib; + %local.listitem.attrib; +> +<!ENTITY % local.variablelist.attrib ""> +<!ENTITY % variablelist.role.attrib "%role.attrib;"> +<!ELEMENT variablelist ((%formalobject.title.content;)?, varlistentry+)> +<!ATTLIST variablelist + termlength CDATA #IMPLIED + %common.attrib; + %variablelist.role.attrib; + %local.variablelist.attrib; +> +<!ENTITY % local.varlistentry.attrib ""> +<!ENTITY % varlistentry.role.attrib "%role.attrib;"> +<!ELEMENT varlistentry (term+, listitem)> +<!ATTLIST varlistentry + %common.attrib; + %varlistentry.role.attrib; + %local.varlistentry.attrib; +> +<!ENTITY % local.term.attrib ""> +<!ENTITY % term.role.attrib "%role.attrib;"> +<!ELEMENT term (%para.char.mix;)*> +<!ATTLIST term + %common.attrib; + %term.role.attrib; + %local.term.attrib; +> +<!ENTITY % local.example.attrib ""> +<!ENTITY % example.role.attrib "%role.attrib;"> +<!ELEMENT example ((%formalobject.title.content;), (%example.mix;)+)> +<!ATTLIST example + %label.attrib; + %width.attrib; + %common.attrib; + %example.role.attrib; + %local.example.attrib; +> +<!ENTITY % local.programlisting.attrib ""> +<!ENTITY % programlisting.role.attrib "%role.attrib;"> +<!ATTLIST programlisting + %width.attrib; + %linespecific.attrib; + %common.attrib; + %programlisting.role.attrib; + %local.programlisting.attrib; +> +<!ENTITY % local.literallayout.attrib ""> +<!ENTITY % literallayout.role.attrib "%role.attrib;"> +<!ATTLIST literallayout + %width.attrib; + %linespecific.attrib; + class (monospaced|normal) "normal" + %common.attrib; + %literallayout.role.attrib; + %local.literallayout.attrib; +> +<!ENTITY % local.figure.attrib ""> +<!ENTITY % figure.role.attrib "%role.attrib;"> +<!ELEMENT figure ((%formalobject.title.content;), (%figure.mix; | + %link.char.class;)+)> +<!ATTLIST figure + float %yesorno.attvals; '0' + pgwide %yesorno.attvals; #IMPLIED + %label.attrib; + %common.attrib; + %figure.role.attrib; + %local.figure.attrib; +> +<!ENTITY % local.mediaobject.attrib ""> +<!ENTITY % mediaobject.role.attrib "%role.attrib;"> +<!ELEMENT mediaobject (objectinfo?, + (%mediaobject.mix;), + (%mediaobject.mix;|textobject)*, + caption?)> +<!ATTLIST mediaobject + %common.attrib; + %mediaobject.role.attrib; + %local.mediaobject.attrib; +> +<!ENTITY % local.inlinemediaobject.attrib ""> +<!ENTITY % inlinemediaobject.role.attrib "%role.attrib;"> +<!ELEMENT inlinemediaobject (objectinfo?, + (%mediaobject.mix;), + (%mediaobject.mix;|textobject)*)> +<!ATTLIST inlinemediaobject + %common.attrib; + %inlinemediaobject.role.attrib; + %local.inlinemediaobject.attrib; +> +<!ENTITY % local.videoobject.attrib ""> +<!ENTITY % videoobject.role.attrib "%role.attrib;"> +<!ELEMENT videoobject (objectinfo?, videodata)> +<!ATTLIST videoobject + %common.attrib; + %videoobject.role.attrib; + %local.videoobject.attrib; +> +<!ENTITY % local.audioobject.attrib ""> +<!ENTITY % audioobject.role.attrib "%role.attrib;"> +<!ELEMENT audioobject (objectinfo?, audiodata)> +<!ATTLIST audioobject + %common.attrib; + %audioobject.role.attrib; + %local.audioobject.attrib; +> +<!ENTITY % local.imageobject.attrib ""> +<!ENTITY % imageobject.role.attrib "%role.attrib;"> +<!ELEMENT imageobject (objectinfo?, imagedata)> +<!ATTLIST imageobject + %common.attrib; + %imageobject.role.attrib; + %local.imageobject.attrib; +> +<!ENTITY % local.textobject.attrib ""> +<!ENTITY % textobject.role.attrib "%role.attrib;"> +<!ELEMENT textobject (objectinfo?, (phrase|(%textobject.mix;)+))> +<!ATTLIST textobject + %common.attrib; + %textobject.role.attrib; + %local.textobject.attrib; +> +<!ENTITY % local.objectinfo.attrib ""> +<!ENTITY % objectinfo.role.attrib "%role.attrib;"> +<!ATTLIST objectinfo + %common.attrib; + %objectinfo.role.attrib; + %local.objectinfo.attrib; +> +<!ENTITY % local.objectdata.attrib ""> +<!ENTITY % objectdata.attrib + " + entityref ENTITY #IMPLIED + fileref CDATA #IMPLIED + format (%notation.class;) + #IMPLIED + srccredit CDATA #IMPLIED + %local.objectdata.attrib;" +> +<!ENTITY % local.videodata.attrib ""> +<!ENTITY % videodata.role.attrib "%role.attrib;"> +<!ELEMENT videodata EMPTY> +<!ATTLIST videodata + %common.attrib; + %objectdata.attrib; + width CDATA #IMPLIED + depth CDATA #IMPLIED + align (left + |right + |center) #IMPLIED + scale CDATA #IMPLIED + scalefit %yesorno.attvals; + #IMPLIED + %videodata.role.attrib; + %local.videodata.attrib; +> +<!ENTITY % local.audiodata.attrib ""> +<!ENTITY % audiodata.role.attrib "%role.attrib;"> +<!ELEMENT audiodata EMPTY> +<!ATTLIST audiodata + %common.attrib; + %objectdata.attrib; + %local.audiodata.attrib; + %audiodata.role.attrib; +> +<!ENTITY % local.imagedata.attrib ""> +<!ENTITY % imagedata.role.attrib "%role.attrib;"> +<!ELEMENT imagedata EMPTY> +<!ATTLIST imagedata + %common.attrib; + %objectdata.attrib; + width CDATA #IMPLIED + depth CDATA #IMPLIED + align (left + |right + |center) #IMPLIED + scale CDATA #IMPLIED + scalefit %yesorno.attvals; + #IMPLIED + %local.imagedata.attrib; + %imagedata.role.attrib; +> +<!ENTITY % local.caption.attrib ""> +<!ENTITY % caption.role.attrib "%role.attrib;"> +<!ELEMENT caption (%textobject.mix;)*> +<!ATTLIST caption + %common.attrib; + %local.caption.attrib; + %caption.role.attrib; +> +<!ENTITY % tables.role.attrib "%role.attrib;"> +<!ENTITY % bodyatt "%label.attrib;"> +<!ENTITY % secur + "%common.attrib; + %tables.role.attrib;"> +<!ENTITY % common.table.attribs + "%bodyatt; + %secur;"> +<!ENTITY % tbl.entry.mdl "%para.char.mix; | %tabentry.mix;"> +<!ENTITY % yesorno 'CDATA'> +<!ENTITY % tbl.table.att ' + tabstyle CDATA #IMPLIED + tocentry %yesorno; #IMPLIED + shortentry %yesorno; #IMPLIED + orient (port|land) #IMPLIED + pgwide %yesorno; #IMPLIED '> +<!ENTITY % tbl.tgroup.mdl "colspec*,spanspec*,thead?,tfoot?,tbody"> +<!ENTITY % tbl.tgroup.att ' + tgroupstyle CDATA #IMPLIED '> +<!ENTITY % tbl.hdft.mdl "colspec*,row+"> +<!ENTITY % tbl.row.mdl "(entry|entrytbl)+"> +<!ENTITY % tbl.entrytbl.mdl "colspec*,spanspec*,thead?,tbody"> +<!ELEMENT table (%tbl.table.mdl;)> +<!ATTLIST table + frame (top|bottom|topbot|all|sides|none) #IMPLIED + colsep %yesorno; #IMPLIED + rowsep %yesorno; #IMPLIED + %tbl.table.att; + %bodyatt; + %secur; +> +<!ELEMENT tgroup (%tbl.tgroup.mdl;) > +<!ATTLIST tgroup + cols CDATA #REQUIRED + %tbl.tgroup.att; + colsep %yesorno; #IMPLIED + rowsep %yesorno; #IMPLIED + align (left|right|center|justify|char) #IMPLIED + char CDATA #IMPLIED + charoff CDATA #IMPLIED + %secur; +> +<!ELEMENT colspec EMPTY > +<!ATTLIST colspec + colnum CDATA #IMPLIED + colname CDATA #IMPLIED + colwidth CDATA #IMPLIED + colsep %yesorno; #IMPLIED + rowsep %yesorno; #IMPLIED + align (left|right|center|justify|char) #IMPLIED + char CDATA #IMPLIED + charoff CDATA #IMPLIED +> +<!ELEMENT spanspec EMPTY > +<!ATTLIST spanspec + namest CDATA #REQUIRED + nameend CDATA #REQUIRED + spanname CDATA #REQUIRED + colsep %yesorno; #IMPLIED + rowsep %yesorno; #IMPLIED + align (left|right|center|justify|char) #IMPLIED + char CDATA #IMPLIED + charoff CDATA #IMPLIED +> +<!ELEMENT thead (%tbl.hdft.mdl;)> +<!ATTLIST thead + valign (top|middle|bottom) #IMPLIED + %secur; +> +<!ELEMENT tfoot (%tbl.hdft.mdl;)> +<!ATTLIST tfoot + valign (top|middle|bottom) #IMPLIED + %secur; +> +<!ELEMENT tbody (row+)> +<!ATTLIST tbody + valign (top|middle|bottom) #IMPLIED + %secur; +> +<!ELEMENT row (%tbl.row.mdl;)> +<!ATTLIST row + rowsep %yesorno; #IMPLIED + valign (top|middle|bottom) #IMPLIED + %secur; +> +<!ELEMENT entrytbl (%tbl.entrytbl.mdl;)> +<!ATTLIST entrytbl + cols CDATA #REQUIRED + %tbl.tgroup.att; + colname CDATA #IMPLIED + spanname CDATA #IMPLIED + namest CDATA #IMPLIED + nameend CDATA #IMPLIED + colsep %yesorno; #IMPLIED + rowsep %yesorno; #IMPLIED + align (left|right|center|justify|char) #IMPLIED + char CDATA #IMPLIED + charoff CDATA #IMPLIED + %secur; +> +<!ELEMENT entry (%tbl.entry.mdl;)*> +<!ATTLIST entry + colname CDATA #IMPLIED + namest CDATA #IMPLIED + nameend CDATA #IMPLIED + spanname CDATA #IMPLIED + morerows CDATA #IMPLIED + colsep %yesorno; #IMPLIED + rowsep %yesorno; #IMPLIED + align (left|right|center|justify|char) #IMPLIED + char CDATA #IMPLIED + charoff CDATA #IMPLIED + rotate %yesorno; #IMPLIED + valign (top|middle|bottom) #IMPLIED + %secur; +> +<!ENTITY % local.informaltable.attrib ""> +<!ATTLIST informaltable + frame (top + |bottom + |topbot + |all + |sides + |none) #IMPLIED + colsep %yesorno.attvals; #IMPLIED + rowsep %yesorno.attvals; #IMPLIED + %common.table.attribs; + %tbl.table.att; + %local.informaltable.attrib; +> +<!ENTITY % local.affiliation.attrib ""> +<!ENTITY % affiliation.role.attrib "%role.attrib;"> +<!ATTLIST affiliation + %common.attrib; + %affiliation.role.attrib; + %local.affiliation.attrib; +> +<!ENTITY % local.jobtitle.attrib ""> +<!ENTITY % jobtitle.role.attrib "%role.attrib;"> +<!ELEMENT jobtitle (%docinfo.char.mix;)*> +<!ATTLIST jobtitle + %common.attrib; + %jobtitle.role.attrib; + %local.jobtitle.attrib; +> +<!ENTITY % local.author.attrib ""> +<!ENTITY % author.role.attrib "%role.attrib;"> +<!ELEMENT author ((%person.ident.mix;)+)> +<!ATTLIST author + %common.attrib; + %author.role.attrib; + %local.author.attrib; +> +<!ENTITY % local.authorgroup.attrib ""> +<!ENTITY % authorgroup.role.attrib "%role.attrib;"> +<!ATTLIST authorgroup + %common.attrib; + %authorgroup.role.attrib; + %local.authorgroup.attrib; +> +<!ENTITY % local.authorinitials.attrib ""> +<!ENTITY % authorinitials.role.attrib "%role.attrib;"> +<!ELEMENT authorinitials (%docinfo.char.mix;)*> +<!ATTLIST authorinitials + %common.attrib; + %authorinitials.role.attrib; + %local.authorinitials.attrib; +> +<!ENTITY % local.copyright.attrib ""> +<!ENTITY % copyright.role.attrib "%role.attrib;"> +<!ELEMENT copyright (year+, holder*)> +<!ATTLIST copyright + %common.attrib; + %copyright.role.attrib; + %local.copyright.attrib; +> +<!ENTITY % local.year.attrib ""> +<!ENTITY % year.role.attrib "%role.attrib;"> +<!ELEMENT year (%docinfo.char.mix;)*> +<!ATTLIST year + %common.attrib; + %year.role.attrib; + %local.year.attrib; +> +<!ENTITY % local.holder.attrib ""> +<!ENTITY % holder.role.attrib "%role.attrib;"> +<!ELEMENT holder (%docinfo.char.mix;)*> +<!ATTLIST holder + %common.attrib; + %holder.role.attrib; + %local.holder.attrib; +> +<!ENTITY % local.corpauthor.attrib ""> +<!ENTITY % corpauthor.role.attrib "%role.attrib;"> +<!ELEMENT corpauthor (%docinfo.char.mix;)*> +<!ATTLIST corpauthor + %common.attrib; + %corpauthor.role.attrib; + %local.corpauthor.attrib; +> +<!ENTITY % local.date.attrib ""> +<!ENTITY % date.role.attrib "%role.attrib;"> +<!ELEMENT date (%docinfo.char.mix;)*> +<!ATTLIST date + %common.attrib; + %date.role.attrib; + %local.date.attrib; +> +<!ENTITY % local.edition.attrib ""> +<!ENTITY % edition.role.attrib "%role.attrib;"> +<!ELEMENT edition (%docinfo.char.mix;)*> +<!ATTLIST edition + %common.attrib; + %edition.role.attrib; + %local.edition.attrib; +> +<!ENTITY % local.editor.attrib ""> +<!ENTITY % editor.role.attrib "%role.attrib;"> +<!ELEMENT editor ((%person.ident.mix;)+)> +<!ATTLIST editor + %common.attrib; + %editor.role.attrib; + %local.editor.attrib; +> +<!ENTITY % local.issuenum.attrib ""> +<!ENTITY % issuenum.role.attrib "%role.attrib;"> +<!ELEMENT issuenum (%docinfo.char.mix;)*> +<!ATTLIST issuenum + %common.attrib; + %issuenum.role.attrib; + %local.issuenum.attrib; +> +<!ENTITY % local.legalnotice.attrib ""> +<!ENTITY % legalnotice.role.attrib "%role.attrib;"> +<!ELEMENT legalnotice (title?, (%legalnotice.mix;)+)> +<!ATTLIST legalnotice + %common.attrib; + %legalnotice.role.attrib; + %local.legalnotice.attrib; +> +<!ENTITY % local.orgname.attrib ""> +<!ENTITY % orgname.role.attrib "%role.attrib;"> +<!ELEMENT orgname (%docinfo.char.mix;)*> +<!ATTLIST orgname + %common.attrib; + %orgname.role.attrib; + %local.orgname.attrib; +> +<!ENTITY % local.othercredit.attrib ""> +<!ENTITY % othercredit.role.attrib "%role.attrib;"> +<!ELEMENT othercredit ((%person.ident.mix;)+)> +<!ATTLIST othercredit + %common.attrib; + %othercredit.role.attrib; + %local.othercredit.attrib; +> +<!ENTITY % local.firstname.attrib ""> +<!ENTITY % firstname.role.attrib "%role.attrib;"> +<!ELEMENT firstname (%docinfo.char.mix;)*> +<!ATTLIST firstname + %common.attrib; + %firstname.role.attrib; + %local.firstname.attrib; +> +<!ENTITY % local.honorific.attrib ""> +<!ENTITY % honorific.role.attrib "%role.attrib;"> +<!ELEMENT honorific (%docinfo.char.mix;)*> +<!ATTLIST honorific + %common.attrib; + %honorific.role.attrib; + %local.honorific.attrib; +> +<!ENTITY % local.lineage.attrib ""> +<!ENTITY % lineage.role.attrib "%role.attrib;"> +<!ELEMENT lineage (%docinfo.char.mix;)*> +<!ATTLIST lineage + %common.attrib; + %lineage.role.attrib; + %local.lineage.attrib; +> +<!ENTITY % local.othername.attrib ""> +<!ENTITY % othername.role.attrib "%role.attrib;"> +<!ELEMENT othername (%docinfo.char.mix;)*> +<!ATTLIST othername + %common.attrib; + %othername.role.attrib; + %local.othername.attrib; +> +<!ENTITY % local.surname.attrib ""> +<!ENTITY % surname.role.attrib "%role.attrib;"> +<!ELEMENT surname (%docinfo.char.mix;)*> +<!ATTLIST surname + %common.attrib; + %surname.role.attrib; + %local.surname.attrib; +> +<!ENTITY % local.pubdate.attrib ""> +<!ENTITY % pubdate.role.attrib "%role.attrib;"> +<!ELEMENT pubdate (%docinfo.char.mix;)*> +<!ATTLIST pubdate + %common.attrib; + %pubdate.role.attrib; + %local.pubdate.attrib; +> +<!ENTITY % local.publishername.attrib ""> +<!ENTITY % publishername.role.attrib "%role.attrib;"> +<!ELEMENT publishername (%docinfo.char.mix;)*> +<!ATTLIST publishername + %common.attrib; + %publishername.role.attrib; + %local.publishername.attrib; +> +<!ENTITY % local.releaseinfo.attrib ""> +<!ENTITY % releaseinfo.role.attrib "%role.attrib;"> +<!ELEMENT releaseinfo (%docinfo.char.mix;)*> +<!ATTLIST releaseinfo + %common.attrib; + %releaseinfo.role.attrib; + %local.releaseinfo.attrib; +> +<!ENTITY % local.revhistory.attrib ""> +<!ENTITY % revhistory.role.attrib "%role.attrib;"> +<!ELEMENT revhistory (revision+)> +<!ATTLIST revhistory + %common.attrib; + %revhistory.role.attrib; + %local.revhistory.attrib; +> +<!ENTITY % local.revision.attrib ""> +<!ENTITY % revision.role.attrib "%role.attrib;"> +<!ELEMENT revision (revnumber, date, authorinitials*, + (revremark|revdescription)?)> +<!ATTLIST revision + %common.attrib; + %revision.role.attrib; + %local.revision.attrib; +> +<!ENTITY % local.revnumber.attrib ""> +<!ENTITY % revnumber.role.attrib "%role.attrib;"> +<!ELEMENT revnumber (%docinfo.char.mix;)*> +<!ATTLIST revnumber + %common.attrib; + %revnumber.role.attrib; + %local.revnumber.attrib; +> +<!ENTITY % local.revremark.attrib ""> +<!ENTITY % revremark.role.attrib "%role.attrib;"> +<!ELEMENT revremark (%docinfo.char.mix;)*> +<!ATTLIST revremark + %common.attrib; + %revremark.role.attrib; + %local.revremark.attrib; +> +<!ENTITY % local.revdescription.attrib ""> +<!ENTITY % revdescription.role.attrib "%role.attrib;"> +<!ELEMENT revdescription ((%revdescription.mix;)+)> +<!ATTLIST revdescription + %common.attrib; + %revdescription.role.attrib; + %local.revdescription.attrib; +> +<!ENTITY % local.volumenum.attrib ""> +<!ENTITY % volumenum.role.attrib "%role.attrib;"> +<!ELEMENT volumenum (%docinfo.char.mix;)*> +<!ATTLIST volumenum + %common.attrib; + %volumenum.role.attrib; + %local.volumenum.attrib; +> +<!ENTITY % local.command.attrib ""> +<!ENTITY % command.role.attrib "%role.attrib;"> +<!ELEMENT command (%cptr.char.mix;)*> +<!ATTLIST command + %moreinfo.attrib; + %common.attrib; + %command.role.attrib; + %local.command.attrib; +> +<!ENTITY % local.computeroutput.attrib ""> +<!ENTITY % computeroutput.role.attrib "%role.attrib;"> +<!ELEMENT computeroutput (%cptr.char.mix;)*> +<!ATTLIST computeroutput + %moreinfo.attrib; + %common.attrib; + %computeroutput.role.attrib; + %local.computeroutput.attrib; +> +<!ENTITY % local.email.attrib ""> +<!ENTITY % email.role.attrib "%role.attrib;"> +<!ELEMENT email (%docinfo.char.mix;)*> +<!ATTLIST email + %common.attrib; + %email.role.attrib; + %local.email.attrib; +> +<!ENTITY % local.filename.attrib ""> +<!ENTITY % filename.role.attrib "%role.attrib;"> +<!ELEMENT filename (%smallcptr.char.mix;)*> +<!ATTLIST filename + class (headerfile + |devicefile + |libraryfile + |directory + |symlink) #IMPLIED + path CDATA #IMPLIED + %moreinfo.attrib; + %common.attrib; + %filename.role.attrib; + %local.filename.attrib; +> +<!ENTITY % local.lineannotation.attrib ""> +<!ENTITY % lineannotation.role.attrib "%role.attrib;"> +<!ELEMENT lineannotation (%para.char.mix;)*> +<!ATTLIST lineannotation + %common.attrib; + %lineannotation.role.attrib; + %local.lineannotation.attrib; +> +<!ENTITY % local.literal.attrib ""> +<!ENTITY % literal.role.attrib "%role.attrib;"> +<!ELEMENT literal (%cptr.char.mix;)*> +<!ATTLIST literal + %moreinfo.attrib; + %common.attrib; + %literal.role.attrib; + %local.literal.attrib; +> +<!ENTITY % local.option.attrib ""> +<!ENTITY % option.role.attrib "%role.attrib;"> +<!ELEMENT option (%smallcptr.char.mix;)*> +<!ATTLIST option + %common.attrib; + %option.role.attrib; + %local.option.attrib; +> +<!ENTITY % local.replaceable.attrib ""> +<!ENTITY % replaceable.role.attrib "%role.attrib;"> +<!ATTLIST replaceable + class (command + |function + |option + |parameter) #IMPLIED + %common.attrib; + %replaceable.role.attrib; + %local.replaceable.attrib; +> +<!ENTITY % local.systemitem.attrib ""> +<!ENTITY % systemitem.role.attrib "%role.attrib;"> +<!ELEMENT systemitem (%smallcptr.char.mix; | acronym)*> +<!ATTLIST systemitem + class (constant + |groupname + |library + |macro + |osname + |resource + |systemname + |username) #IMPLIED + %moreinfo.attrib; + %common.attrib; + %systemitem.role.attrib; + %local.systemitem.attrib; +> +<!ENTITY % local.userinput.attrib ""> +<!ENTITY % userinput.role.attrib "%role.attrib;"> +<!ELEMENT userinput (%cptr.char.mix;)*> +<!ATTLIST userinput + %moreinfo.attrib; + %common.attrib; + %userinput.role.attrib; + %local.userinput.attrib; +> +<!ENTITY % local.abbrev.attrib ""> +<!ENTITY % abbrev.role.attrib "%role.attrib;"> +<!ELEMENT abbrev (%word.char.mix;)*> +<!ATTLIST abbrev + %common.attrib; + %abbrev.role.attrib; + %local.abbrev.attrib; +> +<!ENTITY % local.acronym.attrib ""> +<!ENTITY % acronym.role.attrib "%role.attrib;"> +<!ELEMENT acronym (%word.char.mix;)*> +<!ATTLIST acronym + %common.attrib; + %acronym.role.attrib; + %local.acronym.attrib; +> +<!ENTITY % local.citetitle.attrib ""> +<!ENTITY % citetitle.role.attrib "%role.attrib;"> +<!ELEMENT citetitle (%para.char.mix;)*> +<!ATTLIST citetitle + pubwork (article + |book + |chapter + |part + |refentry + |section + |journal + |series + |set + |manuscript) #IMPLIED + %common.attrib; + %citetitle.role.attrib; + %local.citetitle.attrib; +> +<!ENTITY % local.emphasis.attrib ""> +<!ENTITY % emphasis.role.attrib "%role.attrib;"> +<!ELEMENT emphasis (%para.char.mix;)*> +<!ATTLIST emphasis + %common.attrib; + %emphasis.role.attrib; + %local.emphasis.attrib; +> +<!ENTITY % local.phrase.attrib ""> +<!ENTITY % phrase.role.attrib "%role.attrib;"> +<!ELEMENT phrase (%para.char.mix;)*> +<!ATTLIST phrase + %common.attrib; + %phrase.role.attrib; + %local.phrase.attrib; +> +<!ENTITY % local.quote.attrib ""> +<!ENTITY % quote.role.attrib "%role.attrib;"> +<!ELEMENT quote (%para.char.mix;)*> +<!ATTLIST quote + %common.attrib; + %quote.role.attrib; + %local.quote.attrib; +> +<!ENTITY % local.trademark.attrib ""> +<!ENTITY % trademark.role.attrib "%role.attrib;"> +<!ATTLIST trademark + class (service + |trade + |registered + |copyright) 'trade' + %common.attrib; + %trademark.role.attrib; + %local.trademark.attrib; +> +<!ENTITY % local.link.attrib ""> +<!ENTITY % link.role.attrib "%role.attrib;"> +<!ELEMENT link (%para.char.mix;)*> +<!ATTLIST link + endterm IDREF #IMPLIED + %linkendreq.attrib; type CDATA #IMPLIED + %common.attrib; + %link.role.attrib; + %local.link.attrib; +> +<!ENTITY % local.ulink.attrib ""> +<!ENTITY % ulink.role.attrib "%role.attrib;"> +<!ELEMENT ulink (%para.char.mix;)*> +<!ATTLIST ulink + url CDATA #REQUIRED + type CDATA #IMPLIED + %common.attrib; + %ulink.role.attrib; + %local.ulink.attrib; +> +<!ENTITY % local.footnoteref.attrib ""> +<!ENTITY % footnoteref.role.attrib "%role.attrib;"> +<!ELEMENT footnoteref EMPTY> +<!ATTLIST footnoteref + %linkendreq.attrib; %label.attrib; + %common.attrib; + %footnoteref.role.attrib; + %local.footnoteref.attrib; +> +<!ENTITY % local.xref.attrib ""> +<!ENTITY % xref.role.attrib "%role.attrib;"> +<!ELEMENT xref EMPTY> +<!ATTLIST xref + endterm IDREF #IMPLIED + %linkendreq.attrib; %common.attrib; + %xref.role.attrib; + %local.xref.attrib; +> +<!ENTITY % local.appendix.class ""> +<!ENTITY % appendix.class "appendix %local.appendix.class;"> +<!ENTITY % div.title.content + "title, subtitle?, titleabbrev?"> +<!ENTITY % bookcomponent.title.content + "title, subtitle?, titleabbrev?"> +<!ENTITY % sect.title.content + "title, subtitle?, titleabbrev?"> +<!ENTITY % local.appendix.attrib ""> +<!ENTITY % appendix.role.attrib "%role.attrib;"> +<!ATTLIST appendix + %label.attrib; + %status.attrib; + %common.attrib; + %appendix.role.attrib; + %local.appendix.attrib; +> +<!ENTITY % local.section.attrib ""> +<!ENTITY % section.role.attrib "%role.attrib;"> +<!ATTLIST section + %label.attrib; + %status.attrib; + %common.attrib; + %section.role.attrib; + %local.section.attrib; +> +<!ENTITY % local.bibliography.attrib ""> +<!ENTITY % bibliography.role.attrib "%role.attrib;"> +<!ATTLIST bibliography + %status.attrib; + %common.attrib; + %bibliography.role.attrib; + %local.bibliography.attrib; +> +<!ENTITY % local.bibliodiv.attrib ""> +<!ENTITY % bibliodiv.role.attrib "%role.attrib;"> +<!ATTLIST bibliodiv + %status.attrib; + %common.attrib; + %bibliodiv.role.attrib; + %local.bibliodiv.attrib; +> +<!ENTITY % local.article.attrib ""> +<!ENTITY % article.role.attrib "%role.attrib;"> +<!ATTLIST article + class (journalarticle + |productsheet + |whitepaper + |techreport + |specification + |faq) #IMPLIED + parentbook IDREF #IMPLIED + %status.attrib; + %common.attrib; + %article.role.attrib; + %local.article.attrib; +> +<!ELEMENT objectinfo ((mediaobject | legalnotice + | keywordset | subjectset | %bibliocomponent.mix;)+)> +<!ELEMENT section (sectioninfo?, + (%sect.title.content;), + (((%divcomponent.mix;)+, section*) + | section+))> +<!ELEMENT sectioninfo ((mediaobject | legalnotice + | keywordset | subjectset | %bibliocomponent.mix;)+)> +<!ELEMENT authorgroup ((author|editor|corpauthor|othercredit)+)> +<!ELEMENT affiliation (jobtitle?, orgname?)> +<!ELEMENT para (%para.char.mix;)*> +<!ELEMENT informaltable (mediaobject+|tgroup+) > +<!ELEMENT replaceable (#PCDATA + | %link.char.class; + | inlinemediaobject)*> +<!ELEMENT trademark (#PCDATA + | %link.char.class; + | %tech.char.class; + | inlinemediaobject + | emphasis)*> +<!ELEMENT article ((%div.title.content;)?, articleinfo?, + (%bookcomponent.content;), + ((%appendix.class;)|bibliography)*)> +<!ELEMENT articleinfo ((mediaobject | legalnotice + | subjectset | keywordset | %bibliocomponent.mix;)+)> +<!ELEMENT appendix ((%bookcomponent.title.content;), + (%bookcomponent.content;))> +<!ELEMENT bibliography ((%bookcomponent.title.content;)?, + (%component.mix;)*, + (bibliodiv+ | bibliomixed+))> +<!ELEMENT bibliomixed (#PCDATA | %bibliocomponent.mix; | bibliomset)*> +<!ELEMENT bibliodiv ((%sect.title.content;)?, (%component.mix;)*, + (bibliomixed)+)> +<!ELEMENT sidebar ((%formalobject.title.content;)?, + (%sidebar.mix;)+)> +<!ELEMENT programlisting (%para.char.mix; | lineannotation)*> +<!ELEMENT literallayout (%para.char.mix; | lineannotation)*> diff --git a/2005/flow-accounting-lt2005/ltpdk/xml/i18n.xml b/2005/flow-accounting-lt2005/ltpdk/xml/i18n.xml new file mode 100644 index 0000000..be0890a --- /dev/null +++ b/2005/flow-accounting-lt2005/ltpdk/xml/i18n.xml @@ -0,0 +1,13 @@ +<?xml version="1.0" encoding="ISO-8859-1"?> +<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" version="1.0"> + <i18n name="text.toc" value="Table of Contents"/> + <i18n name="text.lot" value="List of Tables"/> + <i18n name="text.warning" value="Warning:"/> + <i18n name="text.note" value="Note:"/> + <i18n name="text.caution" value="Caution:"/> + <i18n name="text.important" value="Important:"/> + <i18n name="text.tip" value="Tip:"/> + <i18n name="text.headline1" value="EUROPES LARGEST GNU/LINUX EXHIBITION AND CONFERENCE"/> + <i18n name="text.headline2" value="MESSE UND KONGRESSZENTRUM KARLSRUHE // 5. BIS 8. JUNI 2003"/> + <i18n name="text.quickmenu" value="Quickmenu"/> +</xsl:stylesheet> diff --git a/2005/flow-accounting-lt2005/short_abstract b/2005/flow-accounting-lt2005/short_abstract new file mode 100644 index 0000000..153b4c6 --- /dev/null +++ b/2005/flow-accounting-lt2005/short_abstract @@ -0,0 +1,7 @@ +Flow based network accounting with Linux + +Many networking scenarios require some form of network accounting that goes beyond some simple packet and byte counters as available from the 'ifconfig' output. + +The author has implemented an efficient approach, by which the accounting +information is stored in the in-kernel connection tracking table of the +ip_conntrack stateful firewall state machine. diff --git a/2005/flow-accounting-ols2005/OLS2005/EXAMPLE/EXAMPLE.tex b/2005/flow-accounting-ols2005/OLS2005/EXAMPLE/EXAMPLE.tex new file mode 120000 index 0000000..501b897 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/EXAMPLE/EXAMPLE.tex @@ -0,0 +1 @@ +myPaper.tex
\ No newline at end of file diff --git a/2005/flow-accounting-ols2005/OLS2005/EXAMPLE/Makefile.inc b/2005/flow-accounting-ols2005/OLS2005/EXAMPLE/Makefile.inc new file mode 100644 index 0000000..00016e6 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/EXAMPLE/Makefile.inc @@ -0,0 +1,6 @@ +PAPERS += EXAMPLE/EXAMPLE.dvi + +## Add any additional .tex or .eps files below: +EXAMPLE/EXAMPLE.dvi EXAMPLE/EXAMPLE-proc.dvi: \ + EXAMPLE/EXAMPLE.tex + diff --git a/2005/flow-accounting-ols2005/OLS2005/EXAMPLE/bibliography.tex b/2005/flow-accounting-ols2005/OLS2005/EXAMPLE/bibliography.tex new file mode 100644 index 0000000..78340bc --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/EXAMPLE/bibliography.tex @@ -0,0 +1,180 @@ + +This example is based on Keith Packard's 2003 paper for +the Linux Symposium Proceedings. + +The easiest way to do a bibliography is to use BiBTeX. +In the body of the paper, you \cite{} various references. +The citation name is the first name following the opening +curly brace in the .bib file. For example, with the list below, +I could \cite{autoconf} and \cite{freetype2}. + +Near the end of your main .tex file, you include a section like so: +\begin{flushleft} +\bibliography{keithp} +\bibliographystyle{plain} +\end{flushleft} +(this comes *before* \end{document}.) + +And in a separate file whose name matches the \bibliography{} +declaration above (e.g., keithp.bib in this case), you define all +the references. Note that \url is a valid way to typeset web +references. + +Note that the makefiles are already set up to process this form +of bibliography, so using it is indeed easy. (It's also one +reason why the input files are processed multiple times, though.) + +Here are some sample entries for various types +of publications: + +@book{autoconf, + title = "GNU Autoconf, Automake and Libtool", + author = "Gary V. Vaughan and Ben Elliston and Tom Tromey and Ian Lance Taylor", + publisher = "New Riders", + year = 2000, + note = {ISBN 1-57870-190-2}, }, + +@article{blinn:1994, + title = "Compositing Theory", + author = "Jim Blinn", + journal = "IEEE Computer Graphics and Applications", + year = 1994, + month = "September", + note = "Republished in~\cite{blinn:1998}" } + +@book{blinn:1998, + title = "{Jim Blinn's Corner: Dirty Pixels}", + author = "Jim Blinn", + year = 1998, + publisher = "Morgan Kaufmann", + isbn = "1-55860-455-3", } + +@techreport{dbe, + title = "{Double Buffer Extension Protocol}", + author = "Ian Elliott and David P. Wiggins", + institution = "X Consortium, Inc.", + type = "X Consortium Standard", + year = 1994, } +@manual{dc, + title = "DC - An Interactive Desk Calculator", + author = "Robert Morris and Lorinda Cherry", + organization = "AT\&T Bell Laboratories", + note = "Unix Programmer's Manual Volume 2, 7th Edition", + year = 1978, }, + +@misc{freetype2, + title = "The design of {FreeType} 2", + author = "David Turner and The FreeType Development Team", + year = 2000, + note = "\url{http://www.freetype.org/freetype2/docs/design/}", +}, + +@inproceedings{gj, + title = "Making the future safe for the past: Adding Genericity to the Java Programming Language", + author = "Gilad Bracha and Martin Odersky and David Stoutamire and Phillip Wadler", + month = "October", + booktitle = "Conference on Object-Oriented Programing systems, Languages and Applications (OOPSLA '98)", + year = 1998, + publisher = "ACM", + organization = "SIGPLAN", } + +@phdthesis{Hobby85, + author = {John D. Hobby}, + title = {Digitized Brush Trajectories}, + school = {Stanford University}, + year = {1985}, + note = {Also {\it Stanford Report STAN-CS-85-1070}} +} + +@article{itsy, + title = "{Itsy: Stretching the Bounds of Mobile Computing}", + author = "William R. Hamburgen and Deborah A. Wallach and Marc A. Viredaz and Lawrence S. Brakmo and Carl A. Waldspurger and Joel F. Bartlett and Timothy Mann and Keith I. Farkas", + journal = "IEEE Computer", + year = 2001, + publisher = "Institute of Electrical and Electronics Engineers, Inc.", + volume = 34, + number = 4, + month = "April", + pages = "28-35", } + +@inproceedings{lbx:1993, + title = "{An Update on Low Bandwidth X (LBX): A Standard For X and Serial Lines}", + author = "Jim Fulton and Chris Kent Kantarjiev", + booktitle = "Proceedings of the Seventh Annual X Technical Conference", + month = "January", + year = 1993, + pages = "251-266", + address = "Boston, MA", + organization = "MIT X Consortium", +}, + +@inproceedings{lmbench:1996, + title = "{lmbench: Portable tools for performance analysis}", + author = "Larry McVoy and Carl Staelin", + booktitle = "Technical Conference Proceedings", + month = "January", + year = 1996, + pages = "279-284", + address = "San Diego, CA", + organization = "USENIX", } + +@Article{Nistnet00, + author = "NIST Internetworking Technology Group", + title = "{NISTNet} network emulation package", + journal = "\url{http://www.antd.nist.gov/itg/nistnet/}", + month = jun, + year = "2000", + bibdate = "Thursday, June 29, 2000 at 16:40:15 (MEST)", + submitter = "Katarina Asplund", +} + +@TechReport{AMD:2000:XTW, + author = "{AMD Corporation}", + title = "{x86-64$^{\mathrm{TM}}$ Technology White Paper}", + institution = "{AMD Corporation}", + address = "One AMD Place, Sunnyvale, CA 94088, USA", + pages = "12", + day = "17", + month = aug, + year = "2000", + bibdate = "Fri May 04 12:53:45 2001", + bibsource = "\url{http://www.amd.com/products/cpg/64bit/index.html}", + URL = "\url{http://www.amd.com/products/cpg/64bit/pdf/x86-64_wp.pdf}; + \url{http://www1.amd.com/products/cpg/x8664bit/faq}", + acknowledgement = ack-nhfb, + annote = "The x86-64 architecture is definitely not an IA-64 + implementation, but rather, an extension of IA-32 by + widening the integer registers to 64-bits.", +} + +@unpublished{pinzari, + author = "Gian Filippo Pinzari", + title = "The NX X Protocol Compressor", + note = "Electronic Communication", + month = "March", + year = "2003", + } + +@inproceedings{Gettys:2002, + title = "{The Future is Coming, Where the X Window System Should Go}", + author = "James Gettys", + booktitle = "FREENIX Track, 2002 Usenix Annual Technical Conference", + month = "June", + year = 2002, + organization = "USENIX", + address = "Monterey, CA", + url = "\url{http://www.usenix.org/publications/library/proceedings/usenix02/tech/freenix/full_papers/gettys/gettys_html/index.html}", +} + +@misc{ewing, + title = "Linux 2.0 Penguins", + author = "Larry Ewing", + note = "\url{http://www.isc.tamu.edu/~lewing/linux}", +} + +@misc{gimp, + title = "The {GIMP}: The {GNU} Image Manipulation Program", + author = "Peter Mattis and Spencer Kimball and the GIMP developers", + note = "\url{http://www.gimp.org}", +} + diff --git a/2005/flow-accounting-ols2005/OLS2005/EXAMPLE/bibliography2.tex b/2005/flow-accounting-ols2005/OLS2005/EXAMPLE/bibliography2.tex new file mode 100644 index 0000000..c838404 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/EXAMPLE/bibliography2.tex @@ -0,0 +1,41 @@ + +Here's another way of handling bibliographies; it does +not use a .bib file, but includes the items at the end +of the paper, before \end{document}. + +Each item has the format +\bibitem[printName]{citeName} details + +The "printName" will be printed at the point of your citation, +and again in the list of references. The "citeName" is what +you use in the source to create the citation. For example, +using the first entry below, I could \cite{menyhart} and +have the author's name print out properly in the appropriate +places. + +The bibliography below comes from Tony Luck's 2003 Linux +Symposium paper: + + +\begin{thebibliography}{99} +\raggedright +\bibitem[Menyh\'{a}rt]{menyhart} Z.\ Menyh\'{a}rt and D.\ Song, +{\em OS Machine Check Recovery on Itanium Architecture-base Platforms}, +Intel Developer Forum, Fall 2002 + +\bibitem[Ziegler]{ziegler} J.F.\ Ziegler, +{\em Terrestrial cosmic ray intensities}, +IBM Journal of Research and Development, Volume 42, Number 1, 1998 + +\bibitem[SDV]{SDV} Intel, +{\em Intel Itanium Architecture Software Developer's Manual, Volume 1--3} + +\bibitem[EHG]{EHG} Intel, +{\em Itanium Processor Family Error Handling Guide}, August 2001 + +\bibitem[SAL]{SAL} Intel, +{\em Itanium Processor Family System Abstraction Layer (SAL) Specification}, November 2002 + +\end{thebibliography} + + diff --git a/2005/flow-accounting-ols2005/OLS2005/EXAMPLE/complexCode/Figures/example.c b/2005/flow-accounting-ols2005/OLS2005/EXAMPLE/complexCode/Figures/example.c new file mode 100644 index 0000000..34d1726 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/EXAMPLE/complexCode/Figures/example.c @@ -0,0 +1,18 @@ +typedef struct QuadTree { + double Data; + struct QuadTree *Children[4]; +} QT; + +void Sum3rdChildren(QT *T, + double *Result) { + double Ret; + if (T == 0) { Ret = 0; + } else { + QT *Child3 = + T[0].Children[3]; + double V; + Sum3rdChildren(Child3, &V); + Ret = V + T[0].Data; + } + *Result = Ret; +} diff --git a/2005/flow-accounting-ols2005/OLS2005/EXAMPLE/complexCode/Figures/example.ll b/2005/flow-accounting-ols2005/OLS2005/EXAMPLE/complexCode/Figures/example.ll new file mode 100644 index 0000000..f9ce373 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/EXAMPLE/complexCode/Figures/example.ll @@ -0,0 +1,22 @@ +%struct.QuadTree = type { double, [4 x %QT*] } +%QT = type %struct.QuadTree + +void %Sum3rdChildren(%QT* %T, double* %Result) { +entry: %V = alloca double ;; %V is type 'double*' + %tmp.0 = seteq %QT* %T, null ;; type 'bool' + br bool %tmp.0, label %endif, label %else + +else: ;;tmp.1 = &T[0].Children[3] 'Children' = Field #1 + %tmp.1 = getelementptr %QT* %T, long 0, ubyte 1, long 3 + %Child3 = load %QT** %tmp.1 + call void %Sum3rdChildren(%QT* %Child3, double* %V) + %tmp.2 = load double* %V + %tmp.3 = getelementptr %QT* %T, long 0, ubyte 0 + %tmp.4 = load double* %tmp.3 + %tmp.5 = add double %tmp.2, %tmp.4 + br label %endif + +endif: %Ret = phi double [ %tmp.5, %else ], [ 0.0, %entry ] + store double %Ret, double* %Result + ret void ;; Return with no value +} diff --git a/2005/flow-accounting-ols2005/OLS2005/EXAMPLE/complexCode/Makefile b/2005/flow-accounting-ols2005/OLS2005/EXAMPLE/complexCode/Makefile new file mode 100644 index 0000000..9777b58 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/EXAMPLE/complexCode/Makefile @@ -0,0 +1,41 @@ + +.SUFFIXES: .tex .dvi .aux .eps .fig .dia .ps .pdf .bib .bbl + +TOP=complexFigure +TEXFILES=$(TOP).tex +FIGFILES:=$(wildcard *.fig) +EPSFILES:=$(wildcard *.eps) +EPSFILES+=$(FIGFILES:.fig=.eps) +PDFFILES=$(EPSFILES:.eps=.pdf) + +.fig.eps: + fig2dev -L eps $< >$@ + +.fig.pdf: + fig2dev -L pdf $< >$@ + +.eps.pdf: + epstopdf $< + +all: $(TOP).ps $(TOP).pdf + +$(TOP).ps: $(TOP).dvi + dvips -o $(TOP).ps $(TOP) + +$(TOP).dvi: $(TEXFILES) $(EPSFILES) + latex $(TOP) || true + bibtex $(TOP) || true + latex $(TOP) || true + latex $(TOP) + +$(TOP).pdf: $(TEXFILES) $(PDFFILES) + pdflatex $(TOP) || true + bibtex $(TOP) || true + pdflatex $(TOP) || true + pdflatex $(TOP) + +clean: + rm -f *.aux *.dvi *.log + rm -f $(TOP).ps $(TOP).pdf $(TOP).bbl $(TOP).blg + + diff --git a/2005/flow-accounting-ols2005/OLS2005/EXAMPLE/complexCode/complexFigure.tex b/2005/flow-accounting-ols2005/OLS2005/EXAMPLE/complexCode/complexFigure.tex new file mode 100644 index 0000000..6fe6c94 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/EXAMPLE/complexCode/complexFigure.tex @@ -0,0 +1,88 @@ +\documentclass[twocolumn,12pt]{article} +\usepackage{ols} +\ifpdf +\usepackage[pdftex]{epsfig} +\else +\usepackage{epsfig} +\fi +\input{ols-fonts} + +% These packages are Proceedings-friendly. +\usepackage{cprog} +\usepackage[nolineno,norules]{lgrind} +\usepackage[hang,scriptsize]{subfigure} + +% These ones are only suitable for standalone +\usepackage{subfigure} +%%% both of these break the Proceedings and are thus evil +\usepackage{listings} +\input{llvm.lst} % Get listing support for llvm code +%%%% + + +\begin{document} + +\date{} + +%make title bold and 14 pt font (Latex default is non-bold, 16 pt) +\title{Architecture for a Next-Generation GCC} + +\author{ +Chris Lattner \hspace*{0.5in} Vikram Adve\\ +\emph{University of Illinois at Urbana, Champaign}\\ +\texttt{\em\normalsize \{lattner, vadve\}@cs.uiuc.edu}\\ +\emph{\normalsize \url{http://llvm.cs.uiuc.edu}}} + +\maketitle + +% You have to do this to suppress page numbers. Don't ask. +\thispagestyle{empty} + +Formatting team's note: The two figures here illustrate two ways of presenting +the same information, and are hopefully more complex +than you'll require. The first is set using Proceedings-friendly +packages; the second works only as a standalone paper. + +%%% Figure typeset in a Proceedings-friendly fashion +%%% (thanks to Diego Novillo for inspiration) +\begin{figure*}[t] +\scriptsize +%%% \centering +\subfigure[Example function]{% +\label{figure:example_c} +\parbox{0.65\columnwidth}{\input{example-c}} +}\hspace*{5pt}\vrule\hspace*{5pt} +\subfigure[Corresponding LLVM code] {% +\label{figure:example_llvm} +\parbox{1.35\columnwidth}{\input{example-ll}}} +%%% }% +\caption{C and LLVM code for a function} +\label{figure:example} +\end{figure*} + +%%===------------------------ +% Code example figure +% +\begin{figure*} [t] +\scriptsize +\centering +\subfigure[Example function] { +\label{figure2:example_c} +\lstset{language=c} +\lstinputlisting{Figures/example.c} +}\hspace*{5pt}\vrule\hspace*{5pt} +\subfigure[Corresponding LLVM code] { +\label{figure2:example_llvm} +\lstset{language=LLVM} +\lstinputlisting{Figures/example.ll} +}% +\caption{C and LLVM code for a function} +\label{figure2:example} +\end{figure*} +% +%%===------------------------ + + +\end{document} + + diff --git a/2005/flow-accounting-ols2005/OLS2005/EXAMPLE/complexCode/cprog.sty b/2005/flow-accounting-ols2005/OLS2005/EXAMPLE/complexCode/cprog.sty new file mode 100644 index 0000000..a336397 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/EXAMPLE/complexCode/cprog.sty @@ -0,0 +1,249 @@ +% This is CSTY.STY as received by email at december 1990 +% +% The cprog macros allow programs in C, C++, Pascal, and Modula-2 to be +% included directly into TeX documents. Program text is set in a Roman +% font, comments in slanted, and strings in typewriter. Operators such as +% <= are optionally combined into single symbols like $\le$. Keywords are +% *not* emphasised---I find this ugly and distracting. (By purest +% coincidence it would also be very hard to do.) +% +% These macros can be \input in plain TeX or used as a style file in LaTeX. +% They provide a convenient alternative to tgrind, particularly for program +% fragments embedded in documents. Full instructions for use appear in the +% macro package itself. +% +% +% \'Eamonn McManus <emcmanus@cs.tcd.ie> <emcmanus%cs.tcd.ie@cunyvm.cuny.edu> +% +% ASCII: !"#$%&'()*+,-./09:;<=>?@AZ[\]^_`az{|}~ +% + +% BEGIN: cprog.tex (or cprog.sty) - formatting of C programs +% By \'Eamonn McManus <emcmanus@cs.tcd.ie>. This file is not copyrighted. +% $Id: cprog.tex,v 1.4 90/09/12 23:21:26 emcmanus Exp $ + +% This allows C programs to be formatted directly by TeX. It can be +% invoked by \cprogfile{filename} or (in LaTeX) \begin{cprog} ... +% \end{cprog} or (in plain TeX) \cprog ... \end{cprog}. In LaTeX, the +% alternative form \begin{cprog*} is allowed, where spaces in C strings +% are printed using the `square u' character (like LaTeX {verbatim*}). +% In plain TeX, you have to use \csname cprog*\endcsname for this (sorry). +% If you are using \cprogfile, say \cprogttspacetrue beforehand if you +% want this effect. + +% The formatting is (necessarily) simple. C text is set in a normal Roman +% font, comments in a slanted font, and strings in a typewriter font, with +% spaces optionally made visible as the `square u' symbol. Tabs are +% expanded to four spaces (this does not look good when comments are +% aligned to the right of program text). Some pairs of input characters +% appear as single output characters: << <= >> >= != -> are respectively +% TeX's \ll \le \gg \ge \ne \rightarrow. Say \cprogpairsfalse to disable +% this. + +% You can escape to TeX within cprog text by defining an escape character. +% The character @ is suitable for C and Pascal. I have not tested other +% characters so they may interact badly with their existing definitions here. +% To define @ as the escape character, do \cprogescape@. Then within text +% you can do @ followed by TeX commands. These commands will be in a TeX +% group with the \catcodes of \{}% as normal. The commands are terminated +% by a newline, which is not considered part of the program text. + +% The fonts below can be changed to alter the setting of the various parts +% of the program. The \cprogbaselineskip parameter can be altered to +% change the line spacing. LaTeX's \baselinestretch is taken into account +% too. The indentation applied to the whole program is \cprogindent, +% initially 0. Before and after the program there are skips of +% \beforecprogskip and \aftercprogskip; the default values are \parskip +% and 0 respectively (since there will often be a \parskip after the +% program anyway). + +% If the source text is Pascal or Modula-2, say \pascaltrue or \modulatrue +% (respectively) before formatting it. This makes (* *) be recognised for +% comments instead of /* */. Braces {} are also recognised for Pascal. +% \pascalfalse or \modulafalse as appropriate restores the default of C. + +% This package works by making a large number of characters active. Since +% even spaces are active, it is possible to examine the next character in +% a macro by making it a parameter, rather than using \futurelet as one +% would normally do. This is more convenient, but the coding does mean +% that if the next character itself wants to examine a character it may +% look at a token from the macro rather than the input text. I think that +% all cases that occur in practice have been looked after. + +% The macros could still do with some work. For example, the big macro +% defined with [] taking the place of {} could be recoded to use {} and so +% be more legible. The internal macros etc should have @ in their names, +% and should be checked against LaTeX macros for clashes. + +% Allow multiple inclusion to go faster. + +\ifx\undefined\cprogsetup % The whole file. + +% Define the fonts used for program text, comments, and strings. +% Note that if \it is used for \ccommentfont, something will need to +% be done about $ signs, which come out as pounds sterling. +\let\ctextfont=\tt \let\ccommentfont=\sl \let\cstringfont=\tt + +% Parameters. Unfortunately \newdimen is \outer (\outerness is a mistake) +% so we need a subterfuge in case we are skipping the file. +\csname newdimen\endcsname\cprogbaselineskip \cprogbaselineskip=\baselineskip +\csname newdimen\endcsname\cprogindent \cprogindent=0pt +\csname newdimen\endcsname\cprogwidth % Gets default=\hsize when cprog invoked. +\csname newskip\endcsname\beforecprogskip \beforecprogskip=\parskip +\csname newskip\endcsname\aftercprogskip \aftercprogskip=0pt +\csname newif\endcsname\ifcprogttspace +\csname newif\endcsname\ifcprogpairs \cprogpairstrue +\csname newif\endcsname\ifpascal +\csname newif\endcsname\ifmodula % Same as Pascal but no {comments}. +{\def\junk{\fi\fi\fi\fi}} % If skipping. + +\let\cprogesc\relax +\begingroup \catcode`~=\active +\gdef\cprogescape#1{% + {\catcode`~=\active \uccode`~=`#1 \aftergroup\cprogescont + \uppercase{\aftergroup~}}} +\gdef\cprogescont#1{% + \def\cprogesc{% + \makeactive#1\def#1{% + \begingroup \catcode`\\0 \catcode`{1 \catcode`}2 \catcode`\%14 + \catcode` 10 \clinegroup{}}}} +\endgroup + +\def\makeactive#1{\catcode`#1=\active} \def\makeother#1{\catcode`#1=12} +{\obeyspaces\gdef\activespace{ } \obeylines\gdef\activecr{^^M}} +{\catcode`|=\catcode`\\ \makeactive\\ |gdef|activebackslash{\}} +{\catcode9=\active \gdef\activetab{^^I}} + +% The following group makes many characters active, so that their catcodes +% in the \cprogchars macro are active, allowing them to be defined. We +% could alternatively define more stuff like \activebackslash and use +% \expandafter or (carefully) \edef to expand these in the macro. +\begingroup +\catcode`[=\catcode`{ \catcode`]=\catcode`} +\makeactive! \makeactive" \makeactive' \makeactive( \makeactive* \makeactive- +\makeactive/ \makeactive< \makeactive> \makeactive? \makeactive^ \makeactive_ +\makeactive\{ \makeactive| \makeactive\} +\gdef\activestar[*] +\gdef\cprogchars[% + \makeother##\makeother$\makeother&\makeother\%\makeother^% + \makeactive"\makeactive'\makeactive*\makeactive?\makeactive{\makeactive}% + \makeactive}\makeactive\\\makeactive_\expandafter\makeactive\activetab% + \makeactive!\makeactive<\makeactive>\makeactive-\makeactive|% + \ifcprogpairs + \def!##1[\ifx=##1$\ne$\else\string!\null##1\fi]% + \def-##1[\ifx>##1$\rightarrow$\else$\string-$##1\fi]% + % We use \aftergroup in < and > to deal with the fact that #1 might + % itself examine the following character. + \def<##1[[$\ifx<##1\ll$\else\ifx=##1\le$\else + \ifx>##1\ifpascal\ne$\else\string<$\aftergroup>\fi + \else \string<$\aftergroup##1\fi\fi\fi]]% + \def>##1[[$\ifx>##1\gg$\else\ifx=##1\ge$\else + \string>$\aftergroup##1\fi\fi]]% + \else \def![\string!\null]% Avoid !` ligature. + \def-[$\string-$]\def<[$\string<$]\def>[$\string>$]% + \fi + \def?[\string?\null]% Avoid ?` ligature. + \def"[\cquote"[\tt\string"]]\def'[\cquote'[\tt\ttquote]]\def*[$\string*$]% + \ifmodula \pascaltrue \fi % Except that {...} is used for sets. + \ifpascal + \ifmodula \dulllbrace \else + \def{[\begingroup \dulllbrace{\ccommentsetup\def}[\/\endgroup }]]% + \fi \makeactive(\let(=\pascalcomment \makeactive^\def^[$\uparrow$]% + \else \dulllbrace\makeactive/\let/=\ccomment + \fi + \def}[$\}$]\def|[$\string|$]\def~[$\sim$]\let_\_% + \expandafter\def\activebackslash[$\backslash$]% + \obeyspaces \expandafter\def\activespace[\leavevmode\space]% + \expandafter\def\activetab[\ \ \ \ ]% + \obeylines \expandafter\def\activecr[\strut\par]] +\gdef\cprogarg[\expandafter\def\activebackslash##1[\ifx##1e\let\next\cprogend + \else$\backslash$\let\next##1\fi\next]\eatcr] +\gdef\cprogend nd#1{cprog#2}[\endcprogarg] % #1 can be space, #2 *. +\gdef\dulllbrace[\def{[$\{$]] +\endgroup + +\chardef\ttquote=13 % Undirected single quote. +\begingroup \makeactive" \makeactive' \makeactive! +\gdef\cquote#1#2{% #1 is the quote, " or ', #2 how to set it. + \begingroup #2\cstringfont \makeactive\\% + \ifpascal \makeother\\\makeother^% + \else \expandafter\let\activebackslash\quotebackslash + \fi + \expandafter\edef\activespace{\ifcprogttspace\char`\ \else\ \fi}% + \expandafter\let\activecr=\unclosedstring + \def!{\string!\null}% No !` ligature. + \makeother*\makeother-\makeother/\makeother<\makeother>% + \makeother_\makeother\{\makeother\}\makeother|\makeother~% + \ifx"#1\let'\ttquote \else \makeother"\fi + \def#1{#2\endgroup}} +\endgroup +\csname newhelp\endcsname\cprogunclosedstr{% +A string or character constant earlier in the line was unclosed.^^JSo +I'm closing it now.} +\def\unclosedstring{% + \escapechar-1% + \errhelp\cprogunclosedstr + \errmessage{Unclosed string}% + \endgroup} +\newlinechar=`^^J +\def\quotebackslash#1{\char`\\% + \expandafter\ifx\activecr#1\strut\par + \else\if'\noexpand#1\ttquote\else\string#1\fi\fi} + +% In a comment, we shrink the width of the opening / to that of a space so +% that the stars in multiline comments will line up. We also shrink the +% closing * for symmetry, but not in Pascal where it looks nasty. +% Note that \end{cprog} is not recognised in strings or comments. +\def\spacebox#1{\leavevmode \hbox to \spaceskip{#1\hss}} + +\begingroup \makeactive* \makeactive! \makeother/ +\gdef\ccommentsetup{\ccommentfont \makeother-\makeother'\makeother"\makeother/% + \def!{\string!\null}\expandafter\def\activebackslash{$\backslash$}} +\gdef\ccomment#1{% + \let\next\relax + \ifx#1*\bgroup \ccommentsetup + \spacebox{\ctextfont\string/}*% + \makeactive*\def*{\commentstar/}% + \else\if\noexpand#1/\begingroup //\ccommentsetup \clinegroup\activecr + \else \string/\let\next#1% + \fi\fi\next} +\gdef\pascalcomment#1{% + \ifx#1*\bgroup \ccommentsetup \let\next\dulllbrace \makeother(% + \spacebox{\ctextfont\string(}*\makeactive*\def*{\commentstar)}% + \else (\let\next#1\fi \next} +\obeylines \long\gdef\clinegroup#1#2^^M{#2\endgroup#1}% +\endgroup +\def\commentstar#1#2{% + {\if#1\noexpand#2\egroup \ifpascal\else\aftergroup\spacebox\fi\fi}{$*$}#2} + +% We usually have an active ^^M after \cprog or \begin{cprog}. +\def\eatcr#1{{\expandafter\ifx\activecr#1\else\aftergroup#1\fi}} + +% Expand to stretch and shrink (plus and minus) of parameter #1. +\def\stretchshrink#1{\expandafter\eatdimenpart\the#1 \end} +\def\eatdimenpart#1 #2\end{#2} + +\ifx\undefined\baselinestretch \def\baselinestretch{1}\fi + +\def\cprogsetup{\ctextfont \cprogchars \parskip=0pt\stretchshrink\parskip + \ifdim \cprogwidth=0pt \else \hsize\cprogwidth \fi + \cprogesc \spaceskip\fontdimen2\font \xspaceskip\spaceskip + \baselineskip=\baselinestretch\cprogbaselineskip \parindent=\cprogindent + \vskip\beforecprogskip} +\def\endcprog{\endgroup \vskip\aftercprogskip} +\def\cprogfile#1{\begingroup \cprogsetup \input#1\endcprog} +\def\cprog{\begingroup \cprogttspacefalse \cprogsetup \cprogarg} +% Like {verbatim*}, {cprog*} uses `square u' for spaces in quoted strings. +\expandafter\def\csname cprog*\endcsname{% + \begingroup \cprogttspacetrue \cprogsetup \cprogarg} +\expandafter\let\csname endcprog*\endcsname=\endcprog +% In LaTeX we need to call \end{cprog} properly to close the environment, +% whereas in plain TeX this will end the job. The test for LaTeX is not +% bulletproof, but most plain TeX documents don't refer to the LaTeX logo. +\ifx\undefined\LaTeX \let\endcprogarg=\endcprog +\else \def\endcprogarg{\ifcprogttspace\end{cprog*}\else\end{cprog}\fi} +\fi + +\fi % \ifx\undefined\cprogsetup + +\endinput diff --git a/2005/flow-accounting-ols2005/OLS2005/EXAMPLE/complexCode/example-c.tex b/2005/flow-accounting-ols2005/OLS2005/EXAMPLE/complexCode/example-c.tex new file mode 100644 index 0000000..2f8bf0d --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/EXAMPLE/complexCode/example-c.tex @@ -0,0 +1,22 @@ +\begin{cprog} +typedef struct QuadTree { + double Data; + struct QuadTree + *Children[4]; +} QT; + +void Sum3rdChildren(QT *T, + double *Result) { + double Ret; + if (T == 0) { Ret = 0; + } else { + QT *Child3 = + T[0].Children[3]; + double V; + Sum3rdChildren(Child3, + &V); + Ret = V + T[0].Data; + } + *Result = Ret; +} +\end{cprog} diff --git a/2005/flow-accounting-ols2005/OLS2005/EXAMPLE/complexCode/example-ll.tex b/2005/flow-accounting-ols2005/OLS2005/EXAMPLE/complexCode/example-ll.tex new file mode 100644 index 0000000..681b759 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/EXAMPLE/complexCode/example-ll.tex @@ -0,0 +1,24 @@ +\begin{verbatim} +%struct.QuadTree = type { double, [4 x %QT*] } +%QT = type %struct.QuadTree + +void %Sum3rdChildren(%QT* %T, double* %Result) { +entry: %V = alloca double ;; %V is type 'double*' + %tmp.0 = seteq %QT* %T, null ;; type 'bool' + br bool %tmp.0, label %endif, label %else + +else: ;;tmp.1 = &T[0].Children[3] 'Children' = Field #1 + %tmp.1 = getelementptr %QT* %T, long 0, ubyte 1, long 3 + %Child3 = load %QT** %tmp.1 + call void %Sum3rdChildren(%QT* %Child3, double* %V) + %tmp.2 = load double* %V + %tmp.3 = getelementptr %QT* %T, long 0, ubyte 0 + %tmp.4 = load double* %tmp.3 + %tmp.5 = add double %tmp.2, %tmp.4 + br label %endif + +endif: %Ret = phi double [ %tmp.5, %else ], [ 0.0, %entry ] + store double %Ret, double* %Result + ret void ;; Return with no value +} +\end{verbatim} diff --git a/2005/flow-accounting-ols2005/OLS2005/EXAMPLE/complexCode/lgrind.sty b/2005/flow-accounting-ols2005/OLS2005/EXAMPLE/complexCode/lgrind.sty new file mode 100644 index 0000000..2d04753 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/EXAMPLE/complexCode/lgrind.sty @@ -0,0 +1,228 @@ +%% +%% This is file `lgrind.sty', +%% generated with the docstrip utility. +%% +%% The original source files were: +%% +%% lgrind.dtx (with options: `package') +%% +%% LGrind is used to format source code of different programming +%% languages for LaTeX. +%% +%% LGrind is a minor adaptation of Jerry Leichter's tgrind for LaTeX, +%% which was a notable improvement upon Van Jacobsen's tgrind for +%% plain TeX, which was adapted from vgrind, a troff prettyprinter. +%% +%% Based on Van Jacobson's ``tgrindmac'', a macro package for TeX. +%% Modified, 1987 by Jerry Leichter. Put '@' in all internal names. +%% Modified, 1991 by George Reilly. Changed name from tgrind to lgrind. +%% Modified, 1995 by Michael Piefel. Made it work with \LaTeXe. +\NeedsTeXFormat{LaTeX2e}[1995/06/01] +\ProvidesPackage{lgrind} + [1997/01/30 v3.4 LGrind environment and supporting stuff] +\newcount\lc@unt +\newcount\ln@xt +\newcount\LGnuminterval +\LGnuminterval=10 +\DeclareOption{nolineno}{\LGnuminterval=50000} +\DeclareOption{lineno5}{\LGnuminterval=5} +\newif\ifLGleftnum +\DeclareOption{leftnum}{\LGleftnumtrue} +\newskip\LGindent +\LGindent=1.6667\parindent +\DeclareOption{noindent}{\LGindent=0pt} +\newif\ifLGnorules +\DeclareOption{norules}{\LGnorulestrue} +\newlength{\LGsloppy} +\setlength{\LGsloppy}{7.2pt} +\DeclareOption{fussy}{\LGsloppy=0pt} +\newcommand{\DefaultProc}{\@gobble} +\newcommand{\DefaultProcCont}{\@gobble} +\DeclareOption{procnames}{ +\renewcommand{\DefaultProc}[1]{\renewcommand{\Procname}{#1}% +\global\setbox\procbox=\hbox{\PNsize #1}} +\renewcommand{\DefaultProcCont}[1]{\renewcommand\Procname{#1} +\global\setbox\procbox=\hbox{\PNsize\dots #1}}} +\newbox\procbox +\newcommand{\Procname}{} +\ProcessOptions +\def\BGfont{\sffamily} +\def\CMfont{\rmfamily\itshape} +\def\NOfont{\sffamily} +\def\KWfont{\rmfamily\bfseries} +\def\STfont{\ttfamily} +\def\VRfont{\rmfamily} +\def\PNsize{\BGfont\small} +\def\LGsize{\small} +\def\LGfsize{\footnotesize} +\newif\ifLGinline +\newif\ifLGd@fault +\def\LGbegin{\ifLGinline$\hbox\else$$\vbox\fi\bgroup\LGd@faulttrue} +\def\LGend{\ifLGd@fault\egroup\ifLGinline$\else$$\fi\LGd@faultfalse\fi} +\newif\ifc@mment +\newif\ifstr@ng +\newif\ifright@ +\newbox\ls@far +\newbox\tb@x +\newdimen\TBw@d +\newdimen\@ts +{\catcode`\_=\active \gdef\@setunder{\let_=\sp@ce}} +\newcommand{\lgrindheader}{} +\newcommand{\lgrindfilename}{}\newcommand{\lgrindfilesize}{} +\newcommand{\lgrindmodyear}{}\newcommand{\lgrindmodmonth}{} +\newcommand{\lgrindmodday}{}\newcommand{\lgrindmodtime}{} +\newenvironment{lgrind}[1][1]{% +\def\Line##1{\L{\LB{##1}}}% +\newcommand{\Head}[1]{\gdef\lgrindhead{##1}}% +\newcommand{\File}[6]{\gdef\lgrindfilename{##1}\message{(LGround: ##1)}% + \gdef\lgrindmodyear{##2}\gdef\lgrindmodmonth{##3}% + \gdef\lgrindmodday{##4}\gdef\lgrindmodtime{##5}% + \gdef\lgrindfilesize{##6}}% +\let\Proc=\DefaultProc% +\let\ProcCont=\DefaultProcCont% +\hfuzz=\LGsloppy +\def\NewPage{\filbreak\bigskip}% +\ifLGinline + \def\L##1{\setbox\ls@far\null{\CF\strut##1}\ignorespaces}% +\else + \let\r@ghtlno\relax\let\l@ftlno\relax + \ifnum\LGnuminterval>\z@ + \ifLGleftnum + \def\l@ftlno{\ifvoid\procbox\ifnum\lc@unt>\ln@xt + \global\advance\ln@xt by\LGnuminterval + \llap{{\normalfont\scriptsize\the\lc@unt\quad}}\fi + \else\llap{\box\procbox\quad}\fi}% + \else + \def\r@ghtlno{\ifvoid\procbox\ifnum\lc@unt>\ln@xt + \global\advance\ln@xt by\LGnuminterval + \rlap{{\normalfont\scriptsize\enspace\the\lc@unt}}\fi + \else\rlap{\enspace\box\procbox}\fi}% + \fi + \fi + \def\L##1{\@@par\setbox\ls@far=\null\strut + \global\advance\lc@unt by1% + \hbox to \hsize{\hskip\LGindent\l@ftlno ##1\egroup% + \hfil\r@ghtlno}% + \ignorespaces}% +\fi +\lc@unt=#1\advance\lc@unt by-1% +\ln@xt=\LGnuminterval\advance\ln@xt by-1% +\loop\ifnum\lc@unt>\ln@xt\advance\ln@xt by\LGnuminterval\repeat% +\def\LB{\hbox\bgroup\bgroup\box\ls@far\CF\let\next=}% +\def\Tab##1{\egroup\setbox\tb@x=\lastbox\TBw@d=\wd\tb@x% + \advance\TBw@d by 1\@ts\ifdim\TBw@d>##1\@ts + \setbox\ls@far=\hbox{\box\ls@far \box\tb@x \sp@ce}\else + \setbox\ls@far=\hbox to ##1\@ts{\box\ls@far \box\tb@x \hfil}\fi\LB}% +\ifLGinline\def\sp@ce{\hskip .3333em}% +\else \setbox\tb@x=\hbox{\texttt{0}}% + \@ts=0.8\wd\tb@x \def\sp@ce{\hskip 1\@ts}\fi +\catcode`\_=\active \@setunder +\def\CF{\ifc@mment\CMfont\else\ifstr@ng\STfont\fi\fi} +\def\N##1{{\NOfont ##1}\global\futurelet\next\ic@r}% +\def\K##1{{\KWfont ##1}\global\futurelet\next\ic@r}% +\def\V##1{{\VRfont ##1}\global\futurelet\next\ic@r}% +\def\ic@r{\let\@tempa\/\ifx.\next\let\@tempa\relax% + \else\ifx,\next\let\@tempa\relax\fi\fi\@tempa}% +\def\C{\egroup\bgroup\CMfont \global\c@mmenttrue \global\right@false}% +\def\CE{\egroup\bgroup \global\c@mmentfalse}% +\def\S{\egroup\bgroup\STfont \global\str@ngtrue}% +\def\SE{\egroup\bgroup \global\str@ngfalse}% +\def\,{\relax \ifmmode\mskip\thinmuskip \else\thinspace \fi}% +\def\!{\relax \ifmmode\mskip-\thinmuskip \else\negthinspace \fi}% +\def\CH##1##2##3{\relax\ifmmode ##1\relax +\else\ifstr@ng ##2\relax\else$##3$\fi\fi }% +\def\{{\CH\lbrace {\char'173}\lbrace }% +\def\}{\CH\rbrace {\char'175}\rbrace }% +\def\1{\CH///}% % / +\def\2{\CH\backslash {\char'134}\backslash }% % \ +\def\|{\CH|{\char'174}|}% +\def\<{\CH<<<}% +\def\>{\CH>>>}% +\def\*{\CH***}\relax %\relax for DOCSTY +\def\-{\CH---}% +\def\_{\ifstr@ng {\char'137}\else + \leavevmode \kern.06em \vbox{\hrule width.35em}% + \ifdim\fontdimen\@ne\font=\z@ \kern.06em \fi\fi }% +\def\&{\textsf{\char'046}}% +\def\#{{\STfont\char'043}}% +\def\%{{\char'045}}% +\def\~{{\char'176}}% +\def\3{\ifc@mment\ifright@ ''\global\right@false% + \else``\global\right@true \fi + \else{\texttt{\char'042}}\fi}% +\def\4{\ifc@mment'\else {\texttt{\char'015}}\fi}% +\def\5{{\texttt{\char'136}}}% +\def\${{\ifmmode\slshape\else\ifdim\fontdimen\@ne\font>\z@\slshape\fi\fi + \char'044}}% %No $ in \it, use \sl +\parindent\z@\parskip\z@ plus 1pt\hsize\linewidth% +\bgroup\BGfont +} +{\egroup\@@par} % end of environment lgrind +\def\lgrinde{\ifLGinline\else\LGsize\fi\begin{lgrind}} +\def\endlgrinde{\end{lgrind}} +\def\lagrind{\@ifstar{\@slagrind}{\@lagrind}} + +\def\@lagrind{\@ifnextchar[{\@@lagrind}{\@@lagrind[t]}} +\def\@slagrind{\@ifnextchar[{\@@slagrind}{\@@slagrind[t]}} +\def\@@lagrind[#1]#2#3#4{% + \begin{figure}[#1] +\ifLGnorules\else\hrule\fi +\vskip .5\baselineskip +\begin{minipage}\columnwidth\LGsize\LGindent\z@ + \begin{lgrind} +\input #2\relax + \end{lgrind} +\end{minipage} +\vskip .5\baselineskip plus .5\baselineskip +\ifLGnorules\else\hrule\fi\vskip .5\baselineskip +\begingroup + \setbox\z@=\hbox{#4}% + \ifdim\wd\z@>\z@ +\caption{#3}% +\label{#4}% + \else +\captcont{#3}% + \fi +\endgroup +\vskip 2pt + \end{figure} +} +\def\@@slagrind[#1]#2#3#4{% + \begin{figure*}[#1] +\ifLGnorules\else\hrule\fi +\vskip .5\baselineskip +\begin{minipage}\linewidth\LGsize\LGindent\z@ + \begin{lgrind} +\input #2\relax + \end{lgrind} +\end{minipage} +\vskip .5\baselineskip plus .5\baselineskip +\ifLGnorules\else\hrule\fi\vskip .5\baselineskip +\begingroup + \setbox\z@=\hbox{#4}% + \ifdim\wd\z@>\z@ +\caption{#3}% +\label{#4}% + \else +\captcont{#3}% + \fi +\endgroup +\vskip 2pt + \end{figure*} +} +\def\lgrindfile#1{% + \par\addvspace{0.1in} + \ifLGnorules\else\hrule\fi + \vskip .5\baselineskip + \begingroup\LGfsize\LGindent\z@ +\begin{lgrind} + \input #1\relax +\end{lgrind} + \endgroup + \vskip .5\baselineskip + \ifLGnorules\else\hrule\fi + \addvspace{0.1in} +} +\endinput +%% +%% End of file `lgrind.sty'. diff --git a/2005/flow-accounting-ols2005/OLS2005/EXAMPLE/complexCode/llvm.lst b/2005/flow-accounting-ols2005/OLS2005/EXAMPLE/complexCode/llvm.lst new file mode 100644 index 0000000..8adbb23 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/EXAMPLE/complexCode/llvm.lst @@ -0,0 +1,15 @@ +\lstdefinelanguage{LLVM} + {morekeywords={ + begin,end,true,false,declare,global,constant,const,internal,implementation, + null,to,except,not, + void,bool,sbyte,ubyte,short,ushort,int,uint,long,ulong,float,double,type,label,opaque, + add,sub,mul,div,rem,and,or,xor,setne,seteq,setlt,setgt,setle,setge, + phi,call,cast,shl,shr, + ret,br,switch,invoke, + malloc,alloca,free,load,store,getelementptr + }, + sensitive=true, +% morecomment=[l]{;}, +% morestring=[b]", + } + diff --git a/2005/flow-accounting-ols2005/OLS2005/EXAMPLE/complexCode/ols-fonts.tex b/2005/flow-accounting-ols2005/OLS2005/EXAMPLE/complexCode/ols-fonts.tex new file mode 120000 index 0000000..adfec4b --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/EXAMPLE/complexCode/ols-fonts.tex @@ -0,0 +1 @@ +../../TEMPLATES/ols-fonts.tex
\ No newline at end of file diff --git a/2005/flow-accounting-ols2005/OLS2005/EXAMPLE/complexCode/ols.sty b/2005/flow-accounting-ols2005/OLS2005/EXAMPLE/complexCode/ols.sty new file mode 120000 index 0000000..d8c7f0c --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/EXAMPLE/complexCode/ols.sty @@ -0,0 +1 @@ +../../TEMPLATES/ols.sty
\ No newline at end of file diff --git a/2005/flow-accounting-ols2005/OLS2005/EXAMPLE/complexCode/zrl.sty b/2005/flow-accounting-ols2005/OLS2005/EXAMPLE/complexCode/zrl.sty new file mode 120000 index 0000000..d96dacf --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/EXAMPLE/complexCode/zrl.sty @@ -0,0 +1 @@ +../../TEMPLATES/zrl.sty
\ No newline at end of file diff --git a/2005/flow-accounting-ols2005/OLS2005/EXAMPLE/conditional.tex b/2005/flow-accounting-ols2005/OLS2005/EXAMPLE/conditional.tex new file mode 100644 index 0000000..39dd102 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/EXAMPLE/conditional.tex @@ -0,0 +1,15 @@ + +Sometimes you have to do things differently depending on whether +you're building the entire Proceedings... here's an example... + +\ifols +\usepackage{cprog} +\usepackage[nolineno,norules]{lgrind} +\usepackage[hang,scriptsize]{subfigure} +\else +\usepackage{subfigure} +%%% both of these break the Proceedings and are thus evil +\usepackage{listings} +\input{llvm.lst} % Get listing support for llvm code +\fi + diff --git a/2005/flow-accounting-ols2005/OLS2005/EXAMPLE/figures.tex b/2005/flow-accounting-ols2005/OLS2005/EXAMPLE/figures.tex new file mode 100644 index 0000000..0f96dd6 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/EXAMPLE/figures.tex @@ -0,0 +1,40 @@ + +\begin{figure}[tb] + \begin{center} + \includegraphics[height=4cm]{ndp_table}\includegraphics[height=4cm]{ndp_table2} + \end{center} + \caption{NDP Table: Linux vs USAGI\label{ndp_table}} +\end{figure} + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +Need the whole page? Note the asterisk after 'figure'... + +\begin{figure*}[t] +\begin{center} +\includegraphics[width=0.65\textwidth]{chaos} \ \\ +(a) Chip \hspace{3cm} (b) CPU +\caption{A micrograph of an on-chip-multiprocessor M32R prototype chip} +\label{chaos} +\end{center} +\end{figure*} + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + +\begin{figure*} +\begin{center} +\begin{minipage}{16cm} +\begin{center} +\includegraphics[width=0.475\textwidth]{mappi} +\hspace{1cm} +\includegraphics[scale=0.7]{mappi_diagram} +\end{center} +\end{minipage} +\caption{Mappi: the M32R FPGA evaluation board; it has the M32R +softmacro on FPGA (CPU, MMU, Cache, SDI, SDRAMC, UART, Timer), FPGA +Xilinx XCV2000E $\times$2, SDRAM(64MB), FlashROM, 10BaseT Ethernet, +Serial 2ch, PC-card slot $\times$2, and Display I/F(VGA)} \label{mappi} +\end{center} +\end{figure*} + + + diff --git a/2005/flow-accounting-ols2005/OLS2005/EXAMPLE/includegraphics.tex b/2005/flow-accounting-ols2005/OLS2005/EXAMPLE/includegraphics.tex new file mode 100644 index 0000000..01ab098 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/EXAMPLE/includegraphics.tex @@ -0,0 +1,15 @@ + +Various options can be used for scaling and cropping. Note +that \textwidth and \columnwidth can be your friends for such +operations -- most often, \columnwidth. + +\includegraphics[clip,width=\columnwidth]{ols2003-ipsec-fig-input} +\includegraphics[scale=0.9]{scsi-ds} +\includegraphics[clip,height=3.0in]{relayarch} +\includegraphics[width=2cm]{tpch-host-based-component} +\includegraphics[width=\linewidth]{tpcw-component} +\includegraphics{efi-fig5} + +This one uses 90 percent of the column width: +\includegraphics[width=0.9\columnwidth]{rmap_shadow_pages} + diff --git a/2005/flow-accounting-ols2005/OLS2005/EXAMPLE/legalese.tex b/2005/flow-accounting-ols2005/OLS2005/EXAMPLE/legalese.tex new file mode 100644 index 0000000..8d6e10e --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/EXAMPLE/legalese.tex @@ -0,0 +1,19 @@ + +% Legalese should be avoided unless your lawyers insist. Even +% then, it is typeset in small print because, although it may +% need to be there, there isn't a programmer on the planet +% who actively wants to read such stuff :-) +\begin{small} +\copyright ~2003 Your Lawyers, Inc. +Permission to redistribute in accordance with Linux Symposium +submission guidelines is granted; all other rights reserved. +A Bunch Of Things, and the Bunch Of Things logo are +registered trademarks and +NameOne, NameTwo, and NameThree are trademarks of Your Lawyers, Inc., +in the United States and/or other countries worldwide. +Linux is a registered trademark of Linus Torvalds. +Intel and Itanium are registered trademarks +of Intel Corporation. +All other trademarks mentioned herein are the property of their +respective owners. +\end{small} diff --git a/2005/flow-accounting-ols2005/OLS2005/EXAMPLE/multipleAuthors.tex b/2005/flow-accounting-ols2005/OLS2005/EXAMPLE/multipleAuthors.tex new file mode 100644 index 0000000..fd89e77 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/EXAMPLE/multipleAuthors.tex @@ -0,0 +1,68 @@ + +Sometimes there are more than two authors, or the authors wish to have +a slightly different layout of names. That's fine, and here are some +examples. Just keep the font sizes and families consistent. +Note that we use Name, Institution, and Email address; postal addresses +are generally omitted for this conference. (Examples below use +fictitional email addresses, although they are otherwise from +the 2003 Linux Symposium.) + + +\title{Linux Support for NUMA Hardware} + +\author{ +Matthew Dobson, Patricia Gaughen, Michael Hohnbaum \\ +{\em IBM LTC, Beaverton, Oregon, USA}\\ +{\tt\normalsize one@email.addr, two@email.addr, three@email.addr} \\ +% +\smallskip +Erich Focht \\ +{\em NEC HPCE, Stuttgart, Germany}\\ +{\tt\normalsize four@other.email.addr} +} % end author + +\maketitle + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + +\title{Linux\textregistered ~Scalability for Large NUMA Systems} + +\author{ +Ray Bryant and John Hawkes \\ +{\em Silicon Graphics, Inc.}\\ +{\tt\normalsize one@email.addr ~~~~~~~ two@email.addr}\\ +} % end author + +\maketitle + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + +The 'and' construct may be used for more than two authors: + +\title{Linux IPv6 Networking \\ +{\normalsize Past, Present, and Future}} + +\author{ +Hideaki Yoshifuji \\ +{\em The University of Tokyo}\\ +{\tt\normalsize one@email.addr} \\ +\and +Kazunori Miyazawa \\ +{\em Yokogawa Electric Corporation} \\ +{\tt\normalsize two@email.addr} \\ +\and +Yuji Sekiya \\ +{\em The University of Tokyo}\\ +{\tt\normalsize three@email.addr} \\ +\and +Hiroshi Esaki \\ +{\em The University of Tokyo}\\ +{\tt\normalsize four@another.email.addr} +\and +Jun Murai \\ +{\em Keio University}\\ +{\tt\normalsize five@a.different.email.addr} +} + +\maketitle + diff --git a/2005/flow-accounting-ols2005/OLS2005/EXAMPLE/myPaper.tex b/2005/flow-accounting-ols2005/OLS2005/EXAMPLE/myPaper.tex new file mode 100644 index 0000000..9b74ae5 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/EXAMPLE/myPaper.tex @@ -0,0 +1,539 @@ +\documentclass[final]{ols} +\usepackage{url} +\usepackage{zrl} + +\begin{document} + +% Required: Do not print the date. +\date{} + +\title{Formatting Tips and Tricks} +\subtitle{Some potentially helpful examples} + +\author{ +John W.\ Lockhart \\ +{\em Red Hat, Inc.}\\ +{\tt\normalsize lockhart@\{oco.net,redhat.com\}}\\ +\and +Optional Second Author\\ +{\em Second Institution}\\ +{\tt\normalsize another@address.for.email.com}\\ +} % end author section +\shortauthor{J.W.\ Lockhart} + +\maketitle + +% Required: Suppress page numbers on title page +\thispagestyle{empty} + +\section*{Abstract} +This example paper contains tips and tricks to ensure that what you +write is what appears in the \textit{Proceedings} with as little +editing as possible. The most important parts are at the end; please +read them. (Okay, okay: Section~\ref{lockhart-subrules} and +Figure~\ref{lockhart-fig1}.) + +If you are new to {\LaTeX}, please read this paper in its entirety, +and check out its source and any other \texttt{.tex} files in the +\texttt{\small EXAMPLE} directory. + +If you have a paper from the Linux Symposium or GCC Summit +(2002--2004), and would like to crib from its final formatting, please +drop me a note and I'll be happy to send along the edited source. +Likewise, if you would like a copy of the final edited form of this +year's source, just let me know. + +The tree was created based on the information on the conference +website. If you don't have a subdirectory, create one along the same +lines. Blank materials are in the \texttt{\small TEMPLATES} +directory; \texttt{ProtoMake} and \texttt{Blank.tex} are probably the +most interesting files. Likewise, if your Abstract was available when +I looked, it has been included. Feel free to edit it; it's just there +to get you started and to provide an example of how to properly +include files should you need to. + +Many thanks go to Zack Weinberg for studying prior years' templates +and proceeding to write the \texttt{ols.cls} class and other crucial +bits of infrastructure. The new system should provide for a lot more +flexibility than the old. + +\section{Simple Formatting Tricks} + +\LaTeX\ is just a fancy markup language\ldots \textit{most} of the +time. + +Some of the more common font and layout conventions follow: +\begin{itemize} +\item \texttt{texttt} produces \texttt{typewriter} style. +\item \texttt{textit} produces \textit{italics}. +\item \texttt{textbf} produces \textbf{boldface}. +\item \texttt{textsc} produces \textsc{small caps}. +\item \texttt{\textit{Font}} \textbf{\textsc{styles}} can be + \textit{\textbf{combined}}\footnote{Often eye-breakingly. Restraint is Good.} +\end{itemize} + +Paragraphs + can be awfully messy +in the source, and even +% what, a comment? +have comments interspersed. Be careful with % unintentional +percent signs---75\% of the time you'll accidentally comment out the +rest of the text on the line. + +Unescaped dollar signs will put you into math mode, so be likewise +careful. Of course, that's sometimes exactly where you \textit{want} +to be. + +Tildes do not produce tildes in \LaTeX ---think instead of +\textsc{html}'s \texttt{\ } and you'll get the picture. Instead, +you can use \texttt{{\textbackslash}{\~{}}\{\}} or +\texttt{{\textbackslash}textasciitilde} to produce a tilde. +Table~\ref{lockhart-tab1} provides a list of characters that require +special handling. Note that tables may ``float''---that is, {\LaTeX} +might move your table to a place where it all fits on a single page, +rather than putting it exactly where you have included it in your +source. Be aware that it's easier to include references to tables and +figures than it is to force each into a particular position and adjust +the surrounding typesetting. +% +% that's +% \~{} +% or +% \textasciitilde +% for a tilde (without all the extra typesetting). +% Escape anything but a backslash by using a backslash. Backslash +% itself is \textbackslash (as seen above). + +\begin{table}[!th] +\centering +\begin{small} +\begin{tabular}[b]{c|c|p{2.3cm}} +Char & Command & Otherwise \\ +\hline +% # +\# & \texttt{{\textbackslash}\#} & argument number \tabularnewline +\hline +% $ +\$ & \texttt{{\textbackslash}\$} & toggle math mode \tabularnewline +\hline +% % +\% & \texttt{{\textbackslash}\%} & comment: ignore rest of line \tabularnewline +\hline +% & +\& & \texttt{{\textbackslash}\&} & tabstop \tabularnewline +\hline +% _ +\_ & \texttt{{\textbackslash}{\_}} & subscript in math mode \tabularnewline +\hline +% { +\{ & \texttt{{\textbackslash}\{} & open environment \tabularnewline +\hline +% } +\} & \texttt{{\textbackslash}\}} & close environment \tabularnewline +\hline +% ~ +{\~{}} & \texttt{{\textbackslash}{\~{}}\{\}} & non-breaking space \tabularnewline +{\textasciitilde} & \texttt{{\textbackslash}textasciitilde} & non-breaking space \tabularnewline +\hline +% \ +{\textbackslash} & \texttt{{\textbackslash}textbackslash} & begin command \tabularnewline +\end{tabular} +\end{small} +\caption{{\LaTeX} characters that require special handling} +\label{lockhart-tab1} +\end{table} + +\subsection{New Macros}\label{lockhart-newmacros} + +A number of macros based on the \texttt{url} package are available +for this year. They are: +\begin{itemize} +\item \ident{ident} -- intended for identifiers, + \texttt{{\textbackslash}ident\{some\_text\}} sets the text in + \texttt{tt} and may break the line at any punctuation. Spaces are deleted. +\item \ident{lident} -- intended for long identifiers, this works the + same as \ident{ident}, but sets the text in a smaller font. +\item \ident{code} -- intended for short excerpts of code, this works + like \ident{ident}, except that spaces are preserved. Lines are not + broken on spaces. +\item \ident{lcode} -- intended for longer excerpts of code, this works + like \ident{code}, except that text is set in a smaller font. This + probably does not work correctly for multi-line code fragments; + consider using the \texttt{cprog} package for that. +\item \ident{brcode} -- intended for excerpts of source code, this works + like \ident{code}, except that line breaks may occur at spaces. +\item \ident{lbrcode} -- intended for excerpts of source code, this works + like \ident{brcode}, except that text is set in a smaller font. +\end{itemize} + +Examples are shown in Table~\ref{lockhart-macro-examples}. + +\begin{table*}[tb] +\begin{itemize} +\item \verb|\ident{a_long_identifier}| --- this example in turn yields \ident{a_long_identifier} + +\item \texttt{{\textbackslash}lident|an\_even\_lon ger\_identifier|} --- this + in turn + yields \lident|an_even_lon ger_identifier| + +\item \verb|\lcode{int un_useful(int *a) { return *a; }}| --- this + yields + \lcode{int un_useful(int *a) { return *a; }} + +\item \verb|\lbrcode{int un_useful(int *a) { return *a; }}| --- this + yields + \lbrcode{int un_useful(int *a) { return *a; }} + +\end{itemize} +\caption{Examples of New Macros} +\label{lockhart-macro-examples} +\end{table*} + +\section{Typesetting conventions} + +You shouldn't have to worry too much here, but I'll illustrate a few +things. + +Quotation marks, both `single' and ``double,'' look good in body text, +while other \texttt{"styles"} might look better for other uses. Note +that when you're typesetting for a compiler, punctuation goes outside +the \texttt{"quotation marks",} but punctuation is placed +\textit{inside} the quotation marks for ``narrative.'' + +There are multiple flavors of dashes---the em dash, the en--dash, the +oft-used hyphen, and the minus sign (math mode: $2x - 3$). Note that +the preceding sentence contains them all. + +\subsection{Choices for uniformity} + +For source code, we have chosen the common style of not beginning a +line with a comma. The compiler doesn't care, but keeping the printed +page consistent between papers is useful. + +Identifiers may need to be split between lines, so we use a typewriter font +and mark up the string appropriately: +\texttt{sys\_\linebreak[0]sched\_\linebreak[0]yield()} or +\texttt{\small A\_\linebreak[0]REALLY\_\linebreak[0]LONG\_\linebreak[0]IDENTIFIER\_\linebreak[0]THAT\_\linebreak[0]NEEDS\_\linebreak[0]TO\_\linebreak[0]BE\_\linebreak[0]THIS\_\linebreak[0]LONG} +would be good examples\footnote{Alternatively, see the macros in +Section~\ref{lockhart-newmacros}.}. To tell {\LaTeX} that an unhyphenated line +break is okay if required, just use \texttt{{\textbackslash}linebreak[0]}. + +\subsection{Points of English} + +A few nitpicks: +\begin{enumerate} +\item \textit{it's} is a macro which expands to \textit{it is}. It + has no other meaning. +\item \textit{its} is possessive. +\item Items in a series are: \textit{a}, \textit{b}, and \textit{c}. + Never \textit{a}, \textit{b} and \textit{c}. This rule makes it + much simpler when you must use complex values of (for example) + \textit{b}. For truly long constructs, you may use a semicolon + as a delimiter rather than a comma. +\item Some phrases should be hyphenated---for instance, when you're + using an adjective to modify another adjective, or a noun that + appears before another. A high-performance system; a win-win + situation; a high-level loop transformation; a slow-moving train, + but a slowly moving car; that sort of thing. Most of the time, + people will still be able to parse the results easily if the sentence isn't + perfect. +\item Be happy, know your homonyms. There, they're, their. To, two, + too. Your, you're. And so forth. Spelling checkers show their + limitations on this\ldots +\end{enumerate} + +Of course, proofreading is a wonderful thing, and every bit of it you +(or any guinea pigs you can persuade) do is a Good Thing. I'll +correct what I notice, but I have only two eyes and there's a lot of +margin-crunching formatting to be done. There are certain +times, often with non-native speakers, where I'm not clear on the +meaning. If I catch something like that in time, I'll ask; if not, +chances are that I'll keep my hands off of the section in question so +as not to insert a woefully incorrect meaning. + +\section{Tools} + +It helps to have the following installed on your system: +\begin{itemize} +\item \textbf{\tt tetex}. The most common \TeX\ package for Linux. +\item \textbf{\tt dviutils}. Required for building the 2005 + Proceedings. Can combine DVI files as well as other useful tasks. +\item \textbf{\tt transfig}. Graphics in \texttt{.fig} format, + useful for figures. +\item \textbf{\tt dia}. Also useful for figures. +\item \textbf{\tt ImageMagick}. Great for photographs and graphics + manipulation \& conversion. +\item \textbf{\tt xpdf} or \textbf{\tt acroread} for viewing PDF + files. Other viewers can also do a nice job. +\item Utilites often found in {\tt tetex}, but which your distribution + may have packaged separately: \texttt{xdvi}, \texttt{dvips}, + \texttt{pdflatex}. +\item \textbf{\tt ghostscript} for handling Postscript. +\end{itemize} + +\section{Examples} + +Some examples from previous conferences have been included +in this package; hopefully they'll be useful in handling code +examples. Reducing everything to \texttt{footnotesize} or setting it +\texttt{verbatim} won't magically make it fit on the page, alas. Have +a look in the \texttt{EXAMPLE} directory to find these items: +\begin{itemize} +\item {\raggedright \texttt{\small bibli\-og\-raphy.tex}, \texttt{\small bibli\-og\-ra\-phy2.tex}, and + \texttt{\small ref\-er\-ences.tex}. Different ways of citing any relevant + works external to your paper.} +\item \texttt{conditional.tex}. If you have {\LaTeX} code that works + only by itself and need to do conditional processing, here's an example. +\item \texttt{\small complexCode/complexFigure.tex}. An example of a complex + figure containing side-by-side C code. +\item \texttt{figures.tex}. Different ways of doing figures. +\item \texttt{includegraphics.tex}. Different ways to include graphics. +\item \texttt{legalese.tex}. Legal disclaimers. +\item \texttt{multipleAuthors.tex}. Formatting examples for multiple authors. +\item \texttt{tables.tex}. Different ways to do tables. +\end{itemize} + +\subsection{Bad Examples} + +A prior year's paper gave the example of setting \texttt{verbatim} +sections in \texttt{tt}. Repetitiously and redundantly enough, that's +the default. So, please, no instances of +\begin{verbatim} + {\tt + \begin{verbatim} + ... +\end{verbatim} + +\begin{small} +\centering +\textbf{Corrected.} You might, however, wish to do something like this instead: +\begin{verbatim} + \begin{small} + \centering + \textbf{Corrected.} You ... + \begin{verbatim} + ... +\end{verbatim} +\end{small} +Of course, check the source of this document +(\lident{EXAMPLE/myPaper.tex}) for more ideas. Valid font sizes, for +instance, include \texttt{normalsize}, \texttt{small}, +\texttt{footnotesize}, \texttt{scriptsize}, and \texttt{tiny}. Please +don't use anything larger than \texttt{normalsize}. + + +Another extant bad example is the practice of ending paragraphs with a +double backslash (\texttt{\textbackslash\textbackslash}) \textit{and} +a blank line. This creates unwanted, superfluous whitespace between +paragraphs. \LaTeX\ is, believe it or not, supposed to be easy. Just +leave one or more blank lines between paragraphs and you'll be fine. + + +\section{Style packages} + +For 2005, we are no longer using the \texttt{combine} package. You +will find some additional useful packages in the \texttt{Texmf} +directory, however. The empty papers are set up to use the +\texttt{url}, \texttt{zrl}, and \texttt{graphicx} packages by default, +in hopes that this will be useful for most papers. + +You may also find it helpful to set the \texttt{TEXINPUTS} environment +variable as follows: +\begin{center} +{\footnotesize \texttt{export TEXINPUTS='.//:\$\{LOCALTEX\}//:'}} +\end{center} +% +% or for those of you who'd like to cut'n'paste from the source: +% export TEXINPUTS='.//:${LOCALTEX}//:' +% +Adding the above to your \texttt{\textasciitilde/.bashrc} can +save you the trouble of typing it for future runs. + +% well, since 'combine' is gone, so should this problem be... +%% The most common cause of build problems is including style packages +%% that aren't compatible with \texttt{combine}. Unfortunately, this +%% includes\footnote{At least using last year's versions, that was the case.} +%% things like \texttt{hyperref} and \texttt{html}---two +%% otherwise-wonderful packages for handling URLs and such. + +To build your paper, you should be able to \texttt{cd} to the toplevel +directory (the one that contains your individual directory) +and type the following at a shell prompt: + +\begin{small} +\begin{verbatim} + DIRS=yourname make +\end{verbatim} +\end{small} + +Ambitious authors are encouraged to install the \texttt{dviutils} +and \texttt{pdftk} packages and type \texttt{make} from the top-level directory. +If all goes well, you'll get something that looks quite like the finished \textit{Proceedings}. + +\section{Graphics and Symbols} + +For importing graphics, don't forget to omit any file extensions. +That's because \texttt{latex} and \texttt{pdflatex} look for +different formats. The output formats we generate are PDF, PS, and +DVI; you will thus want to generate both EPS and PDF copies of any +figures that use structured graphics. + +The easiest ways to get special symbols such as +Registered\textregistered\ and Trademark\texttrademark\ +is to use the \LaTeX2e\ \texttt{{\textbackslash}text} constructs: +thus, \texttt{{\textbackslash}textregistered} and +\texttt{{\textbackslash}texttrademark}. + +\section{\TeX\ References} + +If you aren't familiar with {\LaTeX}, there are many sources of +information available. Your distribution might have additional +documentation in \brcode{/usr/share/texmf}, or you might find manuals +for a package (such as \texttt{cprog}) out at {\small\url{http://www.ctan.org}}. + +If you are completely new to {\TeX} and {\LaTeX}, you will probably +find it highly useful to visit \texttt{\small http://www.tug.org/} and +especially \texttt{\small http://www.tug.org/begin.html} for online +and paper references. + +For a free and extremely useful document, try: +\texttt{\small http://www.tug.org\linebreak[0]/tex-archive\linebreak[0]/info\linebreak[0]/lshort\linebreak[0]/english\linebreak[0]/lshort.pdf}. +Note that translations\footnote{French, for instance: +\url{http://www.tug.org/tex-archive/info/lshort/french/flshort-3.20.pdf}; +note also that this section of the Example paper shows different ways +of handling URLs.} +are available, for those more comfortable in something other than +English: +\texttt{\small http://www.tug.org\linebreak[0]/tex-archive\linebreak[0]/info\linebreak[0]/lshort/} + +%%% Cut'n'paste versions of those URLs: +% http://www.tug.org/tex-archive/info/lshort/english/lshort.pdf +% http://www.tug.org/tex-archive/info/lshort/french/flshort-3.20.pdf +% http://www.tug.org/tex-archive/info/lshort/ + +I tend to use \textit{A Guide to \LaTeX} (Kopka \& Daly, ISBN 0-201-39825-7) and the +\textit{\LaTeX\ Graphics Companion} (Goossens, Rahtz, \& Mittelbach) +the most these days. + +You are also welcome to send questions to me at +\texttt{{lockhart}{@}{redhat.com}} (work) or +\texttt{{lockhart}{@}{oco.net}} (home). +% +% {}'s begin a new environment in TeX, as in C. +% A few extra {}'s might let an email address escape notice +% by spammers' collecting 'bots, should the .tex file wind +% up on a website somewhere at some point. +% + +As usual, please refrain from submitting anything remotely resembling +a Microsoft Word \texttt{.doc} file\ldots \texttt{<grimace>}. It's a +\textit{lot} easier for me to fix up plain ASCII text and +convert/insert accompanying graphics, if you find yourself terminally +confused or in a dire emergency. + +\begin{figure}[!ht] +\begin{center} +\hrule +\vspace*{2mm} +\textbf{\textsc{Submitting a Paper}} +\begin{footnotesize} +\begin{verbatim} + cd OLS2005 + make clean + tar zcf yourLastName.tar.gz \ + yourLastName +\end{verbatim} + +E-mail the resulting tarball to +\texttt{papers{@}linuxsymposium{.}org}. +\end{footnotesize} +\vspace*{2mm} +\hrule + +\caption{Submitting a paper} +\label{lockhart-fig1} + +\end{center} +\end{figure} + +\section{Simple rules to keep your formatting team happy} +\label{lockhart-subrules} +\begin{enumerate} +\item To submit your paper, just \texttt{make clean} in your + directory, \texttt{tar} it up, and send the resulting gzipped tarball to + \texttt{papers@linuxsymposium.org} or \texttt{papers@gccsummit.org}, + as appropriate. See Figure~\ref{lockhart-fig1} for an example. +\item Updates. If you need to change something, please send both + a patch and an updated tarball. The most convenient form depends on + how many changes have been made since you submitted your paper. + However, if your change is trivial---a line or two, for instance---a + simple email will do. +\item Use the existing directory structure, please. The directory + names are intended to be the last name of the presenter (lowercase, + punctuation omitted); the main paper should be + \texttt{lastname.tex} and any additional files should be + \texttt{lastname-file.extension}. This is basically to keep + the file owners straight, and to allow us the option to + instruct {\LaTeX} to search the entire (sub)directory hierarchy for + input files. You don't want someone else's file by mistake, right? + Putting your name on it helps to keep things straight. The same + goes for \verb|\label{}| and \verb|\ref{}| commands. +\item Omit file extensions and pathnames in your {\LaTeX} source, + please. By omitting the path and just saying + \texttt{{\textbackslash}input\{lockhart-abstract\}}, + a paper can be built from both its directory and from its + parent directory. For graphics, omitting the extension lets + \texttt{latex} or + \texttt{pdflatex} pick its preferred input format for the best + possible results. +\item No proprietary document/graphics formats, please. This + especially means MS + Office, Visio, or other such tools. \LaTeX\ can, however, import + EPS and PDF, if you can save in those formats. +\item Originals, please. For example, if you have photographs, send + along the full-resolution JPG (crop out any undesired elements if + necessary, but use the maximum resolution). For diagrams, please + send the XFig or Dia files. + This ensures the best possible print quality. Printing will be in + black and white, but the online PDF's will be in full color. Your + screen is probably about 72dpi, but the typesetter is probably using + something that's at least 1200dpi. The more resolution, the better. + (If, however, your originals are outrageously huge, feel free to ask!) + Since hardcopy will be printed in Ottawa, the papersize will be + North American ``letter.'' Please keep that in mind if you are + concerned about page breaks and such. +\item Do \textbf{\textit{not}} use sans-serif fonts, or go changing + global font sizes. We're using 12-point Times Roman for body text. + Likewise, please don't go haywire with italics. I once received a + huge collection of tables, each of which set the font size and face + on an item-by-item basis. \textit{Incorrectly}. +\item Those of you who like to begin lines of code with commas: as + previously mentioned, we're + typesetting the code with the comma attached to the preceding + identifier (as most publishers do). Feel free to post your + preferred version to the web and to refer to it in the paper. +\item If possible, please avoid trivial new macros. Should you need + to add something, though, please use + \texttt{{\textbackslash}providecommand} rather than + \texttt{{\textbackslash}newcommand}, and try for a relatively + unique name (papers tend to blur together during long editing sessions). +\item Trivia note: generally speaking, it takes longer to edit a + submission from a {\TeX}spert than plain, unmarked ASCII. If you + consider yourself a {\LaTeX} expert and love to write fancy new + commands, please consider contributing clean-ups or well-tested + new features for the infrastructure rather than customizing the + daylights out of your submission. Thanks! +\end{enumerate} + +This paper builds correctly using the tetex-2.0.2-14FC2.2 package on +Fedora Core 2, and the Fedora Core 3 tetex package. Please note that +if you are using FC3, you may wish to update your \texttt{urw-fonts} +package to 2.2-8 or better before viewing PDF files. + +Other distributions haven't been tested, but should work. If you run +into problems, please let me know. + +And remember, it's only typesetting, not rocket science. Or hacking +compilers or kernels. \texttt{:-)} Have some fun along the way\ldots + +\end{document} diff --git a/2005/flow-accounting-ols2005/OLS2005/EXAMPLE/references.tex b/2005/flow-accounting-ols2005/OLS2005/EXAMPLE/references.tex new file mode 100644 index 0000000..9359956 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/EXAMPLE/references.tex @@ -0,0 +1,29 @@ + +For those who don't want to use BiBTeX, a simple References section +can do the trick. The following is from Rik van Riel's 2003 +Linux Symposium paper: + +\section{References} +\raggedright +Draves, Richard P. \textit{Page Replacement and Reference Bit +Emulation in Mach.} In Proceedings of the USENIX Mach Symposium, +Monterey, CA, November 1991. + +Y.\ Smaragdakis, S.\ Kaplan, and P.\ Wilson, \textit{EELRU: Simple and +Effective Adaptive Page Replacement} in Proceeding of the 1999 ACM +SIGMETRICS Conference, 1999. + +Gideon Glass and Pei Cao. \textit{Adaptive Page Replacement Based on +Memory Reference Behavior.} In Proceedings of ACM SIGMETRICS 1997, +June, 1997. + +D.\ Lee, J.\ Choi, J.-H.\ Kim, S.H.\ Noh, S.L.\ Min, Y.\ Cho, and +C.S.\ Kim, \textit{LRFU: A spectrum of policies that subsumes the +least recently used and least frequently used policies} IEEE +Trans.\ Computers, vol.\ 50, no.\ 12, pp. 1352--1360, 2001. + +S.\ Jiang and X.\ Zhuang. \textit{LIRS: An efficient low inter-reference +recency set replacement policy to improve buffer cache performance.} +In Proc.\ of SIGMETRICS 2002. + + diff --git a/2005/flow-accounting-ols2005/OLS2005/EXAMPLE/tables.tex b/2005/flow-accounting-ols2005/OLS2005/EXAMPLE/tables.tex new file mode 100644 index 0000000..e2cfb6c --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/EXAMPLE/tables.tex @@ -0,0 +1,79 @@ + +A simple table.... + +\begin{table}[tbph] +\begin{center} +\caption{Summary of TAHI Conformance Test (usagi24-s20020401, \%)\label{tahi-usagi24}} +\begin{tabular}{|c|c|c|c|} +\hline +Test Series & Pass & Warn & Fail \\ +\hline +\hline +Spec. & 100 & 0 & 0 \\ +ICMPv6 & 100 & 0 & 0 \\ +Neighbor Discovery & 79 & 5 & 15 \\ +Autoconf & 98 & 2 & 0 \\ +PMTU & 50 & 0 & 50 \\ +IPv6/IPv4 Tunnel & 100 & 0 & 0 \\ +Robustness & 100 & 0 & 0 \\ +\hline +\end{tabular} +\end{center} +\end{table} + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + +A full-page, far more complex table.... + +\begin{table*}[t] +\begin{center} +\footnotesize +\begin{tabular}{|l|l||r|r|r|r|r|r|r|r|r||r|} + \hline + \multicolumn{2}{|c||}{} & & \multicolumn{2}{|c|}{ANSI.os} + & & \multicolumn{2}{|c|}{POSIX.os} & \multicolumn{2}{|c|}{LSB.os} + & & RedHat7.3 \\ + \cline{4-5} \cline{7-10} + \multicolumn{2}{|c||}{\raisebox{1.3ex}[0pt]{Section}} + & \multicolumn{1}{|c|}{\raisebox{1.3ex}[0pt]{ANSI.hdr}} + & \multicolumn{1}{|c|}{F} & \multicolumn{1}{|c|}{M} + & \multicolumn{1}{|c|}{\raisebox{1.3ex}[0pt]{POSIX.hdr}} + & \multicolumn{1}{|c|}{F} & \multicolumn{1}{|c|}{M} + & \multicolumn{1}{|c|}{F} & \multicolumn{1}{|c|}{M} + & \multicolumn{1}{|c||}{\raisebox{1.3ex}[0pt]{Total}} & Total \\ + \hline + \hline + & Expect + & 386 & 1244 & 1244 & 394 & 1600 & 1600 & 908 & 908 & 8284 & 8284 \\ + \cline{2-12} + \multicolumn{1}{|c|}{\raisebox{1.3ex}[0pt]{Total}} + & Actual + & 386 & 1244 & 1244 & 394 & 1600 & 1600 & 908 & 908 & 8284 & 8284 \\ + \hline + \multicolumn{2}{|l||}{Succeeded} + & 176 & 1112 & 86 & 207 & 1333 & 0 & 695 & 0 & 3609 & 3583 \\ + \multicolumn{2}{|l||}{Failed} + & 4 & 0 & 0 & 5 & 2 & 0 & 49 & 0 & 60 & 45 \\ + \multicolumn{2}{|l||}{Warnings} + & 0 & 12 & 0 & 0 & 5 & 0 & 2 & 0 & 19 & 18 \\ + \multicolumn{2}{|l||}{FIP} + & 2 & 0 & 0 & 2 & 2 & 0 & 1 & 0 & 7 & 7 \\ + \multicolumn{2}{|l||}{Unresolved} + & 0 & 0 & 0 & 0 & 0 & 0 & 5 & 0 & 5 & 4 \\ + \multicolumn{2}{|l||}{Uninitiated} + & 0 & 0 & 0 & 0 & 0 & 0 & 0 & 0 & 0 & 0 \\ + \multicolumn{2}{|l||}{Unsupported} + & 203 & 0 & 0 & 179 & 72 & 0 & 59 & 0 & 513 & 513 \\ + \multicolumn{2}{|l||}{Untested} + & 0 & 4 & 0 & 0 & 7 & 0 & 39 & 0 & 50 & 43 \\ + \multicolumn{2}{|l||}{NotInUse} + & 1 & 116 & 1158 & 1 & 179 & 1600 & 58 & 908 & 4021 & 4021 \\ + \hline +\end{tabular} +Key: F:function, M:macro;\ FIP: Further Information Provided +\end{center} +\hspace{5mm} +\caption{LSB 1.2 testsuites result} +\label{lsb_result} +\end{table*} + diff --git a/2005/flow-accounting-ols2005/OLS2005/Frontmatter.tex b/2005/flow-accounting-ols2005/OLS2005/Frontmatter.tex new file mode 100644 index 0000000..d6dd777 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/Frontmatter.tex @@ -0,0 +1,109 @@ +\documentclass[twoside,12pt]{book} +% Page size settings must match those in ols.cls. +\usepackage[paper=letterpaper,textheight=9in,textwidth=6.5in,% + heightrounded,twoside]{geometry} +% Ditto font settings. +\usepackage[OT1,T1]{fontenc} +%\usepackage[T1]{fontenc} +\usepackage{mathptmx} +% \usepackage[scaled=.92]{helvet} +% \usepackage{courier} +% \usepackage{times} +\pagestyle{empty} + +% This must be written with \def so that the Makefile can find it. +% It is not used in this file. +\def\ProcName{2005 Linux Symposium} + +\begin{document} +\frontmatter + +% Title page + +\title{Proceedings of the\\ +Linux Symposium} +\author{\vspace{4in}} +\date{July 20nd--23th, 2005\\ + Ottawa, Ontario\\ + Canada} +\maketitle +\thispagestyle{empty} +\cleardoublepage + +% Table of contents. This does _not_ use the standard LaTeX table of +% contents mechanism; it's generated by Texmf/make-toc and uses a list +% environment. + +\section*{Contents} +\begin{raggedright} +\begin{list}{}{% + \setlength{\rightmargin}{0pt} + \setlength{\labelwidth}{0pt} + \setlength{\labelsep}{0pt} + \setlength{\topsep}{0pt} + \setlength{\partopsep}{0pt} + \setlength{\itemsep}{24pt plus6pt minus6pt} + \setlength{\leftmargin}{2em} + \setlength{\itemindent}{-\leftmargin} + \setlength{\listparindent}{0pt}} + +\input ProcToc + +\end{list} +\end{raggedright} + +\cleardoublepage + +% Credits page + +\vspace{2cm} + +\textbf{{\Large Conference Organizers}} + +\vspace{5mm} +\begin{large} +\begin{raggedright} +\hspace*{0.5in}Andrew J.\ Hutton, \textit{Steamballoon, Inc.}\\ +\hspace*{0.5in}Stephanie Donovan, \textit{Linux Symposium}\\ +\hspace*{0.5in}C.\ Craig Ross, \textit{Linux Symposium} +\end{raggedright} +\end{large} + +\vspace{1cm} +\textbf{{\Large Review Committee}} + +\vspace{5mm} +\begin{large} +\begin{raggedright} +\hspace*{0.5in}Gerrit Huizenga, \textit{IBM}\\ +\hspace*{0.5in}Matthew Wilcox, \textit{HP}\\ +\hspace*{0.5in}Dirk Hohndel, \textit{Intel}\\ +\hspace*{0.5in}Val Henson, \textit{Sun Microsystems}\\ +\hspace*{0.5in}Jamal Hadi Salimi, \textit{Znyx}\\ +\hspace*{0.5in}Matt Domsch, \textit{Dell}\\ +\hspace*{0.5in}Andrew Hutton, \textit{Steamballoon, Inc.} +\end{raggedright} +\end{large} + +\vspace{1cm} + +\textbf{{\Large Proceedings Formatting Team}} + +\vspace{5mm} +\begin{large} +\begin{raggedright} +\hspace*{0.5in}John W.\ Lockhart, \textit{Red Hat, Inc.}\\ +\end{raggedright} +\end{large} + +\vspace{3.0in} + +\vspace*{\fill} + +\begin{center} +Authors retain copyright to all submitted papers, but have granted +unlimited redistribution rights to all as a condition of submission. +\end{center} +\cleardoublepage + +\end{document} diff --git a/2005/flow-accounting-ols2005/OLS2005/Makefile b/2005/flow-accounting-ols2005/OLS2005/Makefile new file mode 100644 index 0000000..1b0ee7a --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/Makefile @@ -0,0 +1,141 @@ +# Makefile for proceedings using the OLS/GCCSummit schema. + +# Tools - some of the dvi programs are from dviutils-1.0-9.rpm +# pdftk is from pdftk-1.12-0.rpm +LATEX = latex +BIBTEX = bibtex +DVIPS = dvips +DVIPDF = echo dvipdfm +DVICONCAT = dviconcat +PDFCONCAT = pdftk +# EXTRATEX = /usr/share/texmf: +# Note: dvipdfm can be used to generate PDF from DVI in a pinch, +# but pdflatex seems to do slightly better. We'll invoke both +# latex and pdflatex in the latex2dvi script, and skip dvipdfm +# for now. + +all: papers + +# Get the set of all papers. DIRS can be set on the command line to +# suppress some of the papers; as a side effect this disables +# generation of the proceedings. + +# To rebuild the Example paper, delete the EXAMPLE/ from the DIRS line below +#DIRS := $(subst /,,$(filter-out Texmf/ TEMPLATES/, $(wildcard */))) +ifeq ($(DIRS),) +DIRS := $(subst /,,$(filter-out EXAMPLE/ Texmf/ TEMPLATES/, $(wildcard */))) +all: proceedings ProcSeq.mk + +# Writing a dependency list for this file is impossible. We want it +# to be regenerated only when the set of subdirectories changes, but +# there is no way to know that. Fortunately, generating it is cheap. +ifneq ($(MAKECMDGOALS), clean) +include ProcSeq.mk +ProcSeq.mk: + @set fnord $(DIRS); shift; \ + while [ $$# -gt 0 ]; do \ + dir=$${1%/}; shift; \ + printf '%s/%s-proc.tex: %s/%s-proc.stmp; @:\n' \ + $$dir $$dir $$dir $$dir; \ + printf '%s/%s-proc.stmp: ProcDefs.tex %s\n' $$dir $$dir $$prev; \ + printf '\t./Texmf/make-wrapper $$^ $$@\n'; \ + prev=$$dir/$$dir-proc.aux; \ + done > $@T + @mv -f $@T $@ +endif +endif + +SUBMAKES := $(DIRS:=/Makefile.inc) +include $(SUBMAKES) + +# $(space) expands to a single space. +space := $(empty) $(empty) +SEARCHPATH := $(subst $(space),:,$(DIRS)): # intentional trailing colon + +# Render PDF and PostScript for each individual paper. +PS = $(PAPERS:.dvi=.ps) +PDF = $(PAPERS:.dvi=.pdf) + +papers: $(PS) $(PDF) +proceedings: Proceedings.ps Proceedings.pdf + +# Render PDF and PostScript for the entire proceedings. This works as +# follows: For each paper we generate a wrapper file, $(paper)-proc.tex, +# which reads $(paper).tex in proceedings mode. The content of this file +# depends on a small number of settings extracted from the top-level +# Proceedings.tex, and the .aux file of the alphabetically previous paper. +# A DVI file generated (in the usual manner) from that wrapper file will +# be suitable for concatenation with all the other DVIs to make the full +# proceedings DVI, from which we then generate PostScript and PDF as usual. + +# Stamp-file pattern to prevent trivial changes in Proceedings.tex from +# triggering a complete rebuild. +ProcDefs.tex: ProcDefs.stmp; @: +ProcDefs.stmp: Frontmatter.tex + { echo '\PassOptionsToClass{proceedings}{ols}'; \ + fgrep '\def\Proc' $<; } > ProcDefs.texT + ./Texmf/move-if-change ProcDefs.texT ProcDefs.tex + echo timestamp > $@ + +ProcToc.tex: ProcToc.stmp; @: +ProcToc.stmp: $(PAPERS:.dvi=-proc.aux) + ./Texmf/make-toc $(@:.stmp=.tex) $^ + echo timestamp > $@ + +# These must have explicit rules; the implicit rules below are geared to +# subdirectories, and will not work. +Frontmatter.dvi: Frontmatter.tex ProcToc.tex + ./Texmf/latex2dvi $(*F) + +Proceedings.dvi: Frontmatter.dvi $(PAPERS:.dvi=-proc.dvi) + $(DVICONCAT) -o $@ $^ + +Proceedings.pdf: Frontmatter.pdf $(PAPERS:.dvi=-proc.pdf) + $(PDFCONCAT) $^ cat output $@ + +Proceedings.ps: Proceedings.dvi + TEXINPUTS=$(SEARCHPATH) $(DVIPS) -q -o $@ $< + +# Proceedings.pdf: Proceedings.dvi +# TEXINPUTS=$(SEARCHPATH) $(DVIPDF) -q -o $@ $< + +# Utility. +clean: + -rm -f $(PAPERS) $(PS) $(PDF) + -rm -f $(PAPERS:.dvi=.aux) $(PAPERS:.dvi=.oaux) $(PAPERS:.dvi=.log) + -rm -f $(PAPERS:.dvi=.bbl) $(PAPERS:.dvi=.blg) + -rm -f $(PAPERS:.dvi=-proc.tex) $(PAPERS:.dvi=-proc.stmp) + -rm -f $(PAPERS:.dvi=-proc.dvi) $(PAPERS:.dvi=-proc.log) + -rm -f $(PAPERS:.dvi=-proc.pdf) + -rm -f $(PAPERS:.dvi=-proc.aux) $(PAPERS:.dvi=-proc.oaux) + -rm -f $(PAPERS:.dvi=-proc.bbl) $(PAPERS:.dvi=-proc.blg) + + -rm -f ProcSeq.mk ProcDefs.tex ProcDefs.stmp ProcToc.stmp ProcToc.tex + -rm -f Frontmatter.dvi Frontmatter.log Frontmatter.aux Frontmatter.oaux + -rm -f Proceedings.dvi Proceedings.ps Proceedings.pdf + +# Pattern rules. Generation of PDF/PS from DVI is straightforward. +%.pdf: %.dvi + cd $(@D) && $(DVIPDF) -o $(@F) $(<F) + +%.ps: %.dvi + cd $(@D) && $(DVIPS) -q -o $(@F) $(<F) + +.fig.eps: + fig2dev -L eps $< >$@ + +.fig.pdf: + fig2dev -L pdf $< >$@ + + +# Properly regenerating a .dvi file from the corresponding .tex file +# requires running LaTeX (and possibly BibTeX) in a loop. GNU make +# cannot be coded to do this, so we have a helper script to do it. +# We read the .aux files for nefarious purposes, so make needs to be +# aware that this operation generates them too. +%.dvi %.aux: %.tex + cd $(@D) && TEXINPUTS=../Texmf:$$TEXINPUTS ../Texmf/latex2dvi $(*F) + +.PHONY: all papers proceedings clean +.SECONDARY: # Never delete intermediate files. + diff --git a/2005/flow-accounting-ols2005/OLS2005/README.pdf b/2005/flow-accounting-ols2005/OLS2005/README.pdf Binary files differnew file mode 100644 index 0000000..fb056be --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/README.pdf diff --git a/2005/flow-accounting-ols2005/OLS2005/TEMPLATES/Blank.tex b/2005/flow-accounting-ols2005/OLS2005/TEMPLATES/Blank.tex new file mode 120000 index 0000000..36f3814 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/TEMPLATES/Blank.tex @@ -0,0 +1 @@ +autoauthor.tex
\ No newline at end of file diff --git a/2005/flow-accounting-ols2005/OLS2005/TEMPLATES/Makefile.inc b/2005/flow-accounting-ols2005/OLS2005/TEMPLATES/Makefile.inc new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/TEMPLATES/Makefile.inc diff --git a/2005/flow-accounting-ols2005/OLS2005/TEMPLATES/ProtoMake b/2005/flow-accounting-ols2005/OLS2005/TEMPLATES/ProtoMake new file mode 100644 index 0000000..4fdae2e --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/TEMPLATES/ProtoMake @@ -0,0 +1,47 @@ +### +### This is from the 2004 OLS and GCC Templates and is no longer +### necessary for building the 2005 Proceedings. +### It is included (with minor changes) in case anyone finds it useful... +### + +.SUFFIXES: .tex .dvi .aux .eps .fig .dia .ps .pdf .bib .bbl + +# TOP should be set to the presenter's last name (should match directory name) +TOP= +TEXFILES=$(TOP).tex +FIGFILES:=$(wildcard *.fig) +EPSFILES:=$(wildcard *.eps) +EPSFILES+=$(FIGFILES:.fig=.eps) +PDFFILES=$(EPSFILES:.eps=.pdf) + +.fig.eps: + fig2dev -L eps $< >$@ + +.fig.pdf: + fig2dev -L pdf $< >$@ + +.eps.pdf: + epstopdf $< + +all: $(TOP).ps $(TOP).pdf + +$(TOP).ps: $(TOP).dvi + dvips -o $(TOP).ps $(TOP) + +$(TOP).dvi: $(TEXFILES) $(EPSFILES) + TEXINPUTS=../Texmf:$$TEXINPUTS latex $(TOP) || true + TEXINPUTS=../Texmf:$$TEXINPUTS bibtex $(TOP) || true + TEXINPUTS=../Texmf:$$TEXINPUTS latex $(TOP) || true + TEXINPUTS=../Texmf:$$TEXINPUTS latex $(TOP) + +$(TOP).pdf: $(TEXFILES) $(PDFFILES) + TEXINPUTS=../Texmf:$$TEXINPUTS pdflatex $(TOP) || true + TEXINPUTS=../Texmf:$$TEXINPUTS bibtex $(TOP) || true + TEXINPUTS=../Texmf:$$TEXINPUTS pdflatex $(TOP) || true + TEXINPUTS=../Texmf:$$TEXINPUTS pdflatex $(TOP) + +clean: + rm -f *.aux *.dvi *.log + rm -f $(TOP).ps $(TOP).pdf $(TOP).bbl $(TOP).blg + + diff --git a/2005/flow-accounting-ols2005/OLS2005/TEMPLATES/autoauthor.tex b/2005/flow-accounting-ols2005/OLS2005/TEMPLATES/autoauthor.tex new file mode 100644 index 0000000..db66ba1 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/TEMPLATES/autoauthor.tex @@ -0,0 +1,100 @@ +% The file must begin with this \documentclass declaration. You can +% give one of three different options which control how picky LaTeX +% is when typesetting: +% +% galley - All ``this doesn't fit'' warnings are suppressed, and +% references are disabled (the key will be printed as a +% reminder). Use this mode while writing. +% +% proof - All ``this doesn't fit'' warnings are active, as are +% references. Overfull hboxes make ugly black blobs in +% the margin. Use this mode to tidy up formatting after +% you're done writing. (Same as article's ``draft'' mode.) +% +% final - As proof, but the ugly black blobs are turned off. Use +% this to render PDFs or PostScript to give to other people, +% when you're completely done. (As with article, this is the +% default.) +% +% You can also use the leqno, fleqn, or openbib options to article.cls +% if you wish. None of article's other options will work. + +%%% +%%% PLEASE CHANGE 'galley' to 'final' BEFORE SUBMITTING. THANKS! +%%% (to submit: "make clean" in the toplevel directory; tar and gzip *only* your directory; +%%% email the gzipped tarball to papers@linuxsymposium.org.) +%%% +\documentclass[galley]{ols} + +% These two packages allow easy handling of urls and identifiers per the example paper. +\usepackage{url} +\usepackage{zrl} + +% The following package is not required, but is a handy way to put PDF and EPS graphics +% into your paper using the \includegraphics command. +\ifpdf +\usepackage[pdftex]{graphicx} +\else +\usepackage{graphicx} +\fi + + +% Here in the preamble, you may load additional packages, or +% define whatever macros you like, with the following exceptions: +% +% - Do not mess with the page layout, either by hand or with packages +% (e.g., typearea, geometry). +% - Do not change the principal fonts, either by hand or with packages. +% - Do not use \pagestyle, or load any page header-related packages. +% - Do not redefine any commands having to do with article titles. +% - If you are using something that is not part of the standard +% tetex-2 distribution, please make a note of whether it's on CTAN, +% or include a copy with your submission. +% + +\begin{document} + +% Mandatory: article title specification. +% Do not put line breaks or other clever formatting in \title or +% \shortauthor; these are moving arguments. + +\title{__TITLE__} +\subtitle{__SUBTITLE__} % Subtitle is optional. +\date{} % You can put a fixed date in if you wish, + % allow LaTeX to use the date of typesetting, + % or use \date{} to have no date at all. + % Whatever you do, there will not be a date + % shown in the proceedings. + +\shortauthor{__AUTHOR__} % Just you and your coauthors' names. +% for example, \shortauthor{A.N.\ Author and A.\ Nother} +% or perchance \shortauthor{Smith, Jones, Black, White, Gray, \& Greene} + +\author{% Authors, affiliations, and email addresses go here, like this: +__AUTHOR__ \\ +{\itshape Your affiliation}\\ +{\ttfamily\normalsize your-address@example.com}\\ +% \and +% Bob \\ +% {\itshape Bob's affiliation.}\\ +% {\ttfamily\normalsize bob@example.com}\\ +} % end author section + +\maketitle + +\begin{abstract} +% Article abstract goes here. +\input{__ABSTRACT__} +\end{abstract} + +% Body of your article goes here. You are mostly unrestricted in what +% LaTeX features you can use; however, the following will not work: +% \thispagestyle +% \marginpar +% table of contents +% list of figures / tables +% glossaries +% indices + +\end{document} + diff --git a/2005/flow-accounting-ols2005/OLS2005/Texmf/addAuthor.sh b/2005/flow-accounting-ols2005/OLS2005/Texmf/addAuthor.sh new file mode 100755 index 0000000..0bdec4f --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/Texmf/addAuthor.sh @@ -0,0 +1,104 @@ +#!/bin/bash + +# This script should be called from the top OLS/GCC directory +# (eg the one that contains the Texmf directory) + +# gccsummit or linuxsymposium ... +export WEBSITE=linuxsymposium + +# Handle fatal errors +function die { + echo $* + exit 1 +} + +# Prepare new paper/author +function do_paper { + paper="$1" + author="$2" + bio="$3" + key="$4" + title="$5" + + Dir=$(echo "$author" | tr '[:upper:]' '[:lower:]' | awk '{ print $NF }') + echo Dir is $Dir + echo Paper is $paper + echo Author is $author + echo bio is $bio and key is $key + echo Title is "$title" + echo " " + Start=$PWD + MakeAdd="${Dir}/${Dir}-abstract.tex" + if [ ! -d $Dir ] ; then mkdir $Dir || die "cannot mkdir $Dir" ; fi + cd $Dir || die "cannot cd $Dir" + + if [ ! -r ${Dir}-abstract.tex ] ; then + ### CREATE ABSTRACT (pull from $WEBSITE if available) + if [ $key -ne 0 ] ; then + links -dump 'http://www.'${WEBSITE}'.org/2005/view_abstract.php?content_key='$key > ${Dir}-abstract.tex + else + echo " " > ${Dir}-abstract.tex + fi + fi + + if [ ! -r Makefile.inc ] ; then + ### CREATE Makefile.inc + cat > Makefile.inc <<EOF +PAPERS += ${Dir}/${Dir}.dvi + +## Add any additional .tex or .eps files below: +${Dir}/${Dir}.dvi ${Dir}/${Dir}-proc.dvi: \\ + ${Dir}/${Dir}.tex \\ + ${Dir}/${Dir}-abstract.tex + +EOF + fi + if [ ! -r ${Dir}.tex ] ; then + ### CREATE BLANK PAPER + ## __TITLE__ __SUBTITLE__ __AUTHOR__ __ABSTRACT__ + echo 'title : "'${title}'"' + echo 'author : "'${author}'"' + addMake=$(basename $MakeAdd) + echo 'addMake: "'${addMake}'"' + cat $Start/TEMPLATES/autoauthor.tex | \ + sed -e "s|__TITLE__|${title}|g" | \ + sed -e 's|__SUBTITLE__| |g' | \ + sed -e "s|__AUTHOR__|${author}|g" | \ + sed -e 's|__ABSTRACT__|'${addMake}'|g' > ${Dir}.tex + fi + + cd $Start +} + +### Example usage... +## PAPER_ID=1 +## AUTHOR="Andrey Belevantsev" +## BIO_ID=0 +## CONTENT_KEY=11 +## TITLE="Improving GCC instruction scheduling for Itanium" + +## do_paper $PAPER_ID "$AUTHOR" $BIO_ID $CONTENT_KEY "$TITLE" +function do_help { + echo "Usage: $0 PAPER AUTHOR BIO_ID CONTENT_KEY TITLE" + echo "Paper = integer greater than last-used one for papers" + echo "Author = full author name, quoted" + echo "Bio_ID = number from conference website or 0 for not available" + echo "Content_Key = number for abstract from conference website, 0 for not available" + echo "Title = title of paper, quoted" +} + +if [ -z "$*" ] ; then + do_help + exit 0 +fi +if [[ "$1" = *help* ]] ; then + do_help + exit 0 +fi +if [[ "$1" = *-h* ]] ; then + do_help + exit 0 +fi + +do_paper ${@} + diff --git a/2005/flow-accounting-ols2005/OLS2005/Texmf/cprog.sty b/2005/flow-accounting-ols2005/OLS2005/Texmf/cprog.sty new file mode 100644 index 0000000..a336397 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/Texmf/cprog.sty @@ -0,0 +1,249 @@ +% This is CSTY.STY as received by email at december 1990 +% +% The cprog macros allow programs in C, C++, Pascal, and Modula-2 to be +% included directly into TeX documents. Program text is set in a Roman +% font, comments in slanted, and strings in typewriter. Operators such as +% <= are optionally combined into single symbols like $\le$. Keywords are +% *not* emphasised---I find this ugly and distracting. (By purest +% coincidence it would also be very hard to do.) +% +% These macros can be \input in plain TeX or used as a style file in LaTeX. +% They provide a convenient alternative to tgrind, particularly for program +% fragments embedded in documents. Full instructions for use appear in the +% macro package itself. +% +% +% \'Eamonn McManus <emcmanus@cs.tcd.ie> <emcmanus%cs.tcd.ie@cunyvm.cuny.edu> +% +% ASCII: !"#$%&'()*+,-./09:;<=>?@AZ[\]^_`az{|}~ +% + +% BEGIN: cprog.tex (or cprog.sty) - formatting of C programs +% By \'Eamonn McManus <emcmanus@cs.tcd.ie>. This file is not copyrighted. +% $Id: cprog.tex,v 1.4 90/09/12 23:21:26 emcmanus Exp $ + +% This allows C programs to be formatted directly by TeX. It can be +% invoked by \cprogfile{filename} or (in LaTeX) \begin{cprog} ... +% \end{cprog} or (in plain TeX) \cprog ... \end{cprog}. In LaTeX, the +% alternative form \begin{cprog*} is allowed, where spaces in C strings +% are printed using the `square u' character (like LaTeX {verbatim*}). +% In plain TeX, you have to use \csname cprog*\endcsname for this (sorry). +% If you are using \cprogfile, say \cprogttspacetrue beforehand if you +% want this effect. + +% The formatting is (necessarily) simple. C text is set in a normal Roman +% font, comments in a slanted font, and strings in a typewriter font, with +% spaces optionally made visible as the `square u' symbol. Tabs are +% expanded to four spaces (this does not look good when comments are +% aligned to the right of program text). Some pairs of input characters +% appear as single output characters: << <= >> >= != -> are respectively +% TeX's \ll \le \gg \ge \ne \rightarrow. Say \cprogpairsfalse to disable +% this. + +% You can escape to TeX within cprog text by defining an escape character. +% The character @ is suitable for C and Pascal. I have not tested other +% characters so they may interact badly with their existing definitions here. +% To define @ as the escape character, do \cprogescape@. Then within text +% you can do @ followed by TeX commands. These commands will be in a TeX +% group with the \catcodes of \{}% as normal. The commands are terminated +% by a newline, which is not considered part of the program text. + +% The fonts below can be changed to alter the setting of the various parts +% of the program. The \cprogbaselineskip parameter can be altered to +% change the line spacing. LaTeX's \baselinestretch is taken into account +% too. The indentation applied to the whole program is \cprogindent, +% initially 0. Before and after the program there are skips of +% \beforecprogskip and \aftercprogskip; the default values are \parskip +% and 0 respectively (since there will often be a \parskip after the +% program anyway). + +% If the source text is Pascal or Modula-2, say \pascaltrue or \modulatrue +% (respectively) before formatting it. This makes (* *) be recognised for +% comments instead of /* */. Braces {} are also recognised for Pascal. +% \pascalfalse or \modulafalse as appropriate restores the default of C. + +% This package works by making a large number of characters active. Since +% even spaces are active, it is possible to examine the next character in +% a macro by making it a parameter, rather than using \futurelet as one +% would normally do. This is more convenient, but the coding does mean +% that if the next character itself wants to examine a character it may +% look at a token from the macro rather than the input text. I think that +% all cases that occur in practice have been looked after. + +% The macros could still do with some work. For example, the big macro +% defined with [] taking the place of {} could be recoded to use {} and so +% be more legible. The internal macros etc should have @ in their names, +% and should be checked against LaTeX macros for clashes. + +% Allow multiple inclusion to go faster. + +\ifx\undefined\cprogsetup % The whole file. + +% Define the fonts used for program text, comments, and strings. +% Note that if \it is used for \ccommentfont, something will need to +% be done about $ signs, which come out as pounds sterling. +\let\ctextfont=\tt \let\ccommentfont=\sl \let\cstringfont=\tt + +% Parameters. Unfortunately \newdimen is \outer (\outerness is a mistake) +% so we need a subterfuge in case we are skipping the file. +\csname newdimen\endcsname\cprogbaselineskip \cprogbaselineskip=\baselineskip +\csname newdimen\endcsname\cprogindent \cprogindent=0pt +\csname newdimen\endcsname\cprogwidth % Gets default=\hsize when cprog invoked. +\csname newskip\endcsname\beforecprogskip \beforecprogskip=\parskip +\csname newskip\endcsname\aftercprogskip \aftercprogskip=0pt +\csname newif\endcsname\ifcprogttspace +\csname newif\endcsname\ifcprogpairs \cprogpairstrue +\csname newif\endcsname\ifpascal +\csname newif\endcsname\ifmodula % Same as Pascal but no {comments}. +{\def\junk{\fi\fi\fi\fi}} % If skipping. + +\let\cprogesc\relax +\begingroup \catcode`~=\active +\gdef\cprogescape#1{% + {\catcode`~=\active \uccode`~=`#1 \aftergroup\cprogescont + \uppercase{\aftergroup~}}} +\gdef\cprogescont#1{% + \def\cprogesc{% + \makeactive#1\def#1{% + \begingroup \catcode`\\0 \catcode`{1 \catcode`}2 \catcode`\%14 + \catcode` 10 \clinegroup{}}}} +\endgroup + +\def\makeactive#1{\catcode`#1=\active} \def\makeother#1{\catcode`#1=12} +{\obeyspaces\gdef\activespace{ } \obeylines\gdef\activecr{^^M}} +{\catcode`|=\catcode`\\ \makeactive\\ |gdef|activebackslash{\}} +{\catcode9=\active \gdef\activetab{^^I}} + +% The following group makes many characters active, so that their catcodes +% in the \cprogchars macro are active, allowing them to be defined. We +% could alternatively define more stuff like \activebackslash and use +% \expandafter or (carefully) \edef to expand these in the macro. +\begingroup +\catcode`[=\catcode`{ \catcode`]=\catcode`} +\makeactive! \makeactive" \makeactive' \makeactive( \makeactive* \makeactive- +\makeactive/ \makeactive< \makeactive> \makeactive? \makeactive^ \makeactive_ +\makeactive\{ \makeactive| \makeactive\} +\gdef\activestar[*] +\gdef\cprogchars[% + \makeother##\makeother$\makeother&\makeother\%\makeother^% + \makeactive"\makeactive'\makeactive*\makeactive?\makeactive{\makeactive}% + \makeactive}\makeactive\\\makeactive_\expandafter\makeactive\activetab% + \makeactive!\makeactive<\makeactive>\makeactive-\makeactive|% + \ifcprogpairs + \def!##1[\ifx=##1$\ne$\else\string!\null##1\fi]% + \def-##1[\ifx>##1$\rightarrow$\else$\string-$##1\fi]% + % We use \aftergroup in < and > to deal with the fact that #1 might + % itself examine the following character. + \def<##1[[$\ifx<##1\ll$\else\ifx=##1\le$\else + \ifx>##1\ifpascal\ne$\else\string<$\aftergroup>\fi + \else \string<$\aftergroup##1\fi\fi\fi]]% + \def>##1[[$\ifx>##1\gg$\else\ifx=##1\ge$\else + \string>$\aftergroup##1\fi\fi]]% + \else \def![\string!\null]% Avoid !` ligature. + \def-[$\string-$]\def<[$\string<$]\def>[$\string>$]% + \fi + \def?[\string?\null]% Avoid ?` ligature. + \def"[\cquote"[\tt\string"]]\def'[\cquote'[\tt\ttquote]]\def*[$\string*$]% + \ifmodula \pascaltrue \fi % Except that {...} is used for sets. + \ifpascal + \ifmodula \dulllbrace \else + \def{[\begingroup \dulllbrace{\ccommentsetup\def}[\/\endgroup }]]% + \fi \makeactive(\let(=\pascalcomment \makeactive^\def^[$\uparrow$]% + \else \dulllbrace\makeactive/\let/=\ccomment + \fi + \def}[$\}$]\def|[$\string|$]\def~[$\sim$]\let_\_% + \expandafter\def\activebackslash[$\backslash$]% + \obeyspaces \expandafter\def\activespace[\leavevmode\space]% + \expandafter\def\activetab[\ \ \ \ ]% + \obeylines \expandafter\def\activecr[\strut\par]] +\gdef\cprogarg[\expandafter\def\activebackslash##1[\ifx##1e\let\next\cprogend + \else$\backslash$\let\next##1\fi\next]\eatcr] +\gdef\cprogend nd#1{cprog#2}[\endcprogarg] % #1 can be space, #2 *. +\gdef\dulllbrace[\def{[$\{$]] +\endgroup + +\chardef\ttquote=13 % Undirected single quote. +\begingroup \makeactive" \makeactive' \makeactive! +\gdef\cquote#1#2{% #1 is the quote, " or ', #2 how to set it. + \begingroup #2\cstringfont \makeactive\\% + \ifpascal \makeother\\\makeother^% + \else \expandafter\let\activebackslash\quotebackslash + \fi + \expandafter\edef\activespace{\ifcprogttspace\char`\ \else\ \fi}% + \expandafter\let\activecr=\unclosedstring + \def!{\string!\null}% No !` ligature. + \makeother*\makeother-\makeother/\makeother<\makeother>% + \makeother_\makeother\{\makeother\}\makeother|\makeother~% + \ifx"#1\let'\ttquote \else \makeother"\fi + \def#1{#2\endgroup}} +\endgroup +\csname newhelp\endcsname\cprogunclosedstr{% +A string or character constant earlier in the line was unclosed.^^JSo +I'm closing it now.} +\def\unclosedstring{% + \escapechar-1% + \errhelp\cprogunclosedstr + \errmessage{Unclosed string}% + \endgroup} +\newlinechar=`^^J +\def\quotebackslash#1{\char`\\% + \expandafter\ifx\activecr#1\strut\par + \else\if'\noexpand#1\ttquote\else\string#1\fi\fi} + +% In a comment, we shrink the width of the opening / to that of a space so +% that the stars in multiline comments will line up. We also shrink the +% closing * for symmetry, but not in Pascal where it looks nasty. +% Note that \end{cprog} is not recognised in strings or comments. +\def\spacebox#1{\leavevmode \hbox to \spaceskip{#1\hss}} + +\begingroup \makeactive* \makeactive! \makeother/ +\gdef\ccommentsetup{\ccommentfont \makeother-\makeother'\makeother"\makeother/% + \def!{\string!\null}\expandafter\def\activebackslash{$\backslash$}} +\gdef\ccomment#1{% + \let\next\relax + \ifx#1*\bgroup \ccommentsetup + \spacebox{\ctextfont\string/}*% + \makeactive*\def*{\commentstar/}% + \else\if\noexpand#1/\begingroup //\ccommentsetup \clinegroup\activecr + \else \string/\let\next#1% + \fi\fi\next} +\gdef\pascalcomment#1{% + \ifx#1*\bgroup \ccommentsetup \let\next\dulllbrace \makeother(% + \spacebox{\ctextfont\string(}*\makeactive*\def*{\commentstar)}% + \else (\let\next#1\fi \next} +\obeylines \long\gdef\clinegroup#1#2^^M{#2\endgroup#1}% +\endgroup +\def\commentstar#1#2{% + {\if#1\noexpand#2\egroup \ifpascal\else\aftergroup\spacebox\fi\fi}{$*$}#2} + +% We usually have an active ^^M after \cprog or \begin{cprog}. +\def\eatcr#1{{\expandafter\ifx\activecr#1\else\aftergroup#1\fi}} + +% Expand to stretch and shrink (plus and minus) of parameter #1. +\def\stretchshrink#1{\expandafter\eatdimenpart\the#1 \end} +\def\eatdimenpart#1 #2\end{#2} + +\ifx\undefined\baselinestretch \def\baselinestretch{1}\fi + +\def\cprogsetup{\ctextfont \cprogchars \parskip=0pt\stretchshrink\parskip + \ifdim \cprogwidth=0pt \else \hsize\cprogwidth \fi + \cprogesc \spaceskip\fontdimen2\font \xspaceskip\spaceskip + \baselineskip=\baselinestretch\cprogbaselineskip \parindent=\cprogindent + \vskip\beforecprogskip} +\def\endcprog{\endgroup \vskip\aftercprogskip} +\def\cprogfile#1{\begingroup \cprogsetup \input#1\endcprog} +\def\cprog{\begingroup \cprogttspacefalse \cprogsetup \cprogarg} +% Like {verbatim*}, {cprog*} uses `square u' for spaces in quoted strings. +\expandafter\def\csname cprog*\endcsname{% + \begingroup \cprogttspacetrue \cprogsetup \cprogarg} +\expandafter\let\csname endcprog*\endcsname=\endcprog +% In LaTeX we need to call \end{cprog} properly to close the environment, +% whereas in plain TeX this will end the job. The test for LaTeX is not +% bulletproof, but most plain TeX documents don't refer to the LaTeX logo. +\ifx\undefined\LaTeX \let\endcprogarg=\endcprog +\else \def\endcprogarg{\ifcprogttspace\end{cprog*}\else\end{cprog}\fi} +\fi + +\fi % \ifx\undefined\cprogsetup + +\endinput diff --git a/2005/flow-accounting-ols2005/OLS2005/Texmf/createLocalInclude b/2005/flow-accounting-ols2005/OLS2005/Texmf/createLocalInclude new file mode 100755 index 0000000..728df1e --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/Texmf/createLocalInclude @@ -0,0 +1,6 @@ +#!/bin/bash + +au=$(basename $PWD)/; + +cat Makefile.inc | sed -e 's|'$au'||g' > Makefile.inc.local + diff --git a/2005/flow-accounting-ols2005/OLS2005/Texmf/individualMakefile b/2005/flow-accounting-ols2005/OLS2005/Texmf/individualMakefile new file mode 100644 index 0000000..0b82f8d --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/Texmf/individualMakefile @@ -0,0 +1,78 @@ +# Makefile for individual papers. Very ugly hack; you may wish +# to create something based on the Protomake file if you're not +# well versed in GNU Make. + +# Instructions: edit Makefile.inc to list your targets, as usual. +# This file should Just Work with it. + +# Tools - some of the dvi programs are from dviutils-1.0-9.rpm +# pdftk is from the identically named package, pdftk. +# You should not need either package for an individual paper. +LATEX = latex +BIBTEX = bibtex +DVIPS = dvips +DVIPDF = dvipdfm +DVICONCAT = dviconcat +# EXTRATEX = /usr/share/texmf: + + +# Set DIRS to be the current directory only. +ifeq ($(DIRS),) +DIRS := . +endif +## proceedings ProcSeq.mk + +# This creates a version of Makefile.inc that is suitable +# for use in the current directory. Kludgy but effective. +SUBMAKES := $(DIRS:=/Makefile.inc.local) +$(shell ../Texmf/createLocalInclude) +include $(SUBMAKES) + +all: $(PAPERS) + +# $(space) expands to a single space. +space := $(empty) $(empty) +SEARCHPATH := $(subst $(space),:,$(DIRS)): # intentional trailing colon + +# Render PDF and PostScript for each individual paper. +PS = $(PAPERS:.dvi=.ps) +PDF = $(PAPERS:.dvi=.pdf) + +papers: $(PS) $(PDF) +# proceedings: Proceedings.ps Proceedings.pdf + +clean: + rm -f $(PAPERS) $(PS) $(PDF) + rm -f $(PAPERS:.dvi=.aux) $(PAPERS:.dvi=.oaux) $(PAPERS:.dvi=.log) + rm -f $(PAPERS:.dvi=.bbl) $(PAPERS:.dvi=.blg) + rm -f $(PAPERS:.dvi=-proc.tex) $(PAPERS:.dvi=-proc.stmp) + rm -f $(PAPERS:.dvi=-proc.dvi) $(PAPERS:.dvi=-proc.log) + rm -f $(PAPERS:.dvi=-proc.aux) $(PAPERS:.dvi=-proc.oaux) + rm -f $(PAPERS:.dvi=-proc.bbl) $(PAPERS:.dvi=-proc.blg) + + +# Pattern rules. Generation of PDF/PS from DVI is straightforward. +%.pdf: %.dvi + cd $(@D) && $(DVIPDF) -o $(@F) $(<F) + +%.ps: %.dvi + cd $(@D) && $(DVIPS) -q -o $(@F) $(<F) + +.fig.eps: + fig2dev -L eps $< >$@ + +.fig.pdf: + fig2dev -L pdf $< >$@ + + +# Properly regenerating a .dvi file from the corresponding .tex file +# requires running LaTeX (and possibly BibTeX) in a loop. GNU make +# cannot be coded to do this, so we have a helper script to do it. +# We read the .aux files for nefarious purposes, so make needs to be +# aware that this operation generates them too. +%.dvi %.aux: %.tex + cd $(@D) && TEXINPUTS=../Texmf:$$TEXINPUTS ../Texmf/latex2dvi $(*F) + +.PHONY: all papers proceedings clean +.SECONDARY: # Never delete intermediate files. + diff --git a/2005/flow-accounting-ols2005/OLS2005/Texmf/latex2dvi b/2005/flow-accounting-ols2005/OLS2005/Texmf/latex2dvi new file mode 100755 index 0000000..8def593 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/Texmf/latex2dvi @@ -0,0 +1,50 @@ +#! /bin/sh + +# This helper script runs pdflatex, LaTeX, and/or BibTeX in a loop until the output file +# (DVI/PDF) stabilizes. + +if [ $# -ne 1 ]; then + echo "usage: $0 TEX-FILE" >&2 + exit 2 +fi + + +input="${1%.tex}" +aux="$1".aux +oaux="$1".oaux + +# Go through the procedure twice; once for LaTeX to +# generate a stable DVI file, then once with pdflatex +# to generate a stable PDF file. We really do want both... + +for LATEX in latex pdflatex ; do + rm -f "$aux" "$oaux" + + # Run LATEX once. The output file we get from this is probably junk, but + # what we're interested in is the .aux file. If it fails, abort. + echo "+ $LATEX -interaction=nonstopmode \"$input\"" + $LATEX -interaction=nonstopmode "$input" || exit 1 + + # Determine whether we need to run BibTeX. This (should) only ever have + # to be done once. Again, if BibTeX fails, abort. + if grep -q bibdata "$aux"; then + echo "+ bibtex \"$input\"" + bibtex "$input" || exit 1 + fi + + # Save the old .aux file. + cp "$aux" "$oaux" + + # Now run LaTeX over and over again until the .aux file stops changing. + # We use \batchmode for these cycles - the user has already seen any + # diagnostics of interest. + while :; do + echo "+ $LATEX -interaction=batchmode \"$input\"" + $LATEX -interaction=batchmode "$input" || exit 1 + if cmp -s "$aux" "$oaux"; then + break + fi + cp "$aux" "$oaux" + done + +done diff --git a/2005/flow-accounting-ols2005/OLS2005/Texmf/make-toc b/2005/flow-accounting-ols2005/OLS2005/Texmf/make-toc new file mode 100755 index 0000000..3998ea1 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/Texmf/make-toc @@ -0,0 +1,38 @@ +#! /bin/sh + +# Generate a table of contents for the proceedings, listing all of the +# papers with their short authors. Each entry in the table of contents +# is a line like this: +# +# \item \textbf{Name of paper\hspace{\fill}pageno}\\ +# \textit{A.N. Author} +# +# The data comes from two lines in each .aux file, which look like this: +# +# \@writefile{toc}{\contentsline {toctitle}{Name of Paper}{pageno}} +# \@writefile{toc}{\contentsline {tocauthor}{A.N. Author}{pageno}} + + +if [ $# -lt 2 ]; then + echo "usage: $0 output inputs..." >&2 + exit 2 +fi + +output="$1" +shift + +for auxfile in "$@"; do + titleline=$(sed -ne 's|\\@writefile{toc}{\\contentsline {toctitle}{||p' \ + "$auxfile" | sed -e 's/}}$//') + author=$(sed -ne 's|\\@writefile{toc}{\\contentsline {tocauthor}{||p' \ + "$auxfile" | sed -e 's/}{[0-9][0-9]*}}$//') + + title=$(printf '%s\n' "$titleline" | sed -e 's/}{.*$//') + pageno=$(printf '%s\n' "$titleline" | sed -e 's/.*}{//') + + printf '\\item \\textbf{%s\\hspace{\\fill}%s}\\\\\n' "$title" "$pageno" + printf ' \\textit{%s}\n' "$author" + +done > "$output"T + +./Texmf/move-if-change "$output"T "$output" diff --git a/2005/flow-accounting-ols2005/OLS2005/Texmf/make-wrapper b/2005/flow-accounting-ols2005/OLS2005/Texmf/make-wrapper new file mode 100755 index 0000000..820bb83 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/Texmf/make-wrapper @@ -0,0 +1,24 @@ +#! /bin/sh + +if [ $# -eq 2 ]; then + output="${2%.stmp}.tex" + page=1 +elif [ $# -eq 3 ]; then + output="${3%.stmp}.tex" + page=$(sed -ne 's:^\\newlabel{NextPage}{{}{\([0-9][0-9]*\)}}$:\1:p' "$2") +else + echo "usage: $0 defs-file [prior-aux-file] output" >&2 + exit 2 +fi + +defs="$1" +wrapped="${output%-proc.tex}.tex" +wrapped="${wrapped#*/}" +{ + cat "$defs" + echo '\def\ProcPage{'$page'}' + echo '\input' "$wrapped" +} > "${output}T" + +./Texmf/move-if-change "${output}T" "$output" +exit 0 diff --git a/2005/flow-accounting-ols2005/OLS2005/Texmf/move-if-change b/2005/flow-accounting-ols2005/OLS2005/Texmf/move-if-change new file mode 100755 index 0000000..ee1b348 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/Texmf/move-if-change @@ -0,0 +1,32 @@ +#!/bin/sh + +# Copyright (C) 1996 Free Software Foundation, Inc. +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + +if +test -r $2 +then +if +cmp $1 $2 > /dev/null +then +echo $2 is unchanged +rm -f $1 +else +mv -f $1 $2 +fi +else +mv -f $1 $2 +fi diff --git a/2005/flow-accounting-ols2005/OLS2005/Texmf/ols.cls b/2005/flow-accounting-ols2005/OLS2005/Texmf/ols.cls new file mode 100644 index 0000000..bfa1a60 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/Texmf/ols.cls @@ -0,0 +1,248 @@ +%% +%% 'ols.cls': Ottawa Linux Symposium house style. +%% +%% Based on Usenix/IEEE style file by Matthew Ward, David Beazley, +%% De Clarke, et al. Revised for OLS by John Lockhart. Rewritten as +%% a class file, and 'proceedings' mode added, by Zack Weinberg. +%% +%% +\NeedsTeXFormat{LaTeX2e}[1995/12/01] +\ProvidesClass{ols}[2005/01/31 v1.1 Ottawa Linux Symposium house style] + +% This class faces a dilemma. On the one hand, article.cls does a lot +% of work which we would prefer not to duplicate. On the other hand, +% a surprisingly large amount of that work is wrong for OLS style, +% particularly in proceedings mode, and has to be overridden. +% Presently I think the tradeoff is in favor of reading article.cls +% and then overriding big chunks of it. + +% Options: formatting mode. +% Galley mode suppresses everything that gets in the way of +% composition: page numbers, references, and as many 'this doesn't +% fit' type diagnostics as possible. +\newif\if@galley % checked by \ref wrapper +\newif\if@proceedings % checked by \maketitle etc. + +\DeclareOption{galley} + {\@galleytrue\@proceedingsfalse% + \setlength{\overfullrule}{0pt}% + \hbadness10000\vbadness10000\tolerance10000\let\@largefloatcheck\@empty% + \AtBeginDocument{\pagestyle{empty}}} +% Proof mode corresponds to standard article.cls' ``draft'' mode. +\DeclareOption{proof} + {\@galleyfalse\@proceedingsfalse% + \setlength{\overfullrule}{5pt}} +% Final mode corresponds to standard article.cls' ``final'' mode. +% This is the default. +\DeclareOption{final} + {\@galleyfalse\@proceedingsfalse% + \setlength{\overfullrule}{0pt}} +% Proceedings mode is used when formatting the entire proceedings as +% one volume. In this mode, we use fancy page headings, leave a +% gutter for binding, inject a blank page at the end of the document +% if it ends on a right-hand page, and write out some extra +% information for use by the scripts that glue all the .dvi files +% together. +\DeclareOption{proceedings} + {\@galleyfalse\@proceedingstrue + \setlength{\overfullrule}{0pt}% + \PassOptionsToPackage{twoside}{geometry}% + \PassOptionsToClass{twoside}{article}% + \AtBeginDocument{\pagestyle{proceedings}}} + +% Enable use of article.cls leqno,fleqn,openbib options. +\DeclareOption{leqno}{\PassOptionsToClass{leqno}{article}} +\DeclareOption{fleqn}{\PassOptionsToClass{fleqn}{article}} +\DeclareOption{openbib}{\PassOptionsToClass{openbib}{article}} + +\ExecuteOptions{final} +\ProcessOptions\relax + +\LoadClass[12pt,twocolumn]{article} + +% Global page layout. The author does not get a choice: 12 point +% text, two columns, US letter paper, no marginal notes. The geometry +% package does most of the work. +% If your version of the geometry package is too old, +% please get a new one from http://www.ctan.org, or ask "papers" for help. +\RequirePackage[paper=letterpaper,textheight=9in,textwidth=6.5in,% + heightrounded,twocolumn,columnsep=0.25in]{geometry}[2002/07/08] % >= v3.2 +\setlength\columnseprule{0pt} + +% Blank-line-between-paragraphs style. +\setlength\parindent{\z@} +\setlength\parskip{12\p@ \@plus3\p@ \@minus3\p@} + +% Section titles are bold and 18 point, 2 blank lines before, 1 after. +\renewcommand\section% + {\@startsection {section}{1}{\z@}% + {24\p@ \@plus6\p@ \@minus6\p@}% + {12\p@ \@plus3\p@ \@minus3\p@}% + {\large\bfseries}} + +% Subsection titles are bold and 12 point, 1 blank line before, 1 after. +\renewcommand\subsection% + {\@startsection {subsection}{2}{\z@}% + {12\p@ \@plus3\p@ \@minus3\p@}% + {12\p@ \@plus3\p@ \@minus3\p@}% + {\normalsize\bfseries}} + +% Font and encoding choice. To consider: a different choice of fonts +% might be more pleasant. +\RequirePackage[T1]{fontenc} +\RequirePackage{mathptmx} +%% times and mathptmx both set up tt/sans +% \RequirePackage[scaled=.92]{helvet} +% \RequirePackage{courier} +\RequirePackage{times} + + + +% Title handling. The article.cls definition of \maketitle and +% \@maketitle must be completely overridden. For \maketitle, the +% principal differences are the removal of the undesirable +% \thispagestyle, the removal of the unnecessary single-column logic, +% and the added logic to handle proceedings mode. For \@maketitle, +% the principal change is the addition of \subtitle. + +% Define \shortauthor along the lines of \author; the \author value +% tends to contain stuff that cannot be safely written to a toc file +% (and to be too long, to boot). Same same \subtitle. +\def\shortauthor#1{\gdef\@shortauthor{#1}} +\def\@shortauthor{\@latex@error{No \noexpand\shortauthor given}\@ehc} +\def\subtitle#1{\gdef\@subtitle{\\{\normalsize #1}}} +\def\@subtitle{} % You don't have to have a subtitle. + +\renewcommand\maketitle{\par + \if@proceedings + \date{}% Do not print a date in the proceedings. + % Write out a table-of-contents fragment giving the paper title and + % authors. + \addcontentsline{toc}{toctitle}{\@title}% + \addcontentsline{toc}{tocauthor}{\@shortauthor}% + \fi + \begingroup + \renewcommand\thefootnote{\@fnsymbol\c@footnote}% + \def\@makefnmark{\rlap{\@textsuperscript{\normalfont\@thefnmark}}}% + \long\def\@makefntext##1{\parindent 1em\noindent + \hb@xt@1.8em{% + \hss\@textsuperscript{\normalfont\@thefnmark}}##1}% + \ifnum \col@number=\@ne + \@maketitle + \else + \twocolumn[\@maketitle]% + \fi + \endgroup + \setcounter{footnote}{0}% + \global\let\thanks\relax + \global\let\maketitle\relax + \global\let\@maketitle\relax + \global\let\@thanks\@empty + \global\let\@author\@empty + \global\let\@shortauthor\@empty + \global\let\@date\@empty + % In proceedings, \@title is preserved for use in left-hand-page headers. + \if@proceedings \else + \global\let\@title\@empty + \fi + \global\let\title\relax + \global\let\author\relax + \global\let\shortauthor\relax + \global\let\date\relax + \global\let\and\relax +} + +\renewcommand\@maketitle{% + \newpage + \null + \vskip 2em% + \begin{center}% + \let \footnote \thanks + {\LARGE \@title \@subtitle \par}% + \vskip 1.5em% + {\large + \lineskip .5em% + \begin{tabular}[t]{c}% + \@author + \end{tabular}\par}% + \vskip 1em% + {\large \@date}% + \end{center}% + \par + \vskip 1.5em} + +% Proceedings page style. +% The wrapper file is expected to define \ProcName. +\newcommand\ps@proceedings{% + % No footers. + \let\@oddfoot\@empty + \let\@evenfoot\@empty + % Odd header gives the page number and name of the proceedings volume. + \renewcommand\@oddhead{% + \leaders\hrule\hfil\kern0.25em\relax + {\slshape \ProcName}~~\textbullet~~\thepage} + % Even header gives the page number and title of the current + % article. + \renewcommand\@evenhead{% + \thepage~~\textbullet~~{\slshape \@title} \kern0.25em \leaders\hrule\hfil} +} + +% Special begin-document and end-document handling for proceedings +% mode. The wrapper file is expected to define \ProcPage. +\if@proceedings + \AtBeginDocument{\setcounter{page}{\ProcPage}\thispagestyle{empty}} + \AtEndDocument{\cleardoublepage + % This is sorta like lastpage.sty, and sorta not (it generates the + % page number of the first page of the next document, not the page + % number of the last page of this document). The \immediate is + % necessary because we just did \cleardoublepage, so there isn't + % going to be another invocation of the output routine. + \immediate\write\@auxout{\string\newlabel{NextPage}{{}{\thepage}}}} +\fi + +% In galley mode, cross-references are suppressed: \label is ignored, +% \ref, \pageref, \cite print ``[refname]'' in typewriter font. The +% point is mainly to make LaTeX shut up about undefined references +% while one is composing. (If you use varioref, we cannot help you.) +\if@galley + \renewcommand{\label}[1]{} + \renewcommand{\ref}[1]% + {{\footnotesize\ttfamily\bfseries [#1]}} + \let\pageref=\ref + \let\cite=\ref +\fi + +% Prevent the use of a number of commands whose functionality is +% incompatible with the paper-concatenation logic or the page layout. +\newcommand\@notproceedings[3]{% + \renewcommand{#1}[#2]{% + \ClassError{ols}{\string #1 not supported.}% + {Papers to be collected into proceedings may not have #3.% + \MessageBreak Press RETURN to ignore and continue.}}} + +\newcommand\@notlayout[3]{% + \renewcommand{#1}[#2]{% + \ClassError{ols}{\string #1 not supported.}% + {This page layout does not permit #3.% + \MessageBreak Press RETURN to ignore and continue.}}} + +\@notlayout{\marginpar}{1}{marginal notes} +% For now, allow \thispagestyle because FrontMatter needs it. +%\@notlayout{\thispagestyle}{1}{page style overrides} +\@notproceedings{\tableofcontents}{0}{tables of contents} +\@notproceedings{\listoffigures}{0}{lists of figures} +\@notproceedings{\listoftables}{0}{lists of tables} +\@notproceedings{\glossary}{1}{glossaries} +\@notproceedings{\index}{1}{indices} + +% Provide a means to tell if we're running under pdflatex +\newif\ifpdf +\ifx\pdfoutput\undefined +\pdffalse +\else +\pdfoutput=1 +\pdftrue +\fi + + +\endinput diff --git a/2005/flow-accounting-ols2005/OLS2005/Texmf/underscore.sty b/2005/flow-accounting-ols2005/OLS2005/Texmf/underscore.sty new file mode 100644 index 0000000..a274b39 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/Texmf/underscore.sty @@ -0,0 +1,232 @@ +% underscore.sty 12-Oct-2001 Donald Arseneau asnd@triumf.ca +% Make the "_" character print as "\textunderscore" in text. +% Copyright 1998,2001 Donald Arseneau; Distribute freely if unchanged. +% Instructions follow after the definitions. + +\ProvidesPackage{underscore}[2001/10/12] + +\begingroup + \catcode`\_=\active + \gdef_{% \relax % No relax gives a small vulnerability in alignments + \ifx\if@safe@actives\iftrue % must be outermost test! + \string_% + \else + \ifx\protect\@typeset@protect + \ifmmode \sb \else \BreakableUnderscore \fi + \else + \ifx\protect\@unexpandable@protect \noexpand_% + \else \protect_% + \fi\fi + \fi} +\endgroup + +% At begin: set catcode; fix \long \ttdefault so I can use it in comparisons; +\AtBeginDocument{% + {\immediate\write\@auxout{\catcode\number\string`\_ \string\active}}% + \catcode\string`\_\string=\active + \edef\ttdefault{\ttdefault}% +} + +\newcommand{\BreakableUnderscore}{\leavevmode\nobreak\hskip\z@skip + \ifx\f@family\ttdefault \string_\else \textunderscore\fi + \usc@dischyph\nobreak\hskip\z@skip} + +\DeclareRobustCommand{\_}{% + \ifmmode \nfss@text{\textunderscore}\else \BreakableUnderscore \fi} + +\let\usc@dischyph\@dischyph +\DeclareOption{nohyphen}{\def\usc@dischyph{\discretionary{}{}{}}} +\DeclareOption{strings}{\catcode`\_=\active} + +\ProcessOptions +\ifnum\catcode`\_=\active\else \endinput \fi + +%%%%%%%% Redefine commands that use character strings %%%%%%%% + +\@ifundefined{UnderscoreCommands}{\let\UnderscoreCommands\@empty}{} +\expandafter\def\expandafter\UnderscoreCommands\expandafter{% + \UnderscoreCommands + \do\include \do\includeonly + \do\@input \do\@iinput \do\InputIfFileExists + \do\ref \do\pageref \do\newlabel + \do\bibitem \do\@bibitem \do\cite \do\nocite \do\bibcite +} + +% Macro to redefine a macro to pre-process its string argument +% with \protect -> \string. +\def\do#1{% Avoid double processing if user includes command twice! + \@ifundefined{US\string_\expandafter\@gobble\string#1}{% + \edef\@tempb{\meaning#1}% Check if macro is just a protection shell... + \def\@tempc{\protect}% + \edef\@tempc{\meaning\@tempc\string#1\space\space}% + \ifx\@tempb\@tempc % just a shell: hook into the protected inner command + \expandafter\do + \csname \expandafter\@gobble\string#1 \expandafter\endcsname + \else % Check if macro takes an optional argument + \def\@tempc{\@ifnextchar[}% + \edef\@tempa{\def\noexpand\@tempa####1\meaning\@tempc}% + \@tempa##2##3\@tempa{##2\relax}% + \edef\@tempb{\meaning#1\meaning\@tempc}% + \edef\@tempc{\noexpand\@tempd \csname + US\string_\expandafter\@gobble\string#1\endcsname}% + \if \expandafter\@tempa\@tempb \relax 12\@tempa % then no optional arg + \@tempc #1\US@prot + \else % There is optional arg + \@tempc #1\US@protopt + \fi + \fi + }{}} + +\def\@tempd#1#2#3{\let#1#2\def#2{#3#1}} + +\def\US@prot#1#2{\let\@@protect\protect \let\protect\string + \edef\US@temp##1{##1{#2}}\restore@protect\US@temp#1} +\def\US@protopt#1{\@ifnextchar[{\US@protarg#1}{\US@prot#1}} +\def\US@protarg #1[#2]{\US@prot{{#1[#2]}}} + +\UnderscoreCommands +\let\do\relax \let\@tempd\relax % un-do + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + +\endinput + +underscore.sty 12-Oct-2001 Donald Arseneau + +Features: +~~~~~~~~~ +\_ prints an underscore so that the hyphenation of constituent words +is not affected and hyphenation is permitted after the underscore. +For example, "compound\_fracture" hyphenates as com- pound_- frac- ture. +If you prefer the underscore to break without a hyphen (but still with +the same rules for explicit hyphen-breaks) then use the [nohyphen] +package option. + +A simple _ acts just like \_ in text mode, but makes a subscript in +math mode: activation_energy $E_a$ + +Both forms use an underscore character if the font encoding contains +one (e.g., "\usepackage[T1]{fontenc}" or typewriter fonts in any encoding), +but they use a rule if the there is no proper character. + +Deficiencies: +~~~~~~~~~~~~~ +The skips and penalties ruin any kerning with the underscore character +(when a character is used). However, there doesn't seem to be much, if +any, such kerning in the ec fonts, and there is never any kerning with +a rule. + +You must avoid "_" in file names and in cite or ref tags, or you must use +the babel package, with its active-character controls, or you must give +the [strings] option, which attempts to redefine several commands (and +may not work perfectly). Even without the [strings] option or babel, you +can use occasional underscores like: "\include{file\string_name}". + +Option: [strings] +~~~~~~~~~~~~~~~~~ +The default operation is quite simple and needs no customization; but +you must avoid using "_" in any place where LaTeX uses an argument as +a string of characters for some control function or as a name. These +include the tags for \cite and \ref, file names for \input, \include, +and \includegraphics, environment names, counter names, and placement +parameters (like "[t]"). The problem with these contexts is that they +are `moving arguments' but LaTeX does not `switch on' the \protect +mechanism for them. + +If you need to use the underscore character in these places, the package +option [strings] is provided to redefine commands taking a string argument +so that the argument is protected (with \protect -> \string). The list +of commands is given in "\UnderscoreCommands", with "\do" before each, +covering \cite, \ref, \input, and their variants. Not included are many +commands regarding font names, everything with counter names, environment +names, page styles, and versions of \ref and \cite defined by external +packages (e.g. \vref and \citeyear). + +You can add to the list of supported commands by defining \UnderscoreCommands +before loading this package; e.g. + + \usepackage{chicago} + \newcommand{\UnderscoreCommands}{% (\cite already done) + \do\citeNP \do\citeA \do\citeANP \do\citeN \do\shortcite + \do\shortciteNP \do\shortciteA \do\shortciteANP \do\shortciteN + \do\citeyear \do\citeyearNP + } + \usepackage[strings]{underscore} + +Not all commands can be supported this way! Only commands that take a +string argument *first* can be protected. One optional argument before +the string argument is also permitted, as exemplified by \cite: both +\cite{tags} and \cite[text]{tags} are allowed. A command like +\@addtoreset which takes two counter names as arguments could not +be protected by adding it to \UnderscoreCommands. + +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!! When you use the [strings] option, you must load this package !! +!! last (or nearly last). !! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + +There are two reasons: 1) The redefinitions done for protection must come +after other packages define their customized versions of those commands. +2) The [strings] option requires the _ character to be activated immediately +in order for the cite and ref tags to be read properly from the .aux file +as plain strings, and this catcode setting might disrupt other packages. + +The babel package implements a protection mechanism for many commands, +and will be a complete fix for most documents without the [strings] option. +Many add-on packages are compatible with babel, so they will get the +strings protection also. However, there are several commands that are +not covered by babel, but can easily be supported by the [strings] and +\UnderscoreCommands mechanism. Beware that using both [strings] and babel +may lead to conflicts, but does appear to work (load babel last). + +Implementation Notes: +~~~~~~~~~~~~~~~~~~~~~ +The first setting of "_" to be an active character is performed in a local +group so as to not interfere with other packages. The catcode setting +is repeated with \AtBeginDocument so the definition is in effect for the +text. However, the catcode setting is repeated immediately when the +[strings] option is detected. + +The definition of the active "_" is essentially: + \ifmmode \sb \else \BreakableUnderscore \fi +where "\sb" retains the normal subscript meaning of "_" and where +"\BreakableUnderscore" is essentially "\_". The rest of the definition +handles the "\protect"ion without causing \relax to be inserted before +the character. + +\BreakableUnderscore uses "\nobreak\hskip\z@skip" to separate the +underscore from surrounding words, thus allowing TeX to hyphenate them, +but preventing free breaks around the underscore. Next, it checks the +current font family, and uses the underscore character from tt fonts or +otherwise \textunderscore (which is a character or rule depending on +the font encoding). After the underscore, it inserts a discretionary +hyphenation point as "\usc@dischyph", which is usually just "\-" +except that it still works in the tabbing environment, although it +will give "\discretionary{}{}{}" under the [nohyphen] option. After +that, another piece of non-breaking interword glue is inserted. +Ordinarily, the comparison "\ifx\f@family\ttdefault" will always fail +because \ttdefault is `long' where \f@family is not (boooo hisss), but +\ttdefault is redefined to be non-long by "\AtBeginDocument". + +The "\_" command is then defined to use "\BreakableUnderscore". + +If the [strings] option is not given, then that is all! + +Under the [strings] option, the list of special commands is processed to: +- retain the original command as \US_command (\US_ref) +- redefine the command as \US@prot\US_command for ordinary commands + (\ref -> \US@prot\US_ref) or as \US@protopt\US_command when an optional + argument is possible (\bibitem -> \US@protopt\US_bibitem). +- self-protecting commands (\cite) retain their self-protection. +Diagnosing the state of the pre-existing command is done by painful +contortions involving \meaning. + +\US@prot and \US@protopt read the argument, process it with \protect +enabled, then invoke the saved \US_command. + +Modifications: +~~~~~~~~~~~~~~ +12-Oct-2001 Babel (safe@actives) compatibility and [nohyphen] option. + +Test file integrity: ASCII 32-57, 58-126: !"#$%&'()*+,-./0123456789 +:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ diff --git a/2005/flow-accounting-ols2005/OLS2005/Texmf/zrl.sty b/2005/flow-accounting-ols2005/OLS2005/Texmf/zrl.sty new file mode 100644 index 0000000..7b21d18 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/Texmf/zrl.sty @@ -0,0 +1,446 @@ + +%%%%% This file is a kludge until such time as I learn to do it elegantly. Sorry. +%% url - external. Intended for items which do not contain spaces, and +%% containing global options for obeying & breaking at spaces. But +%% we need to do change those things on the fly, so we're making a copy +%% of url.sty and defining two extra groups, zrl and xrl, that +%% permit handling these options on the fly. + +%% Thus you can mix url without obeyspaces and/or spaces with the following: +%% zrl - url with obeyspaces,spaces turned on +%% xrl - url with obeyspaces turned on + +% zrl.sty ver 1.4 02-Mar-1999 Donald Arseneau asnd@triumf.ca +% Copyright 1996-1999 Donald Arseneau, Vancouver, Canada. +% This program can be used, distributed, and modified under the terms +% of the LaTeX Project Public License. +% +% A form of \verb that allows linebreaks at certain characters or +% combinations of characters, accepts reconfiguration, and can usually +% be used in the argument to another command. It is intended for email +% addresses, hypertext links, directories/paths, etc., which normally +% have no spaces. The font may be selected using the \zrlstyle command, +% and new zrl-like commands can be defined using \zrldef. +% +% Usage: Conditions: +% \zrl{ } If the argument contains any "%", "#", or "^^", or ends with +% "\", it can't be used in the argument to another command. +% The argument must not contain unbalanced braces. +% \zrl| | ...where "|" is any character not used in the argument and not +% "{" or a space. The same restrictions as above except that the +% argument may contain unbalanced braces. +% \xyz for "\xyz" a defined-zrl; this can be used anywhere, no matter +% what characters it contains. +% +% See further instructions after "\endinput" +% +\def\Zrl@ttdo{% style assignments for tt fonts or T1 encoding +\def\ZrlBreaks{\do\.\do\@\do\\\do\/\do\!\do\_\do\|\do\%\do\;\do\>\do\]% + \do\)\do\,\do\?\do\'\do\+\do\=}% +\def\ZrlBigBreaks{\do\:\do@zrl@hyp}% +\def\ZrlNoBreaks{\do\(\do\[\do\{\do\<}% (unnecessary) +\def\ZrlSpecials{\do\ {\ }}% +\def\ZrlOrds{\do\*\do\-\do\~}% any ordinary characters that aren't usually +} + +\def\Xrl@ttdo{% style assignments for tt fonts or T1 encoding +\def\XrlBreaks{\do\.\do\@\do\\\do\/\do\!\do\_\do\|\do\%\do\;\do\>\do\]% + \do\)\do\,\do\?\do\'\do\+\do\=}% +\def\XrlBigBreaks{\do\:\do@xrl@hyp}% +\def\XrlNoBreaks{\do\(\do\[\do\{\do\<}% (unnecessary) +\def\XrlSpecials{\do\ {\ }}% +\def\XrlOrds{\do\*\do\-\do\~}% any ordinary characters that aren't usually +} + +\def\Zrl@do{% style assignments for OT1 fonts except tt +\def\ZrlBreaks{\do\.\do\@\do\/\do\!\do\%\do\;\do\]\do\)\do\,\do\?\do\+\do\=}% +\def\ZrlBigBreaks{\do\:\do@zrl@hyp}% +\def\ZrlNoBreaks{\do\(\do\[\do\{}% prevents breaks after *next* character +\def\ZrlSpecials{\do\<{\langle}\do\>{\mathbin{\rangle}}\do\_{\_% + \penalty\@m}\do\|{\mid}\do\{{\lbrace}\do\}{\mathbin{\rbrace}}\do + \\{\mathbin{\backslash}}\do\~{\raise.6ex\hbox{\m@th$\scriptstyle\sim$}}\do + \ {\ }}% +\def\ZrlOrds{\do\'\do\"\do\-}% +} +\def\Xrl@do{% style assignments for OT1 fonts except tt +\def\XrlBreaks{\do\.\do\@\do\/\do\!\do\%\do\;\do\]\do\)\do\,\do\?\do\+\do\=}% +\def\XrlBigBreaks{\do\:\do@xrl@hyp}% +\def\XrlNoBreaks{\do\(\do\[\do\{}% prevents breaks after *next* character +\def\XrlSpecials{\do\<{\langle}\do\>{\mathbin{\rangle}}\do\_{\_% + \penalty\@m}\do\|{\mid}\do\{{\lbrace}\do\}{\mathbin{\rbrace}}\do + \\{\mathbin{\backslash}}\do\~{\raise.6ex\hbox{\m@th$\scriptstyle\sim$}}\do + \ {\ }}% +\def\XrlOrds{\do\'\do\"\do\-}% +} + + +\def\zrl@ttstyle{% +\@ifundefined{selectfont}{\def\ZrlFont{\tt}}{\def\ZrlFont{\ttfamily}}\Zrl@ttdo +} +\def\xrl@ttstyle{% +\@ifundefined{selectfont}{\def\XrlFont{\tt}}{\def\XrlFont{\ttfamily}}\Xrl@ttdo +} + + +\def\zrl@rmstyle{% +\@ifundefined{selectfont}{\def\ZrlFont{\rm}}{\def\ZrlFont{\rmfamily}}\Zrl@do +} +\def\xrl@rmstyle{% +\@ifundefined{selectfont}{\def\XrlFont{\rm}}{\def\XrlFont{\rmfamily}}\Xrl@do +} + + +\def\zrl@sfstyle{% +\@ifundefined{selectfont}{\def\ZrlFont{\sf}}{\def\ZrlFont{\sffamily}}\Zrl@do +} +\def\xrl@sfstyle{% +\@ifundefined{selectfont}{\def\XrlFont{\sf}}{\def\XrlFont{\sffamily}}\Xrl@do +} + + +\def\zrl@samestyle{\ifdim\fontdimen\thr@@\font=\z@ \zrl@ttstyle \else + \zrl@rmstyle \fi \def\ZrlFont{}} +\def\xrl@samestyle{\ifdim\fontdimen\thr@@\font=\z@ \xrl@ttstyle \else + \xrl@rmstyle \fi \def\XrlFont{}} + +\@ifundefined{strip@prefix}{\def\strip@prefix#1>{}}{} +\@ifundefined{verbatim@nolig@list}{\def\verbatim@nolig@list{\do\`}}{} + +\def\Zrl{% + \begingroup \let\zrl@moving\relax\relax \endgroup + \ifmmode\@nomatherr$\fi + \ZrlFont $\fam\z@ \textfont\z@\font + \let\do\@makeother \dospecials % verbatim catcodes + \catcode`{\@ne \catcode`}\tw@ \catcode`\ 10 % except braces and spaces + \medmuskip0mu \thickmuskip\medmuskip \thinmuskip\medmuskip + \@tempcnta\fam\multiply\@tempcnta\@cclvi + \let\do\set@mathcode \ZrlOrds % ordinary characters that were special + \advance\@tempcnta 8192 \ZrlBreaks % bin + \advance\@tempcnta 4096 \ZrlBigBreaks % rel + \advance\@tempcnta 4096 \ZrlNoBreaks % open + \let\do\set@mathact \ZrlSpecials % active + \let\do\set@mathnolig \verbatim@nolig@list % prevent ligatures + \@ifnextchar\bgroup\Zrl@z\Zrl@y} + +\def\Zrl@y#1{\catcode`{11 \catcode`}11 + \def\@tempa##1#1{\Zrl@z{##1}}\@tempa} +\def\Zrl@z#1{\def\@tempa{#1}\expandafter\expandafter\expandafter\Zrl@Hook + \expandafter\strip@prefix\meaning\@tempa\ZrlRight\m@th$\endgroup} +\def\Zrl@Hook{\ZrlLeft} +\let\ZrlRight\@empty +\let\ZrlLeft\@empty + +\def\Xrl{% + \begingroup \let\xrl@moving\relax\relax \endgroup + \ifmmode\@nomatherr$\fi + \XrlFont $\fam\z@ \textfont\z@\font + \let\do\@makeother \dospecials % verbatim catcodes + \catcode`{\@ne \catcode`}\tw@ \catcode`\ 10 % except braces and spaces + \medmuskip0mu \thickmuskip\medmuskip \thinmuskip\medmuskip + \@tempcnta\fam\multiply\@tempcnta\@cclvi + \let\do\set@mathcode \XrlOrds % ordinary characters that were special + \advance\@tempcnta 8192 \XrlBreaks % bin + \advance\@tempcnta 4096 \XrlBigBreaks % rel + \advance\@tempcnta 4096 \XrlNoBreaks % open + \let\do\set@mathact \XrlSpecials % active + \let\do\set@mathnolig \verbatim@nolig@list % prevent ligatures + \@ifnextchar\bgroup\Xrl@z\Xrl@y} + +\def\Xrl@y#1{\catcode`{11 \catcode`}11 + \def\@tempa##1#1{\Xrl@z{##1}}\@tempa} +\def\Xrl@z#1{\def\@tempa{#1}\expandafter\expandafter\expandafter\Xrl@Hook + \expandafter\strip@prefix\meaning\@tempa\XrlRight\m@th$\endgroup} +\def\Xrl@Hook{\XrlLeft} +\let\XrlRight\@empty +\let\XrlLeft\@empty + + +\def\set@mathcode#1{\count@`#1\advance\count@\@tempcnta\mathcode`#1\count@} +\def\set@mathact#1#2{\mathcode`#132768 \lccode`\~`#1\lowercase{\def~{#2}}} +\def\set@mathnolig#1{\ifnum\mathcode`#1<32768 + \lccode`\~`#1\lowercase{\edef~{\mathchar\number\mathcode`#1_{\/}}}% + \mathcode`#132768 \fi} + +\def\zrldef#1#2{\begingroup \setbox\z@\hbox\bgroup + \def\Zrl@z{\Zrl@def{#1}{#2}}#2} +\expandafter\ifx\csname DeclareRobustCommand\endcsname\relax + \def\Zrl@def#1#2#3{\m@th$\endgroup\egroup\endgroup + \def#1{#2{#3}}} +\else + \def\Zrl@def#1#2#3{\m@th$\endgroup\egroup\endgroup + \DeclareRobustCommand{#1}{#2{#3}}} +\fi + +\def\xrldef#1#2{\begingroup \setbox\z@\hbox\bgroup + \def\Xrl@z{\Xrl@def{#1}{#2}}#2} +\expandafter\ifx\csname DeclareRobustCommand\endcsname\relax + \def\Xrl@def#1#2#3{\m@th$\endgroup\egroup\endgroup + \def#1{#2{#3}}} +\else + \def\Xrl@def#1#2#3{\m@th$\endgroup\egroup\endgroup + \DeclareRobustCommand{#1}{#2{#3}}} +\fi + +\def\zrlstyle#1{\csname zrl@#1style\endcsname} +\def\xrlstyle#1{\csname xrl@#1style\endcsname} + +% Sample (and default) configuration: +% +\newcommand\zrl{\begingroup \Zrl} +\newcommand\xrl{\begingroup \Xrl} +% +% picTeX defines \path, so declare it optionally: +\@ifundefined{path}{\newcommand\path{\begingroup \zrlstyle{tt}\Zrl}}{} +\@ifundefined{path}{\newcommand\path{\begingroup \xrlstyle{tt}\Xrl}}{} +% +% too many styles define \email like \address, so I will not define it. +% \newcommand\email{\begingroup \zrlstyle{rm}\Zrl} + +% Process LaTeX \package options +% +\zrlstyle{tt} +%\let\Zrl@sppen\@M +\def\do@zrl@hyp{}% by default, no breaks after hyphens +%%%%% +\let\Zrl@sppen\relpenalty +\let\Zrl@Hook\relax +\xrlstyle{tt} +\let\Xrl@sppen\@M +\def\do@xrl@hyp{}% by default, no breaks after hyphens +\let\Xrl@Hook\relax +%%%%% +\@ifundefined{ProvidesPackage}{}{ + \ProvidesPackage{zrl}[1999/03/02 \space ver 1.4 \space + Verb mode for zrls, email addresses, and file names] + \DeclareOption{hyphens}{\def\do@zrl@hyp{\do\-}\def\do@xrl@hyp{\do\-}}% allow breaks after hyphens + \DeclareOption{obeyspaces}{\let\Zrl@Hook\relax\let\Xrl@Hook\relax}% a flag for later + \DeclareOption{spaces}{\let\Zrl@sppen\relpenalty} + \DeclareOption{T1}{\let\Zrl@do\Zrl@ttdo\let\Xrl@do\Xrl@ttdo} + \ProcessOptions +\ifx\Zrl@Hook\relax % [obeyspaces] was declared + \def\Zrl@Hook#1\ZrlRight\m@th{\edef\@tempa{\noexpand\ZrlLeft + \Zrl@retain#1\Zrl@nosp\, }\@tempa\ZrlRight\m@th} + \def\Zrl@retain#1 {#1\penalty\Zrl@sppen\ \Zrl@retain} + \def\Zrl@nosp\,#1\Zrl@retain{} +\fi +\ifx\Xrl@Hook\relax % [obeyspaces] was declared + \def\Xrl@Hook#1\XrlRight\m@th{\edef\@tempa{\noexpand\XrlLeft + \Xrl@retain#1\Xrl@nosp\, }\@tempa\XrlRight\m@th} + \def\Xrl@retain#1 {#1\penalty\Xrl@sppen\ \Xrl@retain} + \def\Xrl@nosp\,#1\Xrl@retain{} +\fi +} + +\edef\zrl@moving{\csname Zrl Error\endcsname} +\expandafter\edef\zrl@moving + {\csname zrl used in a moving argument.\endcsname} +\expandafter\expandafter\expandafter \let \zrl@moving\undefined + +\edef\xrl@moving{\csname Xrl Error\endcsname} +\expandafter\edef\xrl@moving + {\csname xrl used in a moving argument.\endcsname} +\expandafter\expandafter\expandafter \let \xrl@moving\undefined + +% "verbatim" with line breaks, obeying spaces +\providecommand\code{\begingroup \xrlstyle{tt}\Xrl} +% as above, but okay to break lines at spaces +\providecommand\brcode{\begingroup \zrlstyle{tt}\Zrl} + +% Same as the pair above, but 'l' for long == small type +\providecommand\lcode{\begingroup \small\xrlstyle{tt}\Xrl} +\providecommand\lbrcode{\begingroup \small\zrlstyle{tt}\Zrl} + +% For identifiers - "verbatim" with line breaks at punctuation +\providecommand\ident{\begingroup \urlstyle{tt}\Url} +\providecommand\lident{\begingroup \small\urlstyle{tt}\Url} + + +\endinput +% +% zrl.sty ver 1.4 02-Mar-1999 Donald Arseneau asnd@reg.triumf.ca +% +% This package defines "\zrl", a form of "\verb" that allows linebreaks, +% and can often be used in the argument to another command. It can be +% configured to print in different formats, and is particularly useful for +% hypertext links, email addresses, directories/paths, etc. The font may +% be selected using the "\zrlstyle" command and pre-defined text can be +% stored with the "\zrldef" command. New zrl-like commands can be defined, +% and a "\path" command is provided this way. +% +% Usage: Conditions: +% \zrl{ } If the argument contains any "%", "#", or "^^", or ends with +% "\", it can't be used in the argument to another command. +% The argument must not contain unbalanced braces. +% \zrl| | ...where "|" is any character not used in the argument and not +% "{" or a space. The same restrictions as above except that the +% argument may contain unbalanced braces. +% \xyz for "\xyz" a defined-zrl; this can be used anywhere, no matter +% what characters it contains. +% +% The "\zrl" command is fragile, and its argument is likely to be very +% fragile, but a defined-zrl is robust. +% +% Package Option: obeyspaces +% Ordinarily, all spaces are ignored in the zrl-text. The "[obeyspaces]" +% option allows spaces, but may introduce spurious spaces when a zrl +% containing "\" characters is given in the argument to another command. +% So if you need to obey spaces you can say "\usepackage[obeyspaces]{zrl}", +% and if you need both spaces and backslashes, use a `defined-zrl' for +% anything with "\". +% +% Package Option: hyphens +% Ordinarily, breaks are not allowed after "-" characters because this +% leads to confusion. (Is the "-" part of the address or just a hyphen?) +% The package option "[hyphens]" allows breaks after explicit hyphen +% characters. The "\zrl" command will *never ever* hyphenate words. +% +% Package Option: spaces +% Likewise, breaks are not usually allowed after spaces under the +% "[obeyspaces]" option, but giving the options "[obeyspaces,spaces]" +% will allow breaks at those spaces. +% +% Package Option: T1 +% This signifies that you will be using T1-encoded fonts which contain +% some characters missing from most older (OT1) encoded TeX fonts. This +% changes the default definition for "\zrlstyle{rm}". +% +% Defining a defined-zrl: +% Take for example the email address "myself%node@gateway.net" which could +% not be given (using "\zrl" or "\verb") in a caption or parbox due to the +% percent sign. This address can be predefined with +% \zrldef{\myself}\zrl{myself%node@gateway.net} or +% \zrldef{\myself}\zrl|myself%node@gateway.net| +% and then you may use "\myself" instead of "\zrl{myself%node@gateway.net}" +% in an argument, and even in a moving argument like a caption because a +% defined-zrl is robust. +% +% Style: +% You can switch the style of printing using "\zrlstyle{tt}", where "tt" +% can be any defined style. The pre-defined styles are "tt", "rm", "sf", +% and "same" which all allow the same linebreaks but different fonts -- +% the first three select a specific font and the "same" style uses the +% current text font. You can define your own styles with different fonts +% and/or line-breaking by following the explanations below. The "\zrl" +% command follows whatever the currently-set style dictates. +% +% Alternate commands: +% It may be desireable to have different things treated differently, each +% in a predefined style; e.g., if you want directory paths to always be +% in tt and email addresses to be rm, then you would define new zrl-like +% commands as follows: +% +% \newcommand\email{\begingroup \zrlstyle{rm}\Zrl} +% \newcommand\directory{\begingroup \zrlstyle{tt}\Zrl} +% +% You must follow this format closely, and NOTE that the final command is +% "\Zrl", not "\zrl". In fact, the "\directory" example is exactly the +% "\path" definition which is pre-defined in the package. If you look +% above, you will see that "\zrl" is defined with +% \newcommand\zrl{\begingroup \Zrl} +% I.e., using whatever zrl-style has been selected. +% +% You can make a defined-zrl for these other styles, using the usual +% "\zrldef" command as in this example: +% +% \zrldef{\myself}{\email}{myself%node.domain@gateway.net} +% +% which makes "\myself" act like "\email{myself%node.domain@gateway.net}", +% if the "\email" command is defined as above. The "\myself" command +% would then be robust. +% +% Defining styles: +% Before describing how to customize the printing style, it is best to +% mention something about the unusual implementation of "\zrl". Although +% the material is textual in nature, and the font specification required +% is a text-font command, the text is actually typeset in *math* mode. +% This allows the context-sensitive linebreaking, but also accounts for +% the default behavior of ignoring spaces. Now on to defining styles. +% +% To change the font or the list of characters that allow linebreaks, you +% could redefine the commands "\ZrlFont", "\ZrlBreaks", "\ZrlSpecials" etc. +% directly in the document, but it is better to define a new `zrl-style' +% (following the example of "\zrl@ttstyle" and "\zrl@rmstyle") which defines +% all of "\ZrlBigbreaks", "\ZrlNoBreaks", "\ZrlBreaks", "\ZrlSpecials", and +% "\ZrlFont". +% +% Changing font: +% The "\ZrlFont" command selects the font. The definition of "\ZrlFont" +% done by the pre-defined styles varies to cope with a variety of LaTeX +% font selection schemes, but it could be as simple as "\def\ZrlFont{\tt}". +% Depending on the font selected, some characters may need to be defined +% in the "\ZrlSpecials" list because many fonts don't contain all the +% standard input characters. +% +% Changing linebreaks: +% The list of characters that allow line-breaks is given by "\ZrlBreaks" +% and "\ZrlBigBreaks", which have the format "\do\c" for character "c". +% The differences are that `BigBreaks' have a lower penalty and have +% different breakpoints when in sequence (as in "http://"): `BigBreaks' +% are treated as mathrels while `Breaks' are mathbins (see The TeXbook, +% p.170). In particular, a series of `BigBreak' characters will break at +% the end and only at the end; a series of `Break' characters will break +% after the first and after every following *pair*; there will be no +% break after a `Break' character if a `BigBreak' follows. In the case +% of "http://" it doesn't matter whether ":" is a `Break' or `BigBreak' -- +% the breaks are the same in either case; but for DECnet nodes with "::" +% it is important to prevent breaks *between* the colons, and that is why +% colons are `BigBreaks'. +% +% It is possible for characters to prevent breaks after the next following +% character (I use this for parentheses). Specify these in "\ZrlNoBreaks". +% +% You can do arbitrarily complex things with characters by making them +% active in math mode (mathcode hex-8000) and specifying the definition(s) +% in "\ZrlSpecials". This is used in the rm and sf styles for OT1 font +% encoding to handle several characters that are not present in those +% computer-modern style fonts. See the definition of "\Zrl@do", which +% is used by both "\zrl@rmstyle" and "\zrl@sfstyle"; it handles missing +% characters via "\ZrlSpecials". The nominal format for setting each +% special character "c" is: "\do\c{<definition>}", but you can include +% other definitions too. +% +% +% If all this sounds confusing ... well, it is! But I hope you won't need +% to redefine breakpoints -- the default assignments seem to work well for +% a wide variety of applications. If you do need to make changes, you can +% test for breakpoints using regular math mode and the characters "+=(a". +% +% Yet more flexibility: +% You can also customize the verbatim text by defining "\ZrlRight" and/or +% "\ZrlLeft", e.g., for ISO formatting of zrls surrounded by "< >", define +% +% \renewcommand\zrl{\begingroup \def\ZrlLeft{<zrl: }\def\ZrlRight{>}% +% \zrlstyle{tt}\Zrl} +% +% The meanings of "\ZrlLeft" and "\ZrlRight" are *not* reproduced verbatim. +% This lets you use formatting commands there, but you must be careful not +% to use TeX's special characters ("\^_%~#$&{}" etc.) improperly. +% You can also define "\ZrlLeft" to reprocess the verbatim text, but the +% format of the definition is special: +% +% \def\ZrlLeft#1\ZrlRight{ ... do things with #1 ... } +% +% Yes, that is "#1" followed by "\ZrlRight" then the definition. For +% example, to put a hyperTeX hypertext link in the DVI file: +% +% \def\ZrlLeft#1\ZrlRight{\special{html:<a href="#1">}#1\special{html:</a>}} +% +% Using this technique, zrl.sty can provide a convenient interface for +% performing various operations on verbatim text. You don't even need +% to print out the argument! For greatest efficiency in such obscure +% applications, you can define a null zrl-style where all the lists like +% "\ZrlBreaks" are empty. +% +% Revision History: +% ver 1.1 6-Feb-1996: +% Fix hyphens that wouldn't break and ligatures that weren't suppressed. +% ver 1.2 19-Oct-1996: +% Package option for T1 encoding; Hooks: "\ZrlLeft" and "\ZrlRight". +% ver 1.3 21-Jul-1997: +% Prohibit spaces as delimiter characters; change ascii tilde in OT1. +% ver 1.4 02-Mar-1999 +% LaTeX license; moving-argument-error +% The End + +Test file integrity: ASCII 32-57, 58-126: !"#$%&'()*+,-./0123456789 +:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ diff --git a/2005/flow-accounting-ols2005/OLS2005/VERSION b/2005/flow-accounting-ols2005/OLS2005/VERSION new file mode 100644 index 0000000..14623c8 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/VERSION @@ -0,0 +1 @@ +2005 Linux Symposium Proceedings Templates V1.1 04 May 2005 diff --git a/2005/flow-accounting-ols2005/OLS2005/banginwar/Makefile.inc b/2005/flow-accounting-ols2005/OLS2005/banginwar/Makefile.inc new file mode 100644 index 0000000..7a80583 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/banginwar/Makefile.inc @@ -0,0 +1,7 @@ +PAPERS += banginwar/banginwar.dvi + +## Add any additional .tex or .eps files below: +banginwar/banginwar.dvi banginwar/banginwar-proc.dvi: \ + banginwar/banginwar.tex \ + banginwar/banginwar-abstract.tex + diff --git a/2005/flow-accounting-ols2005/OLS2005/banginwar/banginwar-abstract.tex b/2005/flow-accounting-ols2005/OLS2005/banginwar/banginwar-abstract.tex new file mode 100644 index 0000000..126d865 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/banginwar/banginwar-abstract.tex @@ -0,0 +1,28 @@ +% Rajesh Banginwar (rajesh.banginwar@intel.com) + +The Linux Standards base (LSB) specifies the binary +interface between an application and a runtime +environment. This paper discusses the LSB Development +Kit (LDK) consisting of a build environment and +associated tools to assist software developers for +building/porting their applications to the LSB +interface. The developers will be able to use the build +environment on their development machines catching the +LSB porting issues early in the development cycle +reducing overall LSB conformance testing time and cost. +The associated tools include the application and +package checkers to test the LSB conformance for +application binaries and RPM packages. + +This paper starts with the discussion about advantages +of using this build environment and how it simplifies +application development/porting for LSB conformance. We +use the standard Linux/Unix chroot command to create a +controlled environment to keep check on the API usage +by the application during the build to ensure 100\% LSB +compliance. After discussing the build environment +implementation details the paper briefly talks about +the associated tools for validating binaries and RPM +packages for LSB conformance. The paper concludes with +a case study about the usage of the build environment +as well as the associated tools. diff --git a/2005/flow-accounting-ols2005/OLS2005/banginwar/banginwar.tex b/2005/flow-accounting-ols2005/OLS2005/banginwar/banginwar.tex new file mode 100644 index 0000000..dba6d62 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/banginwar/banginwar.tex @@ -0,0 +1,100 @@ +% The file must begin with this \documentclass declaration. You can +% give one of three different options which control how picky LaTeX +% is when typesetting: +% +% galley - All ``this doesn't fit'' warnings are suppressed, and +% references are disabled (the key will be printed as a +% reminder). Use this mode while writing. +% +% proof - All ``this doesn't fit'' warnings are active, as are +% references. Overfull hboxes make ugly black blobs in +% the margin. Use this mode to tidy up formatting after +% you're done writing. (Same as article's ``draft'' mode.) +% +% final - As proof, but the ugly black blobs are turned off. Use +% this to render PDFs or PostScript to give to other people, +% when you're completely done. (As with article, this is the +% default.) +% +% You can also use the leqno, fleqn, or openbib options to article.cls +% if you wish. None of article's other options will work. + +%%% +%%% PLEASE CHANGE 'galley' to 'final' BEFORE SUBMITTING. THANKS! +%%% (to submit: "make clean" in the toplevel directory; tar and gzip *only* your directory; +%%% email the gzipped tarball to papers@linuxsymposium.org.) +%%% +\documentclass[galley]{ols} + +% These two packages allow easy handling of urls and identifiers per the example paper. +\usepackage{url} +\usepackage{zrl} + +% The following package is not required, but is a handy way to put PDF and EPS graphics +% into your paper using the \includegraphics command. +\ifpdf +\usepackage[pdftex]{graphicx} +\else +\usepackage{graphicx} +\fi + + +% Here in the preamble, you may load additional packages, or +% define whatever macros you like, with the following exceptions: +% +% - Do not mess with the page layout, either by hand or with packages +% (e.g., typearea, geometry). +% - Do not change the principal fonts, either by hand or with packages. +% - Do not use \pagestyle, or load any page header-related packages. +% - Do not redefine any commands having to do with article titles. +% - If you are using something that is not part of the standard +% tetex-2 distribution, please make a note of whether it's on CTAN, +% or include a copy with your submission. +% + +\begin{document} + +% Mandatory: article title specification. +% Do not put line breaks or other clever formatting in \title or +% \shortauthor; these are moving arguments. + +\title{Linux Standard Base Development Kit for application building/porting} +\subtitle{ } % Subtitle is optional. +\date{} % You can put a fixed date in if you wish, + % allow LaTeX to use the date of typesetting, + % or use \date{} to have no date at all. + % Whatever you do, there will not be a date + % shown in the proceedings. + +\shortauthor{Rajesh Banginwar} % Just you and your coauthors' names. +% for example, \shortauthor{A.N.\ Author and A.\ Nother} +% or perchance \shortauthor{Smith, Jones, Black, White, Gray, \& Greene} + +\author{% Authors, affiliations, and email addresses go here, like this: +Rajesh Banginwar \\ +{\itshape Your affiliation}\\ +{\ttfamily\normalsize your-address@example.com}\\ +% \and +% Bob \\ +% {\itshape Bob's affiliation.}\\ +% {\ttfamily\normalsize bob@example.com}\\ +} % end author section + +\maketitle + +\begin{abstract} +% Article abstract goes here. +\input{banginwar-abstract.tex} +\end{abstract} + +% Body of your article goes here. You are mostly unrestricted in what +% LaTeX features you can use; however, the following will not work: +% \thispagestyle +% \marginpar +% table of contents +% list of figures / tables +% glossaries +% indices + +\end{document} + diff --git a/2005/flow-accounting-ols2005/OLS2005/ben-yossef/Makefile.inc b/2005/flow-accounting-ols2005/OLS2005/ben-yossef/Makefile.inc new file mode 100644 index 0000000..8195b78 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/ben-yossef/Makefile.inc @@ -0,0 +1,7 @@ +PAPERS += ben-yossef/ben-yossef.dvi + +## Add any additional .tex or .eps files below: +ben-yossef/ben-yossef.dvi ben-yossef/ben-yossef-proc.dvi: \ + ben-yossef/ben-yossef.tex \ + ben-yossef/ben-yossef-abstract.tex + diff --git a/2005/flow-accounting-ols2005/OLS2005/ben-yossef/ben-yossef-abstract.tex b/2005/flow-accounting-ols2005/OLS2005/ben-yossef/ben-yossef-abstract.tex new file mode 100644 index 0000000..b6821cc --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/ben-yossef/ben-yossef-abstract.tex @@ -0,0 +1,20 @@ +% Building Murphy compatible embedded Linux systems + +% Gilad Ben-Yossef (gilad@codefidence.com) + +It's 2:00 a.m. An embedded Linux system +in the ladies' room of an Albuquerque gas station is +being updated remotely. Just as the last bytes hit the +flash, disaster strikes---the power fails. Now what? +The regular way of updating the configuration or +performing software upgrade of Linux systems is a \textit{nonsequitur} +in the embedded space. Still, many developers +use these methods, or worse, for lack of a better +alternative. This talk introduces a better +alternative---a framework for safe remote configuration and +software upgrade of a Linux system that supports atomic +transactions, parallel, interactive and programmed +updates, and multiple software versions with rollback +and all using using such ``novel'' concepts as POSIX +\ident{rename(2)}, Linux \ident{pivot_root(2)}, and the initrd/initramfs +mechanism. diff --git a/2005/flow-accounting-ols2005/OLS2005/ben-yossef/ben-yossef.tex b/2005/flow-accounting-ols2005/OLS2005/ben-yossef/ben-yossef.tex new file mode 100644 index 0000000..ecbb179 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/ben-yossef/ben-yossef.tex @@ -0,0 +1,100 @@ +% The file must begin with this \documentclass declaration. You can +% give one of three different options which control how picky LaTeX +% is when typesetting: +% +% galley - All ``this doesn't fit'' warnings are suppressed, and +% references are disabled (the key will be printed as a +% reminder). Use this mode while writing. +% +% proof - All ``this doesn't fit'' warnings are active, as are +% references. Overfull hboxes make ugly black blobs in +% the margin. Use this mode to tidy up formatting after +% you're done writing. (Same as article's ``draft'' mode.) +% +% final - As proof, but the ugly black blobs are turned off. Use +% this to render PDFs or PostScript to give to other people, +% when you're completely done. (As with article, this is the +% default.) +% +% You can also use the leqno, fleqn, or openbib options to article.cls +% if you wish. None of article's other options will work. + +%%% +%%% PLEASE CHANGE 'galley' to 'final' BEFORE SUBMITTING. THANKS! +%%% (to submit: "make clean" in the toplevel directory; tar and gzip *only* your directory; +%%% email the gzipped tarball to papers@linuxsymposium.org.) +%%% +\documentclass[galley]{ols} + +% These two packages allow easy handling of urls and identifiers per the example paper. +\usepackage{url} +\usepackage{zrl} + +% The following package is not required, but is a handy way to put PDF and EPS graphics +% into your paper using the \includegraphics command. +\ifpdf +\usepackage[pdftex]{graphicx} +\else +\usepackage{graphicx} +\fi + + +% Here in the preamble, you may load additional packages, or +% define whatever macros you like, with the following exceptions: +% +% - Do not mess with the page layout, either by hand or with packages +% (e.g., typearea, geometry). +% - Do not change the principal fonts, either by hand or with packages. +% - Do not use \pagestyle, or load any page header-related packages. +% - Do not redefine any commands having to do with article titles. +% - If you are using something that is not part of the standard +% tetex-2 distribution, please make a note of whether it's on CTAN, +% or include a copy with your submission. +% + +\begin{document} + +% Mandatory: article title specification. +% Do not put line breaks or other clever formatting in \title or +% \shortauthor; these are moving arguments. + +\title{Building Murphy-compatible embedded Linux systems} +\subtitle{ } % Subtitle is optional. +\date{} % You can put a fixed date in if you wish, + % allow LaTeX to use the date of typesetting, + % or use \date{} to have no date at all. + % Whatever you do, there will not be a date + % shown in the proceedings. + +\shortauthor{Gilad Ben-Yossef} % Just you and your coauthors' names. +% for example, \shortauthor{A.N.\ Author and A.\ Nother} +% or perchance \shortauthor{Smith, Jones, Black, White, Gray, \& Greene} + +\author{% Authors, affiliations, and email addresses go here, like this: +Gilad Ben-Yossef \\ +{\itshape Your affiliation}\\ +{\ttfamily\normalsize your-address@example.com}\\ +% \and +% Bob \\ +% {\itshape Bob's affiliation.}\\ +% {\ttfamily\normalsize bob@example.com}\\ +} % end author section + +\maketitle + +\begin{abstract} +% Article abstract goes here. +\input{ben-yossef-abstract.tex} +\end{abstract} + +% Body of your article goes here. You are mostly unrestricted in what +% LaTeX features you can use; however, the following will not work: +% \thispagestyle +% \marginpar +% table of contents +% list of figures / tables +% glossaries +% indices + +\end{document} + diff --git a/2005/flow-accounting-ols2005/OLS2005/bligh/Makefile.inc b/2005/flow-accounting-ols2005/OLS2005/bligh/Makefile.inc new file mode 100644 index 0000000..3cc6776 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/bligh/Makefile.inc @@ -0,0 +1,7 @@ +PAPERS += bligh/bligh.dvi + +## Add any additional .tex or .eps files below: +bligh/bligh.dvi bligh/bligh-proc.dvi: \ + bligh/bligh.tex \ + bligh/bligh-abstract.tex + diff --git a/2005/flow-accounting-ols2005/OLS2005/bligh/bligh-abstract.tex b/2005/flow-accounting-ols2005/OLS2005/bligh/bligh-abstract.tex new file mode 100644 index 0000000..35fbaec --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/bligh/bligh-abstract.tex @@ -0,0 +1,32 @@ + +% Registration Can you handle the pressure? Making Linux +% bulletproof under load +% Martin J Bligh (mbligh@aracnet.com) + +Operating under memory pressure has been a +persistent problem for Linux customers. +Despite significant work done in the 2.6 +kernel to improve its handling of memory, it +is still easy to make the Linux kernel slow to +a crawl or lock up completely under load. + +One of the fundamental sources for memory +pressure is the filesystem pagecache usage, +along with the \ident{buffer_head} entries that +control them. Another problem area is inode +and dentry cache entries in the slab cache. +Linux struggles to keep either of these under +control. Userspace processes provide another +obvious source of memory usage, which are +partially handled by the OOM killer subsystem, +which has often been accused of making poor +decisions on which process to kill. + +This paper takes a closer look at various +scenerios causing of memory pressure and the +way VM handles it currently, what we have done +to keep the system for falling apart. This +paper also discusses the future work that +needs to be done to improve further, which may +require careful re-design of subsystems. + diff --git a/2005/flow-accounting-ols2005/OLS2005/bligh/bligh.tex b/2005/flow-accounting-ols2005/OLS2005/bligh/bligh.tex new file mode 100644 index 0000000..7d3b641 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/bligh/bligh.tex @@ -0,0 +1,100 @@ +% The file must begin with this \documentclass declaration. You can +% give one of three different options which control how picky LaTeX +% is when typesetting: +% +% galley - All ``this doesn't fit'' warnings are suppressed, and +% references are disabled (the key will be printed as a +% reminder). Use this mode while writing. +% +% proof - All ``this doesn't fit'' warnings are active, as are +% references. Overfull hboxes make ugly black blobs in +% the margin. Use this mode to tidy up formatting after +% you're done writing. (Same as article's ``draft'' mode.) +% +% final - As proof, but the ugly black blobs are turned off. Use +% this to render PDFs or PostScript to give to other people, +% when you're completely done. (As with article, this is the +% default.) +% +% You can also use the leqno, fleqn, or openbib options to article.cls +% if you wish. None of article's other options will work. + +%%% +%%% PLEASE CHANGE 'galley' to 'final' BEFORE SUBMITTING. THANKS! +%%% (to submit: "make clean" in the toplevel directory; tar and gzip *only* your directory; +%%% email the gzipped tarball to papers@linuxsymposium.org.) +%%% +\documentclass[galley]{ols} + +% These two packages allow easy handling of urls and identifiers per the example paper. +\usepackage{url} +\usepackage{zrl} + +% The following package is not required, but is a handy way to put PDF and EPS graphics +% into your paper using the \includegraphics command. +\ifpdf +\usepackage[pdftex]{graphicx} +\else +\usepackage{graphicx} +\fi + + +% Here in the preamble, you may load additional packages, or +% define whatever macros you like, with the following exceptions: +% +% - Do not mess with the page layout, either by hand or with packages +% (e.g., typearea, geometry). +% - Do not change the principal fonts, either by hand or with packages. +% - Do not use \pagestyle, or load any page header-related packages. +% - Do not redefine any commands having to do with article titles. +% - If you are using something that is not part of the standard +% tetex-2 distribution, please make a note of whether it's on CTAN, +% or include a copy with your submission. +% + +\begin{document} + +% Mandatory: article title specification. +% Do not put line breaks or other clever formatting in \title or +% \shortauthor; these are moving arguments. + +\title{Can you handle the pressure? Making Linux bulletproof under load} +\subtitle{ } % Subtitle is optional. +\date{} % You can put a fixed date in if you wish, + % allow LaTeX to use the date of typesetting, + % or use \date{} to have no date at all. + % Whatever you do, there will not be a date + % shown in the proceedings. + +\shortauthor{Martin J Bligh} % Just you and your coauthors' names. +% for example, \shortauthor{A.N.\ Author and A.\ Nother} +% or perchance \shortauthor{Smith, Jones, Black, White, Gray, \& Greene} + +\author{% Authors, affiliations, and email addresses go here, like this: +Martin J Bligh \\ +{\itshape Your affiliation}\\ +{\ttfamily\normalsize your-address@example.com}\\ +% \and +% Bob \\ +% {\itshape Bob's affiliation.}\\ +% {\ttfamily\normalsize bob@example.com}\\ +} % end author section + +\maketitle + +\begin{abstract} +% Article abstract goes here. +\input{bligh-abstract.tex} +\end{abstract} + +% Body of your article goes here. You are mostly unrestricted in what +% LaTeX features you can use; however, the following will not work: +% \thispagestyle +% \marginpar +% table of contents +% list of figures / tables +% glossaries +% indices + +\end{document} + diff --git a/2005/flow-accounting-ols2005/OLS2005/bottomley/Makefile.inc b/2005/flow-accounting-ols2005/OLS2005/bottomley/Makefile.inc new file mode 100644 index 0000000..09f8079 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/bottomley/Makefile.inc @@ -0,0 +1,7 @@ +PAPERS += bottomley/bottomley.dvi + +## Add any additional .tex or .eps files below: +bottomley/bottomley.dvi bottomley/bottomley-proc.dvi: \ + bottomley/bottomley.tex \ + bottomley/bottomley-abstract.tex + diff --git a/2005/flow-accounting-ols2005/OLS2005/bottomley/bottomley-abstract.tex b/2005/flow-accounting-ols2005/OLS2005/bottomley/bottomley-abstract.tex new file mode 100644 index 0000000..2387025 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/bottomley/bottomley-abstract.tex @@ -0,0 +1,41 @@ + +% Registration Block Devices and Transport Classes: Where are we +% going? +% Proposal James Bottomley (jejb@steeleye.com) + +A transport class is quite simply a device driver +helper library with an associated sysfs component. +Although this sounds deceptively simple, in practise it +allows fairly large simplifications in device driver +code. Up until recently, transport classes were +restricted to be SCSI only, but now they can be made to +apply to any device driver at all (including ones with +no actual transports). + +The need for a transport class comes into most device +driver subsystems that drive a class of devices. SCSI +is a really good example of this: We have a core set of +APIs which are needed by every SCSI driver (whether +Parallel SCSI, Fibre Channel or something even more +exotic) to do with queueing commands and interpreting +status codes. However, there were a large number of +ancillary services which don't apply to the whole of +SCSI, like Domain Validation for Parallel SCSI or +target disconnection/reconnection for Fibre Channel. +The sysfs exposure gives the user a well known way to +control device parameters (like period and offset, for +parallel SCSI) without having to develop a core SCSI +API. Since a transport class has only a sysfs interface +and a driver API, it is completely independent of the +SCSI core. This makes the classes arbitrarily +extensible and imposes no limit on how many may be +simultaneously present. + +This talk will examine the evolution of the transport +class in SCSI, covering its current uses in Parallel +SCSI (SPI), Fibre Channel (FC) and other transports +(iSCSI and SAS), contrasting it with previous +approaches, like CAM, and follow with a description of +how the concept was freed from the SCSI subsystem and +how it could be applied in other aspects of kernel +development, particularly block devices. diff --git a/2005/flow-accounting-ols2005/OLS2005/bottomley/bottomley.tex b/2005/flow-accounting-ols2005/OLS2005/bottomley/bottomley.tex new file mode 100644 index 0000000..4fe8da4 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/bottomley/bottomley.tex @@ -0,0 +1,100 @@ +% The file must begin with this \documentclass declaration. You can +% give one of three different options which control how picky LaTeX +% is when typesetting: +% +% galley - All ``this doesn't fit'' warnings are suppressed, and +% references are disabled (the key will be printed as a +% reminder). Use this mode while writing. +% +% proof - All ``this doesn't fit'' warnings are active, as are +% references. Overfull hboxes make ugly black blobs in +% the margin. Use this mode to tidy up formatting after +% you're done writing. (Same as article's ``draft'' mode.) +% +% final - As proof, but the ugly black blobs are turned off. Use +% this to render PDFs or PostScript to give to other people, +% when you're completely done. (As with article, this is the +% default.) +% +% You can also use the leqno, fleqn, or openbib options to article.cls +% if you wish. None of article's other options will work. + +%%% +%%% PLEASE CHANGE 'galley' to 'final' BEFORE SUBMITTING. THANKS! +%%% (to submit: "make clean" in the toplevel directory; tar and gzip *only* your directory; +%%% email the gzipped tarball to papers@linuxsymposium.org.) +%%% +\documentclass[galley]{ols} + +% These two packages allow easy handling of urls and identifiers per the example paper. +\usepackage{url} +\usepackage{zrl} + +% The following package is not required, but is a handy way to put PDF and EPS graphics +% into your paper using the \includegraphics command. +\ifpdf +\usepackage[pdftex]{graphicx} +\else +\usepackage{graphicx} +\fi + + +% Here in the preamble, you may load additional packages, or +% define whatever macros you like, with the following exceptions: +% +% - Do not mess with the page layout, either by hand or with packages +% (e.g., typearea, geometry). +% - Do not change the principal fonts, either by hand or with packages. +% - Do not use \pagestyle, or load any page header-related packages. +% - Do not redefine any commands having to do with article titles. +% - If you are using something that is not part of the standard +% tetex-2 distribution, please make a note of whether it's on CTAN, +% or include a copy with your submission. +% + +\begin{document} + +% Mandatory: article title specification. +% Do not put line breaks or other clever formatting in \title or +% \shortauthor; these are moving arguments. + +\title{Block Devices and Transport Classes: Where are we going?} +\subtitle{ } % Subtitle is optional. +\date{} % You can put a fixed date in if you wish, + % allow LaTeX to use the date of typesetting, + % or use \date{} to have no date at all. + % Whatever you do, there will not be a date + % shown in the proceedings. + +\shortauthor{James Bottomley} % Just you and your coauthors' names. +% for example, \shortauthor{A.N.\ Author and A.\ Nother} +% or perchance \shortauthor{Smith, Jones, Black, White, Gray, \& Greene} + +\author{% Authors, affiliations, and email addresses go here, like this: +James Bottomley \\ +{\itshape Your affiliation}\\ +{\ttfamily\normalsize your-address@example.com}\\ +% \and +% Bob \\ +% {\itshape Bob's affiliation.}\\ +% {\ttfamily\normalsize bob@example.com}\\ +} % end author section + +\maketitle + +\begin{abstract} +% Article abstract goes here. +\input{bottomley-abstract.tex} +\end{abstract} + +% Body of your article goes here. You are mostly unrestricted in what +% LaTeX features you can use; however, the following will not work: +% \thispagestyle +% \marginpar +% table of contents +% list of figures / tables +% glossaries +% indices + +\end{document} + diff --git a/2005/flow-accounting-ols2005/OLS2005/brown/Makefile.inc b/2005/flow-accounting-ols2005/OLS2005/brown/Makefile.inc new file mode 100644 index 0000000..06a8d6e --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/brown/Makefile.inc @@ -0,0 +1,7 @@ +PAPERS += brown/brown.dvi + +## Add any additional .tex or .eps files below: +brown/brown.dvi brown/brown-proc.dvi: \ + brown/brown.tex \ + brown/brown-abstract.tex + diff --git a/2005/flow-accounting-ols2005/OLS2005/brown/brown-abstract.tex b/2005/flow-accounting-ols2005/OLS2005/brown/brown-abstract.tex new file mode 100644 index 0000000..15beae8 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/brown/brown-abstract.tex @@ -0,0 +1,33 @@ + +% Hot Keys, Video Control, Suspend/Resume, Oh +% My! -- Recent advances and current challenges in Linux/ACPI +% +% Len Brown (len.brown@intel.com) + +*ACPI (Advanced Configuration and Power +Interface) is an open industry specification +establishing industry-standard interfaces for +OS-directed configuration and power management +on laptops, desktops, and servers. + +ACPI enables new power management technology +to evolve independently in operating systems +and hardware while ensuring that they continue +to work together. + +This paper begins with a brief overview +of ACPI features, a description of the +Linux/ACPI implementation, and the state of +Linux/ACPI deployment. + +Detailed discussion of key technical areas +follows, highlighting recent progress in Linux +as well as current and future challenges. The +focus areas this year include plug-and-play +configuration; processor power management; +CPU, IO and memory hot-plug; laptop hot-keys; +video control and suspend/resume. In addition, +the ACPI 3.0 specification was published after +OLS last year, so we're now able to discuss +Linux's response to {ACPI 3.0} in some detail. + diff --git a/2005/flow-accounting-ols2005/OLS2005/brown/brown.tex b/2005/flow-accounting-ols2005/OLS2005/brown/brown.tex new file mode 100644 index 0000000..e6f2ab4 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/brown/brown.tex @@ -0,0 +1,100 @@ +% The file must begin with this \documentclass declaration. You can +% give one of three different options which control how picky LaTeX +% is when typesetting: +% +% galley - All ``this doesn't fit'' warnings are suppressed, and +% references are disabled (the key will be printed as a +% reminder). Use this mode while writing. +% +% proof - All ``this doesn't fit'' warnings are active, as are +% references. Overfull hboxes make ugly black blobs in +% the margin. Use this mode to tidy up formatting after +% you're done writing. (Same as article's ``draft'' mode.) +% +% final - As proof, but the ugly black blobs are turned off. Use +% this to render PDFs or PostScript to give to other people, +% when you're completely done. (As with article, this is the +% default.) +% +% You can also use the leqno, fleqn, or openbib options to article.cls +% if you wish. None of article's other options will work. + +%%% +%%% PLEASE CHANGE 'galley' to 'final' BEFORE SUBMITTING. THANKS! +%%% (to submit: "make clean" in the toplevel directory; tar and gzip *only* your directory; +%%% email the gzipped tarball to papers@linuxsymposium.org.) +%%% +\documentclass[galley]{ols} + +% These two packages allow easy handling of urls and identifiers per the example paper. +\usepackage{url} +\usepackage{zrl} + +% The following package is not required, but is a handy way to put PDF and EPS graphics +% into your paper using the \includegraphics command. +\ifpdf +\usepackage[pdftex]{graphicx} +\else +\usepackage{graphicx} +\fi + + +% Here in the preamble, you may load additional packages, or +% define whatever macros you like, with the following exceptions: +% +% - Do not mess with the page layout, either by hand or with packages +% (e.g., typearea, geometry). +% - Do not change the principal fonts, either by hand or with packages. +% - Do not use \pagestyle, or load any page header-related packages. +% - Do not redefine any commands having to do with article titles. +% - If you are using something that is not part of the standard +% tetex-2 distribution, please make a note of whether it's on CTAN, +% or include a copy with your submission. +% + +\begin{document} + +% Mandatory: article title specification. +% Do not put line breaks or other clever formatting in \title or +% \shortauthor; these are moving arguments. + +\title{Hot Keys, Video Control, Suspend/Resume, Oh My! -- Recent advances and current challenges in Linux/ACPI} +\subtitle{ } % Subtitle is optional. +\date{} % You can put a fixed date in if you wish, + % allow LaTeX to use the date of typesetting, + % or use \date{} to have no date at all. + % Whatever you do, there will not be a date + % shown in the proceedings. + +\shortauthor{Len Brown} % Just you and your coauthors' names. +% for example, \shortauthor{A.N.\ Author and A.\ Nother} +% or perchance \shortauthor{Smith, Jones, Black, White, Gray, \& Greene} + +\author{% Authors, affiliations, and email addresses go here, like this: +Len Brown \\ +{\itshape Your affiliation}\\ +{\ttfamily\normalsize your-address@example.com}\\ +% \and +% Bob \\ +% {\itshape Bob's affiliation.}\\ +% {\ttfamily\normalsize bob@example.com}\\ +} % end author section + +\maketitle + +\begin{abstract} +% Article abstract goes here. +\input{brown-abstract.tex} +\end{abstract} + +% Body of your article goes here. You are mostly unrestricted in what +% LaTeX features you can use; however, the following will not work: +% \thispagestyle +% \marginpar +% table of contents +% list of figures / tables +% glossaries +% indices + +\end{document} + diff --git a/2005/flow-accounting-ols2005/OLS2005/cannon/Makefile.inc b/2005/flow-accounting-ols2005/OLS2005/cannon/Makefile.inc new file mode 100644 index 0000000..19f18e2 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/cannon/Makefile.inc @@ -0,0 +1,7 @@ +PAPERS += cannon/cannon.dvi + +## Add any additional .tex or .eps files below: +cannon/cannon.dvi cannon/cannon-proc.dvi: \ + cannon/cannon.tex \ + cannon/cannon-abstract.tex + diff --git a/2005/flow-accounting-ols2005/OLS2005/cannon/cannon-abstract.tex b/2005/flow-accounting-ols2005/OLS2005/cannon/cannon-abstract.tex new file mode 100644 index 0000000..5accce1 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/cannon/cannon-abstract.tex @@ -0,0 +1,34 @@ + +% How to talk to Business people about the value of Open Source +% Art Cannon (acannon@us.ibm.com) + +The basic tenet of any business is to make +profit by capitalizing on market opportunities +when they present themselves. A visionary may +be able to see the convergence of various +technologies and accurately predict a paradigm +shift. It is left to the business person to +know who to listen to, and when and how to +act. It is much easier to do this if one +remains flexible (open to new ideas) and has a +business information technology process which +accommodates change. When executed properly, +use of disruptive technology can bring both a +tactical and strategic advantage. + +In this world, \textit{there are 10 types of people, those that understand binary and those that do not.} +Consider this talk an introduction which +will give people who do understand some +insight into how to market and sell, to people +who do not understand. I intend to provide the +participants with a common approach to selling +and implementing their ideas with their +customers (internal or external). It will +provide a common understanding of how to +approach selling by understanding +requirements, pain points and vocabulary. +Acquisition costs can be minuscule compared to +operating costs. I will include examination of +some of the costs of open source adoption and +an understanding of why its adoption will and +does vary by geography. diff --git a/2005/flow-accounting-ols2005/OLS2005/cannon/cannon.tex b/2005/flow-accounting-ols2005/OLS2005/cannon/cannon.tex new file mode 100644 index 0000000..ccd8652 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/cannon/cannon.tex @@ -0,0 +1,100 @@ +% The file must begin with this \documentclass declaration. You can +% give one of three different options which control how picky LaTeX +% is when typesetting: +% +% galley - All ``this doesn't fit'' warnings are suppressed, and +% references are disabled (the key will be printed as a +% reminder). Use this mode while writing. +% +% proof - All ``this doesn't fit'' warnings are active, as are +% references. Overfull hboxes make ugly black blobs in +% the margin. Use this mode to tidy up formatting after +% you're done writing. (Same as article's ``draft'' mode.) +% +% final - As proof, but the ugly black blobs are turned off. Use +% this to render PDFs or PostScript to give to other people, +% when you're completely done. (As with article, this is the +% default.) +% +% You can also use the leqno, fleqn, or openbib options to article.cls +% if you wish. None of article's other options will work. + +%%% +%%% PLEASE CHANGE 'galley' to 'final' BEFORE SUBMITTING. THANKS! +%%% (to submit: "make clean" in the toplevel directory; tar and gzip *only* your directory; +%%% email the gzipped tarball to papers@linuxsymposium.org.) +%%% +\documentclass[galley]{ols} + +% These two packages allow easy handling of urls and identifiers per the example paper. +\usepackage{url} +\usepackage{zrl} + +% The following package is not required, but is a handy way to put PDF and EPS graphics +% into your paper using the \includegraphics command. +\ifpdf +\usepackage[pdftex]{graphicx} +\else +\usepackage{graphicx} +\fi + + +% Here in the preamble, you may load additional packages, or +% define whatever macros you like, with the following exceptions: +% +% - Do not mess with the page layout, either by hand or with packages +% (e.g., typearea, geometry). +% - Do not change the principal fonts, either by hand or with packages. +% - Do not use \pagestyle, or load any page header-related packages. +% - Do not redefine any commands having to do with article titles. +% - If you are using something that is not part of the standard +% tetex-2 distribution, please make a note of whether it's on CTAN, +% or include a copy with your submission. +% + +\begin{document} + +% Mandatory: article title specification. +% Do not put line breaks or other clever formatting in \title or +% \shortauthor; these are moving arguments. + +\title{How to Talk to Business People About the Value of Open Source} +\subtitle{ } % Subtitle is optional. +\date{} % You can put a fixed date in if you wish, + % allow LaTeX to use the date of typesetting, + % or use \date{} to have no date at all. + % Whatever you do, there will not be a date + % shown in the proceedings. + +\shortauthor{Art Cannon} % Just you and your coauthors' names. +% for example, \shortauthor{A.N.\ Author and A.\ Nother} +% or perchance \shortauthor{Smith, Jones, Black, White, Gray, \& Greene} + +\author{% Authors, affiliations, and email addresses go here, like this: +Art Cannon \\ +{\itshape Your affiliation}\\ +{\ttfamily\normalsize your-address@example.com}\\ +% \and +% Bob \\ +% {\itshape Bob's affiliation.}\\ +% {\ttfamily\normalsize bob@example.com}\\ +} % end author section + +\maketitle + +\begin{abstract} +% Article abstract goes here. +\input{cannon-abstract.tex} +\end{abstract} + +% Body of your article goes here. You are mostly unrestricted in what +% LaTeX features you can use; however, the following will not work: +% \thispagestyle +% \marginpar +% table of contents +% list of figures / tables +% glossaries +% indices + +\end{document} + diff --git a/2005/flow-accounting-ols2005/OLS2005/cao/Makefile.inc b/2005/flow-accounting-ols2005/OLS2005/cao/Makefile.inc new file mode 100644 index 0000000..7672b2e --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/cao/Makefile.inc @@ -0,0 +1,7 @@ +PAPERS += cao/cao.dvi + +## Add any additional .tex or .eps files below: +cao/cao.dvi cao/cao-proc.dvi: \ + cao/cao.tex \ + cao/cao-abstract.tex + diff --git a/2005/flow-accounting-ols2005/OLS2005/cao/cao-abstract.tex b/2005/flow-accounting-ols2005/OLS2005/cao/cao-abstract.tex new file mode 100644 index 0000000..0cbe742 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/cao/cao-abstract.tex @@ -0,0 +1,19 @@ + +% State of Art : Where we are with the Ext3 filesystem? +% Mingming Cao (cmm@us.ibm.com) + +There has been a lot of ext3 filesystem +development work during the past two years +toward making ext3 an outstanding filesystem. +In this paper, we discuss some features like +directory indexing, block reservation and on- +line resizing, which have been accepted in the +mainline kernel recently. We also discuss +those features implemented but not yet +incorporated into the mainline kernel, such as +extent maps, delayed allocation and multiple +block allocation. We further include an +overview of implementation and performance +improvements for some of these features. +Finally, we review some features which are +still on the drawing board. diff --git a/2005/flow-accounting-ols2005/OLS2005/cao/cao.tex b/2005/flow-accounting-ols2005/OLS2005/cao/cao.tex new file mode 100644 index 0000000..0af13b6 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/cao/cao.tex @@ -0,0 +1,100 @@ +% The file must begin with this \documentclass declaration. You can +% give one of three different options which control how picky LaTeX +% is when typesetting: +% +% galley - All ``this doesn't fit'' warnings are suppressed, and +% references are disabled (the key will be printed as a +% reminder). Use this mode while writing. +% +% proof - All ``this doesn't fit'' warnings are active, as are +% references. Overfull hboxes make ugly black blobs in +% the margin. Use this mode to tidy up formatting after +% you're done writing. (Same as article's ``draft'' mode.) +% +% final - As proof, but the ugly black blobs are turned off. Use +% this to render PDFs or PostScript to give to other people, +% when you're completely done. (As with article, this is the +% default.) +% +% You can also use the leqno, fleqn, or openbib options to article.cls +% if you wish. None of article's other options will work. + +%%% +%%% PLEASE CHANGE 'galley' to 'final' BEFORE SUBMITTING. THANKS! +%%% (to submit: "make clean" in the toplevel directory; tar and gzip *only* your directory; +%%% email the gzipped tarball to papers@linuxsymposium.org.) +%%% +\documentclass[galley]{ols} + +% These two packages allow easy handling of urls and identifiers per the example paper. +\usepackage{url} +\usepackage{zrl} + +% The following package is not required, but is a handy way to put PDF and EPS graphics +% into your paper using the \includegraphics command. +\ifpdf +\usepackage[pdftex]{graphicx} +\else +\usepackage{graphicx} +\fi + + +% Here in the preamble, you may load additional packages, or +% define whatever macros you like, with the following exceptions: +% +% - Do not mess with the page layout, either by hand or with packages +% (e.g., typearea, geometry). +% - Do not change the principal fonts, either by hand or with packages. +% - Do not use \pagestyle, or load any page header-related packages. +% - Do not redefine any commands having to do with article titles. +% - If you are using something that is not part of the standard +% tetex-2 distribution, please make a note of whether it's on CTAN, +% or include a copy with your submission. +% + +\begin{document} + +% Mandatory: article title specification. +% Do not put line breaks or other clever formatting in \title or +% \shortauthor; these are moving arguments. + +\title{State of the Art: Where we are with the Ext3 filesystem?} +\subtitle{ } % Subtitle is optional. +\date{} % You can put a fixed date in if you wish, + % allow LaTeX to use the date of typesetting, + % or use \date{} to have no date at all. + % Whatever you do, there will not be a date + % shown in the proceedings. + +\shortauthor{Mingming Cao} % Just you and your coauthors' names. +% for example, \shortauthor{A.N.\ Author and A.\ Nother} +% or perchance \shortauthor{Smith, Jones, Black, White, Gray, \& Greene} + +\author{% Authors, affiliations, and email addresses go here, like this: +Mingming Cao \\ +{\itshape Your affiliation}\\ +{\ttfamily\normalsize your-address@example.com}\\ +% \and +% Bob \\ +% {\itshape Bob's affiliation.}\\ +% {\ttfamily\normalsize bob@example.com}\\ +} % end author section + +\maketitle + +\begin{abstract} +% Article abstract goes here. +\input{cao-abstract.tex} +\end{abstract} + +% Body of your article goes here. You are mostly unrestricted in what +% LaTeX features you can use; however, the following will not work: +% \thispagestyle +% \marginpar +% table of contents +% list of figures / tables +% glossaries +% indices + +\end{document} + diff --git a/2005/flow-accounting-ols2005/OLS2005/corbet/Makefile.inc b/2005/flow-accounting-ols2005/OLS2005/corbet/Makefile.inc new file mode 100644 index 0000000..a85cdf6 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/corbet/Makefile.inc @@ -0,0 +1,7 @@ +PAPERS += corbet/corbet.dvi + +## Add any additional .tex or .eps files below: +corbet/corbet.dvi corbet/corbet-proc.dvi: \ + corbet/corbet.tex \ + corbet/corbet-abstract.tex + diff --git a/2005/flow-accounting-ols2005/OLS2005/corbet/corbet-abstract.tex b/2005/flow-accounting-ols2005/OLS2005/corbet/corbet-abstract.tex new file mode 100644 index 0000000..b102f51 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/corbet/corbet-abstract.tex @@ -0,0 +1,20 @@ + +% A 2.6 kernel roadmap +% +% Jonathan Corbet (corbet@lwn.net) + +I will look at the 2.6 development process: +how it works, how it got to where it is now, +and where it is headed. The talk will include +a discussion of what changes are likely to be +seen in the near future and the important +decisions made at the Kernel Summit held +immediately prior to OLS. I will also attempt +to point out other interesting OLS sessions +for people interested in learning more about +specific subjects. This talk should be of +interest to anybody who is looking to learn +more about how the Linux kernel is made and +what the future development plans are. + + diff --git a/2005/flow-accounting-ols2005/OLS2005/corbet/corbet.tex b/2005/flow-accounting-ols2005/OLS2005/corbet/corbet.tex new file mode 100644 index 0000000..1a3c24b --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/corbet/corbet.tex @@ -0,0 +1,100 @@ +% The file must begin with this \documentclass declaration. You can +% give one of three different options which control how picky LaTeX +% is when typesetting: +% +% galley - All ``this doesn't fit'' warnings are suppressed, and +% references are disabled (the key will be printed as a +% reminder). Use this mode while writing. +% +% proof - All ``this doesn't fit'' warnings are active, as are +% references. Overfull hboxes make ugly black blobs in +% the margin. Use this mode to tidy up formatting after +% you're done writing. (Same as article's ``draft'' mode.) +% +% final - As proof, but the ugly black blobs are turned off. Use +% this to render PDFs or PostScript to give to other people, +% when you're completely done. (As with article, this is the +% default.) +% +% You can also use the leqno, fleqn, or openbib options to article.cls +% if you wish. None of article's other options will work. + +%%% +%%% PLEASE CHANGE 'galley' to 'final' BEFORE SUBMITTING. THANKS! +%%% (to submit: "make clean" in the toplevel directory; tar and gzip *only* your directory; +%%% email the gzipped tarball to papers@linuxsymposium.org.) +%%% +\documentclass[galley]{ols} + +% These two packages allow easy handling of urls and identifiers per the example paper. +\usepackage{url} +\usepackage{zrl} + +% The following package is not required, but is a handy way to put PDF and EPS graphics +% into your paper using the \includegraphics command. +\ifpdf +\usepackage[pdftex]{graphicx} +\else +\usepackage{graphicx} +\fi + + +% Here in the preamble, you may load additional packages, or +% define whatever macros you like, with the following exceptions: +% +% - Do not mess with the page layout, either by hand or with packages +% (e.g., typearea, geometry). +% - Do not change the principal fonts, either by hand or with packages. +% - Do not use \pagestyle, or load any page header-related packages. +% - Do not redefine any commands having to do with article titles. +% - If you are using something that is not part of the standard +% tetex-2 distribution, please make a note of whether it's on CTAN, +% or include a copy with your submission. +% + +\begin{document} + +% Mandatory: article title specification. +% Do not put line breaks or other clever formatting in \title or +% \shortauthor; these are moving arguments. + +\title{A 2.6 kernel roadmap} +\subtitle{ } % Subtitle is optional. +\date{} % You can put a fixed date in if you wish, + % allow LaTeX to use the date of typesetting, + % or use \date{} to have no date at all. + % Whatever you do, there will not be a date + % shown in the proceedings. + +\shortauthor{Jonathan Corbet} % Just you and your coauthors' names. +% for example, \shortauthor{A.N.\ Author and A.\ Nother} +% or perchance \shortauthor{Smith, Jones, Black, White, Gray, \& Greene} + +\author{% Authors, affiliations, and email addresses go here, like this: +Jonathan Corbet \\ +{\itshape Your affiliation}\\ +{\ttfamily\normalsize your-address@example.com}\\ +% \and +% Bob \\ +% {\itshape Bob's affiliation.}\\ +% {\ttfamily\normalsize bob@example.com}\\ +} % end author section + +\maketitle + +\begin{abstract} +% Article abstract goes here. +\input{corbet-abstract.tex} +\end{abstract} + +% Body of your article goes here. You are mostly unrestricted in what +% LaTeX features you can use; however, the following will not work: +% \thispagestyle +% \marginpar +% table of contents +% list of figures / tables +% glossaries +% indices + +\end{document} + diff --git a/2005/flow-accounting-ols2005/OLS2005/day/Makefile.inc b/2005/flow-accounting-ols2005/OLS2005/day/Makefile.inc new file mode 100644 index 0000000..bed23d5 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/day/Makefile.inc @@ -0,0 +1,7 @@ +PAPERS += day/day.dvi + +## Add any additional .tex or .eps files below: +day/day.dvi day/day-proc.dvi: \ + day/day.tex \ + day/day-abstract.tex + diff --git a/2005/flow-accounting-ols2005/OLS2005/day/day-abstract.tex b/2005/flow-accounting-ols2005/OLS2005/day/day-abstract.tex new file mode 100644 index 0000000..959a0ac --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/day/day-abstract.tex @@ -0,0 +1,28 @@ + +% Using a the Xen Hypervisor to Supercharge OS Deployment +% Mike D Day (ncmike@us.ibm.com) + +Hypervisor technology presents some promising +opportunities for optimizing Linux deployment. +We discuss modifying initrd and the init +process to work in cooperation with the Xen +hypervisor to create any number of unique +server instances by re-using a single system +image. By isolating a server's unique +properties into a set of patches to +initialization scripts and other selected +files, deployment of a new server can occur in +a few seconds. To capture changes to a +server's configuration that occur while it is +running, we discuss using an LVM snapshot to +hold changes to selected files. By separating +the initialization and file data that make a +linux server instance unique, that data can be +stored and retrieved in a number of ways. We +discuss storing and retrieving different +initialization patches over the network and +integration of these capabilities into the Xen +tools. Potential uses for the techniques +demonstrated in the paper include capacity on +demand, and new methods of provisioning +servers and workstations. diff --git a/2005/flow-accounting-ols2005/OLS2005/day/day.tex b/2005/flow-accounting-ols2005/OLS2005/day/day.tex new file mode 100644 index 0000000..372ba6f --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/day/day.tex @@ -0,0 +1,100 @@ +% The file must begin with this \documentclass declaration. You can +% give one of three different options which control how picky LaTeX +% is when typesetting: +% +% galley - All ``this doesn't fit'' warnings are suppressed, and +% references are disabled (the key will be printed as a +% reminder). Use this mode while writing. +% +% proof - All ``this doesn't fit'' warnings are active, as are +% references. Overfull hboxes make ugly black blobs in +% the margin. Use this mode to tidy up formatting after +% you're done writing. (Same as article's ``draft'' mode.) +% +% final - As proof, but the ugly black blobs are turned off. Use +% this to render PDFs or PostScript to give to other people, +% when you're completely done. (As with article, this is the +% default.) +% +% You can also use the leqno, fleqn, or openbib options to article.cls +% if you wish. None of article's other options will work. + +%%% +%%% PLEASE CHANGE 'galley' to 'final' BEFORE SUBMITTING. THANKS! +%%% (to submit: "make clean" in the toplevel directory; tar and gzip *only* your directory; +%%% email the gzipped tarball to papers@linuxsymposium.org.) +%%% +\documentclass[galley]{ols} + +% These two packages allow easy handling of urls and identifiers per the example paper. +\usepackage{url} +\usepackage{zrl} + +% The following package is not required, but is a handy way to put PDF and EPS graphics +% into your paper using the \includegraphics command. +\ifpdf +\usepackage[pdftex]{graphicx} +\else +\usepackage{graphicx} +\fi + + +% Here in the preamble, you may load additional packages, or +% define whatever macros you like, with the following exceptions: +% +% - Do not mess with the page layout, either by hand or with packages +% (e.g., typearea, geometry). +% - Do not change the principal fonts, either by hand or with packages. +% - Do not use \pagestyle, or load any page header-related packages. +% - Do not redefine any commands having to do with article titles. +% - If you are using something that is not part of the standard +% tetex-2 distribution, please make a note of whether it's on CTAN, +% or include a copy with your submission. +% + +\begin{document} + +% Mandatory: article title specification. +% Do not put line breaks or other clever formatting in \title or +% \shortauthor; these are moving arguments. + +\title{Using a the Xen Hypervisor to Supercharge OS Deployment} +\subtitle{ } % Subtitle is optional. +\date{} % You can put a fixed date in if you wish, + % allow LaTeX to use the date of typesetting, + % or use \date{} to have no date at all. + % Whatever you do, there will not be a date + % shown in the proceedings. + +\shortauthor{Mike D Day} % Just you and your coauthors' names. +% for example, \shortauthor{A.N.\ Author and A.\ Nother} +% or perchance \shortauthor{Smith, Jones, Black, White, Gray, \& Greene} + +\author{% Authors, affiliations, and email addresses go here, like this: +Mike D Day \\ +{\itshape Your affiliation}\\ +{\ttfamily\normalsize your-address@example.com}\\ +% \and +% Bob \\ +% {\itshape Bob's affiliation.}\\ +% {\ttfamily\normalsize bob@example.com}\\ +} % end author section + +\maketitle + +\begin{abstract} +% Article abstract goes here. +\input{day-abstract.tex} +\end{abstract} + +% Body of your article goes here. You are mostly unrestricted in what +% LaTeX features you can use; however, the following will not work: +% \thispagestyle +% \marginpar +% table of contents +% list of figures / tables +% glossaries +% indices + +\end{document} + diff --git a/2005/flow-accounting-ols2005/OLS2005/denijs/Makefile.inc b/2005/flow-accounting-ols2005/OLS2005/denijs/Makefile.inc new file mode 100644 index 0000000..1712509 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/denijs/Makefile.inc @@ -0,0 +1,7 @@ +PAPERS += denijs/denijs.dvi + +## Add any additional .tex or .eps files below: +denijs/denijs.dvi denijs/denijs-proc.dvi: \ + denijs/denijs.tex \ + denijs/denijs-abstract.tex + diff --git a/2005/flow-accounting-ols2005/OLS2005/denijs/denijs-abstract.tex b/2005/flow-accounting-ols2005/OLS2005/denijs/denijs-abstract.tex new file mode 100644 index 0000000..f821300 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/denijs/denijs-abstract.tex @@ -0,0 +1,39 @@ +% [1]>linuxsymposium July 20-23rd, 2005, Ottawa, Canada + +% Registration Active Block I/O Scheduling System (ABISS) +% +% [2]Register/Submit Giel de Nijs (giel.de.nijs@philips.com) + +The Active Block I/O Scheduling System (ABISS) is an +extension of the hard-disk storage subsystem of Linux. +It is designed to provide guaranteed reading and +writing bitrates to applications, with minimal overhead +and low latency. The core element of ABISS is a +scheduler that performs intelligent read-ahead or +write-back, based on the access profile the application +has previously requested. An adaptation of existing +work on incorporating support for priority requests +into the elevator (``IO scheduler'') is part of our +implementation, and enables ABISS to ensure that +real-time requests are served in a timely manner. +Besides the extension to the storage subsystem, we have +implemented experimental support for delayed allocation +in the FAT file system, to be effectively able to +provide the guaranteed writing bitrates. We are working +on combining this with disk space reservations, which +are also part of on-going development on ext3. +Applications use the regular POSIX API, and control the +ABISS extensions either directly through ioctls, or a +library offering simple wrapper functions. ABISS +contains by a user-space demon that oversees resource +allocation and handles admission control. Also some +minor modifications were made to file system drivers. +ABISS currently supports FAT, VFAT, ext2, and ext3. In +a set of experimental runs with real-life data rates on +a deliberately not very powerful test system reflecting +a typical embedded device, we have measured that all +read and write operations completed within 6 ms, while +a background load of eight concurrent greedy readers or +writers, served in a best-effort way, experienced +delays worse by a factor of more than 4000. + diff --git a/2005/flow-accounting-ols2005/OLS2005/denijs/denijs.tex b/2005/flow-accounting-ols2005/OLS2005/denijs/denijs.tex new file mode 100644 index 0000000..8af08af --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/denijs/denijs.tex @@ -0,0 +1,98 @@ +% The file must begin with this \documentclass declaration. You can +% give one of three different options which control how picky LaTeX +% is when typesetting: +% +% galley - All ``this doesn't fit'' warnings are suppressed, and +% references are disabled (the key will be printed as a +% reminder). Use this mode while writing. +% +% proof - All ``this doesn't fit'' warnings are active, as are +% references. Overfull hboxes make ugly black blobs in +% the margin. Use this mode to tidy up formatting after +% you're done writing. (Same as article's ``draft'' mode.) +% +% final - As proof, but the ugly black blobs are turned off. Use +% this to render PDFs or PostScript to give to other people, +% when you're completely done. (As with article, this is the +% default.) +% +% You can also use the leqno, fleqn, or openbib options to article.cls +% if you wish. None of article's other options will work. + +%%% +%%% PLEASE CHANGE 'galley' to 'final' BEFORE SUBMITTING. THANKS! +%%% (to submit: "make clean" in the toplevel directory; tar and gzip *only* your directory; +%%% email the gzipped tarball to papers@linuxsymposium.org.) +%%% +\documentclass[galley]{ols} +\usepackage{url} +\usepackage{zrl} + +% The following package is not required, but is a handy way to put PDF and EPS graphics +% into your paper using the \includegraphics command. +\ifpdf +\usepackage[pdftex]{graphicx} +\else +\usepackage{graphicx} +\fi + + +% Here in the preamble, you may load additional packages, or +% define whatever macros you like, with the following exceptions: +% +% - Do not mess with the page layout, either by hand or with packages +% (e.g., typearea, geometry). +% - Do not change the principal fonts, either by hand or with packages. +% - Do not use \pagestyle, or load any page header-related packages. +% - Do not redefine any commands having to do with article titles. +% - If you are using something that is not part of the standard +% tetex-2 distribution, please make a note of whether it's on CTAN, +% or include a copy with your submission. +% + +\begin{document} + +% Mandatory: article title specification. +% Do not put line breaks or other clever formatting in \title or +% \shortauthor; these are moving arguments. + +\title{Active Block I/O Scheduling System (ABISS)} +\subtitle{ } % Subtitle is optional. +%\date{24 Jan 2005} % You can put a fixed date in if you wish, + % allow LaTeX to use the date of typesetting, + % or use \date{} to have no date at all. + % Whatever you do, there will not be a date + % shown in the proceedings. + +\shortauthor{Giel de Nijs} % Just you and your coauthors' names. +% for example, \shortauthor{A.N.\ Author and A.\ Nother} +% or perchance \shortauthor{Smith, Jones, Black, White, Gray, \& Greene} + +\author{% Authors, affiliations, and email addresses go here, like this: +Giel de Nijs \\ +{\itshape Your affiliation}\\ +{\ttfamily\normalsize your-address@example.com}\\ +% \and +% Bob \\ +% {\itshape Bob's affiliation.}\\ +% {\ttfamily\normalsize bob@example.com}\\ +} % end author section + +\maketitle + +\begin{abstract} +% Article abstract goes here. +\input{denijs-abstract.tex} +\end{abstract} + +% Body of your article goes here. You are mostly unrestricted in what +% LaTeX features you can use; however, the following will not work: +% \thispagestyle +% \marginpar +% table of contents +% list of figures / tables +% glossaries +% indices + +\end{document} + diff --git a/2005/flow-accounting-ols2005/OLS2005/dike/Makefile.inc b/2005/flow-accounting-ols2005/OLS2005/dike/Makefile.inc new file mode 100644 index 0000000..249ae09 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/dike/Makefile.inc @@ -0,0 +1,7 @@ +PAPERS += dike/dike.dvi + +## Add any additional .tex or .eps files below: +dike/dike.dvi dike/dike-proc.dvi: \ + dike/dike.tex \ + dike/dike-abstract.tex + diff --git a/2005/flow-accounting-ols2005/OLS2005/dike/dike-abstract.tex b/2005/flow-accounting-ols2005/OLS2005/dike/dike-abstract.tex new file mode 100644 index 0000000..35e66fe --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/dike/dike-abstract.tex @@ -0,0 +1,28 @@ + +% Registration UML and the Intel VT extensions +% +% [2]Register/Submit Proposal Jeff Dike (jdike@addtoit.com) + +Intel has added virtualization extensions (VT) +to the x86 architecture. It adds a new set of +rings, guest rings 0 through 3, to the +traditional rings, which are now called the +host rings. + +User-mode Linux (UML) is in the process of +being enhanced to make use of these extensions +for greater performance. It will run in guest +ring 0, gaining the ability to directly +receive software interrupts. This will allow +it to handle process system calls without +needing assistance from the host kernel, which +will let UML handle system calls at hardware +speed. + +In spite of running in a ring 0, UML will +appear to remain in userspace, making system +calls to the host kernel and receiving signals +from it. So, it will retain its current +manageability, while getting a performance +boost from its use of the hardware. + diff --git a/2005/flow-accounting-ols2005/OLS2005/dike/dike.tex b/2005/flow-accounting-ols2005/OLS2005/dike/dike.tex new file mode 100644 index 0000000..4e98821 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/dike/dike.tex @@ -0,0 +1,100 @@ +% The file must begin with this \documentclass declaration. You can +% give one of three different options which control how picky LaTeX +% is when typesetting: +% +% galley - All ``this doesn't fit'' warnings are suppressed, and +% references are disabled (the key will be printed as a +% reminder). Use this mode while writing. +% +% proof - All ``this doesn't fit'' warnings are active, as are +% references. Overfull hboxes make ugly black blobs in +% the margin. Use this mode to tidy up formatting after +% you're done writing. (Same as article's ``draft'' mode.) +% +% final - As proof, but the ugly black blobs are turned off. Use +% this to render PDFs or PostScript to give to other people, +% when you're completely done. (As with article, this is the +% default.) +% +% You can also use the leqno, fleqn, or openbib options to article.cls +% if you wish. None of article's other options will work. + +%%% +%%% PLEASE CHANGE 'galley' to 'final' BEFORE SUBMITTING. THANKS! +%%% (to submit: "make clean" in the toplevel directory; tar and gzip *only* your directory; +%%% email the gzipped tarball to papers@linuxsymposium.org.) +%%% +\documentclass[galley]{ols} + +% These two packages allow easy handling of urls and identifiers per the example paper. +\usepackage{url} +\usepackage{zrl} + +% The following package is not required, but is a handy way to put PDF and EPS graphics +% into your paper using the \includegraphics command. +\ifpdf +\usepackage[pdftex]{graphicx} +\else +\usepackage{graphicx} +\fi + + +% Here in the preamble, you may load additional packages, or +% define whatever macros you like, with the following exceptions: +% +% - Do not mess with the page layout, either by hand or with packages +% (e.g., typearea, geometry). +% - Do not change the principal fonts, either by hand or with packages. +% - Do not use \pagestyle, or load any page header-related packages. +% - Do not redefine any commands having to do with article titles. +% - If you are using something that is not part of the standard +% tetex-2 distribution, please make a note of whether it's on CTAN, +% or include a copy with your submission. +% + +\begin{document} + +% Mandatory: article title specification. +% Do not put line breaks or other clever formatting in \title or +% \shortauthor; these are moving arguments. + +\title{UML and the Intel VT extensions} +\subtitle{ } % Subtitle is optional. +\date{} % You can put a fixed date in if you wish, + % allow LaTeX to use the date of typesetting, + % or use \date{} to have no date at all. + % Whatever you do, there will not be a date + % shown in the proceedings. + +\shortauthor{Jeff Dike} % Just you and your coauthors' names. +% for example, \shortauthor{A.N.\ Author and A.\ Nother} +% or perchance \shortauthor{Smith, Jones, Black, White, Gray, \& Greene} + +\author{% Authors, affiliations, and email addresses go here, like this: +Jeff Dike \\ +{\itshape Your affiliation}\\ +{\ttfamily\normalsize your-address@example.com}\\ +% \and +% Bob \\ +% {\itshape Bob's affiliation.}\\ +% {\ttfamily\normalsize bob@example.com}\\ +} % end author section + +\maketitle + +\begin{abstract} +% Article abstract goes here. +\input{dike-abstract.tex} +\end{abstract} + +% Body of your article goes here. You are mostly unrestricted in what +% LaTeX features you can use; however, the following will not work: +% \thispagestyle +% \marginpar +% table of contents +% list of figures / tables +% glossaries +% indices + +\end{document} + diff --git a/2005/flow-accounting-ols2005/OLS2005/gettys/Makefile.inc b/2005/flow-accounting-ols2005/OLS2005/gettys/Makefile.inc new file mode 100644 index 0000000..309ce14 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/gettys/Makefile.inc @@ -0,0 +1,7 @@ +PAPERS += gettys/gettys.dvi + +## Add any additional .tex or .eps files below: +gettys/gettys.dvi gettys/gettys-proc.dvi: \ + gettys/gettys.tex \ + gettys/gettys-abstract.tex + diff --git a/2005/flow-accounting-ols2005/OLS2005/gettys/gettys-abstract.tex b/2005/flow-accounting-ols2005/OLS2005/gettys/gettys-abstract.tex new file mode 100644 index 0000000..7d9eefc --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/gettys/gettys-abstract.tex @@ -0,0 +1,51 @@ + +% Registration The New X Input System +% +% [2]Register/Submit Proposal James Gettys (jim.gettys@hp.com) +% +% Content A New X Window System Input System + +The X Window System, for historical reasons, +has presumed a static configuration of screens +and input devices such as keyboards, mice, +joysticks, etc, configured by a file (the +dread \texttt{xorg.conf} or \texttt{XF86Config} file), under +control of a single individual. + +But USB input devices are now hot-pluggable, +and users justifiably expect that they should +be able to plug them into a running system and +have them ``just work,'' without requiring +rebooting the Linux/UNIX kernel or restarting +the X server, having laboriously hand-edited +an X server configuration file. Instead, the X +server must move to a model where it is told +what to do by external agents, and do so in a +dynamic fashion, in response to a user's +action. + +Additonally, projectors and other large +displays, calling out to be used by more than +one person at a time, are becoming +econonomical. Input devices themselves must be +able to be network devices, and the X server +become a multi-user server, if this vision is +to become a reality. + +The issues faced break down into the following +categories: +\begin{itemize} + \item fundamental X architectural issues + \item XInput extension protocol issues + \item Integration with the desktop environment + \item X server implementation infrastructure issues + \item Security and authentication + \item Device discovery, authentication and association +\end{itemize} + +Hotplug of display screens present similar +challenges, but such hardware is either rare +(PCMCIA/CARDBUS displays) or not yet widely +deployed (e.g.\ PCI-e), it is out of the scope +of this paper. + diff --git a/2005/flow-accounting-ols2005/OLS2005/gettys/gettys.tex b/2005/flow-accounting-ols2005/OLS2005/gettys/gettys.tex new file mode 100644 index 0000000..b5effa6 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/gettys/gettys.tex @@ -0,0 +1,100 @@ +% The file must begin with this \documentclass declaration. You can +% give one of three different options which control how picky LaTeX +% is when typesetting: +% +% galley - All ``this doesn't fit'' warnings are suppressed, and +% references are disabled (the key will be printed as a +% reminder). Use this mode while writing. +% +% proof - All ``this doesn't fit'' warnings are active, as are +% references. Overfull hboxes make ugly black blobs in +% the margin. Use this mode to tidy up formatting after +% you're done writing. (Same as article's ``draft'' mode.) +% +% final - As proof, but the ugly black blobs are turned off. Use +% this to render PDFs or PostScript to give to other people, +% when you're completely done. (As with article, this is the +% default.) +% +% You can also use the leqno, fleqn, or openbib options to article.cls +% if you wish. None of article's other options will work. + +%%% +%%% PLEASE CHANGE 'galley' to 'final' BEFORE SUBMITTING. THANKS! +%%% (to submit: "make clean" in the toplevel directory; tar and gzip *only* your directory; +%%% email the gzipped tarball to papers@linuxsymposium.org.) +%%% +\documentclass[galley]{ols} + +% These two packages allow easy handling of urls and identifiers per the example paper. +\usepackage{url} +\usepackage{zrl} + +% The following package is not required, but is a handy way to put PDF and EPS graphics +% into your paper using the \includegraphics command. +\ifpdf +\usepackage[pdftex]{graphicx} +\else +\usepackage{graphicx} +\fi + + +% Here in the preamble, you may load additional packages, or +% define whatever macros you like, with the following exceptions: +% +% - Do not mess with the page layout, either by hand or with packages +% (e.g., typearea, geometry). +% - Do not change the principal fonts, either by hand or with packages. +% - Do not use \pagestyle, or load any page header-related packages. +% - Do not redefine any commands having to do with article titles. +% - If you are using something that is not part of the standard +% tetex-2 distribution, please make a note of whether it's on CTAN, +% or include a copy with your submission. +% + +\begin{document} + +% Mandatory: article title specification. +% Do not put line breaks or other clever formatting in \title or +% \shortauthor; these are moving arguments. + +\title{The New X Input System} +\subtitle{ } % Subtitle is optional. +\date{} % You can put a fixed date in if you wish, + % allow LaTeX to use the date of typesetting, + % or use \date{} to have no date at all. + % Whatever you do, there will not be a date + % shown in the proceedings. + +\shortauthor{James Gettys} % Just you and your coauthors' names. +% for example, \shortauthor{A.N.\ Author and A.\ Nother} +% or perchance \shortauthor{Smith, Jones, Black, White, Gray, \& Greene} + +\author{% Authors, affiliations, and email addresses go here, like this: +James Gettys \\ +{\itshape Your affiliation}\\ +{\ttfamily\normalsize your-address@example.com}\\ +% \and +% Bob \\ +% {\itshape Bob's affiliation.}\\ +% {\ttfamily\normalsize bob@example.com}\\ +} % end author section + +\maketitle + +\begin{abstract} +% Article abstract goes here. +\input{gettys-abstract.tex} +\end{abstract} + +% Body of your article goes here. You are mostly unrestricted in what +% LaTeX features you can use; however, the following will not work: +% \thispagestyle +% \marginpar +% table of contents +% list of figures / tables +% glossaries +% indices + +\end{document} + diff --git a/2005/flow-accounting-ols2005/OLS2005/goggin/Makefile.inc b/2005/flow-accounting-ols2005/OLS2005/goggin/Makefile.inc new file mode 100644 index 0000000..1b7ec6f --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/goggin/Makefile.inc @@ -0,0 +1,7 @@ +PAPERS += goggin/goggin.dvi + +## Add any additional .tex or .eps files below: +goggin/goggin.dvi goggin/goggin-proc.dvi: \ + goggin/goggin.tex \ + goggin/goggin-abstract.tex + diff --git a/2005/flow-accounting-ols2005/OLS2005/goggin/goggin-abstract.tex b/2005/flow-accounting-ols2005/OLS2005/goggin/goggin-abstract.tex new file mode 100644 index 0000000..f37031c --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/goggin/goggin-abstract.tex @@ -0,0 +1,22 @@ + +% Registration Linux Multipathing +% [2]Register/Submit Proposal Ed Goggin (egoggin@emc.com) + +Linux multipathing provides I/O failover and +path load sharing for multipathed block +devices. In this paper, we provide an overview +of the current device mapper based +multipathing capability and use authentic +customer configurations to drive Enterprise +level requirements for future multipathing +enhancements. We describe the interaction +amongst kernel multipathing modules, user mode +multipathing tools, hotplug, udev, and kpartx +components when considering use cases. Use +cases include path and logical unit +re-configuration, partition management, and +path failover for both active-active and +active-passive generic storage systems. We +also describe lessons learned during testing +the MD scheme on high end storage systems. + diff --git a/2005/flow-accounting-ols2005/OLS2005/goggin/goggin.tex b/2005/flow-accounting-ols2005/OLS2005/goggin/goggin.tex new file mode 100644 index 0000000..8076b06 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/goggin/goggin.tex @@ -0,0 +1,100 @@ +% The file must begin with this \documentclass declaration. You can +% give one of three different options which control how picky LaTeX +% is when typesetting: +% +% galley - All ``this doesn't fit'' warnings are suppressed, and +% references are disabled (the key will be printed as a +% reminder). Use this mode while writing. +% +% proof - All ``this doesn't fit'' warnings are active, as are +% references. Overfull hboxes make ugly black blobs in +% the margin. Use this mode to tidy up formatting after +% you're done writing. (Same as article's ``draft'' mode.) +% +% final - As proof, but the ugly black blobs are turned off. Use +% this to render PDFs or PostScript to give to other people, +% when you're completely done. (As with article, this is the +% default.) +% +% You can also use the leqno, fleqn, or openbib options to article.cls +% if you wish. None of article's other options will work. + +%%% +%%% PLEASE CHANGE 'galley' to 'final' BEFORE SUBMITTING. THANKS! +%%% (to submit: "make clean" in the toplevel directory; tar and gzip *only* your directory; +%%% email the gzipped tarball to papers@linuxsymposium.org.) +%%% +\documentclass[galley]{ols} + +% These two packages allow easy handling of urls and identifiers per the example paper. +\usepackage{url} +\usepackage{zrl} + +% The following package is not required, but is a handy way to put PDF and EPS graphics +% into your paper using the \includegraphics command. +\ifpdf +\usepackage[pdftex]{graphicx} +\else +\usepackage{graphicx} +\fi + + +% Here in the preamble, you may load additional packages, or +% define whatever macros you like, with the following exceptions: +% +% - Do not mess with the page layout, either by hand or with packages +% (e.g., typearea, geometry). +% - Do not change the principal fonts, either by hand or with packages. +% - Do not use \pagestyle, or load any page header-related packages. +% - Do not redefine any commands having to do with article titles. +% - If you are using something that is not part of the standard +% tetex-2 distribution, please make a note of whether it's on CTAN, +% or include a copy with your submission. +% + +\begin{document} + +% Mandatory: article title specification. +% Do not put line breaks or other clever formatting in \title or +% \shortauthor; these are moving arguments. + +\title{Linux Multipathing} +\subtitle{ } % Subtitle is optional. +\date{} % You can put a fixed date in if you wish, + % allow LaTeX to use the date of typesetting, + % or use \date{} to have no date at all. + % Whatever you do, there will not be a date + % shown in the proceedings. + +\shortauthor{Ed Goggin} % Just you and your coauthors' names. +% for example, \shortauthor{A.N.\ Author and A.\ Nother} +% or perchance \shortauthor{Smith, Jones, Black, White, Gray, \& Greene} + +\author{% Authors, affiliations, and email addresses go here, like this: +Ed Goggin \\ +{\itshape Your affiliation}\\ +{\ttfamily\normalsize your-address@example.com}\\ +% \and +% Bob \\ +% {\itshape Bob's affiliation.}\\ +% {\ttfamily\normalsize bob@example.com}\\ +} % end author section + +\maketitle + +\begin{abstract} +% Article abstract goes here. +\input{goggin-abstract.tex} +\end{abstract} + +% Body of your article goes here. You are mostly unrestricted in what +% LaTeX features you can use; however, the following will not work: +% \thispagestyle +% \marginpar +% table of contents +% list of figures / tables +% glossaries +% indices + +\end{document} + diff --git a/2005/flow-accounting-ols2005/OLS2005/goyal/Makefile.inc b/2005/flow-accounting-ols2005/OLS2005/goyal/Makefile.inc new file mode 100644 index 0000000..da9f2f4 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/goyal/Makefile.inc @@ -0,0 +1,7 @@ +PAPERS += goyal/goyal.dvi + +## Add any additional .tex or .eps files below: +goyal/goyal.dvi goyal/goyal-proc.dvi: \ + goyal/goyal.tex \ + goyal/goyal-abstract.tex + diff --git a/2005/flow-accounting-ols2005/OLS2005/goyal/goyal-abstract.tex b/2005/flow-accounting-ols2005/OLS2005/goyal/goyal-abstract.tex new file mode 100644 index 0000000..a396e49 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/goyal/goyal-abstract.tex @@ -0,0 +1,30 @@ + +% Registration Kdump, A Kexec based kernel crash dumping +% mechanism +% Vivek Goyal (vgoyal@in.ibm.com) + +Kdump is a kexec-based kernel crash dumping +mechanism, which is being perceived as a +reliable crash dumping solution for Linux. In +this paper we discuss what kexec is and what +it can do in general case. Kexec has been +modified to boot a new kernel even in a system +crash event. This paper includes the details +about the changes made in kexec to handle the +panic situations. Given the fact that kexec +enables booting into a new kernel while +preserving the memory contents in a crash +scenario, kdump uses this feature to capture +the kernel crash dump. Physical memory layout +and processor state are encoded in ELF Core +format and these headers are stored in a +reserved section of memory. Upon a crash, new +kernel boots up from reserved memory and +provides a platform to retrieve stored elf +headers and capture the crash dump. We briefly +discuss elf core header creation and dump +capture mechanism and also detail how to +configure and use kdump feature. + + + diff --git a/2005/flow-accounting-ols2005/OLS2005/goyal/goyal.tex b/2005/flow-accounting-ols2005/OLS2005/goyal/goyal.tex new file mode 100644 index 0000000..08e506f --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/goyal/goyal.tex @@ -0,0 +1,100 @@ +% The file must begin with this \documentclass declaration. You can +% give one of three different options which control how picky LaTeX +% is when typesetting: +% +% galley - All ``this doesn't fit'' warnings are suppressed, and +% references are disabled (the key will be printed as a +% reminder). Use this mode while writing. +% +% proof - All ``this doesn't fit'' warnings are active, as are +% references. Overfull hboxes make ugly black blobs in +% the margin. Use this mode to tidy up formatting after +% you're done writing. (Same as article's ``draft'' mode.) +% +% final - As proof, but the ugly black blobs are turned off. Use +% this to render PDFs or PostScript to give to other people, +% when you're completely done. (As with article, this is the +% default.) +% +% You can also use the leqno, fleqn, or openbib options to article.cls +% if you wish. None of article's other options will work. + +%%% +%%% PLEASE CHANGE 'galley' to 'final' BEFORE SUBMITTING. THANKS! +%%% (to submit: "make clean" in the toplevel directory; tar and gzip *only* your directory; +%%% email the gzipped tarball to papers@linuxsymposium.org.) +%%% +\documentclass[galley]{ols} + +% These two packages allow easy handling of urls and identifiers per the example paper. +\usepackage{url} +\usepackage{zrl} + +% The following package is not required, but is a handy way to put PDF and EPS graphics +% into your paper using the \includegraphics command. +\ifpdf +\usepackage[pdftex]{graphicx} +\else +\usepackage{graphicx} +\fi + + +% Here in the preamble, you may load additional packages, or +% define whatever macros you like, with the following exceptions: +% +% - Do not mess with the page layout, either by hand or with packages +% (e.g., typearea, geometry). +% - Do not change the principal fonts, either by hand or with packages. +% - Do not use \pagestyle, or load any page header-related packages. +% - Do not redefine any commands having to do with article titles. +% - If you are using something that is not part of the standard +% tetex-2 distribution, please make a note of whether it's on CTAN, +% or include a copy with your submission. +% + +\begin{document} + +% Mandatory: article title specification. +% Do not put line breaks or other clever formatting in \title or +% \shortauthor; these are moving arguments. + +\title{Kdump, A Kexec-based kernel crash dumping mechanism} +\subtitle{ } % Subtitle is optional. +\date{} % You can put a fixed date in if you wish, + % allow LaTeX to use the date of typesetting, + % or use \date{} to have no date at all. + % Whatever you do, there will not be a date + % shown in the proceedings. + +\shortauthor{Vivek Goyal} % Just you and your coauthors' names. +% for example, \shortauthor{A.N.\ Author and A.\ Nother} +% or perchance \shortauthor{Smith, Jones, Black, White, Gray, \& Greene} + +\author{% Authors, affiliations, and email addresses go here, like this: +Vivek Goyal \\ +{\itshape Your affiliation}\\ +{\ttfamily\normalsize your-address@example.com}\\ +% \and +% Bob \\ +% {\itshape Bob's affiliation.}\\ +% {\ttfamily\normalsize bob@example.com}\\ +} % end author section + +\maketitle + +\begin{abstract} +% Article abstract goes here. +\input{goyal-abstract.tex} +\end{abstract} + +% Body of your article goes here. You are mostly unrestricted in what +% LaTeX features you can use; however, the following will not work: +% \thispagestyle +% \marginpar +% table of contents +% list of figures / tables +% glossaries +% indices + +\end{document} + diff --git a/2005/flow-accounting-ols2005/OLS2005/griffin/Makefile.inc b/2005/flow-accounting-ols2005/OLS2005/griffin/Makefile.inc new file mode 100644 index 0000000..f9ad2c8 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/griffin/Makefile.inc @@ -0,0 +1,7 @@ +PAPERS += griffin/griffin.dvi + +## Add any additional .tex or .eps files below: +griffin/griffin.dvi griffin/griffin-proc.dvi: \ + griffin/griffin.tex \ + griffin/griffin-abstract.tex + diff --git a/2005/flow-accounting-ols2005/OLS2005/griffin/griffin-abstract.tex b/2005/flow-accounting-ols2005/OLS2005/griffin/griffin-abstract.tex new file mode 100644 index 0000000..0413d50 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/griffin/griffin-abstract.tex @@ -0,0 +1,20 @@ + +% Registration Paper Introducing the new Novell Linux Kernel Debugger +% (NLKD) +% Proposal Clyde Griffin (clyde.griffin@novell.com) + +In this paper we introduce the architecture and +features of the new Novell Linux Kernel Debugger +(NLKD). We start with a general introduction to NLKD +and discuss the motivations behind this effort. Next we +discuss the architecture of NLKD at a high level and +introduce the key components of NLKD, which include the +Core Debug Engine (CDE) and two debug agents referred +to as the Console Debug Agent (CDA) and the Remote +Debug Agent (RDA). We discuss in some detail the state +machine logic at the heart of CDE and the interactions +between it and the debug agents. Next we discuss the +functionality and features of CDA and the transports +supported by RDA. Finally, we describe the extensible +and pluggable nature of NLKD's architecture. + diff --git a/2005/flow-accounting-ols2005/OLS2005/griffin/griffin.tex b/2005/flow-accounting-ols2005/OLS2005/griffin/griffin.tex new file mode 100644 index 0000000..c51551c --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/griffin/griffin.tex @@ -0,0 +1,100 @@ +% The file must begin with this \documentclass declaration. You can +% give one of three different options which control how picky LaTeX +% is when typesetting: +% +% galley - All ``this doesn't fit'' warnings are suppressed, and +% references are disabled (the key will be printed as a +% reminder). Use this mode while writing. +% +% proof - All ``this doesn't fit'' warnings are active, as are +% references. Overfull hboxes make ugly black blobs in +% the margin. Use this mode to tidy up formatting after +% you're done writing. (Same as article's ``draft'' mode.) +% +% final - As proof, but the ugly black blobs are turned off. Use +% this to render PDFs or PostScript to give to other people, +% when you're completely done. (As with article, this is the +% default.) +% +% You can also use the leqno, fleqn, or openbib options to article.cls +% if you wish. None of article's other options will work. + +%%% +%%% PLEASE CHANGE 'galley' to 'final' BEFORE SUBMITTING. THANKS! +%%% (to submit: "make clean" in the toplevel directory; tar and gzip *only* your directory; +%%% email the gzipped tarball to papers@linuxsymposium.org.) +%%% +\documentclass[galley]{ols} + +% These two packages allow easy handling of urls and identifiers per the example paper. +\usepackage{url} +\usepackage{zrl} + +% The following package is not required, but is a handy way to put PDF and EPS graphics +% into your paper using the \includegraphics command. +\ifpdf +\usepackage[pdftex]{graphicx} +\else +\usepackage{graphicx} +\fi + + +% Here in the preamble, you may load additional packages, or +% define whatever macros you like, with the following exceptions: +% +% - Do not mess with the page layout, either by hand or with packages +% (e.g., typearea, geometry). +% - Do not change the principal fonts, either by hand or with packages. +% - Do not use \pagestyle, or load any page header-related packages. +% - Do not redefine any commands having to do with article titles. +% - If you are using something that is not part of the standard +% tetex-2 distribution, please make a note of whether it's on CTAN, +% or include a copy with your submission. +% + +\begin{document} + +% Mandatory: article title specification. +% Do not put line breaks or other clever formatting in \title or +% \shortauthor; these are moving arguments. + +\title{Introducing the new Novell Linux Kernel Debugger, NLKD} +\subtitle{ } % Subtitle is optional. +\date{} % You can put a fixed date in if you wish, + % allow LaTeX to use the date of typesetting, + % or use \date{} to have no date at all. + % Whatever you do, there will not be a date + % shown in the proceedings. + +\shortauthor{Clyde Griffin} % Just you and your coauthors' names. +% for example, \shortauthor{A.N.\ Author and A.\ Nother} +% or perchance \shortauthor{Smith, Jones, Black, White, Gray, \& Greene} + +\author{% Authors, affiliations, and email addresses go here, like this: +Clyde Griffin \\ +{\itshape Your affiliation}\\ +{\ttfamily\normalsize your-address@example.com}\\ +% \and +% Bob \\ +% {\itshape Bob's affiliation.}\\ +% {\ttfamily\normalsize bob@example.com}\\ +} % end author section + +\maketitle + +\begin{abstract} +% Article abstract goes here. +\input{griffin-abstract.tex} +\end{abstract} + +% Body of your article goes here. You are mostly unrestricted in what +% LaTeX features you can use; however, the following will not work: +% \thispagestyle +% \marginpar +% table of contents +% list of figures / tables +% glossaries +% indices + +\end{document} + diff --git a/2005/flow-accounting-ols2005/OLS2005/grossman/Makefile.inc b/2005/flow-accounting-ols2005/OLS2005/grossman/Makefile.inc new file mode 100644 index 0000000..2ecc116 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/grossman/Makefile.inc @@ -0,0 +1,7 @@ +PAPERS += grossman/grossman.dvi + +## Add any additional .tex or .eps files below: +grossman/grossman.dvi grossman/grossman-proc.dvi: \ + grossman/grossman.tex \ + grossman/grossman-abstract.tex + diff --git a/2005/flow-accounting-ols2005/OLS2005/grossman/grossman-abstract.tex b/2005/flow-accounting-ols2005/OLS2005/grossman/grossman-abstract.tex new file mode 100644 index 0000000..dbbeb54 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/grossman/grossman-abstract.tex @@ -0,0 +1,31 @@ + +% Registration Large Receive Offload implementation in +% Neterion 10GbE Ethernet driver +% Leonid Grossman (leonid@neterion.com) + +The benefits of Transmit Side Offload (TSO) +implementation in Ethernet ASICs and device +drivers are well known. TSO is a \textit{de facto} +standard in 2.6 Linux kernel and provides +significant reduction in \%cpu utilization, +especially with 1500 MTU. On a cpu-bound +system, these cycles translate into dramatic +throughput increase. Unlike TOE, stateless +offloads do not break the Linux stack and do +not introduce security and support issues. +Stateless offload benefits are especially +apparent at 10 Gigabit rates. 10GbE sender +with TSO hardware support uses a fraction of a +single cpu to run at line rate, leaving plenty +of cycles for applications. On the receiver +side, the Linux stack presently does not have +a stateless offload similar to TSO. Receiver +\%cpu typically becomes a bottleneck that +prevents 10GbE adapters from reaching line +rate with 1500 mtu. Neterion hw/sw Large +Receive Offload (LRO) solution was designed to +address this bottleneck and further reduce TCP +processing overhead on the receiver. Both +design and performance results will be +presented. + diff --git a/2005/flow-accounting-ols2005/OLS2005/grossman/grossman.tex b/2005/flow-accounting-ols2005/OLS2005/grossman/grossman.tex new file mode 100644 index 0000000..db06be4 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/grossman/grossman.tex @@ -0,0 +1,100 @@ +% The file must begin with this \documentclass declaration. You can +% give one of three different options which control how picky LaTeX +% is when typesetting: +% +% galley - All ``this doesn't fit'' warnings are suppressed, and +% references are disabled (the key will be printed as a +% reminder). Use this mode while writing. +% +% proof - All ``this doesn't fit'' warnings are active, as are +% references. Overfull hboxes make ugly black blobs in +% the margin. Use this mode to tidy up formatting after +% you're done writing. (Same as article's ``draft'' mode.) +% +% final - As proof, but the ugly black blobs are turned off. Use +% this to render PDFs or PostScript to give to other people, +% when you're completely done. (As with article, this is the +% default.) +% +% You can also use the leqno, fleqn, or openbib options to article.cls +% if you wish. None of article's other options will work. + +%%% +%%% PLEASE CHANGE 'galley' to 'final' BEFORE SUBMITTING. THANKS! +%%% (to submit: "make clean" in the toplevel directory; tar and gzip *only* your directory; +%%% email the gzipped tarball to papers@linuxsymposium.org.) +%%% +\documentclass[galley]{ols} + +% These two packages allow easy handling of urls and identifiers per the example paper. +\usepackage{url} +\usepackage{zrl} + +% The following package is not required, but is a handy way to put PDF and EPS graphics +% into your paper using the \includegraphics command. +\ifpdf +\usepackage[pdftex]{graphicx} +\else +\usepackage{graphicx} +\fi + + +% Here in the preamble, you may load additional packages, or +% define whatever macros you like, with the following exceptions: +% +% - Do not mess with the page layout, either by hand or with packages +% (e.g., typearea, geometry). +% - Do not change the principal fonts, either by hand or with packages. +% - Do not use \pagestyle, or load any page header-related packages. +% - Do not redefine any commands having to do with article titles. +% - If you are using something that is not part of the standard +% tetex-2 distribution, please make a note of whether it's on CTAN, +% or include a copy with your submission. +% + +\begin{document} + +% Mandatory: article title specification. +% Do not put line breaks or other clever formatting in \title or +% \shortauthor; these are moving arguments. + +\title{Large Receive Offload implementation in Neterion 10GbE Ethernet driver} +\subtitle{ } % Subtitle is optional. +\date{} % You can put a fixed date in if you wish, + % allow LaTeX to use the date of typesetting, + % or use \date{} to have no date at all. + % Whatever you do, there will not be a date + % shown in the proceedings. + +\shortauthor{Leonid Grossman} % Just you and your coauthors' names. +% for example, \shortauthor{A.N.\ Author and A.\ Nother} +% or perchance \shortauthor{Smith, Jones, Black, White, Gray, \& Greene} + +\author{% Authors, affiliations, and email addresses go here, like this: +Leonid Grossman \\ +{\itshape Your affiliation}\\ +{\ttfamily\normalsize your-address@example.com}\\ +% \and +% Bob \\ +% {\itshape Bob's affiliation.}\\ +% {\ttfamily\normalsize bob@example.com}\\ +} % end author section + +\maketitle + +\begin{abstract} +% Article abstract goes here. +\input{grossman-abstract.tex} +\end{abstract} + +% Body of your article goes here. You are mostly unrestricted in what +% LaTeX features you can use; however, the following will not work: +% \thispagestyle +% \marginpar +% table of contents +% list of figures / tables +% glossaries +% indices + +\end{document} + diff --git a/2005/flow-accounting-ols2005/OLS2005/halcrow/Makefile.inc b/2005/flow-accounting-ols2005/OLS2005/halcrow/Makefile.inc new file mode 100644 index 0000000..3947ae4 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/halcrow/Makefile.inc @@ -0,0 +1,7 @@ +PAPERS += halcrow/halcrow.dvi + +## Add any additional .tex or .eps files below: +halcrow/halcrow.dvi halcrow/halcrow-proc.dvi: \ + halcrow/halcrow.tex \ + halcrow/halcrow-abstract.tex + diff --git a/2005/flow-accounting-ols2005/OLS2005/halcrow/halcrow-abstract.tex b/2005/flow-accounting-ols2005/OLS2005/halcrow/halcrow-abstract.tex new file mode 100644 index 0000000..a56d2b3 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/halcrow/halcrow-abstract.tex @@ -0,0 +1,19 @@ + +% Registration eCryptfs: An Enterprise-class Encrypted Filesystem for +% Linux +% Proposal Michael Austin Halcrow (linuxsymposium.org@halcrow.us) + +eCryptfs is a cryptographic filesystem for Linux that +stacks on top of existing filesystems. It provides +functionality similar to that of GnuPG, only the +process of encrypting and decrypting the data is done +transparently from the perspective of the application. +eCryptfs leverages the recently introduced Linux kernel +keyring service, the kernel cryptographic API, the +Linux Pluggable Authentication Modules (PAM) framework, +OpenSSL, the Trusted Platform Module (TPM), and the +GnuPG keyring in order to make the process of key and +authentication token management seamless to the end +user. + + diff --git a/2005/flow-accounting-ols2005/OLS2005/halcrow/halcrow.tex b/2005/flow-accounting-ols2005/OLS2005/halcrow/halcrow.tex new file mode 100644 index 0000000..561c141 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/halcrow/halcrow.tex @@ -0,0 +1,100 @@ +% The file must begin with this \documentclass declaration. You can +% give one of three different options which control how picky LaTeX +% is when typesetting: +% +% galley - All ``this doesn't fit'' warnings are suppressed, and +% references are disabled (the key will be printed as a +% reminder). Use this mode while writing. +% +% proof - All ``this doesn't fit'' warnings are active, as are +% references. Overfull hboxes make ugly black blobs in +% the margin. Use this mode to tidy up formatting after +% you're done writing. (Same as article's ``draft'' mode.) +% +% final - As proof, but the ugly black blobs are turned off. Use +% this to render PDFs or PostScript to give to other people, +% when you're completely done. (As with article, this is the +% default.) +% +% You can also use the leqno, fleqn, or openbib options to article.cls +% if you wish. None of article's other options will work. + +%%% +%%% PLEASE CHANGE 'galley' to 'final' BEFORE SUBMITTING. THANKS! +%%% (to submit: "make clean" in the toplevel directory; tar and gzip *only* your directory; +%%% email the gzipped tarball to papers@linuxsymposium.org.) +%%% +\documentclass[galley]{ols} + +% These two packages allow easy handling of urls and identifiers per the example paper. +\usepackage{url} +\usepackage{zrl} + +% The following package is not required, but is a handy way to put PDF and EPS graphics +% into your paper using the \includegraphics command. +\ifpdf +\usepackage[pdftex]{graphicx} +\else +\usepackage{graphicx} +\fi + + +% Here in the preamble, you may load additional packages, or +% define whatever macros you like, with the following exceptions: +% +% - Do not mess with the page layout, either by hand or with packages +% (e.g., typearea, geometry). +% - Do not change the principal fonts, either by hand or with packages. +% - Do not use \pagestyle, or load any page header-related packages. +% - Do not redefine any commands having to do with article titles. +% - If you are using something that is not part of the standard +% tetex-2 distribution, please make a note of whether it's on CTAN, +% or include a copy with your submission. +% + +\begin{document} + +% Mandatory: article title specification. +% Do not put line breaks or other clever formatting in \title or +% \shortauthor; these are moving arguments. + +\title{eCryptfs: An Enterprise-class Encrypted Filesystem for Linux} +\subtitle{ } % Subtitle is optional. +\date{} % You can put a fixed date in if you wish, + % allow LaTeX to use the date of typesetting, + % or use \date{} to have no date at all. + % Whatever you do, there will not be a date + % shown in the proceedings. + +\shortauthor{Michael Austin Halcrow} % Just you and your coauthors' names. +% for example, \shortauthor{A.N.\ Author and A.\ Nother} +% or perchance \shortauthor{Smith, Jones, Black, White, Gray, \& Greene} + +\author{% Authors, affiliations, and email addresses go here, like this: +Michael Austin Halcrow \\ +{\itshape Your affiliation}\\ +{\ttfamily\normalsize your-address@example.com}\\ +% \and +% Bob \\ +% {\itshape Bob's affiliation.}\\ +% {\ttfamily\normalsize bob@example.com}\\ +} % end author section + +\maketitle + +\begin{abstract} +% Article abstract goes here. +\input{halcrow-abstract.tex} +\end{abstract} + +% Body of your article goes here. You are mostly unrestricted in what +% LaTeX features you can use; however, the following will not work: +% \thispagestyle +% \marginpar +% table of contents +% list of figures / tables +% glossaries +% indices + +\end{document} + diff --git a/2005/flow-accounting-ols2005/OLS2005/hart/Makefile.inc b/2005/flow-accounting-ols2005/OLS2005/hart/Makefile.inc new file mode 100644 index 0000000..409bed7 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/hart/Makefile.inc @@ -0,0 +1,7 @@ +PAPERS += hart/hart.dvi + +## Add any additional .tex or .eps files below: +hart/hart.dvi hart/hart-proc.dvi: \ + hart/hart.tex \ + hart/hart-abstract.tex + diff --git a/2005/flow-accounting-ols2005/OLS2005/hart/hart-abstract.tex b/2005/flow-accounting-ols2005/OLS2005/hart/hart-abstract.tex new file mode 100644 index 0000000..a79cb2e --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/hart/hart-abstract.tex @@ -0,0 +1,21 @@ + +% Registration We're not getting any younger +% [2]Register/Submit Proposal Darren Vincent Hart (dvhltc@us.ibm.com) + +The Linux time subsystem, which once provided +only tick granularity via a simple periodic +addition to xtime, now must provide nanosecond +resolution. As more and more unique +timekeeping hardware becomes available, and as +virtualization and low-latency demands grow, +the complexity of maintenance and bug +resolution increases. + +This paper explores the requirements of a +modern timing system, encompassing both +time-keeping and hard and soft timers. We +propose a new infrastructure to elegantly meet +those needs and discuss how kernel interfaces +can best be modified to use human-time units. + + diff --git a/2005/flow-accounting-ols2005/OLS2005/hart/hart.tex b/2005/flow-accounting-ols2005/OLS2005/hart/hart.tex new file mode 100644 index 0000000..7ea94c7 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/hart/hart.tex @@ -0,0 +1,100 @@ +% The file must begin with this \documentclass declaration. You can +% give one of three different options which control how picky LaTeX +% is when typesetting: +% +% galley - All ``this doesn't fit'' warnings are suppressed, and +% references are disabled (the key will be printed as a +% reminder). Use this mode while writing. +% +% proof - All ``this doesn't fit'' warnings are active, as are +% references. Overfull hboxes make ugly black blobs in +% the margin. Use this mode to tidy up formatting after +% you're done writing. (Same as article's ``draft'' mode.) +% +% final - As proof, but the ugly black blobs are turned off. Use +% this to render PDFs or PostScript to give to other people, +% when you're completely done. (As with article, this is the +% default.) +% +% You can also use the leqno, fleqn, or openbib options to article.cls +% if you wish. None of article's other options will work. + +%%% +%%% PLEASE CHANGE 'galley' to 'final' BEFORE SUBMITTING. THANKS! +%%% (to submit: "make clean" in the toplevel directory; tar and gzip *only* your directory; +%%% email the gzipped tarball to papers@linuxsymposium.org.) +%%% +\documentclass[galley]{ols} + +% These two packages allow easy handling of urls and identifiers per the example paper. +\usepackage{url} +\usepackage{zrl} + +% The following package is not required, but is a handy way to put PDF and EPS graphics +% into your paper using the \includegraphics command. +\ifpdf +\usepackage[pdftex]{graphicx} +\else +\usepackage{graphicx} +\fi + + +% Here in the preamble, you may load additional packages, or +% define whatever macros you like, with the following exceptions: +% +% - Do not mess with the page layout, either by hand or with packages +% (e.g., typearea, geometry). +% - Do not change the principal fonts, either by hand or with packages. +% - Do not use \pagestyle, or load any page header-related packages. +% - Do not redefine any commands having to do with article titles. +% - If you are using something that is not part of the standard +% tetex-2 distribution, please make a note of whether it's on CTAN, +% or include a copy with your submission. +% + +\begin{document} + +% Mandatory: article title specification. +% Do not put line breaks or other clever formatting in \title or +% \shortauthor; these are moving arguments. + +\title{We are not getting any younger} +\subtitle{ } % Subtitle is optional. +\date{} % You can put a fixed date in if you wish, + % allow LaTeX to use the date of typesetting, + % or use \date{} to have no date at all. + % Whatever you do, there will not be a date + % shown in the proceedings. + +\shortauthor{Darren Vincent Hart} % Just you and your coauthors' names. +% for example, \shortauthor{A.N.\ Author and A.\ Nother} +% or perchance \shortauthor{Smith, Jones, Black, White, Gray, \& Greene} + +\author{% Authors, affiliations, and email addresses go here, like this: +Darren Vincent Hart \\ +{\itshape Your affiliation}\\ +{\ttfamily\normalsize your-address@example.com}\\ +% \and +% Bob \\ +% {\itshape Bob's affiliation.}\\ +% {\ttfamily\normalsize bob@example.com}\\ +} % end author section + +\maketitle + +\begin{abstract} +% Article abstract goes here. +\input{hart-abstract.tex} +\end{abstract} + +% Body of your article goes here. You are mostly unrestricted in what +% LaTeX features you can use; however, the following will not work: +% \thispagestyle +% \marginpar +% table of contents +% list of figures / tables +% glossaries +% indices + +\end{document} + diff --git a/2005/flow-accounting-ols2005/OLS2005/holtje/Makefile.inc b/2005/flow-accounting-ols2005/OLS2005/holtje/Makefile.inc new file mode 100644 index 0000000..9bdd6ab --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/holtje/Makefile.inc @@ -0,0 +1,7 @@ +PAPERS += holtje/holtje.dvi + +## Add any additional .tex or .eps files below: +holtje/holtje.dvi holtje/holtje-proc.dvi: \ + holtje/holtje.tex \ + holtje/holtje-abstract.tex + diff --git a/2005/flow-accounting-ols2005/OLS2005/holtje/holtje-abstract.tex b/2005/flow-accounting-ols2005/OLS2005/holtje/holtje-abstract.tex new file mode 100644 index 0000000..381df59 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/holtje/holtje-abstract.tex @@ -0,0 +1,25 @@ + +% Registration Automated BoardFarm: Only Better with Bacon +% [2]Register/Submit Christian Holtje (christian.holtje@timesys.com) + +In this presentation, we will introduce the concept of +a BoardFarm, a tool to aid in the development and +support of embedded systems. Timesys had an opportunity +to save time and energy that was being spent juggling a +limited number of embedded boards among our developers, +customers, and support staff who are spread throughout +the world. We decided to build a system to provide +remote access to the boards and to automate many of the +tedious tasks such as running tests, booting the boards +and installing software including the operating +systems, board support packages and toolchains. This +allows the developers and support gurus at Timesys to +concentrate on the problem at hand instead of how each +board boots or how a specific board needs to be set up. + +We will talk about why the BoardFarm was built, how to +use it, how it works, and what it's being used for. We +will also talk about ideas that we have for future +improvements. Pigs were harmed in the making of this +BoardFarm and were delicious. + diff --git a/2005/flow-accounting-ols2005/OLS2005/holtje/holtje.tex b/2005/flow-accounting-ols2005/OLS2005/holtje/holtje.tex new file mode 100644 index 0000000..43da096 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/holtje/holtje.tex @@ -0,0 +1,100 @@ +% The file must begin with this \documentclass declaration. You can +% give one of three different options which control how picky LaTeX +% is when typesetting: +% +% galley - All ``this doesn't fit'' warnings are suppressed, and +% references are disabled (the key will be printed as a +% reminder). Use this mode while writing. +% +% proof - All ``this doesn't fit'' warnings are active, as are +% references. Overfull hboxes make ugly black blobs in +% the margin. Use this mode to tidy up formatting after +% you're done writing. (Same as article's ``draft'' mode.) +% +% final - As proof, but the ugly black blobs are turned off. Use +% this to render PDFs or PostScript to give to other people, +% when you're completely done. (As with article, this is the +% default.) +% +% You can also use the leqno, fleqn, or openbib options to article.cls +% if you wish. None of article's other options will work. + +%%% +%%% PLEASE CHANGE 'galley' to 'final' BEFORE SUBMITTING. THANKS! +%%% (to submit: "make clean" in the toplevel directory; tar and gzip *only* your directory; +%%% email the gzipped tarball to papers@linuxsymposium.org.) +%%% +\documentclass[galley]{ols} + +% These two packages allow easy handling of urls and identifiers per the example paper. +\usepackage{url} +\usepackage{zrl} + +% The following package is not required, but is a handy way to put PDF and EPS graphics +% into your paper using the \includegraphics command. +\ifpdf +\usepackage[pdftex]{graphicx} +\else +\usepackage{graphicx} +\fi + + +% Here in the preamble, you may load additional packages, or +% define whatever macros you like, with the following exceptions: +% +% - Do not mess with the page layout, either by hand or with packages +% (e.g., typearea, geometry). +% - Do not change the principal fonts, either by hand or with packages. +% - Do not use \pagestyle, or load any page header-related packages. +% - Do not redefine any commands having to do with article titles. +% - If you are using something that is not part of the standard +% tetex-2 distribution, please make a note of whether it's on CTAN, +% or include a copy with your submission. +% + +\begin{document} + +% Mandatory: article title specification. +% Do not put line breaks or other clever formatting in \title or +% \shortauthor; these are moving arguments. + +\title{Automated BoardFarm: Only Better with Bacon} +\subtitle{ } % Subtitle is optional. +\date{} % You can put a fixed date in if you wish, + % allow LaTeX to use the date of typesetting, + % or use \date{} to have no date at all. + % Whatever you do, there will not be a date + % shown in the proceedings. + +\shortauthor{Christian Holtje} % Just you and your coauthors' names. +% for example, \shortauthor{A.N.\ Author and A.\ Nother} +% or perchance \shortauthor{Smith, Jones, Black, White, Gray, \& Greene} + +\author{% Authors, affiliations, and email addresses go here, like this: +Christian Holtje \\ +{\itshape Your affiliation}\\ +{\ttfamily\normalsize your-address@example.com}\\ +% \and +% Bob \\ +% {\itshape Bob's affiliation.}\\ +% {\ttfamily\normalsize bob@example.com}\\ +} % end author section + +\maketitle + +\begin{abstract} +% Article abstract goes here. +\input{holtje-abstract.tex} +\end{abstract} + +% Body of your article goes here. You are mostly unrestricted in what +% LaTeX features you can use; however, the following will not work: +% \thispagestyle +% \marginpar +% table of contents +% list of figures / tables +% glossaries +% indices + +\end{document} + diff --git a/2005/flow-accounting-ols2005/OLS2005/holtmann/Makefile.inc b/2005/flow-accounting-ols2005/OLS2005/holtmann/Makefile.inc new file mode 100644 index 0000000..a81f54c --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/holtmann/Makefile.inc @@ -0,0 +1,7 @@ +PAPERS += holtmann/holtmann.dvi + +## Add any additional .tex or .eps files below: +holtmann/holtmann.dvi holtmann/holtmann-proc.dvi: \ + holtmann/holtmann.tex \ + holtmann/holtmann-abstract.tex + diff --git a/2005/flow-accounting-ols2005/OLS2005/holtmann/holtmann-abstract.tex b/2005/flow-accounting-ols2005/OLS2005/holtmann/holtmann-abstract.tex new file mode 100644 index 0000000..bf76c7c --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/holtmann/holtmann-abstract.tex @@ -0,0 +1,26 @@ + +% Registration The BlueZ towards a wireless world of penguins +% [2]Register/Submit Proposal Marcel Holtmann (marcel@holtmann.org) + +The Bluetooth wireless technology is getting +more and more attention. There are a lot of +devices available and most of them are working +perfect with Linux, because Linux has the +BlueZ. This is the codename of the official +Bluetooth protocol stack for Linux and since +its announcement on May, 3rd 2001 many things +have been improved. Now it is possible to use +Bluetooth for simple cable free serial +connections, dialup networks, TCP/IP networks, +ISDN networks, human interface devices, +printing, imaging, file transfers, contact and +calendar synchronization etc. All these +services are designed to integrate seamlessly +into existing and established parts of Linux, +like the kernel TTY layer, the network +subsystem, the CUPS printing architecture, the +OpenOBEX library and so on. This talk will +explain the architecture of BlueZ and +demonstrate its easy usability. + + diff --git a/2005/flow-accounting-ols2005/OLS2005/holtmann/holtmann.tex b/2005/flow-accounting-ols2005/OLS2005/holtmann/holtmann.tex new file mode 100644 index 0000000..e9e8ef2 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/holtmann/holtmann.tex @@ -0,0 +1,100 @@ +% The file must begin with this \documentclass declaration. You can +% give one of three different options which control how picky LaTeX +% is when typesetting: +% +% galley - All ``this doesn't fit'' warnings are suppressed, and +% references are disabled (the key will be printed as a +% reminder). Use this mode while writing. +% +% proof - All ``this doesn't fit'' warnings are active, as are +% references. Overfull hboxes make ugly black blobs in +% the margin. Use this mode to tidy up formatting after +% you're done writing. (Same as article's ``draft'' mode.) +% +% final - As proof, but the ugly black blobs are turned off. Use +% this to render PDFs or PostScript to give to other people, +% when you're completely done. (As with article, this is the +% default.) +% +% You can also use the leqno, fleqn, or openbib options to article.cls +% if you wish. None of article's other options will work. + +%%% +%%% PLEASE CHANGE 'galley' to 'final' BEFORE SUBMITTING. THANKS! +%%% (to submit: "make clean" in the toplevel directory; tar and gzip *only* your directory; +%%% email the gzipped tarball to papers@linuxsymposium.org.) +%%% +\documentclass[galley]{ols} + +% These two packages allow easy handling of urls and identifiers per the example paper. +\usepackage{url} +\usepackage{zrl} + +% The following package is not required, but is a handy way to put PDF and EPS graphics +% into your paper using the \includegraphics command. +\ifpdf +\usepackage[pdftex]{graphicx} +\else +\usepackage{graphicx} +\fi + + +% Here in the preamble, you may load additional packages, or +% define whatever macros you like, with the following exceptions: +% +% - Do not mess with the page layout, either by hand or with packages +% (e.g., typearea, geometry). +% - Do not change the principal fonts, either by hand or with packages. +% - Do not use \pagestyle, or load any page header-related packages. +% - Do not redefine any commands having to do with article titles. +% - If you are using something that is not part of the standard +% tetex-2 distribution, please make a note of whether it's on CTAN, +% or include a copy with your submission. +% + +\begin{document} + +% Mandatory: article title specification. +% Do not put line breaks or other clever formatting in \title or +% \shortauthor; these are moving arguments. + +\title{The BlueZ towards a wireless world of penguins} +\subtitle{ } % Subtitle is optional. +\date{} % You can put a fixed date in if you wish, + % allow LaTeX to use the date of typesetting, + % or use \date{} to have no date at all. + % Whatever you do, there will not be a date + % shown in the proceedings. + +\shortauthor{Marcel Holtmann} % Just you and your coauthors' names. +% for example, \shortauthor{A.N.\ Author and A.\ Nother} +% or perchance \shortauthor{Smith, Jones, Black, White, Gray, \& Greene} + +\author{% Authors, affiliations, and email addresses go here, like this: +Marcel Holtmann \\ +{\itshape Your affiliation}\\ +{\ttfamily\normalsize your-address@example.com}\\ +% \and +% Bob \\ +% {\itshape Bob's affiliation.}\\ +% {\ttfamily\normalsize bob@example.com}\\ +} % end author section + +\maketitle + +\begin{abstract} +% Article abstract goes here. +\input{holtmann-abstract.tex} +\end{abstract} + +% Body of your article goes here. You are mostly unrestricted in what +% LaTeX features you can use; however, the following will not work: +% \thispagestyle +% \marginpar +% table of contents +% list of figures / tables +% glossaries +% indices + +\end{document} + diff --git a/2005/flow-accounting-ols2005/OLS2005/hubert/Makefile.inc b/2005/flow-accounting-ols2005/OLS2005/hubert/Makefile.inc new file mode 100644 index 0000000..1ab3fdd --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/hubert/Makefile.inc @@ -0,0 +1,7 @@ +PAPERS += hubert/hubert.dvi + +## Add any additional .tex or .eps files below: +hubert/hubert.dvi hubert/hubert-proc.dvi: \ + hubert/hubert.tex \ + hubert/hubert-abstract.tex + diff --git a/2005/flow-accounting-ols2005/OLS2005/hubert/hubert-abstract.tex b/2005/flow-accounting-ols2005/OLS2005/hubert/hubert-abstract.tex new file mode 100644 index 0000000..696a80f --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/hubert/hubert-abstract.tex @@ -0,0 +1,18 @@ + +% Registration On faster application startup times: Cache +% stuffing, seek profiling, adaptive preloading +% bert hubert (ahu@ds9a.nl) + +This paper presents data on current +application start-up pessimizations (on-demand +loading), relevant numbers on real-life +harddisk seek times in a running system +(measured from within the kernel), and shows +and demonstrates possible improvements, both +from userspace and in the kernel. On a side +note, changes to the GNU linker are discussed +which might help. Very preliminary experiments +have already shown a four-fold speedup in +starting FireFox from a cold cache. + + diff --git a/2005/flow-accounting-ols2005/OLS2005/hubert/hubert.tex b/2005/flow-accounting-ols2005/OLS2005/hubert/hubert.tex new file mode 100644 index 0000000..7c16dd8 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/hubert/hubert.tex @@ -0,0 +1,100 @@ +% The file must begin with this \documentclass declaration. You can +% give one of three different options which control how picky LaTeX +% is when typesetting: +% +% galley - All ``this doesn't fit'' warnings are suppressed, and +% references are disabled (the key will be printed as a +% reminder). Use this mode while writing. +% +% proof - All ``this doesn't fit'' warnings are active, as are +% references. Overfull hboxes make ugly black blobs in +% the margin. Use this mode to tidy up formatting after +% you're done writing. (Same as article's ``draft'' mode.) +% +% final - As proof, but the ugly black blobs are turned off. Use +% this to render PDFs or PostScript to give to other people, +% when you're completely done. (As with article, this is the +% default.) +% +% You can also use the leqno, fleqn, or openbib options to article.cls +% if you wish. None of article's other options will work. + +%%% +%%% PLEASE CHANGE 'galley' to 'final' BEFORE SUBMITTING. THANKS! +%%% (to submit: "make clean" in the toplevel directory; tar and gzip *only* your directory; +%%% email the gzipped tarball to papers@linuxsymposium.org.) +%%% +\documentclass[galley]{ols} + +% These two packages allow easy handling of urls and identifiers per the example paper. +\usepackage{url} +\usepackage{zrl} + +% The following package is not required, but is a handy way to put PDF and EPS graphics +% into your paper using the \includegraphics command. +\ifpdf +\usepackage[pdftex]{graphicx} +\else +\usepackage{graphicx} +\fi + + +% Here in the preamble, you may load additional packages, or +% define whatever macros you like, with the following exceptions: +% +% - Do not mess with the page layout, either by hand or with packages +% (e.g., typearea, geometry). +% - Do not change the principal fonts, either by hand or with packages. +% - Do not use \pagestyle, or load any page header-related packages. +% - Do not redefine any commands having to do with article titles. +% - If you are using something that is not part of the standard +% tetex-2 distribution, please make a note of whether it's on CTAN, +% or include a copy with your submission. +% + +\begin{document} + +% Mandatory: article title specification. +% Do not put line breaks or other clever formatting in \title or +% \shortauthor; these are moving arguments. + +\title{On faster application startup times: Cache stuffing, seek profiling, adaptive preloading} +\subtitle{ } % Subtitle is optional. +\date{} % You can put a fixed date in if you wish, + % allow LaTeX to use the date of typesetting, + % or use \date{} to have no date at all. + % Whatever you do, there will not be a date + % shown in the proceedings. + +\shortauthor{bert hubert} % Just you and your coauthors' names. +% for example, \shortauthor{A.N.\ Author and A.\ Nother} +% or perchance \shortauthor{Smith, Jones, Black, White, Gray, \& Greene} + +\author{% Authors, affiliations, and email addresses go here, like this: +bert hubert \\ +{\itshape Your affiliation}\\ +{\ttfamily\normalsize your-address@example.com}\\ +% \and +% Bob \\ +% {\itshape Bob's affiliation.}\\ +% {\ttfamily\normalsize bob@example.com}\\ +} % end author section + +\maketitle + +\begin{abstract} +% Article abstract goes here. +\input{hubert-abstract.tex} +\end{abstract} + +% Body of your article goes here. You are mostly unrestricted in what +% LaTeX features you can use; however, the following will not work: +% \thispagestyle +% \marginpar +% table of contents +% list of figures / tables +% glossaries +% indices + +\end{document} + diff --git a/2005/flow-accounting-ols2005/OLS2005/johnson/Makefile.inc b/2005/flow-accounting-ols2005/OLS2005/johnson/Makefile.inc new file mode 100644 index 0000000..cd8686e --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/johnson/Makefile.inc @@ -0,0 +1,7 @@ +PAPERS += johnson/johnson.dvi + +## Add any additional .tex or .eps files below: +johnson/johnson.dvi johnson/johnson-proc.dvi: \ + johnson/johnson.tex \ + johnson/johnson-abstract.tex + diff --git a/2005/flow-accounting-ols2005/OLS2005/johnson/johnson-abstract.tex b/2005/flow-accounting-ols2005/OLS2005/johnson/johnson-abstract.tex new file mode 100644 index 0000000..d101a4c --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/johnson/johnson-abstract.tex @@ -0,0 +1,22 @@ + +% Registration Building Linux Software with Conary +% [2]Register/Submit Proposal Michael K. Johnson (a1237+ols@danlj.org) + +I will describe best practices in Conary +packaging: avoiding redundancy with package +inheritance and recipe design; implementing +release management using branches, shadows, +labels, and flavors; and designing and writing +dynamic tag handlers. I will describe how +Conary policy prevents common packaging +errors. I will provide examples from our +Specifix Linux distribution, illustrating the +design principles of the Conary build process. +I will then describe the steps needed to +create a new distribution based on the +Specifix Linux distribution, using the +distributed branch and shadow features of +Conary. + + + diff --git a/2005/flow-accounting-ols2005/OLS2005/johnson/johnson.tex b/2005/flow-accounting-ols2005/OLS2005/johnson/johnson.tex new file mode 100644 index 0000000..3efe93c --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/johnson/johnson.tex @@ -0,0 +1,100 @@ +% The file must begin with this \documentclass declaration. You can +% give one of three different options which control how picky LaTeX +% is when typesetting: +% +% galley - All ``this doesn't fit'' warnings are suppressed, and +% references are disabled (the key will be printed as a +% reminder). Use this mode while writing. +% +% proof - All ``this doesn't fit'' warnings are active, as are +% references. Overfull hboxes make ugly black blobs in +% the margin. Use this mode to tidy up formatting after +% you're done writing. (Same as article's ``draft'' mode.) +% +% final - As proof, but the ugly black blobs are turned off. Use +% this to render PDFs or PostScript to give to other people, +% when you're completely done. (As with article, this is the +% default.) +% +% You can also use the leqno, fleqn, or openbib options to article.cls +% if you wish. None of article's other options will work. + +%%% +%%% PLEASE CHANGE 'galley' to 'final' BEFORE SUBMITTING. THANKS! +%%% (to submit: "make clean" in the toplevel directory; tar and gzip *only* your directory; +%%% email the gzipped tarball to papers@linuxsymposium.org.) +%%% +\documentclass[galley]{ols} + +% These two packages allow easy handling of urls and identifiers per the example paper. +\usepackage{url} +\usepackage{zrl} + +% The following package is not required, but is a handy way to put PDF and EPS graphics +% into your paper using the \includegraphics command. +\ifpdf +\usepackage[pdftex]{graphicx} +\else +\usepackage{graphicx} +\fi + + +% Here in the preamble, you may load additional packages, or +% define whatever macros you like, with the following exceptions: +% +% - Do not mess with the page layout, either by hand or with packages +% (e.g., typearea, geometry). +% - Do not change the principal fonts, either by hand or with packages. +% - Do not use \pagestyle, or load any page header-related packages. +% - Do not redefine any commands having to do with article titles. +% - If you are using something that is not part of the standard +% tetex-2 distribution, please make a note of whether it's on CTAN, +% or include a copy with your submission. +% + +\begin{document} + +% Mandatory: article title specification. +% Do not put line breaks or other clever formatting in \title or +% \shortauthor; these are moving arguments. + +\title{Building Linux Software with Conary} +\subtitle{ } % Subtitle is optional. +\date{} % You can put a fixed date in if you wish, + % allow LaTeX to use the date of typesetting, + % or use \date{} to have no date at all. + % Whatever you do, there will not be a date + % shown in the proceedings. + +\shortauthor{Michael K. Johnson} % Just you and your coauthors' names. +% for example, \shortauthor{A.N.\ Author and A.\ Nother} +% or perchance \shortauthor{Smith, Jones, Black, White, Gray, \& Greene} + +\author{% Authors, affiliations, and email addresses go here, like this: +Michael K. Johnson \\ +{\itshape Your affiliation}\\ +{\ttfamily\normalsize your-address@example.com}\\ +% \and +% Bob \\ +% {\itshape Bob's affiliation.}\\ +% {\ttfamily\normalsize bob@example.com}\\ +} % end author section + +\maketitle + +\begin{abstract} +% Article abstract goes here. +\input{johnson-abstract.tex} +\end{abstract} + +% Body of your article goes here. You are mostly unrestricted in what +% LaTeX features you can use; however, the following will not work: +% \thispagestyle +% \marginpar +% table of contents +% list of figures / tables +% glossaries +% indices + +\end{document} + diff --git a/2005/flow-accounting-ols2005/OLS2005/kacur/Makefile.inc b/2005/flow-accounting-ols2005/OLS2005/kacur/Makefile.inc new file mode 100644 index 0000000..887c9d8 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/kacur/Makefile.inc @@ -0,0 +1,7 @@ +PAPERS += kacur/kacur.dvi + +## Add any additional .tex or .eps files below: +kacur/kacur.dvi kacur/kacur-proc.dvi: \ + kacur/kacur.tex \ + kacur/kacur-abstract.tex + diff --git a/2005/flow-accounting-ols2005/OLS2005/kacur/kacur-abstract.tex b/2005/flow-accounting-ols2005/OLS2005/kacur/kacur-abstract.tex new file mode 100644 index 0000000..8c744be --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/kacur/kacur-abstract.tex @@ -0,0 +1,29 @@ + +% Registration Profiling Java on Linux +% [2]Register/Submit Proposal John Kacur (jekacur@ca.ibm.com) + +In this paper, I will examine two profilers. +IBM's Open Source Performance Inspector and +OProfile which contains code that has been +officially accepted into the Linux Kernel. +Currently OProfile doesn't work with programs +that dynamically generate code, such as Python +and Java JITs. Various people have proposed +patches that record events in anonymously +mapped memory regions as raw virtual +addresses, instead of the usual tuple of +binary image and offset. This information can +be postprocessed by matching it with the +output generated by running a Java program +with Performance Inspector's JPROF which uses +JVMPI to record addresses of JITted methods. +In this paper, I will discuss the details of +profiling Java, specifically looking at the +inner workings of OProfile and Performance +Inspector. I will discuss problems that we +have encountered with both tools and our +attempts to resolve them. Finally, I will +demonstrate profiling a java program to show +the kind of information that can be obtained. + + diff --git a/2005/flow-accounting-ols2005/OLS2005/kacur/kacur.tex b/2005/flow-accounting-ols2005/OLS2005/kacur/kacur.tex new file mode 100644 index 0000000..a566ddd --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/kacur/kacur.tex @@ -0,0 +1,100 @@ +% The file must begin with this \documentclass declaration. You can +% give one of three different options which control how picky LaTeX +% is when typesetting: +% +% galley - All ``this doesn't fit'' warnings are suppressed, and +% references are disabled (the key will be printed as a +% reminder). Use this mode while writing. +% +% proof - All ``this doesn't fit'' warnings are active, as are +% references. Overfull hboxes make ugly black blobs in +% the margin. Use this mode to tidy up formatting after +% you're done writing. (Same as article's ``draft'' mode.) +% +% final - As proof, but the ugly black blobs are turned off. Use +% this to render PDFs or PostScript to give to other people, +% when you're completely done. (As with article, this is the +% default.) +% +% You can also use the leqno, fleqn, or openbib options to article.cls +% if you wish. None of article's other options will work. + +%%% +%%% PLEASE CHANGE 'galley' to 'final' BEFORE SUBMITTING. THANKS! +%%% (to submit: "make clean" in the toplevel directory; tar and gzip *only* your directory; +%%% email the gzipped tarball to papers@linuxsymposium.org.) +%%% +\documentclass[galley]{ols} + +% These two packages allow easy handling of urls and identifiers per the example paper. +\usepackage{url} +\usepackage{zrl} + +% The following package is not required, but is a handy way to put PDF and EPS graphics +% into your paper using the \includegraphics command. +\ifpdf +\usepackage[pdftex]{graphicx} +\else +\usepackage{graphicx} +\fi + + +% Here in the preamble, you may load additional packages, or +% define whatever macros you like, with the following exceptions: +% +% - Do not mess with the page layout, either by hand or with packages +% (e.g., typearea, geometry). +% - Do not change the principal fonts, either by hand or with packages. +% - Do not use \pagestyle, or load any page header-related packages. +% - Do not redefine any commands having to do with article titles. +% - If you are using something that is not part of the standard +% tetex-2 distribution, please make a note of whether it's on CTAN, +% or include a copy with your submission. +% + +\begin{document} + +% Mandatory: article title specification. +% Do not put line breaks or other clever formatting in \title or +% \shortauthor; these are moving arguments. + +\title{Profiling Java on Linux} +\subtitle{ } % Subtitle is optional. +\date{} % You can put a fixed date in if you wish, + % allow LaTeX to use the date of typesetting, + % or use \date{} to have no date at all. + % Whatever you do, there will not be a date + % shown in the proceedings. + +\shortauthor{John Kacur} % Just you and your coauthors' names. +% for example, \shortauthor{A.N.\ Author and A.\ Nother} +% or perchance \shortauthor{Smith, Jones, Black, White, Gray, \& Greene} + +\author{% Authors, affiliations, and email addresses go here, like this: +John Kacur \\ +{\itshape Your affiliation}\\ +{\ttfamily\normalsize your-address@example.com}\\ +% \and +% Bob \\ +% {\itshape Bob's affiliation.}\\ +% {\ttfamily\normalsize bob@example.com}\\ +} % end author section + +\maketitle + +\begin{abstract} +% Article abstract goes here. +\input{kacur-abstract.tex} +\end{abstract} + +% Body of your article goes here. You are mostly unrestricted in what +% LaTeX features you can use; however, the following will not work: +% \thispagestyle +% \marginpar +% table of contents +% list of figures / tables +% glossaries +% indices + +\end{document} + diff --git a/2005/flow-accounting-ols2005/OLS2005/larson/Makefile.inc b/2005/flow-accounting-ols2005/OLS2005/larson/Makefile.inc new file mode 100644 index 0000000..2d5ed23 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/larson/Makefile.inc @@ -0,0 +1,7 @@ +PAPERS += larson/larson.dvi + +## Add any additional .tex or .eps files below: +larson/larson.dvi larson/larson-proc.dvi: \ + larson/larson.tex \ + larson/larson-abstract.tex + diff --git a/2005/flow-accounting-ols2005/OLS2005/larson/larson-abstract.tex b/2005/flow-accounting-ols2005/OLS2005/larson/larson-abstract.tex new file mode 100644 index 0000000..4d92382 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/larson/larson-abstract.tex @@ -0,0 +1,20 @@ + +% Registration Testing the Xen Hypervisor and Linux Virtual +% Machines +% Paul Larson (pl@us.ibm.com) + +Xen is an interesting and useful technology +that has made virtualization features normally +found only in high-end systems more widely +available. Such technology, however, demands +stability, since all virtual machines running +on a single system are dependent on its +functioning properly. Our paper will focus on +the methods we are employing to test Xen, and +how it differs from normal Linux testing. We +will also discuss the tests we are using and +creating and the automation tools we are +developing to allow testers and developers +working on Xen to easily run automated tests. + + diff --git a/2005/flow-accounting-ols2005/OLS2005/larson/larson.tex b/2005/flow-accounting-ols2005/OLS2005/larson/larson.tex new file mode 100644 index 0000000..60b0942 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/larson/larson.tex @@ -0,0 +1,100 @@ +% The file must begin with this \documentclass declaration. You can +% give one of three different options which control how picky LaTeX +% is when typesetting: +% +% galley - All ``this doesn't fit'' warnings are suppressed, and +% references are disabled (the key will be printed as a +% reminder). Use this mode while writing. +% +% proof - All ``this doesn't fit'' warnings are active, as are +% references. Overfull hboxes make ugly black blobs in +% the margin. Use this mode to tidy up formatting after +% you're done writing. (Same as article's ``draft'' mode.) +% +% final - As proof, but the ugly black blobs are turned off. Use +% this to render PDFs or PostScript to give to other people, +% when you're completely done. (As with article, this is the +% default.) +% +% You can also use the leqno, fleqn, or openbib options to article.cls +% if you wish. None of article's other options will work. + +%%% +%%% PLEASE CHANGE 'galley' to 'final' BEFORE SUBMITTING. THANKS! +%%% (to submit: "make clean" in the toplevel directory; tar and gzip *only* your directory; +%%% email the gzipped tarball to papers@linuxsymposium.org.) +%%% +\documentclass[galley]{ols} + +% These two packages allow easy handling of urls and identifiers per the example paper. +\usepackage{url} +\usepackage{zrl} + +% The following package is not required, but is a handy way to put PDF and EPS graphics +% into your paper using the \includegraphics command. +\ifpdf +\usepackage[pdftex]{graphicx} +\else +\usepackage{graphicx} +\fi + + +% Here in the preamble, you may load additional packages, or +% define whatever macros you like, with the following exceptions: +% +% - Do not mess with the page layout, either by hand or with packages +% (e.g., typearea, geometry). +% - Do not change the principal fonts, either by hand or with packages. +% - Do not use \pagestyle, or load any page header-related packages. +% - Do not redefine any commands having to do with article titles. +% - If you are using something that is not part of the standard +% tetex-2 distribution, please make a note of whether it's on CTAN, +% or include a copy with your submission. +% + +\begin{document} + +% Mandatory: article title specification. +% Do not put line breaks or other clever formatting in \title or +% \shortauthor; these are moving arguments. + +\title{Testing the Xen Hypervisor and Linux Virtual Machines} +\subtitle{ } % Subtitle is optional. +\date{} % You can put a fixed date in if you wish, + % allow LaTeX to use the date of typesetting, + % or use \date{} to have no date at all. + % Whatever you do, there will not be a date + % shown in the proceedings. + +\shortauthor{Paul Larson} % Just you and your coauthors' names. +% for example, \shortauthor{A.N.\ Author and A.\ Nother} +% or perchance \shortauthor{Smith, Jones, Black, White, Gray, \& Greene} + +\author{% Authors, affiliations, and email addresses go here, like this: +Paul Larson \\ +{\itshape Your affiliation}\\ +{\ttfamily\normalsize your-address@example.com}\\ +% \and +% Bob \\ +% {\itshape Bob's affiliation.}\\ +% {\ttfamily\normalsize bob@example.com}\\ +} % end author section + +\maketitle + +\begin{abstract} +% Article abstract goes here. +\input{larson-abstract.tex} +\end{abstract} + +% Body of your article goes here. You are mostly unrestricted in what +% LaTeX features you can use; however, the following will not work: +% \thispagestyle +% \marginpar +% table of contents +% list of figures / tables +% glossaries +% indices + +\end{document} + diff --git a/2005/flow-accounting-ols2005/OLS2005/leech/Makefile.inc b/2005/flow-accounting-ols2005/OLS2005/leech/Makefile.inc new file mode 100644 index 0000000..a834822 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/leech/Makefile.inc @@ -0,0 +1,7 @@ +PAPERS += leech/leech.dvi + +## Add any additional .tex or .eps files below: +leech/leech.dvi leech/leech-proc.dvi: \ + leech/leech.tex \ + leech/leech-abstract.tex + diff --git a/2005/flow-accounting-ols2005/OLS2005/leech/leech-abstract.tex b/2005/flow-accounting-ols2005/OLS2005/leech/leech-abstract.tex new file mode 100644 index 0000000..75a4470 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/leech/leech-abstract.tex @@ -0,0 +1,21 @@ + +% Registration An Alternative to TOE: Intel I/O Acceleration +% [2]Register/Submit Chris Leech (christopher.leech@intel.com) + +Intel's I/O Acceleration Technology is a combination of +network controller and server chipset features that +achieves increased networking performance, and still +makes use of the OS's native protocol stack. The first +generation of this technology will free up the CPU by +providing an asynchronous, low-cost copy mechanism, and +better CPU scaling via multiple transmit and receive +queues. + +We will be describing the changes we implemented to +support these new capabilities, both to the network +driver and the network stack, as well as other design +choices considered. In addition, we will be presenting +data on the performance impact of each of these +elements, and the cumulative improvement obtained. + + diff --git a/2005/flow-accounting-ols2005/OLS2005/leech/leech.tex b/2005/flow-accounting-ols2005/OLS2005/leech/leech.tex new file mode 100644 index 0000000..e341cac --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/leech/leech.tex @@ -0,0 +1,100 @@ +% The file must begin with this \documentclass declaration. You can +% give one of three different options which control how picky LaTeX +% is when typesetting: +% +% galley - All ``this doesn't fit'' warnings are suppressed, and +% references are disabled (the key will be printed as a +% reminder). Use this mode while writing. +% +% proof - All ``this doesn't fit'' warnings are active, as are +% references. Overfull hboxes make ugly black blobs in +% the margin. Use this mode to tidy up formatting after +% you're done writing. (Same as article's ``draft'' mode.) +% +% final - As proof, but the ugly black blobs are turned off. Use +% this to render PDFs or PostScript to give to other people, +% when you're completely done. (As with article, this is the +% default.) +% +% You can also use the leqno, fleqn, or openbib options to article.cls +% if you wish. None of article's other options will work. + +%%% +%%% PLEASE CHANGE 'galley' to 'final' BEFORE SUBMITTING. THANKS! +%%% (to submit: "make clean" in the toplevel directory; tar and gzip *only* your directory; +%%% email the gzipped tarball to papers@linuxsymposium.org.) +%%% +\documentclass[galley]{ols} + +% These two packages allow easy handling of urls and identifiers per the example paper. +\usepackage{url} +\usepackage{zrl} + +% The following package is not required, but is a handy way to put PDF and EPS graphics +% into your paper using the \includegraphics command. +\ifpdf +\usepackage[pdftex]{graphicx} +\else +\usepackage{graphicx} +\fi + + +% Here in the preamble, you may load additional packages, or +% define whatever macros you like, with the following exceptions: +% +% - Do not mess with the page layout, either by hand or with packages +% (e.g., typearea, geometry). +% - Do not change the principal fonts, either by hand or with packages. +% - Do not use \pagestyle, or load any page header-related packages. +% - Do not redefine any commands having to do with article titles. +% - If you are using something that is not part of the standard +% tetex-2 distribution, please make a note of whether it's on CTAN, +% or include a copy with your submission. +% + +\begin{document} + +% Mandatory: article title specification. +% Do not put line breaks or other clever formatting in \title or +% \shortauthor; these are moving arguments. + +\title{An Alternative to TOE: Intel I/O Acceleration} +\subtitle{ } % Subtitle is optional. +\date{} % You can put a fixed date in if you wish, + % allow LaTeX to use the date of typesetting, + % or use \date{} to have no date at all. + % Whatever you do, there will not be a date + % shown in the proceedings. + +\shortauthor{Chris Leech} % Just you and your coauthors' names. +% for example, \shortauthor{A.N.\ Author and A.\ Nother} +% or perchance \shortauthor{Smith, Jones, Black, White, Gray, \& Greene} + +\author{% Authors, affiliations, and email addresses go here, like this: +Chris Leech \\ +{\itshape Your affiliation}\\ +{\ttfamily\normalsize your-address@example.com}\\ +% \and +% Bob \\ +% {\itshape Bob's affiliation.}\\ +% {\ttfamily\normalsize bob@example.com}\\ +} % end author section + +\maketitle + +\begin{abstract} +% Article abstract goes here. +\input{leech-abstract.tex} +\end{abstract} + +% Body of your article goes here. You are mostly unrestricted in what +% LaTeX features you can use; however, the following will not work: +% \thispagestyle +% \marginpar +% table of contents +% list of figures / tables +% glossaries +% indices + +\end{document} + diff --git a/2005/flow-accounting-ols2005/OLS2005/mauelshagen/Makefile.inc b/2005/flow-accounting-ols2005/OLS2005/mauelshagen/Makefile.inc new file mode 100644 index 0000000..81a4284 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/mauelshagen/Makefile.inc @@ -0,0 +1,7 @@ +PAPERS += mauelshagen/mauelshagen.dvi + +## Add any additional .tex or .eps files below: +mauelshagen/mauelshagen.dvi mauelshagen/mauelshagen-proc.dvi: \ + mauelshagen/mauelshagen.tex \ + mauelshagen/mauelshagen-abstract.tex + diff --git a/2005/flow-accounting-ols2005/OLS2005/mauelshagen/mauelshagen-abstract.tex b/2005/flow-accounting-ols2005/OLS2005/mauelshagen/mauelshagen-abstract.tex new file mode 100644 index 0000000..5bdaa47 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/mauelshagen/mauelshagen-abstract.tex @@ -0,0 +1,51 @@ + +% Registration dmraid - device-mapper RAID tool +% [2]Register/Submit Proposal Heinz Mauelshagen (heinzm@redhat.com) + +Device-mapper, the new Linux 2.6 kernel +generic device-mapping facility, is capable of +mapping block devices in various ways (e.g. +linear, striped, mirrored). The mappings are +implemented in runtime loadable plugins called +mapping targets. + +These mappings can be used to support +arbitrary software RAID solutions on Linux +2.6, such as ATARAID, without the need to have +a special low-level driver as it used to be +with Linux 2.4. This avoids code-redundancy +and reduces error rates. + +Device-mapper runtime mappings (eg, map sector +N of a mapped device onto sector M of another +device) are defined in mapping tables. + +The dmraid application is capable of creating +these for a variety of ATARAID solutions (eg. +Highpoint, NVidia, Promise, VIA). It uses an +abstracted representation of RAID devices and +RAID sets internally to keep properties such +as paths, sizes, offsets into devices and +layout types (e.g., RAID0). RAID sets can be of +arbitrary hierarchical depth in order to +reflect more complex RAID configurations such +as RAID10. + +Because the various vendor specific metadata +formats stored onto ATA devices by the ATARAID +BIOS are all different, metadata format +handlers are used to translate between the +ondisk representation and the internal +abstracted format. + +The mapping tables which need to be loaded +into device-mapper managed devices are derived +from the internal abstracted format. + +My talk will give a device-mapper +architecture/feature overview and elaborate on +the dmraid architecture and how it uses the +device-mapper features to enable access to +ATARAID devices. + + diff --git a/2005/flow-accounting-ols2005/OLS2005/mauelshagen/mauelshagen.tex b/2005/flow-accounting-ols2005/OLS2005/mauelshagen/mauelshagen.tex new file mode 100644 index 0000000..e457e3c --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/mauelshagen/mauelshagen.tex @@ -0,0 +1,100 @@ +% The file must begin with this \documentclass declaration. You can +% give one of three different options which control how picky LaTeX +% is when typesetting: +% +% galley - All ``this doesn't fit'' warnings are suppressed, and +% references are disabled (the key will be printed as a +% reminder). Use this mode while writing. +% +% proof - All ``this doesn't fit'' warnings are active, as are +% references. Overfull hboxes make ugly black blobs in +% the margin. Use this mode to tidy up formatting after +% you're done writing. (Same as article's ``draft'' mode.) +% +% final - As proof, but the ugly black blobs are turned off. Use +% this to render PDFs or PostScript to give to other people, +% when you're completely done. (As with article, this is the +% default.) +% +% You can also use the leqno, fleqn, or openbib options to article.cls +% if you wish. None of article's other options will work. + +%%% +%%% PLEASE CHANGE 'galley' to 'final' BEFORE SUBMITTING. THANKS! +%%% (to submit: "make clean" in the toplevel directory; tar and gzip *only* your directory; +%%% email the gzipped tarball to papers@linuxsymposium.org.) +%%% +\documentclass[galley]{ols} + +% These two packages allow easy handling of urls and identifiers per the example paper. +\usepackage{url} +\usepackage{zrl} + +% The following package is not required, but is a handy way to put PDF and EPS graphics +% into your paper using the \includegraphics command. +\ifpdf +\usepackage[pdftex]{graphicx} +\else +\usepackage{graphicx} +\fi + + +% Here in the preamble, you may load additional packages, or +% define whatever macros you like, with the following exceptions: +% +% - Do not mess with the page layout, either by hand or with packages +% (e.g., typearea, geometry). +% - Do not change the principal fonts, either by hand or with packages. +% - Do not use \pagestyle, or load any page header-related packages. +% - Do not redefine any commands having to do with article titles. +% - If you are using something that is not part of the standard +% tetex-2 distribution, please make a note of whether it's on CTAN, +% or include a copy with your submission. +% + +\begin{document} + +% Mandatory: article title specification. +% Do not put line breaks or other clever formatting in \title or +% \shortauthor; these are moving arguments. + +\title{dmraid - device-mapper RAID tool} +\subtitle{ } % Subtitle is optional. +\date{} % You can put a fixed date in if you wish, + % allow LaTeX to use the date of typesetting, + % or use \date{} to have no date at all. + % Whatever you do, there will not be a date + % shown in the proceedings. + +\shortauthor{Heinz Mauelshagen} % Just you and your coauthors' names. +% for example, \shortauthor{A.N.\ Author and A.\ Nother} +% or perchance \shortauthor{Smith, Jones, Black, White, Gray, \& Greene} + +\author{% Authors, affiliations, and email addresses go here, like this: +Heinz Mauelshagen \\ +{\itshape Your affiliation}\\ +{\ttfamily\normalsize your-address@example.com}\\ +% \and +% Bob \\ +% {\itshape Bob's affiliation.}\\ +% {\ttfamily\normalsize bob@example.com}\\ +} % end author section + +\maketitle + +\begin{abstract} +% Article abstract goes here. +\input{mauelshagen-abstract.tex} +\end{abstract} + +% Body of your article goes here. You are mostly unrestricted in what +% LaTeX features you can use; however, the following will not work: +% \thispagestyle +% \marginpar +% table of contents +% list of figures / tables +% glossaries +% indices + +\end{document} + diff --git a/2005/flow-accounting-ols2005/OLS2005/mcfadden/Makefile.inc b/2005/flow-accounting-ols2005/OLS2005/mcfadden/Makefile.inc new file mode 100644 index 0000000..77c760d --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/mcfadden/Makefile.inc @@ -0,0 +1,7 @@ +PAPERS += mcfadden/mcfadden.dvi + +## Add any additional .tex or .eps files below: +mcfadden/mcfadden.dvi mcfadden/mcfadden-proc.dvi: \ + mcfadden/mcfadden.tex \ + mcfadden/mcfadden-abstract.tex + diff --git a/2005/flow-accounting-ols2005/OLS2005/mcfadden/mcfadden-abstract.tex b/2005/flow-accounting-ols2005/OLS2005/mcfadden/mcfadden-abstract.tex new file mode 100644 index 0000000..61a913e --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/mcfadden/mcfadden-abstract.tex @@ -0,0 +1,30 @@ + +% Registration Usage of Virtualized GNU/Linux to Support Binary +% Testing Across Multiple Distributions +% Proposal Gordon McFadden (gordon.mcfadden@intel.com) + +In this paper, we will discuss how we created a test +environment using a single high-end test host that +implemented multiple test hosts. The test environment +enabled the testing of software running on different +Linux distributions with different kernel versions. +This approach improved test automation, avoided capital +expenditures and saved on desktop real-estate. We +employed a version of Gentoo Linux with a modified 2.6 +kernel, along with multiple instances of different +distributions and version of Linux running on User Mode +Linux (UML). The particular tests involved are related +to the Linux Standards Base, but the concept is +applicable to many different environments. + +We will describe how we improved aspects of the Gentoo +kernel to improve performance. We will describe the +methods used to affect a lightweight inter UML +communications mechanism. We will also talk about the +file systems chosen for both the host OS and the UML. +Finally, we will have a brief discussion around the +benefits and limitations of this type of test +environment, and will discuss plans for future test +environments. + + diff --git a/2005/flow-accounting-ols2005/OLS2005/mcfadden/mcfadden.tex b/2005/flow-accounting-ols2005/OLS2005/mcfadden/mcfadden.tex new file mode 100644 index 0000000..f617da3 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/mcfadden/mcfadden.tex @@ -0,0 +1,100 @@ +% The file must begin with this \documentclass declaration. You can +% give one of three different options which control how picky LaTeX +% is when typesetting: +% +% galley - All ``this doesn't fit'' warnings are suppressed, and +% references are disabled (the key will be printed as a +% reminder). Use this mode while writing. +% +% proof - All ``this doesn't fit'' warnings are active, as are +% references. Overfull hboxes make ugly black blobs in +% the margin. Use this mode to tidy up formatting after +% you're done writing. (Same as article's ``draft'' mode.) +% +% final - As proof, but the ugly black blobs are turned off. Use +% this to render PDFs or PostScript to give to other people, +% when you're completely done. (As with article, this is the +% default.) +% +% You can also use the leqno, fleqn, or openbib options to article.cls +% if you wish. None of article's other options will work. + +%%% +%%% PLEASE CHANGE 'galley' to 'final' BEFORE SUBMITTING. THANKS! +%%% (to submit: "make clean" in the toplevel directory; tar and gzip *only* your directory; +%%% email the gzipped tarball to papers@linuxsymposium.org.) +%%% +\documentclass[galley]{ols} + +% These two packages allow easy handling of urls and identifiers per the example paper. +\usepackage{url} +\usepackage{zrl} + +% The following package is not required, but is a handy way to put PDF and EPS graphics +% into your paper using the \includegraphics command. +\ifpdf +\usepackage[pdftex]{graphicx} +\else +\usepackage{graphicx} +\fi + + +% Here in the preamble, you may load additional packages, or +% define whatever macros you like, with the following exceptions: +% +% - Do not mess with the page layout, either by hand or with packages +% (e.g., typearea, geometry). +% - Do not change the principal fonts, either by hand or with packages. +% - Do not use \pagestyle, or load any page header-related packages. +% - Do not redefine any commands having to do with article titles. +% - If you are using something that is not part of the standard +% tetex-2 distribution, please make a note of whether it's on CTAN, +% or include a copy with your submission. +% + +\begin{document} + +% Mandatory: article title specification. +% Do not put line breaks or other clever formatting in \title or +% \shortauthor; these are moving arguments. + +\title{Usage of Virtualized GNU/Linux to Support Binary Testing Across Multiple Distributions} +\subtitle{ } % Subtitle is optional. +\date{} % You can put a fixed date in if you wish, + % allow LaTeX to use the date of typesetting, + % or use \date{} to have no date at all. + % Whatever you do, there will not be a date + % shown in the proceedings. + +\shortauthor{Gordon McFadden} % Just you and your coauthors' names. +% for example, \shortauthor{A.N.\ Author and A.\ Nother} +% or perchance \shortauthor{Smith, Jones, Black, White, Gray, \& Greene} + +\author{% Authors, affiliations, and email addresses go here, like this: +Gordon McFadden \\ +{\itshape Your affiliation}\\ +{\ttfamily\normalsize your-address@example.com}\\ +% \and +% Bob \\ +% {\itshape Bob's affiliation.}\\ +% {\ttfamily\normalsize bob@example.com}\\ +} % end author section + +\maketitle + +\begin{abstract} +% Article abstract goes here. +\input{mcfadden-abstract.tex} +\end{abstract} + +% Body of your article goes here. You are mostly unrestricted in what +% LaTeX features you can use; however, the following will not work: +% \thispagestyle +% \marginpar +% table of contents +% list of figures / tables +% glossaries +% indices + +\end{document} + diff --git a/2005/flow-accounting-ols2005/OLS2005/melo/Makefile.inc b/2005/flow-accounting-ols2005/OLS2005/melo/Makefile.inc new file mode 100644 index 0000000..45d005d --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/melo/Makefile.inc @@ -0,0 +1,7 @@ +PAPERS += melo/melo.dvi + +## Add any additional .tex or .eps files below: +melo/melo.dvi melo/melo-proc.dvi: \ + melo/melo.tex \ + melo/melo-abstract.tex + diff --git a/2005/flow-accounting-ols2005/OLS2005/melo/melo-abstract.tex b/2005/flow-accounting-ols2005/OLS2005/melo/melo-abstract.tex new file mode 100644 index 0000000..fbf24b8 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/melo/melo-abstract.tex @@ -0,0 +1,16 @@ + +% Registration DCCP on Linux +% [2]Register/Submit Arnaldo Carvalho de Melo (acme@conectiva.com.br) + +In this paper I will present the current state of DCCP +for Linux, looking at several implementations done for +Linux and for other kernels, how well they +interoperate, how the implementation I'm working on +took advantage of the work presented in my OLS 2004 +talk (``TCPfying the poor cousins'') and ideas about +plugabble congestion control algorithms in DCCP, taking +advantage of recent work by Stephen Hemminger on having +a IO scheduller like infrastructure for congestion +control algorithms in TCP. + + diff --git a/2005/flow-accounting-ols2005/OLS2005/melo/melo.tex b/2005/flow-accounting-ols2005/OLS2005/melo/melo.tex new file mode 100644 index 0000000..d5ae26c --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/melo/melo.tex @@ -0,0 +1,100 @@ +% The file must begin with this \documentclass declaration. You can +% give one of three different options which control how picky LaTeX +% is when typesetting: +% +% galley - All ``this doesn't fit'' warnings are suppressed, and +% references are disabled (the key will be printed as a +% reminder). Use this mode while writing. +% +% proof - All ``this doesn't fit'' warnings are active, as are +% references. Overfull hboxes make ugly black blobs in +% the margin. Use this mode to tidy up formatting after +% you're done writing. (Same as article's ``draft'' mode.) +% +% final - As proof, but the ugly black blobs are turned off. Use +% this to render PDFs or PostScript to give to other people, +% when you're completely done. (As with article, this is the +% default.) +% +% You can also use the leqno, fleqn, or openbib options to article.cls +% if you wish. None of article's other options will work. + +%%% +%%% PLEASE CHANGE 'galley' to 'final' BEFORE SUBMITTING. THANKS! +%%% (to submit: "make clean" in the toplevel directory; tar and gzip *only* your directory; +%%% email the gzipped tarball to papers@linuxsymposium.org.) +%%% +\documentclass[galley]{ols} + +% These two packages allow easy handling of urls and identifiers per the example paper. +\usepackage{url} +\usepackage{zrl} + +% The following package is not required, but is a handy way to put PDF and EPS graphics +% into your paper using the \includegraphics command. +\ifpdf +\usepackage[pdftex]{graphicx} +\else +\usepackage{graphicx} +\fi + + +% Here in the preamble, you may load additional packages, or +% define whatever macros you like, with the following exceptions: +% +% - Do not mess with the page layout, either by hand or with packages +% (e.g., typearea, geometry). +% - Do not change the principal fonts, either by hand or with packages. +% - Do not use \pagestyle, or load any page header-related packages. +% - Do not redefine any commands having to do with article titles. +% - If you are using something that is not part of the standard +% tetex-2 distribution, please make a note of whether it's on CTAN, +% or include a copy with your submission. +% + +\begin{document} + +% Mandatory: article title specification. +% Do not put line breaks or other clever formatting in \title or +% \shortauthor; these are moving arguments. + +\title{DCCP on Linux} +\subtitle{ } % Subtitle is optional. +\date{} % You can put a fixed date in if you wish, + % allow LaTeX to use the date of typesetting, + % or use \date{} to have no date at all. + % Whatever you do, there will not be a date + % shown in the proceedings. + +\shortauthor{Arnaldo Carvalho de Melo} % Just you and your coauthors' names. +% for example, \shortauthor{A.N.\ Author and A.\ Nother} +% or perchance \shortauthor{Smith, Jones, Black, White, Gray, \& Greene} + +\author{% Authors, affiliations, and email addresses go here, like this: +Arnaldo Carvalho de Melo \\ +{\itshape Your affiliation}\\ +{\ttfamily\normalsize your-address@example.com}\\ +% \and +% Bob \\ +% {\itshape Bob's affiliation.}\\ +% {\ttfamily\normalsize bob@example.com}\\ +} % end author section + +\maketitle + +\begin{abstract} +% Article abstract goes here. +\input{melo-abstract.tex} +\end{abstract} + +% Body of your article goes here. You are mostly unrestricted in what +% LaTeX features you can use; however, the following will not work: +% \thispagestyle +% \marginpar +% table of contents +% list of figures / tables +% glossaries +% indices + +\end{document} + diff --git a/2005/flow-accounting-ols2005/OLS2005/mochel/Makefile.inc b/2005/flow-accounting-ols2005/OLS2005/mochel/Makefile.inc new file mode 100644 index 0000000..b6402c8 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/mochel/Makefile.inc @@ -0,0 +1,7 @@ +PAPERS += mochel/mochel.dvi + +## Add any additional .tex or .eps files below: +mochel/mochel.dvi mochel/mochel-proc.dvi: \ + mochel/mochel.tex \ + mochel/mochel-abstract.tex + diff --git a/2005/flow-accounting-ols2005/OLS2005/mochel/mochel-abstract.tex b/2005/flow-accounting-ols2005/OLS2005/mochel/mochel-abstract.tex new file mode 100644 index 0000000..7b6cdcc --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/mochel/mochel-abstract.tex @@ -0,0 +1,41 @@ + +% Registration The sysfs Filesystem +% [2]Register/Submit Patrick Mochel (mochel@digitalimplant.org) + +sysfs is considered by some to be one of the most +important and useful features that was integrated into +the 2.6 kernel. It has definitely been one of the most +talked about, most used, and most visible features. By +providing a window into kernel objects, their +attributes, and the relationships between them, a lot +of opportunities arise: +\begin{enumerate} +\item to cleanup existing code that +has traditionally used proc, +\item to easily port code +that has traditionally used procfs to export object +attributes, and +\item to integrate new subsystems with +configurable and exportable attributes. +\end{enumerate} + +While sysfs has been a great benefit for a large amount +code in the kernel, it's far from perfect. This talk +will discuss those imperfections, including but not +limited to, the places and situations where it's +cumbersome or inappropriate to use sysfs; how sysfs +suffers from some of the same problems as procfs and +sysctl by making it easy to duplicate code and +propagate bugs; and what the performance impact of +using sysfs is. + +It won't be an unmitigated tomato-throwing session, +though. The purpose of identifying and characterizing +the problems is simply the first step in making it +better. Current developments and plans for the near +future to fix or alleviate the problems will be +described. The pundits will be placated and the critics +pacified in the next few steps towards total +domination. + + diff --git a/2005/flow-accounting-ols2005/OLS2005/mochel/mochel.tex b/2005/flow-accounting-ols2005/OLS2005/mochel/mochel.tex new file mode 100644 index 0000000..9327524 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/mochel/mochel.tex @@ -0,0 +1,100 @@ +% The file must begin with this \documentclass declaration. You can +% give one of three different options which control how picky LaTeX +% is when typesetting: +% +% galley - All ``this doesn't fit'' warnings are suppressed, and +% references are disabled (the key will be printed as a +% reminder). Use this mode while writing. +% +% proof - All ``this doesn't fit'' warnings are active, as are +% references. Overfull hboxes make ugly black blobs in +% the margin. Use this mode to tidy up formatting after +% you're done writing. (Same as article's ``draft'' mode.) +% +% final - As proof, but the ugly black blobs are turned off. Use +% this to render PDFs or PostScript to give to other people, +% when you're completely done. (As with article, this is the +% default.) +% +% You can also use the leqno, fleqn, or openbib options to article.cls +% if you wish. None of article's other options will work. + +%%% +%%% PLEASE CHANGE 'galley' to 'final' BEFORE SUBMITTING. THANKS! +%%% (to submit: "make clean" in the toplevel directory; tar and gzip *only* your directory; +%%% email the gzipped tarball to papers@linuxsymposium.org.) +%%% +\documentclass[galley]{ols} + +% These two packages allow easy handling of urls and identifiers per the example paper. +\usepackage{url} +\usepackage{zrl} + +% The following package is not required, but is a handy way to put PDF and EPS graphics +% into your paper using the \includegraphics command. +\ifpdf +\usepackage[pdftex]{graphicx} +\else +\usepackage{graphicx} +\fi + + +% Here in the preamble, you may load additional packages, or +% define whatever macros you like, with the following exceptions: +% +% - Do not mess with the page layout, either by hand or with packages +% (e.g., typearea, geometry). +% - Do not change the principal fonts, either by hand or with packages. +% - Do not use \pagestyle, or load any page header-related packages. +% - Do not redefine any commands having to do with article titles. +% - If you are using something that is not part of the standard +% tetex-2 distribution, please make a note of whether it's on CTAN, +% or include a copy with your submission. +% + +\begin{document} + +% Mandatory: article title specification. +% Do not put line breaks or other clever formatting in \title or +% \shortauthor; these are moving arguments. + +\title{The sysfs Filesystem} +\subtitle{ } % Subtitle is optional. +\date{} % You can put a fixed date in if you wish, + % allow LaTeX to use the date of typesetting, + % or use \date{} to have no date at all. + % Whatever you do, there will not be a date + % shown in the proceedings. + +\shortauthor{Patrick Mochel} % Just you and your coauthors' names. +% for example, \shortauthor{A.N.\ Author and A.\ Nother} +% or perchance \shortauthor{Smith, Jones, Black, White, Gray, \& Greene} + +\author{% Authors, affiliations, and email addresses go here, like this: +Patrick Mochel \\ +{\itshape Your affiliation}\\ +{\ttfamily\normalsize your-address@example.com}\\ +% \and +% Bob \\ +% {\itshape Bob's affiliation.}\\ +% {\ttfamily\normalsize bob@example.com}\\ +} % end author section + +\maketitle + +\begin{abstract} +% Article abstract goes here. +\input{mochel-abstract.tex} +\end{abstract} + +% Body of your article goes here. You are mostly unrestricted in what +% LaTeX features you can use; however, the following will not work: +% \thispagestyle +% \marginpar +% table of contents +% list of figures / tables +% glossaries +% indices + +\end{document} + diff --git a/2005/flow-accounting-ols2005/OLS2005/moilanen/Makefile.inc b/2005/flow-accounting-ols2005/OLS2005/moilanen/Makefile.inc new file mode 100644 index 0000000..3bdb5f7 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/moilanen/Makefile.inc @@ -0,0 +1,7 @@ +PAPERS += moilanen/moilanen.dvi + +## Add any additional .tex or .eps files below: +moilanen/moilanen.dvi moilanen/moilanen-proc.dvi: \ + moilanen/moilanen.tex \ + moilanen/moilanen-abstract.tex + diff --git a/2005/flow-accounting-ols2005/OLS2005/moilanen/moilanen-abstract.tex b/2005/flow-accounting-ols2005/OLS2005/moilanen/moilanen-abstract.tex new file mode 100644 index 0000000..60edd6d --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/moilanen/moilanen-abstract.tex @@ -0,0 +1,25 @@ + +% Registration Using genetic algorithms to autonomically tune the +% kernel. +% Proposal Jake Moilanen (moilanen@austin.ibm.com) + +One of the next obstacles in autonomic computing is +having a system self-tune for any workload. Workloads +vary greatly between applications and even during an +application's life cycle. It is a daunting task for a +system administrator to manually keep up with a +constantly changing workload. To remedy this +shortcoming, intelligence needs to be put into a system +to autonomically handle this process. One method is to +take an algorithm commonly used in artificial +intelligence and apply it to the Linux kernel. + +This paper will cover the use of genetic-algorithms to +autonomically tune the kernel through the development +of the genetic-library. It will discuss the overall +designed of the genetic-library along with the hooked +schedulers, current status, and future work. Finally, +early performance numbers will be covered to give an +idea as towards the viability of the concept. + + diff --git a/2005/flow-accounting-ols2005/OLS2005/moilanen/moilanen.tex b/2005/flow-accounting-ols2005/OLS2005/moilanen/moilanen.tex new file mode 100644 index 0000000..8325406 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/moilanen/moilanen.tex @@ -0,0 +1,100 @@ +% The file must begin with this \documentclass declaration. You can +% give one of three different options which control how picky LaTeX +% is when typesetting: +% +% galley - All ``this doesn't fit'' warnings are suppressed, and +% references are disabled (the key will be printed as a +% reminder). Use this mode while writing. +% +% proof - All ``this doesn't fit'' warnings are active, as are +% references. Overfull hboxes make ugly black blobs in +% the margin. Use this mode to tidy up formatting after +% you're done writing. (Same as article's ``draft'' mode.) +% +% final - As proof, but the ugly black blobs are turned off. Use +% this to render PDFs or PostScript to give to other people, +% when you're completely done. (As with article, this is the +% default.) +% +% You can also use the leqno, fleqn, or openbib options to article.cls +% if you wish. None of article's other options will work. + +%%% +%%% PLEASE CHANGE 'galley' to 'final' BEFORE SUBMITTING. THANKS! +%%% (to submit: "make clean" in the toplevel directory; tar and gzip *only* your directory; +%%% email the gzipped tarball to papers@linuxsymposium.org.) +%%% +\documentclass[galley]{ols} + +% These two packages allow easy handling of urls and identifiers per the example paper. +\usepackage{url} +\usepackage{zrl} + +% The following package is not required, but is a handy way to put PDF and EPS graphics +% into your paper using the \includegraphics command. +\ifpdf +\usepackage[pdftex]{graphicx} +\else +\usepackage{graphicx} +\fi + + +% Here in the preamble, you may load additional packages, or +% define whatever macros you like, with the following exceptions: +% +% - Do not mess with the page layout, either by hand or with packages +% (e.g., typearea, geometry). +% - Do not change the principal fonts, either by hand or with packages. +% - Do not use \pagestyle, or load any page header-related packages. +% - Do not redefine any commands having to do with article titles. +% - If you are using something that is not part of the standard +% tetex-2 distribution, please make a note of whether it's on CTAN, +% or include a copy with your submission. +% + +\begin{document} + +% Mandatory: article title specification. +% Do not put line breaks or other clever formatting in \title or +% \shortauthor; these are moving arguments. + +\title{Using genetic algorithms to autonomically tune the kernel} +\subtitle{ } % Subtitle is optional. +\date{} % You can put a fixed date in if you wish, + % allow LaTeX to use the date of typesetting, + % or use \date{} to have no date at all. + % Whatever you do, there will not be a date + % shown in the proceedings. + +\shortauthor{Jake Moilanen} % Just you and your coauthors' names. +% for example, \shortauthor{A.N.\ Author and A.\ Nother} +% or perchance \shortauthor{Smith, Jones, Black, White, Gray, \& Greene} + +\author{% Authors, affiliations, and email addresses go here, like this: +Jake Moilanen \\ +{\itshape Your affiliation}\\ +{\ttfamily\normalsize your-address@example.com}\\ +% \and +% Bob \\ +% {\itshape Bob's affiliation.}\\ +% {\ttfamily\normalsize bob@example.com}\\ +} % end author section + +\maketitle + +\begin{abstract} +% Article abstract goes here. +\input{moilanen-abstract.tex} +\end{abstract} + +% Body of your article goes here. You are mostly unrestricted in what +% LaTeX features you can use; however, the following will not work: +% \thispagestyle +% \marginpar +% table of contents +% list of figures / tables +% glossaries +% indices + +\end{document} + diff --git a/2005/flow-accounting-ols2005/OLS2005/nguyen/Makefile.inc b/2005/flow-accounting-ols2005/OLS2005/nguyen/Makefile.inc new file mode 100644 index 0000000..3ad740e --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/nguyen/Makefile.inc @@ -0,0 +1,7 @@ +PAPERS += nguyen/nguyen.dvi + +## Add any additional .tex or .eps files below: +nguyen/nguyen.dvi nguyen/nguyen-proc.dvi: \ + nguyen/nguyen.tex \ + nguyen/nguyen-abstract.tex + diff --git a/2005/flow-accounting-ols2005/OLS2005/nguyen/nguyen-abstract.tex b/2005/flow-accounting-ols2005/OLS2005/nguyen/nguyen-abstract.tex new file mode 100644 index 0000000..639c12c --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/nguyen/nguyen-abstract.tex @@ -0,0 +1,27 @@ + +% Registration PCI Express Port Bus Driver Support for Linux +% [2]Register/Submit Tom Long Nguyen (tom.l.nguyen@intel.com) + +PCI Express is a high performance general purpose I/O +Interconnect defined for a wide variety of computing +and communication platforms. It implements PCI Express +Ports, PCI-PCI Bridges, to provide point-to-point +interconnects. PCI Express categorizes PCI Express +Ports into three types: the Root Ports, the Upstream +Switch Ports, and the Downstream Switch Ports. Each PCI +Express Port can provide up to four distinct services: +native hot-plug, power management event, advanced error +reporting, and virtual channel. PCI Express Port Bus +Driver, as being proposed and developed, therefore +shall serve managing all services and distributing them +to their corresponding service drivers. This paper, +which uses i386 Linux implementation as a reference +model, is targeted toward kernel developers and +architects interested in the details of enabling +service drivers for PCI Express Ports. This paper +provides insight into the scope of implementing PCI +Express Port Bus Driver and specific service drivers +like Advanced Error Handling Root service driver and +PCI Express Native Hot-plug Root service driver. + + diff --git a/2005/flow-accounting-ols2005/OLS2005/nguyen/nguyen.tex b/2005/flow-accounting-ols2005/OLS2005/nguyen/nguyen.tex new file mode 100644 index 0000000..b667bf2 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/nguyen/nguyen.tex @@ -0,0 +1,100 @@ +% The file must begin with this \documentclass declaration. You can +% give one of three different options which control how picky LaTeX +% is when typesetting: +% +% galley - All ``this doesn't fit'' warnings are suppressed, and +% references are disabled (the key will be printed as a +% reminder). Use this mode while writing. +% +% proof - All ``this doesn't fit'' warnings are active, as are +% references. Overfull hboxes make ugly black blobs in +% the margin. Use this mode to tidy up formatting after +% you're done writing. (Same as article's ``draft'' mode.) +% +% final - As proof, but the ugly black blobs are turned off. Use +% this to render PDFs or PostScript to give to other people, +% when you're completely done. (As with article, this is the +% default.) +% +% You can also use the leqno, fleqn, or openbib options to article.cls +% if you wish. None of article's other options will work. + +%%% +%%% PLEASE CHANGE 'galley' to 'final' BEFORE SUBMITTING. THANKS! +%%% (to submit: "make clean" in the toplevel directory; tar and gzip *only* your directory; +%%% email the gzipped tarball to papers@linuxsymposium.org.) +%%% +\documentclass[galley]{ols} + +% These two packages allow easy handling of urls and identifiers per the example paper. +\usepackage{url} +\usepackage{zrl} + +% The following package is not required, but is a handy way to put PDF and EPS graphics +% into your paper using the \includegraphics command. +\ifpdf +\usepackage[pdftex]{graphicx} +\else +\usepackage{graphicx} +\fi + + +% Here in the preamble, you may load additional packages, or +% define whatever macros you like, with the following exceptions: +% +% - Do not mess with the page layout, either by hand or with packages +% (e.g., typearea, geometry). +% - Do not change the principal fonts, either by hand or with packages. +% - Do not use \pagestyle, or load any page header-related packages. +% - Do not redefine any commands having to do with article titles. +% - If you are using something that is not part of the standard +% tetex-2 distribution, please make a note of whether it's on CTAN, +% or include a copy with your submission. +% + +\begin{document} + +% Mandatory: article title specification. +% Do not put line breaks or other clever formatting in \title or +% \shortauthor; these are moving arguments. + +\title{PCI Express Port Bus Driver Support for Linux} +\subtitle{ } % Subtitle is optional. +\date{} % You can put a fixed date in if you wish, + % allow LaTeX to use the date of typesetting, + % or use \date{} to have no date at all. + % Whatever you do, there will not be a date + % shown in the proceedings. + +\shortauthor{Tom Long Nguyen} % Just you and your coauthors' names. +% for example, \shortauthor{A.N.\ Author and A.\ Nother} +% or perchance \shortauthor{Smith, Jones, Black, White, Gray, \& Greene} + +\author{% Authors, affiliations, and email addresses go here, like this: +Tom Long Nguyen \\ +{\itshape Your affiliation}\\ +{\ttfamily\normalsize your-address@example.com}\\ +% \and +% Bob \\ +% {\itshape Bob's affiliation.}\\ +% {\ttfamily\normalsize bob@example.com}\\ +} % end author section + +\maketitle + +\begin{abstract} +% Article abstract goes here. +\input{nguyen-abstract.tex} +\end{abstract} + +% Body of your article goes here. You are mostly unrestricted in what +% LaTeX features you can use; however, the following will not work: +% \thispagestyle +% \marginpar +% table of contents +% list of figures / tables +% glossaries +% indices + +\end{document} + diff --git a/2005/flow-accounting-ols2005/OLS2005/olsson/Makefile.inc b/2005/flow-accounting-ols2005/OLS2005/olsson/Makefile.inc new file mode 100644 index 0000000..88bcf8d --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/olsson/Makefile.inc @@ -0,0 +1,7 @@ +PAPERS += olsson/olsson.dvi + +## Add any additional .tex or .eps files below: +olsson/olsson.dvi olsson/olsson-proc.dvi: \ + olsson/olsson.tex \ + olsson/olsson-abstract.tex + diff --git a/2005/flow-accounting-ols2005/OLS2005/olsson/olsson-abstract.tex b/2005/flow-accounting-ols2005/OLS2005/olsson/olsson-abstract.tex new file mode 100644 index 0000000..ad17de8 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/olsson/olsson-abstract.tex @@ -0,0 +1,16 @@ + +% Registration pktgen the linux packet generator +% [2]Register/Submit Robert Olsson (robert.olsson@its.uu.se) + +Abstract pktgen is a high-performance testing tool +included in the Linux kernel. Being part of the kernel +is currently best way to test the TX process of device +driver and NIC. pktgen can also be used to generate +ordinary packets to test other network devices. +Especially of interest is the use of pktgen to test +routers or bridges which use the Linux network stack. +Because pktgen is ``in-kernel,'' it can generate very +high packet rates and with few systems saturate network +devices as routers or bridges. + + diff --git a/2005/flow-accounting-ols2005/OLS2005/olsson/olsson.tex b/2005/flow-accounting-ols2005/OLS2005/olsson/olsson.tex new file mode 100644 index 0000000..847ebbb --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/olsson/olsson.tex @@ -0,0 +1,100 @@ +% The file must begin with this \documentclass declaration. You can +% give one of three different options which control how picky LaTeX +% is when typesetting: +% +% galley - All ``this doesn't fit'' warnings are suppressed, and +% references are disabled (the key will be printed as a +% reminder). Use this mode while writing. +% +% proof - All ``this doesn't fit'' warnings are active, as are +% references. Overfull hboxes make ugly black blobs in +% the margin. Use this mode to tidy up formatting after +% you're done writing. (Same as article's ``draft'' mode.) +% +% final - As proof, but the ugly black blobs are turned off. Use +% this to render PDFs or PostScript to give to other people, +% when you're completely done. (As with article, this is the +% default.) +% +% You can also use the leqno, fleqn, or openbib options to article.cls +% if you wish. None of article's other options will work. + +%%% +%%% PLEASE CHANGE 'galley' to 'final' BEFORE SUBMITTING. THANKS! +%%% (to submit: "make clean" in the toplevel directory; tar and gzip *only* your directory; +%%% email the gzipped tarball to papers@linuxsymposium.org.) +%%% +\documentclass[galley]{ols} + +% These two packages allow easy handling of urls and identifiers per the example paper. +\usepackage{url} +\usepackage{zrl} + +% The following package is not required, but is a handy way to put PDF and EPS graphics +% into your paper using the \includegraphics command. +\ifpdf +\usepackage[pdftex]{graphicx} +\else +\usepackage{graphicx} +\fi + + +% Here in the preamble, you may load additional packages, or +% define whatever macros you like, with the following exceptions: +% +% - Do not mess with the page layout, either by hand or with packages +% (e.g., typearea, geometry). +% - Do not change the principal fonts, either by hand or with packages. +% - Do not use \pagestyle, or load any page header-related packages. +% - Do not redefine any commands having to do with article titles. +% - If you are using something that is not part of the standard +% tetex-2 distribution, please make a note of whether it's on CTAN, +% or include a copy with your submission. +% + +\begin{document} + +% Mandatory: article title specification. +% Do not put line breaks or other clever formatting in \title or +% \shortauthor; these are moving arguments. + +\title{pktgen the linux packet generator} +\subtitle{ } % Subtitle is optional. +\date{} % You can put a fixed date in if you wish, + % allow LaTeX to use the date of typesetting, + % or use \date{} to have no date at all. + % Whatever you do, there will not be a date + % shown in the proceedings. + +\shortauthor{Robert Olsson} % Just you and your coauthors' names. +% for example, \shortauthor{A.N.\ Author and A.\ Nother} +% or perchance \shortauthor{Smith, Jones, Black, White, Gray, \& Greene} + +\author{% Authors, affiliations, and email addresses go here, like this: +Robert Olsson \\ +{\itshape Your affiliation}\\ +{\ttfamily\normalsize your-address@example.com}\\ +% \and +% Bob \\ +% {\itshape Bob's affiliation.}\\ +% {\ttfamily\normalsize bob@example.com}\\ +} % end author section + +\maketitle + +\begin{abstract} +% Article abstract goes here. +\input{olsson-abstract.tex} +\end{abstract} + +% Body of your article goes here. You are mostly unrestricted in what +% LaTeX features you can use; however, the following will not work: +% \thispagestyle +% \marginpar +% table of contents +% list of figures / tables +% glossaries +% indices + +\end{document} + diff --git a/2005/flow-accounting-ols2005/OLS2005/packard/Makefile.inc b/2005/flow-accounting-ols2005/OLS2005/packard/Makefile.inc new file mode 100644 index 0000000..e8f336a --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/packard/Makefile.inc @@ -0,0 +1,7 @@ +PAPERS += packard/packard.dvi + +## Add any additional .tex or .eps files below: +packard/packard.dvi packard/packard-proc.dvi: \ + packard/packard.tex \ + packard/packard-abstract.tex + diff --git a/2005/flow-accounting-ols2005/OLS2005/packard/packard-abstract.tex b/2005/flow-accounting-ols2005/OLS2005/packard/packard-abstract.tex new file mode 100644 index 0000000..a324825 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/packard/packard-abstract.tex @@ -0,0 +1,23 @@ + +% Registration TWIN: An Even Smaller Window System for Even +% Smaller Devices +% Keith Packard (keithp@keithp.com) + +With embedded systems gaining high resolution +displays and powerful CPUs, the desire for +sophisticated graphical user interfaces can be +realized in even the smallest of systems. +While the CPU power available for a given +power budget has increased dramatically, these +tiny systems remain severely memory +constrained. This unique environment presents +interesting challenges in graphical system +design and implementation. To explore this +particular space, a new window system, Twin, +has been developed. Using ideas from modern +window systems in larger environments, Twin +offers overlapping translucent windows, +anti-aliased graphics and scalable fonts in a +total memory budget of 100 kilobytes. + + diff --git a/2005/flow-accounting-ols2005/OLS2005/packard/packard.tex b/2005/flow-accounting-ols2005/OLS2005/packard/packard.tex new file mode 100644 index 0000000..d3fc734 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/packard/packard.tex @@ -0,0 +1,100 @@ +% The file must begin with this \documentclass declaration. You can +% give one of three different options which control how picky LaTeX +% is when typesetting: +% +% galley - All ``this doesn't fit'' warnings are suppressed, and +% references are disabled (the key will be printed as a +% reminder). Use this mode while writing. +% +% proof - All ``this doesn't fit'' warnings are active, as are +% references. Overfull hboxes make ugly black blobs in +% the margin. Use this mode to tidy up formatting after +% you're done writing. (Same as article's ``draft'' mode.) +% +% final - As proof, but the ugly black blobs are turned off. Use +% this to render PDFs or PostScript to give to other people, +% when you're completely done. (As with article, this is the +% default.) +% +% You can also use the leqno, fleqn, or openbib options to article.cls +% if you wish. None of article's other options will work. + +%%% +%%% PLEASE CHANGE 'galley' to 'final' BEFORE SUBMITTING. THANKS! +%%% (to submit: "make clean" in the toplevel directory; tar and gzip *only* your directory; +%%% email the gzipped tarball to papers@linuxsymposium.org.) +%%% +\documentclass[galley]{ols} + +% These two packages allow easy handling of urls and identifiers per the example paper. +\usepackage{url} +\usepackage{zrl} + +% The following package is not required, but is a handy way to put PDF and EPS graphics +% into your paper using the \includegraphics command. +\ifpdf +\usepackage[pdftex]{graphicx} +\else +\usepackage{graphicx} +\fi + + +% Here in the preamble, you may load additional packages, or +% define whatever macros you like, with the following exceptions: +% +% - Do not mess with the page layout, either by hand or with packages +% (e.g., typearea, geometry). +% - Do not change the principal fonts, either by hand or with packages. +% - Do not use \pagestyle, or load any page header-related packages. +% - Do not redefine any commands having to do with article titles. +% - If you are using something that is not part of the standard +% tetex-2 distribution, please make a note of whether it's on CTAN, +% or include a copy with your submission. +% + +\begin{document} + +% Mandatory: article title specification. +% Do not put line breaks or other clever formatting in \title or +% \shortauthor; these are moving arguments. + +\title{TWIN: An Even Smaller Window System for Even Smaller Devices} +\subtitle{ } % Subtitle is optional. +\date{} % You can put a fixed date in if you wish, + % allow LaTeX to use the date of typesetting, + % or use \date{} to have no date at all. + % Whatever you do, there will not be a date + % shown in the proceedings. + +\shortauthor{Keith Packard} % Just you and your coauthors' names. +% for example, \shortauthor{A.N.\ Author and A.\ Nother} +% or perchance \shortauthor{Smith, Jones, Black, White, Gray, \& Greene} + +\author{% Authors, affiliations, and email addresses go here, like this: +Keith Packard \\ +{\itshape Your affiliation}\\ +{\ttfamily\normalsize your-address@example.com}\\ +% \and +% Bob \\ +% {\itshape Bob's affiliation.}\\ +% {\ttfamily\normalsize bob@example.com}\\ +} % end author section + +\maketitle + +\begin{abstract} +% Article abstract goes here. +\input{packard-abstract.tex} +\end{abstract} + +% Body of your article goes here. You are mostly unrestricted in what +% LaTeX features you can use; however, the following will not work: +% \thispagestyle +% \marginpar +% table of contents +% list of figures / tables +% glossaries +% indices + +\end{document} + diff --git a/2005/flow-accounting-ols2005/OLS2005/porter/Makefile.inc b/2005/flow-accounting-ols2005/OLS2005/porter/Makefile.inc new file mode 100644 index 0000000..539f9f3 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/porter/Makefile.inc @@ -0,0 +1,7 @@ +PAPERS += porter/porter.dvi + +## Add any additional .tex or .eps files below: +porter/porter.dvi porter/porter-proc.dvi: \ + porter/porter.tex \ + porter/porter-abstract.tex + diff --git a/2005/flow-accounting-ols2005/OLS2005/porter/porter-abstract.tex b/2005/flow-accounting-ols2005/OLS2005/porter/porter-abstract.tex new file mode 100644 index 0000000..8ee9a15 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/porter/porter-abstract.tex @@ -0,0 +1,20 @@ + +% Registration RapidIO for Linux +% +% [2]Register/Submit Matt Porter (mporter@kernel.crashing.org) + +RapidIO is a switched fabric interconnect standard +intended for embedded systems. Providing a message +based interface, it is currently capable of speeds up +to 10Gb/s full duplex and is available in many form +factors including ATCA for telecom applications. In +this paper, I introduce a RapidIO subsystem for the +Linux kernel. The implementation provides support for +discovery and enumeration of devices, management of +resources, and provides a consistent access mechanism +for drivers and other kernel facilities. As an example +of the use of the subsystem feature set, I present a +Linux network driver implementation which communicates +via RapidIO message packets. + + diff --git a/2005/flow-accounting-ols2005/OLS2005/porter/porter.tex b/2005/flow-accounting-ols2005/OLS2005/porter/porter.tex new file mode 100644 index 0000000..bb49409 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/porter/porter.tex @@ -0,0 +1,100 @@ +% The file must begin with this \documentclass declaration. You can +% give one of three different options which control how picky LaTeX +% is when typesetting: +% +% galley - All ``this doesn't fit'' warnings are suppressed, and +% references are disabled (the key will be printed as a +% reminder). Use this mode while writing. +% +% proof - All ``this doesn't fit'' warnings are active, as are +% references. Overfull hboxes make ugly black blobs in +% the margin. Use this mode to tidy up formatting after +% you're done writing. (Same as article's ``draft'' mode.) +% +% final - As proof, but the ugly black blobs are turned off. Use +% this to render PDFs or PostScript to give to other people, +% when you're completely done. (As with article, this is the +% default.) +% +% You can also use the leqno, fleqn, or openbib options to article.cls +% if you wish. None of article's other options will work. + +%%% +%%% PLEASE CHANGE 'galley' to 'final' BEFORE SUBMITTING. THANKS! +%%% (to submit: "make clean" in the toplevel directory; tar and gzip *only* your directory; +%%% email the gzipped tarball to papers@linuxsymposium.org.) +%%% +\documentclass[galley]{ols} + +% These two packages allow easy handling of urls and identifiers per the example paper. +\usepackage{url} +\usepackage{zrl} + +% The following package is not required, but is a handy way to put PDF and EPS graphics +% into your paper using the \includegraphics command. +\ifpdf +\usepackage[pdftex]{graphicx} +\else +\usepackage{graphicx} +\fi + + +% Here in the preamble, you may load additional packages, or +% define whatever macros you like, with the following exceptions: +% +% - Do not mess with the page layout, either by hand or with packages +% (e.g., typearea, geometry). +% - Do not change the principal fonts, either by hand or with packages. +% - Do not use \pagestyle, or load any page header-related packages. +% - Do not redefine any commands having to do with article titles. +% - If you are using something that is not part of the standard +% tetex-2 distribution, please make a note of whether it's on CTAN, +% or include a copy with your submission. +% + +\begin{document} + +% Mandatory: article title specification. +% Do not put line breaks or other clever formatting in \title or +% \shortauthor; these are moving arguments. + +\title{RapidIO for Linux} +\subtitle{ } % Subtitle is optional. +\date{} % You can put a fixed date in if you wish, + % allow LaTeX to use the date of typesetting, + % or use \date{} to have no date at all. + % Whatever you do, there will not be a date + % shown in the proceedings. + +\shortauthor{Matt Porter} % Just you and your coauthors' names. +% for example, \shortauthor{A.N.\ Author and A.\ Nother} +% or perchance \shortauthor{Smith, Jones, Black, White, Gray, \& Greene} + +\author{% Authors, affiliations, and email addresses go here, like this: +Matt Porter \\ +{\itshape Your affiliation}\\ +{\ttfamily\normalsize your-address@example.com}\\ +% \and +% Bob \\ +% {\itshape Bob's affiliation.}\\ +% {\ttfamily\normalsize bob@example.com}\\ +} % end author section + +\maketitle + +\begin{abstract} +% Article abstract goes here. +\input{porter-abstract.tex} +\end{abstract} + +% Body of your article goes here. You are mostly unrestricted in what +% LaTeX features you can use; however, the following will not work: +% \thispagestyle +% \marginpar +% table of contents +% list of figures / tables +% glossaries +% indices + +\end{document} + diff --git a/2005/flow-accounting-ols2005/OLS2005/prasad/Makefile.inc b/2005/flow-accounting-ols2005/OLS2005/prasad/Makefile.inc new file mode 100644 index 0000000..c623b4a --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/prasad/Makefile.inc @@ -0,0 +1,7 @@ +PAPERS += prasad/prasad.dvi + +## Add any additional .tex or .eps files below: +prasad/prasad.dvi prasad/prasad-proc.dvi: \ + prasad/prasad.tex \ + prasad/prasad-abstract.tex + diff --git a/2005/flow-accounting-ols2005/OLS2005/prasad/prasad-abstract.tex b/2005/flow-accounting-ols2005/OLS2005/prasad/prasad-abstract.tex new file mode 100644 index 0000000..8d51265 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/prasad/prasad-abstract.tex @@ -0,0 +1,30 @@ + +% Registration Locating system problems using dynamic +% instrumentation +% Vara Prasad (varap@us.ibm.com) + +It is often difficult to diagnose complex +problems without multiple rebuilds and +reboots. Even in a simple setup, the problem +can touch various layers of the application +and operating system. Diagnosis is even more +difficult in complex, multi-tiered systems. As +Linux is deployed in these environments, it is +becoming more important to have facilities to +locate and identify such problems. + +Using the kprobes infrastructure, SystemTAP is +being developed to dynamically instrument the +kernel and user applications. SystemTAP +instrumentation incurs low overhead when +enabled, and zero overhead when disabled. +SystemTAP provides facilities to define +instrumentation points in a high-level +language, and to aggregate and analyze the +instrumentation data. Details of the SystemTAP +architecture and implementation are presented, +along with examples of solving problems in the +production environments. + + + diff --git a/2005/flow-accounting-ols2005/OLS2005/prasad/prasad.tex b/2005/flow-accounting-ols2005/OLS2005/prasad/prasad.tex new file mode 100644 index 0000000..320c713 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/prasad/prasad.tex @@ -0,0 +1,100 @@ +% The file must begin with this \documentclass declaration. You can +% give one of three different options which control how picky LaTeX +% is when typesetting: +% +% galley - All ``this doesn't fit'' warnings are suppressed, and +% references are disabled (the key will be printed as a +% reminder). Use this mode while writing. +% +% proof - All ``this doesn't fit'' warnings are active, as are +% references. Overfull hboxes make ugly black blobs in +% the margin. Use this mode to tidy up formatting after +% you're done writing. (Same as article's ``draft'' mode.) +% +% final - As proof, but the ugly black blobs are turned off. Use +% this to render PDFs or PostScript to give to other people, +% when you're completely done. (As with article, this is the +% default.) +% +% You can also use the leqno, fleqn, or openbib options to article.cls +% if you wish. None of article's other options will work. + +%%% +%%% PLEASE CHANGE 'galley' to 'final' BEFORE SUBMITTING. THANKS! +%%% (to submit: "make clean" in the toplevel directory; tar and gzip *only* your directory; +%%% email the gzipped tarball to papers@linuxsymposium.org.) +%%% +\documentclass[galley]{ols} + +% These two packages allow easy handling of urls and identifiers per the example paper. +\usepackage{url} +\usepackage{zrl} + +% The following package is not required, but is a handy way to put PDF and EPS graphics +% into your paper using the \includegraphics command. +\ifpdf +\usepackage[pdftex]{graphicx} +\else +\usepackage{graphicx} +\fi + + +% Here in the preamble, you may load additional packages, or +% define whatever macros you like, with the following exceptions: +% +% - Do not mess with the page layout, either by hand or with packages +% (e.g., typearea, geometry). +% - Do not change the principal fonts, either by hand or with packages. +% - Do not use \pagestyle, or load any page header-related packages. +% - Do not redefine any commands having to do with article titles. +% - If you are using something that is not part of the standard +% tetex-2 distribution, please make a note of whether it's on CTAN, +% or include a copy with your submission. +% + +\begin{document} + +% Mandatory: article title specification. +% Do not put line breaks or other clever formatting in \title or +% \shortauthor; these are moving arguments. + +\title{Locating system problems using dynamic instrumentation} +\subtitle{ } % Subtitle is optional. +\date{} % You can put a fixed date in if you wish, + % allow LaTeX to use the date of typesetting, + % or use \date{} to have no date at all. + % Whatever you do, there will not be a date + % shown in the proceedings. + +\shortauthor{Vara Prasad} % Just you and your coauthors' names. +% for example, \shortauthor{A.N.\ Author and A.\ Nother} +% or perchance \shortauthor{Smith, Jones, Black, White, Gray, \& Greene} + +\author{% Authors, affiliations, and email addresses go here, like this: +Vara Prasad \\ +{\itshape Your affiliation}\\ +{\ttfamily\normalsize your-address@example.com}\\ +% \and +% Bob \\ +% {\itshape Bob's affiliation.}\\ +% {\ttfamily\normalsize bob@example.com}\\ +} % end author section + +\maketitle + +\begin{abstract} +% Article abstract goes here. +\input{prasad-abstract.tex} +\end{abstract} + +% Body of your article goes here. You are mostly unrestricted in what +% LaTeX features you can use; however, the following will not work: +% \thispagestyle +% \marginpar +% table of contents +% list of figures / tables +% glossaries +% indices + +\end{document} + diff --git a/2005/flow-accounting-ols2005/OLS2005/pratt/Makefile.inc b/2005/flow-accounting-ols2005/OLS2005/pratt/Makefile.inc new file mode 100644 index 0000000..9872193 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/pratt/Makefile.inc @@ -0,0 +1,7 @@ +PAPERS += pratt/pratt.dvi + +## Add any additional .tex or .eps files below: +pratt/pratt.dvi pratt/pratt-proc.dvi: \ + pratt/pratt.tex \ + pratt/pratt-abstract.tex + diff --git a/2005/flow-accounting-ols2005/OLS2005/pratt/pratt-abstract.tex b/2005/flow-accounting-ols2005/OLS2005/pratt/pratt-abstract.tex new file mode 100644 index 0000000..760fe47 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/pratt/pratt-abstract.tex @@ -0,0 +1,29 @@ + +% Registration Xen 3.0 and the Art of Virtualization +% [2]Register/Submit Ian Pratt (ian.pratt@cl.cam.ac.uk) + +The Xen Virtual Machine Monitor will soon be undergoing +its third major release, and is maturing into a stable, +secure, and full-featured virtualization solution for +Linux and other operating systems. + +This new release of Xen supports a number of key new +features, such as: SMP guest operating systems (as well +as SMP hosts); x86\_64 support (with further ports to +ppc and {ia-64} in progress); and support for Intel's +VT-x virtualization extensions, which enable Xen/Linux +to host `legacy' OSes such as Windows XP. + +This paper reviews the Xen hypervisor ABI, and examines +the Linux 2.6 port. We follow the evolution of memory +virtualization techniques supported by Xen and show how +the current implementation achieves excellent +performance while minimising changes to Linux. We +discuss the new support for SMP guest OSes, and show +how modifications to Linux`s spinlock code allow us to +optimise scheduling of virtual CPUs. Finally we look at +how Linux IO devices may be virtualized and exported to +other virtual machines using high-performance +`device-channels.' + + diff --git a/2005/flow-accounting-ols2005/OLS2005/pratt/pratt.tex b/2005/flow-accounting-ols2005/OLS2005/pratt/pratt.tex new file mode 100644 index 0000000..8ea8dcb --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/pratt/pratt.tex @@ -0,0 +1,100 @@ +% The file must begin with this \documentclass declaration. You can +% give one of three different options which control how picky LaTeX +% is when typesetting: +% +% galley - All ``this doesn't fit'' warnings are suppressed, and +% references are disabled (the key will be printed as a +% reminder). Use this mode while writing. +% +% proof - All ``this doesn't fit'' warnings are active, as are +% references. Overfull hboxes make ugly black blobs in +% the margin. Use this mode to tidy up formatting after +% you're done writing. (Same as article's ``draft'' mode.) +% +% final - As proof, but the ugly black blobs are turned off. Use +% this to render PDFs or PostScript to give to other people, +% when you're completely done. (As with article, this is the +% default.) +% +% You can also use the leqno, fleqn, or openbib options to article.cls +% if you wish. None of article's other options will work. + +%%% +%%% PLEASE CHANGE 'galley' to 'final' BEFORE SUBMITTING. THANKS! +%%% (to submit: "make clean" in the toplevel directory; tar and gzip *only* your directory; +%%% email the gzipped tarball to papers@linuxsymposium.org.) +%%% +\documentclass[galley]{ols} + +% These two packages allow easy handling of urls and identifiers per the example paper. +\usepackage{url} +\usepackage{zrl} + +% The following package is not required, but is a handy way to put PDF and EPS graphics +% into your paper using the \includegraphics command. +\ifpdf +\usepackage[pdftex]{graphicx} +\else +\usepackage{graphicx} +\fi + + +% Here in the preamble, you may load additional packages, or +% define whatever macros you like, with the following exceptions: +% +% - Do not mess with the page layout, either by hand or with packages +% (e.g., typearea, geometry). +% - Do not change the principal fonts, either by hand or with packages. +% - Do not use \pagestyle, or load any page header-related packages. +% - Do not redefine any commands having to do with article titles. +% - If you are using something that is not part of the standard +% tetex-2 distribution, please make a note of whether it's on CTAN, +% or include a copy with your submission. +% + +\begin{document} + +% Mandatory: article title specification. +% Do not put line breaks or other clever formatting in \title or +% \shortauthor; these are moving arguments. + +\title{Xen 3.0 and the Art of Virtualization} +\subtitle{ } % Subtitle is optional. +\date{} % You can put a fixed date in if you wish, + % allow LaTeX to use the date of typesetting, + % or use \date{} to have no date at all. + % Whatever you do, there will not be a date + % shown in the proceedings. + +\shortauthor{Ian Pratt} % Just you and your coauthors' names. +% for example, \shortauthor{A.N.\ Author and A.\ Nother} +% or perchance \shortauthor{Smith, Jones, Black, White, Gray, \& Greene} + +\author{% Authors, affiliations, and email addresses go here, like this: +Ian Pratt \\ +{\itshape Your affiliation}\\ +{\ttfamily\normalsize your-address@example.com}\\ +% \and +% Bob \\ +% {\itshape Bob's affiliation.}\\ +% {\ttfamily\normalsize bob@example.com}\\ +} % end author section + +\maketitle + +\begin{abstract} +% Article abstract goes here. +\input{pratt-abstract.tex} +\end{abstract} + +% Body of your article goes here. You are mostly unrestricted in what +% LaTeX features you can use; however, the following will not work: +% \thispagestyle +% \marginpar +% table of contents +% list of figures / tables +% glossaries +% indices + +\end{document} + diff --git a/2005/flow-accounting-ols2005/OLS2005/rao/Makefile.inc b/2005/flow-accounting-ols2005/OLS2005/rao/Makefile.inc new file mode 100644 index 0000000..0978c15 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/rao/Makefile.inc @@ -0,0 +1,7 @@ +PAPERS += rao/rao.dvi + +## Add any additional .tex or .eps files below: +rao/rao.dvi rao/rao-proc.dvi: \ + rao/rao.tex \ + rao/rao-abstract.tex + diff --git a/2005/flow-accounting-ols2005/OLS2005/rao/rao-abstract.tex b/2005/flow-accounting-ols2005/OLS2005/rao/rao-abstract.tex new file mode 100644 index 0000000..59713b3 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/rao/rao-abstract.tex @@ -0,0 +1,49 @@ + +% Registration Examining Linux 2.6 Page-Cache Performance +% [2]Register/Submit Proposal Sonny Rao (raosanth@us.ibm.com) + + +Given the current trends towards ubiquitous +64-bit server/desktop computing with large +amounts of cheap system memory, the +performance and structure of the Linux +page-cache will undoubtedly become more +important in the future, and we believe an +analytical and empirical examination of +performance will be valuable in guiding future +development. + +The current 2.6 radix-tree based design +represents a huge leap forward from the old +global hash-table design, but we also beleive +there may be some issues with the current +radix-tree structure itself. + +We have three main concerns about the current +implementation: + +\begin{enumerate} +\item Radix tree keys are unnecessarily long +especially on LP64 systems which can cause +radix trees to perform poorly + +\item The common case of in-order insertion of +pages into the radix tree could most-likely be +improved + +\item Parallel access to the radix-tree structure +\end{enumerate} + +We will cover our analysis of the current +implementation and discuss potential +improvements for these issues using a +combination of analytical models and our +measurements of improvement using +proof-of-concept implementations of ideas such +as: extendible hashing techniques, trading +space for time by altering the \ident{MAP_SHIFT} +setup, using smaller radix keys combined with +larger logical page sizes, and possibly +others. + + diff --git a/2005/flow-accounting-ols2005/OLS2005/rao/rao.tex b/2005/flow-accounting-ols2005/OLS2005/rao/rao.tex new file mode 100644 index 0000000..cc886f9 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/rao/rao.tex @@ -0,0 +1,100 @@ +% The file must begin with this \documentclass declaration. You can +% give one of three different options which control how picky LaTeX +% is when typesetting: +% +% galley - All ``this doesn't fit'' warnings are suppressed, and +% references are disabled (the key will be printed as a +% reminder). Use this mode while writing. +% +% proof - All ``this doesn't fit'' warnings are active, as are +% references. Overfull hboxes make ugly black blobs in +% the margin. Use this mode to tidy up formatting after +% you're done writing. (Same as article's ``draft'' mode.) +% +% final - As proof, but the ugly black blobs are turned off. Use +% this to render PDFs or PostScript to give to other people, +% when you're completely done. (As with article, this is the +% default.) +% +% You can also use the leqno, fleqn, or openbib options to article.cls +% if you wish. None of article's other options will work. + +%%% +%%% PLEASE CHANGE 'galley' to 'final' BEFORE SUBMITTING. THANKS! +%%% (to submit: "make clean" in the toplevel directory; tar and gzip *only* your directory; +%%% email the gzipped tarball to papers@linuxsymposium.org.) +%%% +\documentclass[galley]{ols} + +% These two packages allow easy handling of urls and identifiers per the example paper. +\usepackage{url} +\usepackage{zrl} + +% The following package is not required, but is a handy way to put PDF and EPS graphics +% into your paper using the \includegraphics command. +\ifpdf +\usepackage[pdftex]{graphicx} +\else +\usepackage{graphicx} +\fi + + +% Here in the preamble, you may load additional packages, or +% define whatever macros you like, with the following exceptions: +% +% - Do not mess with the page layout, either by hand or with packages +% (e.g., typearea, geometry). +% - Do not change the principal fonts, either by hand or with packages. +% - Do not use \pagestyle, or load any page header-related packages. +% - Do not redefine any commands having to do with article titles. +% - If you are using something that is not part of the standard +% tetex-2 distribution, please make a note of whether it's on CTAN, +% or include a copy with your submission. +% + +\begin{document} + +% Mandatory: article title specification. +% Do not put line breaks or other clever formatting in \title or +% \shortauthor; these are moving arguments. + +\title{Examining Linux 2.6 Page-Cache Performance} +\subtitle{ } % Subtitle is optional. +\date{} % You can put a fixed date in if you wish, + % allow LaTeX to use the date of typesetting, + % or use \date{} to have no date at all. + % Whatever you do, there will not be a date + % shown in the proceedings. + +\shortauthor{Sonny Rao} % Just you and your coauthors' names. +% for example, \shortauthor{A.N.\ Author and A.\ Nother} +% or perchance \shortauthor{Smith, Jones, Black, White, Gray, \& Greene} + +\author{% Authors, affiliations, and email addresses go here, like this: +Sonny Rao \\ +{\itshape Your affiliation}\\ +{\ttfamily\normalsize your-address@example.com}\\ +% \and +% Bob \\ +% {\itshape Bob's affiliation.}\\ +% {\ttfamily\normalsize bob@example.com}\\ +} % end author section + +\maketitle + +\begin{abstract} +% Article abstract goes here. +\input{rao-abstract.tex} +\end{abstract} + +% Body of your article goes here. You are mostly unrestricted in what +% LaTeX features you can use; however, the following will not work: +% \thispagestyle +% \marginpar +% table of contents +% list of figures / tables +% glossaries +% indices + +\end{document} + diff --git a/2005/flow-accounting-ols2005/OLS2005/ratliff/Makefile.inc b/2005/flow-accounting-ols2005/OLS2005/ratliff/Makefile.inc new file mode 100644 index 0000000..dd32f16 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/ratliff/Makefile.inc @@ -0,0 +1,7 @@ +PAPERS += ratliff/ratliff.dvi + +## Add any additional .tex or .eps files below: +ratliff/ratliff.dvi ratliff/ratliff-proc.dvi: \ + ratliff/ratliff.tex \ + ratliff/ratliff-abstract.tex + diff --git a/2005/flow-accounting-ols2005/OLS2005/ratliff/ratliff-abstract.tex b/2005/flow-accounting-ols2005/OLS2005/ratliff/ratliff-abstract.tex new file mode 100644 index 0000000..ae3833a --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/ratliff/ratliff-abstract.tex @@ -0,0 +1,31 @@ + +% Registration Trusted Computing and Linux +% [2]Register/Submit Proposal Emily Ratliff (emilyr@us.ibm.com) + + +While Trusted Computing and Linux may seem +antithetical on the surface, Linux users can +benefit from the security features, including +system integrity and key confidentiality, +provided by Trusted Computing. The purpose of +this paper is to discuss the work that we have +done to enable Linux users to make use of +their Trusted Platform Module (TPM) in a +non-evil manner. The paper describes the +individual software components which are +required to enable the use of the TPM, +including the TPM device driver and TrouSerS, +the Trusted Software Stack, and TPM +management. Key concerns with Trusted +Computing are highlighted along with what the +Trusted Computing Group has done and what +individual TPM owners can do to mitigate these +concerns. Example beneficial uses for +individuals and enterprises are discussed +including eCryptfs and GnuPG usage of the TPM. +There is a tremendous opportunity for enhanced +security through enabling projects to use the +TPM so we discuss what we see as the most +promising avenues. + + diff --git a/2005/flow-accounting-ols2005/OLS2005/ratliff/ratliff.tex b/2005/flow-accounting-ols2005/OLS2005/ratliff/ratliff.tex new file mode 100644 index 0000000..2855b9a --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/ratliff/ratliff.tex @@ -0,0 +1,100 @@ +% The file must begin with this \documentclass declaration. You can +% give one of three different options which control how picky LaTeX +% is when typesetting: +% +% galley - All ``this doesn't fit'' warnings are suppressed, and +% references are disabled (the key will be printed as a +% reminder). Use this mode while writing. +% +% proof - All ``this doesn't fit'' warnings are active, as are +% references. Overfull hboxes make ugly black blobs in +% the margin. Use this mode to tidy up formatting after +% you're done writing. (Same as article's ``draft'' mode.) +% +% final - As proof, but the ugly black blobs are turned off. Use +% this to render PDFs or PostScript to give to other people, +% when you're completely done. (As with article, this is the +% default.) +% +% You can also use the leqno, fleqn, or openbib options to article.cls +% if you wish. None of article's other options will work. + +%%% +%%% PLEASE CHANGE 'galley' to 'final' BEFORE SUBMITTING. THANKS! +%%% (to submit: "make clean" in the toplevel directory; tar and gzip *only* your directory; +%%% email the gzipped tarball to papers@linuxsymposium.org.) +%%% +\documentclass[galley]{ols} + +% These two packages allow easy handling of urls and identifiers per the example paper. +\usepackage{url} +\usepackage{zrl} + +% The following package is not required, but is a handy way to put PDF and EPS graphics +% into your paper using the \includegraphics command. +\ifpdf +\usepackage[pdftex]{graphicx} +\else +\usepackage{graphicx} +\fi + + +% Here in the preamble, you may load additional packages, or +% define whatever macros you like, with the following exceptions: +% +% - Do not mess with the page layout, either by hand or with packages +% (e.g., typearea, geometry). +% - Do not change the principal fonts, either by hand or with packages. +% - Do not use \pagestyle, or load any page header-related packages. +% - Do not redefine any commands having to do with article titles. +% - If you are using something that is not part of the standard +% tetex-2 distribution, please make a note of whether it's on CTAN, +% or include a copy with your submission. +% + +\begin{document} + +% Mandatory: article title specification. +% Do not put line breaks or other clever formatting in \title or +% \shortauthor; these are moving arguments. + +\title{Trusted Computing and Linux} +\subtitle{ } % Subtitle is optional. +\date{} % You can put a fixed date in if you wish, + % allow LaTeX to use the date of typesetting, + % or use \date{} to have no date at all. + % Whatever you do, there will not be a date + % shown in the proceedings. + +\shortauthor{Emily Ratliff} % Just you and your coauthors' names. +% for example, \shortauthor{A.N.\ Author and A.\ Nother} +% or perchance \shortauthor{Smith, Jones, Black, White, Gray, \& Greene} + +\author{% Authors, affiliations, and email addresses go here, like this: +Emily Ratliff \\ +{\itshape Your affiliation}\\ +{\ttfamily\normalsize your-address@example.com}\\ +% \and +% Bob \\ +% {\itshape Bob's affiliation.}\\ +% {\ttfamily\normalsize bob@example.com}\\ +} % end author section + +\maketitle + +\begin{abstract} +% Article abstract goes here. +\input{ratliff-abstract.tex} +\end{abstract} + +% Body of your article goes here. You are mostly unrestricted in what +% LaTeX features you can use; however, the following will not work: +% \thispagestyle +% \marginpar +% table of contents +% list of figures / tables +% glossaries +% indices + +\end{document} + diff --git a/2005/flow-accounting-ols2005/OLS2005/reix/Makefile.inc b/2005/flow-accounting-ols2005/OLS2005/reix/Makefile.inc new file mode 100644 index 0000000..8564054 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/reix/Makefile.inc @@ -0,0 +1,7 @@ +PAPERS += reix/reix.dvi + +## Add any additional .tex or .eps files below: +reix/reix.dvi reix/reix-proc.dvi: \ + reix/reix.tex \ + reix/reix-abstract.tex + diff --git a/2005/flow-accounting-ols2005/OLS2005/reix/reix-abstract.tex b/2005/flow-accounting-ols2005/OLS2005/reix/reix-abstract.tex new file mode 100644 index 0000000..187d0e2 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/reix/reix-abstract.tex @@ -0,0 +1,35 @@ + +% Registration NPTL Stabilization Project +% [2]Register/Submit Proposal Tony Franc,ois Claude Reix +% (tony.reix@bull.net) + +Our project is a stabilization effort on the +GNU libc thread library NPTL---Native POSIX +Threading Library. To achieve this, we focused +our work on extending the pool of open-source +tests and on providing a tool for tracing the +internal mechanisms of the library. + +This paper introduces our work with a short +status on tests coverage of the NPTL at the +beginning of the project (February 2004). It +explains how we built the prioritized list of +NPTL routines to be tested. It then describes +our methodology for designing tests in the +following areas: conformance to POSIX +standard, scalability and stress. It also +explains how we have simplified the use of the +tests and the analysis of the results. +Finally, it provides figures about our results +and it shows how the NPTL has evolved during +year 2004. + +The paper goes on to explain how the NPTL +Trace Tool can help NPTL users and hackers to +understand and fix problems. It describes the +features of the tool and presents our chosen +architecture. Finally, it shows the current +status of the project and the possible future +extensions. + + diff --git a/2005/flow-accounting-ols2005/OLS2005/reix/reix.tex b/2005/flow-accounting-ols2005/OLS2005/reix/reix.tex new file mode 100644 index 0000000..0ab8ec6 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/reix/reix.tex @@ -0,0 +1,100 @@ +% The file must begin with this \documentclass declaration. You can +% give one of three different options which control how picky LaTeX +% is when typesetting: +% +% galley - All ``this doesn't fit'' warnings are suppressed, and +% references are disabled (the key will be printed as a +% reminder). Use this mode while writing. +% +% proof - All ``this doesn't fit'' warnings are active, as are +% references. Overfull hboxes make ugly black blobs in +% the margin. Use this mode to tidy up formatting after +% you're done writing. (Same as article's ``draft'' mode.) +% +% final - As proof, but the ugly black blobs are turned off. Use +% this to render PDFs or PostScript to give to other people, +% when you're completely done. (As with article, this is the +% default.) +% +% You can also use the leqno, fleqn, or openbib options to article.cls +% if you wish. None of article's other options will work. + +%%% +%%% PLEASE CHANGE 'galley' to 'final' BEFORE SUBMITTING. THANKS! +%%% (to submit: "make clean" in the toplevel directory; tar and gzip *only* your directory; +%%% email the gzipped tarball to papers@linuxsymposium.org.) +%%% +\documentclass[galley]{ols} + +% These two packages allow easy handling of urls and identifiers per the example paper. +\usepackage{url} +\usepackage{zrl} + +% The following package is not required, but is a handy way to put PDF and EPS graphics +% into your paper using the \includegraphics command. +\ifpdf +\usepackage[pdftex]{graphicx} +\else +\usepackage{graphicx} +\fi + + +% Here in the preamble, you may load additional packages, or +% define whatever macros you like, with the following exceptions: +% +% - Do not mess with the page layout, either by hand or with packages +% (e.g., typearea, geometry). +% - Do not change the principal fonts, either by hand or with packages. +% - Do not use \pagestyle, or load any page header-related packages. +% - Do not redefine any commands having to do with article titles. +% - If you are using something that is not part of the standard +% tetex-2 distribution, please make a note of whether it's on CTAN, +% or include a copy with your submission. +% + +\begin{document} + +% Mandatory: article title specification. +% Do not put line breaks or other clever formatting in \title or +% \shortauthor; these are moving arguments. + +\title{NPTL Stabilization Project} +\subtitle{ } % Subtitle is optional. +\date{} % You can put a fixed date in if you wish, + % allow LaTeX to use the date of typesetting, + % or use \date{} to have no date at all. + % Whatever you do, there will not be a date + % shown in the proceedings. + +\shortauthor{Tony François Claude Reix} % Just you and your coauthors' names. +% for example, \shortauthor{A.N.\ Author and A.\ Nother} +% or perchance \shortauthor{Smith, Jones, Black, White, Gray, \& Greene} + +\author{% Authors, affiliations, and email addresses go here, like this: +Tony François Claude Reix \\ +{\itshape Your affiliation}\\ +{\ttfamily\normalsize your-address@example.com}\\ +% \and +% Bob \\ +% {\itshape Bob's affiliation.}\\ +% {\ttfamily\normalsize bob@example.com}\\ +} % end author section + +\maketitle + +\begin{abstract} +% Article abstract goes here. +\input{reix-abstract.tex} +\end{abstract} + +% Body of your article goes here. You are mostly unrestricted in what +% LaTeX features you can use; however, the following will not work: +% \thispagestyle +% \marginpar +% table of contents +% list of figures / tables +% glossaries +% indices + +\end{document} + diff --git a/2005/flow-accounting-ols2005/OLS2005/ronciak/Makefile.inc b/2005/flow-accounting-ols2005/OLS2005/ronciak/Makefile.inc new file mode 100644 index 0000000..df24de8 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/ronciak/Makefile.inc @@ -0,0 +1,7 @@ +PAPERS += ronciak/ronciak.dvi + +## Add any additional .tex or .eps files below: +ronciak/ronciak.dvi ronciak/ronciak-proc.dvi: \ + ronciak/ronciak.tex \ + ronciak/ronciak-abstract.tex + diff --git a/2005/flow-accounting-ols2005/OLS2005/ronciak/ronciak-abstract.tex b/2005/flow-accounting-ols2005/OLS2005/ronciak/ronciak-abstract.tex new file mode 100644 index 0000000..b4bc8ba --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/ronciak/ronciak-abstract.tex @@ -0,0 +1,31 @@ + +% Registration Networking Driver Performance and Measurement - e1000 A +% Case Study +% Proposal John A Ronciak (john.ronciak@intel.com) + +Networking performance is a popular topic in Linux and +is becoming more critical for achieving good overall +system performance. This paper takes a look at what was +done in the e1000 driver to improve performance by (a) +increasing throughput and (b) reducing of CPU +utilization. A lot of work has gone into the e1000 +Ethernet driver as well into the PRO/1000 Gigabit +Ethernet hardware in regard to both of these +performance attributes This paper covers the major +things that were done to both the driver and to the +hardware to improve many of the aspects of Ethernet +network performance. The paper covers performance +improvements due to the contribution from the Linux +community and from the Intel group responsible for both +the driver and hardware. The paper describes +optimizations to improve small packet performance for +applications like packet routers, VoIP, etc. and those +for standard and jumbo packets and how those +modifications differs from the small packet +optimizations. A discussion on the tools and utilities +used to measure performance and ideas for other tools +that could help to measure performance are presented. +Some of the ideas may require help from the community +for refinement and implementation. + + diff --git a/2005/flow-accounting-ols2005/OLS2005/ronciak/ronciak.tex b/2005/flow-accounting-ols2005/OLS2005/ronciak/ronciak.tex new file mode 100644 index 0000000..83b7a4f --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/ronciak/ronciak.tex @@ -0,0 +1,100 @@ +% The file must begin with this \documentclass declaration. You can +% give one of three different options which control how picky LaTeX +% is when typesetting: +% +% galley - All ``this doesn't fit'' warnings are suppressed, and +% references are disabled (the key will be printed as a +% reminder). Use this mode while writing. +% +% proof - All ``this doesn't fit'' warnings are active, as are +% references. Overfull hboxes make ugly black blobs in +% the margin. Use this mode to tidy up formatting after +% you're done writing. (Same as article's ``draft'' mode.) +% +% final - As proof, but the ugly black blobs are turned off. Use +% this to render PDFs or PostScript to give to other people, +% when you're completely done. (As with article, this is the +% default.) +% +% You can also use the leqno, fleqn, or openbib options to article.cls +% if you wish. None of article's other options will work. + +%%% +%%% PLEASE CHANGE 'galley' to 'final' BEFORE SUBMITTING. THANKS! +%%% (to submit: "make clean" in the toplevel directory; tar and gzip *only* your directory; +%%% email the gzipped tarball to papers@linuxsymposium.org.) +%%% +\documentclass[galley]{ols} + +% These two packages allow easy handling of urls and identifiers per the example paper. +\usepackage{url} +\usepackage{zrl} + +% The following package is not required, but is a handy way to put PDF and EPS graphics +% into your paper using the \includegraphics command. +\ifpdf +\usepackage[pdftex]{graphicx} +\else +\usepackage{graphicx} +\fi + + +% Here in the preamble, you may load additional packages, or +% define whatever macros you like, with the following exceptions: +% +% - Do not mess with the page layout, either by hand or with packages +% (e.g., typearea, geometry). +% - Do not change the principal fonts, either by hand or with packages. +% - Do not use \pagestyle, or load any page header-related packages. +% - Do not redefine any commands having to do with article titles. +% - If you are using something that is not part of the standard +% tetex-2 distribution, please make a note of whether it's on CTAN, +% or include a copy with your submission. +% + +\begin{document} + +% Mandatory: article title specification. +% Do not put line breaks or other clever formatting in \title or +% \shortauthor; these are moving arguments. + +\title{Networking Driver Performance and Measurement - e1000 A Case Study} +\subtitle{ } % Subtitle is optional. +\date{} % You can put a fixed date in if you wish, + % allow LaTeX to use the date of typesetting, + % or use \date{} to have no date at all. + % Whatever you do, there will not be a date + % shown in the proceedings. + +\shortauthor{John A Ronciak} % Just you and your coauthors' names. +% for example, \shortauthor{A.N.\ Author and A.\ Nother} +% or perchance \shortauthor{Smith, Jones, Black, White, Gray, \& Greene} + +\author{% Authors, affiliations, and email addresses go here, like this: +John A Ronciak \\ +{\itshape Your affiliation}\\ +{\ttfamily\normalsize your-address@example.com}\\ +% \and +% Bob \\ +% {\itshape Bob's affiliation.}\\ +% {\ttfamily\normalsize bob@example.com}\\ +} % end author section + +\maketitle + +\begin{abstract} +% Article abstract goes here. +\input{ronciak-abstract.tex} +\end{abstract} + +% Body of your article goes here. You are mostly unrestricted in what +% LaTeX features you can use; however, the following will not work: +% \thispagestyle +% \marginpar +% table of contents +% list of figures / tables +% glossaries +% indices + +\end{document} + diff --git a/2005/flow-accounting-ols2005/OLS2005/russell/Makefile.inc b/2005/flow-accounting-ols2005/OLS2005/russell/Makefile.inc new file mode 100644 index 0000000..f2c2b99 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/russell/Makefile.inc @@ -0,0 +1,7 @@ +PAPERS += russell/russell.dvi + +## Add any additional .tex or .eps files below: +russell/russell.dvi russell/russell-proc.dvi: \ + russell/russell.tex \ + russell/russell-abstract.tex + diff --git a/2005/flow-accounting-ols2005/OLS2005/russell/russell-abstract.tex b/2005/flow-accounting-ols2005/OLS2005/russell/russell-abstract.tex new file mode 100644 index 0000000..4e7eb0f --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/russell/russell-abstract.tex @@ -0,0 +1,36 @@ + +% Registration nfsim: Untested code is buggy code +% [2]Register/Submit Rusty Russell (rusty@rustcorp.com.au) +% Co-Author: Jeremy Kerr (jk@ozlabs.org) + +The netfilter simulation environment (nfsim) allows +netfilter developers to build, run, and test their code +without having to touch a real network, or being root. +On top of this, we built a regression testsuite for +netfilter and iptables. + +Nfsim provides an emulated kernel environment in +userspace, with a simulated IPv4 stack, as well as +enhanced versions of standard kernel primitives such as +locking and a proc filesystem. The kernel code is +sucked into the nfsim environment, and run as a +userspace application with a scriptable command-line +interface which can load and unload modules, add a +route, inject a packet or run iptables, control time, +inspect proc, etc. + +More importantly we can test every single permutation +of external failures automatically: packet drops, +kmalloc failures, timer deletion races, etc. This makes +it possible to check error paths that never happen in +real life. + +This paper will discuss some of our experiences with +nfsim and the progression of the netfilter testsuite as +new features became available in the simulator, and the +amazing effect on development. We will also show the +techniques we used for exhaustive testing, and why +these should be a part of every project. + + + diff --git a/2005/flow-accounting-ols2005/OLS2005/russell/russell.tex b/2005/flow-accounting-ols2005/OLS2005/russell/russell.tex new file mode 100644 index 0000000..3f110d5 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/russell/russell.tex @@ -0,0 +1,102 @@ +% The file must begin with this \documentclass declaration. You can +% give one of three different options which control how picky LaTeX +% is when typesetting: +% +% galley - All ``this doesn't fit'' warnings are suppressed, and +% references are disabled (the key will be printed as a +% reminder). Use this mode while writing. +% +% proof - All ``this doesn't fit'' warnings are active, as are +% references. Overfull hboxes make ugly black blobs in +% the margin. Use this mode to tidy up formatting after +% you're done writing. (Same as article's ``draft'' mode.) +% +% final - As proof, but the ugly black blobs are turned off. Use +% this to render PDFs or PostScript to give to other people, +% when you're completely done. (As with article, this is the +% default.) +% +% You can also use the leqno, fleqn, or openbib options to article.cls +% if you wish. None of article's other options will work. + +%%% +%%% PLEASE CHANGE 'galley' to 'final' BEFORE SUBMITTING. THANKS! +%%% (to submit: "make clean" in the toplevel directory; tar and gzip *only* your directory; +%%% email the gzipped tarball to papers@linuxsymposium.org.) +%%% +\documentclass[galley]{ols} +\usepackage{url} +\usepackage{zrl} + +% The following package is not required, but is a handy way to put PDF and EPS graphics +% into your paper using the \includegraphics command. +\ifpdf +\usepackage[pdftex]{graphicx} +\else +\usepackage{graphicx} +\fi + + +% Here in the preamble, you may load additional packages, or +% define whatever macros you like, with the following exceptions: +% +% - Do not mess with the page layout, either by hand or with packages +% (e.g., typearea, geometry). +% - Do not change the principal fonts, either by hand or with packages. +% - Do not use \pagestyle, or load any page header-related packages. +% - Do not redefine any commands having to do with article titles. +% - If you are using something that is not part of the standard +% tetex-2 distribution, please make a note of whether it's on CTAN, +% or include a copy with your submission. +% + +\begin{document} + +% Mandatory: article title specification. +% Do not put line breaks or other clever formatting in \title or +% \shortauthor; these are moving arguments. + +\title{nfsim: Untested code is buggy code} +\subtitle{ } % Subtitle is optional. +%\date{24 Jan 2005} % You can put a fixed date in if you wish, + % allow LaTeX to use the date of typesetting, + % or use \date{} to have no date at all. + % Whatever you do, there will not be a date + % shown in the proceedings. + +\shortauthor{Rusty Russell} % Just you and your coauthors' names. +% for example, \shortauthor{A.N.\ Author and A.\ Nother} +% or perchance \shortauthor{Smith, Jones, Black, White, Gray, \& Greene} + +\author{% Authors, affiliations, and email addresses go here, like this: +Rusty Russell \\ +{\itshape Your affiliation}\\ +{\ttfamily\normalsize rusty@rustcorp.com.au}\\ +\and +Jeremy Kerr \\ +{\itshape Your affiliation}\\ +{\ttfamily\normalsize jk@ozlabs.org}\\ +% \and +% Bob \\ +% {\itshape Bob's affiliation.}\\ +% {\ttfamily\normalsize bob@example.com}\\ +} % end author section + +\maketitle + +\begin{abstract} +% Article abstract goes here. +\input{russell-abstract.tex} +\end{abstract} + +% Body of your article goes here. You are mostly unrestricted in what +% LaTeX features you can use; however, the following will not work: +% \thispagestyle +% \marginpar +% table of contents +% list of figures / tables +% glossaries +% indices + +\end{document} + diff --git a/2005/flow-accounting-ols2005/OLS2005/schopp/Makefile.inc b/2005/flow-accounting-ols2005/OLS2005/schopp/Makefile.inc new file mode 100644 index 0000000..6131e6b --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/schopp/Makefile.inc @@ -0,0 +1,7 @@ +PAPERS += schopp/schopp.dvi + +## Add any additional .tex or .eps files below: +schopp/schopp.dvi schopp/schopp-proc.dvi: \ + schopp/schopp.tex \ + schopp/schopp-abstract.tex + diff --git a/2005/flow-accounting-ols2005/OLS2005/schopp/schopp-abstract.tex b/2005/flow-accounting-ols2005/OLS2005/schopp/schopp-abstract.tex new file mode 100644 index 0000000..14f77c3 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/schopp/schopp-abstract.tex @@ -0,0 +1,21 @@ + +% Registration Hotplug Memory Redux +% [2]Register/Submit Joel H Schopp (jschopp@austin.ibm.com) + +Memory Hotplug is one of the most anticipated features +in the Linux Kernel. The purpose of memory hotplug is +memory replacement, dynamic workload management, or +Capacity on Demand of Partitioned/Virtual machines. In +this paper we discusses the history of Memory Hotplug +and the LinuxVM including mistakes made along the way +and technologies which have already been replaced. We +also discuss the current state of the art in Memory +Hotplug including user interfaces, \ident{CONFIG_SPARSEMEM}, +the no bitmap buddy allocator, free area splitting +within zones, and memory migration on PPC64, x86-64, +and IA64. Additionally, we give a brief discussion on +the overlap between Memory Hotplug and other areas +including memory defragmentation and NUMA memory +management. Finally, we gaze into the crystal ball to +the future of Memory Hotplug. + diff --git a/2005/flow-accounting-ols2005/OLS2005/schopp/schopp.tex b/2005/flow-accounting-ols2005/OLS2005/schopp/schopp.tex new file mode 100644 index 0000000..88d845d --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/schopp/schopp.tex @@ -0,0 +1,100 @@ +% The file must begin with this \documentclass declaration. You can +% give one of three different options which control how picky LaTeX +% is when typesetting: +% +% galley - All ``this doesn't fit'' warnings are suppressed, and +% references are disabled (the key will be printed as a +% reminder). Use this mode while writing. +% +% proof - All ``this doesn't fit'' warnings are active, as are +% references. Overfull hboxes make ugly black blobs in +% the margin. Use this mode to tidy up formatting after +% you're done writing. (Same as article's ``draft'' mode.) +% +% final - As proof, but the ugly black blobs are turned off. Use +% this to render PDFs or PostScript to give to other people, +% when you're completely done. (As with article, this is the +% default.) +% +% You can also use the leqno, fleqn, or openbib options to article.cls +% if you wish. None of article's other options will work. + +%%% +%%% PLEASE CHANGE 'galley' to 'final' BEFORE SUBMITTING. THANKS! +%%% (to submit: "make clean" in the toplevel directory; tar and gzip *only* your directory; +%%% email the gzipped tarball to papers@linuxsymposium.org.) +%%% +\documentclass[galley]{ols} + +% These two packages allow easy handling of urls and identifiers per the example paper. +\usepackage{url} +\usepackage{zrl} + +% The following package is not required, but is a handy way to put PDF and EPS graphics +% into your paper using the \includegraphics command. +\ifpdf +\usepackage[pdftex]{graphicx} +\else +\usepackage{graphicx} +\fi + + +% Here in the preamble, you may load additional packages, or +% define whatever macros you like, with the following exceptions: +% +% - Do not mess with the page layout, either by hand or with packages +% (e.g., typearea, geometry). +% - Do not change the principal fonts, either by hand or with packages. +% - Do not use \pagestyle, or load any page header-related packages. +% - Do not redefine any commands having to do with article titles. +% - If you are using something that is not part of the standard +% tetex-2 distribution, please make a note of whether it's on CTAN, +% or include a copy with your submission. +% + +\begin{document} + +% Mandatory: article title specification. +% Do not put line breaks or other clever formatting in \title or +% \shortauthor; these are moving arguments. + +\title{Hotplug Memory Redux} +\subtitle{ } % Subtitle is optional. +\date{} % You can put a fixed date in if you wish, + % allow LaTeX to use the date of typesetting, + % or use \date{} to have no date at all. + % Whatever you do, there will not be a date + % shown in the proceedings. + +\shortauthor{Joel H Schopp} % Just you and your coauthors' names. +% for example, \shortauthor{A.N.\ Author and A.\ Nother} +% or perchance \shortauthor{Smith, Jones, Black, White, Gray, \& Greene} + +\author{% Authors, affiliations, and email addresses go here, like this: +Joel H Schopp \\ +{\itshape Your affiliation}\\ +{\ttfamily\normalsize your-address@example.com}\\ +% \and +% Bob \\ +% {\itshape Bob's affiliation.}\\ +% {\ttfamily\normalsize bob@example.com}\\ +} % end author section + +\maketitle + +\begin{abstract} +% Article abstract goes here. +\input{schopp-abstract.tex} +\end{abstract} + +% Body of your article goes here. You are mostly unrestricted in what +% LaTeX features you can use; however, the following will not work: +% \thispagestyle +% \marginpar +% table of contents +% list of figures / tables +% glossaries +% indices + +\end{document} + diff --git a/2005/flow-accounting-ols2005/OLS2005/seelam/Makefile.inc b/2005/flow-accounting-ols2005/OLS2005/seelam/Makefile.inc new file mode 100644 index 0000000..b3bdd55 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/seelam/Makefile.inc @@ -0,0 +1,7 @@ +PAPERS += seelam/seelam.dvi + +## Add any additional .tex or .eps files below: +seelam/seelam.dvi seelam/seelam-proc.dvi: \ + seelam/seelam.tex \ + seelam/seelam-abstract.tex + diff --git a/2005/flow-accounting-ols2005/OLS2005/seelam/seelam-abstract.tex b/2005/flow-accounting-ols2005/OLS2005/seelam/seelam-abstract.tex new file mode 100644 index 0000000..26070b0 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/seelam/seelam-abstract.tex @@ -0,0 +1,56 @@ + +% Registration Enhancements to Linux I/O Scheduling +% [2]Register/Submit Proposal Seetharami R Seelam (seelam@cs.utep.edu) + +The Linux 2.6 release provides four I/O +schedulers: deadline, anticipatory, noop, and +completely fair queuing (CFQ), along with an +option to select one of these four at boot +time. The selection is based on \textit{a priori} +knowledge of the workload, hardware +configuration of the system, and the file +system, among other factors. The anticipatory +scheduler (AS) is the default. Although the AS +performs well under many situations, we have +identified cases, under certain combinations +of workloads, where the AS leads to starvation +of processes. To mitigate this problem, we +implemented an extension to the AS (called +Cooperative AS or CAS) and compared its +performance with the other four schedulers. +This paper briefly describes the AS and the +related deadline scheduler, highlighting their +shortcomings; in addition, it gives a detailed +description of the CAS. We report performance +of all five schedulers on a set of workloads, +which represent a wide range of I/O behavior. +The study shows that (1) the CAS has an order +of magnitude improvement in performance in +cases where the AS leads to starvation and (2) +in several cases the CAS has performance +comparable to that of the other schedulers. +But, as the literature and this study reports, +no one scheduler can provide the best possible +performance for all workloads; accordingly, +Linux provides four from which to select. Even +when dealing with just four I/O schedulers, in +systems that service concurrent workloads with +different I/O behaviors, \textit{a priori} selection of +the scheduler with the best possible +performance can be an intricate task. Dynamic +selection based on workload needs, system +configuration, and other parameters can +address this challenge. Accordingly, we are +developing metrics and heuristics that can be +used for this purpose. The paper concludes +with a description of our efforts in this +direction, in particular, we present a +characterization function based on metrics +related to system behavior and I/O requests +that can be used to measure and compare +scheduling algorithm performance. This +characterization function can be used to +dynamically select an appropriate scheduler +based on observed system behavior. + + diff --git a/2005/flow-accounting-ols2005/OLS2005/seelam/seelam.tex b/2005/flow-accounting-ols2005/OLS2005/seelam/seelam.tex new file mode 100644 index 0000000..f428458 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/seelam/seelam.tex @@ -0,0 +1,100 @@ +% The file must begin with this \documentclass declaration. You can +% give one of three different options which control how picky LaTeX +% is when typesetting: +% +% galley - All ``this doesn't fit'' warnings are suppressed, and +% references are disabled (the key will be printed as a +% reminder). Use this mode while writing. +% +% proof - All ``this doesn't fit'' warnings are active, as are +% references. Overfull hboxes make ugly black blobs in +% the margin. Use this mode to tidy up formatting after +% you're done writing. (Same as article's ``draft'' mode.) +% +% final - As proof, but the ugly black blobs are turned off. Use +% this to render PDFs or PostScript to give to other people, +% when you're completely done. (As with article, this is the +% default.) +% +% You can also use the leqno, fleqn, or openbib options to article.cls +% if you wish. None of article's other options will work. + +%%% +%%% PLEASE CHANGE 'galley' to 'final' BEFORE SUBMITTING. THANKS! +%%% (to submit: "make clean" in the toplevel directory; tar and gzip *only* your directory; +%%% email the gzipped tarball to papers@linuxsymposium.org.) +%%% +\documentclass[galley]{ols} + +% These two packages allow easy handling of urls and identifiers per the example paper. +\usepackage{url} +\usepackage{zrl} + +% The following package is not required, but is a handy way to put PDF and EPS graphics +% into your paper using the \includegraphics command. +\ifpdf +\usepackage[pdftex]{graphicx} +\else +\usepackage{graphicx} +\fi + + +% Here in the preamble, you may load additional packages, or +% define whatever macros you like, with the following exceptions: +% +% - Do not mess with the page layout, either by hand or with packages +% (e.g., typearea, geometry). +% - Do not change the principal fonts, either by hand or with packages. +% - Do not use \pagestyle, or load any page header-related packages. +% - Do not redefine any commands having to do with article titles. +% - If you are using something that is not part of the standard +% tetex-2 distribution, please make a note of whether it's on CTAN, +% or include a copy with your submission. +% + +\begin{document} + +% Mandatory: article title specification. +% Do not put line breaks or other clever formatting in \title or +% \shortauthor; these are moving arguments. + +\title{Enhancements to Linux I/O Scheduling} +\subtitle{ } % Subtitle is optional. +\date{} % You can put a fixed date in if you wish, + % allow LaTeX to use the date of typesetting, + % or use \date{} to have no date at all. + % Whatever you do, there will not be a date + % shown in the proceedings. + +\shortauthor{Seetharami R Seelam} % Just you and your coauthors' names. +% for example, \shortauthor{A.N.\ Author and A.\ Nother} +% or perchance \shortauthor{Smith, Jones, Black, White, Gray, \& Greene} + +\author{% Authors, affiliations, and email addresses go here, like this: +Seetharami R Seelam \\ +{\itshape Your affiliation}\\ +{\ttfamily\normalsize your-address@example.com}\\ +% \and +% Bob \\ +% {\itshape Bob's affiliation.}\\ +% {\ttfamily\normalsize bob@example.com}\\ +} % end author section + +\maketitle + +\begin{abstract} +% Article abstract goes here. +\input{seelam-abstract.tex} +\end{abstract} + +% Body of your article goes here. You are mostly unrestricted in what +% LaTeX features you can use; however, the following will not work: +% \thispagestyle +% \marginpar +% table of contents +% list of figures / tables +% glossaries +% indices + +\end{document} + diff --git a/2005/flow-accounting-ols2005/OLS2005/siddha/Makefile.inc b/2005/flow-accounting-ols2005/OLS2005/siddha/Makefile.inc new file mode 100644 index 0000000..e083549 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/siddha/Makefile.inc @@ -0,0 +1,7 @@ +PAPERS += siddha/siddha.dvi + +## Add any additional .tex or .eps files below: +siddha/siddha.dvi siddha/siddha-proc.dvi: \ + siddha/siddha.tex \ + siddha/siddha-abstract.tex + diff --git a/2005/flow-accounting-ols2005/OLS2005/siddha/siddha-abstract.tex b/2005/flow-accounting-ols2005/OLS2005/siddha/siddha-abstract.tex new file mode 100644 index 0000000..f8f1bbe --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/siddha/siddha-abstract.tex @@ -0,0 +1,43 @@ + +% Registration Chip Multi Processing(CMP) aware Linux Kernel Scheduler +% [2]Register/Submit Suresh Siddha (suresh.b.siddha@intel.com) + +Recent advances in semiconductor manufacturing and +engineering technologies have led to the inclusion of +more than one CPU core in a single physical package. +This, popularly know as Chip Multi Processing (CMP), +allows multiple instruction streams to execute at the +same time. CMP is in addition to today's Simultaneous +Multi Threading (SMT) capabilities, like Intel{\textregistered} +Hyper-Threading technology which allows a processor to +present itself as two logical processors, resulting in +best use of execution resources. With CMP, today's +Linux Kernel will deliver instantaneous performance +improvement. Linux Kernel scheduler could be further +optimized by making it CMP-aware. + +In this paper, we will start with an overview of +different CMP implementation's and then look into +performance, power related optimization opportunities. +We will describe the trade-offs between peak +performance and power saving requirements. We will +discuss how scheduler enhancements like + +\begin{itemize} +\item adding a new scheduler domain for CMP + +\item setting up domain properties based on CMP +characteristics + +\item active load balancing in the context of CMP and SMT +\end{itemize} + +will improve the peak performance. Secondly, we will +look at scheduler enhancements focusing power savings. +We will then present scheduling policies that an +administrator can select based on the performance and +power requirements. We will close the paper with a +brief look at CMP trends in future generation Intel(R) +processors. + + diff --git a/2005/flow-accounting-ols2005/OLS2005/siddha/siddha.tex b/2005/flow-accounting-ols2005/OLS2005/siddha/siddha.tex new file mode 100644 index 0000000..42cd3e5 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/siddha/siddha.tex @@ -0,0 +1,100 @@ +% The file must begin with this \documentclass declaration. You can +% give one of three different options which control how picky LaTeX +% is when typesetting: +% +% galley - All ``this doesn't fit'' warnings are suppressed, and +% references are disabled (the key will be printed as a +% reminder). Use this mode while writing. +% +% proof - All ``this doesn't fit'' warnings are active, as are +% references. Overfull hboxes make ugly black blobs in +% the margin. Use this mode to tidy up formatting after +% you're done writing. (Same as article's ``draft'' mode.) +% +% final - As proof, but the ugly black blobs are turned off. Use +% this to render PDFs or PostScript to give to other people, +% when you're completely done. (As with article, this is the +% default.) +% +% You can also use the leqno, fleqn, or openbib options to article.cls +% if you wish. None of article's other options will work. + +%%% +%%% PLEASE CHANGE 'galley' to 'final' BEFORE SUBMITTING. THANKS! +%%% (to submit: "make clean" in the toplevel directory; tar and gzip *only* your directory; +%%% email the gzipped tarball to papers@linuxsymposium.org.) +%%% +\documentclass[galley]{ols} + +% These two packages allow easy handling of urls and identifiers per the example paper. +\usepackage{url} +\usepackage{zrl} + +% The following package is not required, but is a handy way to put PDF and EPS graphics +% into your paper using the \includegraphics command. +\ifpdf +\usepackage[pdftex]{graphicx} +\else +\usepackage{graphicx} +\fi + + +% Here in the preamble, you may load additional packages, or +% define whatever macros you like, with the following exceptions: +% +% - Do not mess with the page layout, either by hand or with packages +% (e.g., typearea, geometry). +% - Do not change the principal fonts, either by hand or with packages. +% - Do not use \pagestyle, or load any page header-related packages. +% - Do not redefine any commands having to do with article titles. +% - If you are using something that is not part of the standard +% tetex-2 distribution, please make a note of whether it's on CTAN, +% or include a copy with your submission. +% + +\begin{document} + +% Mandatory: article title specification. +% Do not put line breaks or other clever formatting in \title or +% \shortauthor; these are moving arguments. + +\title{Chip Multi Processing (CMP) aware Linux Kernel Scheduler} +\subtitle{ } % Subtitle is optional. +\date{} % You can put a fixed date in if you wish, + % allow LaTeX to use the date of typesetting, + % or use \date{} to have no date at all. + % Whatever you do, there will not be a date + % shown in the proceedings. + +\shortauthor{Suresh Siddha} % Just you and your coauthors' names. +% for example, \shortauthor{A.N.\ Author and A.\ Nother} +% or perchance \shortauthor{Smith, Jones, Black, White, Gray, \& Greene} + +\author{% Authors, affiliations, and email addresses go here, like this: +Suresh Siddha \\ +{\itshape Your affiliation}\\ +{\ttfamily\normalsize your-address@example.com}\\ +% \and +% Bob \\ +% {\itshape Bob's affiliation.}\\ +% {\ttfamily\normalsize bob@example.com}\\ +} % end author section + +\maketitle + +\begin{abstract} +% Article abstract goes here. +\input{siddha-abstract.tex} +\end{abstract} + +% Body of your article goes here. You are mostly unrestricted in what +% LaTeX features you can use; however, the following will not work: +% \thispagestyle +% \marginpar +% table of contents +% list of figures / tables +% glossaries +% indices + +\end{document} + diff --git a/2005/flow-accounting-ols2005/OLS2005/stonge/Makefile.inc b/2005/flow-accounting-ols2005/OLS2005/stonge/Makefile.inc new file mode 100644 index 0000000..3964b7a --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/stonge/Makefile.inc @@ -0,0 +1,7 @@ +PAPERS += stonge/stonge.dvi + +## Add any additional .tex or .eps files below: +stonge/stonge.dvi stonge/stonge-proc.dvi: \ + stonge/stonge.tex \ + stonge/stonge-abstract.tex + diff --git a/2005/flow-accounting-ols2005/OLS2005/stonge/stonge-abstract.tex b/2005/flow-accounting-ols2005/OLS2005/stonge/stonge-abstract.tex new file mode 100644 index 0000000..6d94b44 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/stonge/stonge-abstract.tex @@ -0,0 +1,29 @@ + +% Registration SeqHoundRWeb.py: a Python-based interface to a +% comprehensive online bioinformatics resource +% Peter St. Onge (pete@seul.org) + +In the post-genomic era, getting useful +answers to challenging biological questions +often demands significant expertise and +resources not only to acquire the requisite +biological data but also to manage it. The +storage required to maintain a workable +genomic or proteomic database is usually out +of reach for most biologists. Some toolsets +already exist to facilitate some aspects of +data analysis, and others for access to +particular data stores (e.g., NCBI Toolkit), +but there is a substantial learning curve to +these tools and installation is often +non-trival. SeqHoundRWeb.py grew out of a +common frustration in bioinformatics---the +initiate bioinformaticist often has +substantial biological knowledge, but little +experience in computing; Python is often held +up as a good first scripting language to +learn, and in our experience new users can be +productive fairly rapidly. + + + diff --git a/2005/flow-accounting-ols2005/OLS2005/stonge/stonge.tex b/2005/flow-accounting-ols2005/OLS2005/stonge/stonge.tex new file mode 100644 index 0000000..5a45736 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/stonge/stonge.tex @@ -0,0 +1,98 @@ +% The file must begin with this \documentclass declaration. You can +% give one of three different options which control how picky LaTeX +% is when typesetting: +% +% galley - All ``this doesn't fit'' warnings are suppressed, and +% references are disabled (the key will be printed as a +% reminder). Use this mode while writing. +% +% proof - All ``this doesn't fit'' warnings are active, as are +% references. Overfull hboxes make ugly black blobs in +% the margin. Use this mode to tidy up formatting after +% you're done writing. (Same as article's ``draft'' mode.) +% +% final - As proof, but the ugly black blobs are turned off. Use +% this to render PDFs or PostScript to give to other people, +% when you're completely done. (As with article, this is the +% default.) +% +% You can also use the leqno, fleqn, or openbib options to article.cls +% if you wish. None of article's other options will work. + +%%% +%%% PLEASE CHANGE 'galley' to 'final' BEFORE SUBMITTING. THANKS! +%%% (to submit: "make clean" in the toplevel directory; tar and gzip *only* your directory; +%%% email the gzipped tarball to papers@linuxsymposium.org.) +%%% +\documentclass[galley]{ols} +\usepackage{url} +\usepackage{zrl} + +% The following package is not required, but is a handy way to put PDF and EPS graphics +% into your paper using the \includegraphics command. +\ifpdf +\usepackage[pdftex]{graphicx} +\else +\usepackage{graphicx} +\fi + + +% Here in the preamble, you may load additional packages, or +% define whatever macros you like, with the following exceptions: +% +% - Do not mess with the page layout, either by hand or with packages +% (e.g., typearea, geometry). +% - Do not change the principal fonts, either by hand or with packages. +% - Do not use \pagestyle, or load any page header-related packages. +% - Do not redefine any commands having to do with article titles. +% - If you are using something that is not part of the standard +% tetex-2 distribution, please make a note of whether it's on CTAN, +% or include a copy with your submission. +% + +\begin{document} + +% Mandatory: article title specification. +% Do not put line breaks or other clever formatting in \title or +% \shortauthor; these are moving arguments. + +\title{SeqHoundRWeb.py: a Python-based interface to a comprehensive online bioinformatics resource} +\subtitle{ } % Subtitle is optional. +%\date{24 Jan 2005} % You can put a fixed date in if you wish, + % allow LaTeX to use the date of typesetting, + % or use \date{} to have no date at all. + % Whatever you do, there will not be a date + % shown in the proceedings. + +\shortauthor{Peter St.~Onge} % Just you and your coauthors' names. +% for example, \shortauthor{A.N.\ Author and A.\ Nother} +% or perchance \shortauthor{Smith, Jones, Black, White, Gray, \& Greene} + +\author{% Authors, affiliations, and email addresses go here, like this: +Peter St.~Onge \\ +{\itshape Your affiliation}\\ +{\ttfamily\normalsize your-address@example.com}\\ +% \and +% Bob \\ +% {\itshape Bob's affiliation.}\\ +% {\ttfamily\normalsize bob@example.com}\\ +} % end author section + +\maketitle + +\begin{abstract} +% Article abstract goes here. +\input{stonge-abstract.tex} +\end{abstract} + +% Body of your article goes here. You are mostly unrestricted in what +% LaTeX features you can use; however, the following will not work: +% \thispagestyle +% \marginpar +% table of contents +% list of figures / tables +% glossaries +% indices + +\end{document} + diff --git a/2005/flow-accounting-ols2005/OLS2005/thirumalai/Makefile.inc b/2005/flow-accounting-ols2005/OLS2005/thirumalai/Makefile.inc new file mode 100644 index 0000000..b411055 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/thirumalai/Makefile.inc @@ -0,0 +1,7 @@ +PAPERS += thirumalai/thirumalai.dvi + +## Add any additional .tex or .eps files below: +thirumalai/thirumalai.dvi thirumalai/thirumalai-proc.dvi: \ + thirumalai/thirumalai.tex \ + thirumalai/thirumalai-abstract.tex + diff --git a/2005/flow-accounting-ols2005/OLS2005/thirumalai/thirumalai-abstract.tex b/2005/flow-accounting-ols2005/OLS2005/thirumalai/thirumalai-abstract.tex new file mode 100644 index 0000000..bed51e1 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/thirumalai/thirumalai-abstract.tex @@ -0,0 +1,4 @@ +% [1]>linuxsymposium July 20-23rd, 2005, Ottawa, Canada +% +% Registration No such abstract.. + diff --git a/2005/flow-accounting-ols2005/OLS2005/thirumalai/thirumalai.tex b/2005/flow-accounting-ols2005/OLS2005/thirumalai/thirumalai.tex new file mode 100644 index 0000000..af15932 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/thirumalai/thirumalai.tex @@ -0,0 +1,100 @@ +% The file must begin with this \documentclass declaration. You can +% give one of three different options which control how picky LaTeX +% is when typesetting: +% +% galley - All ``this doesn't fit'' warnings are suppressed, and +% references are disabled (the key will be printed as a +% reminder). Use this mode while writing. +% +% proof - All ``this doesn't fit'' warnings are active, as are +% references. Overfull hboxes make ugly black blobs in +% the margin. Use this mode to tidy up formatting after +% you're done writing. (Same as article's ``draft'' mode.) +% +% final - As proof, but the ugly black blobs are turned off. Use +% this to render PDFs or PostScript to give to other people, +% when you're completely done. (As with article, this is the +% default.) +% +% You can also use the leqno, fleqn, or openbib options to article.cls +% if you wish. None of article's other options will work. + +%%% +%%% PLEASE CHANGE 'galley' to 'final' BEFORE SUBMITTING. THANKS! +%%% (to submit: "make clean" in the toplevel directory; tar and gzip *only* your directory; +%%% email the gzipped tarball to papers@linuxsymposium.org.) +%%% +\documentclass[galley]{ols} + +% These two packages allow easy handling of urls and identifiers per the example paper. +\usepackage{url} +\usepackage{zrl} + +% The following package is not required, but is a handy way to put PDF and EPS graphics +% into your paper using the \includegraphics command. +\ifpdf +\usepackage[pdftex]{graphicx} +\else +\usepackage{graphicx} +\fi + + +% Here in the preamble, you may load additional packages, or +% define whatever macros you like, with the following exceptions: +% +% - Do not mess with the page layout, either by hand or with packages +% (e.g., typearea, geometry). +% - Do not change the principal fonts, either by hand or with packages. +% - Do not use \pagestyle, or load any page header-related packages. +% - Do not redefine any commands having to do with article titles. +% - If you are using something that is not part of the standard +% tetex-2 distribution, please make a note of whether it's on CTAN, +% or include a copy with your submission. +% + +\begin{document} + +% Mandatory: article title specification. +% Do not put line breaks or other clever formatting in \title or +% \shortauthor; these are moving arguments. + +\title{Ho Hum, yet another memory allocator. Do we need another dynamic per-cpu allocator?} +\subtitle{ } % Subtitle is optional. +\date{} % You can put a fixed date in if you wish, + % allow LaTeX to use the date of typesetting, + % or use \date{} to have no date at all. + % Whatever you do, there will not be a date + % shown in the proceedings. + +\shortauthor{Ravikiran G Thirumalai} % Just you and your coauthors' names. +% for example, \shortauthor{A.N.\ Author and A.\ Nother} +% or perchance \shortauthor{Smith, Jones, Black, White, Gray, \& Greene} + +\author{% Authors, affiliations, and email addresses go here, like this: +Ravikiran G Thirumalai \\ +{\itshape Your affiliation}\\ +{\ttfamily\normalsize your-address@example.com}\\ +% \and +% Bob \\ +% {\itshape Bob's affiliation.}\\ +% {\ttfamily\normalsize bob@example.com}\\ +} % end author section + +\maketitle + +\begin{abstract} +% Article abstract goes here. +\input{thirumalai-abstract.tex} +\end{abstract} + +% Body of your article goes here. You are mostly unrestricted in what +% LaTeX features you can use; however, the following will not work: +% \thispagestyle +% \marginpar +% table of contents +% list of figures / tables +% glossaries +% indices + +\end{document} + diff --git a/2005/flow-accounting-ols2005/OLS2005/trowbridge/Makefile.inc b/2005/flow-accounting-ols2005/OLS2005/trowbridge/Makefile.inc new file mode 100644 index 0000000..685b306 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/trowbridge/Makefile.inc @@ -0,0 +1,7 @@ +PAPERS += trowbridge/trowbridge.dvi + +## Add any additional .tex or .eps files below: +trowbridge/trowbridge.dvi trowbridge/trowbridge-proc.dvi: \ + trowbridge/trowbridge.tex \ + trowbridge/trowbridge-abstract.tex + diff --git a/2005/flow-accounting-ols2005/OLS2005/trowbridge/trowbridge-abstract.tex b/2005/flow-accounting-ols2005/OLS2005/trowbridge/trowbridge-abstract.tex new file mode 100644 index 0000000..df30427 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/trowbridge/trowbridge-abstract.tex @@ -0,0 +1,22 @@ + +% Registration Beagle: Free and Open Desktop Search +% [2]Register/Submit Proposal Jon Trowbridge (trow@novell.com) + +I will be discussing Beagle, a desktop search +system that is currently being developed by +Novell. It acts as a search aggregator, +providing a simple API for simultaneously +querying multiple data sources. Pluggable +backends do the actual searching while Beagle +handles the details, such as consolidating and +ranking the hits and passing them back to +client applications. Beagle includes a core +set of backends that build full-text indexes +of your personal data, allowing you to +efficiently search your files, e-mail, +contacts, calendar, IM logs, notes and web +history. These indexes are updated in real +time to ensure that any search results will +always reflect the current state of your data. + + diff --git a/2005/flow-accounting-ols2005/OLS2005/trowbridge/trowbridge.tex b/2005/flow-accounting-ols2005/OLS2005/trowbridge/trowbridge.tex new file mode 100644 index 0000000..9d408bb --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/trowbridge/trowbridge.tex @@ -0,0 +1,100 @@ +% The file must begin with this \documentclass declaration. You can +% give one of three different options which control how picky LaTeX +% is when typesetting: +% +% galley - All ``this doesn't fit'' warnings are suppressed, and +% references are disabled (the key will be printed as a +% reminder). Use this mode while writing. +% +% proof - All ``this doesn't fit'' warnings are active, as are +% references. Overfull hboxes make ugly black blobs in +% the margin. Use this mode to tidy up formatting after +% you're done writing. (Same as article's ``draft'' mode.) +% +% final - As proof, but the ugly black blobs are turned off. Use +% this to render PDFs or PostScript to give to other people, +% when you're completely done. (As with article, this is the +% default.) +% +% You can also use the leqno, fleqn, or openbib options to article.cls +% if you wish. None of article's other options will work. + +%%% +%%% PLEASE CHANGE 'galley' to 'final' BEFORE SUBMITTING. THANKS! +%%% (to submit: "make clean" in the toplevel directory; tar and gzip *only* your directory; +%%% email the gzipped tarball to papers@linuxsymposium.org.) +%%% +\documentclass[galley]{ols} + +% These two packages allow easy handling of urls and identifiers per the example paper. +\usepackage{url} +\usepackage{zrl} + +% The following package is not required, but is a handy way to put PDF and EPS graphics +% into your paper using the \includegraphics command. +\ifpdf +\usepackage[pdftex]{graphicx} +\else +\usepackage{graphicx} +\fi + + +% Here in the preamble, you may load additional packages, or +% define whatever macros you like, with the following exceptions: +% +% - Do not mess with the page layout, either by hand or with packages +% (e.g., typearea, geometry). +% - Do not change the principal fonts, either by hand or with packages. +% - Do not use \pagestyle, or load any page header-related packages. +% - Do not redefine any commands having to do with article titles. +% - If you are using something that is not part of the standard +% tetex-2 distribution, please make a note of whether it's on CTAN, +% or include a copy with your submission. +% + +\begin{document} + +% Mandatory: article title specification. +% Do not put line breaks or other clever formatting in \title or +% \shortauthor; these are moving arguments. + +\title{Beagle: Free and Open Desktop Search} +\subtitle{ } % Subtitle is optional. +\date{} % You can put a fixed date in if you wish, + % allow LaTeX to use the date of typesetting, + % or use \date{} to have no date at all. + % Whatever you do, there will not be a date + % shown in the proceedings. + +\shortauthor{Jon Trowbridge} % Just you and your coauthors' names. +% for example, \shortauthor{A.N.\ Author and A.\ Nother} +% or perchance \shortauthor{Smith, Jones, Black, White, Gray, \& Greene} + +\author{% Authors, affiliations, and email addresses go here, like this: +Jon Trowbridge \\ +{\itshape Your affiliation}\\ +{\ttfamily\normalsize your-address@example.com}\\ +% \and +% Bob \\ +% {\itshape Bob's affiliation.}\\ +% {\ttfamily\normalsize bob@example.com}\\ +} % end author section + +\maketitle + +\begin{abstract} +% Article abstract goes here. +\input{trowbridge-abstract.tex} +\end{abstract} + +% Body of your article goes here. You are mostly unrestricted in what +% LaTeX features you can use; however, the following will not work: +% \thispagestyle +% \marginpar +% table of contents +% list of figures / tables +% glossaries +% indices + +\end{document} + diff --git a/2005/flow-accounting-ols2005/OLS2005/vanhensbergen/Makefile.inc b/2005/flow-accounting-ols2005/OLS2005/vanhensbergen/Makefile.inc new file mode 100644 index 0000000..457de7d --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/vanhensbergen/Makefile.inc @@ -0,0 +1,7 @@ +PAPERS += vanhensbergen/vanhensbergen.dvi + +## Add any additional .tex or .eps files below: +vanhensbergen/vanhensbergen.dvi vanhensbergen/vanhensbergen-proc.dvi: \ + vanhensbergen/vanhensbergen.tex \ + vanhensbergen/vanhensbergen-abstract.tex + diff --git a/2005/flow-accounting-ols2005/OLS2005/vanhensbergen/vanhensbergen-abstract.tex b/2005/flow-accounting-ols2005/OLS2005/vanhensbergen/vanhensbergen-abstract.tex new file mode 100644 index 0000000..8ad1386 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/vanhensbergen/vanhensbergen-abstract.tex @@ -0,0 +1,30 @@ + +% Registration Glen or Glenda: Empowering Users and +% Applications with Private Namespaces +% Eric Van Hensbergen (bergevan@us.ibm.com) + +Private namespaces were first introduced into +Linux during the 2.4 kernel series. Their use +has been limited due to namespace manipulation +being considered a privileged operation. +Giving users and applications the ability to +create private namespaces as well as the +ability to mount and bind resources is the key +to unlocking the full potential of this +technology. There are serious performance, +security and stability issues involved with +user-controlled dynamic private namespaces in +Linux. This paper will propose a mechanism for +maintaining system integrity while unlocking +the power of dynamic namespaces for normal +users. It will go on to discuss relevant +potential applications of this technology +including its use with FUSE (Filesystem in +Userspace), v9fs (the Linux port of the Plan 9 +resource sharing protocol) and Plan 9 from +User Space (the Plan 9 application suite +including userspace synthetic file servers +ported to UNIX variants). + + + diff --git a/2005/flow-accounting-ols2005/OLS2005/vanhensbergen/vanhensbergen.tex b/2005/flow-accounting-ols2005/OLS2005/vanhensbergen/vanhensbergen.tex new file mode 100644 index 0000000..87cbcff --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/vanhensbergen/vanhensbergen.tex @@ -0,0 +1,97 @@ +% The file must begin with this \documentclass declaration. You can +% give one of three different options which control how picky LaTeX +% is when typesetting: +% +% galley - All ``this doesn't fit'' warnings are suppressed, and +% references are disabled (the key will be printed as a +% reminder). Use this mode while writing. +% +% proof - All ``this doesn't fit'' warnings are active, as are +% references. Overfull hboxes make ugly black blobs in +% the margin. Use this mode to tidy up formatting after +% you're done writing. (Same as article's ``draft'' mode.) +% +% final - As proof, but the ugly black blobs are turned off. Use +% this to render PDFs or PostScript to give to other people, +% when you're completely done. (As with article, this is the +% default.) +% +% You can also use the leqno, fleqn, or openbib options to article.cls +% if you wish. None of article's other options will work. + +%%% +%%% PLEASE CHANGE 'galley' to 'final' BEFORE SUBMITTING. THANKS! +%%% (to submit: "make clean" in the toplevel directory; tar and gzip *only* your directory; +%%% email the gzipped tarball to papers@linuxsymposium.org.) +%%% +\documentclass[galley]{ols} +\usepackage{url} +\usepackage{zrl} + +% The following package is not required, but is a handy way to put PDF and EPS graphics +% into your paper using the \includegraphics command. +\ifpdf +\usepackage[pdftex]{graphicx} +\else +\usepackage{graphicx} +\fi + +% Here in the preamble, you may load additional packages, or +% define whatever macros you like, with the following exceptions: +% +% - Do not mess with the page layout, either by hand or with packages +% (e.g., typearea, geometry). +% - Do not change the principal fonts, either by hand or with packages. +% - Do not use \pagestyle, or load any page header-related packages. +% - Do not redefine any commands having to do with article titles. +% - If you are using something that is not part of the standard +% tetex-2 distribution, please make a note of whether it's on CTAN, +% or include a copy with your submission. +% + +\begin{document} + +% Mandatory: article title specification. +% Do not put line breaks or other clever formatting in \title or +% \shortauthor; these are moving arguments. + +\title{Glen or Glenda: Empowering Users and Applications with Private Namespaces} +\subtitle{ } % Subtitle is optional. +%\date{24 Jan 2005} % You can put a fixed date in if you wish, + % allow LaTeX to use the date of typesetting, + % or use \date{} to have no date at all. + % Whatever you do, there will not be a date + % shown in the proceedings. + +\shortauthor{Eric Van Hensbergen} % Just you and your coauthors' names. +% for example, \shortauthor{A.N.\ Author and A.\ Nother} +% or perchance \shortauthor{Smith, Jones, Black, White, Gray, \& Greene} + +\author{% Authors, affiliations, and email addresses go here, like this: +Eric Van Hensbergen \\ +{\itshape Your affiliation}\\ +{\ttfamily\normalsize your-address@example.com}\\ +% \and +% Bob \\ +% {\itshape Bob's affiliation.}\\ +% {\ttfamily\normalsize bob@example.com}\\ +} % end author section + +\maketitle + +\begin{abstract} +% Article abstract goes here. +\input{vanhensbergen-abstract.tex} +\end{abstract} + +% Body of your article goes here. You are mostly unrestricted in what +% LaTeX features you can use; however, the following will not work: +% \thispagestyle +% \marginpar +% table of contents +% list of figures / tables +% glossaries +% indices + +\end{document} + diff --git a/2005/flow-accounting-ols2005/OLS2005/vasilevsky/Makefile.inc b/2005/flow-accounting-ols2005/OLS2005/vasilevsky/Makefile.inc new file mode 100644 index 0000000..7253bab --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/vasilevsky/Makefile.inc @@ -0,0 +1,7 @@ +PAPERS += vasilevsky/vasilevsky.dvi + +## Add any additional .tex or .eps files below: +vasilevsky/vasilevsky.dvi vasilevsky/vasilevsky-proc.dvi: \ + vasilevsky/vasilevsky.tex \ + vasilevsky/vasilevsky-abstract.tex + diff --git a/2005/flow-accounting-ols2005/OLS2005/vasilevsky/vasilevsky-abstract.tex b/2005/flow-accounting-ols2005/OLS2005/vasilevsky/vasilevsky-abstract.tex new file mode 100644 index 0000000..7e8fe69 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/vasilevsky/vasilevsky-abstract.tex @@ -0,0 +1,53 @@ + +% Registration Linux Virtualization on Virtual Iron VFe +% [2]Register/Submit Proposal Alex Vasilevsky (alex@virtualiron.com) + +After many years of research and development, +the concept of cluster-based computing +seamlessly integrating a set of computing +resources into a cohesive whole has gone +largely unfulfilled. The barrier to adoption +of cluster-based computing has been that +applications must be made cluster-aware. The +best technology that is currently available is +a set of middleware tools, such as the Globus +toolkit, which is used to rework applications +to run on a cluster. Because it is difficult +to make applications run in parallel on a +cluster, only a handful of highly specialized +applications sometimes referred to as +``embarrassingly parallel'' applications, have +been made cluster-aware. Of the very few +commercial cluster-aware applications, the +best known is Oracle Database Real Application +Clustering. Virtual Iron(R) Software has +solved these problems by creating Virtual Iron +VFe, which allows any applications to +transparently run on a tightly-coupled +cluster of computers without any +modifications. This software elegantly +abstracts the underlying cluster of servers +with a Distributed Virtual Machine Monitor. +Like many other Virtual Machines Monitors, +this software layer takes complete control of +the underlying hardware and creates virtual +machines, each of which behaves like a +complete physical machine running its own +operating system in full isolation. In +contrast to other existing Virtual Machines +Monitors, the Distributed Virtual Machine +Monitor creates a virtual multi-processor on a +collection of tightly coupled servers. The +system gives guest operating systems the +illusion that it is running on a single +multi-processor machine with \textit{N} CPUs on top +of \textit{M} physical servers interconnected by +networks. In this paper we'll describe Linux +Virtualization on Virtual Iron VFe, the +virtualization capabilities of the Virtual +Iron(R) Distributed VMM technology, as well as +the changed made to the Linux kernel to take +advantage of this new distributed +virtualization technology. + + diff --git a/2005/flow-accounting-ols2005/OLS2005/vasilevsky/vasilevsky.tex b/2005/flow-accounting-ols2005/OLS2005/vasilevsky/vasilevsky.tex new file mode 100644 index 0000000..70e87f3 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/vasilevsky/vasilevsky.tex @@ -0,0 +1,100 @@ +% The file must begin with this \documentclass declaration. You can +% give one of three different options which control how picky LaTeX +% is when typesetting: +% +% galley - All ``this doesn't fit'' warnings are suppressed, and +% references are disabled (the key will be printed as a +% reminder). Use this mode while writing. +% +% proof - All ``this doesn't fit'' warnings are active, as are +% references. Overfull hboxes make ugly black blobs in +% the margin. Use this mode to tidy up formatting after +% you're done writing. (Same as article's ``draft'' mode.) +% +% final - As proof, but the ugly black blobs are turned off. Use +% this to render PDFs or PostScript to give to other people, +% when you're completely done. (As with article, this is the +% default.) +% +% You can also use the leqno, fleqn, or openbib options to article.cls +% if you wish. None of article's other options will work. + +%%% +%%% PLEASE CHANGE 'galley' to 'final' BEFORE SUBMITTING. THANKS! +%%% (to submit: "make clean" in the toplevel directory; tar and gzip *only* your directory; +%%% email the gzipped tarball to papers@linuxsymposium.org.) +%%% +\documentclass[galley]{ols} + +% These two packages allow easy handling of urls and identifiers per the example paper. +\usepackage{url} +\usepackage{zrl} + +% The following package is not required, but is a handy way to put PDF and EPS graphics +% into your paper using the \includegraphics command. +\ifpdf +\usepackage[pdftex]{graphicx} +\else +\usepackage{graphicx} +\fi + + +% Here in the preamble, you may load additional packages, or +% define whatever macros you like, with the following exceptions: +% +% - Do not mess with the page layout, either by hand or with packages +% (e.g., typearea, geometry). +% - Do not change the principal fonts, either by hand or with packages. +% - Do not use \pagestyle, or load any page header-related packages. +% - Do not redefine any commands having to do with article titles. +% - If you are using something that is not part of the standard +% tetex-2 distribution, please make a note of whether it's on CTAN, +% or include a copy with your submission. +% + +\begin{document} + +% Mandatory: article title specification. +% Do not put line breaks or other clever formatting in \title or +% \shortauthor; these are moving arguments. + +\title{Linux Virtualization on Virtual Iron VFe} +\subtitle{ } % Subtitle is optional. +\date{} % You can put a fixed date in if you wish, + % allow LaTeX to use the date of typesetting, + % or use \date{} to have no date at all. + % Whatever you do, there will not be a date + % shown in the proceedings. + +\shortauthor{Alex Vasilevsky} % Just you and your coauthors' names. +% for example, \shortauthor{A.N.\ Author and A.\ Nother} +% or perchance \shortauthor{Smith, Jones, Black, White, Gray, \& Greene} + +\author{% Authors, affiliations, and email addresses go here, like this: +Alex Vasilevsky \\ +{\itshape Your affiliation}\\ +{\ttfamily\normalsize your-address@example.com}\\ +% \and +% Bob \\ +% {\itshape Bob's affiliation.}\\ +% {\ttfamily\normalsize bob@example.com}\\ +} % end author section + +\maketitle + +\begin{abstract} +% Article abstract goes here. +\input{vasilevsky-abstract.tex} +\end{abstract} + +% Body of your article goes here. You are mostly unrestricted in what +% LaTeX features you can use; however, the following will not work: +% \thispagestyle +% \marginpar +% table of contents +% list of figures / tables +% glossaries +% indices + +\end{document} + diff --git a/2005/flow-accounting-ols2005/OLS2005/walker/Makefile.inc b/2005/flow-accounting-ols2005/OLS2005/walker/Makefile.inc new file mode 100644 index 0000000..2c2bccc --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/walker/Makefile.inc @@ -0,0 +1,7 @@ +PAPERS += walker/walker.dvi + +## Add any additional .tex or .eps files below: +walker/walker.dvi walker/walker-proc.dvi: \ + walker/walker.tex \ + walker/walker-abstract.tex + diff --git a/2005/flow-accounting-ols2005/OLS2005/walker/walker-abstract.tex b/2005/flow-accounting-ols2005/OLS2005/walker/walker-abstract.tex new file mode 100644 index 0000000..fc555d8 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/walker/walker-abstract.tex @@ -0,0 +1,28 @@ + +% Registration Clusterproc; Linux kernel Support for +% Clusterwide Process Management +% Bruce J. Walker (bruce.walker@hp.com) + +There are several kernel-based clusterwide +process management implementations available +today, each of which provides different +semantics and capabilities (OpenSSI, +openMosix, bproc, Kerrighed, etc.). We present +a set of hooks to allow various installable +kernel module implementations with a high +degree of flexibility and virtually no +performance impact. Optional capabilities that +can be implemented via the hooks include: +clusterwide unique pids, single, init, +heterogeneity, transparent visibility and +access to any process from any node, ability +to distribute processes at exec or fork or +thru migration, file inheritance and full +controlling terminal semantics, node failure +cleanup, clusterwide \ident{/proc/<pid>}, +checkpoint/restart and scale to thousands of +nodes. In addition, we describe an +OpenSSI-inspired implementation using the +hooks and providing all the features described +above. + diff --git a/2005/flow-accounting-ols2005/OLS2005/walker/walker.tex b/2005/flow-accounting-ols2005/OLS2005/walker/walker.tex new file mode 100644 index 0000000..d0d9eb5 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/walker/walker.tex @@ -0,0 +1,100 @@ +% The file must begin with this \documentclass declaration. You can +% give one of three different options which control how picky LaTeX +% is when typesetting: +% +% galley - All ``this doesn't fit'' warnings are suppressed, and +% references are disabled (the key will be printed as a +% reminder). Use this mode while writing. +% +% proof - All ``this doesn't fit'' warnings are active, as are +% references. Overfull hboxes make ugly black blobs in +% the margin. Use this mode to tidy up formatting after +% you're done writing. (Same as article's ``draft'' mode.) +% +% final - As proof, but the ugly black blobs are turned off. Use +% this to render PDFs or PostScript to give to other people, +% when you're completely done. (As with article, this is the +% default.) +% +% You can also use the leqno, fleqn, or openbib options to article.cls +% if you wish. None of article's other options will work. + +%%% +%%% PLEASE CHANGE 'galley' to 'final' BEFORE SUBMITTING. THANKS! +%%% (to submit: "make clean" in the toplevel directory; tar and gzip *only* your directory; +%%% email the gzipped tarball to papers@linuxsymposium.org.) +%%% +\documentclass[galley]{ols} + +% These two packages allow easy handling of urls and identifiers per the example paper. +\usepackage{url} +\usepackage{zrl} + +% The following package is not required, but is a handy way to put PDF and EPS graphics +% into your paper using the \includegraphics command. +\ifpdf +\usepackage[pdftex]{graphicx} +\else +\usepackage{graphicx} +\fi + + +% Here in the preamble, you may load additional packages, or +% define whatever macros you like, with the following exceptions: +% +% - Do not mess with the page layout, either by hand or with packages +% (e.g., typearea, geometry). +% - Do not change the principal fonts, either by hand or with packages. +% - Do not use \pagestyle, or load any page header-related packages. +% - Do not redefine any commands having to do with article titles. +% - If you are using something that is not part of the standard +% tetex-2 distribution, please make a note of whether it's on CTAN, +% or include a copy with your submission. +% + +\begin{document} + +% Mandatory: article title specification. +% Do not put line breaks or other clever formatting in \title or +% \shortauthor; these are moving arguments. + +\title{Clusterproc: Linux kernel Support for Clusterwide Process Management} +\subtitle{ } % Subtitle is optional. +\date{} % You can put a fixed date in if you wish, + % allow LaTeX to use the date of typesetting, + % or use \date{} to have no date at all. + % Whatever you do, there will not be a date + % shown in the proceedings. + +\shortauthor{Bruce J. Walker} % Just you and your coauthors' names. +% for example, \shortauthor{A.N.\ Author and A.\ Nother} +% or perchance \shortauthor{Smith, Jones, Black, White, Gray, \& Greene} + +\author{% Authors, affiliations, and email addresses go here, like this: +Bruce J. Walker \\ +{\itshape Your affiliation}\\ +{\ttfamily\normalsize your-address@example.com}\\ +% \and +% Bob \\ +% {\itshape Bob's affiliation.}\\ +% {\ttfamily\normalsize bob@example.com}\\ +} % end author section + +\maketitle + +\begin{abstract} +% Article abstract goes here. +\input{walker-abstract.tex} +\end{abstract} + +% Body of your article goes here. You are mostly unrestricted in what +% LaTeX features you can use; however, the following will not work: +% \thispagestyle +% \marginpar +% table of contents +% list of figures / tables +% glossaries +% indices + +\end{document} + diff --git a/2005/flow-accounting-ols2005/OLS2005/welte.tar.gz b/2005/flow-accounting-ols2005/OLS2005/welte.tar.gz Binary files differnew file mode 100644 index 0000000..6de838a --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/welte.tar.gz diff --git a/2005/flow-accounting-ols2005/OLS2005/welte/Makefile.inc b/2005/flow-accounting-ols2005/OLS2005/welte/Makefile.inc new file mode 100644 index 0000000..01d66f2 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/welte/Makefile.inc @@ -0,0 +1,7 @@ +PAPERS += welte/welte.dvi + +## Add any additional .tex or .eps files below: +welte/welte.dvi welte/welte-proc.dvi: \ + welte/welte.tex \ + welte/welte-abstract.tex + diff --git a/2005/flow-accounting-ols2005/OLS2005/welte/welte-abstract.tex b/2005/flow-accounting-ols2005/OLS2005/welte/welte-abstract.tex new file mode 100644 index 0000000..27437ad --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/welte/welte-abstract.tex @@ -0,0 +1,46 @@ + +% Registration Flow based network accounting with Linux +% [2]Register/Submit Proposal Harald Marc Welte (laforge@gnumonks.org) + +Many networking scenarios require some form of +network accounting that goes beyond some +simple packet and byte counters as available +from the `ifconfig' output. + +When people want to do network accouting, the +past and current Linux kernel didn't provide +them with any reasonable mechanism for doing +so. + +Network accounting can generally be done in a +number of different ways. The traditional way +is to capture all packets by some userspace +program. Capturing can be done via a number of +mechanisms such as \ident{PF_PACKET} sockets, \ident{mmap()}ed +\ident{PF_PACKET}, \ident{ipt_ULOG}, or \ident{ip_queue}. This +userspace program then analyzes the packets +and aggregates the result into per-flow data +structures. + +Whatever mechanism used, this scheme has a +fundamental performance limitation, since all +packets need to be copied and analyzed by a +userspace process. + +The author has implemented a different +approach, by which the accounting information +is stored in the in-kernel connection tracking +table of the \ident{ip_conntrack} stateful firewall +state machine. On all firewalls, that state +table has to be kept anyways---the additional +overhead introduced by accounting is minimal. + +Once a connection is evicted from the state +table, its accounting relevant data is +transferred to userspace to a special +accounting daemon for further processing, +aggregation and finally storage in the +accounting log/database. + + + diff --git a/2005/flow-accounting-ols2005/OLS2005/welte/welte.tex b/2005/flow-accounting-ols2005/OLS2005/welte/welte.tex new file mode 100644 index 0000000..aeb461c --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/welte/welte.tex @@ -0,0 +1,408 @@ +% The file must begin with this \documentclass declaration. You can +% give one of three different options which control how picky LaTeX +% is when typesetting: +% +% galley - All ``this doesn't fit'' warnings are suppressed, and +% references are disabled (the key will be printed as a +% reminder). Use this mode while writing. +% +% proof - All ``this doesn't fit'' warnings are active, as are +% references. Overfull hboxes make ugly black blobs in +% the margin. Use this mode to tidy up formatting after +% you're done writing. (Same as article's ``draft'' mode.) +% +% final - As proof, but the ugly black blobs are turned off. Use +% this to render PDFs or PostScript to give to other people, +% when you're completely done. (As with article, this is the +% default.) +% +% You can also use the leqno, fleqn, or openbib options to article.cls +% if you wish. None of article's other options will work. + +%%% +%%% PLEASE CHANGE 'galley' to 'final' BEFORE SUBMITTING. THANKS! +%%% (to submit: "make clean" in the toplevel directory; tar and gzip *only* your directory; +%%% email the gzipped tarball to papers@linuxsymposium.org.) +%%% +\documentclass[final]{ols} + +% These two packages allow easy handling of urls and identifiers per the example paper. +\usepackage{url} +\usepackage{zrl} + +% The following package is not required, but is a handy way to put PDF and EPS graphics +% into your paper using the \includegraphics command. +\ifpdf +\usepackage[pdftex]{graphicx} +\else +\usepackage{graphicx} +\fi + + +% Here in the preamble, you may load additional packages, or +% define whatever macros you like, with the following exceptions: +% +% - Do not mess with the page layout, either by hand or with packages +% (e.g., typearea, geometry). +% - Do not change the principal fonts, either by hand or with packages. +% - Do not use \pagestyle, or load any page header-related packages. +% - Do not redefine any commands having to do with article titles. +% - If you are using something that is not part of the standard +% tetex-2 distribution, please make a note of whether it's on CTAN, +% or include a copy with your submission. +% + +\begin{document} + +% Mandatory: article title specification. +% Do not put line breaks or other clever formatting in \title or +% \shortauthor; these are moving arguments. + +\title{Flow-based network accounting with Linux} +\subtitle{ } % Subtitle is optional. +\date{} % You can put a fixed date in if you wish, + % allow LaTeX to use the date of typesetting, + % or use \date{} to have no date at all. + % Whatever you do, there will not be a date + % shown in the proceedings. + +\shortauthor{Harald Welte} % Just you and your coauthors' names. +% for example, \shortauthor{A.N.\ Author and A.\ Nother} +% or perchance \shortauthor{Smith, Jones, Black, White, Gray, \& Greene} + +\author{% Authors, affiliations, and email addresses go here, like this: +Harald Welte \\ +{\itshape netfilter core team / hmw-consulting.de / Astaro AG} \\ +{\ttfamily\normalsize laforge@netfilter.org}\\ +% \and +% Bob \\ +% {\itshape Bob's affiliation.}\\ +% {\ttfamily\normalsize bob@example.com}\\ +} % end author section + +\maketitle + +\begin{abstract} +% Article abstract goes here. +\input{welte-abstract.tex} +\end{abstract} + +% Body of your article goes here. You are mostly unrestricted in what +% LaTeX features you can use; however, the following will not work: +% \thispagestyle +% \marginpar +% table of contents +% list of figures / tables +% glossaries +% indices + +\section{Network accounting} + +Network accounting generally describes the process of counting and potentially +summarizing metadata of network traffic. The kind of metadata is largely +dependant on the particular application, but usually includes data such as +numbers of packets, numbers of bytes, source and destination ip address. + +There are many reasons for doing accounting of networking traffic, among them + +\begin{itemize} +\item transfer volume or bandwisth based billing +\item monitoring of network utilization, bandwidth distribution and link usage +\item research, such as distribution of traffic among protocols, average packet size, ... +\end{itemize} + +\section{Existing accounting solutions for Linux} + +There are a number of existing packages to do network accounting with Linux. +The following subsections intend to give a short overview about the most +commonly used ones. + + +\subsection{nacctd} + +\ident{nacctd} also known as \ident{net-acct} is probably the oldest known tool +for network accounting under Linux (also works on other Unix-like operating +systems). The author of this paper has used +\ident{nacctd} as an accounting tool as early as 1995. It was originally +developed by Ulrich Callmeier, but apparently abandoned later on. The +development seems to have continued in multiple branches, one of them being +the netacct-mysql\footnote{http://netacct-mysql.gabrovo.com} branch, +currently at version 0.79rc2. + +It's principle of operation is to use an \lident{AF_PACKET} socket +via \ident{libpcap} in order to capture copies of all packets on configurable +network interfaces. It then does TCP/IP header parsing on each packet. +Summary information such as port numbers, IP addresses, number of bytes are +then stored in an internal table for aggregation of successive packets of the +same flow. The table entries are evicted and stored in a human-readable ASCII +file. Patches exist for sending information directly into SQL databases, or +saving data in machine-readable data format. + +As a pcap-based solution, it suffers from the performance penalty of copying +every full packet to userspace. As a packet-based solution, it suffers from +the penalty of having to interpret every single packet. + +\subsection{ipt\_LOG based} + +The Linux packet filtering subsystem iptables offers a way to log policy +violations via the kernel message ring buffer. This mechanism is called +\ident{ipt_LOG} (or \texttt{LOG target}). Such messages are then further +processed by \ident{klogd} and \ident{syslogd}, which put them into one or +multiple system log files. + +As \ident{ipt_LOG} was designed for logging policy violations and not for +accounting, it's overhead is significant. Every packet needs to be +interpreted in-kernel, then printed in ASCII format to the kernel message ring +buffer, then copied from klogd to syslogd, and again copied into a text file. +Even worse, most syslog installations are configured to write kernel log +messages synchronously to disk, avoiding the usual write buffering of the block +I/O layer and disk subsystem. + +To sum up and anlyze the data, often custom perl scripts are used. Those perl +scripts have to parse the LOG lines, build up a table of flows, add the packet +size fields and finally export the data in the desired format. Due to the inefficient storage format, performance is again wasted at analyzation time. + +\subsection{ipt\_ULOG based (ulogd, ulog-acctd)} + +The iptables \texttt{ULOG target} is a more efficient version of +the \texttt{LOG target} described above. Instead of copying ascii messages via +the kernel ring buffer, it can be configured to only copies the header of each +packet, and send those copies in large batches. A special userspace process, +normally ulogd, receives those partial packet copies and does further +interpretation. + +\ident{ulogd}\footnote{http://gnumonks.org/projects/ulogd} is intended for +logging of security violations and thus resembles the functionality of LOG. it +creates one logfile entry per packet. It supports logging in many formats, +such as SQL databases or PCAP format. + +\ident{ulog-acctd}\footnote{http://alioth.debian.org/projects/pkg-ulog-acctd/} +is a hybrid between \ident{ulogd} and \ident{nacctd}. It replaces the +\ident{nacctd} libpcap/PF\_PACKET based capture with the more efficient +ULOG mechanism. + +Compared to \ident{ipt_LOG}, \ident{ipt_ULOG} reduces the amount of copied data +and required kernel/userspace context switches and thus improves performance. +However, the whole mechanism is still intended for logging of security +violations. Use for accounting is out of its design. + +\subsection{iptables based (ipac-ng)} + +Every packet filtering rule in the Linux packet filter (\ident{iptables}, or +even its predecessor \ident{ipchains}) has two counters: number of packets and +number of bytes matching this particular rule. + +By carefully placing rules with no target (so-called \textit{fallthrough}) +rules in the packetfilter ruleset, one can implement an accounting setup, i.e. +one rule per customer. + +A number of tools exist to parse the iptables command output and summarized the +counters. The most commonly used package is +\ident{ipac-ng}\footnote{http://sourceforge.net/projects/ipac-ng/}. It +supports advanced features such as storing accounting data in SQL databases. + +The approach works quite efficiently for small installations (i.e. small number +of accounting rules). Therefore, the accounting granularity can only be very +low. One counter for each single port number at any given ip address is certainly not applicable. + +\subsection{ipt\_ACCOUNT (iptaccount)} + +\ident{ipt_ACCOUNT}\footnote{http://www.intra2net.com/opensource/ipt\_account/} +is a special-purpose iptables target developed by Intra2net AG and available +from the netfilter project patch-o-matic-ng repository. It requires kernel +patching and is not included in the mainline kernel. + +\ident{ipt_ACCOUNT} keeps byte counters per IP address in a given subnet, up to +a '/8' network. Those counters can be read via a special \ident{iptaccount} +commandline tool. + +Being limited to local network segments up to '/8' size, and only having per-ip +granularity are two limiteations that defeat \ident{ipt_ACCOUNT} +as a generich accounting mechainism. It's highly-optimized, but also +special-purpose. + +\subsection{ntop (including PF\_RING)} + +\ident{ntop}\footnote{http://www.ntop.org/ntop.html} is a network traffic +probe to show network usage. It uses \ident{libpcap} to capture +the packets, and then aggregates flows in userspace. On a fundamental level +it's therefore similar to what \ident{nacctd} does. + +From the ntop project, there's also \ident{nProbe}, a network traffic probe +that exports flow based information in Cisco NETFLOW v5/v9 format. It also +contains support for the upcoming IETF IPFIX\footnote{IP Flow Information +Export http://www.ietf.org/html.charters/ipfix-charter.html} format. + +To increase performance of the probe, the author (Luca Deri) has implemented +\lident{PF_RING}\footnote{http://www.ntop.org/PF\_RING.html}, a new +zero-copy mmap()ed implementation for packet capture. There is a libpcap +compatibility layer on top, so any pcap-using application can benefit from +\lident{PF_RING}. + +\lident{PF_RING} is a major performance improvement, please look at the +documentation and the paper published by Luca Deri. + +However, \ident{ntop} / \ident{nProbe} / \lident{PF_RING} are all packet-based +accounting solutions. Every packet needs to be analyzed by some userspace +process - even if there is no copying involved. Due to \lident{PF_RING} +optimiziation, it is probably as efficient as this approach can get. + +\section{New ip\_conntrack based accounting} + +The fundamental idea is to (ab)use the connection tracking subsystem of the +Linux 2.4.x / 2.6.x kernel for accounting purposes. There are several reasons +why this is a good fit: +\begin{itemize} +\item It already keeps per-connection state information. Extending this information to contain a set of counters is easy. +\item Lots of routers/firewalls are already running it, and therefore paying it's performance penalty for security reasons. Bumping a couple of counters will introduce very little additional penalty. +\item There was already an (out-of-tree) system to dump connection tracking information to userspace, called ctnetlink +\end{itemize} + +So given that a particular machine was already running \ident{ip_conntrack}, +adding flow based acconting to it comes almost for free. I do not advocate the +use of \ident{ip_conntrack} merely for accounting, since that would be again a +waste of performance. + +\subsection{ip\_conntrack\_acct} + +\ident{ip_conntrack_acct} is how the in-kernel +\ident{ip_conntrack} counters are called. There is a set of four +counters: numbers of packets and bytes for original and reply +direction of a given connection. + +If you configure a recent (>= 2.6.9) kernel, it will prompt you for +\lident{CONFIG_IP_NF_CT_ACCT}. By enabling this configuration option, the +per-connection counters will be added, and the accounting code will +be compiled in. + +However, there is still no efficient means of reading out those counters. They +can be accessed via \textit{cat /proc/net/ip\_conntrack}, but that's not a real +solution. The kernel iterates over all connections and ASCII-formats the data. +Also, it is a polling-based mechanism. If the polling interval is too short, +connections might get evicted from the state table before their final counters +are being read. If the interval is too small, performance will suffer. + +To counter this problem, a combination of conntrack notifiers and ctnetlink is being used. + +\subsection{conntrack notifiers} + +Conntrack notifiers use the core kernel notifier infrastructure +(\texttt{struct notifier\_block}) to notify other parts of the +kernel about connection tracking events. Such events include creation, +deletion and modification of connection tracking entries. + +The \texttt{conntrack notifiers} can help us overcome the polling architecture. +If we'd only listen to \textit{conntrack delete} events, we would always get +the byte and packet counters at the end of a connection. + +However, the events are in-kernel events and therefore not directly suitable +for an accounting application to be run in userspace. + +\subsection{ctnetlink} + +\ident{ctnetlink} (short form for conntrack netlink) is a +mechanism for passing connection tracking state information between kernel and +userspace, originally developed by Jay Schulist and Harald Welte. As the name +implies, it uses Linux \lident{AF_NETLINK} sockets as its underlying +communication facility. + +The focus of \ident{ctnetlink} is to selectively read or dump +entries from the connection tracking table to userspace. It also allows +userspace processes to delete and create conntrack entries as well as +\textit{conntrack expectations}. + +The initial nature of \ident{ctnetlink} is therefore again +polling-based. An userspace process sends a request for certain information, +the kernel responds with the requested information. + +By combining \texttt{conntrack notifiers} with \ident{ctnetlink}, it is possible +to register a notifier handler that in turn sends +\ident{ctnetlink} event messages down the \lident{AF_NETLINK} socket. + +A userspace process can now listen for such \textit{DELETE} event messages at +the socket, and put the counters into it's accounting storage. + +There are still some shortcomings inherent to that \textit{DELETE} event +scheme: We only know the amount of traffic after the connection is over. If a +connection lasts for a long time (let's say days, weeks), then it is impossible +to use this form of accounting for any kind of quota-based billing, where the +user would be informed (or disconnected, traffic shaped, whatever) when he +exceeds his quota. Also, the conntrack entry does not contain information +about when the connection started - only the timestamp of the end-of-connection +is known. + +To overcome limitation number one, the accounting process can use a combined +event and polling scheme. The granularity of accounting can therefore be +configured by the polling interval, and a compromise between performance and +accuracy can be made. + +To overcome the second limitation, the accounting process can also listen for +\textit{NEW} event messages. By correlating the \textit{NEW} and +\textit{DELETE} messages of a connection, accounting datasets containign start +and end of connection can be built. + +\subsection{ulogd2} + +As described earlier in this paper, \ident{ulogd} is a userspace +packet filter logging daemon that is already used for packet-based accounting, +even if it isn't the best fit. + +\ident{ulogd2}, also developed by the author of this paper, takes logging +beyond per-packet based information, but also includes support for +per-connection or per-flow based data. + +Instead of supporting only \ident{ipt_ULOG} input, a number of +interpreter and output plugins, \ident{ulogd2} supports a concept +called \textit{plugin stacks}. Multiple stacks can exist within one deamon. +Any such stack consists out of plugins. A plugin can be a source, sink or +filter. + +Sources acquire per-packet or per-connection data from +\ident{ipt_ULOG} or \ident{ip_contnrack_acct}. + +Filters allow the user to filter or aggregate information. Filtering is +requird, since there is no way to filter the ctnetlink event messages within +the kernel. Either the functionality is enabled or not. Multiple connections +can be aggregated to a larger, encompassing flow. Packets could be aggregated +to flows (like \ident{nacctd}), and flows can be aggregated to +even larger flows. + +Sink plugins store the resulting data to some form of non-volatile storage, +such as SQL databases, binary or ascii files. Another sink is a NETFLOW or +IPFIX sink, exporting information in industy-standard format for flow based accounting. + +\subsection{Status of implementation} + +\ident{ip_conntrack_acct} is already in the kernel since 2.6.9. + +\ident{ctnetlink} and the \texttt{conntrack event notifiers} are considered +stable and will be submitted for mainline inclusion soon. Both are available +from the patch-o-matic-ng repository of the netfilter project. + +At the time of writing of this paper, \ident{ulogd2} development +was not yet finished. However, the ctnetlink event messages can already be +dumped by the use of the "conntrack" userspace program, available from the +netfilter project. + +The "conntrack" prorgram can listen to the netlink event socket and dump the +information in human-readable form (one ASCII line per ctnetlink message) to +stdout. Custom accounting solutions can read this information from stdin, +parse and process it according to their needs. + +\section{Summary} + +Despite the large number of available accounting tools, the author is confident that inventing yet another one is worthwhile. + +Many existing implementations suffer from performance issues by design. Most +of them are very special-purpose. nProbe/ntop together with \lident{PF_RING} +are probably the most universal and efficient solution for any accounting +problem. + +Still, the new \ident{ip_conntrack_acct}, \ident{ctnetlink} based mechanism +described in this paper has a clear performance advantage if you want to do +acconting on your Linux-based stateful packetfilter - which is a common +case. The firewall is suposed to be at the edge of your network, exactly where +you usually do accounting of ingress and/or egress traffic. + +\end{document} + diff --git a/2005/flow-accounting-ols2005/OLS2005/yoshifuji/Makefile.inc b/2005/flow-accounting-ols2005/OLS2005/yoshifuji/Makefile.inc new file mode 100644 index 0000000..b334635 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/yoshifuji/Makefile.inc @@ -0,0 +1,7 @@ +PAPERS += yoshifuji/yoshifuji.dvi + +## Add any additional .tex or .eps files below: +yoshifuji/yoshifuji.dvi yoshifuji/yoshifuji-proc.dvi: \ + yoshifuji/yoshifuji.tex \ + yoshifuji/yoshifuji-abstract.tex + diff --git a/2005/flow-accounting-ols2005/OLS2005/yoshifuji/yoshifuji-abstract.tex b/2005/flow-accounting-ols2005/OLS2005/yoshifuji/yoshifuji-abstract.tex new file mode 100644 index 0000000..801adbe --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/yoshifuji/yoshifuji-abstract.tex @@ -0,0 +1,18 @@ + +% Registration Linux Is Now IPv6 Ready +% [2]Register/Submit Hideaki Yoshifuji (yoshfuji@linux-ipv6.org) + +Linux has included a IPv6 protocol stack for a long time. Its +quality, however, was not quite good. The USAGI Project +was founded to provide high quality IPv6 stack in +Linux. After 5 years of our activity, our stack is now +certified as IPv6 Ready. Our efforts has been merged +into main-line kernel and Linux IPv6 stack has enough +quality to get the IPv6 Ready Logo now. To maintain +our stack stable, we developed an automatic testing +system and it greatly helps us saving our time. In this +paper and presentation, we will show our efforts and +technology to get the Logo and maintain the quality of +kernel. In addition, we will discuss our future plan. + + diff --git a/2005/flow-accounting-ols2005/OLS2005/yoshifuji/yoshifuji.tex b/2005/flow-accounting-ols2005/OLS2005/yoshifuji/yoshifuji.tex new file mode 100644 index 0000000..8adaa73 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/yoshifuji/yoshifuji.tex @@ -0,0 +1,100 @@ +% The file must begin with this \documentclass declaration. You can +% give one of three different options which control how picky LaTeX +% is when typesetting: +% +% galley - All ``this doesn't fit'' warnings are suppressed, and +% references are disabled (the key will be printed as a +% reminder). Use this mode while writing. +% +% proof - All ``this doesn't fit'' warnings are active, as are +% references. Overfull hboxes make ugly black blobs in +% the margin. Use this mode to tidy up formatting after +% you're done writing. (Same as article's ``draft'' mode.) +% +% final - As proof, but the ugly black blobs are turned off. Use +% this to render PDFs or PostScript to give to other people, +% when you're completely done. (As with article, this is the +% default.) +% +% You can also use the leqno, fleqn, or openbib options to article.cls +% if you wish. None of article's other options will work. + +%%% +%%% PLEASE CHANGE 'galley' to 'final' BEFORE SUBMITTING. THANKS! +%%% (to submit: "make clean" in the toplevel directory; tar and gzip *only* your directory; +%%% email the gzipped tarball to papers@linuxsymposium.org.) +%%% +\documentclass[galley]{ols} + +% These two packages allow easy handling of urls and identifiers per the example paper. +\usepackage{url} +\usepackage{zrl} + +% The following package is not required, but is a handy way to put PDF and EPS graphics +% into your paper using the \includegraphics command. +\ifpdf +\usepackage[pdftex]{graphicx} +\else +\usepackage{graphicx} +\fi + + +% Here in the preamble, you may load additional packages, or +% define whatever macros you like, with the following exceptions: +% +% - Do not mess with the page layout, either by hand or with packages +% (e.g., typearea, geometry). +% - Do not change the principal fonts, either by hand or with packages. +% - Do not use \pagestyle, or load any page header-related packages. +% - Do not redefine any commands having to do with article titles. +% - If you are using something that is not part of the standard +% tetex-2 distribution, please make a note of whether it's on CTAN, +% or include a copy with your submission. +% + +\begin{document} + +% Mandatory: article title specification. +% Do not put line breaks or other clever formatting in \title or +% \shortauthor; these are moving arguments. + +\title{Linux Is Now IPv6 Ready} +\subtitle{ } % Subtitle is optional. +\date{} % You can put a fixed date in if you wish, + % allow LaTeX to use the date of typesetting, + % or use \date{} to have no date at all. + % Whatever you do, there will not be a date + % shown in the proceedings. + +\shortauthor{Hideaki Yoshifuji} % Just you and your coauthors' names. +% for example, \shortauthor{A.N.\ Author and A.\ Nother} +% or perchance \shortauthor{Smith, Jones, Black, White, Gray, \& Greene} + +\author{% Authors, affiliations, and email addresses go here, like this: +Hideaki Yoshifuji \\ +{\itshape Your affiliation}\\ +{\ttfamily\normalsize your-address@example.com}\\ +% \and +% Bob \\ +% {\itshape Bob's affiliation.}\\ +% {\ttfamily\normalsize bob@example.com}\\ +} % end author section + +\maketitle + +\begin{abstract} +% Article abstract goes here. +\input{yoshifuji-abstract.tex} +\end{abstract} + +% Body of your article goes here. You are mostly unrestricted in what +% LaTeX features you can use; however, the following will not work: +% \thispagestyle +% \marginpar +% table of contents +% list of figures / tables +% glossaries +% indices + +\end{document} + diff --git a/2005/flow-accounting-ols2005/OLS2005/zaitcev/Makefile.inc b/2005/flow-accounting-ols2005/OLS2005/zaitcev/Makefile.inc new file mode 100644 index 0000000..6dd9bb1 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/zaitcev/Makefile.inc @@ -0,0 +1,7 @@ +PAPERS += zaitcev/zaitcev.dvi + +## Add any additional .tex or .eps files below: +zaitcev/zaitcev.dvi zaitcev/zaitcev-proc.dvi: \ + zaitcev/zaitcev.tex \ + zaitcev/zaitcev-abstract.tex + diff --git a/2005/flow-accounting-ols2005/OLS2005/zaitcev/zaitcev-abstract.tex b/2005/flow-accounting-ols2005/OLS2005/zaitcev/zaitcev-abstract.tex new file mode 100644 index 0000000..21b91bf --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/zaitcev/zaitcev-abstract.tex @@ -0,0 +1,21 @@ + +% Registration The usbmon: USB monitoring framework +% [2]Register/Submit Proposal Pete Zaitcev (zaitcev@redhat.com) + +For years, Linux developers used \ident{printk()} to +debug the USB stack, but this approach has +serious limitations. In this paper we discuss +``usbmon,'' a recently developed facility to +snoop USB traffic in a more efficient way than +can be done with \ident{printk()}. + +From far away, usbmon is a very +straightforward piece of code. It consists of +circular buffers which are filled with records +by hooks into the USB stack, and a thin glue +to the user code which fetches these records. +The devil, however, is in details. Also the +user mode tools play a role. + + + diff --git a/2005/flow-accounting-ols2005/OLS2005/zaitcev/zaitcev.tex b/2005/flow-accounting-ols2005/OLS2005/zaitcev/zaitcev.tex new file mode 100644 index 0000000..5182b78 --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/zaitcev/zaitcev.tex @@ -0,0 +1,100 @@ +% The file must begin with this \documentclass declaration. You can +% give one of three different options which control how picky LaTeX +% is when typesetting: +% +% galley - All ``this doesn't fit'' warnings are suppressed, and +% references are disabled (the key will be printed as a +% reminder). Use this mode while writing. +% +% proof - All ``this doesn't fit'' warnings are active, as are +% references. Overfull hboxes make ugly black blobs in +% the margin. Use this mode to tidy up formatting after +% you're done writing. (Same as article's ``draft'' mode.) +% +% final - As proof, but the ugly black blobs are turned off. Use +% this to render PDFs or PostScript to give to other people, +% when you're completely done. (As with article, this is the +% default.) +% +% You can also use the leqno, fleqn, or openbib options to article.cls +% if you wish. None of article's other options will work. + +%%% +%%% PLEASE CHANGE 'galley' to 'final' BEFORE SUBMITTING. THANKS! +%%% (to submit: "make clean" in the toplevel directory; tar and gzip *only* your directory; +%%% email the gzipped tarball to papers@linuxsymposium.org.) +%%% +\documentclass[galley]{ols} + +% These two packages allow easy handling of urls and identifiers per the example paper. +\usepackage{url} +\usepackage{zrl} + +% The following package is not required, but is a handy way to put PDF and EPS graphics +% into your paper using the \includegraphics command. +\ifpdf +\usepackage[pdftex]{graphicx} +\else +\usepackage{graphicx} +\fi + + +% Here in the preamble, you may load additional packages, or +% define whatever macros you like, with the following exceptions: +% +% - Do not mess with the page layout, either by hand or with packages +% (e.g., typearea, geometry). +% - Do not change the principal fonts, either by hand or with packages. +% - Do not use \pagestyle, or load any page header-related packages. +% - Do not redefine any commands having to do with article titles. +% - If you are using something that is not part of the standard +% tetex-2 distribution, please make a note of whether it's on CTAN, +% or include a copy with your submission. +% + +\begin{document} + +% Mandatory: article title specification. +% Do not put line breaks or other clever formatting in \title or +% \shortauthor; these are moving arguments. + +\title{The usbmon: USB monitoring framework} +\subtitle{ } % Subtitle is optional. +\date{} % You can put a fixed date in if you wish, + % allow LaTeX to use the date of typesetting, + % or use \date{} to have no date at all. + % Whatever you do, there will not be a date + % shown in the proceedings. + +\shortauthor{Pete Zaitcev} % Just you and your coauthors' names. +% for example, \shortauthor{A.N.\ Author and A.\ Nother} +% or perchance \shortauthor{Smith, Jones, Black, White, Gray, \& Greene} + +\author{% Authors, affiliations, and email addresses go here, like this: +Pete Zaitcev \\ +{\itshape Your affiliation}\\ +{\ttfamily\normalsize your-address@example.com}\\ +% \and +% Bob \\ +% {\itshape Bob's affiliation.}\\ +% {\ttfamily\normalsize bob@example.com}\\ +} % end author section + +\maketitle + +\begin{abstract} +% Article abstract goes here. +\input{zaitcev-abstract.tex} +\end{abstract} + +% Body of your article goes here. You are mostly unrestricted in what +% LaTeX features you can use; however, the following will not work: +% \thispagestyle +% \marginpar +% table of contents +% list of figures / tables +% glossaries +% indices + +\end{document} + diff --git a/2005/gpl-clt2005/biography b/2005/gpl-clt2005/biography new file mode 100644 index 0000000..22438a2 --- /dev/null +++ b/2005/gpl-clt2005/biography @@ -0,0 +1,24 @@ + Harald Welte is the chairman of the netfilter/iptables core team. + + His main interest in computing has always been networking. In the few time +left besides netfilter/iptables related work, he's writing obscure documents +like the UUCP over SSL HOWTO. Other kernel-related projects he has been +contributing are user mode linux, the international (crypto) kernel patch, device drivers and the neighbour cache. + + He has been working as an independent IT Consultant working on projects for +various companies ranging from banks to manufacturers of networking gear. +During the year 2001 he was living in Curitiba (Brazil), where he got +sponsored for his Linux related work by Conectiva Inc. + + Starting with February 2002, Harald has been contracted part-time by +<a href="http://www.astaro.com/">Astaro AG</a>, who are sponsoring him for his +current netfilter/iptables work. + + Aside from the Astaro sponsoring, he continues to work as a freelancing +kernel developer and network security consultant. + + He licenses his software under the terms of the GNU GPL. He is determined to bring all users, distributors, value added resellers and vendors of netfilter/iptables based products in full compliance with the GPL, even if it includes raising legal charges. + + Harald is living in Berlin, Germany. + + diff --git a/2005/gpl-clt2005/extended-abstract b/2005/gpl-clt2005/extended-abstract new file mode 100644 index 0000000..3b5874b --- /dev/null +++ b/2005/gpl-clt2005/extended-abstract @@ -0,0 +1,29 @@ +Enforcing the GNU GPL - Copyright helps Copyleft + +More and more vendors of various computing devices, especially network-related +appliances such as Routers, NAT-Gateways and 802.11 Access Points are using +Linux and other GPL licensed free software in their products. + +While the Linux community can look at this as a big success, there is a back +side of that coin: A large number of those vendors have no idea about the GPL +license terms, and as a result do not fulfill their obligations under the GPL. + +The netfilter/iptables project has started legal proceedngs against a number of +companies in violation of the GPL since December 2003. Those legal proceedings +were quite successful so far, resulting in twelve amicable agreements and one +granted preliminary injunction. The list of companies includes large +corporations such as Siemens, Asus and Belkin. + +The speaker will present an overview about his recent successful enforcement of +the GNU GPL within German jurisdiction. + +He will go on speaking about what exactly is neccessarry to fully comply with +the GPL, including his legal position on corner cases such as cryptographic +signing. + +Resulting from his experience in dealing with the german legal system, he will +give some hints to software authors about what they can do in order to make +eventual later license enforcement easier. + +In the end, it seems like the idea of the founding fathers of the GNU GPL +works: Guaranteeing Copyleft by using Copyright. diff --git a/2005/gpl-clt2005/gpl-clt2005.mgp b/2005/gpl-clt2005/gpl-clt2005.mgp new file mode 100644 index 0000000..cfeb5f3 --- /dev/null +++ b/2005/gpl-clt2005/gpl-clt2005.mgp @@ -0,0 +1,426 @@ +%include "default.mgp" +%default 1 bgrad +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +%nodefault +%back "blue" + +%center +%size 7 + + +Enforcing the GNU GPL +Copyright helps Copyleft + + +%center +%size 4 +by + +Harald Welte <laforge@gnumonks.org> + + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GNU GPL - Copyright helps Copyleft +Contents + + About the speaker + The GNU GPL Revisited + GPL Violations + Past GPL Enforcement + Typical case timeline + Success so far + What we've learned + Problems encountered + Future outlook + Thanks + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GNU GPL - Copyright helps Copyleft +Introduction + + +Who is speaking to you? + an independent Free Software developer + who earns his living off Free Software since 1997 + who is one of the authors of the Linux kernel firewall system called netfilter/iptables + who IS NOT A LAWYER, although this presentation is the result of dealing almost a year with lawyers on the subject of the GPL + +Why is he speaking to you? + he thinks there is too much confusion about copyright and free software licenses. Even Red Hat CEO Matt Szulik stated in an interview that RedHat puts investments into 'public domain' :( + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GNU GPL - Copyright helps Copyleft +Disclaimer + +Legal Disclaimer + + All information presented here is provided on an as-is basis + There is no warranty for correctness of legal information + The author is not a lawyer + This does not comprise legal advise + The authors' experience is limited to German copyright law + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +The GNU GPL Revisited +What is copyrightable? + + The GNU GPL is a copyright license, and thus only covers copyrighted works + Not everything is copyrightable (German: Schoepfungshoehe) + Small bugfixes are not copyrightable (similar to typo-fixes in a book) + As soon as the programmer has a choice in the implementation, there is significant indication of a copyrightable work + Choice in algorithm, not in formal representation + Apparently, the level for copyrightable works is relatively low + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +The GNU GPL Revisited +Terminology + + Public Domain + concept where copyright holder abandons all rights + same legal status as works where author has died 70 years ago (German: Gemeinfreie Werke) + Freeware + object code, free of cost. No source code + Shareware + proprietary "Try and Buy" model for object code. + Cardware/Beerware/... + Freeware that encourages users to send payment in kind + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +The GNU GPL Revisited +Terminology + + Free Software + source code freely distributed + must allow redistribution, modification, non-discriminatory use + mostly defined by Free Software Foundation + Open Source + source code freely distributed + must allow redistribution, modification, non-discriminatory use + defined in the "Open Source Definition" by OSI + + The rest of this document will refer to Free and Open Source Software as FOSS. + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +The GNU GPL Revisited +The GNU GPL Revisited + +Revisiting the GNU General Public License + + Regulates distribution of copyrighted code, not usage + Allows distribution of source code and modified source code + The license itself is mentioned + A copy of the license accompanies every copy + Allows distribution of binaries or modified binaries, if + The license itself is mentioned + A copy of the license accompanies every copy + The complete source code is either included with the copy (alternatively a written offer to send the source code on request to any 3rd party) + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +The GNU GPL Revisited +Complete Source Code + +%size 3 +"... complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable." + Our interpretation of this is: + Source Code + Makefiles + Tools for generating the firmware binary from the source + (even if they are technically no 'scripts') + General Rule: + Intent of License is to enable user to run modified versions of the program. They need to be enabled to do so. + Result: Signing binaries and only accepting signed versions without providing a signature key is not acceptable! + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +The GNU GPL Revisited +Derivative Works + + What is a derivative work? + Not dependent on any particular kind of technology (static/dynamic linking, dlopen, whatever) + Even while the modification can itself be a copyrightable work, the combination with GPL-licensed code is subject to GPL. + No precendent in Germany so far + As soon as code is written for a specific non-standard API (such as the iptables plugin API), there is significant indication for a derivative work + This position has been successfully enforced out-of-court with two Vendors so far (iptables modules/plugins). + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +The GNU GPL Revisited +Derivative Works + + Position of my lawyer: + In-kernel proprietary code (binary kernel modules) are hard to claim GPL compliant + Case-by-case analysis required, especially when drivers/filesystems are ported from other OS's. + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +The GNU GPL Revisited +Collected Works + +%size 3 +"... it is not the intent .. to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works ..." +%size 3 +"... mere aggregation of another work ... with the program on a volume of a storage or distribution medium does not bring the other work und the scope of this license" + + GPL allows "mere aggregation" + like a general-porpose GNU/Linux distribution (SuSE, Red Hat, ...) + + GPL disallows "collective works" + legal grey area + tends to depend a lot on jurisdiction + no precendent so far + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +The GNU GPL Revisited +Non-Public modifications + + Non-Public modifications + A common misconception is that if you develop code within a corporation, and the code never leaves this corporation, you don't have to ship the source code. + However, at least German law would count every distribution beyound a number of close colleague as distribution. + Therefore, if you don't go for '3a' and include the source code together with the binary, you have to distribute the source code to any third party. + Also, as soon as you hand code between two companies, or between a company and a consultant, the code has been distributed. + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +The GNU GPL Revisited +GPL Violations + + When do I violate the license + when one ore more of the obligations are not fulfilled + + What risk do I take if I violate the license? + the GPL automatically revokes any usage right + any copyright holder can obtain a preliminary injunction banning distribution of the infringing product + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GNU GPL - Copyright helps Copyleft +Past GPL enforcement + +Past GPL enforcement + + GPL violations are nothing new, as GPL licensed software is nothing new. + However, the recent GNU/Linux hype made GPL licensed software used more often + The FSF enforces GPL violations of code on which they hold the copyright + silently, without public notice + in lengthy negotiations + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GNU GPL - Copyright helps Copyleft +The Linksys case + + + During 2003 the "Linksys" case drew a lot of attention + Linksys was selling 802.11 WLAN Acces Ponts / Routers + Lots of GPL licensed software embedded in the device (included Linux, uClibc, busybox, iptables, ...) + FSF led alliance took the usual "quiet" approach + Linksys bought itself a lot of time + Some source code was released two months later + About four months later, full GPL compliance was achieved + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GNU GPL - Copyright helps Copyleft +The Linksys case + + Some developers didn't agree with this approach + not enough publicity + violators don't loose anything by first not complying and wait for the FSF + four months delay is too much for low product lifecycles in WLAN world + The netfilter/iptables project started to do their own enforcement in more cases that were coming up + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GNU GPL - Copyright helps Copyleft +Enforcement case timeline + + In chronological order + some user sends us a note he found our code somewhere + reverse engineering of firmware images + sending the infringing organization a warning notice + wait for them to sign a statement to cease and desist + if no statement is signed + contract technical expert to do a study + apply for a preliminary injunction + if statement was signed + try to work out the details + grace period for boxes in stock possible + try to indicate that a donation would be good PR + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GNU GPL - Copyright helps Copyleft +Sucess so far + + Success so far + amicable agreements with a number (25+) of companies + sdome of which made significant donations to charitable organizations of the free software community + preliminary injunction against Sitecom, Sitecom also lost appeals case + court decision of munich district court in Sitecom appeals case + a second preliminary injunction against one of Germanys largest technology firms + more settled cases (not public yet) + negotiating in more cases + public awareness + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GNU GPL - Copyright helps Copyleft +Cases so far (1/2) + + + Allnet GmbH + Siemens AG + Fujitsu-Siemens Computers GmbH + Axis A.B. + Securepoint GmbH + U.S.Robotics Germany GmbH + Netgear GmbH + Belkin Compnents GmbH + Asus GmbH + Gateprotect GmbH + Sitecom GmbH / B.V. + TomTom B.V. + Gigabyte Technologies GmbH + D-Link GmbH + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GNU GPL - Copyright helps Copyleft +Cases so far (2/2) + + + Sun Deutschland GmbH + Open-E GmbH + Siemens AG (second case) + Deutsche Telekom AG + Hitachi Inc. + Tecom Inc. + ARP Datacon GmbH + Conceptronic B.V. + + some more not public yet + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GNU GPL - Copyright helps Copyleft +What we've learned + + + Copyleft-style licenses can be enforced! + A lot of companies don't take Free Software licenses seriously + Even corporations with large legal departments who should know + Reasons unclear, probably the financial risk of infringement was considered less than the expected gains + The FUD spread about "GPL not holding up in court" has disappeared + + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GNU GPL - Copyright helps Copyleft +Future GPL Enforcement + + + GPL Enforcement + remains an important issue for Free Software + will start to happen within the court more often + has to be made public in order to raise awareness + will probably happen within some form of organization + + What about Copylefted Content (Creative Commons) + probably just a matter of time until CC-licensed works of art are infringed + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GNU GPL - Copyright helps Copyleft +Problems of GPL Enforcement + + Problems + distributed copyright + is an important safeguard + can make enforcement difficult, since copyright traditionally doesn't know cases with thousands of copyright holders + distribution of damages extremely difficult + the legal issue of having to do reverse engineering in order to prove copyright infringement(!) + only the copyright holder (in most cases the author) can do it + users discovering GPL'd software need to communicate those issues to all entitled parties (copyright holders) + infringers obfuscating and/or encrypting fres software as disguise + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GNU GPL - Copyright helps Copyleft +gpl-violations.org + + The http://www.gpl-violations.org/ project was started + as a platform wher users can report alleged violations + to verify those violations and inform all copyright holders + to inform the public about ongoing enforcement efforts + + At the moment, project is only backed by the author + more volunteers needed to investigate all cases + something like 170 reported (alleged) violations up to day + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GNU GPL - Copyright helps Copyleft +Make later enforcement easy + + Practical rules for proof by reverse engineering + Don't fix typos in error messages and symbol names + Leave obscure error messages like 'Rusty needs more caffeine' + Make binary contain string of copyright message, not only source + Practical rules for potential damages claims + Use revision control system + Document source of each copyrightable contribution + Name+Email address in CVS commit message + Consider something like FSFE FLA (Fiduciary License Agreement) + Make sure that employers are fine with contributions of their employees + If you find out about violation + Don't make it public (has to be new/urgent for injunctive relief) + Contact lawyer immediately to send wanrning notice + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GNU GPL - Copyright helps Copyleft +Thanks + + Thanks to + KNF + for first bringing me in contact with linux in 1994 + Astaro AG + for sponsoring most of my netfilter work + Free Software Foundation + for the GNU Project + for the GNU General Public License + Dr. Till Jaeger + for handling my legal cases + +%size 3 + The slides of this presentation are available at http://www.gnumonks.org/ + + Further reading: +%size 3 + The http://www.gpl-violations.org/ project +%size 3 + The Free Software foundation http://www.fsf.org/, http://www.fsf-europe.org/ +%size 3 + The GNU Project http://www.gnu.org/ +%size 3 + The netfilter homepage http://www.netfilter.org/ +%% http://management.itmanagersjournal.com/management/04/05/31/1733229.shtml?tid=85&tid=4 + + diff --git a/2005/gpl-clt2005/short-abstract b/2005/gpl-clt2005/short-abstract new file mode 100644 index 0000000..e0aa9b4 --- /dev/null +++ b/2005/gpl-clt2005/short-abstract @@ -0,0 +1,4 @@ +Linux is used more and more, especially in the embedded market. Unfortunately, +a number of vendors do not comply with the GNU GPL. The author has enforced +the GPL numerous times in and out of court, and will talk about his experience. + diff --git a/2005/gpl-ec2005/about-hmwconsulting.tex b/2005/gpl-ec2005/about-hmwconsulting.tex new file mode 100644 index 0000000..e7dd55a --- /dev/null +++ b/2005/gpl-ec2005/about-hmwconsulting.tex @@ -0,0 +1,111 @@ +\documentclass[a4paper,11pt]{article} + +\pagestyle{myheadings} + +\setlength{\evensidemargin}{0mm} +\setlength{\oddsidemargin}{0mm} +\setlength{\topmargin}{0mm} +\setlength{\topskip}{0mm} +\setlength{\headheight}{0mm} +\setlength{\textheight}{230mm} +\setlength{\textwidth}{160mm} + +\markright{Appendix B: About the Speaker and his projects} + +\begin{document} + +\date{} + +\title{About hmw-consulting} + +\author{Harald Welte} + +% \maketitle + +\section{About Mr. Harald Welte} + +Harald Welte is an independent software developer and +consultant\footnote{http://www.hmw-consulting.com/} in the fields of operating +system development and network security, as well as high-performance data +communications and embedded computing. + +Starting with 1992, Mr. Welte has been participating in the BBS community, +gathering operational experience with German and International message-based +offline communications networks, such as the FIDO Network and Z-Netz. + +In 1994, at a time where only the academic community in Germany had access to +the Internet, he's been pioneering the effort of bringing Internet connectivity +to individuals as part of a non-for-profit effort\footnote{Kommunikationsnetz +Franken e.V. (http://www.franken.de/)}. He gathererd first-hand experience of +early ISP\footnote{Internet Service Provider} operations. Due to the almost +non-existant commercial products for Internet Service Providers (ISPs), he was +using readily-available Free and Open Source Software (FOSS). + +Starting in 1997, Mr. Welte became a full-time consultant for Linux/Unix +Kernel and Network development. + +His technical involvement with the network stack of the Linux Operating System +became stronger over time, and starting with 2001 he was appointed the chairman +of the netfilter/iptables\footnote{http://www.netfilter.org/} project. + +Mr. Welte is a regular speaker at international Linux and network security +related conferences, presenting at up to 17 such events per year. + +He is serving as a FOSS advisor to Astaro AG\footnote{http://www.astaro.com/}, +providing guidance for the companies' FOSS involvement and contacts. + +His client list includes small and medium sized businesses and Germany, +international Linux distributors as well as large international vendors of +networking equipment. + +Furthermore, Mr. Welte is a member of a number of non-for-profit organizations +related to the Internet, Computer Security, Digital/Civil Rights, such as the +CCC\footnote{Chaos Computer Club (http://www.ccc.de/)}, +FFII\footnote{Foundation for a Free Information Infrastructure +(http://www.ffii.org/)}, KNF\footnote{Kommunikationsnetz Franken e.V. +(http://www.franken.de/)}, ISOC.de\footnote{Internet Society German Chapter +(http://www.isoc.de/)} and Humanistische Union\footnote{Humanistische Union (http://www.humanistische-union.de/)}. + + Mr. Welte is currently living in Berlin, Germany. + +\newpage + +\section{About the netfilter/iptables project} + +netfilter/iptables is a Free Software project providing an enormously large +toolbox for network security, so-called ``firewalling''. Firewalls act as +security gateway between an organization-internal network and a public network, such as the Internet. + +netfilter/iptables is probably\footnote{as the software can be copied by +anyone, there is no way to determine the exact usage number} the mostly-used +firewall software worldwide. + +Apart from being part of virtually any Linux Installation, there are hundreds +of commercial vendors offering Firewall Software and/or Hardware Appliances +based on netfilter/iptables, ranging from consumer-class equipment up to +enterprise firewalls. + +Companies shipping netfilter/iptables based security gateways include Secunet, +Novell, Astaro, Smoothwall, Balabit, Siemens, Fujitsu-Siemens, Deutsche +Telekom, Netgear, Belkin, Cisco/Linksys, Asus. + +One netfilter/iptables based security product\footnote{SecuNet SINA +(http://www.secunet.de/} has been awarded with classification level {\em NATO SECRET}). + +\section{About hmw-consulting} + +hmw-consulting is Mr. Welte's Berlin (Germany) based Information Technology +Consulting Business, offering consulting, development and training in the areas +of + +\begin{itemize} +\item Networking (Internet, Intranet, Extranet) +\item Network Security (Firewalls, Proxies, Intrusion Detection, VPN) +\item Linux Kernel Development (Device Drivers, Networking Protcols) +\item Embedded Linux (ARM, MIPS, x86, PowerPC) +\item Industrial Linux Computing (Data Acquisition, Statistical Process Control) +\end{itemize} + + + +\end{document} diff --git a/2005/gpl-ec2005/biography b/2005/gpl-ec2005/biography new file mode 100644 index 0000000..165a4dc --- /dev/null +++ b/2005/gpl-ec2005/biography @@ -0,0 +1,25 @@ + Harald Welte is a independent software developer and consultant[1] in the +fields of operating system development and network security, as well as +high-performance data communications and embedded computing. For a number of +years, he is the chairman of the netfilter/iptables[2] project, a Free Software +solution for Linux-based network firewalls. + + During the last six years, he has been contracted for projects by various +international companies of all industries, ranging from software vendors to +banks to manufacturers of networking gear. + + He licenses his software under the terms of the GNU GPL, and is determined to +bring all users, distributors, value added resellers and vendors of projects +based on his software in full compliance with the GPL, even if it includes +raising legal charges. + + Apart from his technical work, Harald is participating in a number of +non-for-profit organizations such as the CCC[3], FFII[4]. + + Mr. Welte is currently living in Berlin, Germany. + +[1] http://www.hmw-consulting.de/ +[2] http://www.netfilter.org/ +[3] http://www.ccc.de/ +[4] http://www.ffii.org/ + diff --git a/2005/gpl-ec2005/extended-abstract b/2005/gpl-ec2005/extended-abstract new file mode 100644 index 0000000..b15ce0e --- /dev/null +++ b/2005/gpl-ec2005/extended-abstract @@ -0,0 +1,23 @@ +Enforcing the GNU GPL - Copyright helps Copyleft + +More and more vendors of various computing devices, especially network-related +appliances such as Routers, NAT-Gateways and Wireless Access Points are using +Linux and other GPL licensed Free Software in their products. + +While the Linux community can look at this as a big success, there is a back +side of that coin: A large number of those vendors have no idea about the GPL +license terms, and as a result do not fulfill their obligations under the GPL. + +The netfilter/iptables project has started legal proceedngs against a number of +companies in violation of the GPL since December 2003. Those legal proceedings +were quite successful so far, resulting in twelve amicable agreements, two +granted preliminary injunctions and one court order. The list of companies +includes large international corporations such as Siemens, Deutsche Telekom, +Hitachi, Asus and Belkin. + +The speaker will present an overview about his recent successful enforcement of +the GNU GPL within German jurisdiction. + +In the end, it seems like the idea of the founding fathers of the GNU GPL +works: Guaranteeing the freedom of Free Software by using Copyright to create +Copyleft. diff --git a/2005/gpl-ec2005/gpl-ec2005.mgp b/2005/gpl-ec2005/gpl-ec2005.mgp new file mode 100644 index 0000000..71dd062 --- /dev/null +++ b/2005/gpl-ec2005/gpl-ec2005.mgp @@ -0,0 +1,406 @@ +%include "default.mgp" +%default 1 bgrad +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +%nodefault +%back "blue" + +%center +%size 7 + + +The GPL is not Public Domain + + +%center +%size 4 +by + +Harald Welte <laforge@gnumonks.org> + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +The GNU GPL Revisited +Contents 1/2 + + + Introduction + What is Copyrightable? + Terminology + Common FOSS Licenses + The GNU GPL Revisited + Complete Source Code + Derivative Works + Non-Public Modifications + GPL Violations + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GNU GPL - Copyright helps Copyleft +Contents 2/2 + + + Past GPL Enforcement + The Linksys case + Typical enforcement timeline + Success so far + Cases so far + Future GPL Enforcement + Thanks + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +The GNU GPL Revisited +Introduction + + +Who is speaking to you? + an independent Free Software developer + who earns his living off Free Software since 1997 + who is one of the authors of the Linux kernel firewall system called netfilter/iptables + who IS NOT A LAWYER, although this presentation is the result of dealing almost a year with lawyers on the subject of the GPL + +Why is he speaking to you? + because he thinks there is too much confusion about copyright and free software licenses. Even Red Hat CEO Matt Szulik stated in an interview that RedHat puts investments into 'public domain' :( + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +The GNU GPL Revisited +Disclaimer + +Legal Disclaimer + + All information presented here is provided on an as-is basis + There is no warranty for correctness of legal information + The author is not a lawyer + This does not comprise legal advise + The authors experience is limited to German copyright law + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +The GNU GPL Revisited +What is copyrightable? + + The GNU GPL is a copyright license, and thus only covers copyrighted works + Not everything is copyrightable (German: Schoepfungshoehe) + Small bugfixes are not copyrightable (similar to typo-fixes in a book) + As soon as the programmer has a choice in the implementation, there is significant indication of a copyrightable work + Choice in algorithm, not in formal representation + Apparently, the level for copyrightable works is relatively low + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +The GNU GPL Revisited +Terminology + + Public Domain + concept where copyright holder abandons all rights + same legal status as works where author has died 70 years ago (German: Gemeinfreie Werke) + Freeware + object code, free of cost. No source code + Shareware + proprietary "Try and Buy" model for object code. + Cardware/Beerware/... + Freeware that encourages users to send payment in kind + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +The GNU GPL Revisited +Terminology + + Free Software + source code freely distributed + must allow redistribution, modification, non-discriminatory use + mostly defined by Free Software Foundation + Open Source + source code freely distributed + must allow redistribution, modification, non-discriminatory use + defined in the "Open Source Definition" by OSI + + The rest of this document will refer to Free and Open Source Software as FOSS. + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +The GNU GPL Revisited +Common FOSS licenses + + Original BSD License + allows redistribution, modification + even allows proprietary extensions with no source code offer + all docs, advertisement materials have to mention copyright holder + Modified BSD License + same as "Original BSD License", but no copyright statements required in docs and advertisements + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +The GNU GPL Revisited +Common FOSS licenses + + GPL (GNU General Public Liense) + allows redistribution, including modified works + obliges distributor to supply source code including all modifications + usage rights are revoked if license conditions not met + LGPL (GNU Library General Public License) + explicitly allows linking of proprietary applications + written as special case for libraries (such as glibc) + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +The GNU GPL Revisited +The GNU GPL Revisited + +Revisiting the GNU General Public License + + Regulates distribution of copyrighted code, not usage + Allows distribution of source code and modified source code + The license itself is mentioned + A copy of the license accompanies every copy + Allows distribution of binaries or modified binaries, if + The license itself is mentioned + A copy of the license accompanies every copy + The complete source code is either included with the copy made available to any 3rd party + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +The GNU GPL Revisited +Complete Source Code + +%size 3 +"... complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable." + Our interpretation of this is: + Source Code + Makefiles + Tools for generating the firmware binary from the source + (even if they are technically no 'scripts') + General Rule: + Intent of License is to enable user to run modified versions of the program. They need to be enabled to do so. + Result: Signing binaries and only accepting signed versions without providing a signature key is not acceptable! + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +The GNU GPL Revisited +Derivative Works + + What is a derivative work? + Not dependent on any particular kind of technology (static/dynamic linking, dlopen, whatever) + Even while the modification can itself be a copyrightable work, the combination with GPL-licensed code is subject to GPL. + No precendent in Germany so far + As soon as code is written for a specific non-standard API (such as the iptables plugin API), there is significant indication for a derivative work + This position has been successfully enforced out-of-court with two Vendors so far (iptables modules/plugins). + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +The GNU GPL Revisited +Derivative Works + + Position of my lawyer: + In-kernel proprietary code (binary kernel modules) are hard to claim GPL compliant + Case-by-case analysis required, especially when drivers/filesystems are ported from other OS's. + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +The GNU GPL Revisited +Collected Works + +%size 3 +"... it is not the intent .. to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works ..." +%size 3 +"... mere aggregation of another work ... with the program on a volume of a storage or distribution medium does not bring the other work under the scope of this license" + + GPL allows "mere aggregation" + like a general-porpose Linux distribution (SuSE, Red Hat, ...) + + GPL disallows "collective works" + legal grey area + tends to depend a lot on jurisdiction + no precendent so far + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +The GNU GPL Revisited +Non-Public modifications + + Non-Public modifications + A common misconception is that if you develop code within a corporation, and the code never leaves this corporation, you don't have to ship the source code. + However, at least German law would count every distribution beyound a number of close colleague as distribution. + Therefore, if you don't go for '3a' and include the source code together with the binary, you have to distribute the source code to any third party. + Also, as soon as you hand code between two companies, or between a company and a consultant, the code has been distributed. + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +The GNU GPL Revisited +GPL Violations + + When do I violate the license + when one ore more of the obligations are not fulfilled + + What risk do I take if I violate the license? + the GPL automatically revokes any usage right + any copyright holder can obtain a preliminary injunction banning distribution of the infringing product + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GNU GPL - Copyright helps Copyleft +Past GPL enforcement + +Past GPL enforcement + + GPL violations are nothing new, as GPL licensed software is nothing new. + However, the recent Linux hype made GPL licensed software used more often + The FSF enforces GPL violations of code on which they hold the copyright + silently, without public notice + in lengthy negotiations + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GNU GPL - Copyright helps Copyleft +The Linksys case + + + During 2003 the "Linksys" case drew a lot of attention + Linksys was selling 802.11 WLAN Acces Ponts / Routers + Lots of GPL licensed software embedded in the device (included Linux, uClibc, busybox, iptables, ...) + FSF led alliance took the usual "quiet" approach + Linksys bought it self a lot of time + Some source code ws released two months later + About four months later, full GPL compliance was achieved + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GNU GPL - Copyright helps Copyleft +The Linksys case + + + Some developers didn't agree with this approach + not enough publicity + violators don't loose anything by first not complying and wait for the FSF + four months delay is too much for low product lifecycles in WLAN world + The netfilter/iptables project started to do their own enforcement in more cases that were coming up + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GNU GPL - Copyright helps Copyleft +Enforcement case timeline + + + In chronological order + some user sends us a note he found our code somewhere + reverse engineering of firmware images + sending the infringing organization a warning notice + wait for them to sign a statement to cease and desist + if no statement is signed + contract technical expert to do a stdudy + apply for a preliminary injunction + if statement was signed + try to work out the details + grace period for boxes in stock possible + try to indicate that a donation would be good PR + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GNU GPL - Copyright helps Copyleft +Sucess so far + + + Success so far + amicable agreements with a number of companies + some of which made significant donations to charitable organizations of the free software community + preliminary injunction against Sitecom, Sitecom also lost appeals case + more settled cases (not public yet) + negotiating in more cases + public awareness + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GPL enforcement report +Cases so far + + Allnet GmbH + Siemens AG + Fujitsu-Siemens Computers GmbH + Axis A.B. + Securepoint GmbH + U.S.Robotics Germany GmbH + undisclosed large vendor + Belkin Compnents GmbH + Asus GmbH + Gateprotect GmbH + Sitecom GmbH + TomTom B.V. + Gigabyte Technologies GmbH + D-Link GmbH + Sun Deutschland GmbH + Open-E GmbH + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GNU GPL - Copyright helps Copyleft +Future GPL Enforcement + +GPL Enforcement + remains an important issue for Free Software + will start to happen within the court + has to be made public in order to raise awareness + +Problems + only the copyright holder (in most cases the author) can do it + users discovering GPL'd software need to communicate those issues to all copyright holders + +The http://www.gpl-violations.org/ project was started + as a platform wher users can report alleged violations + to verify those violations and inform all copyright holders + to inform the public about ongoing enforcement efforts + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GNU GPL - Copyright helps Copyleft +Make later enforcement easy + + Practical rules for proof by reverse engineering + Don't fix typos in error messages and symbol names + Leave obscure error messages like 'Rusty needs more caffeine' + Make binary contain string of copyright message, not only source + Practical rules for potential damages claims + Use revision control system + Document source of each copyrightable contribution + Name+Email address in CVS commit message + Consider something like FSFE FLA (Fiduciary License Agreement) + Make sure that employers are fine with contributions of their employees + If you find out about violation + Don't make it public (has to be new/urgent for injunctive relief) + Contact lawyer immediately to send wanrning notice + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GNU GPL - Copyright helps Copyleft +Thanks + + Thanks to + Alan Cox, Alexey Kuznetsov, David Miller, Andi Kleen + for implementing (one of?) the world's best TCP/IP stacks + Paul 'Rusty' Russell + for starting the netfilter/iptables project + for trusting me to maintain it today + Astaro AG + for sponsoring parts of my netfilter work + Free Software Foundation + for the GNU Project + for the GNU General Public License +%size 3 + The slides of this presentation are available at http://www.gnumonks.org/ + + Further Reading +%size 3 + The netfilter homepage http://www.netfilter.org/ +%size 3 + The http://www.gpl-violations.org/ project + + diff --git a/2005/gpl-ec2005/gpl-ec2005.pdf b/2005/gpl-ec2005/gpl-ec2005.pdf Binary files differnew file mode 100644 index 0000000..4b09e54 --- /dev/null +++ b/2005/gpl-ec2005/gpl-ec2005.pdf diff --git a/2005/gpl-ec2005/gpl-ec2005.xml b/2005/gpl-ec2005/gpl-ec2005.xml new file mode 100644 index 0000000..d75916c --- /dev/null +++ b/2005/gpl-ec2005/gpl-ec2005.xml @@ -0,0 +1,413 @@ +<?xml version='1.0' encoding='ISO-8859-1'?> + +<!DOCTYPE article PUBLIC '-//OASIS//DTD DocBook XML V4.3//EN' 'http://www.docbook.org/xml/4.3/docbookx.dtd'> + +<article id="gpl-enforcement-ccc2004"> + +<articleinfo> + <title>Enforcing the GNU GPL - Copyright helps Copyleft</title> + <authorgroup> + <author> + <personname> + <firstname>Harald</firstname> + <surname>Welte</surname> + </personname> + <!-- + <personblurb>Harald Welte</personblurb> + <affiliation> + <orgname>netfilter core team</orgname> + <address> + <email>laforge@netfilter.org</email> + </address> + </affiliation> + + --> + <email>laforge@gpl-violations.org</email> + </author> + </authorgroup> + <copyright> + <year>2004</year> + <holder>Harald Welte <laforge@gpl-violations.org> </holder> + </copyright> + <date>Dec 01, 2004</date> + <edition>1</edition> + <orgname>netfilter core team</orgname> + <releaseinfo> + $Revision: 1.4 $ + </releaseinfo> + + <abstract> + <para> +More and more vendors of various computing devices, especially network-related +appliances such as Routers, NAT-Gateways and 802.11 Access Points are using +Linux and other GPL licensed free software in their products. + </para> + <para> +While the Linux community can look at this as a big success, there is a back +side of that coin: A large number of those vendors have no idea about the GPL +license terms, and as a result do not fulfill their obligations under the GPL. + </para> + <para> +The netfilter/iptables project has started legal proceedngs against a number of +companies in violation of the GPL since December 2003. Those legal proceedings +were quite successful so far, resulting in twelve amicable agreements and one +granted preliminary injunction. The list of companies includes large +corporations such as Siemens, Asus and Belkin. + </para> + <para> +This paper and the corresponding presentation will give an overview about the +author's recent successful enforcement of the GNU GPL within German +jurisdiction. + </para> + <para> +The paper will go on describing what exactly is neccessarry to fully comply +with the GPL, including the author's legal position on corner cases such as +cryptographic signing. + </para> + <para> +In the end, it seems like the idea of the founding fathers of the GNU GPL +works: Guaranteeing Copyleft by using Copyright. + </para> + </abstract> + +</articleinfo> + + +<section> +<title>Legal Disclaimer</title> +<para> +The author of this paper is a software developer, not a lawyer. The content of +this paper represents his knowledge after dealing with the legal issues of +about 20 gpl violation cases. +</para> +<para> +All information in this paper is presented on a nas-is basis. There is no +warranty for correctness. +</para> +<para> +The paper does not comprise legal advise, and any details might be coupled to German copyright law (UrhG) +</para> +</section> + +<section> +<title>Free Software and its role in the software industry</title> +<para> +Though Free Software (sometimes referred to as Open Source Software) according +to our definition exists since the early 1980's, it didn't became popular until +the advent of the internet. +</para> +<para> +The concept of cooperative development between otherwise unrelated parties was an ideal match with the new possibilities of worldwide communication. +</para> +<para> +Free Software finds its way into almost any market within the industry. While +FOSS deployment traditionally being strong in the server market, it recently +gains in the desktop workstation market, too (e.g. Open Office, Mozilla). +</para> +<para> +However, the largest number of FOSS deployments is in the embedded computing +market. You can easily find Linux and other FOSS embeddeed into devices such +as DSL routers, WLAN access points, network attached storage, digital TV +receivers, home multimedia centres and recently even wireless phones. +</para> +</section> + +<section> +<title>What is copyrightable</title> +<para> +Since the GNU GPL is a copyright license, it can only cover copyrightable +works. The exact definition of what is copyrightable and what not might vary +from legislation to legislation. +</para> +<para> +Software is considered the immaterial result of a creative act, and is treated +very much like literary works. It might therefore be applicable to look at the +analogy of a printed book. +</para> +<para> +In order for a work to be copyrightable, it has to be non-trivial (German: +Schöpfungshöhe). Much like a lector of a book, anybody who just +corrects spelling mistakes, compiler warnings, or even functional fixes such as +fixing a signedness bug or a typecast are unlikely to be seen as a +copyrightable contribution to an existing work. +</para> +<para> +An indication for copyrightability can be the question: Did the author have a +choice (i.e. between different algorithms)? As soon as there are multiple ways +of getting a particular job done, and the author has to make decisions on which +way to go, this is an indication for copyrightability. +</para> +</section> + +<section> +<title>The GNU GPL revisited</title> +<para> +As a copyright license, the GNU GPL mainly regulates distribution of a +copyrighted work, not usage. To the opposite, the GNU GPL does not allow an +author to make any additional restrictions like <quote>must not be used for +military purpose</quote>. +</para> +<para> +As a summary, the license allows distribution of the source code (including +modifications, if any) if +<itemizedlist> +<listitem><para>The GPL license itself is mentioned</para></listitem> +<listitem><para>A copy of the full license text accompanies every copy</para></listitem> +</itemizedlist> +</para> +<para> +The GPL allows distribution of the object code (including modifications) if +<itemizedlist> +<listitem><para>The GPL license itself is mentioned</para></listitem> +<listitem><para>A copy of the full license text accompanies every copy</para></listitem> +<listitem><para>The <quote>complete corresponding source code</quote> or a written offer to ship it to any third party is included with every copy</para></listitem> +</itemizedlist> +</para> +</section> + +<section> +<title>Complete Source Code</title> +<para> +The GPL contains a very specific definition of what the term <quote>full source +code</quote> actually means in practise: +</para> +<para><quote> +... complete source code means all the source code for all modules it contains, +plus any associated interface definition files, plus the scripts used to +control compilation and installation of the executable. +</quote></para> +<para> +The interpretation of the paper's author of this (for C programs) is: +<itemizedlist> +<listitem><para>source code</para></listitem> +<listitem><para>Header Files</para></listitem> +<listitem><para>Makefiles</para></listitem> +<listitem><para>Tools for installation of a modified binary, even if they are not technically implemented as scripts</para></listitem> +</itemizedlist> +</para> +<para> +The general rule in case of any question is the intent of the license: To +enable the user to modify the source code and run modified versions. +</para> +<para> +This brings us to the conclusion that in case of a bundle of hardware and +software, the hardware can not be implemented in a way to only accept +cryptographically signed software, without providing either the original key, +or the option of setting a new key in the hardware. +</para> +</section> + + +<section> +<title>Derivative Work</title> +<para> +The question of derivative works is probably the hardest question with regard +to the GPL. According to the license text, any derivative work can only be +distributed under the GPL, too. However, the definition of a derivative work +is left to the legal framework of copyright. +</para> +<para> +The paper's author is convinced that any court decision would not look at the +particular technology used to integrate multiple software parts. It is much +more a question of how much dependency there is between the two pieces. +</para> +<para> +If a program is written against a specific non-standard API, this can be +considered as an indication for a derivative work. If a program is written +against standard APIs, and the GPL licensed parts that provide those APIs can +be easily exchanged with other [existing] implementations, then it can be considered as indication for no derivative work. +</para> +<para> +Unfortunately there is no precedent on this issue, so it's up to the first +court decisions on the issue of derivative works to determine. +</para> +</section> + +<section> +<title>Collective Works</title> +<para> +<quote>... it is not the intent ... to claim rights or contest your rights to work written entirely by you; rather, the intent is to excercise the right to control the distribution of derivative or collective works ...</quote> +</para> +<para> +<quote>... mere aggregation of another work ... with the program on a volume of a storage or distribution medium does not bring the other work under the scope of this license</quote> +</para> +<para> +So the GPL allows <quote>mere aggregation</quote>, which is what e.g. the +GNU/Linux distributors like RedHat or SuSE do, when they ship GPL-licensed +programs together with a proprietary Macromedia Flash player on one CD- or +DVD-Medium. +</para> +<para> +Further research is required to determine what exactly would be a collective +work, and how far this is backed by copyright law. +</para> +</section> + +<section> +<title>Non-Public Modifications</title> +<para> +Since the GPL regulates distribution and not use, any modifications that are +not distributed in any form do not require offering the source code. +</para> +<para> +Special emphasis has to be given on when distribution happens within the legal +context. +</para> +<para> +Undoubtedly, as soon as you distribute modifications to a third party, such as +a contractor or another company, you are bound by the GPL to either include the +full source code, or a written offer. Please note that if you don't include +the source code at any given time, the written offer must be available to any third party! +</para> +<para> +Interestingly, at least in German copyright law, distribution can also happen +within an organization. Apparently, as soon as a copy is distributed to a +group larger than a small number of close colleagues whom you know personally, +distribution happens - and thus the obligations of the GPL apply. +</para> +</section> + +<section> +<title>GPL Violations</title> +<para> +The GPL is violated as soon as one or more of the obligations are not fulfilled.</para> +<para> +For this case, the GPL automatically revokes any right, even the usage right on +the original unmodified code. So not only the distribution is infringing, also the mere use is no longer permitted. +</para> +<para> +This very strong provision is quite common in copyright licenses, especially in +the world of proprietary software - so businesses involved in the software businesses are already used to that concept. +</para> +</section> + +<section> +<title>Past GPL Enforcement</title> +<para> +In fact, GPL enforcement is not something completely new. The Free Software +Foundation (FSF) has been handling a number of GPL enforcement cases throughout +it's history since 1984. +</para> +<para> +However, their approach is quiet negotiations with the respective parties. +While this being productive in the respective cases, it obviously cannot serve +as example to raise public awareness about GPL compliance. +</para> +<para> +Also, anyone who uses GPL licensed software doesn't really have an economic +incentive to behave license compliant, if he cannot loose something. While the +Free Software movement being very ideological, we cannot neglect the fact that +businesses are only driven by economy. +</para> +<para> +Thus, it is the idea of the author to raise the economic price of license +infringement by +<itemizedlist> +<listitem><para>making infringement public (and thus imposing a negative marketing effect)</para></listitem> +<listitem><para>raising legal charges which force them to comply or otherwise loose the chance to use GPL covered code</para></listitem> +<listitem><para>claiming damages as a direct economic price</para></listitem> +</itemizedlist> +</para> +</section> + +<section> +<title>The Linksys Case</title> +<para> +In 2003, the Linksys Case was drawing a lot of attention from the FOSS +community. Linksys Corporation (a subsidiary of Cisco, the worldwide leader in +network equipment such as enterprise switches and routers) was selling 802.11 +(aka WiFi, WLAN) Access Points and Routers containing GPL licensed software. +The devices were sold virtually worldwide, and Linksys is one of the largest +players in the 802.11 consumer market. Software embedded into the device +contains the Linux OS Kernel, uClibc, busybox, netfilter/iptables. +</para> +<para> +An alliance of copyright holders (including the author of this paper) was lead by the Free Software Foundation to bring Linksys into compliance with the GPL license terms. +</para> +<para> +While in the end successfully bringing Linksys into compliance, it took that +alliance about four months to achieve the full sourcecode release by Linksys. +</para> +<para> +The strategy of Linksys was to overly delay the negotiations, making one +incoomplete source code release after the other. +</para> +<para> +Especially considering that the product lifecycle in the 802.11 being usually +somewhere between three and six months, this kind of delay was not acceptable +to a number of involved copyright holders. +</para> +<para> +Looking back from now, it is important to note that the Linksys GPL case has +actually helped Linksys a lot with regard to the popularity of their products. +A lot of users buy their product exactly because they know they receive the +sourcecode and the right to modify it. There's now a vivid community around +their products, offering community-based alternative software (aka firmware) +for them. Also, a number of small and medium-sized businesses have alternative +commercial free software offers. Due to that success, almost any new Linksys +product was based on Free Software, too! +</para> +</section> + +<section> +<title>Enforcement Case Timeline</title> +<para> +The author of this paper started the <quote>gpl-violations.org</quote> project +in order to help with new cases coming up after the Linksys case. +</para> +<para> +The usual timeline of an enforcemnt case looks like this: +<itemizedlist> +<listitem><para>Customer/User of the product sends information about the product to copyright holders</para></listitem> +<listitem><para>Copyright holders confirm violation by re-engineering the product and making a test purchase</para></listitem> +<listitem><para>Copyright holder sends a warning notice to the product vendor</para></listitem> +<listitem><para>Copyright holder waits for some two weeks if vendor is willing to sing a declaration to cease and decist</para></listitem> +<listitem><para>If no declaration to cease and decist was signed + <itemizedlist> + <listitem><para>Contract technical expert recognized to court to do a study</para></listitem> + <listitem><para>Apply for a preliminary injunction at court</para></listitem> + </itemizedlist> +</para></listitem> +<listitem><para>If declaration to cease and decist was signed + <itemizedlist> + <listitem><para>Try to find amicable agreement about damages and information claims</para></listitem> + <listitem><para>Probably grant a grace period for products already produced and in stock</para></listitem> + </itemizedlist> +</para></listitem> +</itemizedlist> +</para> +</section> + +<section> +<title>Success so far</title> +<para> +Since the launch of gpl-violations.org, it has been a huge success for the FOSS +community. Up to now, there have been about 25 cases where the GPL has been +enforced out-of-court. In addition, there two preliminary injunctions have +been granted. An appeals case against one injunction was turned down by the +court. Thus, precedent has been set forth for likely further cases to follow. +</para> +<para> +Especially the first preliminary injunction received big interest throughout +the computing industry and the legal community. It received significant media +coverage and thus resulted in exactly what the copyright holders wanted to +achive: Raising public awareness about the GPL license conditions. +</para> +</section> + +<section> +<title>Further Reading</title> +<itemizedlist> +<listitem><para>The Free Software Foundation: <ulink url="http://www.fsf.org/"/></para></listitem> +<listitem><para>The gpl-violations.org project: <ulink url="http://www.gpl-violations.org/"/></para></listitem> +<listitem><para>The GNU project project: <ulink url="http://www.gnu.org/"/></para></listitem> +<listitem><para>The law firm JBB (has court orders as PDF on their site): <ulink url="http://www.jbb.de/"/></para></listitem> +<listitem><para>The gpl-violations.org section in the weblog of the author: <ulink url="http://gnumonks.org/~laforge/weblog/linux/gpl-violations"/></para></listitem> +</itemizedlist> +<para> +</para> +</section> + + +</article> + diff --git a/2005/gpl-ec2005/gpl-enforcement-ec2005.fourpages.pdf b/2005/gpl-ec2005/gpl-enforcement-ec2005.fourpages.pdf Binary files differnew file mode 100644 index 0000000..e89c4e4 --- /dev/null +++ b/2005/gpl-ec2005/gpl-enforcement-ec2005.fourpages.pdf diff --git a/2005/gpl-ec2005/gpl-enforcement-ec2005.mgp b/2005/gpl-ec2005/gpl-enforcement-ec2005.mgp new file mode 100644 index 0000000..855c9fe --- /dev/null +++ b/2005/gpl-ec2005/gpl-enforcement-ec2005.mgp @@ -0,0 +1,423 @@ +%include "default.mgp" +%default 1 bgrad +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +%nodefault +%back "blue" + +%center +%size 7 + + +Enforcing the GNU GPL +Copyright helps Copyleft + + +%center +%size 4 +by + +Harald Welte <hwelte@hmw-consulting.de> + + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GNU GPL - Copyright helps Copyleft +Contents + + About the speaker + Free Software and it's role in the industry + Free Software development model + Free Software Licenses + The GNU GPL Revisited + GPL Violations + Past GPL Enforcement + Typical case timeline + Success so far + What we've learned + Problems encountered + Future outlook + Thanks + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GNU GPL - Copyright helps Copyleft +Introduction + + +Who is speaking to you? + an independent Free Software developer + who earns his living off Free Software since 1997 + who is one of the authors of the Linux kernel firewall system called netfilter/iptables + who IS NOT A LAWYER, although this presentation is the result of dealing almost a year with lawyers on the subject of the GPL + +Why is he speaking to you? + he thinks there is too much confusion about copyright and free software licenses. Even Red Hat CEO Matt Szulik stated in an interview that RedHat puts investments into 'public domain' :( + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GNU GPL - Copyright helps Copyleft +Disclaimer + +Legal Disclaimer + + All information presented here is provided on an as-is basis + There is no warranty for correctness of legal information + The author is not a lawyer + This does not comprise legal advise + The authors' experience is limited to German copyright law + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GNU GPL - Copyright helps Copyleft +Free Software and its role in computing + + Free Software (aka Open Source Software) became popular with the advent of the internet + Used increasingly in any market + traditionally in the server area + more recently on the desktop area + but _large_ numbers of installations in the embedded market + router / gateway / firewalls + wireless access points + network attached storage + wireless phones + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GNU GPL - Copyright helps Copyleft +The Free Software development model + + Distributed developers throughout the world + Contributions can come from anyone with required skills + 'cooking pot economy' + everyone puts a small ingredient into the pot + because it's an immaterial pot, everyone gets a full pot + As a result, copyright of the resulting work is vastly distributed + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GNU GPL - Copyright helps Copyleft +Free Software and it's licenses + + It's important to note that it is about freedom of the user, not free beer + Big number of Free (and Open Source) licenses in use + However, significant number of important projects licensed under GNU GPL + Most commonly known example for GPL-covered code: The Linux OS Kernel + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +The GNU GPL Revisited +Terminology + + Public Domain + concept where copyright holder abandons all rights + same legal status as works where author has died 70 years ago (German: Gemeinfreie Werke) + Freeware + object code, free of cost. No source code + Shareware + proprietary "Try and Buy" model for object code. + Cardware/Beerware/... + Freeware that encourages users to send payment in kind + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +The GNU GPL Revisited +Terminology + + Free Software + source code freely distributed + must allow redistribution, modification, non-discriminatory use + mostly defined by Free Software Foundation + Open Source + source code freely distributed + must allow redistribution, modification, non-discriminatory use + defined in the "Open Source Definition" by OSI + + The rest of this document will refer to Free and Open Source Software as FOSS. + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +The GNU GPL Revisited +The GNU GPL Revisited + +Revisiting the GNU General Public License + + Regulates distribution of copyrighted code, not usage + Allows distribution of source code and modified source code + The license itself is mentioned + A copy of the license accompanies every copy + Allows distribution of binaries or modified binaries, if + The license itself is mentioned + A copy of the license accompanies every copy + The complete source code is either included with the copy made available to any 3rd party + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +The GNU GPL Revisited +Complete Source Code + +%size 3 +"... complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable." + Our interpretation of this is: + Source Code + Makefiles + Tools for generating the firmware binary from the source + (even if they are technically no 'scripts') + General Rule: + Intent of License is to enable user to run modified versions of the program. They need to be enabled to do so. + Result: Signing binaries and only accepting signed versions without providing a signature key is not acceptable! + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +The GNU GPL Revisited +Derivative Works + + What is a derivative work? + Not dependent on any particular kind of technology (static/dynamic linking, dlopen, whatever) + Even while the modification can itself be a copyrightable work, the combination with GPL-licensed code is subject to GPL. + No precendent in Germany so far + As soon as code is written for a specific non-standard API (such as the iptables plugin API), there is significant indication for a derivative work + This position has been successfully enforced out-of-court with two Vendors so far (iptables modules/plugins). + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +The GNU GPL Revisited +Derivative Works + + Position of my lawyer: + In-kernel proprietary code (binary kernel modules) are hard to claim GPL compliant + Case-by-case analysis required, especially when drivers/filesystems are ported from other OS's. + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +The GNU GPL Revisited +Collected Works + +%size 3 +"... it is not the intent .. to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works ..." +%size 3 +"... mere aggregation of another work ... with the program on a volume of a storage or distribution medium does not bring the other work und the scope of this license" + + GPL allows "mere aggregation" + like a general-porpose GNU/Linux distribution (SuSE, Red Hat, ...) + + GPL disallows "collective works" + legal grey area + tends to depend a lot on jurisdiction + no precendent so far + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +The GNU GPL Revisited +Non-Public modifications + + Non-Public modifications + A common misconception is that if you develop code within a corporation, and the code never leaves this corporation, you don't have to ship the source code. + However, at least German law would count every distribution beyound a number of close colleague as distribution. + Therefore, if you don't go for '3a' and include the source code together with the binary, you have to distribute the source code to any third party. + Also, as soon as you hand code between two companies, or between a company and a consultant, the code has been distributed. + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +The GNU GPL Revisited +GPL Violations + + When do I violate the license + when one ore more of the obligations are not fulfilled + + What risk do I take if I violate the license? + the GPL automatically revokes any usage right + any copyright holder can obtain a preliminary injunction banning distribution of the infringing product + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GNU GPL - Copyright helps Copyleft +Past GPL enforcement + +Past GPL enforcement + + GPL violations are nothing new, as GPL licensed software is nothing new. + However, the recent GNU/Linux hype made GPL licensed software used more often + The FSF enforces GPL violations of code on which they hold the copyright + silently, without public notice + in lengthy negotiations + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GNU GPL - Copyright helps Copyleft +The Linksys case + + + During 2003 the "Linksys" case drew a lot of attention + Linksys was selling 802.11 WLAN Acces Ponts / Routers + Lots of GPL licensed software embedded in the device (included Linux, uClibc, busybox, iptables, ...) + FSF led alliance took the usual "quiet" approach + Linksys bought itself a lot of time + Some source code was released two months later + About four months later, full GPL compliance was achieved + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GNU GPL - Copyright helps Copyleft +The Linksys case + + Some developers didn't agree with this approach + not enough publicity + violators don't loose anything by first not complying and wait for the FSF + four months delay is too much for low product lifecycles in WLAN world + The netfilter/iptables project started to do their own enforcement in more cases that were coming up + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GNU GPL - Copyright helps Copyleft +Enforcement case timeline + + In chronological order + some user sends us a note he found our code somewhere + reverse engineering of firmware images + sending the infringing organization a warning notice + wait for them to sign a statement to cease and desist + if no statement is signed + contract technical expert to do a study + apply for a preliminary injunction + if statement was signed + try to work out the details + grace period for boxes in stock possible + try to indicate that a donation would be good PR + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GNU GPL - Copyright helps Copyleft +Sucess so far + + Success so far + amicable agreements with a number (20+) of companies + sdome of which made significant donations to charitable organizations of the free software community + preliminary injunction against Sitecom, Sitecom also lost appeals case + court decision of munich district court in Sitecom appeals case + a second preliminary injunction against one of Germanys largest technology firms + more settled cases (not public yet) + negotiating in more cases + public awareness + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GNU GPL - Copyright helps Copyleft +Cases so far (1/2) + + + Allnet GmbH + Siemens AG + Fujitsu-Siemens Computers GmbH + Axis A.B. + Securepoint GmbH + U.S.Robotics Germany GmbH + Netgear GmbH + Belkin Compnents GmbH + Asus GmbH + Gateprotect GmbH + Sitecom GmbH / B.V. + TomTom B.V. + Gigabyte Technologies GmbH + D-Link GmbH + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GNU GPL - Copyright helps Copyleft +Cases so far (2/2) + + + Sun Deutschland GmbH + Open-E GmbH + Siemens AG (second case) + Deutsche Telekom AG + Hitachi Inc. + Tecom Inc. + ARP Datacon GmbH + Conceptronic B.V. + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GNU GPL - Copyright helps Copyleft +What we've learned + + + Copyleft-style licenses can be enforced! + A lot of companies don't take Free Software licenses seriously + Even corporations with large legal departments who should know + Reasons unclear, probably the financial risk of infringement was considered less than the expected gains + The FUD spread about "GPL not holding up in court" has disappeared + + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GNU GPL - Copyright helps Copyleft +Future GPL Enforcement + + + GPL Enforcement + remains an important issue for Free Software + will start to happen within the court more often + has to be made public in order to raise awareness + + What about Copylefted Content (Creative Commons) + probably just a matter of time until CC-licensed works of art are infringed + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GNU GPL - Copyright helps Copyleft +Problems of GPL Enforcement + + Problems + distributed copyright + is an important safeguard + can make enforcement difficult, since copyright traditionally doesn't know cases with thousands of copyright holders + distribution of damages extremely difficult + the legal issue of having to do reverse engineering in order to prove copyright infringement(!) + only the copyright holder (in most cases the author) can do it + users discovering GPL'd software need to communicate those issues to all entitled parties (copyright holders) + infringers obfuscating and/or encrypting fres software as disguise + + The http://www.gpl-violations.org/ project was started + as a platform wher users can report alleged violations + to verify those violations and inform all copyright holders + to inform the public about ongoing enforcement efforts + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GNU GPL - Copyright helps Copyleft +Thanks + + Thanks to + KNF + for first bringing me in contact with linux in 1994 + Astaro AG + for sponsoring most of my netfilter work + Free Software Foundation + for the GNU Project + for the GNU General Public License + Dr. Till Jaeger + for handling my legal cases + +%size 3 + The slides of this presentation are available at http://www.gnumonks.org/ + + Further reading: +%size 3 + The http://www.gpl-violations.org/ project +%size 3 + The Free Software foundation http://www.fsf.org/, http://www.fsf-europe.org/ +%size 3 + The GNU Project http://www.gnu.org/ +%size 3 + The netfilter homepage http://www.netfilter.org/ +%% http://management.itmanagersjournal.com/management/04/05/31/1733229.shtml?tid=85&tid=4 + + diff --git a/2005/gpl-ec2005/gpl-enforcement-ec2005.pdf b/2005/gpl-ec2005/gpl-enforcement-ec2005.pdf Binary files differnew file mode 100644 index 0000000..c81ac48 --- /dev/null +++ b/2005/gpl-ec2005/gpl-enforcement-ec2005.pdf diff --git a/2005/gpl-ec2005/gpl.dvi b/2005/gpl-ec2005/gpl.dvi Binary files differnew file mode 100644 index 0000000..1b567a0 --- /dev/null +++ b/2005/gpl-ec2005/gpl.dvi diff --git a/2005/gpl-ec2005/gpl.tex b/2005/gpl-ec2005/gpl.tex new file mode 100644 index 0000000..10373b4 --- /dev/null +++ b/2005/gpl-ec2005/gpl.tex @@ -0,0 +1,365 @@ +\documentclass[a4paper,10pt]{article} +\pagestyle{myheadings} + +\setlength{\evensidemargin}{0mm} +\setlength{\oddsidemargin}{0mm} +\setlength{\topmargin}{0mm} +\setlength{\topskip}{0mm} +\setlength{\headheight}{0mm} +\setlength{\textheight}{230mm} +\setlength{\textwidth}{160mm} + +\markright{Appendix A:The GNU General Public License} + +\begin{document} + +\title{The GNU General Public License} +\date{} + +\maketitle + +\begin{center} +{\parindent 0in + +Version 2, June 1991 + +Copyright \copyright\ 1989, 1991 Free Software Foundation, Inc. + +\bigskip + +59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + +\bigskip + +Everyone is permitted to copy and distribute verbatim copies +of this license document, but changing it is not allowed. +} +\end{center} + +\begin{center} +{\bf\large Preamble} +\end{center} + + +The licenses for most software are designed to take away your freedom to +share and change it. By contrast, the GNU General Public License is +intended to guarantee your freedom to share and change free software---to +make sure the software is free for all its users. This General Public +License applies to most of the Free Software Foundation's software and to +any other program whose authors commit to using it. (Some other Free +Software Foundation software is covered by the GNU Library General Public +License instead.) You can apply it to your programs, too. + +When we speak of free software, we are referring to freedom, not price. +Our General Public Licenses are designed to make sure that you have the +freedom to distribute copies of free software (and charge for this service +if you wish), that you receive source code or can get it if you want it, +that you can change the software or use pieces of it in new free programs; +and that you know you can do these things. + +To protect your rights, we need to make restrictions that forbid anyone to +deny you these rights or to ask you to surrender the rights. These +restrictions translate to certain responsibilities for you if you +distribute copies of the software, or if you modify it. + +For example, if you distribute copies of such a program, whether gratis or +for a fee, you must give the recipients all the rights that you have. You +must make sure that they, too, receive or can get the source code. And +you must show them these terms so they know their rights. + +We protect your rights with two steps: (1) copyright the software, and (2) +offer you this license which gives you legal permission to copy, +distribute and/or modify the software. + +Also, for each author's protection and ours, we want to make certain that +everyone understands that there is no warranty for this free software. If +the software is modified by someone else and passed on, we want its +recipients to know that what they have is not the original, so that any +problems introduced by others will not reflect on the original authors' +reputations. + +Finally, any free program is threatened constantly by software patents. +We wish to avoid the danger that redistributors of a free program will +individually obtain patent licenses, in effect making the program +proprietary. To prevent this, we have made it clear that any patent must +be licensed for everyone's free use or not licensed at all. + +The precise terms and conditions for copying, distribution and +modification follow. + +\newpage +\begin{center} +{\Large \sc Terms and Conditions For Copying, Distribution and + Modification} +\end{center} + + +%\renewcommand{\theenumi}{\alpha{enumi}} +\begin{enumerate} + +\addtocounter{enumi}{-1} + +\item + +This License applies to any program or other work which contains a notice +placed by the copyright holder saying it may be distributed under the +terms of this General Public License. The ``Program'', below, refers to +any such program or work, and a ``work based on the Program'' means either +the Program or any derivative work under copyright law: that is to say, a +work containing the Program or a portion of it, either verbatim or with +modifications and/or translated into another language. (Hereinafter, +translation is included without limitation in the term ``modification''.) +Each licensee is addressed as ``you''. + +Activities other than copying, distribution and modification are not +covered by this License; they are outside its scope. The act of +running the Program is not restricted, and the output from the Program +is covered only if its contents constitute a work based on the +Program (independent of having been made by running the Program). +Whether that is true depends on what the Program does. + +\item You may copy and distribute verbatim copies of the Program's source + code as you receive it, in any medium, provided that you conspicuously + and appropriately publish on each copy an appropriate copyright notice + and disclaimer of warranty; keep intact all the notices that refer to + this License and to the absence of any warranty; and give any other + recipients of the Program a copy of this License along with the Program. + +You may charge a fee for the physical act of transferring a copy, and you +may at your option offer warranty protection in exchange for a fee. + +\item + +You may modify your copy or copies of the Program or any portion +of it, thus forming a work based on the Program, and copy and +distribute such modifications or work under the terms of Section 1 +above, provided that you also meet all of these conditions: + +\begin{enumerate} + +\item + +You must cause the modified files to carry prominent notices stating that +you changed the files and the date of any change. + +\item + +You must cause any work that you distribute or publish, that in +whole or in part contains or is derived from the Program or any +part thereof, to be licensed as a whole at no charge to all third +parties under the terms of this License. + +\item +If the modified program normally reads commands interactively +when run, you must cause it, when started running for such +interactive use in the most ordinary way, to print or display an +announcement including an appropriate copyright notice and a +notice that there is no warranty (or else, saying that you provide +a warranty) and that users may redistribute the program under +these conditions, and telling the user how to view a copy of this +License. (Exception: if the Program itself is interactive but +does not normally print such an announcement, your work based on +the Program is not required to print an announcement.) + +\end{enumerate} + + +These requirements apply to the modified work as a whole. If +identifiable sections of that work are not derived from the Program, +and can be reasonably considered independent and separate works in +themselves, then this License, and its terms, do not apply to those +sections when you distribute them as separate works. But when you +distribute the same sections as part of a whole which is a work based +on the Program, the distribution of the whole must be on the terms of +this License, whose permissions for other licensees extend to the +entire whole, and thus to each and every part regardless of who wrote it. + +Thus, it is not the intent of this section to claim rights or contest +your rights to work written entirely by you; rather, the intent is to +exercise the right to control the distribution of derivative or +collective works based on the Program. + +In addition, mere aggregation of another work not based on the Program +with the Program (or with a work based on the Program) on a volume of +a storage or distribution medium does not bring the other work under +the scope of this License. + +\item +You may copy and distribute the Program (or a work based on it, +under Section 2) in object code or executable form under the terms of +Sections 1 and 2 above provided that you also do one of the following: + +\begin{enumerate} + +\item + +Accompany it with the complete corresponding machine-readable +source code, which must be distributed under the terms of Sections +1 and 2 above on a medium customarily used for software interchange; or, + +\item + +Accompany it with a written offer, valid for at least three +years, to give any third party, for a charge no more than your +cost of physically performing source distribution, a complete +machine-readable copy of the corresponding source code, to be +distributed under the terms of Sections 1 and 2 above on a medium +customarily used for software interchange; or, + +\item + +Accompany it with the information you received as to the offer +to distribute corresponding source code. (This alternative is +allowed only for noncommercial distribution and only if you +received the program in object code or executable form with such +an offer, in accord with Subsection b above.) + +\end{enumerate} + + +The source code for a work means the preferred form of the work for +making modifications to it. For an executable work, complete source +code means all the source code for all modules it contains, plus any +associated interface definition files, plus the scripts used to +control compilation and installation of the executable. However, as a +special exception, the source code distributed need not include +anything that is normally distributed (in either source or binary +form) with the major components (compiler, kernel, and so on) of the +operating system on which the executable runs, unless that component +itself accompanies the executable. + +If distribution of executable or object code is made by offering +access to copy from a designated place, then offering equivalent +access to copy the source code from the same place counts as +distribution of the source code, even though third parties are not +compelled to copy the source along with the object code. + +\item +You may not copy, modify, sublicense, or distribute the Program +except as expressly provided under this License. Any attempt +otherwise to copy, modify, sublicense or distribute the Program is +void, and will automatically terminate your rights under this License. +However, parties who have received copies, or rights, from you under +this License will not have their licenses terminated so long as such +parties remain in full compliance. + +\item +You are not required to accept this License, since you have not +signed it. However, nothing else grants you permission to modify or +distribute the Program or its derivative works. These actions are +prohibited by law if you do not accept this License. Therefore, by +modifying or distributing the Program (or any work based on the +Program), you indicate your acceptance of this License to do so, and +all its terms and conditions for copying, distributing or modifying +the Program or works based on it. + +\item +Each time you redistribute the Program (or any work based on the +Program), the recipient automatically receives a license from the +original licensor to copy, distribute or modify the Program subject to +these terms and conditions. You may not impose any further +restrictions on the recipients' exercise of the rights granted herein. +You are not responsible for enforcing compliance by third parties to +this License. + +\item +If, as a consequence of a court judgment or allegation of patent +infringement or for any other reason (not limited to patent issues), +conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot +distribute so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you +may not distribute the Program at all. For example, if a patent +license would not permit royalty-free redistribution of the Program by +all those who receive copies directly or indirectly through you, then +the only way you could satisfy both it and this License would be to +refrain entirely from distribution of the Program. + +If any portion of this section is held invalid or unenforceable under +any particular circumstance, the balance of the section is intended to +apply and the section as a whole is intended to apply in other +circumstances. + +It is not the purpose of this section to induce you to infringe any +patents or other property right claims or to contest validity of any +such claims; this section has the sole purpose of protecting the +integrity of the free software distribution system, which is +implemented by public license practices. Many people have made +generous contributions to the wide range of software distributed +through that system in reliance on consistent application of that +system; it is up to the author/donor to decide if he or she is willing +to distribute software through any other system and a licensee cannot +impose that choice. + +This section is intended to make thoroughly clear what is believed to +be a consequence of the rest of this License. + +\item +If the distribution and/or use of the Program is restricted in +certain countries either by patents or by copyrighted interfaces, the +original copyright holder who places the Program under this License +may add an explicit geographical distribution limitation excluding +those countries, so that distribution is permitted only in or among +countries not thus excluded. In such case, this License incorporates +the limitation as if written in the body of this License. + +\item +The Free Software Foundation may publish revised and/or new versions +of the General Public License from time to time. Such new versions will +be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + +Each version is given a distinguishing version number. If the Program +specifies a version number of this License which applies to it and ``any +later version'', you have the option of following the terms and conditions +either of that version or of any later version published by the Free +Software Foundation. If the Program does not specify a version number of +this License, you may choose any version ever published by the Free Software +Foundation. + +\item +If you wish to incorporate parts of the Program into other free +programs whose distribution conditions are different, write to the author +to ask for permission. For software which is copyrighted by the Free +Software Foundation, write to the Free Software Foundation; we sometimes +make exceptions for this. Our decision will be guided by the two goals +of preserving the free status of all derivatives of our free software and +of promoting the sharing and reuse of software generally. + +\begin{center} +{\Large\sc +No Warranty +} +\end{center} + +\item +{\sc Because the program is licensed free of charge, there is no warranty +for the program, to the extent permitted by applicable law. Except when +otherwise stated in writing the copyright holders and/or other parties +provide the program ``as is'' without warranty of any kind, either expressed +or implied, including, but not limited to, the implied warranties of +merchantability and fitness for a particular purpose. The entire risk as +to the quality and performance of the program is with you. Should the +program prove defective, you assume the cost of all necessary servicing, +repair or correction.} + +\item +{\sc In no event unless required by applicable law or agreed to in writing +will any copyright holder, or any other party who may modify and/or +redistribute the program as permitted above, be liable to you for damages, +including any general, special, incidental or consequential damages arising +out of the use or inability to use the program (including but not limited +to loss of data or data being rendered inaccurate or losses sustained by +you or third parties or a failure of the program to operate with any other +programs), even if such holder or other party has been advised of the +possibility of such damages.} + +\end{enumerate} + + +\begin{center} +{\Large\sc End of Terms and Conditions} +\end{center} + +\end{document} diff --git a/2005/gpl-ec2005/red-line b/2005/gpl-ec2005/red-line new file mode 100644 index 0000000..4e63da8 --- /dev/null +++ b/2005/gpl-ec2005/red-line @@ -0,0 +1,67 @@ +thanks for invitation + +introduction about the speaker + +legal disclaimer + +free software and it's role in computing + increased use + not only server market + not only desktop market + but _large_ quantities in the embedded market + router / gateway / firewall + wireless acces points / bridges + network attached storagee + +free software development model + distributed developers throughout the world + contributions from anyone with required skills + as a result, distributed copyright in many projects + +free software and it's licenses + free software != public domain + free as in freedom, not as in beer + significant part covered by gpl license + +gpl revisited + terminology + revisiting + complete source code + derivative works + collective works + non-public modifications + +gpl violations + when do i violate the license + what do i risk + +past (until 2003) gpl enforcement + most of it quietly + in many cases handled by the FSF + +the linksys case + +typical enforcement timeline + +success so far + + +summary / what we've learnt + a lot of companies don't take free software licenses seriously + even companies with large legal deprartments have problems + why is that? lack of information? financial risk not hard enough? + it's not different to any other software license of 3rd party components + + the FUD spread by certain corporations 'can the gpl be enforced' has vanished + +problems of gpl enforcmeent + distributed copyright is a safeguard, but can make enforcement difficult + the need to do reverse engineering to proof the violation + infringing companies obfuscating or encrypting free software + legally difficult to claim your rights as customer of gpl infringing product + damages claims can be difficult due to distribution problem + +gpl enforcment future + I just wanted to set some examples + so many cases, further enforcement has to be done by organization + diff --git a/2005/gpl-ec2005/short-abstract b/2005/gpl-ec2005/short-abstract new file mode 100644 index 0000000..ecf62b3 --- /dev/null +++ b/2005/gpl-ec2005/short-abstract @@ -0,0 +1,8 @@ +A significant amount of Free and Open Source Software (FOSS) is covered under +the GNU General Public License (GPL). Up to about one year ago, this copyright +licese was never contested in court, and there was no precendent on the +enforcibility of it's so-called "copyleft" character. This has changed since +the Author of this Presentation (Harald Welte) obtained a preliminary +injunction and a court order of the District Court of Munich (Germany) to +enforce the GPL. Harald will share his experience in legal enforcement of the +GPL. diff --git a/2005/gpl-enforcement-clt2005/biography b/2005/gpl-enforcement-clt2005/biography new file mode 100644 index 0000000..033e727 --- /dev/null +++ b/2005/gpl-enforcement-clt2005/biography @@ -0,0 +1,21 @@ + Harald Welte ist der Leiter des Netfilter Core Team und is massgeblich an der Entwicklung und Pflege des Paketfilters netfilter/iptables beteiligt. + + Sein Augenmerk innerhalb der Computerwelt lag schon immer auf der +Netzwerktechnik. So ist z.B. der Grund sich 1994 mit Linux zu beschaeftigen +aus der Aufgabe entstanden, ein UUCP<->ZConnect<->FIDO gateway aufzusetzen. + + In der wenigen Zeit, die ihm heute neben netfilter/iptables bleibt, schreibt er eigenartige Dokumente wie das UUCP-over-SSL-HOWTO. + + Seit 1997 ist er als unabhaengiger IT-Consultant und -Entwickler in +zahlreichen Projekten fuer die unterschiedlichsten Firmen (von Banken bis zu +Computerhardware-Herstellern) taetig. + + Im Jahr 2001 folgte er einem Angebot, fuer den Brasilianischen +Linux-Distributor in Curitiba (Brasilien) zu arbeiten. + + Seit Februar 2002 wird seine Arbeit am netfilter/iptables-Projekt durch ein +Sponsoring der Fa. Astaro AG unterstuetzt. Neben diesem Sponsoring arbeitet +er nach wie vor als freiberuflicher Berater und Entwickler. + + Harald lebt seit November 2002 in Berlin. + diff --git a/2005/gpl-enforcement-clt2005/extended-abstract b/2005/gpl-enforcement-clt2005/extended-abstract new file mode 100644 index 0000000..2b56765 --- /dev/null +++ b/2005/gpl-enforcement-clt2005/extended-abstract @@ -0,0 +1,13 @@ +Immer mehr Firmen setzen Linux und andere GPL-Lizensierte Software in Ihren Produkten ein, insbesondere im Bereich der Network Appliances wie Router, NAT-Gateways und 802.11 Access Points. + +Einerseits darf man dies als grossen Erfolg fuer Freie Software weten. Andererseits gibt es eben leider auch eine Schattenseite: Nicht wenige dieser Firmen kuemmern sich nicht oder nicht hinreichend um die GPL Lizenzbedingungen. + +Das netfilter/iptables Projekt hat sich deshalb zur Aufgabe gemacht, die vollstaendige Erfuellung der GPL-Lizenzbedingungen von den betreffenden Firmen in allen bekannten Faellen einzufordern, notfalls auch gerichtlich. + +Diese Bemuehungen laufen nun seit Dezember 2003 - mit ausnahmslosem Erfolg. Das Ergebnis sind mehr als 20 aussergerichtliche Vergleiche, und eine Einstweilige Verfuegung, welche auch das Widerspruchsverfahren ueberstanden hat. + +Die Liste der betroffenen Firmen beinhaltet nahezu ausschliesslich bekannte Namen wie Siemens, Asus, Belkin. + +Der Autor wird einen Ueberblick ueber diese erfolgreiche GPL-Durchsetzung innerhalb des Deutschen Rechtsraums geben. Weiterhin wird er darueber sprechen, welche genauen Bedingungen erfuellt werden muessen, um den Softwarevertrieb GPL-konform zu gestalten. + +Darueberhinaus moechte er einige Empfehlungen an Autoren Freier Software geben, wie diese schon im Vorfeld einer moeglichen spaetere Durchsetzung ihrer Rechte durch konkrete Massnahmen waehrend der Entwicklung helfen koennen. diff --git a/2005/gpl-enforcement-clt2005/gpl-enforcement-clt2005.mgp b/2005/gpl-enforcement-clt2005/gpl-enforcement-clt2005.mgp new file mode 100644 index 0000000..191e3ed --- /dev/null +++ b/2005/gpl-enforcement-clt2005/gpl-enforcement-clt2005.mgp @@ -0,0 +1,287 @@ +%include "default.mgp" +%default 1 bgrad +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +%nodefault +%back "blue" + +%center +%size 7 +reboot 7 + +Enforcing the GNU GPL +Copyright helps Copyleft + + +%center +%size 4 +by + +Harald Welte <laforge@gnumonks.org> + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GNU GPL - Copyright helps Copyleft +Contents + + + Introduction + + The GNU GPL Revisited + Motivations for licensing under the GPL + Enforcing the GNU GPL + + Thanks + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GNU GPL - Copyright helps Copyleft +Introduction + +Who is speaking to you? + an independent Free Software developer + who earns his living off Free Software since 1997 + who is one of the authors of the linux kernel firewall system called netfilter/iptables + who IS NOT A LAWYER, although this presentation is the result of dealing six months with lawyers on the GPL + +Why is he speaking to you? + because he became aware of copyright (copyleft?) infringement and took legal action within German jurisdiction + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GNU GPL - Copyright helps Copyleft +Disclaimer + +Legal Disclaimer + + All information presented here is provided on an as-is basis + There is no warranty for correctness of legal information + The author is not a lawyer + This does not comprise legal advise + The authors' experience is limited to German copyright law + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GNU GPL - Copyright helps Copyleft +Ideas and Goals of the GNU GPL + + Free Software + Software that has fundamental freedoms: + to use it for any purpose + to "help your neighbour" (i.e. make copies) + to study it's functionality (reading source code) + to fix it myself (make modifications and run them) + + Copyleft + Is the legal idea to + exercising copyright to grant the above freedoms + assure that nobody can take away the freedom + + The GNU General Public License + Is a legal instrument to apply they copyleft idea on software + + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GNU GPL - Copyright helps Copyleft +What is copyrightable? + + The GNU GPL is a copyright license, and thus only covers copyrighted code + Not everything is copyrightable (German: Schoepfungshoehe) + Small bugfixes are not copyrightable (similar to typo-fixes in a book) + As soon as the programmer has a choice in the implementation, there is significant indication of a copyrightable work + Choice in algorithm, not in formal representation. + Apparently, the level for copyrightable works is relatively low. + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GNU GPL - Copyright helps Copyleft +The GNU GPL Revisited + +Revisiting the GNU General Public License + + Regulates distribution of copyrighted code, not usage + Allows distribution of source code and modified source code + Allows distribution of binaries or modified binaries, if + The license itself is mentioned + A copy of the license accompanies every copy + The complete source code is either + included with the copy + made available to any 3rd party + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GNU GPL - Copyright helps Copyleft +Complete Source Code + +%size 3 +"... complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable." + + Our interpretation of this is: + Source Code + Makefiles + Tools for generating the firmware binary from the source + (even if they are technically no 'scripts') + General Rule: + Intent of License is to enable user to run modified versions of the program. They need to be enabled to do so. + Result: Signing binaries and only accepting signed versions without providing a signature key is not acceptable! + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GNU GPL - Copyright helps Copyleft +Derivative Works + + What is a derivative work? + Not dependent on any particular kind of technology (static/dynamic linking, dlopen, whatever) + Even while the modification can itself be a copyrightable work, the combination with GPL-licensed code is subject to GPL. + No precendent in Germany so far + As soon as code is written for a specific non-standard API (such as the iptables plugin API), there is significant indication for a derivative work + This position has been successfully enforced out-of-court with two Vendors so far (iptables modules/plugins). + Result + Position of my lawyers (apparently also of IBM lawyers): + In-kernel proprietary code (binary kernel modules) are not compliant + Case-by-case analysis required, especially when drivers/filesystems are ported from other OS's. + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GNU GPL - Copyright helps Copyleft +Confusion about the GPL + +%size 4 +Unfortunately, the wide misconception about copyright, free software, public domain (even the RedHat CEO!) leads to people unknowingly, or even wilfully only benefit from the freedom but not fulfill the obligations of the GPL. + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GNU GPL - Copyright helps Copyleft +Enforcing the GNU GPL + +Enforcing the GPL + GPL violations are nothing new, as GPL licensed software is nothing new. + However, the recent Linux boom + The FSF enforces GPL violations of code on which they hold the copyright + silently, without public notice + in lengthy negotiations + During 2003 the "Linksys" case drew a lot of attention + Linksys was selling 802.11 WLAN Acces Ponts / Routers + Lots of GPL licensed software embedded in the device (included Linux, uClibc, busybox, iptables, ...) + FSF led alliance took the 'qiet' approach and it took about four months until the full source code was released + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GNU GPL - Copyright helps Copyleft +Enforcing the GNU GPL + + The Linksys case + Some developers didn't agree with this approach + not enough publicity + violators don't loose anything by first not complying and wait for the FSF + four months delay is too much for low product lifecycles in WLAN world + So the netfilter/iptables project started to do their own enforcement in more cases coming up + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GNU GPL - Copyright helps Copyleft +Enforcing the GNU GPL + +Enforcing the GPL + chronological order + reverse engineering of firmware images + sending the infringing organization a warning notice + wait for them to sign a statement to cease and desist + applying for a preliminary injunction if they don't (max 4 weeks after reverse engineering) + + Success so far + amicable agreement with Asus, Belkin, Allnet, Fujitsu-Siemens, Siemens, Securepoint, U.S. Robotics, ... + some of which made significant donations to charitable organizations of the free software community + preliminary injunction against Sitecom, Sitecom also lost appeals case + more settled cases (not public yet) + negotiating in more cases + public awareness + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GNU GPL - Copyright helps Copyleft +Enforcing the GNU GPL + +Enforcing the GPL + remains an important issue for Free Software + will start to happen within the court + has to be made public in order to raise awareness + +Problems + only the copyright holder (in most cases the author) can do it + users discovering GPL'd software need to communicate those issues to all copyright holders + + The http://www.gpl-violations.org/ project was started + as a platform wher users can report alleged violations + to verify those violations and inform all copyright holders + to inform the public about ongoing enforcement efforts + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GPL enforcement report +Cases so far + +Cases so far + Allnet GmbH + Siemens AG + Fujitsu-Siemens Computers GmbH + Axis A.B. + Securepoint GmbH + U.S.Robotics Germany GmbH + undisclosed large vendor + Belkin Compnents GmbH + Asus GmbH + Gateprotect GmbH + Sitecom GmbH + TomTom B.V. + Gigabyte Technologies GmbH + D-Link GmbH + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GNU GPL - Copyright helps Copyleft +Make later enforcement easy + + Practical rules for proof by reverse engineering + Don't fix typos in error messages and symbol names + Leave obscure error messages like 'Rusty needs more caffeine' + Make binary contain string of copyright message, not only source + Practical rules for potential damages claims + Use revision control system + Document source of each copyrightable contribution + Name+Email address in CVS commit message + Consider something like FSFE FLA (Fiduciary License Agreement) + Make sure that employers are fine with contributions of their employees + If you find out about violation + Don't make it public (has to be new/urgent for injunctive relief) + Contact lawyer immediately to send wanrning notice + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GNU GPL - Copyright helps Copyleft +Thanks + + Thanks to + Alan Cox, Alexey Kuznetsov, David Miller, Andi Kleen + for implementing (one of?) the world's best TCP/IP stacks + Paul 'Rusty' Russell + for starting the netfilter/iptables project + for trusting me to maintain it today + Astaro AG + for sponsoring parts of my netfilter work + Free Software Foundation + for the GNU Project + for the GNU General Public License +%size 3 + http://gpl-violations.org/ +%size 3 + http://gnumonks.org/ +%size 3 + http://www.netfilter.org/ + diff --git a/2005/gpl-enforcement-lsm2005/biography b/2005/gpl-enforcement-lsm2005/biography new file mode 100644 index 0000000..22438a2 --- /dev/null +++ b/2005/gpl-enforcement-lsm2005/biography @@ -0,0 +1,24 @@ + Harald Welte is the chairman of the netfilter/iptables core team. + + His main interest in computing has always been networking. In the few time +left besides netfilter/iptables related work, he's writing obscure documents +like the UUCP over SSL HOWTO. Other kernel-related projects he has been +contributing are user mode linux, the international (crypto) kernel patch, device drivers and the neighbour cache. + + He has been working as an independent IT Consultant working on projects for +various companies ranging from banks to manufacturers of networking gear. +During the year 2001 he was living in Curitiba (Brazil), where he got +sponsored for his Linux related work by Conectiva Inc. + + Starting with February 2002, Harald has been contracted part-time by +<a href="http://www.astaro.com/">Astaro AG</a>, who are sponsoring him for his +current netfilter/iptables work. + + Aside from the Astaro sponsoring, he continues to work as a freelancing +kernel developer and network security consultant. + + He licenses his software under the terms of the GNU GPL. He is determined to bring all users, distributors, value added resellers and vendors of netfilter/iptables based products in full compliance with the GPL, even if it includes raising legal charges. + + Harald is living in Berlin, Germany. + + diff --git a/2005/gpl-enforcement-lsm2005/extended-abstract b/2005/gpl-enforcement-lsm2005/extended-abstract new file mode 100644 index 0000000..3b5874b --- /dev/null +++ b/2005/gpl-enforcement-lsm2005/extended-abstract @@ -0,0 +1,29 @@ +Enforcing the GNU GPL - Copyright helps Copyleft + +More and more vendors of various computing devices, especially network-related +appliances such as Routers, NAT-Gateways and 802.11 Access Points are using +Linux and other GPL licensed free software in their products. + +While the Linux community can look at this as a big success, there is a back +side of that coin: A large number of those vendors have no idea about the GPL +license terms, and as a result do not fulfill their obligations under the GPL. + +The netfilter/iptables project has started legal proceedngs against a number of +companies in violation of the GPL since December 2003. Those legal proceedings +were quite successful so far, resulting in twelve amicable agreements and one +granted preliminary injunction. The list of companies includes large +corporations such as Siemens, Asus and Belkin. + +The speaker will present an overview about his recent successful enforcement of +the GNU GPL within German jurisdiction. + +He will go on speaking about what exactly is neccessarry to fully comply with +the GPL, including his legal position on corner cases such as cryptographic +signing. + +Resulting from his experience in dealing with the german legal system, he will +give some hints to software authors about what they can do in order to make +eventual later license enforcement easier. + +In the end, it seems like the idea of the founding fathers of the GNU GPL +works: Guaranteeing Copyleft by using Copyright. diff --git a/2005/gpl-enforcement-lsm2005/gpl-enforcement-lsm2005.mgp b/2005/gpl-enforcement-lsm2005/gpl-enforcement-lsm2005.mgp new file mode 100644 index 0000000..88f65fb --- /dev/null +++ b/2005/gpl-enforcement-lsm2005/gpl-enforcement-lsm2005.mgp @@ -0,0 +1,451 @@ +%include "default.mgp" +%default 1 bgrad +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +%nodefault +%back "blue" + +%center +%size 7 +LSM/RMLL 2005 + +Enforcing the GNU GPL +Copyright helps Copyleft + +%center +%size 4 +by + +Harald Welte <laforge@gpl-violations.org> + + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GNU GPL - Copyright helps Copyleft +Contents + + About the speaker + The GNU GPL Revisited + GPL Violations + Past GPL Enforcement + Typical case timeline + Success so far + What we've learned + Problems encountered + Future outlook + Thanks + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GNU GPL - Copyright helps Copyleft +Introduction + + +Who is speaking to you? + an independent Free Software developer + who earns his living off Free Software since 1997 + who is one of the authors of the Linux kernel firewall system called netfilter/iptables + who IS NOT A LAWYER, although this presentation is the result of dealing almost a year with lawyers on the subject of the GPL + +Why is he speaking to you? + he thinks there is too much confusion about copyright and free software licenses. Even Red Hat CEO Matt Szulik stated in an interview that RedHat puts investments into 'public domain' :( + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GNU GPL - Copyright helps Copyleft +Disclaimer + +Legal Disclaimer + + All information presented here is provided on an as-is basis + There is no warranty for correctness of legal information + The author is not a lawyer + This does not comprise legal advise + The authors' experience is limited to German copyright law + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +The GNU GPL Revisited +What is copyrightable? + + The GNU GPL is a copyright license, and thus only covers copyrighted works + Not everything is copyrightable (German: Schoepfungshoehe) + Small bugfixes are not copyrightable (similar to typo-fixes in a book) + As soon as the programmer has a choice in the implementation, there is significant indication of a copyrightable work + Choice in algorithm, not in formal representation + Apparently, the level for copyrightable works is relatively low + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +The GNU GPL Revisited +Terminology + + Public Domain + concept where copyright holder abandons all rights + same legal status as works where author has died 70 years ago (German: Gemeinfreie Werke) + Freeware + object code, free of cost. No source code + Shareware + proprietary "Try and Buy" model for object code. + Cardware/Beerware/... + Freeware that encourages users to send payment in kind + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +The GNU GPL Revisited +Terminology + + Free Software + source code freely distributed + must allow redistribution, modification, non-discriminatory use + mostly defined by Free Software Foundation + Open Source + source code freely distributed + must allow redistribution, modification, non-discriminatory use + defined in the "Open Source Definition" by OSI + + The rest of this document will refer to Free and Open Source Software as FOSS. + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +The GNU GPL Revisited +The GNU GPL Revisited + +Revisiting the GNU General Public License + + Regulates distribution of copyrighted code, not usage + Allows distribution of source code and modified source code + The license itself is mentioned + A copy of the license accompanies every copy + Allows distribution of binaries or modified binaries, if + The license itself is mentioned + A copy of the license accompanies every copy + The complete source code is either included with the copy (alternatively a written offer to send the source code on request to any 3rd party) + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +The GNU GPL Revisited +Complete Source Code + +%size 3 +"... complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable." + Our interpretation of this is: + Source Code + Makefiles + Tools for generating the firmware binary from the source + (even if they are technically no 'scripts') + General Rule: + Intent of License is to enable user to run modified versions of the program. They need to be enabled to do so. + Result: Signing binaries and only accepting signed versions without providing a signature key is not acceptable! + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +The GNU GPL Revisited +Derivative Works + + What is a derivative work? + Not dependent on any particular kind of technology (static/dynamic linking, dlopen, whatever) + Even while the modification can itself be a copyrightable work, the combination with GPL-licensed code is subject to GPL. + No precendent in Germany so far + As soon as code is written for a specific non-standard API (such as the iptables plugin API), there is significant indication for a derivative work + This position has been successfully enforced out-of-court with two Vendors so far (iptables modules/plugins). + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +The GNU GPL Revisited +Derivative Works + + My legal position: + In-kernel proprietary code (binary kernel modules) are hard to claim GPL compliant + Case-by-case analysis required, especially when drivers/filesystems are ported from other OS's. + Sources within IBM told me that they now have a general policy to not ship any binary-only kernel modules to their customers, apart from very few cases where it is clearly no derivative work. + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +The GNU GPL Revisited +Collected Works + +%size 3 +"... it is not the intent .. to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works ..." +%size 3 +"... mere aggregation of another work ... with the program on a volume of a storage or distribution medium does not bring the other work und the scope of this license" + + GPL allows "mere aggregation" + like a general-porpose GNU/Linux distribution (SuSE, Red Hat, ...) + + GPL restricts "collective works" + grey area + important: actual form of distribution (as seperate works or not) + no precendent so far + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +The GNU GPL Revisited +Non-Public modifications + + Non-Public modifications + A common misconception is that if you develop code within a corporation, and the code never leaves this corporation, you don't have to ship the source code. + However, at least German law would count every distribution beyound a number of close colleague as distribution. + Therefore, if you don't go for '3a' and include the source code together with the binary, you have to distribute the source code to any third party. + Also, as soon as you hand code between two companies, or between a company and a consultant, the code has been distributed. + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +The GNU GPL Revisited +GPL Violations + + When do I violate the license + when one ore more of the obligations are not fulfilled + + What risk do I take if I violate the license? + the GPL automatically revokes any usage right + any copyright holder can obtain a preliminary injunction banning distribution of the infringing product + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GNU GPL - Copyright helps Copyleft +Past GPL enforcement + +Past GPL enforcement + + GPL violations are nothing new, as GPL licensed software is nothing new. + However, the recent GNU/Linux hype made GPL licensed software used more often + The FSF enforces GPL violations of code on which they hold the copyright + silently, without public notice + in lengthy negotiations + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GNU GPL - Copyright helps Copyleft +The Linksys case + + + During 2003 the "Linksys" case drew a lot of attention + Linksys was selling 802.11 WLAN Acces Ponts / Routers + Lots of GPL licensed software embedded in the device (included Linux, uClibc, busybox, iptables, ...) + FSF led alliance took the usual "quiet" approach + Linksys bought itself a lot of time + Some source code was released two months later + About four months later, full GPL compliance was achieved + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GNU GPL - Copyright helps Copyleft +The Linksys case + + Some developers didn't agree with this approach + not enough publicity + violators don't loose anything by first not complying and wait for the FSF + four months delay is too much for low product lifecycles in WLAN world + The netfilter/iptables project started to do their own enforcement in more cases that were coming up + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GNU GPL - Copyright helps Copyleft +Enforcement case timeline + + In chronological order + some user sends us a note he found our code somewhere + reverse engineering of firmware images + test purchase to verify device ships gpl-incompliant + sending the infringing organization a warning notice + wait for them to sign a statement to cease and desist + if no statement is signed + contract technical expert to do a study + apply for a preliminary injunction + if statement was signed + try to work out the details + grace period for boxes in stock possible + try to indicate that a donation would be good PR + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GNU GPL - Copyright helps Copyleft +Sucess so far + + Success so far + amicable agreements with a number (35+) of companies + sdome of which made significant donations to charitable organizations of the free software community + preliminary injunction against Sitecom, Sitecom also lost appeals case + court decision of munich district court in Sitecom appeals case + three more preliminary injunctions (Siemens, iRiver, ...) + more settled cases (not public yet) + negotiating in more cases + public awareness + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GNU GPL - Copyright helps Copyleft +Cases so far (1/3) + + + Allnet GmbH + Siemens AG + Fujitsu-Siemens Computers GmbH + Axis A.B. + Securepoint GmbH + U.S.Robotics Germany GmbH + Netgear GmbH + Belkin Compnents GmbH + Asus GmbH + Gateprotect GmbH + Sitecom GmbH / B.V. + TomTom B.V. + Gigabyte Technologies GmbH + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GNU GPL - Copyright helps Copyleft +Cases so far (2/3) + + + Sun Deutschland GmbH + Open-E GmbH + Siemens AG (second case) + Deutsche Telekom AG + Hitachi Inc. + Tecom Inc. + ARP Datacon GmbH + Conceptronic B.V. + D-Link GmbH + Adaptec Deutschland GmbH + Belkin Compnents GmbH (second case) + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GNU GPL - Copyright helps Copyleft +Cases so far (3/3) + + + Siemens AG (third case) + TARGA GmbH + Medion AG + naviflash GmbH + Maxtor Inc. + Cisco Deutschland GmbH + Fortinet + naviflash GmbH + iRiver Europe GmbH + Cisco Deutschland GmbH (second case) + Acer Deutschland GmbH + + some more not public yet + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GNU GPL - Copyright helps Copyleft +What we've learned + + + Copyleft-style licenses can be enforced! + A lot of companies don't take Free Software licenses seriously + Even corporations with large legal departments who should know + Reasons unclear, probably the financial risk of infringement was considered less than the expected gains + The FUD spread about "GPL not holding up in court" has disappeared + + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GNU GPL - Copyright helps Copyleft +Future GPL Enforcement + + + GPL Enforcement + remains an important issue for Free Software + will start to happen within the court more often + has to be made public in order to raise awareness + will probably happen within some form of organization + talks have started with the FSF Europe + + What about Copylefted Content (Creative Commons) + probably just a matter of time until CC-licensed works of art are infringed + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GNU GPL - Copyright helps Copyleft +Problems of GPL Enforcement + + Problems + distributed copyright + is an important safeguard + can make enforcement difficult, since copyright traditionally doesn't know cases with thousands of copyright holders + distribution of damages extremely difficult + the legal issue of having to do reverse engineering in order to prove copyright infringement(!) + only the copyright holder (in most cases the author) can do it + users discovering GPL'd software need to communicate those issues to all entitled parties (copyright holders) + infringers obfuscating and/or encrypting fres software as disguise + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GNU GPL - Copyright helps Copyleft +gpl-violations.org + + The http://www.gpl-violations.org/ project was started ~ 1 year ago + as a platform wher users can report alleged violations + to verify those violations and inform all copyright holders + to inform the public about ongoing enforcement efforts + + At the moment, project is only backed by the author + more volunteers needed to investigate all cases + something like 170 reported (alleged) violations up to day + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GNU GPL - Copyright helps Copyleft +Make later enforcement easy + + Practical rules for proof by reverse engineering + Don't fix typos in error messages and symbol names + Leave obscure error messages like 'Rusty needs more caffeine' + Make binary contain string of copyright message, not only source + Practical rules for potential damages claims + Use revision control system + Document source of each copyrightable contribution + Name+Email address in CVS commit message + Consider something like FSFE FLA (Fiduciary License Agreement) + Make sure that employers are fine with contributions of their employees + If you find out about violation + Don't make it public (has to be new/urgent for injunctive relief) + Contact lawyer immediately to send wanrning notice + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GNU GPL - Copyright helps Copyleft +Thanks + + Thanks to + KNF + for first bringing me in contact with linux in 1994 + Astaro AG + for sponsoring most of my netfilter work + Free Software Foundation + for the GNU Project + for the GNU General Public License + Dr. Till Jaeger + for handling my legal cases + Intranet Engineering + for doing expert witness reports + +%size 3 + The slides of this presentation are available at http://www.gnumonks.org/ + + Further reading: +%size 3 + The http://gpl-violations.org/ project +%size 3 + The Free Software foundation http://www.fsf.org/, http://www.fsf-europe.org/ +%size 3 + The GNU Project http://www.gnu.org/ +%size 3 + The netfilter homepage http://www.netfilter.org/ +%% http://management.itmanagersjournal.com/management/04/05/31/1733229.shtml?tid=85&tid=4 + + diff --git a/2005/gpl-enforcement-lsm2005/short-abstract b/2005/gpl-enforcement-lsm2005/short-abstract new file mode 100644 index 0000000..e0aa9b4 --- /dev/null +++ b/2005/gpl-enforcement-lsm2005/short-abstract @@ -0,0 +1,4 @@ +Linux is used more and more, especially in the embedded market. Unfortunately, +a number of vendors do not comply with the GNU GPL. The author has enforced +the GPL numerous times in and out of court, and will talk about his experience. + diff --git a/2005/gpl-enforcement-nfws2005/biography b/2005/gpl-enforcement-nfws2005/biography new file mode 100644 index 0000000..033e727 --- /dev/null +++ b/2005/gpl-enforcement-nfws2005/biography @@ -0,0 +1,21 @@ + Harald Welte ist der Leiter des Netfilter Core Team und is massgeblich an der Entwicklung und Pflege des Paketfilters netfilter/iptables beteiligt. + + Sein Augenmerk innerhalb der Computerwelt lag schon immer auf der +Netzwerktechnik. So ist z.B. der Grund sich 1994 mit Linux zu beschaeftigen +aus der Aufgabe entstanden, ein UUCP<->ZConnect<->FIDO gateway aufzusetzen. + + In der wenigen Zeit, die ihm heute neben netfilter/iptables bleibt, schreibt er eigenartige Dokumente wie das UUCP-over-SSL-HOWTO. + + Seit 1997 ist er als unabhaengiger IT-Consultant und -Entwickler in +zahlreichen Projekten fuer die unterschiedlichsten Firmen (von Banken bis zu +Computerhardware-Herstellern) taetig. + + Im Jahr 2001 folgte er einem Angebot, fuer den Brasilianischen +Linux-Distributor in Curitiba (Brasilien) zu arbeiten. + + Seit Februar 2002 wird seine Arbeit am netfilter/iptables-Projekt durch ein +Sponsoring der Fa. Astaro AG unterstuetzt. Neben diesem Sponsoring arbeitet +er nach wie vor als freiberuflicher Berater und Entwickler. + + Harald lebt seit November 2002 in Berlin. + diff --git a/2005/gpl-enforcement-nfws2005/extended-abstract b/2005/gpl-enforcement-nfws2005/extended-abstract new file mode 100644 index 0000000..2b56765 --- /dev/null +++ b/2005/gpl-enforcement-nfws2005/extended-abstract @@ -0,0 +1,13 @@ +Immer mehr Firmen setzen Linux und andere GPL-Lizensierte Software in Ihren Produkten ein, insbesondere im Bereich der Network Appliances wie Router, NAT-Gateways und 802.11 Access Points. + +Einerseits darf man dies als grossen Erfolg fuer Freie Software weten. Andererseits gibt es eben leider auch eine Schattenseite: Nicht wenige dieser Firmen kuemmern sich nicht oder nicht hinreichend um die GPL Lizenzbedingungen. + +Das netfilter/iptables Projekt hat sich deshalb zur Aufgabe gemacht, die vollstaendige Erfuellung der GPL-Lizenzbedingungen von den betreffenden Firmen in allen bekannten Faellen einzufordern, notfalls auch gerichtlich. + +Diese Bemuehungen laufen nun seit Dezember 2003 - mit ausnahmslosem Erfolg. Das Ergebnis sind mehr als 20 aussergerichtliche Vergleiche, und eine Einstweilige Verfuegung, welche auch das Widerspruchsverfahren ueberstanden hat. + +Die Liste der betroffenen Firmen beinhaltet nahezu ausschliesslich bekannte Namen wie Siemens, Asus, Belkin. + +Der Autor wird einen Ueberblick ueber diese erfolgreiche GPL-Durchsetzung innerhalb des Deutschen Rechtsraums geben. Weiterhin wird er darueber sprechen, welche genauen Bedingungen erfuellt werden muessen, um den Softwarevertrieb GPL-konform zu gestalten. + +Darueberhinaus moechte er einige Empfehlungen an Autoren Freier Software geben, wie diese schon im Vorfeld einer moeglichen spaetere Durchsetzung ihrer Rechte durch konkrete Massnahmen waehrend der Entwicklung helfen koennen. diff --git a/2005/gpl-enforcement-nfws2005/gpl-enforcement-clt2005.mgp b/2005/gpl-enforcement-nfws2005/gpl-enforcement-clt2005.mgp new file mode 100644 index 0000000..191e3ed --- /dev/null +++ b/2005/gpl-enforcement-nfws2005/gpl-enforcement-clt2005.mgp @@ -0,0 +1,287 @@ +%include "default.mgp" +%default 1 bgrad +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +%nodefault +%back "blue" + +%center +%size 7 +reboot 7 + +Enforcing the GNU GPL +Copyright helps Copyleft + + +%center +%size 4 +by + +Harald Welte <laforge@gnumonks.org> + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GNU GPL - Copyright helps Copyleft +Contents + + + Introduction + + The GNU GPL Revisited + Motivations for licensing under the GPL + Enforcing the GNU GPL + + Thanks + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GNU GPL - Copyright helps Copyleft +Introduction + +Who is speaking to you? + an independent Free Software developer + who earns his living off Free Software since 1997 + who is one of the authors of the linux kernel firewall system called netfilter/iptables + who IS NOT A LAWYER, although this presentation is the result of dealing six months with lawyers on the GPL + +Why is he speaking to you? + because he became aware of copyright (copyleft?) infringement and took legal action within German jurisdiction + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GNU GPL - Copyright helps Copyleft +Disclaimer + +Legal Disclaimer + + All information presented here is provided on an as-is basis + There is no warranty for correctness of legal information + The author is not a lawyer + This does not comprise legal advise + The authors' experience is limited to German copyright law + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GNU GPL - Copyright helps Copyleft +Ideas and Goals of the GNU GPL + + Free Software + Software that has fundamental freedoms: + to use it for any purpose + to "help your neighbour" (i.e. make copies) + to study it's functionality (reading source code) + to fix it myself (make modifications and run them) + + Copyleft + Is the legal idea to + exercising copyright to grant the above freedoms + assure that nobody can take away the freedom + + The GNU General Public License + Is a legal instrument to apply they copyleft idea on software + + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GNU GPL - Copyright helps Copyleft +What is copyrightable? + + The GNU GPL is a copyright license, and thus only covers copyrighted code + Not everything is copyrightable (German: Schoepfungshoehe) + Small bugfixes are not copyrightable (similar to typo-fixes in a book) + As soon as the programmer has a choice in the implementation, there is significant indication of a copyrightable work + Choice in algorithm, not in formal representation. + Apparently, the level for copyrightable works is relatively low. + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GNU GPL - Copyright helps Copyleft +The GNU GPL Revisited + +Revisiting the GNU General Public License + + Regulates distribution of copyrighted code, not usage + Allows distribution of source code and modified source code + Allows distribution of binaries or modified binaries, if + The license itself is mentioned + A copy of the license accompanies every copy + The complete source code is either + included with the copy + made available to any 3rd party + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GNU GPL - Copyright helps Copyleft +Complete Source Code + +%size 3 +"... complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable." + + Our interpretation of this is: + Source Code + Makefiles + Tools for generating the firmware binary from the source + (even if they are technically no 'scripts') + General Rule: + Intent of License is to enable user to run modified versions of the program. They need to be enabled to do so. + Result: Signing binaries and only accepting signed versions without providing a signature key is not acceptable! + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GNU GPL - Copyright helps Copyleft +Derivative Works + + What is a derivative work? + Not dependent on any particular kind of technology (static/dynamic linking, dlopen, whatever) + Even while the modification can itself be a copyrightable work, the combination with GPL-licensed code is subject to GPL. + No precendent in Germany so far + As soon as code is written for a specific non-standard API (such as the iptables plugin API), there is significant indication for a derivative work + This position has been successfully enforced out-of-court with two Vendors so far (iptables modules/plugins). + Result + Position of my lawyers (apparently also of IBM lawyers): + In-kernel proprietary code (binary kernel modules) are not compliant + Case-by-case analysis required, especially when drivers/filesystems are ported from other OS's. + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GNU GPL - Copyright helps Copyleft +Confusion about the GPL + +%size 4 +Unfortunately, the wide misconception about copyright, free software, public domain (even the RedHat CEO!) leads to people unknowingly, or even wilfully only benefit from the freedom but not fulfill the obligations of the GPL. + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GNU GPL - Copyright helps Copyleft +Enforcing the GNU GPL + +Enforcing the GPL + GPL violations are nothing new, as GPL licensed software is nothing new. + However, the recent Linux boom + The FSF enforces GPL violations of code on which they hold the copyright + silently, without public notice + in lengthy negotiations + During 2003 the "Linksys" case drew a lot of attention + Linksys was selling 802.11 WLAN Acces Ponts / Routers + Lots of GPL licensed software embedded in the device (included Linux, uClibc, busybox, iptables, ...) + FSF led alliance took the 'qiet' approach and it took about four months until the full source code was released + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GNU GPL - Copyright helps Copyleft +Enforcing the GNU GPL + + The Linksys case + Some developers didn't agree with this approach + not enough publicity + violators don't loose anything by first not complying and wait for the FSF + four months delay is too much for low product lifecycles in WLAN world + So the netfilter/iptables project started to do their own enforcement in more cases coming up + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GNU GPL - Copyright helps Copyleft +Enforcing the GNU GPL + +Enforcing the GPL + chronological order + reverse engineering of firmware images + sending the infringing organization a warning notice + wait for them to sign a statement to cease and desist + applying for a preliminary injunction if they don't (max 4 weeks after reverse engineering) + + Success so far + amicable agreement with Asus, Belkin, Allnet, Fujitsu-Siemens, Siemens, Securepoint, U.S. Robotics, ... + some of which made significant donations to charitable organizations of the free software community + preliminary injunction against Sitecom, Sitecom also lost appeals case + more settled cases (not public yet) + negotiating in more cases + public awareness + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GNU GPL - Copyright helps Copyleft +Enforcing the GNU GPL + +Enforcing the GPL + remains an important issue for Free Software + will start to happen within the court + has to be made public in order to raise awareness + +Problems + only the copyright holder (in most cases the author) can do it + users discovering GPL'd software need to communicate those issues to all copyright holders + + The http://www.gpl-violations.org/ project was started + as a platform wher users can report alleged violations + to verify those violations and inform all copyright holders + to inform the public about ongoing enforcement efforts + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GPL enforcement report +Cases so far + +Cases so far + Allnet GmbH + Siemens AG + Fujitsu-Siemens Computers GmbH + Axis A.B. + Securepoint GmbH + U.S.Robotics Germany GmbH + undisclosed large vendor + Belkin Compnents GmbH + Asus GmbH + Gateprotect GmbH + Sitecom GmbH + TomTom B.V. + Gigabyte Technologies GmbH + D-Link GmbH + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GNU GPL - Copyright helps Copyleft +Make later enforcement easy + + Practical rules for proof by reverse engineering + Don't fix typos in error messages and symbol names + Leave obscure error messages like 'Rusty needs more caffeine' + Make binary contain string of copyright message, not only source + Practical rules for potential damages claims + Use revision control system + Document source of each copyrightable contribution + Name+Email address in CVS commit message + Consider something like FSFE FLA (Fiduciary License Agreement) + Make sure that employers are fine with contributions of their employees + If you find out about violation + Don't make it public (has to be new/urgent for injunctive relief) + Contact lawyer immediately to send wanrning notice + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GNU GPL - Copyright helps Copyleft +Thanks + + Thanks to + Alan Cox, Alexey Kuznetsov, David Miller, Andi Kleen + for implementing (one of?) the world's best TCP/IP stacks + Paul 'Rusty' Russell + for starting the netfilter/iptables project + for trusting me to maintain it today + Astaro AG + for sponsoring parts of my netfilter work + Free Software Foundation + for the GNU Project + for the GNU General Public License +%size 3 + http://gpl-violations.org/ +%size 3 + http://gnumonks.org/ +%size 3 + http://www.netfilter.org/ + diff --git a/2005/gpl-enforcement-reboot2005/biography b/2005/gpl-enforcement-reboot2005/biography new file mode 100644 index 0000000..22438a2 --- /dev/null +++ b/2005/gpl-enforcement-reboot2005/biography @@ -0,0 +1,24 @@ + Harald Welte is the chairman of the netfilter/iptables core team. + + His main interest in computing has always been networking. In the few time +left besides netfilter/iptables related work, he's writing obscure documents +like the UUCP over SSL HOWTO. Other kernel-related projects he has been +contributing are user mode linux, the international (crypto) kernel patch, device drivers and the neighbour cache. + + He has been working as an independent IT Consultant working on projects for +various companies ranging from banks to manufacturers of networking gear. +During the year 2001 he was living in Curitiba (Brazil), where he got +sponsored for his Linux related work by Conectiva Inc. + + Starting with February 2002, Harald has been contracted part-time by +<a href="http://www.astaro.com/">Astaro AG</a>, who are sponsoring him for his +current netfilter/iptables work. + + Aside from the Astaro sponsoring, he continues to work as a freelancing +kernel developer and network security consultant. + + He licenses his software under the terms of the GNU GPL. He is determined to bring all users, distributors, value added resellers and vendors of netfilter/iptables based products in full compliance with the GPL, even if it includes raising legal charges. + + Harald is living in Berlin, Germany. + + diff --git a/2005/gpl-enforcement-reboot2005/extended-abstract b/2005/gpl-enforcement-reboot2005/extended-abstract new file mode 100644 index 0000000..3b5874b --- /dev/null +++ b/2005/gpl-enforcement-reboot2005/extended-abstract @@ -0,0 +1,29 @@ +Enforcing the GNU GPL - Copyright helps Copyleft + +More and more vendors of various computing devices, especially network-related +appliances such as Routers, NAT-Gateways and 802.11 Access Points are using +Linux and other GPL licensed free software in their products. + +While the Linux community can look at this as a big success, there is a back +side of that coin: A large number of those vendors have no idea about the GPL +license terms, and as a result do not fulfill their obligations under the GPL. + +The netfilter/iptables project has started legal proceedngs against a number of +companies in violation of the GPL since December 2003. Those legal proceedings +were quite successful so far, resulting in twelve amicable agreements and one +granted preliminary injunction. The list of companies includes large +corporations such as Siemens, Asus and Belkin. + +The speaker will present an overview about his recent successful enforcement of +the GNU GPL within German jurisdiction. + +He will go on speaking about what exactly is neccessarry to fully comply with +the GPL, including his legal position on corner cases such as cryptographic +signing. + +Resulting from his experience in dealing with the german legal system, he will +give some hints to software authors about what they can do in order to make +eventual later license enforcement easier. + +In the end, it seems like the idea of the founding fathers of the GNU GPL +works: Guaranteeing Copyleft by using Copyright. diff --git a/2005/gpl-enforcement-reboot2005/gpl-enforcement-reboot2005.mgp b/2005/gpl-enforcement-reboot2005/gpl-enforcement-reboot2005.mgp new file mode 100644 index 0000000..e18348f --- /dev/null +++ b/2005/gpl-enforcement-reboot2005/gpl-enforcement-reboot2005.mgp @@ -0,0 +1,473 @@ +%include "default.mgp" +%default 1 bgrad +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +%nodefault +%back "blue" + +%center +%size 7 +reboot 7 + +Enforcing the GNU GPL +Copyright helps Copyleft + + +%center +%size 4 +by + +Harald Welte <laforge@gnumonks.org> + + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GNU GPL - Copyright helps Copyleft +Contents + + About the speaker + The GNU GPL Revisited + GPL Violations + Past GPL Enforcement + Typical case timeline + Success so far + What we've learned + Problems encountered + Future outlook + Thanks + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GNU GPL - Copyright helps Copyleft +Introduction + + +Who is speaking to you? + an independent Free Software developer + who earns his living off Free Software since 1997 + who is one of the authors of the Linux kernel firewall system called netfilter/iptables + who IS NOT A LAWYER, although this presentation is the result of dealing almost a year with lawyers on the subject of the GPL + +Why is he speaking to you? + he thinks there is too much confusion about copyright and free software licenses. Even Red Hat CEO Matt Szulik stated in an interview that RedHat puts investments into 'public domain' :( + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GNU GPL - Copyright helps Copyleft +Disclaimer + +Legal Disclaimer + + All information presented here is provided on an as-is basis + There is no warranty for correctness of legal information + The author is not a lawyer + This does not comprise legal advise + The authors' experience is limited to German copyright law + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GNU GPL - Copyright helps Copyleft +Ideas and Goals of the GNU GPL + + Free Software + Software that has fundamental freedoms: + to use it for any purpose + to "help your neighbour" (i.e. make copies) + to study it's functionality (reading source code) + to fix it myself (make modifications and run them) + + Copyleft + Is the legal idea to + exercising copyright to grant the above freedoms + assure that nobody can take away the freedom + + The GNU General Public License + Is a legal instrument to apply they copyleft idea on software + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +The GNU GPL Revisited +What is copyrightable? + + The GNU GPL is a copyright license, and thus only covers copyrighted works + Not everything is copyrightable (German: Schoepfungshoehe) + Small bugfixes are not copyrightable (similar to typo-fixes in a book) + As soon as the programmer has a choice in the implementation, there is significant indication of a copyrightable work + Choice in algorithm, not in formal representation + Apparently, the level for copyrightable works is relatively low + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +The GNU GPL Revisited +Terminology + + Public Domain + concept where copyright holder abandons all rights + same legal status as works where author has died 70 years ago (German: Gemeinfreie Werke) + Freeware + object code, free of cost. No source code + Shareware + proprietary "Try and Buy" model for object code. + Cardware/Beerware/... + Freeware that encourages users to send payment in kind + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +The GNU GPL Revisited +Terminology + + Free Software + source code freely distributed + must allow redistribution, modification, non-discriminatory use + mostly defined by Free Software Foundation + Open Source + source code freely distributed + must allow redistribution, modification, non-discriminatory use + defined in the "Open Source Definition" by OSI + + The rest of this document will refer to Free and Open Source Software as FOSS. + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +The GNU GPL Revisited +The GNU GPL Revisited + +Revisiting the GNU General Public License + + Regulates distribution of copyrighted code, not usage + Allows distribution of source code and modified source code + The license itself is mentioned + A copy of the license accompanies every copy + Allows distribution of binaries or modified binaries, if + The license itself is mentioned + A copy of the license accompanies every copy + The complete source code is either included with the copy (alternatively a written offer to send the source code on request to any 3rd party) + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +The GNU GPL Revisited +Complete Source Code + +%size 3 +"... complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable." + Our interpretation of this is: + Source Code + Makefiles + Tools for generating the firmware binary from the source + (even if they are technically no 'scripts') + General Rule: + Intent of License is to enable user to run modified versions of the program. They need to be enabled to do so. + Result: Signing binaries and only accepting signed versions without providing a signature key is not acceptable! + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +The GNU GPL Revisited +Derivative Works + + What is a derivative work? + Not dependent on any particular kind of technology (static/dynamic linking, dlopen, whatever) + Even while the modification can itself be a copyrightable work, the combination with GPL-licensed code is subject to GPL. + No precendent in Germany so far + As soon as code is written for a specific non-standard API (such as the iptables plugin API), there is significant indication for a derivative work + This position has been successfully enforced out-of-court with two Vendors so far (iptables modules/plugins). + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +The GNU GPL Revisited +Derivative Works + + Position of my lawyer: + In-kernel proprietary code (binary kernel modules) are hard to claim GPL compliant + Case-by-case analysis required, especially when drivers/filesystems are ported from other OS's. + Sources within IBM told me that they now have a general policy to not ship any binary-only kernel modules to their customers, apart from very few cases where it is clearly no derivative work. + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +The GNU GPL Revisited +Collected Works + +%size 3 +"... it is not the intent .. to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works ..." +%size 3 +"... mere aggregation of another work ... with the program on a volume of a storage or distribution medium does not bring the other work und the scope of this license" + + GPL allows "mere aggregation" + like a general-porpose GNU/Linux distribution (SuSE, Red Hat, ...) + + GPL restricts "collective works" + grey area + important: actual form of distribution (as seperate works or not) + no precendent so far + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +The GNU GPL Revisited +Non-Public modifications + + Non-Public modifications + A common misconception is that if you develop code within a corporation, and the code never leaves this corporation, you don't have to ship the source code. + However, at least German law would count every distribution beyound a number of close colleague as distribution. + Therefore, if you don't go for '3a' and include the source code together with the binary, you have to distribute the source code to any third party. + Also, as soon as you hand code between two companies, or between a company and a consultant, the code has been distributed. + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +The GNU GPL Revisited +GPL Violations + + When do I violate the license + when one ore more of the obligations are not fulfilled + + What risk do I take if I violate the license? + the GPL automatically revokes any usage right + any copyright holder can obtain a preliminary injunction banning distribution of the infringing product + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GNU GPL - Copyright helps Copyleft +Past GPL enforcement + +Past GPL enforcement + + GPL violations are nothing new, as GPL licensed software is nothing new. + However, the recent GNU/Linux hype made GPL licensed software used more often + The FSF enforces GPL violations of code on which they hold the copyright + silently, without public notice + in lengthy negotiations + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GNU GPL - Copyright helps Copyleft +The Linksys case + + + During 2003 the "Linksys" case drew a lot of attention + Linksys was selling 802.11 WLAN Acces Ponts / Routers + Lots of GPL licensed software embedded in the device (included Linux, uClibc, busybox, iptables, ...) + FSF led alliance took the usual "quiet" approach + Linksys bought itself a lot of time + Some source code was released two months later + About four months later, full GPL compliance was achieved + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GNU GPL - Copyright helps Copyleft +The Linksys case + + Some developers didn't agree with this approach + not enough publicity + violators don't loose anything by first not complying and wait for the FSF + four months delay is too much for low product lifecycles in WLAN world + The netfilter/iptables project started to do their own enforcement in more cases that were coming up + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GNU GPL - Copyright helps Copyleft +Enforcement case timeline + + In chronological order + some user sends us a note he found our code somewhere + reverse engineering of firmware images + test purchase to verify device ships gpl-incompliant + sending the infringing organization a warning notice + wait for them to sign a statement to cease and desist + if no statement is signed + contract technical expert to do a study + apply for a preliminary injunction + if statement was signed + try to work out the details + grace period for boxes in stock possible + try to indicate that a donation would be good PR + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GNU GPL - Copyright helps Copyleft +Sucess so far + + Success so far + amicable agreements with a number (35+) of companies + sdome of which made significant donations to charitable organizations of the free software community + preliminary injunction against Sitecom, Sitecom also lost appeals case + court decision of munich district court in Sitecom appeals case + three more preliminary injunctions + more settled cases (not public yet) + negotiating in more cases + public awareness + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GNU GPL - Copyright helps Copyleft +Cases so far (1/3) + + + Allnet GmbH + Siemens AG + Fujitsu-Siemens Computers GmbH + Axis A.B. + Securepoint GmbH + U.S.Robotics Germany GmbH + Netgear GmbH + Belkin Compnents GmbH + Asus GmbH + Gateprotect GmbH + Sitecom GmbH / B.V. + TomTom B.V. + Gigabyte Technologies GmbH + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GNU GPL - Copyright helps Copyleft +Cases so far (2/3) + + + Sun Deutschland GmbH + Open-E GmbH + Siemens AG (second case) + Deutsche Telekom AG + Hitachi Inc. + Tecom Inc. + ARP Datacon GmbH + Conceptronic B.V. + D-Link GmbH + Adaptec Deutschland GmbH + Belkin Compnents GmbH (second case) + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GNU GPL - Copyright helps Copyleft +Cases so far (3/3) + + + Siemens AG (third case) + TARGA GmbH + Medion AG + naviflash GmbH + Maxtor Inc. + Cisco Deutschland GmbH + Fortinet + naviflash GmbH + iRiver Europe GmbH + Cisco Deutschland GmbH (second case) + Acer Deutschland GmbH + + some more not public yet + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GNU GPL - Copyright helps Copyleft +What we've learned + + + Copyleft-style licenses can be enforced! + A lot of companies don't take Free Software licenses seriously + Even corporations with large legal departments who should know + Reasons unclear, probably the financial risk of infringement was considered less than the expected gains + The FUD spread about "GPL not holding up in court" has disappeared + + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GNU GPL - Copyright helps Copyleft +Future GPL Enforcement + + + GPL Enforcement + remains an important issue for Free Software + will start to happen within the court more often + has to be made public in order to raise awareness + will probably happen within some form of organization + talks have started with the FSF Europe + + What about Copylefted Content (Creative Commons) + probably just a matter of time until CC-licensed works of art are infringed + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GNU GPL - Copyright helps Copyleft +Problems of GPL Enforcement + + Problems + distributed copyright + is an important safeguard + can make enforcement difficult, since copyright traditionally doesn't know cases with thousands of copyright holders + distribution of damages extremely difficult + the legal issue of having to do reverse engineering in order to prove copyright infringement(!) + only the copyright holder (in most cases the author) can do it + users discovering GPL'd software need to communicate those issues to all entitled parties (copyright holders) + infringers obfuscating and/or encrypting fres software as disguise + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GNU GPL - Copyright helps Copyleft +gpl-violations.org + + The http://www.gpl-violations.org/ project was started ~ 1 year ago + as a platform wher users can report alleged violations + to verify those violations and inform all copyright holders + to inform the public about ongoing enforcement efforts + + At the moment, project is only backed by the author + more volunteers needed to investigate all cases + something like 170 reported (alleged) violations up to day + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GNU GPL - Copyright helps Copyleft +Make later enforcement easy + + Practical rules for proof by reverse engineering + Don't fix typos in error messages and symbol names + Leave obscure error messages like 'Rusty needs more caffeine' + Make binary contain string of copyright message, not only source + Practical rules for potential damages claims + Use revision control system + Document source of each copyrightable contribution + Name+Email address in CVS commit message + Consider something like FSFE FLA (Fiduciary License Agreement) + Make sure that employers are fine with contributions of their employees + If you find out about violation + Don't make it public (has to be new/urgent for injunctive relief) + Contact lawyer immediately to send wanrning notice + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GNU GPL - Copyright helps Copyleft +Thanks + + Thanks to + KNF + for first bringing me in contact with linux in 1994 + Astaro AG + for sponsoring most of my netfilter work + Free Software Foundation + for the GNU Project + for the GNU General Public License + Dr. Till Jaeger + for handling my legal cases + Intranet Engineering + for doing expert witness reports + +%size 3 + The slides of this presentation are available at http://www.gnumonks.org/ + + Further reading: +%size 3 + The http://www.gpl-violations.org/ project +%size 3 + The Free Software foundation http://www.fsf.org/, http://www.fsf-europe.org/ +%size 3 + The GNU Project http://www.gnu.org/ +%size 3 + The netfilter homepage http://www.netfilter.org/ +%% http://management.itmanagersjournal.com/management/04/05/31/1733229.shtml?tid=85&tid=4 + + diff --git a/2005/gpl-enforcement-reboot2005/short-abstract b/2005/gpl-enforcement-reboot2005/short-abstract new file mode 100644 index 0000000..e0aa9b4 --- /dev/null +++ b/2005/gpl-enforcement-reboot2005/short-abstract @@ -0,0 +1,4 @@ +Linux is used more and more, especially in the embedded market. Unfortunately, +a number of vendors do not comply with the GNU GPL. The author has enforced +the GPL numerous times in and out of court, and will talk about his experience. + diff --git a/2005/gpl-fosdem2005/biography b/2005/gpl-fosdem2005/biography new file mode 100644 index 0000000..22438a2 --- /dev/null +++ b/2005/gpl-fosdem2005/biography @@ -0,0 +1,24 @@ + Harald Welte is the chairman of the netfilter/iptables core team. + + His main interest in computing has always been networking. In the few time +left besides netfilter/iptables related work, he's writing obscure documents +like the UUCP over SSL HOWTO. Other kernel-related projects he has been +contributing are user mode linux, the international (crypto) kernel patch, device drivers and the neighbour cache. + + He has been working as an independent IT Consultant working on projects for +various companies ranging from banks to manufacturers of networking gear. +During the year 2001 he was living in Curitiba (Brazil), where he got +sponsored for his Linux related work by Conectiva Inc. + + Starting with February 2002, Harald has been contracted part-time by +<a href="http://www.astaro.com/">Astaro AG</a>, who are sponsoring him for his +current netfilter/iptables work. + + Aside from the Astaro sponsoring, he continues to work as a freelancing +kernel developer and network security consultant. + + He licenses his software under the terms of the GNU GPL. He is determined to bring all users, distributors, value added resellers and vendors of netfilter/iptables based products in full compliance with the GPL, even if it includes raising legal charges. + + Harald is living in Berlin, Germany. + + diff --git a/2005/gpl-fosdem2005/cfp-reply b/2005/gpl-fosdem2005/cfp-reply new file mode 100644 index 0000000..cb58c30 --- /dev/null +++ b/2005/gpl-fosdem2005/cfp-reply @@ -0,0 +1,46 @@ +21c3-content@cccv.de + + * Name: Full name of speaker + +Harald Welte + + * Bio: Short biography of speaker + +See Attachment 1 + + * Contact: E-Mail, phone, instant messaging etc. + +email: laforge@gnumonks.org +Phone: +49-30-24033902 +Fax: +49-30-24033904 + + * Title: Name of event or lecture + +Enforcing the GNU GPL + + * Subtitle: Additional title description (a couple of words, optional) + +Copyright helps Copyleft + + * Abstract: An abstract of the event's content (max. 250 letters) + +Linux is used more and more, especially in the embedded market. Unfortunately, +a number of vendors do not comply with the GNU GPL. The author has enforced +the GPL numerous times in and out of court, and will talk about his experience. + + * Description: A detailed description of the event's content (250 to 500 words) + +See Attachment 2 + + * Attachments: more information + o Links to background information + +http://www.gpl-violations.org/ +http://www.netfilter.org/licensing.html +http://gnumonks.org/~laforge/weblog/linux/gpl-violations/ + + o Links to information on the lecture itself + o Slides, Paper in PDF or other formats + +Not yet available. + diff --git a/2005/gpl-fosdem2005/extended-abstract b/2005/gpl-fosdem2005/extended-abstract new file mode 100644 index 0000000..3b5874b --- /dev/null +++ b/2005/gpl-fosdem2005/extended-abstract @@ -0,0 +1,29 @@ +Enforcing the GNU GPL - Copyright helps Copyleft + +More and more vendors of various computing devices, especially network-related +appliances such as Routers, NAT-Gateways and 802.11 Access Points are using +Linux and other GPL licensed free software in their products. + +While the Linux community can look at this as a big success, there is a back +side of that coin: A large number of those vendors have no idea about the GPL +license terms, and as a result do not fulfill their obligations under the GPL. + +The netfilter/iptables project has started legal proceedngs against a number of +companies in violation of the GPL since December 2003. Those legal proceedings +were quite successful so far, resulting in twelve amicable agreements and one +granted preliminary injunction. The list of companies includes large +corporations such as Siemens, Asus and Belkin. + +The speaker will present an overview about his recent successful enforcement of +the GNU GPL within German jurisdiction. + +He will go on speaking about what exactly is neccessarry to fully comply with +the GPL, including his legal position on corner cases such as cryptographic +signing. + +Resulting from his experience in dealing with the german legal system, he will +give some hints to software authors about what they can do in order to make +eventual later license enforcement easier. + +In the end, it seems like the idea of the founding fathers of the GNU GPL +works: Guaranteeing Copyleft by using Copyright. diff --git a/2005/gpl-fosdem2005/gpl-fosdem2005.mgp b/2005/gpl-fosdem2005/gpl-fosdem2005.mgp new file mode 100644 index 0000000..cfeb5f3 --- /dev/null +++ b/2005/gpl-fosdem2005/gpl-fosdem2005.mgp @@ -0,0 +1,426 @@ +%include "default.mgp" +%default 1 bgrad +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +%nodefault +%back "blue" + +%center +%size 7 + + +Enforcing the GNU GPL +Copyright helps Copyleft + + +%center +%size 4 +by + +Harald Welte <laforge@gnumonks.org> + + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GNU GPL - Copyright helps Copyleft +Contents + + About the speaker + The GNU GPL Revisited + GPL Violations + Past GPL Enforcement + Typical case timeline + Success so far + What we've learned + Problems encountered + Future outlook + Thanks + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GNU GPL - Copyright helps Copyleft +Introduction + + +Who is speaking to you? + an independent Free Software developer + who earns his living off Free Software since 1997 + who is one of the authors of the Linux kernel firewall system called netfilter/iptables + who IS NOT A LAWYER, although this presentation is the result of dealing almost a year with lawyers on the subject of the GPL + +Why is he speaking to you? + he thinks there is too much confusion about copyright and free software licenses. Even Red Hat CEO Matt Szulik stated in an interview that RedHat puts investments into 'public domain' :( + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GNU GPL - Copyright helps Copyleft +Disclaimer + +Legal Disclaimer + + All information presented here is provided on an as-is basis + There is no warranty for correctness of legal information + The author is not a lawyer + This does not comprise legal advise + The authors' experience is limited to German copyright law + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +The GNU GPL Revisited +What is copyrightable? + + The GNU GPL is a copyright license, and thus only covers copyrighted works + Not everything is copyrightable (German: Schoepfungshoehe) + Small bugfixes are not copyrightable (similar to typo-fixes in a book) + As soon as the programmer has a choice in the implementation, there is significant indication of a copyrightable work + Choice in algorithm, not in formal representation + Apparently, the level for copyrightable works is relatively low + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +The GNU GPL Revisited +Terminology + + Public Domain + concept where copyright holder abandons all rights + same legal status as works where author has died 70 years ago (German: Gemeinfreie Werke) + Freeware + object code, free of cost. No source code + Shareware + proprietary "Try and Buy" model for object code. + Cardware/Beerware/... + Freeware that encourages users to send payment in kind + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +The GNU GPL Revisited +Terminology + + Free Software + source code freely distributed + must allow redistribution, modification, non-discriminatory use + mostly defined by Free Software Foundation + Open Source + source code freely distributed + must allow redistribution, modification, non-discriminatory use + defined in the "Open Source Definition" by OSI + + The rest of this document will refer to Free and Open Source Software as FOSS. + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +The GNU GPL Revisited +The GNU GPL Revisited + +Revisiting the GNU General Public License + + Regulates distribution of copyrighted code, not usage + Allows distribution of source code and modified source code + The license itself is mentioned + A copy of the license accompanies every copy + Allows distribution of binaries or modified binaries, if + The license itself is mentioned + A copy of the license accompanies every copy + The complete source code is either included with the copy (alternatively a written offer to send the source code on request to any 3rd party) + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +The GNU GPL Revisited +Complete Source Code + +%size 3 +"... complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable." + Our interpretation of this is: + Source Code + Makefiles + Tools for generating the firmware binary from the source + (even if they are technically no 'scripts') + General Rule: + Intent of License is to enable user to run modified versions of the program. They need to be enabled to do so. + Result: Signing binaries and only accepting signed versions without providing a signature key is not acceptable! + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +The GNU GPL Revisited +Derivative Works + + What is a derivative work? + Not dependent on any particular kind of technology (static/dynamic linking, dlopen, whatever) + Even while the modification can itself be a copyrightable work, the combination with GPL-licensed code is subject to GPL. + No precendent in Germany so far + As soon as code is written for a specific non-standard API (such as the iptables plugin API), there is significant indication for a derivative work + This position has been successfully enforced out-of-court with two Vendors so far (iptables modules/plugins). + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +The GNU GPL Revisited +Derivative Works + + Position of my lawyer: + In-kernel proprietary code (binary kernel modules) are hard to claim GPL compliant + Case-by-case analysis required, especially when drivers/filesystems are ported from other OS's. + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +The GNU GPL Revisited +Collected Works + +%size 3 +"... it is not the intent .. to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works ..." +%size 3 +"... mere aggregation of another work ... with the program on a volume of a storage or distribution medium does not bring the other work und the scope of this license" + + GPL allows "mere aggregation" + like a general-porpose GNU/Linux distribution (SuSE, Red Hat, ...) + + GPL disallows "collective works" + legal grey area + tends to depend a lot on jurisdiction + no precendent so far + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +The GNU GPL Revisited +Non-Public modifications + + Non-Public modifications + A common misconception is that if you develop code within a corporation, and the code never leaves this corporation, you don't have to ship the source code. + However, at least German law would count every distribution beyound a number of close colleague as distribution. + Therefore, if you don't go for '3a' and include the source code together with the binary, you have to distribute the source code to any third party. + Also, as soon as you hand code between two companies, or between a company and a consultant, the code has been distributed. + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +The GNU GPL Revisited +GPL Violations + + When do I violate the license + when one ore more of the obligations are not fulfilled + + What risk do I take if I violate the license? + the GPL automatically revokes any usage right + any copyright holder can obtain a preliminary injunction banning distribution of the infringing product + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GNU GPL - Copyright helps Copyleft +Past GPL enforcement + +Past GPL enforcement + + GPL violations are nothing new, as GPL licensed software is nothing new. + However, the recent GNU/Linux hype made GPL licensed software used more often + The FSF enforces GPL violations of code on which they hold the copyright + silently, without public notice + in lengthy negotiations + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GNU GPL - Copyright helps Copyleft +The Linksys case + + + During 2003 the "Linksys" case drew a lot of attention + Linksys was selling 802.11 WLAN Acces Ponts / Routers + Lots of GPL licensed software embedded in the device (included Linux, uClibc, busybox, iptables, ...) + FSF led alliance took the usual "quiet" approach + Linksys bought itself a lot of time + Some source code was released two months later + About four months later, full GPL compliance was achieved + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GNU GPL - Copyright helps Copyleft +The Linksys case + + Some developers didn't agree with this approach + not enough publicity + violators don't loose anything by first not complying and wait for the FSF + four months delay is too much for low product lifecycles in WLAN world + The netfilter/iptables project started to do their own enforcement in more cases that were coming up + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GNU GPL - Copyright helps Copyleft +Enforcement case timeline + + In chronological order + some user sends us a note he found our code somewhere + reverse engineering of firmware images + sending the infringing organization a warning notice + wait for them to sign a statement to cease and desist + if no statement is signed + contract technical expert to do a study + apply for a preliminary injunction + if statement was signed + try to work out the details + grace period for boxes in stock possible + try to indicate that a donation would be good PR + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GNU GPL - Copyright helps Copyleft +Sucess so far + + Success so far + amicable agreements with a number (25+) of companies + sdome of which made significant donations to charitable organizations of the free software community + preliminary injunction against Sitecom, Sitecom also lost appeals case + court decision of munich district court in Sitecom appeals case + a second preliminary injunction against one of Germanys largest technology firms + more settled cases (not public yet) + negotiating in more cases + public awareness + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GNU GPL - Copyright helps Copyleft +Cases so far (1/2) + + + Allnet GmbH + Siemens AG + Fujitsu-Siemens Computers GmbH + Axis A.B. + Securepoint GmbH + U.S.Robotics Germany GmbH + Netgear GmbH + Belkin Compnents GmbH + Asus GmbH + Gateprotect GmbH + Sitecom GmbH / B.V. + TomTom B.V. + Gigabyte Technologies GmbH + D-Link GmbH + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GNU GPL - Copyright helps Copyleft +Cases so far (2/2) + + + Sun Deutschland GmbH + Open-E GmbH + Siemens AG (second case) + Deutsche Telekom AG + Hitachi Inc. + Tecom Inc. + ARP Datacon GmbH + Conceptronic B.V. + + some more not public yet + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GNU GPL - Copyright helps Copyleft +What we've learned + + + Copyleft-style licenses can be enforced! + A lot of companies don't take Free Software licenses seriously + Even corporations with large legal departments who should know + Reasons unclear, probably the financial risk of infringement was considered less than the expected gains + The FUD spread about "GPL not holding up in court" has disappeared + + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GNU GPL - Copyright helps Copyleft +Future GPL Enforcement + + + GPL Enforcement + remains an important issue for Free Software + will start to happen within the court more often + has to be made public in order to raise awareness + will probably happen within some form of organization + + What about Copylefted Content (Creative Commons) + probably just a matter of time until CC-licensed works of art are infringed + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GNU GPL - Copyright helps Copyleft +Problems of GPL Enforcement + + Problems + distributed copyright + is an important safeguard + can make enforcement difficult, since copyright traditionally doesn't know cases with thousands of copyright holders + distribution of damages extremely difficult + the legal issue of having to do reverse engineering in order to prove copyright infringement(!) + only the copyright holder (in most cases the author) can do it + users discovering GPL'd software need to communicate those issues to all entitled parties (copyright holders) + infringers obfuscating and/or encrypting fres software as disguise + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GNU GPL - Copyright helps Copyleft +gpl-violations.org + + The http://www.gpl-violations.org/ project was started + as a platform wher users can report alleged violations + to verify those violations and inform all copyright holders + to inform the public about ongoing enforcement efforts + + At the moment, project is only backed by the author + more volunteers needed to investigate all cases + something like 170 reported (alleged) violations up to day + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GNU GPL - Copyright helps Copyleft +Make later enforcement easy + + Practical rules for proof by reverse engineering + Don't fix typos in error messages and symbol names + Leave obscure error messages like 'Rusty needs more caffeine' + Make binary contain string of copyright message, not only source + Practical rules for potential damages claims + Use revision control system + Document source of each copyrightable contribution + Name+Email address in CVS commit message + Consider something like FSFE FLA (Fiduciary License Agreement) + Make sure that employers are fine with contributions of their employees + If you find out about violation + Don't make it public (has to be new/urgent for injunctive relief) + Contact lawyer immediately to send wanrning notice + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +GNU GPL - Copyright helps Copyleft +Thanks + + Thanks to + KNF + for first bringing me in contact with linux in 1994 + Astaro AG + for sponsoring most of my netfilter work + Free Software Foundation + for the GNU Project + for the GNU General Public License + Dr. Till Jaeger + for handling my legal cases + +%size 3 + The slides of this presentation are available at http://www.gnumonks.org/ + + Further reading: +%size 3 + The http://www.gpl-violations.org/ project +%size 3 + The Free Software foundation http://www.fsf.org/, http://www.fsf-europe.org/ +%size 3 + The GNU Project http://www.gnu.org/ +%size 3 + The netfilter homepage http://www.netfilter.org/ +%% http://management.itmanagersjournal.com/management/04/05/31/1733229.shtml?tid=85&tid=4 + + diff --git a/2005/gpl-fosdem2005/short-abstract b/2005/gpl-fosdem2005/short-abstract new file mode 100644 index 0000000..e0aa9b4 --- /dev/null +++ b/2005/gpl-fosdem2005/short-abstract @@ -0,0 +1,4 @@ +Linux is used more and more, especially in the embedded market. Unfortunately, +a number of vendors do not comply with the GNU GPL. The author has enforced +the GPL numerous times in and out of court, and will talk about his experience. + diff --git a/2005/gpl-siemens_wien2005/gpl-siemens_wien2005.mgp b/2005/gpl-siemens_wien2005/gpl-siemens_wien2005.mgp new file mode 100644 index 0000000..565a51b --- /dev/null +++ b/2005/gpl-siemens_wien2005/gpl-siemens_wien2005.mgp @@ -0,0 +1,304 @@ +%include "default.mgp" +%default 1 bgrad +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +%nodefault +%back "blue" + +%center +%size 7 + + +GPL Workshop +How to (not?) use Free Software + + +%center +%size 4 +by + +Harald Welte <hwelte@hmw-consulting.de> + + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +How to (not) use GPL Software +Contents + + About the speaker + Ideas / Goals of the GPL + The GNU GPL Revisited + Complete Source Code + Derivative Works + Collective Works + GPL and Embedded Systems + The biggest GPL Myths + Thanks + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +How to (not) use GPL Software +Introduction + + +Who is speaking to you? + + an independent Free Software developer + who earns his living off Free Software since 1997 + who is one of the authors of the Linux kernel firewall system called netfilter/iptables + who has started gpl-violations.org to enforce license compliance + who IS NOT A LAWYER + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +How to (not) use GPL Software +Disclaimer + +Legal Disclaimer + + All information presented here is provided on an as-is basis + There is no warranty for correctness of legal information + The author is not a lawyer + This does not comprise legal advise + The authors' experience is limited to German copyright law + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +The GNU GPL Revisited +Ideas and Goals of the GNU GPL + + Free Software + Software that has fundamental freedoms: + to use it for any purpose + to "help your neighbour" (i.e. make copies) + to study it's functionality (reading source code) + to fix it myself (make modifications and run them) + + Copyleft + Is the legal idea to + exercising copyright to grant the above freedoms + assure that nobody can take away the freedom + + The GNU General Public License + Is a legal instrument to apply they copyleft idea on software + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +The GNU GPL Revisited +The GNU GPL Revisited + +Revisiting the GNU General Public License + + Regulates distribution of copyrighted code, not usage + Allows distribution of source code and modified source code + The license itself is mentioned + A copy of the license accompanies every copy + Allows distribution of binaries or modified binaries, if + The license itself is mentioned + A copy of the license accompanies every copy + The complete source code is either included with the copy (alternatively a written offer to send the source code on request to any 3rd party) + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +The GNU GPL Revisited +Complete Source Code + +%size 3 +"... complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable." + + For standard C-language programs, this means: + Source Code + Makefiles + compile-time Configuration (such as kernel .config) + + General Rule: + Intent of License is to enable user to run modified versions of the program. They need to be enabled to do so. + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +The GNU GPL Revisited +Derivative Works + + What is a derivative work? + Not dependent on any particular kind of technology (static/dynamic linking, dlopen, whatever) + Even while the modification can itself be a copyrightable work, the combination with GPL-licensed code is subject to GPL. + As soon as code is written for a specific non-standard API (such as the iptables plugin API), there is significant indication for a derivative work + This position has been successfully enforced out-of-court with two Vendors so far (iptables modules/plugins). + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +The GNU GPL Revisited +Derivative Works + + Binary-only kernel modules + In-kernel proprietary code (binary kernel modules) are hard to claim GPL compliant + Case-by-case analysis required, as the level of integration into the GPL licensed kernel code depends on particular case + IBM is in the process of getting rid of all binary-only kernel modules. There are exceptions, but they are very clear ones (such as a filesystem port to linux, where the filesystem code already existed under another OS) + There is no general acceptance or tolerance to binary-only kernel modules in the Linux (development) community. Not even Linus himself has ever granted an exception for such modules! + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +The GNU GPL Revisited +Derivative Works + + Glue Code + Acts as glue layer between GPL licensed code and proprietary code + Some Vendors think they can avoid the GPL by doing so + Is definitely not a bullet-proof legal solution, especially when it is clearly visible that the only purpose of this glue code is to "get rid" of the GPL. + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +The GNU GPL Revisited +Derivative Works + + Moral Issues + Apart from what is legally possible, there are moral issues + Even if in a particular case there is no legal way to claim a binary-only kernel module is a derivative work, you might still be acting against the authors' wishes + By shipping binary-only kernel modules, you violate the "moral code of conduct" of the Free Software community + But it is the work of this very community that enables you to build your product based on Free Software + Such action might have long-term detrimental effects on the motivation of FOSS developers (dissatisfaction, demotivation, ...) + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +The GNU GPL Revisited +Collective Works + +%size 3 +"... it is not the intent .. to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works ..." + + GPL controls "collective works" + +%size 3 +"... mere aggregation of another work ... with the program on a volume of a storage or distribution medium does not bring the other work und the scope of this license" + + GPL allows "mere aggregation" + like a general-porpose GNU/Linux distribution (SuSE, Red Hat, ...) + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +The GNU GPL Revisited +GPL And Embedded Systems + + Historical background: + The GPL was written for userspace programs running on existing operating systems + Covering a whole OS (and even userspace programs) is not an ideal match, but if you read it carefully it still makes sense + + Toolchain: +%size 3 +"... the source code distributed need not include anything that is normally +distributed (in either source or binary form) with the major components +(compiler, kernel, and so on) of the operating system on which the executable +runs, unless that component itself accompanies the executable." + Practical case: + You've modified gcc for a specific embedded platform + Therefore, this gcc is not "normally distributed with the operating system" and you have to distribute it together with the source code + gcc itself is covered under GPL, so you need to provide binaries and source code(!) + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +The GNU GPL Revisited +GPL And Embedded Systems + + The "Scripts" + (scripts to control compilation and installation, see earlier slide) + In case of embedded hardware, the "scripts" include: + Tools for generating the firmware binary from the source (even if they are technically no 'scripts') + + + Embedded DRM + Intent of License is to enable user to run modified versions of the program. They need to be enabled to do so. + Result: Signing binaries and only accepting signed versions from the bootloader (without providing the signature key or a possibility to set a new key in the bootloader) is not acceptable! + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +The GNU GPL Revisited +Practical Source Code Offer + + Some Rules + The "complete corresponding source code" has to be made available + It has to be made available for each and every object-code version that was distributed + If you strip down the source code offer (e.g. remove proprietary source code), try to see whether the result actually compiles + If the product is mixed free / proprietary software, consider including the proprietary parts (as object code) in the "source code package", so the full firmware image can be rebuilt without having to tear apart an existing image and ripping out those proprietary programs from there. + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +The GNU GPL Revisited +The biggest myths about the GPL + +The biggest myths about the GPL + The GPL is not enforcible + Software licensed under GPL has no copyright + Unmodified distribution does not require source code availability + The vendor can wait for a source code request (without offering it) + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +The GNU GPL Revisited +The most common mistakes + +The most common mistakes + not even once reading the GPL text and/or the FAQ from the FSF + not including the GPL license text with the product + not including a written offer with the product + not considering that the GPL also applies to software updates + only providing original source code (e.g. vanilla kernel.org kernel) + not including the "scripts to control installation" + only providing off-site hyperlinks to license and/ore source code + not responding to support requests for source code + charging rediculously high fees for physical shipping of source code + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +The GNU GPL Revisited +License Compatibility + + There's lots of Free Software available + Different Software uses different Licenses: + Linux: GPL + glibc: LGPL + apache: Apache Software License + Perl: Artistic + ucd-snmp: BSD + If you combine (i.e. link) differently-licensed software, + check license compatibility + in case of doubt, ask legal person and/or contact software authors + authors might give you an exception or consider making licenses compatible + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +The GNU GPL Revisited +Dual Licensing + + The copyright holder (often the original author) can provide alternative licensing + Some projects do this as a business model (reiserfs, MySQL) + In some projects it's impossible due to the extremely distributed copyright (e.g. Linux kernel) + However, in smaller projects it never hurts to ask whether there would be interest in providing an alternative (non-copyleft) licensing + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +How to (not) use GPL Software +The End + + +%size 3 + Further reading: +%size 3 + The http://gpl-violations.org/ project +%size 3 + The Free Software foundation http://www.fsf.org/, http://www.fsf-europe.org/ +%size 3 + The GNU Project http://www.gnu.org/ +%size 3 + The netfilter homepage http://www.netfilter.org/ +%% http://management.itmanagersjournal.com/management/04/05/31/1733229.shtml?tid=85&tid=4 + + diff --git a/2005/gpl-siemens_wien2005/gpl-siemens_wien2005.pdf b/2005/gpl-siemens_wien2005/gpl-siemens_wien2005.pdf Binary files differnew file mode 100644 index 0000000..bef0434 --- /dev/null +++ b/2005/gpl-siemens_wien2005/gpl-siemens_wien2005.pdf diff --git a/2005/gpl-siemens_wien2005/gpl-siemens_wien2005_4.pdf b/2005/gpl-siemens_wien2005/gpl-siemens_wien2005_4.pdf Binary files differnew file mode 100644 index 0000000..d9807a8 --- /dev/null +++ b/2005/gpl-siemens_wien2005/gpl-siemens_wien2005_4.pdf diff --git a/2005/iptables-firewall-heinlein2005/example1.txt b/2005/iptables-firewall-heinlein2005/example1.txt new file mode 100644 index 0000000..33f70ce --- /dev/null +++ b/2005/iptables-firewall-heinlein2005/example1.txt @@ -0,0 +1,32 @@ +Internal Network: 10.0.0.1/24 (eth1) +DMZ: 10.23.23.1/24 (eth2) +Server10: 10.23.23.10/24 +Server11: 10.23.23.11/24 +Public IP: 192.168.100.215/24 (eth0) + +Layout: + DMZ + I +Internal Net --- Firewall --- Public Net + + +Security policy: +- Stateful Packet Filter for ~256k Connections +- All packets that are not explicitly allowed, have to be dropped +- All packets that are dropped have to be logged +- No access from the public network to the Firewall itself +- No handling of multicast and/or broadcast packets +- Antispoofing rules for each interface +- All traffic from Internal / DMZ to public must be NAT'ed +- All machines in DMZ + - Allowed to initiate any kind of connection to Public network +- Server10: + - Administrative access via SSH from Public and Internal Network + - HTTP access from Public and Internal Network + - DNS access from Public and Internal Network +- Server11: + - Administrative access via SSH from Public (Port 2222) and Internal Network + - SMTP access from Public and Internal Network +- All machines in Internal Network: + - Allowed to do FTP, SSH, POP3S, IMAP4S to Public Network + - HTTP via transparent proxy on Server11:3128 diff --git a/2005/iptables-firewall-heinlein2005/example2.txt b/2005/iptables-firewall-heinlein2005/example2.txt new file mode 100644 index 0000000..3760b5d --- /dev/null +++ b/2005/iptables-firewall-heinlein2005/example2.txt @@ -0,0 +1,26 @@ +Internal Network: 10.0.x.1/24 +Host10: 10.0.x.10/24 +Host11: 10.0.x.11/24 +Public IP: 10.0.0.z/24 + +Layout: + +Internal Net --- Firewall --- Public Net + +Security policy: +- Stateful Packet Filter for ~64k Connections +- All packets that are not explicitly allowed, have to be dropped +- All packets that are dropped have to be logged +- SSH access from public segment (192.168.100.y/24) to the Firewall itself +- No handling of multicast and/or broadcast packets +- Antispoofing rules for each interface +- All traffic from/to Internal must not be NAT'ed (i.e. public addresses) +- Correct handling of all ICMP Errors +- ICMP echo request / reply allowed stateful +- Host10: + - Administrative access via SSH from any Public Address + - HTTP access from Public Network +- Host11: + - No access from Public Network +- All machines in Internal Network: + - Allowed to initiate any kind of connections to Public Network diff --git a/2005/iptables-firewall-heinlein2005/f.mgp b/2005/iptables-firewall-heinlein2005/f.mgp new file mode 100644 index 0000000..7d8a4c3 --- /dev/null +++ b/2005/iptables-firewall-heinlein2005/f.mgp @@ -0,0 +1,454 @@ +%include "default.mgp" +%default 1 bgrad +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +IP Tables + + addrtype match + matches source/destionation address type + types are UNICAST/LOCAL/BROADCAST/ANYCAST/MULTICAST/... + ah match + matches IPSEC AH SPI (range) + comment match + always matches, allows user to place comment in rule + connmark match + connection marking, see later + conntrack match + more extended version of 'state' + match on timeout, fine-grained state, original tuples + dscp match + matches DSCP codepoint (formerly-known as TOS bits) + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +IP Tables + + ecn match + matches ECN bits of tcp and ip header + esp match + matches IPSEC ESP SPI (range) + hashlimit match + dynamic limiting + helper match + allows matching of conntrack helper name + iprange match + match on arbitrary IP address ranges (not a mask) + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +IP Tables + + length match + match on packet length + limit + static rate limiting + mac + match on source mac address + mark + match on nfmark (fwmark) + multiport + match on multiple ports + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +IP Tables + + owner + match on socket owner (uid, gid, pid, sid, command name) + physdev + match underlying device in case of bridge + pkttype + match link-layer packet type (unicast,broadcast,multicast) + realm + match routing realm + recent + see special section below + tcpmss + match on TCP maximum segment size + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +IP Tables + +Targets + very dependent on the particular table + + Table specific targets will be discussed later + + Generic Targets, always available + ACCEPT accept packet within chain + DROP silently drop packet + QUEUE enqueue packet to userspace + LOG log packet via syslog + ULOG log packet via ulogd + RETURN return to previous (calling) chain + foobar jump to user defined chain + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +Packet Filtering + +Overview + + Implemented as 'filter' table + Registers with three netfilter hooks + + NF_IP_LOCAL_IN (packets destined for the local host) + NF_IP_FORWARD (packets forwarded by local host) + NF_IP_LOCAL_OUT (packets from the local host) + +Each of the three hooks has attached one chain (INPUT, FORWARD, OUTPUT) + +Every packet passes exactly one of the three chains. Note that this is very different compared to the old 2.2.x ipchains behaviour. + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +Packet Filtering + +Targets available within 'filter' table + + Builtin Targets to be used in filter table + ACCEPT accept the packet + DROP silently drop the packet + QUEUE enqueue packet to userspace + RETURN return to previous (calling) chain + foobar user defined chain + + Targets implemented as loadable modules + REJECT drop the packet but inform sender + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +Connection Tracking Subsystem + + Connection tracking... + + implemented seperately from NAT + enables stateful filtering + implementation + hooks into NF_IP_PRE_ROUTING to track packets + hooks into NF_IP_POST_ROUTING and NF_IP_LOCAL_IN to see if packet passed filtering rules + protocol modules (currently TCP/UDP/ICMP/SCTP) + application helpers currently (FTP,IRC,H.323,talk,SNMP) + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +Connection Tracking Subsystem + + Connection tracking... + + divides packets in the following four categories + NEW - would establish new connection + ESTABLISHED - part of already established connection + RELATED - is related to established connection + INVALID - (multicast, errors...) + does _NOT_ filter packets itself + can be utilized by iptables using the 'state' match + is used by NAT Subsystem + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +Connection Tracking Subsystem + + State tracking for TCP is obvious + TCP inherently stateful + Two TCP state machines on each end have well-defined behaviour + Passive tracking of state machines + In more recent 2.6.x kernels, tracking of TCP window (seq/ack) + Max idle timeout of fully-established session: 5 days + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +Connection Tracking Subsystem + + State tracking for UDP: How is this possible? + UDP itself not stateful at all + However, higher-level protocols mostly match request-reply + First packet (request) is assumed to be NEW + First matching reply packet is assumed to confirm connection + Further packets in either direction refresh timeout + Timeouts: 30sec unreplied, 180sec confirmed + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +Connection Tracking Subsystem + + State tracking on ICMP: What's that? + ICMP Errors (e.g. host/net unreachable, ttl exceeded) + They can always be categorized as RELATED to other connections + ICMP request/reply (ECHO REQUEST, INFO REQUEST) + can be treated like UDP request/reply case + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +Connection Tracking Subsystem + + State tracking on SCTP: What's SCTP? + Streaming Control Transfer Protocol + Linux has SCTP in the network stack, so why should the packet filter not support it? + Pretty much like TCP in most cases + Doesn't support more advanced features such as failover of an endpoint + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +Connection Tracking Subsystem + + State tracking on other protocols + 'generic' protocol: no layer-4 tuple information + 'gre' helper in patch-o-matic + + State tracking of higher-layer protocols + implemented as 'connection tracking helpers' + currently in-kernel: amanda, ftp, irc, tftp + currently in patch-o-matic: pptp, h.323, sip, quake, ... + have to be explicitly loaded (ip_conntrack_*.[k]o) + work by issuing so-called "expectations" + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +Connection Tracking Subsystem + + Exemptions to connection tracking + Usually connection tracking is called first in PRE_ROUTING + Sometimes, filtering is preferred before this conntrack lookup + Therefore, the "raw" table was introduced + In some rare cases, one might want to not track certain packets + The NOTRACK can be used in the "raw" table + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +Connection Tracking Subsystem + + Configuration / Tuning + module parameter "hashsize" + number of hash table buckets + /proc/sys/net/ipv4/ip_conntrack_max + maximum number of tracked connections + /proc/sys/net/ipv4/ip_conntrack_buckets (read-only) + number of hash table buckets + /proc/net/ip_conntrack + list of connections + /proc/net/ip_conntrack_expect + list of pending expectations + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +Connection Tracking Subsystem + + Configuration / Tuning + /proc/sys/net/ip_conntrack_log_invalid + log invalid packets? + /proc/sys/net/ip_conntrack_tcp_be_liberal + basically disables window tracking, if "1" + /proc/sys/net/ip_conntrack_tcp_loose + how many packets required until sync in case of pickup + if set to zero, disables pickup + /proc/sys/net/ip_conntrack_tcp_max_retrans + maximum number of retransmitted packets without seeing a n ACK + /proc/sys/net/ip_conntrack_*timeout* + timeout values of respective protocol states + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +Network Address Translation + + Network Address Translation + + Previous Linux Kernels only implemented one special case of NAT: Masquerading + Linux 2.4.x / 2.6.x can do any kind of NAT. + NAT subsystem implemented on top of netfilter, iptables and conntrack + Following targets available within 'nat' Table + SNAT changes the packet's source whille passing NF_IP_POST_ROUTING + DNAT changes the packet's destination while passing NF_IP_PRE_ROUTING + MASQUERADE is a special case of SNAT + REDIRECT is a special case of DNAT + SAME + NETMAP + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +Network Address Translation + + Source NAT + SNAT Example: +%font "typewriter" +%size 3 +iptables -t nat -A POSTROUTING -j SNAT --to-source 1.2.3.4 -s 10.0.0.0/8 +%font "standard" +%size 4 + + MASQUERADE Example: +%font "typewriter" +%size 3 +iptables -t nat -A POSTROUTING -j MASQUERADE -o ppp0 +%font "standard" +%size 5 + + Destination NAT + DNAT example +%font "typewriter" +%size 3 +iptables -t nat -A PREROUTING -j DNAT --to-destination 1.2.3.4:8080 -p tcp --dport 80 -i eth1 +%font "standard" +%size 4 + + REDIRECT example +%font "typewriter" +%size 3 +iptables -t nat -A PREROUTING -j REDIRECT --to-port 3128 -i eth1 -p tcp --dport 80 +%font "standard" +%size 5 + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +Packet Mangling + + Purpose of 'mangle' table + packet manipulation except address manipulation + + Integration with netfilter + 'mangle' table hooks in all five netfilter hooks + priority: after conntrack + +Simple example: +%font "typewriter" +%size 3 +iptables -t mangle -A PREROUTING -j MARK --set-mark 10 -p tcp --dport 80 + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +Packet Mangling + + Targets specific to the 'mangle' table: + DSCP + manipulate DSCP field + ECN + manipulate ECN bits + IPV4OPTSSTRIP + strip IPv4 options + MARK + change the nfmark field of the skb + TCPMSS + set TCP MSS option + TOS + manipulate the TOS bits + TTL + set / increase / decrease TTL field + CLASSIFY + classify packet (for tc/iproute) + CONNMARK + set mark of connection + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +The raw Table + + Purpose of 'raw' table + to allow for filtering rules _before_ conntrack + Targets specific to the 'raw' table: + NOTRACK + don't do connection tracking + + The table can also be useful for flood protection rules that happen before traversing the (computational) expensive connection tracking subsystem. + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +Advanced Netfilter concepts + +%size 4 + Userspace logging + flexible replacement for old syslog-based logging + packets to userspace via multicast netlink sockets + easy-to-use library (libipulog) + plugin-extensible userspace logging daemon (ulogd) + Can even be used to directly log into MySQL + + Queuing + reliable asynchronous packet handling + packets to userspace via unicast netlink socket + easy-to-use library (libipq) + provides Perl bindings + experimental queue multiplex daemon (ipqmpd) + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +Advanced Netfilter concepts + + Firewalling on a Bridge (ebtables + iptables) + totally transparent to layer 2 and above + no attack vector since firewall has no IP address + even possible to do NAT on the bridge + or even NAT of MAC addresses + + ipset - Faster matching + iptables are a linear list of rules + ipset represents a 'group' scheme + Implements different data types for different applications + hash table (for random addresses) + bitmask (for let's say a /24 network) + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +Advanced Netfilter concepts + + ipv6 packet filtering + ip6tables almost identical to iptables + no connection tracking in mainline yet, but patches exist + ip6_conntrack + initial copy+paste 'port' by USAGI + was not accepted because of code duplication + nf_conntrack + generalized connection tracking, supports ipv4 and ipv6 + mutually exclusive with ip_conntrack + as of now, no ipv4 nat on to of nf_conntrack + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +Thanks + + Thanks to + the BBS scene, Z-Netz, FIDO, ... + for heavily increasing my computer usage in 1992 + KNF (http://www.franken.de/) + for bringing me in touch with the internet as early as 1994 + for providing a playground for technical people + for telling me about the existance of Linux! + Alan Cox, Alexey Kuznetsov, David Miller, Andi Kleen + for implementing (one of?) the world's best TCP/IP stacks + Paul 'Rusty' Russell + for starting the netfilter/iptables project + for trusting me to maintain it today + Astaro AG + for sponsoring parts of my netfilter work diff --git a/2005/iptables-firewall-heinlein2005/gliederung.txt b/2005/iptables-firewall-heinlein2005/gliederung.txt new file mode 100644 index 0000000..775bae7 --- /dev/null +++ b/2005/iptables-firewall-heinlein2005/gliederung.txt @@ -0,0 +1,57 @@ +- zum Dozenten +- day 1: theoretischer teil zur technik + - terminologie (netfilter, iptables, ip_tables) + - netfilter hooks + - ip tables + - available matches + - stueck fuer stueck, mit beispiel + - available targets + - stueck fuer stueck, mit beispiel + - connection tracking + - detailierte funktionsweise + - NAT + +- day 2: praxis + - unterschiede kernelversionen + - 2.4.x + - 2.6.x (bis .10) + - 2.6.11 und hoeher + - neuer NAT code + - spezielles (nicht ueberall) + - ip_conntrack_count + - ip_conntrack_expect + - ip_tables_matches + - ip_tables_targets + - unterschiedliche anzahl mangle-hooks + - hilfe zur selbsthilfe + - iptables -m foo -h + - debugging komplexer setups in nfsim? + - patch-o-matic-ng + - ct_sync + - ulogd + - ip_queue + - CLUSTERIP + - ipset + + - netzwerktuning high-performance + - wahl der hardware + - irq affinity + - NAPI + + - performance + - optimierung von iptables-rulesets + - tree of chains + - nur tabellen laden, die benoetigt werden + - keine unnoetigen doppelten matches + - richtige reihenfolge + + - iptables-save / iptables-restore + + - connection marking + - integration mit tc / iproute2 + + - packet filter on a bridge + + - arptables + + - ipv6? diff --git a/2005/iptables-firewall-heinlein2005/iptables-firewall-heinlein2005-day2.mgp b/2005/iptables-firewall-heinlein2005/iptables-firewall-heinlein2005-day2.mgp new file mode 100644 index 0000000..cb929b7 --- /dev/null +++ b/2005/iptables-firewall-heinlein2005/iptables-firewall-heinlein2005-day2.mgp @@ -0,0 +1,159 @@ +%include "default.mgp" +%default 1 bgrad +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +%nodefault +%back "blue" + +%center +%size 7 + + +netfilter/iptables training +Nov 05/06/07, 2007 +Day 2 + +%center +%size 4 +by + +Harald Welte <laforge@netfilter.org> + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +Contents + + Day 2 + + Practical Exercises + Logging with ulogd + Choice of Hardware + Network Stack Tuning + Ruleset Optimization + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +Practical Exercises + + + Practical Exercises + + As discussed within the course + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +Logging with ulogd + + + Why? + because LOG is extremely inefficient + because LOG is unreliable, too + LOG on full-speed DoS: 1100 logs/sec + ULOG/LOGEMU on full-speed DoS: 96000 log/sec + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +Logging with ulogd + + + Configuration of ruleset: + -j ULOG + --ulog-nlgroup: which netlink group (up to 32) + --ulog-cprange: how many bytes of each package? + --ulog-qthreshold: how many packets to queue + --ulog-prefix: like "--log-prefix" + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +Logging with ulogd + + Configuration of ulogd: + Please refer to "doc/ulogd.html" documentation + + If logging remotely, make sure you don't ever log log-packets (!) + Debian woody ships with a broken ulogd (and refuses to fix it) + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +Choice of hardware + + Choice of hardware is important for high scalability + Packet forwarding is one of the most demanding tasks + Important issues + Optimization of NIC driver + RAM latency + Cache size + Interrupt Latency + I/O Bandwidth + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +Choice of hardware + + Past benchmarking has shown + AMD Opteron/Athlon64 has way better RAM latency than Intel + PCI-X is the preferred bus technology + Intel e1000 card + driver combo has good performance + Never use four-port cards, sicne they have additional bridges + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +Choice of hardwawre + + SMP or not SMP ? + The improvement of SMP is arguable for packet forwarding + Esp. connection tracking suffers from excessive cache ping-pong + In case of two interfaces, there can be no improvement + all packets will affect DMA with both interfaces + putting one device on each IRQ causes more cache misses than anything else + In case of four, eight interfaces, IRQ affinity can be used to distribute + put a pair of interfaces on each cpu + forwarding between those two interfaces will be fast + forwarding between interfaces on differenc cpu's slower +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +Network Stack tuning + + Tuning areas + IRQ affinity + neighbour cache + kernel compile-time config + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +Optimization of Ruleset + + Optimization of ruleset important + iptables itself does no optimization + all rules are traversed linearily + all matches are processed linearily + therefore, order _does_ matter for performance reasons + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +Optimization of Ruleset + + Good ideas for optimization + build a tree-like structure out of user-defined chains + avoid long lists + keep in mind the average number of traversed rules per packet + don't repeat excessive matching in each rule, use new chains + + diff --git a/2005/iptables-firewall-heinlein2005/iptables-firewall-heinlein2005-handout.pdf b/2005/iptables-firewall-heinlein2005/iptables-firewall-heinlein2005-handout.pdf Binary files differnew file mode 100644 index 0000000..99bfbbe --- /dev/null +++ b/2005/iptables-firewall-heinlein2005/iptables-firewall-heinlein2005-handout.pdf diff --git a/2005/iptables-firewall-heinlein2005/iptables-firewall-heinlein2005.mgp b/2005/iptables-firewall-heinlein2005/iptables-firewall-heinlein2005.mgp new file mode 100644 index 0000000..aea42de --- /dev/null +++ b/2005/iptables-firewall-heinlein2005/iptables-firewall-heinlein2005.mgp @@ -0,0 +1,704 @@ +%include "default.mgp" +%default 1 bgrad +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +%nodefault +%back "blue" + +%center +%size 7 + + +netfilter/iptables training +%size 4 + +Nov 05/06/07, 2007 +Day 1 + +%center +%size 4 +by + +Harald Welte <laforge@netfilter.org> + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +Contents + + Day 1 + + Introduction + Highly Scalable Linux Network Stack + Netfilter Hooks + Packet selection based on IP Tables + The Connection Tracking Subsystem + The NAT Subsystem + Packet Mangling + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +Introduction + + +Who is speaking to you? + an independent Free Software developer + who earns his living off Free Software since 1997 + who is one of the authors of the Linux kernel firewall system called netfilter/iptables + [who can claim to be the first to have enforced the GNU GPL in court] + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +Introduction + +Linux and Networking + Linux is a true child of the Internet + Early adopters: ISP's, Universities + Lots of work went into a highly scalable network stack + Not only for client/server, but also for routers + Features unheared of in other OS's + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +Introduction + +Did you know, that a stock 2.6.x linux kernel can provide + + a stateful packet filter ? + fully symmetric NA(P)T ? + policy routing ? + QoS / traffic shaping ? + IPv6 firewalling ? + packet filtering, NA(P)T on a bridge ? + layer 2 (mac) address translation ? + packet forwarding rates of up to 2.1Mpps ? + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +Introduction + +Why did we need netfilter/iptables? +Because ipchains... + + has no infrastructure for passing packets to userspace + makes transparent proxying extremely difficult + has interface address dependent Packet filter rules + has Masquerading implemented as part of packet filtering + code is too complex and intermixed with core ipv4 stack + is neither modular nor extensible + only barely supports one special case of NAT (masquerading) + has only stateless packet filtering + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +Introduction + +Who's behind netfilter/iptables + + The core team + Paul 'Rusty' Russel + co-author of iptables in Linux 2.2 + James Morris + Marc Boucher + Harald Welte + Jozsef Kadlecsik + Martin Josefsson + Patrick McHardy + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +Netfilter Hooks + + What is netfilter? + + System of callback functions within network stack + Callback function to be called for every packet traversing certain point (hook) within network stack + Protocol independent framework + Hooks in layer 3 stacks (IPv4, IPv6, DECnet, ARP) + Multiple kernel modules can register with each of the hooks + +Traditional packet filtering, NAT, ... is implemented on top of this framework + +Can be used for other stuff interfacing with the core network stack, like DECnet routing daemon. + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +Netfilter Hooks + +Netfilter architecture in IPv4 +%font "typewriter" +%size 4 +in --->[1]--->[ROUTE]--->[3]--->[4]---> out + | ^ + | | + | [ROUTE] + v | + [2] [5] + | ^ + | | + v | +%font "standard" +1=NF_IP_PRE_ROUTING +2=NF_IP_LOCAL_IN +3=NF_IP_FORWARD +4=NF_IP_POST_ROUTING +5=NF_IP_LOCAL_OUT + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +Netfilter Hooks + +Netfilter Hooks + + Any kernel module may register a callback function at any of the hooks + + The module has to return one of the following constants + + NF_ACCEPT continue traversal as normal + NF_DROP drop the packet, do not continue + NF_STOLEN I've taken over the packet do not continue + NF_QUEUE enqueue packet to userspace + NF_REPEAT call this hook again + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +IP tables + + Packet selection using IP tables + + The kernel provides generic IP tables support + + Each kernel module may create it's own IP table + + The four major parts of the firewalling subsystem are implemented using IP tables + Packet filtering table 'filter' + NAT table 'nat' + Packet mangling table 'mangle' + The 'raw' table for conntrack exemptions + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +IP Tables + + Managing chains and tables + + An IP table consists out of multiple chains + A chain consists out of a list of rules + Every single rule in a chain consists out of + match[es] (rule executed if all matches true) + target (what to do if the rule is matched) + implicit packet and byte counter + +%size 4 +matches and targets can either be builtin or implemented as kernel modules + +%size 5 + The userspace tool iptables is used to control IP tables + handles all different kinds of IP tables + supports a plugin/shlib interface for target/match specific options + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +IP Tables + +Basic iptables commands + + To build a complete iptables command, we must specify + which table to work with + which chain in this table to use + an operation (insert, add, delete, modify) + one or more matches (optional) + a target + +The syntax is +%font "typewriter" +%size 3 +iptables -t table -Operation chain -j target match(es) +%font "standard" +%size 5 + +Example: +%font "typewriter" +%size 3 +iptables -t filter -A INPUT -j ACCEPT -p tcp --dport smtp +%font "standard" +%size 5 + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +IP Tables + +Matches + Basic matches + -p protocol (tcp/udp/icmp/...) + -s source address (ip/mask) + -d destination address (ip/mask) + -i incoming interface + -o outgoing interface + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +IP Tables + + addrtype match + matches source/destionation address type + types are UNICAST/LOCAL/BROADCAST/ANYCAST/MULTICAST/... + ah match + matches IPSEC AH SPI (range) + comment match + always matches, allows user to place comment in rule + connmark match + connection marking, see later + conntrack match + more extended version of 'state' + match on timeout, fine-grained state, original tuples + dscp match + matches DSCP codepoint (formerly-known as TOS bits) + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +IP Tables + + ecn match + matches ECN bits of tcp and ip header + esp match + matches IPSEC ESP SPI (range) + hashlimit match + dynamic limiting + helper match + allows matching of conntrack helper name + iprange match + match on arbitrary IP address ranges (not a mask) + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +IP Tables + + length match + match on packet length + limit + static rate limiting + mac + match on source mac address + mark + match on nfmark (fwmark) + multiport + match on multiple ports + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +IP Tables + + owner + match on socket owner (uid, gid, pid, sid, command name) + physdev + match underlying device in case of bridge + pkttype + match link-layer packet type (unicast,broadcast,multicast) + realm + match routing realm + recent + see special section below + tcpmss + match on TCP maximum segment size + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +IP Tables + +Targets + very dependent on the particular table + + Table specific targets will be discussed later + + Generic Targets, always available + ACCEPT accept packet within chain + DROP silently drop packet + QUEUE enqueue packet to userspace + LOG log packet via syslog + ULOG log packet via ulogd + RETURN return to previous (calling) chain + foobar jump to user defined chain + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +Packet Filtering + +Overview + + Implemented as 'filter' table + Registers with three netfilter hooks + + NF_IP_LOCAL_IN (packets destined for the local host) + NF_IP_FORWARD (packets forwarded by local host) + NF_IP_LOCAL_OUT (packets from the local host) + +Each of the three hooks has attached one chain (INPUT, FORWARD, OUTPUT) + +Every packet passes exactly one of the three chains. Note that this is very different compared to the old 2.2.x ipchains behaviour. + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +Packet Filtering + +Targets available within 'filter' table + + Builtin Targets to be used in filter table + ACCEPT accept the packet + DROP silently drop the packet + QUEUE enqueue packet to userspace + RETURN return to previous (calling) chain + foobar user defined chain + + Targets implemented as loadable modules + REJECT drop the packet but inform sender + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +Connection Tracking Subsystem + + Connection tracking... + + implemented seperately from NAT + enables stateful filtering + implementation + hooks into NF_IP_PRE_ROUTING to track packets + hooks into NF_IP_POST_ROUTING and NF_IP_LOCAL_IN to see if packet passed filtering rules + protocol modules (currently TCP/UDP/ICMP/SCTP) + application helpers currently (FTP,IRC,H.323,talk,SNMP) + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +Connection Tracking Subsystem + + Connection tracking... + + divides packets in the following four categories + NEW - would establish new connection + ESTABLISHED - part of already established connection + RELATED - is related to established connection + INVALID - (multicast, errors...) + does _NOT_ filter packets itself + can be utilized by iptables using the 'state' match + is used by NAT Subsystem + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +Connection Tracking Subsystem + + State tracking for TCP is obvious + TCP inherently stateful + Two TCP state machines on each end have well-defined behaviour + Passive tracking of state machines + In more recent 2.6.x kernels, tracking of TCP window (seq/ack) + Max idle timeout of fully-established session: 5 days + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +Connection Tracking Subsystem + + State tracking for UDP: How is this possible? + UDP itself not stateful at all + However, higher-level protocols mostly match request-reply + First packet (request) is assumed to be NEW + First matching reply packet is assumed to confirm connection + Further packets in either direction refresh timeout + Timeouts: 30sec unreplied, 180sec confirmed + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +Connection Tracking Subsystem + + State tracking on ICMP: What's that? + ICMP Errors (e.g. host/net unreachable, ttl exceeded) + They can always be categorized as RELATED to other connections + ICMP request/reply (ECHO REQUEST, INFO REQUEST) + can be treated like UDP request/reply case + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +Connection Tracking Subsystem + + State tracking on SCTP: What's SCTP? + Streaming Control Transfer Protocol + Linux has SCTP in the network stack, so why should the packet filter not support it? + Pretty much like TCP in most cases + Doesn't support more advanced features such as failover of an endpoint + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +Connection Tracking Subsystem + + State tracking on other protocols + 'generic' protocol: no layer-4 tuple information + 'gre' helper in patch-o-matic + + State tracking of higher-layer protocols + implemented as 'connection tracking helpers' + currently in-kernel: amanda, ftp, irc, tftp + currently in patch-o-matic: pptp, h.323, sip, quake, ... + have to be explicitly loaded (ip_conntrack_*.[k]o) + work by issuing so-called "expectations" + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +Connection Tracking Subsystem + + Exemptions to connection tracking + Usually connection tracking is called first in PRE_ROUTING + Sometimes, filtering is preferred before this conntrack lookup + Therefore, the "raw" table was introduced + In some rare cases, one might want to not track certain packets + The NOTRACK can be used in the "raw" table + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +Connection Tracking Subsystem + + Configuration / Tuning + module parameter "hashsize" + number of hash table buckets + /proc/sys/net/ipv4/ip_conntrack_max + maximum number of tracked connections + /proc/sys/net/ipv4/ip_conntrack_buckets (read-only) + number of hash table buckets + /proc/net/ip_conntrack + list of connections + /proc/net/ip_conntrack_expect + list of pending expectations + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +Connection Tracking Subsystem + + Configuration / Tuning + /proc/sys/net/ip_conntrack_log_invalid + log invalid packets? + /proc/sys/net/ip_conntrack_tcp_be_liberal + basically disables window tracking, if "1" + /proc/sys/net/ip_conntrack_tcp_loose + how many packets required until sync in case of pickup + if set to zero, disables pickup + /proc/sys/net/ip_conntrack_tcp_max_retrans + maximum number of retransmitted packets without seeing a n ACK + /proc/sys/net/ip_conntrack_*timeout* + timeout values of respective protocol states + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +Network Address Translation + + Network Address Translation + + Previous Linux Kernels only implemented one special case of NAT: Masquerading + Linux 2.4.x / 2.6.x can do any kind of NAT. + NAT subsystem implemented on top of netfilter, iptables and conntrack + Following targets available within 'nat' Table + SNAT changes the packet's source whille passing NF_IP_POST_ROUTING + DNAT changes the packet's destination while passing NF_IP_PRE_ROUTING + MASQUERADE is a special case of SNAT + REDIRECT is a special case of DNAT + SAME + NETMAP + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +Network Address Translation + + Source NAT + SNAT Example: +%font "typewriter" +%size 3 +iptables -t nat -A POSTROUTING -j SNAT --to-source 1.2.3.4 -s 10.0.0.0/8 +%font "standard" +%size 4 + + MASQUERADE Example: +%font "typewriter" +%size 3 +iptables -t nat -A POSTROUTING -j MASQUERADE -o ppp0 +%font "standard" +%size 5 + + Destination NAT + DNAT example +%font "typewriter" +%size 3 +iptables -t nat -A PREROUTING -j DNAT --to-destination 1.2.3.4:8080 -p tcp --dport 80 -i eth1 +%font "standard" +%size 4 + + REDIRECT example +%font "typewriter" +%size 3 +iptables -t nat -A PREROUTING -j REDIRECT --to-port 3128 -i eth1 -p tcp --dport 80 +%font "standard" +%size 5 + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +Packet Mangling + + Purpose of 'mangle' table + packet manipulation except address manipulation + + Integration with netfilter + 'mangle' table hooks in all five netfilter hooks + priority: after conntrack + +Simple example: +%font "typewriter" +%size 3 +iptables -t mangle -A PREROUTING -j MARK --set-mark 10 -p tcp --dport 80 + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +Packet Mangling + + Targets specific to the 'mangle' table: + DSCP + manipulate DSCP field + ECN + manipulate ECN bits + IPV4OPTSSTRIP + strip IPv4 options + MARK + change the nfmark field of the skb + TCPMSS + set TCP MSS option + TOS + manipulate the TOS bits + TTL + set / increase / decrease TTL field + CLASSIFY + classify packet (for tc/iproute) + CONNMARK + set mark of connection + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +The raw Table + + Purpose of 'raw' table + to allow for filtering rules _before_ conntrack + Targets specific to the 'raw' table: + NOTRACK + don't do connection tracking + + The table can also be useful for flood protection rules that happen before traversing the (computational) expensive connection tracking subsystem. + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +Advanced Netfilter concepts + +%size 4 + Userspace logging + flexible replacement for old syslog-based logging + packets to userspace via multicast netlink sockets + easy-to-use library (libipulog) + plugin-extensible userspace logging daemon (ulogd) + Can even be used to directly log into MySQL + + Queuing + reliable asynchronous packet handling + packets to userspace via unicast netlink socket + easy-to-use library (libipq) + provides Perl bindings + experimental queue multiplex daemon (ipqmpd) + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +Advanced Netfilter concepts + + Firewalling on a Bridge (ebtables + iptables) + totally transparent to layer 2 and above + no attack vector since firewall has no IP address + even possible to do NAT on the bridge + or even NAT of MAC addresses + + ipset - Faster matching + iptables are a linear list of rules + ipset represents a 'group' scheme + Implements different data types for different applications + hash table (for random addresses) + bitmask (for let's say a /24 network) + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +Advanced Netfilter concepts + + ipv6 packet filtering + ip6tables almost identical to iptables + no connection tracking in mainline yet, but patches exist + ip6_conntrack + initial copy+paste 'port' by USAGI + was not accepted because of code duplication + nf_conntrack + generalized connection tracking, supports ipv4 and ipv6 + mutually exclusive with ip_conntrack + as of now, no ipv4 nat on to of nf_conntrack + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +Thanks + + Thanks to + the BBS scene, Z-Netz, FIDO, ... + for heavily increasing my computer usage in 1992 + KNF (http://www.franken.de/) + for bringing me in touch with the internet as early as 1994 + for providing a playground for technical people + for telling me about the existance of Linux! + Alan Cox, Alexey Kuznetsov, David Miller, Andi Kleen + for implementing (one of?) the world's best TCP/IP stacks + Paul 'Rusty' Russell + for starting the netfilter/iptables project + for trusting me to maintain it today + Astaro AG + for sponsoring parts of my netfilter work diff --git a/2005/iptables-firewall-heinlein2005/iptables-firewall-heinlein2005.pdf b/2005/iptables-firewall-heinlein2005/iptables-firewall-heinlein2005.pdf Binary files differnew file mode 100644 index 0000000..f63022d --- /dev/null +++ b/2005/iptables-firewall-heinlein2005/iptables-firewall-heinlein2005.pdf diff --git a/2005/iptables-firewall-heinlein2005/kernel_net.png b/2005/iptables-firewall-heinlein2005/kernel_net.png Binary files differnew file mode 100644 index 0000000..24e4d0c --- /dev/null +++ b/2005/iptables-firewall-heinlein2005/kernel_net.png diff --git a/2005/iptables-firewall-heinlein2005/kursplan.txt b/2005/iptables-firewall-heinlein2005/kursplan.txt new file mode 100644 index 0000000..f950fc7 --- /dev/null +++ b/2005/iptables-firewall-heinlein2005/kursplan.txt @@ -0,0 +1,29 @@ +Tag 1 (Theorie): + Vormittag: + - netfilter: Hooks im Netzwerkstack + - iptables: Selektion von Paketen + - iptables 'matches' und 'targets' + - Die 'filter' Tabelle als Paketfilter + Nachmittag: + - ip_conntrack: Die State Tracking Engine + - Die 'nat' Tabelle fuer Network Address Translation + - Die 'mangle' Tabelle fuer Pakcket Mangling + - Userspace packet queueing mit QUEUE/ip_queue + +Tag 2 (Praxis): + Vormittag: + - Gemeinsames Erstellen einer Firewall-Konfiguration + fuer einen real-world Testcase. + - Simulation / Debugging eines Regelsatzes im netfilter simulator + Nachmittag: + - Uebungsaufgaben in Gruppenarbeit + - Vorstellung/Besprechung der Ergebnisse + +Tag 3 (Aufbau): + Vormittag: + - Performance-Tuning von iptables-Firewalls + - Logging mit ULOG/NFLOG/ulogd + - Flow-Based Accounting mit ctnetlink / conntrack_acct + Nachmittag: + - Einfuehrung in Bridging Packet Filter + - Q & A: Teilnehmerspezifische Problemstellungen diff --git a/2005/iptables-firewall-heinlein2005/praxis1.txt b/2005/iptables-firewall-heinlein2005/praxis1.txt new file mode 100644 index 0000000..cfc162c --- /dev/null +++ b/2005/iptables-firewall-heinlein2005/praxis1.txt @@ -0,0 +1,29 @@ +Case 1: basic firewall, no DMZ, no NAT + + +wlan0: internet uplink (10.0.0.x/24) +eth1: internal network (192.168.111.x/24) + +Policy: +- drop all incoming requests (except below), allow all outgoing ones. +- Log the dropped packets via syslog +- Take care of FTP +- Anti-Spoofing Rules +- Incoming connections to internal network allowed (stateful) + - ICMP echo request + - SSH to all internal hosts +- Incoming connections to firewall: + - SSH to firewall +- Incoming connections to server1 (192.168.111.4): + - One host "server1" accepts FTP, SMTP and HTTP + + +Case 2: Add DMZ, NAT for internal net + +eth0: like above +eth1: internal net (192.168.111.0/24) +eth2: DMZ (10.2.2.1/24) + +Policy (like above, but): +- server1 now lives in DMZ +- internal network now SNAT'ed (to 10.1.1.2/24) diff --git a/2005/iptables-firewall-heinlein2005/tables_traverse.jpg b/2005/iptables-firewall-heinlein2005/tables_traverse.jpg Binary files differnew file mode 100644 index 0000000..3954c01 --- /dev/null +++ b/2005/iptables-firewall-heinlein2005/tables_traverse.jpg diff --git a/2005/iptables-firewall-heinlein2005/text-homepage b/2005/iptables-firewall-heinlein2005/text-homepage new file mode 100644 index 0000000..ae3e407 --- /dev/null +++ b/2005/iptables-firewall-heinlein2005/text-homepage @@ -0,0 +1,10 @@ +Inhalt: + +Ziel: + +Vorkenntnisse: + +Termin: + +Dozent: + diff --git a/2005/ipv6-astaro2005/astaro-topics b/2005/ipv6-astaro2005/astaro-topics new file mode 100644 index 0000000..310deca --- /dev/null +++ b/2005/ipv6-astaro2005/astaro-topics @@ -0,0 +1,41 @@ +Details of stateless autoconfiguration + address space is split in two 64bit halves + upper 64bit are used to specify a particular network segment + lower 64bit are used for individual nodes in one segment + lower 64bit are generated from 48bit mac address with 'fffe' in the middle + potential problem: privacy + +DNS and IPv6 + forward resolval (hostname -> address) + ipv4 uses 'IN A' record + ipv6 uses 'IN AAAA' record + a particular hostname can have A and AAAA records + reverse resolval + uses .ip6.arpa. suffix + uses hexadecimal instead of decimal notation: + 4.4.0.0.0.0.0.0.0.8.7.0.1.0.0.2.ip6.arpa. + portable applications under *BSD/Linux do round-robin between all records, with a preference of ipv6 for the first try. + +BSD Sockets API and IPv6 + struct in_addr has become in6_addr + new API's like getaddrinfo() instead of gethostbyname() support _both_ ipv4 and ipv6 + apart from that, everything is the same. + +configuration under linux + router/gateway + runs radvd or zebra for sending router advertisements + client + just has to load 'ipv6' module and configure an interface up + recevies prefix-advertisement(s) and auto-configures address accordingly + +IPv6 specific security issues + packet filter has to explicitly allow neighbour discovery, since it's inside ipv6/icmpv6 + special attention to option headers + most sites won't want routing or hop-by-hop options + neighbour cache DoS: + compare with existing neighbour cache issues in large (/16) networks + in ipv6, the standard is /64 for every segment (!) + + one advantage: port scanning of whole networks way more difficult :) + + diff --git a/2005/ipv6-astaro2005/ipv6-astaro2005.mgp b/2005/ipv6-astaro2005/ipv6-astaro2005.mgp new file mode 100644 index 0000000..50654d6 --- /dev/null +++ b/2005/ipv6-astaro2005/ipv6-astaro2005.mgp @@ -0,0 +1,345 @@ +%include "default.mgp" +%default 1 bgrad +%deffont "typewriter" tfont "MONOTYPE.TTF" +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +%nodefault +%back "blue" + +%center +%size 8 + + + +IPv6 Introduction + + +%center +%size 4 +by + +Harald Welte <laforge@rfc2460.org> + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +IPv6 Introduction +What? Why? + + What is IPv6? + + Successor of currently used IP Version 4 + Specified 1995 in RFC 2460 + + Why? + + Address space in IPv4 too small + Routing tables too large + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +IPv6 Introduction +Advantages + + Advantages + stateless autoconfiguration + multicast obligatory + IPsec obligatory + Mobile IP + + Address renumbering + Multihoming + Multiple address scopes + smaller routing tables through aggregatable allocation + + simplified l3 header + 64bit aligned + no checksum (l4 or l2) + no fragmentation at router + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +IPv6 Introduction +Disadvantages + + Disadvantages + Not widely deployed yet + In most cases access only possible using manual tunnel + OS support not ideal in most cases + W2k: IPv6 available from MS + Windows XP: IPv6 included + Linux has support, but not 100% RFC compliant + *BSD: full support (KAME) + Solaris 8/9/10: full support + Application support not ideal in most cases + Biggest problem: squid + supported: bind8/9, apache, openssh, xinetd, rsync, exim, zmailer, sendmail, qmail, inn-2.4(CVS), zebra, mozilla + Conclusion: Circular dependencies + no application support without OS support + no good OS support without applications + no wide deployment without applications + no applications without deployment + no deployment without applications + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +IPv6 Introduction +Deployment + + Experimental (6bone) + Experimental 6bone (3ffe::) has been active since 1995. + Uses slightly different Addressing Architecture (RFC2471) + Phased out on 06/06/2006 + No new pTLA assignments starting from 2005 + + Production (2001::) + Initial TLA's and sub-TLA's assigned in Sept 2000 + Mostly used in education+research + Some commercial ISP's in .de are offering production prefixes + + Why isn't IPv6 widely used yet? + No immediate need in Europe / North America + Big deployment cost at ISP's (Training, Routers, ..) + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +IPv6 Introduction +Technical: Address Space + + IP Version 6 Addressing Architecture (RFC2373) + Format prefix, variable length + 001: RFC2374 addresses, 1/8 of address space + 0000 001: Reserved for NSAP (1/128) + 0000 010: Reserved for IPX (1/128) + 1111 1110 10: link-local unicast addresses (1/1024) + 1111 1110 11: site-local unicast addresses (1/1024) + 1111 1111 flgs scop: multicast addresses + flgs (0: well-known, 1:transient) + scop (0: reserved, 1: node-local, 2: link-local, 5: site-local, 8: organization-local, e: global scope, f: reserved) + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +IPv6 Introduction +Technical: Address Space + + Aggregatable Global Unicast Address Format (RFC2374) + 3bit FP (format prefix = 001) + 13bit TLA ID - Top-Level Aggregation ID + 13bit Sub-TLA - Sub-TLA Aggergation ID + 19bit NLA - Next-Level Aggregation ID + 16bit SLA - Site-Level Aggregation ID + 64bit Interface ID - derived from 48bit ethernet MAC + Initial subTLA-Assignments + 2001:0000::/29 - 2001:01f8::/29 IANA + 2001:0200::/29 - 2001:03f8::/29 APNIC + 2001:0400::/29 - 2001:05f8::/29 ARIN + 2001:0600::/29 - 2001:07f8::/29 RIPE + loopback ::1 + unspecified: ::0 + embedded ipv4 + IPv4-compatible address: 0::xxxx:xxxx + IPv6-mapped IPv4 (IPv4 only node): 0::ffff:xxxx:xxxx + anycast + allocated from unicast addresses + only subnet-router anycast address predefined (prefix::0000) + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +IPv6 Introduction +Technical: Header + +%font "typewriter" +%size 3 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + |Version| Traffic Class | Flow Label | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Payload Length | Next Header | Hop Limit | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + Source Address + + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + Destination Address + + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +%font "standard" + 4bit Version: 6 + 8bit Traffic Class + 20bit Flow Label + 16bit Payload Length (incl. extension hdrs) + 8bit next header (same values like IPv4, RFC1700 et seq.) + 8bit hop limit (TTL) + 128bit source address + 128bit dest address + extension headers: + hop-by-hop options + routing + fragment + destination options + IPsec (AH/ESP) + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +IPv6 Introduction +Technical: Layer 2 <-> Address mapping + + + Ethernet: No more ARP, everything within ICMPv6 + No Broadcast, everything built using multicast. + + all-nodes multicast address ff02::1 + all-routers multicast address ff02::2 + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +IPv6 Introduction +Technical: Address Configuration + + + router discovery + routers periodically send router advertisements + hosts can send router solicitation to explicitly request RADV + + prefix discovery + router includes prefix(es) in ICMPv6 router advertisements + other nodes receive prefix advertisements and derive their final address from prefix + EUI64 of MAC address + + neighbour discovery + machines can discover it's neighbours without advertising router + + +%page +IPv6 Introduction +How to get connected + + In case of static IPv4 address + SIT (ipv6-in-ipv4) tunnel possible + http://www.join.uni-muenster.de/ + + In case of dynamic IPv4 address + ppp (ipv6 over ppp) tunnel (pptp, l2tp) possible + sitctrl (linux <-> linux) + atncp (*NIX), http://www.dhis.org/atncp/ + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +IPv6 Introduction +Stateless Autoconfiguration + + + Address space is split in two 64bit halves + Upper 64bit '2001:780:44:1100:' used to specify a network segment (/64) + Lower 64bit '204:61ff:fe5c:74b9' used to specify node within segment + Lower 64bit are generated from 48bit mac address with 'fffe' in the middle + Potential Problem: Privacy + IETF Solution: RFC3041 "Privacy Extension" + uses additional 'alias' IPv6 adresses that are created randomly and only valid for hours/days + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +IPv6 Introduction +DNS and IPv6 + + Forward resolval (hostname->address) + IPv4 uses "IN A" record + IPv6 uses "IN AAAA" record + A particular hostname can have both A and AAAA + + Reverse resolval (address->hostname) + Uses ".ip6.arpa." suffix + Uses hexadecimal instead of decimal notation + 4.4.0.0.0.0.0.0.0.8.7.0.1.0.0.2.ip6.arpa. + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +IPv6 Introduction +BSD Sockets API and IPv6 + + new structures + in_addr has become in6_addr + sockaddr_in has become sockaddr_in6 + new API's like getaddrinfo are compatible with ipv6 and ipv4 + portable applications use sockaddrr_storage and don't make assumptions about it's size + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +IPv6 Introduction +Configuration under Linux + + Router/Gateway + Runs radvd or zebra for for sending router advertisements + + Client + Just has to load "ipv6" module and configure interface up + Receives prefix-advertisements(s) and autoconfigures address + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +IPv6 Introduction +IPv6 option headers + + New concept of option header + Any number of option headers between l3 and l4 header + With one exception only processed ad sender and receiver + + Defined option headers + Hop-by-hop options (processed by every node) + Destination options + Routing header + Fragment header + Authentication (AH) + Encapsulating Security Payload (ESP) + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +IPv6 Introduction +IPv6 specific security issues + + hop-by-hop options header + should be filtered out at typical internet gateway + routing header + should be filtered out like IPv4 loose source / record route + ICMPv6 + has to be allowed for neighbour discovery to work + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +IPv6 Introduction +IPv6 specific security issues + +iptables -> ip6tables changes + matching of ah/esp + not by -p ! + matching of fragments + not by -f ! + no connection tracking in mainline kernel yet + existing ip6_conntrack patchces (deprecated) + code duplication + no interaction between ip_conntrack/ip6_conntrack + existing nf_conntrack patches + one code base to rule them all + ipv4 and ipv6 plugins + l3 independent tcp and udp modules independent + l3 independent helpers + BUT: no NAT as of now :( + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +IPv6 Introduction +Further Reading + + http://www.ipv6-net.org/ (deutsches IPv6 forum) + http://www.6bone.net/ (ipv6 testing backbone) + http://www.freenet6.net/ (free tunnel broker) + http://hs247.com/ (list of tunnel brokers) + + http://www.bieringer.de/ (ipv6 for linux) + http://www.linux-ipv6.org/ (improved ipv6 for linux) + http://www.kame.net/ (ipv6 for *BSD) + http://www.join.uni-muenster.de/ (ipv6 at DFN/WiN) + + http://www.gnumonks.org/ (slides of this presentation) + + And of course, all relevant RFC's + diff --git a/2005/ipv6-astaro2005/ipv6-astaro2005.pdf b/2005/ipv6-astaro2005/ipv6-astaro2005.pdf Binary files differnew file mode 100644 index 0000000..f663f99 --- /dev/null +++ b/2005/ipv6-astaro2005/ipv6-astaro2005.pdf diff --git a/2005/ipv6-astaro2005/topics b/2005/ipv6-astaro2005/topics new file mode 100644 index 0000000..da33a44 --- /dev/null +++ b/2005/ipv6-astaro2005/topics @@ -0,0 +1,114 @@ +What is IPv6? + Successor of currently used IP Version 4 + Specified 1995 in RFC? 2460 +Why? + Address space in IPv4 too small + +Advantages? + stateless autoconfiguration + multicast obligatorisch + IPsec obligatorisch + Mobile IP + QoS ? + + Address Renumbering? + Multihoming? + AddressScopes? + smaller routing tables through G + + simplified l3 header + 64bit aligned + no checksum (l4 or l2) + no fragmentation at router + +Disadvantages + Not widely deployed yet + In most cases access only possible using manual tunnel + OS support not ideal in most cases + W2k? + Linux has support, but no IPsec in official tree -> USAGI + *BSD: full support (KAME + Application support not ideal in most cases + not supported: + supported: bind8/9, apache + +Deployment + Experimental 6bone (3ffe::) has been active since 199x. + Uses slightly different Addressing Architecture (RFC2471) + +Why isn't it widely used yet? + No immediate need in Europe / North America + Big deployment cost at ISP's (Training, Routers, ..) + +Technical: Address Space + IP Version 6 Addressing Architecture (RFC2373) + Format prefix, variable length + 001: RFC2374 addresses, 1/8 of address space + 0000 001: Reserved for NSAP (1/128) + 0000 010: Reserved for IPX (1/128) + 1111 1110 10: link-local unicast addresses (1/1024) + 1111 1110 11: site-local unicast addresses (1/1024) + 1111 1111: multicast addresses + 1111 1111 flgs scop + flgs (0: well-known, 1:transient) + scop (0: reserved, 1: node-local, 2: link-local, 5: site-local, 8: organization-local, e: global scope, f: reserved) + Aggregatable Global Unicast Address Format (RFC2374) + 3bit FP (format prefix = 001) + 13bit TLA ID - Top-Level Aggregation ID + 13bit Sub-TLA - Sub-TLA Aggergation ID + 19bit NLA - Next-Level Aggregation ID + 16bit SLA - Site-Level Aggregation ID + 64bit Interface ID - derived from 48bit ethernet MAC + + 2001:0000::/29 - 2001:01f8::/29 IANA + 2001:0200::/29 - 2001:03f8::/29 APNIC + 2001:0400::/29 - 2001:05f8::/29 ARIN + 2001:0600::/29 - 2001:07f8::/29 RIPE + loopback + ::1 + unspecified: + ::0 + embedded ipv4 + IPv4-compatible address: 0::xxxx:xxxx + IPv4-mapped IPv4 (IPv4 only node): 0::ffff:xxxx:xxxx + anycast + allocated from unicast addresses + only subnet-router anycast address predefined (prefix::0000) + + +Technical: Header + + 4bit Version: 6 + 8bit Traffic Class + 20bit Flow Label + 16bit Payload Length (incl. extension hdrs) + 8bit next header (same values like IPv4, RF1700 et seq.) + 8bit hop limit (TTL) + 128bit source address + 128bit dest address + + extension headers: + hop-by-hop options + routing + fragment + destination options + authentication + encapsulating security payload + +Technical: Layer 2 <-> Address mapping + Ethernet: No more ARP, everything within ICMPv6 + No Broadcast, everything built using multicast. + + all-nodes multicast address ff02::1 + all-routers multicast address ff02::2 + + +Technical: Address Configuration + router discovery + routers periodically send router advertisements + hosts can send router solicitation to explicitly request RADV + prefix discovery + router includes prefix(es) in ICMPv6 router advertisements + other nodes receive prefix advertisements and derive their final address from prefix + EUI64 of MAC address + + diff --git a/2005/medien_ueberwachung_datenschutz-huberlin2005/gliederung.txt b/2005/medien_ueberwachung_datenschutz-huberlin2005/gliederung.txt new file mode 100644 index 0000000..cbd465d --- /dev/null +++ b/2005/medien_ueberwachung_datenschutz-huberlin2005/gliederung.txt @@ -0,0 +1,193 @@ +Privatsphäre, Datenschutz und Ăśberwachung +Risiken und Nebenwirkungen der modernen Kommunikationstechnik + +- wie Sie wissen, + - weiss Ihr Online-Buchhaendler genau, fuer welche Fachliteratur Sie sich interessieren + - weiss Ihr Internetprovider, dass Sie sich vorwiegend fuer arabische Nachrichtenseiten interessieren, und mit welchen Frenunden Sie emails austauschen + - weiss Ihr Mobilfunkanbieter (aber nicht Ihre Frau), dass Sie gestern bei Ihrer Geliebten, und nicht im Buero waren. Damit machen Sie sich erpressbar. + - weiss Ihre Bank, + - weiss Ihr Supermarkt dank Kundenkarte, wieviel Alkohol sie einkaufen. Eine Versicherung verweigert einen Vertrag mit Ihnen, weil sie diese Daten gekauft hat. + +- datenschutz + - was ist datenschutz + - urspruenglich: schutz personengebundener daten vor missbrauch + - heute: schutz vor beeintraechtigung des rechts auf informationelle selbstbestimmung + - was ist informationelle selbstbestimmung? + das Recht des Einzelnen, grundsätzlich selbst ĂĽber die Preisgabe und Verwendung seiner personenbezogenen Daten zu bestimmen. + nach der Rechtsprechung des Bundesverfassungsgerichts um ein Datenschutz-Grundrecht, obwohl es im Grundgesetz nicht explizit erwähnt wird + auspraegung des allgemeinen Persoenlichkeitsrechts + Bundesverfassungsgericht leitete dieses Recht aus Artikel 2 Absatz 1 des Grundgesetzes (Recht auf freie Entfaltung der Persönlichkeit) und aus Artikel 1 Absatz 1 des Grundgesetzes (Unantastbarkeit der MenschenwĂĽrde) ab + (Volkszaehlungsurteil (BVerfGE 65, 1) 1983) + - es gibt keine belanglosen daten! + - durch verknuepfungsmoeglichkeiten kann alles persoenlich werden + - Gesetze: + Bundesdatenschutzgesetzt (BDSG) + Landesdatenschutzgesetze + Bereichsspezifische Datenschutznormen + - warum braucht man datenschutz? + - Wen geht es etwas an, Ihre + politische Einstellung + Hausartzbesuche und Krankheiten + sexuelle Vorlieben + finanzielle Situation + bevorstehende Schwangerschaft + Briefverkehr + zu kennen? + - unterbesetzte datenschutzbeauftragte + - recht als buerger + - auskunftsanspruch + - sperrung der daten (jedoch: kein loeschungsanspruch) + +- welche art der daten + - bsp: telekommunikation (telefonie) + - begleitumstaende der kommunikation + - absender, empfaenger + - zeitpunkt, dauer + - ort / anschluss + - erfolgreicher/-loser versuch + - grund des verbindungsabbaus + - werden teils zu abrechnungszwecken gespeichert + - staatlich reglementiertes abhoeren moeglich, richterliche anordnung + - wiederholt versuche, praeventiv zu ueberwachen (2003: Niedersaechsisches Gesetz ueber die Oeffentliche Sicherheit und Ordnung (NSOG), Verfassungswidrig erklaert durch Bundesverfassungsgericht, 1 BvR 668/04) + - inhalt der kommunikation + - sprachgebundene kommunikation nicht automatisiert + auswertbar + - textgebundene kommunikation leicht automatisiert + auswertbar + - staatlich reglementiertes abhoeren moeglich, richterliche anordnung + - Deutschland hat weit hoehere quote an abgehoerten telefongespraechen als USA(!) + - 1995: 4.674 + - 2001: 19.896 + - 2002: 21.874 + - 2003: 24.501 + - 2004: 29.017 Massnahmen. [http://www.bfd.bund.de/Presse/pm20050331.html] + - Jede massnahme kann lange dauern, und viele Leute betreffen! + - Gesetzlich vorgeschriebene Benachrichtigung der Betroffenen erfolgt meist nicht + - Sog. 'uebrigen Beteiligten' werden nie benachrichtigt! + - bsp: Kennzeichenueberwachung + - Einige Landespolizeigesetze (z.B. Bayern, Hessen) erlauben der Polizei, auf Autobahnen per Videokamera und Kennzeichenerkennung abgleich mit Datenbank gestohlener Fahrzeuge bzw. ausgeschriebenen Fahndungen + - Enormer Datenanfall, weckt begehrlichkeiten + - Technisch eigentlich bei jeder Verkehrsueberwachung + - bsp: Elektronisches Ticket + - BVG denkt immer wieder ueber elektronisches Ticket nach + - Feldsversuche wurden schon gemacht + - Ticket wuerde per RFID erfassen, wer wann wo ein- und aussteigt + - Jede Bewegung im OePNV jedes Kunden zu jeder Zeit bekannt! + - bsp: ePass + - seit 1.11. werden nur noch ePaesse ausgestellt + - enthalten digitalisierte informationen ueber passinhaber + - ab 2007 auch Fingerabdruecke (!!!) + - Hohe anforderungen an Fotos soll automatische Gesichtserkennung ermoeglichen + - Daten werden per Funkschnittstelle (RFID) ausgelesen + - bsp: RFID allgemein + - [fast] alle RFID-Karten haben eine eindeutige Seriennummer + - Fuer Kartenausgebende stelle werden damit alle anfallenden Daten Personenbezogen + - ueber diese Seriennummer laesst sich fuer _jeden_ pseudonymisiertes tracking machen + - z.B. Bewegungsprofile durch in Wand/Tuerrahmen/Durchgang eingelassene Reader + - pseudonymisierte Daten unterliegen kaum Datenschutz (!) + - bsp: Farbkopierer (z.b. Canon) + - Jede Kopie wird mit fuer Auge unsichtbarem Code aus Seriennummer und Timestamp versehen + - Ueber Servicevertraege ist dem Hersteller bei 90% der Kopierer klar, wo diese stehen + - Durch Kundenkarten im Copy-Shop ist die Verknuepfung moeglich, wer eine bestimmte Kopie an welchem Geraet gemacht wird + - Liste laesst sich beliebig fortsetzen + - Studierendenkarte + + +- ueberwachung durch wen + - staat + - tkg / tkuev + - 3bedarfstraeger + - + - katalogstraftaten 100a StGB + - vorratsdatenspeicherung auf EU-Ebene + - wirtschaft + - kundenbindungsprogamme (payback, etc) + - angebliche gratisangebote sind nicht gratis, werden durch daten bezahlt! + - pseudonymisiertes tracking + - gleiche ec-karten-nr bei jedem einkauf + - online-handel + + - erhebung unnoetiger daten + - wozu wird geburtsdatum bei einer bestellung benoetigt? + - banken + - haben viele daten ueber 'wer mit wem' + +- neue medien + - bisher unueberwachte bereiche werden voellig ueberwacht + - inhaerent datenintensiv + - notwendige Daten zum Transport bzw. der Vermittlung einer Nachricht + - notwendige Daten zur Abrechnung + - notwendige Daten zur lokalisierung eines Empfaengers + - datenintensives internet + - jedes Ende einer Verbindung hat (zu gegebenem Zeitpunkt) eindeutige Adresse + - Provider speichert zu Abrechnungszwecken die Zuordnung, welche IP adresse wann + welchem Kunden zugewiesen wurde ('fahrtenbuch' einer IP-Adresse) + - Provider erhebt 'accounting'-Daten ueber Datenvolumen fuer Abrechnungszwecke, + selbst bei sog. Flatrate-Angeboten + - Jede an der Vermittlung eines Datenpakets beteiligte Stelle + sieht Absender und Empfaengeraddresse + - Jede an der Vermittlung beteiligte Stelle kann den Inhalt der Datenpakete + einsehen, automatisiert auswerten und/oder speichern (auch + wenn in Deutschland nicht legal) + - Durch transnationale Architektur und dynamische Routingentscheidungen kann + ein Paket zwischen zwei Deutschen Teilnehmern trotzdem z.B. ueber die USA + oder andere Laender mit wenig bzw. keinem Datenschutz geroutet werden. + Dies kann durch den Anwender nicht beeinflusst werden. + - Dienste wie e-mail und WWW erzeugen darueberhinausgehende + Daten auf ihrer Protokollebene + - Verschluesselung schuetzt vor mitlesen, ist jedoch viel zu wenig verbreitet + (wer verwendet pop3/imap4 mit SSL ?) + - selbst Verschluesselung hilft nicht gegen analyse 'wer mit wem' + - anonymizer (z.B. "TCP Onion Routing" (Tor) helfen, finden aber nur wenig Anwendung + - Internetzugang ueber Satellit voellig unverschluesselt, jeder kann bei jedem mitlesen (!) + - datenintensives mobilfunknetz + - Jedes eingeschaltete Telefon muss sich bei Mobilfunkanbieter anmelden + - Es wird staendig die jeweils naeheste (d.h. mit bestem Empfang) Funkzelle geaehlt + - Durch Triangulierung der empfangenen Funksignale von mehreren Basisstationen kann Aufenthaltsort sehr genau bestimmt werden + - Jedes Telefon hat eine eigene Identitaet + - Jedes + - datenintensive LKW-Maut + - Kennzeichenerkennung an Mautbruecken + - Staendige Protokollierung der GPS-Koordinaten des Fahrzeugs + - Kombination mit elektronischem Tachograph laesst Utopien wahr werden (Geschwindigkeitsuebertretungen werden ein JAhr auf Vorrat im Tachograph vorgehalten) + - DECT-Telefonie + - urspruenglich geheimer Verschluesselungsalgorithmus wurde inzwischen im Internet veroeffentlicht + - Schnurlostastaturen + - Viele arbeiten mit Funk, vor allem aeltere ohne jegliche Verschluesselung + - Bluetooth + - Schwache Sicherheitsstandards + - Viele fehlerhafte implementierungen, v.a. in Mobiltelefonen. Hacker konnte durch Fahrradfahren im Regierungsviertel die Telefonbuecher vieler Abgeordneten und des Sicherheitspersonals auslesen [http://www.heise.de/newsticker/meldung/60542] + - Wireless LAN + - nicht nur unerlaubte Nutzung der Netze durch Dritte (wardriving), sonderen auch leichtes 'Einfangen' eines Notebooks (Rogue AP) + +- paradigmenwechsel + - Viele alltaegliche dinge, die frueher 'offline' waren, sind jetzt 'online' + - Reisepass + - Gesundheitskarte + - Elektronischer tachograph bei LKW (statt fahrtenschreiber) + - Chipkarten / RFID beim einkauf + - Folge: Exponentielle steigerung des Datenanfalls + - Recht auf informationelle selsbtbestimmung kaum mehr wahrnehmbar + - vielfach werden Daten ausserhalb des deutschen Rechtsraums verarbeitet + - grosse Zahl an beteiligten datenverarbeitenden Stellen macht Suche nach + verantwortlichem Ansprechpartner unmoeglich + - welcher Online-shop gibt mir denn die wahl, schon bei meiner + Erstregistrierung sofort der Nutzung meiner Daten zu widersprechen? + +- politik + - zweckgebundenheit der daten oft nicht mehr gegeben + - einmal erfasste daten wecken begehrlichkeiten + +- literaturhinweise / referenzen + - Deutsche Vereinigung fuer Datenschutz (DVD) e.V. (http://www.datenschutzverein.de/) + - Humanistische Union e.V. (http://www.humanistische-union.de/) + - FoeBUD e.V. (http://www.foebud.de/) + - Big Brother Awards (http://www.bigbrotherawards.de/) + - Forum InformatikerInnen fuer Frieden und gesellschaftliche Verantwortung (FIfF) e.V. (http://rayserv.upb.de/fiff/) + - Stop1984 Initiative (http://stop1984.com/) + - European Digital Rights Initiative (EDRI), http://www.edri.org/ + - Electronic Fronteer Foundation (EFF), http://www.eff.org/ + + + http://www.mi.niedersachsen.de/master/C516709_N13666_L20_D0_I522.html + http://www.bundesverfassungsgericht.de/entscheidungen/rs20050727_1bvr066804 diff --git a/2005/medien_ueberwachung_datenschutz-huberlin2005/potsdam2005.mgp b/2005/medien_ueberwachung_datenschutz-huberlin2005/potsdam2005.mgp new file mode 100644 index 0000000..7b5b388 --- /dev/null +++ b/2005/medien_ueberwachung_datenschutz-huberlin2005/potsdam2005.mgp @@ -0,0 +1,401 @@ +%include "default.mgp" +%default 1 bgrad +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +%nodefault +%back "blue" + +%center +%size 6 + + +Privatsphaere, Datenschutz und Ueberwachung + +%size 3 +Risiken und Nebenwirkungen der modernen Kommunikationstechnik + + +%center +%size 3 +von + +Harald Welte <laforge@gnumonks.org> + + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +Privatsphaere, Datenschutz und Ueberwachung +Inhalt + + Zur Person + Einleitung + Datenschutz + Informationelle Selbstbestimmung + Staatliche Ueberwachung + Private Datensammler + Brave New World + Neue Medien + Ausblick + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +Privatsphaere, Datenschutz und Ueberwachung +Zur Person + + Harald Welte, Freiberufler + Forschung, Entwicklung und Beratung + Netzwerksicherheit + Datensicherheit + Systemsicherheit + Kommunikationssicherheit + Ehrenamtliche Taetigkeit beim Chaos Computer Club e.V. + Sicherheitsaspekte bei IT-Grossprojekten + Datenschutz / Privatsphaere + Digitale Buergerrechte + Freie Software im IT-Sicherheitsbereich + Linux Firwall (http://netfilter.org/) + RFID / ePassports (http://openmrtd.org/) + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +Privatsphaere, Datenschutz und Ueberwachung +Einleitung + + wie Sie wissen, + weiss Ihr Online-Buchhaendler genau, fuer welche Fachliteratur Sie sich interessieren + weiss Ihr Internetprovider, dass Sie sich vorwiegend fuer arabische Nachrichtenseiten interessieren, und mit welchen Freunden Sie emails austauschen + weiss Ihr Mobilfunkanbieter (aber nicht Ihre Frau), dass Sie gestern bei Ihrer Geliebten, und nicht im Buero waren. Damit machen Sie sich erpressbar. + weiss Ihr Supermarkt dank Kundenkarte, wieviel Alkohol sie einkaufen. Eine Versicherung kauft diese Einkaufsdaten und verweigert einen Vertrag mit Ihnen. + + Realitaet oder Utopie? + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +Privatsphaere, Datenschutz und Ueberwachung +Datenschutz + + Was ist Datenschutz? + Urspruenglich: Schutz Personengebundener Daten vor Missbrauch + Heute: Schutz vor Beeintraechtigung des Rechts auf informationelle Selbstbestimmung + + Was ist informationelle Selbstbestimmung? + das Recht des Einzelnen, grundsaetzlich selbst ueber die Preisgabe und Verwendung seiner personenbezogenen Daten zu bestimmen. + nach der Rechtsprechung des Bundesverfassungsgerichts um ein Datenschutz-Grundrecht, obwohl es im Grundgesetz nicht explizit erwaehnt wird + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +Privatsphaere, Datenschutz und Ueberwachung +Datenschutz + + Informationelle Selbstbestimmung + Auspraegung des allgemeinen Persoenlichkeitsrechts + Bundesverfassungsgericht leitete dieses Recht aus Artikel 2 Absatz 1 des Grundgesetzes (Recht auf freie Entfaltung der Persoenlichkeit) und aus Artikel 1 Absatz 1 des Grundgesetzes (Unantastbarkeit der Menschenwuerde) ab (Volkszaehlungsurteil (BVerfGE 65, 1) 1983) + Ueberlegungen zur expliziten Erwaehnung des Rechts im Grundgesetz fanden keine Mehrheit bei Wiedervereinigung 1989/90 + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +Privatsphaere, Datenschutz und Ueberwachung +Datenschutz + + Rechtliche Grundlage + Bundesdatenschutzgesetzt (BDSG) + Landesdatenschutzgesetze + Bereichsspezifische Datenschutznormen + + Konkretes Recht als Buerger + Auskunftsanspruch an datenverarbeitende Stellen + Sperrung der Daten fuer Werbezwecke, etc. (jedoch: Kein Loeschungsanspruch) + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +Privatsphaere, Datenschutz und Ueberwachung +Ueberwachung / Datenerfassung + + Durch den Staat + Telekommunikationsuebewachung nach TKG, TKUeV + Berechtigte Stellen: + BKA + Bundesamt fuer Verfassungsschutz + Zollkriminalamt + Generalbundesanwalt + Rechtlich erlaubt bei + Katalogstraftaten 100a StGB + Vorratsdatenspeicherung auf EU-Ebene (seit 14.12.2005) + EU-Mitgliedsstaaten haben 18monate Zeit zur Umsetzung + Verbindungsdaten werden zw. 6 und 24 Monate gespeichert + Ermittlungsbehoerden koennen dann rueckwirkend alle gespeicherten Daten einsehen + Nein des Bundestags am 14.2.2005 nun nichtig + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +Privatsphaere, Datenschutz und Ueberwachung +TK-Ueberwachung + + Staatliche TK-Ueberwachung + Geregelt in + Telekommunikationsgesetzt (TKG) + Telekommunikationsueberwachungsverordnung (TKUeV) + Technische Richtlinien zur TKUeV (TR-TKUeV) + Zahl der Abhoermassnahmen lt. BfD + 1995: 4.674 + 2001: 19.896 + 2002: 21.874 + 2003: 24.501 + 2004: 29.017 Massnahmen. + [http://www.bfd.bund.de/Presse/pm20050331.html] + Jede Massnahme kann lange dauern, und viele Leute betreffen + Gesetzlich vorgeschriebene Benachrichtigung der Betroffenen erfolgt meist nicht + Benachrichtigung der sog. 'uebrigen Beteiligten' nicht vorgesehen + wiederholt versuche, praeventiv zu ueberwachen (2003: Niedersaechsisches Gesetz ueber die Oeffentliche Sicherheit und Ordnung (NSOG), Verfassungswidrig erklaert durch Bundesverfassungsgericht, 1 BvR 668/04) +%% http://www.mi.niedersachsen.de/master/C516709_N13666_L20_D0_I522.html +%% http://www.bundesverfassungsgericht.de/entscheidungen/rs20050727_1bvr066804 + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +Privatsphaere, Datenschutz und Ueberwachung +TK-Vorratsdatenspeicherung + + Welche Daten? + Begleitumstaende der Kommunikation + Absender, Empfaenger + Zeitpunkt, dauer + Ort / Anschluss + Erfolgreicher/-loser Versuch? + Grund des verbindungsabbaus + werden teils zu Abrechnungszwecken gespeichert + Wo? + Beim TK-Anbieter + Wie lange? + Fristen Zwischen 3 Monaten und 2 Jahren im Gespraech + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +Privatsphaere, Datenschutz und Ueberwachung +Ueberwachung / Datenerfassung + + Durch die Privatwirtschaft + Regulaere Kundendaten + Zusaetzliche Daten durch Kundenbindungsprogamme (Payback, etc) + Angebliche Gratisangebote + Pseudonymisiertes Tracking + z.B. gleiche EC-Karten-Nr bei jedem Einkauf + Datenerfassung im Online-Handel + Gebot der Datensparsamkeit wird staendig verletzt + Wozu wird Geburtsdatum bei einer Bestellung benoetigt? + 'Sicherheitsfragen' (Geburtsname der Mutter, Geburtsstadt) + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +Privatsphaere, Datenschutz und Ueberwachung +Neue Medien + + Neue Medien / Neue Technologien + bisher unueberwachte Bereiche des taeglichen Lebens werden 'digital durchdrungen' + Reisepass + Gesundheitskarte + Elektronischer tachograph bei LKW (statt fahrtenschreiber) + RFID in Kundenkarten + Jede Datenverarbeitung inhaerent datenintensiv + notwendige Daten zur Vermittlung einer Nachricht + notwendige Daten zur Abrechnung + notwendige Daten zur Lokalisierung eines Empfaengers + Folge: Exponentielle steigerung des Datenaufkommens im Alltag + Recht auf informationelle selsbtbestimmung kaum mehr wahrnehmbar + vielfach werden Daten ausserhalb des deutschen Rechtsraums verarbeitet + grosse Zahl an beteiligten datenverarbeitenden Stellen macht Suche nach verantwortlichem Ansprechpartner unmoeglich + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +Privatsphaere, Datenschutz und Ueberwachung +Neue Medien + + Datenintensives Internet + Gefahren + Jedes Ende einer Verbindung hat (zu gegebenem Zeitpunkt) eindeutige Adresse + Provider speichert zu Abrechnungszwecken die Zuordnung, welche IP Adresse wann welchem Kunden zugewiesen wurde ('Fahrtenbuch' einer IP-Adresse) + Provider erhebt 'accounting'-Daten ueber Datenvolumen fuer Abrechnungszwecke, selbst bei sog. Flatrate-Angeboten + Jede an der Vermittlung eines Datenpakets beteiligte Stelle sieht Absender und Empfaengeraddresse + Jede an der Vermittlung beteiligte Stelle kann den Inhalt der Datenpakete einsehen, automatisiert auswerten und/oder speichern (auch wenn in Deutschland wohl rechtswidrig) + Durch transnationale Architektur und dynamische Routingentscheidungen kann ein Paket z.B. zwischen zwei Deutschen Teilnehmern trotzdem z.B. ueber die USA oder andere Laender mit wenig bzw. keinem Datenschutz geroutet werden. Dies kann durch den Anwender nicht beeinflusst werden. + + Dienste wie e-mail und WWW erzeugen darueberhinausgehende Daten auf ihrer Protokollebene + Internetzugang ueber Satellit i.d.R. voellig unverschluesselt, jeder kann bei jedem mitlesen (!) + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +Privatsphaere, Datenschutz und Ueberwachung +Neue Medien + + Datenintensives Internet + Schutz + Verschluesselung schuetzt vor mitlesen, jedoch zu wenig verbreitet + Verschluesselung hilft nicht gegen Analyse 'wer mit wem' + Anonymizer (z.B. "TCP Onion Routing" finden wenig Verbreitung + Besondere Vorsicht bei 'Gratisangeboten' + z.b. Google Mail erlaubet explizit die Auswertung der Email-Inhalte zu werbezwecken + Community-Sites wie z.B. Orkut behalten sich vor, die einmal eingestellten Informationen beliebig lange zu veroeffentlichen, auch nach Ende der Nutzung + Datenintensive Online-Dienste oft mit Firmensitz im Ausland + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +Privatsphaere, Datenschutz und Ueberwachung +Neue Medien + + Datenintensives Mobilfunknetz + Jedes eingeschaltete Telefon muss sich bei Mobilfunkanbieter anmelden + Es wird staendig die jeweils naeheste (d.h. mit bestem Empfang) Funkzelle gewaehlt -> Bewegungsprofile + Durch Triangulierung der empfangenen Funksignale von mehreren Basisstationen kann Aufenthaltsort relativ genau bestimmt werden + Jedes Telefon hat eine eigene weiltweit eindeutige Seriennummer + Jede SIM-Karte hat eine mit dem Teilnehmer vernkuepfte eindeutige Identitaet + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +Privatsphaere, Datenschutz und Ueberwachung +Brave New World + + Datenintensive LKW-Maut + Kennzeichenerkennung an Mautbruecken + Protokollierung der GPS-Koordinaten des Fahrzeugs + Kombination mit vorgeschriebenem elektronischem Tachograph laesst Utopien wahr werden (Geschwindigkeitsuebertretungen werden ein Jahr auf Vorrat im Tachograph vorgehalten) + Politik denk immer wieder darueber nach, zweckbindung der Daten aufzuheben/einzuschraenken + + DECT-Schnurlos-Telefone + urspruenglich geheimer Verschluesselungsalgorithmus wurde inzwischen geknackt und im Internet veroeffentlicht + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +Privatsphaere, Datenschutz und Ueberwachung +Brave New World + + Schnurlostastaturen + Viele arbeiten mit Funk + Aeltere Modelle ohne jegliche Verschluesselung + Neuere Tastaturen mit Bluetooth (siehe unten) + + Bluetooth + Schwache Sicherheitsstandards + Viele Geraete mit Default-PIN '0000' ausgeliefert + Viele fehlerhafte Implementierungen, v.a. in Mobiltelefonen. + Hacker konnte durch Fahrradfahren im Regierungsviertel die Telefonbuecher vieler Abgeordneten und des Sicherheitspersonals auslesen [http://www.heise.de/newsticker/meldung/60542] + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +Privatsphaere, Datenschutz und Ueberwachung +Brave New World + + Wireless LAN + Liste der Datenschutz/Sicherheitsprobleme endlos + nicht nur unerlaubte Nutzung der Netze durch Dritte (wardriving), sonderen auch + 'Einfangen' eines Notebooks (Rogue AP) + passive Ueberwachung des Datenverkehrs, z.B.an Hotspots + + Kfz-Kennzeicherkennung + Einige Landespolizeigesetze (z.B. Bayern, Hessen) erlauben der Polizei, auf Autobahnen per Videokamera und Kennzeichenerkennung abgleich mit Datenbank gestohlener Fahrzeuge bzw. ausgeschriebenen Fahndungen + Enormer Datenanfall, weckt begehrlichkeiten + Technisch eigentlich bei jeder Verkehrsueberwachung + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +Privatsphaere, Datenschutz und Ueberwachung +Brave New World + + + Elektronisches Ticket + BVG denkt immer wieder ueber elektronisches Ticket nach + Feldsversuche wurden schon gemacht + Ticket wuerde per RFID erfassen, wer wann wo ein- und aussteigt + Jede Bewegung im OePNV jedes Kunden zu jeder Zeit bekannt! + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +Privatsphaere, Datenschutz und Ueberwachung +Brave New World + + Elektronischer Reisepass + Innenminister der EU umgehen Bundestag + seit 1.11. werden nur noch ePaesse ausgestellt + enthalten digitalisierte informationen ueber passinhaber + ab 2007 auch Fingerabdruecke (!!!) + Hohe anforderungen an Fotos soll automatische Gesichtserkennung ermoeglichen + Daten werden per Funkschnittstelle (RFID) ausgelesen + optionale Verschluesselung wird in Deutschland eingesetzt + Authentisierung mit MRZ zu schwach + + Elektronischer Personalausweis + in Planung + Auch hier wieder ueber EU-Schiene + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +Privatsphaere, Datenschutz und Ueberwachung +Brave New World + + + Farbkopierer (z.b. Canon) + Jede Kopie wird mit fuer Auge unsichtbarem Code aus Seriennummer und Nummer der Kopie versehen + Ueber Servicevertraege ist dem Hersteller bei 90% der Kopierer bekannt, wo diese stehen + Durch Kundenkarten im Copy-Shop ist die Verknuepfung moeglich, wer eine bestimmte Kopie an welchem Geraet gemacht wird + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +Privatsphaere, Datenschutz und Ueberwachung +Brave New World + + + RFID allgemein + [fast] alle RFID-Karten haben eine eindeutige Seriennummer + Fuer kartenausgebende Stelle werden damit alle anfallenden Daten personenbezogen + ueber diese Seriennummer ermoeglicht es jedem Dritten, pseudonymisiertes tracking zu betreiben + z.B. Bewegungsprofile durch in Wand/Tuerrahmen/Durchgang eingelassene Reader + pseudonymisierte Daten unterliegen kaum Datenschutz (!) + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +Privatsphaere, Datenschutz und Ueberwachung +Zukunft / Ausblick + + + Alltag wird weiter von Technologie durchdrungen + Sensibilitaet zu Risiken und Nebenwirkungen kaum vorhanden + Politik verlaesst sich zu oft auf Sicherheitsversprechen der Privatwirtschaft + Wachsender Datenanfall in der weckt Begehrlichkeiten + bei Ermittlungsbehoerden + bei Kriminellen + Zweckgebundenheit der Daten nur noch in der Theorie + Datenverluste bei Datensammlungsfirmen an der Tagesordnung + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +Privatsphaere, Datenschutz und Ueberwachung +Links (1/2) + + + Deutsche Vereinigung fuer Datenschutz (DVD) e.V. + http://www.datenschutzverein.de/ + Humanistische Union e.V. + http://www.humanistische-union.de/ + FoeBUD e.V. + http://www.foebud.de/ + Big Brother Awards + http://www.bigbrotherawards.de/ + Forum InformatikerInnen fuer Frieden und gesellschaftliche Verantwortung (FIfF) e.V. + http://rayserv.upb.de/fiff/ + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +Privatsphaere, Datenschutz und Ueberwachung +Links (2/2) + + + Chaos Computer Club e.V. + http://www.ccc.de/ + Stop1984 Initiative + http://stop1984.com/ + European Digital Rights Initiative (EDRI) + http://www.edri.org/ + Electronic Fronteer Foundation (EFF) + http://www.eff.org/ + diff --git a/2005/medien_ueberwachung_datenschutz-unipotsdam2005/gliederung.txt b/2005/medien_ueberwachung_datenschutz-unipotsdam2005/gliederung.txt new file mode 100644 index 0000000..cbd465d --- /dev/null +++ b/2005/medien_ueberwachung_datenschutz-unipotsdam2005/gliederung.txt @@ -0,0 +1,193 @@ +Privatsphäre, Datenschutz und Ăśberwachung +Risiken und Nebenwirkungen der modernen Kommunikationstechnik + +- wie Sie wissen, + - weiss Ihr Online-Buchhaendler genau, fuer welche Fachliteratur Sie sich interessieren + - weiss Ihr Internetprovider, dass Sie sich vorwiegend fuer arabische Nachrichtenseiten interessieren, und mit welchen Frenunden Sie emails austauschen + - weiss Ihr Mobilfunkanbieter (aber nicht Ihre Frau), dass Sie gestern bei Ihrer Geliebten, und nicht im Buero waren. Damit machen Sie sich erpressbar. + - weiss Ihre Bank, + - weiss Ihr Supermarkt dank Kundenkarte, wieviel Alkohol sie einkaufen. Eine Versicherung verweigert einen Vertrag mit Ihnen, weil sie diese Daten gekauft hat. + +- datenschutz + - was ist datenschutz + - urspruenglich: schutz personengebundener daten vor missbrauch + - heute: schutz vor beeintraechtigung des rechts auf informationelle selbstbestimmung + - was ist informationelle selbstbestimmung? + das Recht des Einzelnen, grundsätzlich selbst ĂĽber die Preisgabe und Verwendung seiner personenbezogenen Daten zu bestimmen. + nach der Rechtsprechung des Bundesverfassungsgerichts um ein Datenschutz-Grundrecht, obwohl es im Grundgesetz nicht explizit erwähnt wird + auspraegung des allgemeinen Persoenlichkeitsrechts + Bundesverfassungsgericht leitete dieses Recht aus Artikel 2 Absatz 1 des Grundgesetzes (Recht auf freie Entfaltung der Persönlichkeit) und aus Artikel 1 Absatz 1 des Grundgesetzes (Unantastbarkeit der MenschenwĂĽrde) ab + (Volkszaehlungsurteil (BVerfGE 65, 1) 1983) + - es gibt keine belanglosen daten! + - durch verknuepfungsmoeglichkeiten kann alles persoenlich werden + - Gesetze: + Bundesdatenschutzgesetzt (BDSG) + Landesdatenschutzgesetze + Bereichsspezifische Datenschutznormen + - warum braucht man datenschutz? + - Wen geht es etwas an, Ihre + politische Einstellung + Hausartzbesuche und Krankheiten + sexuelle Vorlieben + finanzielle Situation + bevorstehende Schwangerschaft + Briefverkehr + zu kennen? + - unterbesetzte datenschutzbeauftragte + - recht als buerger + - auskunftsanspruch + - sperrung der daten (jedoch: kein loeschungsanspruch) + +- welche art der daten + - bsp: telekommunikation (telefonie) + - begleitumstaende der kommunikation + - absender, empfaenger + - zeitpunkt, dauer + - ort / anschluss + - erfolgreicher/-loser versuch + - grund des verbindungsabbaus + - werden teils zu abrechnungszwecken gespeichert + - staatlich reglementiertes abhoeren moeglich, richterliche anordnung + - wiederholt versuche, praeventiv zu ueberwachen (2003: Niedersaechsisches Gesetz ueber die Oeffentliche Sicherheit und Ordnung (NSOG), Verfassungswidrig erklaert durch Bundesverfassungsgericht, 1 BvR 668/04) + - inhalt der kommunikation + - sprachgebundene kommunikation nicht automatisiert + auswertbar + - textgebundene kommunikation leicht automatisiert + auswertbar + - staatlich reglementiertes abhoeren moeglich, richterliche anordnung + - Deutschland hat weit hoehere quote an abgehoerten telefongespraechen als USA(!) + - 1995: 4.674 + - 2001: 19.896 + - 2002: 21.874 + - 2003: 24.501 + - 2004: 29.017 Massnahmen. [http://www.bfd.bund.de/Presse/pm20050331.html] + - Jede massnahme kann lange dauern, und viele Leute betreffen! + - Gesetzlich vorgeschriebene Benachrichtigung der Betroffenen erfolgt meist nicht + - Sog. 'uebrigen Beteiligten' werden nie benachrichtigt! + - bsp: Kennzeichenueberwachung + - Einige Landespolizeigesetze (z.B. Bayern, Hessen) erlauben der Polizei, auf Autobahnen per Videokamera und Kennzeichenerkennung abgleich mit Datenbank gestohlener Fahrzeuge bzw. ausgeschriebenen Fahndungen + - Enormer Datenanfall, weckt begehrlichkeiten + - Technisch eigentlich bei jeder Verkehrsueberwachung + - bsp: Elektronisches Ticket + - BVG denkt immer wieder ueber elektronisches Ticket nach + - Feldsversuche wurden schon gemacht + - Ticket wuerde per RFID erfassen, wer wann wo ein- und aussteigt + - Jede Bewegung im OePNV jedes Kunden zu jeder Zeit bekannt! + - bsp: ePass + - seit 1.11. werden nur noch ePaesse ausgestellt + - enthalten digitalisierte informationen ueber passinhaber + - ab 2007 auch Fingerabdruecke (!!!) + - Hohe anforderungen an Fotos soll automatische Gesichtserkennung ermoeglichen + - Daten werden per Funkschnittstelle (RFID) ausgelesen + - bsp: RFID allgemein + - [fast] alle RFID-Karten haben eine eindeutige Seriennummer + - Fuer Kartenausgebende stelle werden damit alle anfallenden Daten Personenbezogen + - ueber diese Seriennummer laesst sich fuer _jeden_ pseudonymisiertes tracking machen + - z.B. Bewegungsprofile durch in Wand/Tuerrahmen/Durchgang eingelassene Reader + - pseudonymisierte Daten unterliegen kaum Datenschutz (!) + - bsp: Farbkopierer (z.b. Canon) + - Jede Kopie wird mit fuer Auge unsichtbarem Code aus Seriennummer und Timestamp versehen + - Ueber Servicevertraege ist dem Hersteller bei 90% der Kopierer klar, wo diese stehen + - Durch Kundenkarten im Copy-Shop ist die Verknuepfung moeglich, wer eine bestimmte Kopie an welchem Geraet gemacht wird + - Liste laesst sich beliebig fortsetzen + - Studierendenkarte + + +- ueberwachung durch wen + - staat + - tkg / tkuev + - 3bedarfstraeger + - + - katalogstraftaten 100a StGB + - vorratsdatenspeicherung auf EU-Ebene + - wirtschaft + - kundenbindungsprogamme (payback, etc) + - angebliche gratisangebote sind nicht gratis, werden durch daten bezahlt! + - pseudonymisiertes tracking + - gleiche ec-karten-nr bei jedem einkauf + - online-handel + + - erhebung unnoetiger daten + - wozu wird geburtsdatum bei einer bestellung benoetigt? + - banken + - haben viele daten ueber 'wer mit wem' + +- neue medien + - bisher unueberwachte bereiche werden voellig ueberwacht + - inhaerent datenintensiv + - notwendige Daten zum Transport bzw. der Vermittlung einer Nachricht + - notwendige Daten zur Abrechnung + - notwendige Daten zur lokalisierung eines Empfaengers + - datenintensives internet + - jedes Ende einer Verbindung hat (zu gegebenem Zeitpunkt) eindeutige Adresse + - Provider speichert zu Abrechnungszwecken die Zuordnung, welche IP adresse wann + welchem Kunden zugewiesen wurde ('fahrtenbuch' einer IP-Adresse) + - Provider erhebt 'accounting'-Daten ueber Datenvolumen fuer Abrechnungszwecke, + selbst bei sog. Flatrate-Angeboten + - Jede an der Vermittlung eines Datenpakets beteiligte Stelle + sieht Absender und Empfaengeraddresse + - Jede an der Vermittlung beteiligte Stelle kann den Inhalt der Datenpakete + einsehen, automatisiert auswerten und/oder speichern (auch + wenn in Deutschland nicht legal) + - Durch transnationale Architektur und dynamische Routingentscheidungen kann + ein Paket zwischen zwei Deutschen Teilnehmern trotzdem z.B. ueber die USA + oder andere Laender mit wenig bzw. keinem Datenschutz geroutet werden. + Dies kann durch den Anwender nicht beeinflusst werden. + - Dienste wie e-mail und WWW erzeugen darueberhinausgehende + Daten auf ihrer Protokollebene + - Verschluesselung schuetzt vor mitlesen, ist jedoch viel zu wenig verbreitet + (wer verwendet pop3/imap4 mit SSL ?) + - selbst Verschluesselung hilft nicht gegen analyse 'wer mit wem' + - anonymizer (z.B. "TCP Onion Routing" (Tor) helfen, finden aber nur wenig Anwendung + - Internetzugang ueber Satellit voellig unverschluesselt, jeder kann bei jedem mitlesen (!) + - datenintensives mobilfunknetz + - Jedes eingeschaltete Telefon muss sich bei Mobilfunkanbieter anmelden + - Es wird staendig die jeweils naeheste (d.h. mit bestem Empfang) Funkzelle geaehlt + - Durch Triangulierung der empfangenen Funksignale von mehreren Basisstationen kann Aufenthaltsort sehr genau bestimmt werden + - Jedes Telefon hat eine eigene Identitaet + - Jedes + - datenintensive LKW-Maut + - Kennzeichenerkennung an Mautbruecken + - Staendige Protokollierung der GPS-Koordinaten des Fahrzeugs + - Kombination mit elektronischem Tachograph laesst Utopien wahr werden (Geschwindigkeitsuebertretungen werden ein JAhr auf Vorrat im Tachograph vorgehalten) + - DECT-Telefonie + - urspruenglich geheimer Verschluesselungsalgorithmus wurde inzwischen im Internet veroeffentlicht + - Schnurlostastaturen + - Viele arbeiten mit Funk, vor allem aeltere ohne jegliche Verschluesselung + - Bluetooth + - Schwache Sicherheitsstandards + - Viele fehlerhafte implementierungen, v.a. in Mobiltelefonen. Hacker konnte durch Fahrradfahren im Regierungsviertel die Telefonbuecher vieler Abgeordneten und des Sicherheitspersonals auslesen [http://www.heise.de/newsticker/meldung/60542] + - Wireless LAN + - nicht nur unerlaubte Nutzung der Netze durch Dritte (wardriving), sonderen auch leichtes 'Einfangen' eines Notebooks (Rogue AP) + +- paradigmenwechsel + - Viele alltaegliche dinge, die frueher 'offline' waren, sind jetzt 'online' + - Reisepass + - Gesundheitskarte + - Elektronischer tachograph bei LKW (statt fahrtenschreiber) + - Chipkarten / RFID beim einkauf + - Folge: Exponentielle steigerung des Datenanfalls + - Recht auf informationelle selsbtbestimmung kaum mehr wahrnehmbar + - vielfach werden Daten ausserhalb des deutschen Rechtsraums verarbeitet + - grosse Zahl an beteiligten datenverarbeitenden Stellen macht Suche nach + verantwortlichem Ansprechpartner unmoeglich + - welcher Online-shop gibt mir denn die wahl, schon bei meiner + Erstregistrierung sofort der Nutzung meiner Daten zu widersprechen? + +- politik + - zweckgebundenheit der daten oft nicht mehr gegeben + - einmal erfasste daten wecken begehrlichkeiten + +- literaturhinweise / referenzen + - Deutsche Vereinigung fuer Datenschutz (DVD) e.V. (http://www.datenschutzverein.de/) + - Humanistische Union e.V. (http://www.humanistische-union.de/) + - FoeBUD e.V. (http://www.foebud.de/) + - Big Brother Awards (http://www.bigbrotherawards.de/) + - Forum InformatikerInnen fuer Frieden und gesellschaftliche Verantwortung (FIfF) e.V. (http://rayserv.upb.de/fiff/) + - Stop1984 Initiative (http://stop1984.com/) + - European Digital Rights Initiative (EDRI), http://www.edri.org/ + - Electronic Fronteer Foundation (EFF), http://www.eff.org/ + + + http://www.mi.niedersachsen.de/master/C516709_N13666_L20_D0_I522.html + http://www.bundesverfassungsgericht.de/entscheidungen/rs20050727_1bvr066804 diff --git a/2005/medien_ueberwachung_datenschutz-unipotsdam2005/potsdam2005.mgp b/2005/medien_ueberwachung_datenschutz-unipotsdam2005/potsdam2005.mgp new file mode 100644 index 0000000..7be522d --- /dev/null +++ b/2005/medien_ueberwachung_datenschutz-unipotsdam2005/potsdam2005.mgp @@ -0,0 +1,399 @@ +%include "default.mgp" +%default 1 bgrad +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +%nodefault +%back "blue" + +%center +%size 6 + + +Privatsphaere, Datenschutz und Ueberwachung + +%size 3 +Risiken und Nebenwirkungen der modernen Kommunikationstechnik + + +%center +%size 3 +von + +Harald Welte <laforge@gnumonks.org> + + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +Privatsphaere, Datenschutz und Ueberwachung +Inhalt + + Zur Person + Einleitung + Datenschutz + Informationelle Selbstbestimmung + Staatliche Ueberwachung + Private Datensammler + Brave New World + Neue Medien + Ausblick + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +Privatsphaere, Datenschutz und Ueberwachung +Zur Person + + Harald Welte, Freiberufler + Forschung, Entwicklung und Beratung + Netzwerksicherheit + Datensicherheit + Systemsicherheit + Kommunikationssicherheit + Ehrenamtliche Taetigkeit beim Chaos Computer Club e.V. + Sicherheitsaspekte bei IT-Grossprojekten + Datenschutz / Privatsphaere + Digitale Buergerrechte + Freie Software im IT-Sicherheitsbereich + Linux Firwall (http://netfilter.org/) + RFID / ePassports (http://openmrtd.org/) + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +Privatsphaere, Datenschutz und Ueberwachung +Einleitung + + wie Sie wissen, + weiss Ihr Online-Buchhaendler genau, fuer welche Fachliteratur Sie sich interessieren + weiss Ihr Internetprovider, dass Sie sich vorwiegend fuer arabische Nachrichtenseiten interessieren, und mit welchen Freunden Sie emails austauschen + weiss Ihr Mobilfunkanbieter (aber nicht Ihre Frau), dass Sie gestern bei Ihrer Geliebten, und nicht im Buero waren. Damit machen Sie sich erpressbar. + weiss Ihr Supermarkt dank Kundenkarte, wieviel Alkohol sie einkaufen. Eine Versicherung kauft diese Einkaufsdaten und verweigert einen Vertrag mit Ihnen. + + Realitaet oder Utopie? + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +Privatsphaere, Datenschutz und Ueberwachung +Datenschutz + + Was ist Datenschutz? + Urspruenglich: Schutz Personengebundener Daten vor Missbrauch + Heute: Schutz vor Beeintraechtigung des Rechts auf informationelle Selbstbestimmung + + Was ist informationelle Selbstbestimmung? + das Recht des Einzelnen, grundsaetzlich selbst ueber die Preisgabe und Verwendung seiner personenbezogenen Daten zu bestimmen. + nach der Rechtsprechung des Bundesverfassungsgerichts um ein Datenschutz-Grundrecht, obwohl es im Grundgesetz nicht explizit erwaehnt wird + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +Privatsphaere, Datenschutz und Ueberwachung +Datenschutz + + Informationelle Selbstbestimmung + Auspraegung des allgemeinen Persoenlichkeitsrechts + Bundesverfassungsgericht leitete dieses Recht aus Artikel 2 Absatz 1 des Grundgesetzes (Recht auf freie Entfaltung der Persoenlichkeit) und aus Artikel 1 Absatz 1 des Grundgesetzes (Unantastbarkeit der Menschenwuerde) ab (Volkszaehlungsurteil (BVerfGE 65, 1) 1983) + Ueberlegungen zur expliziten Erwaehnung des Rechts im Grundgesetz fanden keine Mehrheit bei Wiedervereinigung 1989/90 + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +Privatsphaere, Datenschutz und Ueberwachung +Datenschutz + + Rechtliche Grundlage + Bundesdatenschutzgesetzt (BDSG) + Landesdatenschutzgesetze + Bereichsspezifische Datenschutznormen + + Konkretes Recht als Buerger + Auskunftsanspruch an datenverarbeitende Stellen + Sperrung der Daten fuer Werbezwecke, etc. (jedoch: Kein Loeschungsanspruch) + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +Privatsphaere, Datenschutz und Ueberwachung +Ueberwachung / Datenerfassung + + Durch den Staat + Telekommunikationsuebewachung nach TKG, TKUeV + Berechtigte Stellen: + BKA + Bundesamt fuer Verfassungsschutz + Zollkriminalamt + Generalbundesanwalt + Rechtlich erlaubt bei + Katalogstraftaten 100a StGB + Vorratsdatenspeicherung auf EU-Ebene (geplant) + Alle TK-Anbieter wuerden verpflichtet, saemtliche Verbindungsdaten fuer mehrere Monate auf Vorrat zu speichern + Ermittlungsbehoerden koennen dann rueckwirkend alle gespeicherten Daten einsehen + In einigen EU-Staaten schon im Diskussionsstadium gescheitert, jetzt von Kommission und Ministerrat geplant + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +Privatsphaere, Datenschutz und Ueberwachung +TK-Ueberwachung + + Staatliche TK-Ueberwachung + Geregelt in + Telekommunikationsgesetzt (TKG) + Telekommunikationsueberwachungsverordnung (TKUeV) + Technische Richtlinien zur TKUeV (TR-TKUeV) + Zahl der Abhoermassnahmen lt. BfD + 1995: 4.674 + 2001: 19.896 + 2002: 21.874 + 2003: 24.501 + 2004: 29.017 Massnahmen. + [http://www.bfd.bund.de/Presse/pm20050331.html] + Jede Massnahme kann lange dauern, und viele Leute betreffen + Gesetzlich vorgeschriebene Benachrichtigung der Betroffenen erfolgt meist nicht + Benachrichtigung der sog. 'uebrigen Beteiligten' nicht vorgesehen + wiederholt versuche, praeventiv zu ueberwachen (2003: Niedersaechsisches Gesetz ueber die Oeffentliche Sicherheit und Ordnung (NSOG), Verfassungswidrig erklaert durch Bundesverfassungsgericht, 1 BvR 668/04) +%% http://www.mi.niedersachsen.de/master/C516709_N13666_L20_D0_I522.html +%% http://www.bundesverfassungsgericht.de/entscheidungen/rs20050727_1bvr066804 + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +Privatsphaere, Datenschutz und Ueberwachung +TK-Vorratsdatenspeicherung + + Welche Daten? + Begleitumstaende der Kommunikation + Absender, Empfaenger + Zeitpunkt, dauer + Ort / Anschluss + Erfolgreicher/-loser Versuch? + Grund des verbindungsabbaus + werden teils zu Abrechnungszwecken gespeichert + Wo? + Beim TK-Anbieter + Wie lange? + Fristen Zwischen 3 Monaten und 2 Jahren im Gespraech + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +Privatsphaere, Datenschutz und Ueberwachung +Ueberwachung / Datenerfassung + + Durch die Privatwirtschaft + Regulaere Kundendaten + Zusaetzliche Daten durch Kundenbindungsprogamme (Payback, etc) + Angebliche Gratisangebote + Pseudonymisiertes Tracking + z.B. gleiche EC-Karten-Nr bei jedem Einkauf + Datenerfassung im Online-Handel + Gebot der Datensparsamkeit wird staendig verletzt + Wozu wird Geburtsdatum bei einer Bestellung benoetigt? + 'Sicherheitsfragen' (Geburtsname der Mutter, Geburtsstadt) + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +Privatsphaere, Datenschutz und Ueberwachung +Neue Medien + + Neue Medien / Neue Technologien + bisher unueberwachte Bereiche des taeglichen Lebens werden 'digital durchdrungen' + Reisepass + Gesundheitskarte + Elektronischer tachograph bei LKW (statt fahrtenschreiber) + RFID in Kundenkarten + Jede Datenverarbeitung inhaerent datenintensiv + notwendige Daten zur Vermittlung einer Nachricht + notwendige Daten zur Abrechnung + notwendige Daten zur Lokalisierung eines Empfaengers + Folge: Exponentielle steigerung des Datenaufkommens im Alltag + Recht auf informationelle selsbtbestimmung kaum mehr wahrnehmbar + vielfach werden Daten ausserhalb des deutschen Rechtsraums verarbeitet + grosse Zahl an beteiligten datenverarbeitenden Stellen macht Suche nach verantwortlichem Ansprechpartner unmoeglich + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +Privatsphaere, Datenschutz und Ueberwachung +Neue Medien + + Datenintensives Internet + Gefahren + Jedes Ende einer Verbindung hat (zu gegebenem Zeitpunkt) eindeutige Adresse + Provider speichert zu Abrechnungszwecken die Zuordnung, welche IP Adresse wann welchem Kunden zugewiesen wurde ('Fahrtenbuch' einer IP-Adresse) + Provider erhebt 'accounting'-Daten ueber Datenvolumen fuer Abrechnungszwecke, selbst bei sog. Flatrate-Angeboten + Jede an der Vermittlung eines Datenpakets beteiligte Stelle sieht Absender und Empfaengeraddresse + Jede an der Vermittlung beteiligte Stelle kann den Inhalt der Datenpakete einsehen, automatisiert auswerten und/oder speichern (auch wenn in Deutschland wohl rechtswidrig) + Durch transnationale Architektur und dynamische Routingentscheidungen kann ein Paket z.B. zwischen zwei Deutschen Teilnehmern trotzdem z.B. ueber die USA oder andere Laender mit wenig bzw. keinem Datenschutz geroutet werden. Dies kann durch den Anwender nicht beeinflusst werden. + + Dienste wie e-mail und WWW erzeugen darueberhinausgehende Daten auf ihrer Protokollebene + Internetzugang ueber Satellit i.d.R. voellig unverschluesselt, jeder kann bei jedem mitlesen (!) + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +Privatsphaere, Datenschutz und Ueberwachung +Neue Medien + + Datenintensives Internet + Schutz + Verschluesselung schuetzt vor mitlesen, jedoch zu wenig verbreitet + Verschluesselung hilft nicht gegen Analyse 'wer mit wem' + Anonymizer (z.B. "TCP Onion Routing" finden wenig Verbreitung + Besondere Vorsicht bei 'Gratisangeboten' + z.b. Google Mail erlaubet explizit die Auswertung der Email-Inhalte zu werbezwecken + Community-Sites wie z.B. Orkut behalten sich vor, die einmal eingestellten Informationen beliebig lange zu veroeffentlichen, auch nach Ende der Nutzung + Datenintensive Online-Dienste oft mit Firmensitz im Ausland + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +Privatsphaere, Datenschutz und Ueberwachung +Neue Medien + + Datenintensives Mobilfunknetz + Jedes eingeschaltete Telefon muss sich bei Mobilfunkanbieter anmelden + Es wird staendig die jeweils naeheste (d.h. mit bestem Empfang) Funkzelle gewaehlt -> Bewegungsprofile + Durch Triangulierung der empfangenen Funksignale von mehreren Basisstationen kann Aufenthaltsort relativ genau bestimmt werden + Jedes Telefon hat eine eigene weiltweit eindeutige Seriennummer + Jede SIM-Karte hat eine mit dem Teilnehmer vernkuepfte eindeutige Identitaet + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +Privatsphaere, Datenschutz und Ueberwachung +Brave New World + + Datenintensive LKW-Maut + Kennzeichenerkennung an Mautbruecken + Protokollierung der GPS-Koordinaten des Fahrzeugs + Kombination mit vorgeschriebenem elektronischem Tachograph laesst Utopien wahr werden (Geschwindigkeitsuebertretungen werden ein Jahr auf Vorrat im Tachograph vorgehalten) + Politik denk immer wieder darueber nach, zweckbindung der Daten aufzuheben/einzuschraenken + + DECT-Schnurlos-Telefone + urspruenglich geheimer Verschluesselungsalgorithmus wurde inzwischen geknackt und im Internet veroeffentlicht + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +Privatsphaere, Datenschutz und Ueberwachung +Brave New World + + Schnurlostastaturen + Viele arbeiten mit Funk + Aeltere Modelle ohne jegliche Verschluesselung + Neuere Tastaturen mit Bluetooth (siehe unten) + + Bluetooth + Schwache Sicherheitsstandards + Viele Geraete mit Default-PIN '0000' ausgeliefert + Viele fehlerhafte Implementierungen, v.a. in Mobiltelefonen. + Hacker konnte durch Fahrradfahren im Regierungsviertel die Telefonbuecher vieler Abgeordneten und des Sicherheitspersonals auslesen [http://www.heise.de/newsticker/meldung/60542] + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +Privatsphaere, Datenschutz und Ueberwachung +Brave New World + + Wireless LAN + Liste der Datenschutz/Sicherheitsprobleme endlos + nicht nur unerlaubte Nutzung der Netze durch Dritte (wardriving), sonderen auch + 'Einfangen' eines Notebooks (Rogue AP) + passive Ueberwachung des Datenverkehrs, z.B.an Hotspots + + Kfz-Kennzeicherkennung + Einige Landespolizeigesetze (z.B. Bayern, Hessen) erlauben der Polizei, auf Autobahnen per Videokamera und Kennzeichenerkennung abgleich mit Datenbank gestohlener Fahrzeuge bzw. ausgeschriebenen Fahndungen + Enormer Datenanfall, weckt begehrlichkeiten + Technisch eigentlich bei jeder Verkehrsueberwachung + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +Privatsphaere, Datenschutz und Ueberwachung +Brave New World + + + Elektronisches Ticket + BVG denkt immer wieder ueber elektronisches Ticket nach + Feldsversuche wurden schon gemacht + Ticket wuerde per RFID erfassen, wer wann wo ein- und aussteigt + Jede Bewegung im OePNV jedes Kunden zu jeder Zeit bekannt! + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +Privatsphaere, Datenschutz und Ueberwachung +Brave New World + + Elektronischer Reisepass + Innenminister der EU umgehen Bundestag + seit 1.11. werden nur noch ePaesse ausgestellt + enthalten digitalisierte informationen ueber passinhaber + ab 2007 auch Fingerabdruecke (!!!) + Hohe anforderungen an Fotos soll automatische Gesichtserkennung ermoeglichen + Daten werden per Funkschnittstelle (RFID) ausgelesen + optionale Verschluesselung wird in Deutschland eingesetzt + Authentisierung mit MRZ zu schwach + + Elektronischer Personalausweis + in Planung + Auch hier wieder ueber EU-Schiene + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +Privatsphaere, Datenschutz und Ueberwachung +Brave New World + + + Farbkopierer (z.b. Canon) + Jede Kopie wird mit fuer Auge unsichtbarem Code aus Seriennummer und Nummer der Kopie versehen + Ueber Servicevertraege ist dem Hersteller bei 90% der Kopierer bekannt, wo diese stehen + Durch Kundenkarten im Copy-Shop ist die Verknuepfung moeglich, wer eine bestimmte Kopie an welchem Geraet gemacht wird + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +Privatsphaere, Datenschutz und Ueberwachung +Brave New World + + + RFID allgemein + [fast] alle RFID-Karten haben eine eindeutige Seriennummer + Fuer kartenausgebende Stelle werden damit alle anfallenden Daten personenbezogen + ueber diese Seriennummer ermoeglicht es jedem Dritten, pseudonymisiertes tracking zu betreiben + z.B. Bewegungsprofile durch in Wand/Tuerrahmen/Durchgang eingelassene Reader + pseudonymisierte Daten unterliegen kaum Datenschutz (!) + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +Privatsphaere, Datenschutz und Ueberwachung +Zukunft / Ausblick + + + Alltag wird weiter von Technologie durchdrungen + Sensibilitaet zu Risiken und Nebenwirkungen kaum vorhanden + Politik verlaesst sich zu oft auf Sicherheitsversprechen der Privatwirtschaft + Wachsender Datenanfall in der weckt Begehrlichkeiten + bei Ermittlungsbehoerden + bei Kriminellen + Zweckgebundenheit der Daten nur noch in der Theorie + Datenverluste bei Datensammlungsfirmen an der Tagesordnung + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +Privatsphaere, Datenschutz und Ueberwachung +Links (1/2) + + + Deutsche Vereinigung fuer Datenschutz (DVD) e.V. + http://www.datenschutzverein.de/ + Humanistische Union e.V. + http://www.humanistische-union.de/ + FoeBUD e.V. + http://www.foebud.de/ + Big Brother Awards + http://www.bigbrotherawards.de/ + Forum InformatikerInnen fuer Frieden und gesellschaftliche Verantwortung (FIfF) e.V. + http://rayserv.upb.de/fiff/ + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +Privatsphaere, Datenschutz und Ueberwachung +Links (2/2) + + + Chaos Computer Club e.V. + http://www.ccc.de/ + Stop1984 Initiative + http://stop1984.com/ + European Digital Rights Initiative (EDRI) + http://www.edri.org/ + Electronic Fronteer Foundation (EFF) + http://www.eff.org/ + diff --git a/2005/netfilter-lk2005/abstract.txt b/2005/netfilter-lk2005/abstract.txt new file mode 100644 index 0000000..0d3f97c --- /dev/null +++ b/2005/netfilter-lk2005/abstract.txt @@ -0,0 +1,32 @@ +First steps towards the next generation netfilter subsystem + +Until 2.6, every new kernel version came with its own incarnation of a packet +filter: ipfw, ipfwadm, ipchains, iptables. 2.6.x still had iptables. What was +wrong? Or was iptables good enough to last even two generations? + +In reality the netfilter project is working on gradually transforming the +existing framework into something new. Some of those changes are transparent +to the user, so they slip into a kernel release almost unnoticed. However, +for expert users and developers those changes are noteworthy anyway. + +Some other changes just extend the existing framework, so most users again +won't even notice them - they just don't take advantage of those new features. + +The 2.6.14 kernel release will mark a milestone, since it is scheduled to +contain nfnetlink, ctnetlink, nfnetlink_queue and nfnetlink_log - basically a +totally new netlink-based kernel/userspace interface for most parts of the +netfilter subsystem. + +nf_conntrack, a generic layer-3 independent connection tracking subsystem, +initially supporting IPv4 and IPv6, is also in the queue of pending patches. +Chances are high that it will be included in the mainline kernel at the time +this paper is presented at Linux Kongress. + +Another new subsystem within the framework is the "ipset" filter, basically an +alternative to using iptables in certain areas. + +The presentation will cover a timeline of recent advances in the netfilter +world, and describe each of the new features in detail. It will also summarize +the results of the annual netfilter development workshop, which is scheduled +just the week before Linux Kongress. + diff --git a/2005/netfilter-lk2005/biography.txt b/2005/netfilter-lk2005/biography.txt new file mode 100644 index 0000000..21758e7 --- /dev/null +++ b/2005/netfilter-lk2005/biography.txt @@ -0,0 +1,27 @@ + Harald Welte is the chairman of the netfilter/iptables core team. + + His main interest in computing has always been networking. In the few time +left besides netfilter/iptables related work, he's writing obscure documents +like the "UUCP over SSL HOWTO" or "A packet's journey through the Linux network +stack". Other kernel-related projects he has been contributing to are random +netowrking hacks, some device driver work and the neighbour cache. + + He has been working as an independent IT Consultant working on projects for +various companies ranging from banks to manufacturers of networking gear. +During the year 2001 he was living in Curitiba (Brazil), where he got +sponsored for his Linux related work by Conectiva Inc. + + Starting with February 2002, Harald has been contracted part-time by +Astaro AG, who are sponsoring him for his current netfilter/iptables work. +Aside from the Astaro sponsoring, he continues to work as a freelancing kernel +developer and network security consultant. + + He licenses his software under the terms of the GNU GPL. Sometimes users of +his software are not compliant with the license, so he started enforcing the +GPL with his gpl-violations.org project. + + During the last year, Harald has started development of a free, GPL-licensed +Linux RFID and electronic passport software suite. + +Harald is living in Berlin, Germany. + diff --git a/2005/netfilter_administration-cluc2005/abstract b/2005/netfilter_administration-cluc2005/abstract new file mode 100644 index 0000000..9643244 --- /dev/null +++ b/2005/netfilter_administration-cluc2005/abstract @@ -0,0 +1,25 @@ +Workshop about netfilter/iptables firewall administration + +Target audience: System and Network Administrators + +Prerequirements: Advanced knowledge about the TCP/IP protocol suite, general +GNU/Linux system adminstration skills. + +Goal: To give an in-depth introduction into the netfilter/iptables subsystem of +the Linux kernel. Given the information in this workshop, the audience should +be able to configure and use netfilter/iptables in an effective way. + +Table of contents: +- The history of the linux packet filter (ipfwadm, ipchains, iptables) +- netfilter: the hooks +- iptables: the packet matching system on top of netfilter + - general structure + - available targets + - available matches +- iptable_filter: Packet filtering +- iptable_mangle: Packet mangling +- ip_conntrack: Connection tracking on top of netfilter +- iptable_nat: Combining netfilter, iptables and ip_conntrack +- Practical examples of typical firewall rulesets +- The 10 commandments of how to break your network (the "don't do" part) +- Lots of time for questions & anwers diff --git a/2005/netfilter_administration-cluc2005/biography b/2005/netfilter_administration-cluc2005/biography new file mode 100644 index 0000000..165a4dc --- /dev/null +++ b/2005/netfilter_administration-cluc2005/biography @@ -0,0 +1,25 @@ + Harald Welte is a independent software developer and consultant[1] in the +fields of operating system development and network security, as well as +high-performance data communications and embedded computing. For a number of +years, he is the chairman of the netfilter/iptables[2] project, a Free Software +solution for Linux-based network firewalls. + + During the last six years, he has been contracted for projects by various +international companies of all industries, ranging from software vendors to +banks to manufacturers of networking gear. + + He licenses his software under the terms of the GNU GPL, and is determined to +bring all users, distributors, value added resellers and vendors of projects +based on his software in full compliance with the GPL, even if it includes +raising legal charges. + + Apart from his technical work, Harald is participating in a number of +non-for-profit organizations such as the CCC[3], FFII[4]. + + Mr. Welte is currently living in Berlin, Germany. + +[1] http://www.hmw-consulting.de/ +[2] http://www.netfilter.org/ +[3] http://www.ccc.de/ +[4] http://www.ffii.org/ + diff --git a/2005/netfilter_administration-cluc2005/netfilter_iptables-cluc2005.mgp b/2005/netfilter_administration-cluc2005/netfilter_iptables-cluc2005.mgp new file mode 100644 index 0000000..10a124b --- /dev/null +++ b/2005/netfilter_administration-cluc2005/netfilter_iptables-cluc2005.mgp @@ -0,0 +1,559 @@ +%include "default.mgp" +%default 1 bgrad +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +%nodefault +%back "blue" + +%center +%size 7 + + +netfilter/iptables tutorial + + +%center +%size 4 +by + +Harald Welte <laforge@netfilter.org> + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +Contents + + + Introduction + Highly Scalable Linux Network Stack + Netfilter Hooks + Packet selection based on IP Tables + The Connection Tracking Subsystem + The NAT Subsystem + Packeet Mangling + Advanced netfilter concepts + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +The GNU GPL Revisited +Introduction + + +Who is speaking to you? + an independent Free Software developer + who earns his living off Free Software since 1997 + who is one of the authors of the Linux kernel firewall system called netfilter/iptables + who can claim to be the first to have enforced the GNU GPL in court + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +Introduction + +Linux and Networking + Linux is a true child of the Internet + Early adopters: ISP's, Universities + Lots of work went into a highly scalable network stack + Not only for client/server, but also for routers + Features unheared of in other OS's + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +Introduction + +Did you know, that a stock 2.6.x linux kernel can provide + + a stateful packet filter ? + fully symmetric NA(P)T ? + policy routing ? + QoS / traffic shaping ? + IPv6 firewalling ? + packet filtering, NA(P)T on a bridge ? + layer 2 (mac) address translation ? + packet forwarding rates of up to 2.1mpps ? + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +Introduction + +Why did we need netfilter/iptables? +Because ipchains... + + has no infrastructure for passing packets to userspace + makes transparent proxying extremely difficult + has interface address dependent Packet filter rules + has Masquerading implemented as part of packet filtering + code is too complex and intermixed with core ipv4 stack + is neither modular nor extensible + only barely supports one special case of NAT (masquerading) + has only stateless packet filtering + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +Introduction + +Who's behind netfilter/iptables + + The core team + Paul 'Rusty' Russel + co-author of iptables in Linux 2.2 + James Morris + Marc Boucher + Harald Welte + Jozsef Kadlecsik + Martin Josefsson + Patrick McHardy + Hundreds of Non-core team contributors + http://www.netfilter.org/scoreboard/ + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +Netfilter Hooks + + What is netfilter? + + System of callback functions within network stack + Callback function to be called for every packet traversing certain point (hook) within network stack + Protocol independent framework + Hooks in layer 3 stacks (IPv4, IPv6, DECnet, ARP) + Multiple kernel modules can register with each of the hooks + +Traditional packet filtering, NAT, ... is implemented on top of this framework + +Can be used for other stuff interfacing with the core network stack, like DECnet routing daemon. + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +Netfilter Hooks + +Netfilter architecture in IPv4 +%font "typewriter" +%size 4 + --->[1]--->[ROUTE]--->[3]--->[4]---> + | ^ + | | + | [ROUTE] + v | + [2] [5] + | ^ + | | + v | +%font "standard" +1=NF_IP_PRE_ROUTING +2=NF_IP_LOCAL_IN +3=NF_IP_FORWARD +4=NF_IP_POST_ROUTING +5=NF_IP_LOCAL_OUT + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +Netfilter Hooks + +Netfilter Hooks + + Any kernel module may register a callback function at any of the hooks + + The module has to return one of the following constants + + NF_ACCEPT continue traversal as normal + NF_DROP drop the packet, do not continue + NF_STOLEN I've taken over the packet do not continue + NF_QUEUE enqueue packet to userspace + NF_REPEAT call this hook again + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +IP tables + + Packet selection using IP tables + + The kernel provides generic IP tables support + + Each kernel module may create it's own IP table + + The four major parts of the firewalling subsystem are implemented using IP tables + Packet filtering table 'filter' + NAT table 'nat' + Packet mangling table 'mangle' + The 'raw' table for conntrack exemptions + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +IP Tables + + Managing chains and tables + + An IP table consists out of multiple chains + A chain consists out of a list of rules + Every single rule in a chain consists out of + match[es] (rule executed if all matches true) + target (what to do if the rule is matched) + +%size 4 +matches and targets can either be builtin or implemented as kernel modules + +%size 5 + The userspace tool iptables is used to control IP tables + handles all different kinds of IP tables + supports a plugin/shlib interface for target/match specific options + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +IP Tables + +Basic iptables commands + + To build a complete iptables command, we must specify + which table to work with + which chain in this table to use + an operation (insert, add, delete, modify) + one or more matches (optional) + a target + +The syntax is +%font "typewriter" +%size 3 +iptables -t table -Operation chain -j target match(es) +%font "standard" +%size 5 + +Example: +%font "typewriter" +%size 3 +iptables -t filter -A INPUT -j ACCEPT -p tcp --dport smtp +%font "standard" +%size 5 + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +IP Tables + +Matches + Basic matches + -p protocol (tcp/udp/icmp/...) + -s source address (ip/mask) + -d destination address (ip/mask) + -i incoming interface + -o outgoing interface + + Match extensions (examples) + tcp/udp TCP/udp source/destination port + icmp ICMP code/type + ah/esp AH/ESP SPID match + mac source MAC address + mark nfmark + length match on length of packet + limit rate limiting (n packets per timeframe) + owner owner uid of the socket sending the packet + tos TOS field of IP header + ttl TTL field of IP header + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +IP Tables + +Targets + very dependent on the particular table. + + Table specific targets will be discussed later + + Generic Targets, always available + ACCEPT accept packet within chain + DROP silently drop packet + QUEUE enqueue packet to userspace + LOG log packet via syslog + ULOG log packet via ulogd + RETURN return to previous (calling) chain + foobar jump to user defined chain + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +Packet Filtering + +Overview + + Implemented as 'filter' table + Registers with three netfilter hooks + + NF_IP_LOCAL_IN (packets destined for the local host) + NF_IP_FORWARD (packets forwarded by local host) + NF_IP_LOCAL_OUT (packets from the local host) + +Each of the three hooks has attached one chain (INPUT, FORWARD, OUTPUT) + +Every packet passes exactly one of the three chains. Note that this is very different compared to the old 2.2.x ipchains behaviour. + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +Packet Filtering + +Targets available within 'filter' table + + Builtin Targets to be used in filter table + ACCEPT accept the packet + DROP silently drop the packet + QUEUE enqueue packet to userspace + RETURN return to previous (calling) chain + foobar user defined chain + + Targets implemented as loadable modules + REJECT drop the packet but inform sender + MIRROR change source/destination IP and resend + LOG log via syslog + ULOG log via userspace + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +Connection Tracking Subsystem + + Connection tracking... + + implemented seperately from NAT + enables stateful filtering + implementation + hooks into NF_IP_PRE_ROUTING to track packets + hooks into NF_IP_POST_ROUTING and NF_IP_LOCAL_IN to see if packet passed filtering rules + protocol modules (currently TCP/UDP/ICMP) + application helpers currently (FTP,IRC,H.323,talk,SNMP) + divides packets in the following four categories + NEW - would establish new connection + ESTABLISHED - part of already established connection + RELATED - is related to established connection + INVALID - (multicast, errors...) + does _NOT_ filter packets itself + can be utilized by iptables using the 'state' match + is used by NAT Subsystem + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +Network Address Translation + + Network Address Translation + + Previous Linux Kernels only implemented one special case of NAT: Masquerading + Linux 2.4.x / 2.6.x can do any kind of NAT. + NAT subsystem implemented on top of netfilter, iptables and conntrack + Following targets available within 'nat' Table + SNAT changes the packet's source whille passing NF_IP_POST_ROUTING + DNAT changes the packet's destination while passing NF_IP_PRE_ROUTING + MASQUERADE is a special case of SNAT + REDIRECT is a special case of DNAT + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +Network Address Translation + + Source NAT + SNAT Example: +%font "typewriter" +%size 3 +iptables -t nat -A POSTROUTING -j SNAT --to-source 1.2.3.4 -s 10.0.0.0/8 +%font "standard" +%size 4 + + MASQUERADE Example: +%font "typewriter" +%size 3 +iptables -t nat -A POSTROUTING -j MASQUERADE -o ppp0 +%font "standard" +%size 5 + + Destination NAT + DNAT example +%font "typewriter" +%size 3 +iptables -t nat -A PREROUTING -j DNAT --to-destination 1.2.3.4:8080 -p tcp --dport 80 -i eth1 +%font "standard" +%size 4 + + REDIRECT example +%font "typewriter" +%size 3 +iptables -t nat -A PREROUTING -j REDIRECT --to-port 3128 -i eth1 -p tcp --dport 80 +%font "standard" +%size 5 + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +Packet Mangling + + Purpose of mangle table + packet manipulation except address manipulation + + Integration with netfilter + 'mangle' table hooks in all five netfilter hooks + priority: after conntrack + + Targets specific to the 'mangle' table: + DSCP - manipulate DSCP field + IPV4OPTSSTRIP - strip IPv4 options + MARK - change the nfmark field of the skb + TCPMSS - set TCP MSS option + TOS - manipulate the TOS bits + TTL - set / increase / decrease TTL field + +Simple example: +%font "typewriter" +%size 3 +iptables -t mangle -A PREROUTING -j MARK --set-mark 10 -p tcp --dport 80 + + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +Packet Mangling + + Purpose of mangle table + packet manipulation except address manipulation + Targets specific to the 'mangle' table: + DSCP - manipulate DSCP field + IPV4OPTSSTRIP - strip IPv4 options + MARK - change the nfmark field of the skb + TOS - manipulate the TOS bits + TTL - set / increase / decrease TTL field + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +The raw Table + + Purpose of mangle table + to allow for filtering rules _before_ conntrack + Targets specific to the 'raw' table: + NOTRACK - Don't do connection tracking + + The table can also be useful for flood protection rules that happen before traversing the (computational) expensive connection tracking subsystem. + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +Advanced Netfilter concepts + +%size 4 + Userspace logging + flexible replacement for old syslog-based logging + packets to userspace via multicast netlink sockets + easy-to-use library (libipulog) + plugin-extensible userspace logging daemon (ulogd) + Can even be used to directly log into MySQL + + Queuing + reliable asynchronous packet handling + packets to userspace via unicast netlink socket + easy-to-use library (libipq) + provides Perl bindings + experimental queue multiplex daemon (ipqmpd) + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +Advanced Netfilter concepts + + Firewalling on a Bridge (ebtables + iptables) + totally transparent to layer 2 and above + no attack vector since firewall has no IP address + even possible to do NAT on the bridge + or even NAT of MAC addresses + + ipset - Faster matching + iptables are a linear list of rules + ipset represents a 'group' scheme + Implements different data types for different applications + hash table (for random addresses) + bitmask (for let's say a /24 network) + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +Advanced Netfilter concepts + + Matches + account, addrtype, ah, childleve, comment, condition, connbytes, connlimit, connmark, connrate, conntrack, dscp, dstlimit, ecn, esp, fuzzy, hashlimit, helper, icmp, iprange, ipv4options, length, limit, mac, mark, mport, multiport, nth, osf, owner, physdev, pkttype, pool, psd, quota, random, realm, recent, record_rpc, rpc, sctp, set, standard, state, string, tcp, tcpmss, time, tos, ttl, u32, udp, unclean + + Targets + BALANCE, CLASSIFY, CLUSTERIP, CONNMARK, DNAT, DSCP, ECN, FTOS, IPMARK, IPV4OPTSSTRIP, LOG, MARK, MASQUERADE, MIRROR, NETLINK, NETMAP, NOTRACK, POOL, REDIRECT, REJECT, ROUTE, SAME, SET, SNAT, TARPIT, TCPLAG, TCPMSS, TOS, TRACE, TTL, ULOG, XOR + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +Advanced Netfilter concepts + + ipv6 packet filtering + ip6tables almost identical to iptables + no connection tracking in mainline yet, but patches exist + ip6_tables + initial copy+paste 'port' by USAGI + was not accepted because of code duplication + nf_conntrack + generalized connection tracking, supports ipv4 and ipv6 + mutually exclusive with ip_conntrack + as of now, no ipv4 nat on to of nf_conntrack + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +Linux Policy Routing + + Policy Routing (iproute2) + Allows routing decisions on arbitrary information + Provides up to 255 different routing tables within one system + By combining via nfmark with iptables, any matches of the packet filter can be used for the routing decision + Very useful in complex setups with mutiple links (e.g. multiple DSL uplinks with dynamic addresses, asymmetric routing, ...) + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +Linux Traffic Shaping + + Traffic Control (tc) + Framework for lots of algorithms like RED,SFQ,TBF,CBQ,CSZ,GRED,HTB + Very granular control, especially for very low bandwidth links + Present since Linux 2.2.x but still not used widely + Lack of documentation, but situation is improving (www.lartc.org) + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +Thanks + + Thanks to + the BBS scene, Z-Netz, FIDO, ... + for heavily increasing my computer usage in 1992 + KNF (http://www.franken.de/) + for bringing me in touch with the internet as early as 1994 + for providing a playground for technical people + for telling me about the existance of Linux! + Alan Cox, Alexey Kuznetsov, David Miller, Andi Kleen + for implementing (one of?) the world's best TCP/IP stacks + Paul 'Rusty' Russell + for starting the netfilter/iptables project + for trusting me to maintain it today + Astaro AG + for sponsoring parts of my netfilter work +%size 3 + The slides and the an according paper of this presentation are available at http://www.gnumonks.org/ +%size 3 diff --git a/2005/netfilter_iptables-cluc2005/abstract b/2005/netfilter_iptables-cluc2005/abstract new file mode 100644 index 0000000..1aab81a --- /dev/null +++ b/2005/netfilter_iptables-cluc2005/abstract @@ -0,0 +1,56 @@ +Title: TheFuture of Linux Firewalling + +Abstract: + +The netfilter/iptables system is about five years old. With Linux kernel 2.4.x +being already deprecated by 2.6.x during the last two years, even 'old' linux +systems are using netfilter/iptables as their packet filtering subsystem. + +netfilter/iptables is no doubt a big improvement over the old ipchains system +in the 2.2.x kernels. Hoewever, as with any project - after wide deployment +for some time, we start to discover aspects that can be implemented more +cleanly, more efficently. + +The constant innovation and development of new applications and protocols (like +SIP) on the internet also raise new requirements towards the linux packet +filter. + +So the question is: Is it time for yet another generation of the linux packet +filtering subsystem? Will the tradition of change +(ipfwadm->ipchains->iptables->?) be continued? Or can we integrate all +necessarry changes within the current framework? + +The presentation will cover a summary of the problems with the current +netfilter/iptables implementation and describe the proposed solutions. + +Intended Audience: System and Network Administrators + +Prerequsites: Knowledge about Packet Filters. Usage of iptables. + +About the Speaker: + + Harald Welte is the chairman of the netfilter/iptables core team. + + His main interest in computing has always been networking. In the few time +left besides netfilter/iptables related work, he's writing obscure documents +like the "UUCP over SSL HOWTO" or "A packet's journey through the Linux network +stack". Other kernel-related projects he has been contributing are user mode +linux, the international (crypto) kernel patch, device drivers and the +neighbour cache. + + He has been working as an independent IT Consultant working on projects for +various companies ranging from banks to manufacturers of networking gear. +During the year 2001 he was living in Curitiba (Brazil), where he got +sponsored for his Linux related work by Conectiva Inc. + + Starting with February 2002, Harald has been contracted part-time by +<a href="http://www.astaro.com/">Astaro AG</a>, who are sponsoring him for his +current netfilter/iptables work. + + Aside from the Astaro sponsoring, he continues to work as a freelancing +kernel developer and network security consultant. + + He licenses his software under the terms of the GNU GPL. He is determined to bring all users, distributors, value added resellers and vendors of netfilter/iptables based products in full compliance with the GPL, even if it includes raising legal charges. + + Harald is living in Berlin, Germany. + diff --git a/2005/netfilter_iptables-cluc2005/netfilter_iptables-cluc2005.mgp b/2005/netfilter_iptables-cluc2005/netfilter_iptables-cluc2005.mgp new file mode 100644 index 0000000..7830fff --- /dev/null +++ b/2005/netfilter_iptables-cluc2005/netfilter_iptables-cluc2005.mgp @@ -0,0 +1,540 @@ +%include "default.mgp" +%default 1 bgrad +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +%nodefault +%back "blue" + +%center +%size 7 + + +Firewalling with netfilter/iptables + + +%center +%size 4 +by + +Harald Welte <laforge@netfilter.org> + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +Firewalling with netfilter/iptables +Contents + + + Introduction + Highly Scalable Linux Network Stack + Netfilter Hooks + Packet selection based on IP Tables + The Connection Tracking Subsystem + The NAT Subsystem + Packet Mangling + Advanced netfilter concepts + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +The GNU GPL Revisited +Introduction + + +Who is speaking to you? + an independent Free Software developer + who earns his living off Free Software since 1997 + who is one of the authors of the Linux kernel firewall system called netfilter/iptables + who can claim to be the first to have enforced the GNU GPL in court + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +Firewalling with netfilter/iptables +Introduction + +Linux and Networking + Linux is a true child of the Internet + Early adopters: ISP's, Universities + Lots of work went into a highly scalable network stack + Not only for client/server, but also for routers + Features unheared of in other OS's + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +Firewalling with netfilter/iptables +Introduction + +Did you know, that a stock 2.6.x linux kernel can provide + + a stateful packet filter ? + fully symmetric NA(P)T ? + policy routing ? + QoS / traffic shaping ? + IPv6 firewalling ? + packet filtering, NA(P)T on a bridge ? + layer 2 (mac) address translation ? + packet forwarding rates of up to 2.1mpps ? + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +Firewalling with netfilter/iptables +Introduction + +Why did we need netfilter/iptables? +Because ipchains... + + has no infrastructure for passing packets to userspace + makes transparent proxying extremely difficult + has interface address dependent Packet filter rules + has Masquerading implemented as part of packet filtering + code is too complex and intermixed with core ipv4 stack + is neither modular nor extensible + only barely supports one special case of NAT (masquerading) + has only stateless packet filtering + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +Firewalling with netfilter/iptables +Netfilter Hooks + + What is netfilter? + + System of callback functions within network stack + Callback function to be called for every packet traversing certain point (hook) within network stack + Protocol independent framework + Hooks in layer 3 stacks (IPv4, IPv6, DECnet, ARP) + Multiple kernel modules can register with each of the hooks + +Traditional packet filtering, NAT, ... is implemented on top of this framework + +Can be used for other stuff interfacing with the core network stack, like DECnet routing daemon. + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +Firewalling with netfilter/iptables +Netfilter Hooks + +Netfilter architecture in IPv4 +%font "typewriter" +%size 4 + --->[1]--->[ROUTE]--->[3]--->[4]---> + | ^ + | | + | [ROUTE] + v | + [2] [5] + | ^ + | | + v | +%font "standard" +1=NF_IP_PRE_ROUTING +2=NF_IP_LOCAL_IN +3=NF_IP_FORWARD +4=NF_IP_POST_ROUTING +5=NF_IP_LOCAL_OUT + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +Firewalling with netfilter/iptables +Netfilter Hooks + +Netfilter Hooks + + Any kernel module may register a callback function at any of the hooks + + The module has to return one of the following constants + + NF_ACCEPT continue traversal as normal + NF_DROP drop the packet, do not continue + NF_STOLEN I've taken over the packet do not continue + NF_QUEUE enqueue packet to userspace + NF_REPEAT call this hook again + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +Firewalling with netfilter/iptables +IP tables + + Packet selection using IP tables + + The kernel provides generic IP tables support + + Each kernel module may create it's own IP table + + The four major parts of the firewalling subsystem are implemented using IP tables + Packet filtering table 'filter' + NAT table 'nat' + Packet mangling table 'mangle' + The 'raw' table for conntrack exemptions + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +Firewalling with netfilter/iptables +IP Tables + + Managing chains and tables + + An IP table consists out of multiple chains + A chain consists out of a list of rules + Every single rule in a chain consists out of + match[es] (rule executed if all matches true) + target (what to do if the rule is matched) + +%size 4 +matches and targets can either be builtin or implemented as kernel modules + +%size 5 + The userspace tool iptables is used to control IP tables + handles all different kinds of IP tables + supports a plugin/shlib interface for target/match specific options + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +Firewalling with netfilter/iptables +IP Tables + +Basic iptables commands + + To build a complete iptables command, we must specify + which table to work with + which chain in this table to use + an operation (insert, add, delete, modify) + one or more matches (optional) + a target + +The syntax is +%font "typewriter" +%size 3 +iptables -t table -Operation chain -j target match(es) +%font "standard" +%size 5 + +Example: +%font "typewriter" +%size 3 +iptables -t filter -A INPUT -j ACCEPT -p tcp --dport smtp +%font "standard" +%size 5 + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +Firewalling with netfilter/iptables +IP Tables + +Matches + Basic matches + -p protocol (tcp/udp/icmp/...) + -s source address (ip/mask) + -d destination address (ip/mask) + -i incoming interface + -o outgoing interface + + Match extensions (examples) + tcp/udp TCP/udp source/destination port + icmp ICMP code/type + ah/esp AH/ESP SPID match + mac source MAC address + mark nfmark + length match on length of packet + limit rate limiting (n packets per timeframe) + owner owner uid of the socket sending the packet + tos TOS field of IP header + ttl TTL field of IP header + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +Firewalling with netfilter/iptables +IP Tables + +Targets + very dependent on the particular table. + + Table specific targets will be discussed later + + Generic Targets, always available + ACCEPT accept packet within chain + DROP silently drop packet + QUEUE enqueue packet to userspace + LOG log packet via syslog + ULOG log packet via ulogd + RETURN return to previous (calling) chain + foobar jump to user defined chain + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +Firewalling with netfilter/iptables +Packet Filtering + +Overview + + Implemented as 'filter' table + Registers with three netfilter hooks + + NF_IP_LOCAL_IN (packets destined for the local host) + NF_IP_FORWARD (packets forwarded by local host) + NF_IP_LOCAL_OUT (packets from the local host) + +Each of the three hooks has attached one chain (INPUT, FORWARD, OUTPUT) + +Every packet passes exactly one of the three chains. Note that this is very different compared to the old 2.2.x ipchains behaviour. + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +Firewalling with netfilter/iptables +Packet Filtering + +Targets available within 'filter' table + + Builtin Targets to be used in filter table + ACCEPT accept the packet + DROP silently drop the packet + QUEUE enqueue packet to userspace + RETURN return to previous (calling) chain + foobar user defined chain + + Targets implemented as loadable modules + REJECT drop the packet but inform sender + MIRROR change source/destination IP and resend + LOG log via syslog + ULOG log via userspace + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +Firewalling with netfilter/iptables +Connection Tracking Subsystem + + Connection tracking... + + implemented seperately from NAT + enables stateful filtering + implementation + hooks into NF_IP_PRE_ROUTING to track packets + hooks into NF_IP_POST_ROUTING and NF_IP_LOCAL_IN to see if packet passed filtering rules + protocol modules (currently TCP/UDP/ICMP) + application helpers currently (FTP,IRC,H.323,talk,SNMP) + divides packets in the following four categories + NEW - would establish new connection + ESTABLISHED - part of already established connection + RELATED - is related to established connection + INVALID - (multicast, errors...) + does _NOT_ filter packets itself + can be utilized by iptables using the 'state' match + is used by NAT Subsystem + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +Firewalling with netfilter/iptables +Network Address Translation + + Network Address Translation + + Previous Linux Kernels only implemented one special case of NAT: Masquerading + Linux 2.4.x / 2.6.x can do any kind of NAT. + NAT subsystem implemented on top of netfilter, iptables and conntrack + Following targets available within 'nat' Table + SNAT changes the packet's source whille passing NF_IP_POST_ROUTING + DNAT changes the packet's destination while passing NF_IP_PRE_ROUTING + MASQUERADE is a special case of SNAT + REDIRECT is a special case of DNAT + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +Firewalling with netfilter/iptables +Network Address Translation + + Source NAT + SNAT Example: +%font "typewriter" +%size 3 +iptables -t nat -A POSTROUTING -j SNAT --to-source 1.2.3.4 -s 10.0.0.0/8 +%font "standard" +%size 4 + + MASQUERADE Example: +%font "typewriter" +%size 3 +iptables -t nat -A POSTROUTING -j MASQUERADE -o ppp0 +%font "standard" +%size 5 + + Destination NAT + DNAT example +%font "typewriter" +%size 3 +iptables -t nat -A PREROUTING -j DNAT --to-destination 1.2.3.4:8080 -p tcp --dport 80 -i eth1 +%font "standard" +%size 4 + + REDIRECT example +%font "typewriter" +%size 3 +iptables -t nat -A PREROUTING -j REDIRECT --to-port 3128 -i eth1 -p tcp --dport 80 +%font "standard" +%size 5 + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +Firewalling with netfilter/iptables +Packet Mangling + + Purpose of mangle table + packet manipulation except address manipulation + + Integration with netfilter + 'mangle' table hooks in all five netfilter hooks + priority: after conntrack + + Targets specific to the 'mangle' table: + DSCP - manipulate DSCP field + IPV4OPTSSTRIP - strip IPv4 options + MARK - change the nfmark field of the skb + TCPMSS - set TCP MSS option + TOS - manipulate the TOS bits + TTL - set / increase / decrease TTL field + +Simple example: +%font "typewriter" +%size 3 +iptables -t mangle -A PREROUTING -j MARK --set-mark 10 -p tcp --dport 80 + + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +Firewalling with netfilter/iptables +Packet Mangling + + Purpose of mangle table + packet manipulation except address manipulation + Targets specific to the 'mangle' table: + DSCP - manipulate DSCP field + IPV4OPTSSTRIP - strip IPv4 options + MARK - change the nfmark field of the skb + TOS - manipulate the TOS bits + TTL - set / increase / decrease TTL field + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +Firewalling with netfilter/iptables +The raw Table + + Purpose of mangle table + to allow for filtering rules _before_ conntrack + Targets specific to the 'raw' table: + NOTRACK - Don't do connection tracking + + The table can also be useful for flood protection rules that happen before traversing the (computational) expensive connection tracking subsystem. + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +Firewalling with netfilter/iptables +Advanced Netfilter concepts + +%size 4 + Userspace logging + flexible replacement for old syslog-based logging + packets to userspace via multicast netlink sockets + easy-to-use library (libipulog) + plugin-extensible userspace logging daemon (ulogd) + Can even be used to directly log into MySQL + + Queuing + reliable asynchronous packet handling + packets to userspace via unicast netlink socket + easy-to-use library (libipq) + provides Perl bindings + experimental queue multiplex daemon (ipqmpd) + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +Firewalling with netfilter/iptables +Advanced Netfilter concepts + + Firewalling on a Bridge (ebtables + iptables) + totally transparent to layer 2 and above + no attack vector since firewall has no IP address + even possible to do NAT on the bridge + or even NAT of MAC addresses + + ipset - Faster matching + iptables are a linear list of rules + ipset represents a 'group' scheme + Implements different data types for different applications + hash table (for random addresses) + bitmask (for let's say a /24 network) + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +Firewalling with netfilter/iptables +Advanced Netfilter concepts + + Matches + account, addrtype, ah, childleve, comment, condition, connbytes, connlimit, connmark, connrate, conntrack, dscp, dstlimit, ecn, esp, fuzzy, hashlimit, helper, icmp, iprange, ipv4options, length, limit, mac, mark, mport, multiport, nth, osf, owner, physdev, pkttype, pool, psd, quota, random, realm, recent, record_rpc, rpc, sctp, set, standard, state, string, tcp, tcpmss, time, tos, ttl, u32, udp, unclean + + Targets + BALANCE, CLASSIFY, CLUSTERIP, CONNMARK, DNAT, DSCP, ECN, FTOS, IPMARK, IPV4OPTSSTRIP, LOG, MARK, MASQUERADE, MIRROR, NETLINK, NETMAP, NOTRACK, POOL, REDIRECT, REJECT, ROUTE, SAME, SET, SNAT, TARPIT, TCPLAG, TCPMSS, TOS, TRACE, TTL, ULOG, XOR + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +Firewalling with netfilter/iptables +Advanced Netfilter concepts + + ipv6 packet filtering + ip6tables almost identical to iptables + no connection tracking in mainline yet, but patches exist + ip6_tables + initial copy+paste 'port' by USAGI + was not accepted because of code duplication + nf_conntrack + generalized connection tracking, supports ipv4 and ipv6 + mutually exclusive with ip_conntrack + as of now, no ipv4 nat on to of nf_conntrack + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +Firewalling with netfilter/iptables +Linux Policy Routing + + Policy Routing (iproute2) + Allows routing decisions on arbitrary information + Provides up to 255 different routing tables within one system + By combining via nfmark with iptables, any matches of the packet filter can be used for the routing decision + Very useful in complex setups with mutiple links (e.g. multiple DSL uplinks with dynamic addresses, asymmetric routing, ...) + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +Firewalling with netfilter/iptables +Linux Traffic Shaping + + Traffic Control (tc) + Framework for lots of algorithms like RED,SFQ,TBF,CBQ,CSZ,GRED,HTB + Very granular control, especially for very low bandwidth links + Present since Linux 2.2.x but still not used widely + Lack of documentation, but situation is improving (www.lartc.org) + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +Firewalling with netfilter/iptables +Thanks + + Thanks to + the BBS scene, Z-Netz, FIDO, ... + for heavily increasing my computer usage in 1992 + KNF (http://www.franken.de/) + for bringing me in touch with the internet as early as 1994 + for providing a playground for technical people + for telling me about the existance of Linux! + Alan Cox, Alexey Kuznetsov, David Miller, Andi Kleen + for implementing (one of?) the world's best TCP/IP stacks + Paul 'Rusty' Russell + for starting the netfilter/iptables project + for trusting me to maintain it today + Astaro AG + for sponsoring parts of my netfilter work +%size 3 + The slides and the an according paper of this presentation are available at http://www.gnumonks.org/ +%size 3 diff --git a/2005/netfilter_nextgen-bangalore2005/abstract.txt b/2005/netfilter_nextgen-bangalore2005/abstract.txt new file mode 100644 index 0000000..0d3f97c --- /dev/null +++ b/2005/netfilter_nextgen-bangalore2005/abstract.txt @@ -0,0 +1,32 @@ +First steps towards the next generation netfilter subsystem + +Until 2.6, every new kernel version came with its own incarnation of a packet +filter: ipfw, ipfwadm, ipchains, iptables. 2.6.x still had iptables. What was +wrong? Or was iptables good enough to last even two generations? + +In reality the netfilter project is working on gradually transforming the +existing framework into something new. Some of those changes are transparent +to the user, so they slip into a kernel release almost unnoticed. However, +for expert users and developers those changes are noteworthy anyway. + +Some other changes just extend the existing framework, so most users again +won't even notice them - they just don't take advantage of those new features. + +The 2.6.14 kernel release will mark a milestone, since it is scheduled to +contain nfnetlink, ctnetlink, nfnetlink_queue and nfnetlink_log - basically a +totally new netlink-based kernel/userspace interface for most parts of the +netfilter subsystem. + +nf_conntrack, a generic layer-3 independent connection tracking subsystem, +initially supporting IPv4 and IPv6, is also in the queue of pending patches. +Chances are high that it will be included in the mainline kernel at the time +this paper is presented at Linux Kongress. + +Another new subsystem within the framework is the "ipset" filter, basically an +alternative to using iptables in certain areas. + +The presentation will cover a timeline of recent advances in the netfilter +world, and describe each of the new features in detail. It will also summarize +the results of the annual netfilter development workshop, which is scheduled +just the week before Linux Kongress. + diff --git a/2005/netfilter_nextgen-bangalore2005/biography.txt b/2005/netfilter_nextgen-bangalore2005/biography.txt new file mode 100644 index 0000000..21758e7 --- /dev/null +++ b/2005/netfilter_nextgen-bangalore2005/biography.txt @@ -0,0 +1,27 @@ + Harald Welte is the chairman of the netfilter/iptables core team. + + His main interest in computing has always been networking. In the few time +left besides netfilter/iptables related work, he's writing obscure documents +like the "UUCP over SSL HOWTO" or "A packet's journey through the Linux network +stack". Other kernel-related projects he has been contributing to are random +netowrking hacks, some device driver work and the neighbour cache. + + He has been working as an independent IT Consultant working on projects for +various companies ranging from banks to manufacturers of networking gear. +During the year 2001 he was living in Curitiba (Brazil), where he got +sponsored for his Linux related work by Conectiva Inc. + + Starting with February 2002, Harald has been contracted part-time by +Astaro AG, who are sponsoring him for his current netfilter/iptables work. +Aside from the Astaro sponsoring, he continues to work as a freelancing kernel +developer and network security consultant. + + He licenses his software under the terms of the GNU GPL. Sometimes users of +his software are not compliant with the license, so he started enforcing the +GPL with his gpl-violations.org project. + + During the last year, Harald has started development of a free, GPL-licensed +Linux RFID and electronic passport software suite. + +Harald is living in Berlin, Germany. + diff --git a/2005/netfilter_nextgen-bangalore2005/netfilter_nextgen-lk2005.xml b/2005/netfilter_nextgen-bangalore2005/netfilter_nextgen-lk2005.xml new file mode 100644 index 0000000..a992555 --- /dev/null +++ b/2005/netfilter_nextgen-bangalore2005/netfilter_nextgen-lk2005.xml @@ -0,0 +1,341 @@ +<?xml version='1.0' encoding='ISO-8859-1'?> +<!DOCTYPE article PUBLIC '-//OASIS//DTD DocBook XML V4.3//EN' 'http://www.docbook.org/xml/4.3/docbookx.dtd'> + +<article id="rfid_introduction-ds"> + +<articleinfo> + <title>First steps towards the next generation netfilter subsystem</title> + <authorgroup> + <author> + <personname> + <firstname>Harald</firstname> + <surname>Welte</surname> + </personname> + <!-- + <personblurb>Harald Welte</personblurb> + <affiliation> + <orgname>netfilter core team</orgname> + <address> + <email>laforge@netfilter.org</email> + </address> + </affiliation> + + --> + <email>laforge@netfilter.org</email> + </author> + </authorgroup> + <copyright> + <year>2005</year> + <holder>Harald Welte <laforge@netfilter.org> </holder> + </copyright> + <date>Sep 21, 2005</date> + <edition>1</edition> + <!-- <orgname>netfilter core team</orgname> --> + <releaseinfo> + 1.0 + </releaseinfo> + + <abstract> + +<para> +Until 2.6, every new kernel version came with its own incarnation of a packet +filter: ipfw, ipfwadm, ipchains, iptables. 2.6.x still had iptables. What was +wrong? Or was iptables good enough to last even two generations? +</para> +<para> +In reality the netfilter project is working on gradually transforming the +existing framework into something new. Some of those changes are transparent to +the user, so they slip into a kernel release almost unnoticed. However, for +expert users and developers those changes are noteworthy anyway. +</para> +<para> +Some other changes just extend the existing framework, so most users again +won't even notice them - they just don't take advantage of those new features. +</para> +<para> +The 2.6.14 kernel release will mark a milestone, since it is scheduled to +contain nfnetlink, ctnetlink, nfnetlink_queue and nfnetlink_log - basically a +totally new netlink-based kernel/userspace interface for most parts of the +netfilter subsystem. +</para> +<para> +nf_conntrack, a generic layer-3 independent connection tracking subsystem, +initially supporting IPv4 and IPv6, is also in the queue of pending patches. +Chances are high that it will be included in the mainline kernel at the time +this paper is presented at Linux Kongress. +</para> +<para> +Another new subsystem within the framework is the "ipset" filter, basically an +alternative to using iptables in certain areas. +</para> +<para> +The presentation (but not this paper) will also summarize the results of the +annual netfilter development workshop, which is scheduled just the week before +Linux Kongress. +</para> + </abstract> + +</articleinfo> + +<section> +<title>nfnetlink</title> +<para> +In the current (pre-2.6.14) linux kernel, there is no unified communications +infrastructure used by all parts of the netfilter/iptables subsystem. Some +parameters can be read from /proc, some can be set via sysctl, some as module +load time parameters. The iptables configuraiton happens via get/setsockopt, +and the userspace queueing and logging use two separate (scarce) netlink family +numbers. +</para> +<para> +Most of the network stack is controlled via netlink. Examples are routing +tables, routing policy, interface configuration, traffic control and ipsec. +</para> +<para> +nfnetlink is the answer for all netfilter-related kernel/userspace interaction. +It provides a thin layer on top of netlink. The nfnetlink code in the kernel +has its userspace counterpart called "libnfnetlink". +</para> +</section> + +<section> +<title>conntrack event API</title> +<para> +For some applications (such as state replication or flow-based accounting) it +is interesting to learn about conntrack state changes. +</para> +<para> +The new conntrack event API provides in-kernel notification of conntrack event changes via a standard <structname>notifier_chain</structname>. +</para> +</section> + +<section> +<title>nfnetlink_conntrack (aka ctnetlink)</title> +<para> +nfnetlink_conntrack is a nfnetlink-based interface for reading, dumping and +manipulating connection tracking state from userspace. +</para> +<para> +The most straight-forward application is to obtain a list of currently tracked +connections. In pre-2.6.14 kernels, this can only be via the ugly +<filename>/proc/net/ip_conntrack</filename> virtual file. The file-based +access is slow, unreliable, suboptimal and doesn't allow for efficient +searching. +</para> +<para> +However, certain monitoring applications or e.g. a NAT-aware identd +implementation have demand for efficient fine-grained access. +</para> +<para> +Also, the administrator might want to selectively delete connection tracking +entries, or even flush the whole table. In pre-2.6.14, there i no intrface for +that apart from the "rmmod ip_conntrack; modprobe ip_conntrack" kludge. +</para> +<para> +Addidional (future) users of ctnetlink are connection tracking helpers in +userspace. Imagine something like a hybrid between transparent proxying and +the current in-kernel helpers. Get the features of running insensitive +userspace code that cannot crash your kernel, and still retain the benefits of +e.g. not having to do userspace processing on ftp data (but only control) +packets. +</para> +</section> + +<section> +<title>libnfnetlink_conntrack</title> +<para> +libnfnetlink_conntrack is the userspace counterpart to nfnetlink_conntrack +inside the kernel. It constructs and parses nfnetlink packets and thus +provides a "function and struct" style C API. +</para> +</section> + +<section> +<title>The "conntrack" program</title> +<para> +The <command>conntrack</command> command is a userspace program linked against +libnfnetlink_conntrack. It allows commandline-level acces to the connection +tracking table. +</para> +<para> +<command>conntrack</command> supports listing, deleting, updating, flushing and +even creating connection tracking entries. It also allows listing, deleting +and updating of conntrack expectations. +</para> +</section> + +<section> +<title>nf_queue</title> +<para> +nf_queue is not really something new, but still very little people have known +it until now. The 2.4.x netfilter subsystem first introduced a generic +packet queueing mechanism for asynchronously sending packets to userspace (and +reinjecting them or a verdict. This mechanism is mostly known as ip_queue, or +the QUEUE target. +</para> +<para> +In reality, ip_queue sits in top of a small layer called nf_queue. nf_queue +allows for one netfilter queue handler per network protocol family. All +netfilter hooks within this protocol family that return the NF_QUEUE verdict +will send the packet to this nf_queue handler. +</para> +<para> +In the existing 2.4.x and pre-2.6.14 code, the mainline kernel only had one +queue handler: ip_queue. This basically means that only IP packets could be +queued for an unserspace process. +</para> +<para> +Outside of the official kernel tree, a "copy+paste" port of ip_queue was made +to IPv6. The netfilter/iptables project has had enough copy+paste style +"ports" due to architectural limitations. Therefore the code was not accepted +into the mainline kernel. Rather, work on a generic replacement was continued. +</para> +<para> +Which log handler is to be used for what protocol family can now be configured +via nfnetlink_queue (see below). The current status can also be read from +<filename>/proc/net/netfilter/nf_queue</filename>. +</para> +</section> + +<section> +<title>nfnetlink_queue</title> +<para> +nfnetlink_queue is a nfnetlink-based and layer 3 protocol independent +replacement of ip_queue. +</para> +<para> +It provides all features of ip_queue for packets independent of their protocol. +</para> +<para> +In addition to mere replication of ip_queue functionality, it fixes the most +funamental problem with the old ip_queue code: That there was only one global +queue, and there could only be one userspace process attached to it. +</para> +<para> +nfnetlink_queue supports up to 65535 different dynamically-created queues. +Packets can be put into a specific queue by using the NFQUEUE target. For +backwards compatibility, packets coming from the iptables QUEUE target will be +placed in queue number 0. +</para> +<para> +Userspace processes can now also receive additional packet metadata such as the +PHYSINDEV/PHYSOUTDEV devices in case of bridging. +</para> +</section> + +<section> +<title>libnfnetlink_queue</title> +<para> +The library libnfnetlink_queue is the userspace counterpart to nfnetlink_queue +inside the kernel. It provides an easy-to-use C language interface to packet +usrespace queueing. +</para> +<para> +For legacy applications using <filename>libipq</filename>, an API-compatible +(but not ABI-compatible) libipq replacement is available together with +libnfnetlink_queue. +</para> +</section> + +<section> +<title>nf_log</title> +<para> +Traditionally, netfilter itself doesn't provide any packet logging +infrastructure. Only iptables provides the LOG target (for klogd/syslogd +logging). In 2001, the ULOG target was added to support more efficient logging +via a dedicated netlink socket. +</para> +<para> +When the TCP window tracking code was introduced, the requirement for +logging packets (such as TCP out of window packets) from non-iptables code +became immediate. +</para> +<para> +Instead of a more generic solution, it was decided to have module load time +parameters (nf_log) decide whether ipt_LOG or ipt_ULOG register as "internal +logging backend" that can be used by conntrack. +</para> +<para> +In 2.6.14, nf_log became a first-class citizen. This means that the iptables +LOG target doesn't do any direct logging. Instead it registers as a nf_log +backend with the core, and calls the nf_log frontend when it wishes to log a +packet. +</para> +<para> +The nf_log core can then decide whether to log the packet using the ipt_LOG +provided syslog backend, or via old style ipt_ULOG netlink logging, or the +newly-introduced nfnetlink_log mechanism (see below). +</para> +<para> +Which log handler is to be used for what protocol family can be configured +via nfnetlink (see below). The current status can also be read from +<filename>/proc/net/netfilter/nf_log</filename>. +</para> +</section> + +<section> +<title>nfnetlink_log</title> +<para> +nfnetlink_log is for logging what nfnetlink_queue is for queueing. It takes +the ideas of the ipt_ULOG target and reimplements them in a layer 3 protocol +independent fashion, as well as shifts the transport layer on top of nfnetlink. +</para> +<para> +ipt_ULOG already allowed for up to 32 logging groups, whcih seemed to be enough +in all practical cases. To be more orthogonal to nfnetlink_queue, +nfnetlink_log now also suports 65535 logging groups, each of which can be +terminated by a different logging process. +</para> +</section> + +<section> +<title>libnfnetlink_log</title> +<para> +Orthogonal to libnfnetlink_queue, libnfnetlink_log is the userspace counterpart +to nfnetlink_log in the kernel. +</para> +<para> +libnfnetlink_log also provides a libipulog backwards compatibility API. +</para> +</section> + +<section> +<title>Flow based accounting</title> +<para> +The fundamental idea of flow-based (or more correctly: connection-based) +accounting is to keep per-connection byte an packet counters within the connection tracking table. +</para> +<para> +On firewall systems that already use ip_conntrack, keeping those per-connection +counters only adds very little overhead to the existing connection tracking, +and is thus almost free. +</para> +<para> +Internally, flow-based accounting uses both the conntrack event API and +nfnetlink_conntrack. +</para> +<para> +For a more detailed description of flow based accounting and the motivations +behind it, please refer to my paper on flow based accounting published in the +proceedings of Linuxtag 2005. +</para> +</section> + +<section> +<title>nf_conntrack</title> +<para> +nf_conntrack is a generalized version of ip_conntrack. This generalization is +required to provide connection tracking for non-ipv4 protcols. Currently only +IPv4 and IPv6 are supported in nf_conntrack. +</para> +<para> +The architecture of nf_conntrack is almost exactly the same like ip_conntrack, +only +</para> +<para> +nf_conntrack is not in the 2.6.14 kernel series but will very likely be merged +during the early 2.6.15 development process. The latest nf_conntrack version can be obtained from the netfilter-2.6 git tree. +</para> +</section> + +</article> diff --git a/2005/netfilter_nextgen-lk2005/abstract.txt b/2005/netfilter_nextgen-lk2005/abstract.txt new file mode 100644 index 0000000..0d3f97c --- /dev/null +++ b/2005/netfilter_nextgen-lk2005/abstract.txt @@ -0,0 +1,32 @@ +First steps towards the next generation netfilter subsystem + +Until 2.6, every new kernel version came with its own incarnation of a packet +filter: ipfw, ipfwadm, ipchains, iptables. 2.6.x still had iptables. What was +wrong? Or was iptables good enough to last even two generations? + +In reality the netfilter project is working on gradually transforming the +existing framework into something new. Some of those changes are transparent +to the user, so they slip into a kernel release almost unnoticed. However, +for expert users and developers those changes are noteworthy anyway. + +Some other changes just extend the existing framework, so most users again +won't even notice them - they just don't take advantage of those new features. + +The 2.6.14 kernel release will mark a milestone, since it is scheduled to +contain nfnetlink, ctnetlink, nfnetlink_queue and nfnetlink_log - basically a +totally new netlink-based kernel/userspace interface for most parts of the +netfilter subsystem. + +nf_conntrack, a generic layer-3 independent connection tracking subsystem, +initially supporting IPv4 and IPv6, is also in the queue of pending patches. +Chances are high that it will be included in the mainline kernel at the time +this paper is presented at Linux Kongress. + +Another new subsystem within the framework is the "ipset" filter, basically an +alternative to using iptables in certain areas. + +The presentation will cover a timeline of recent advances in the netfilter +world, and describe each of the new features in detail. It will also summarize +the results of the annual netfilter development workshop, which is scheduled +just the week before Linux Kongress. + diff --git a/2005/netfilter_nextgen-lk2005/biography.txt b/2005/netfilter_nextgen-lk2005/biography.txt new file mode 100644 index 0000000..21758e7 --- /dev/null +++ b/2005/netfilter_nextgen-lk2005/biography.txt @@ -0,0 +1,27 @@ + Harald Welte is the chairman of the netfilter/iptables core team. + + His main interest in computing has always been networking. In the few time +left besides netfilter/iptables related work, he's writing obscure documents +like the "UUCP over SSL HOWTO" or "A packet's journey through the Linux network +stack". Other kernel-related projects he has been contributing to are random +netowrking hacks, some device driver work and the neighbour cache. + + He has been working as an independent IT Consultant working on projects for +various companies ranging from banks to manufacturers of networking gear. +During the year 2001 he was living in Curitiba (Brazil), where he got +sponsored for his Linux related work by Conectiva Inc. + + Starting with February 2002, Harald has been contracted part-time by +Astaro AG, who are sponsoring him for his current netfilter/iptables work. +Aside from the Astaro sponsoring, he continues to work as a freelancing kernel +developer and network security consultant. + + He licenses his software under the terms of the GNU GPL. Sometimes users of +his software are not compliant with the license, so he started enforcing the +GPL with his gpl-violations.org project. + + During the last year, Harald has started development of a free, GPL-licensed +Linux RFID and electronic passport software suite. + +Harald is living in Berlin, Germany. + diff --git a/2005/netfilter_nextgen-lk2005/netfilter_nextgen-lk2005.xml b/2005/netfilter_nextgen-lk2005/netfilter_nextgen-lk2005.xml new file mode 100644 index 0000000..a992555 --- /dev/null +++ b/2005/netfilter_nextgen-lk2005/netfilter_nextgen-lk2005.xml @@ -0,0 +1,341 @@ +<?xml version='1.0' encoding='ISO-8859-1'?> +<!DOCTYPE article PUBLIC '-//OASIS//DTD DocBook XML V4.3//EN' 'http://www.docbook.org/xml/4.3/docbookx.dtd'> + +<article id="rfid_introduction-ds"> + +<articleinfo> + <title>First steps towards the next generation netfilter subsystem</title> + <authorgroup> + <author> + <personname> + <firstname>Harald</firstname> + <surname>Welte</surname> + </personname> + <!-- + <personblurb>Harald Welte</personblurb> + <affiliation> + <orgname>netfilter core team</orgname> + <address> + <email>laforge@netfilter.org</email> + </address> + </affiliation> + + --> + <email>laforge@netfilter.org</email> + </author> + </authorgroup> + <copyright> + <year>2005</year> + <holder>Harald Welte <laforge@netfilter.org> </holder> + </copyright> + <date>Sep 21, 2005</date> + <edition>1</edition> + <!-- <orgname>netfilter core team</orgname> --> + <releaseinfo> + 1.0 + </releaseinfo> + + <abstract> + +<para> +Until 2.6, every new kernel version came with its own incarnation of a packet +filter: ipfw, ipfwadm, ipchains, iptables. 2.6.x still had iptables. What was +wrong? Or was iptables good enough to last even two generations? +</para> +<para> +In reality the netfilter project is working on gradually transforming the +existing framework into something new. Some of those changes are transparent to +the user, so they slip into a kernel release almost unnoticed. However, for +expert users and developers those changes are noteworthy anyway. +</para> +<para> +Some other changes just extend the existing framework, so most users again +won't even notice them - they just don't take advantage of those new features. +</para> +<para> +The 2.6.14 kernel release will mark a milestone, since it is scheduled to +contain nfnetlink, ctnetlink, nfnetlink_queue and nfnetlink_log - basically a +totally new netlink-based kernel/userspace interface for most parts of the +netfilter subsystem. +</para> +<para> +nf_conntrack, a generic layer-3 independent connection tracking subsystem, +initially supporting IPv4 and IPv6, is also in the queue of pending patches. +Chances are high that it will be included in the mainline kernel at the time +this paper is presented at Linux Kongress. +</para> +<para> +Another new subsystem within the framework is the "ipset" filter, basically an +alternative to using iptables in certain areas. +</para> +<para> +The presentation (but not this paper) will also summarize the results of the +annual netfilter development workshop, which is scheduled just the week before +Linux Kongress. +</para> + </abstract> + +</articleinfo> + +<section> +<title>nfnetlink</title> +<para> +In the current (pre-2.6.14) linux kernel, there is no unified communications +infrastructure used by all parts of the netfilter/iptables subsystem. Some +parameters can be read from /proc, some can be set via sysctl, some as module +load time parameters. The iptables configuraiton happens via get/setsockopt, +and the userspace queueing and logging use two separate (scarce) netlink family +numbers. +</para> +<para> +Most of the network stack is controlled via netlink. Examples are routing +tables, routing policy, interface configuration, traffic control and ipsec. +</para> +<para> +nfnetlink is the answer for all netfilter-related kernel/userspace interaction. +It provides a thin layer on top of netlink. The nfnetlink code in the kernel +has its userspace counterpart called "libnfnetlink". +</para> +</section> + +<section> +<title>conntrack event API</title> +<para> +For some applications (such as state replication or flow-based accounting) it +is interesting to learn about conntrack state changes. +</para> +<para> +The new conntrack event API provides in-kernel notification of conntrack event changes via a standard <structname>notifier_chain</structname>. +</para> +</section> + +<section> +<title>nfnetlink_conntrack (aka ctnetlink)</title> +<para> +nfnetlink_conntrack is a nfnetlink-based interface for reading, dumping and +manipulating connection tracking state from userspace. +</para> +<para> +The most straight-forward application is to obtain a list of currently tracked +connections. In pre-2.6.14 kernels, this can only be via the ugly +<filename>/proc/net/ip_conntrack</filename> virtual file. The file-based +access is slow, unreliable, suboptimal and doesn't allow for efficient +searching. +</para> +<para> +However, certain monitoring applications or e.g. a NAT-aware identd +implementation have demand for efficient fine-grained access. +</para> +<para> +Also, the administrator might want to selectively delete connection tracking +entries, or even flush the whole table. In pre-2.6.14, there i no intrface for +that apart from the "rmmod ip_conntrack; modprobe ip_conntrack" kludge. +</para> +<para> +Addidional (future) users of ctnetlink are connection tracking helpers in +userspace. Imagine something like a hybrid between transparent proxying and +the current in-kernel helpers. Get the features of running insensitive +userspace code that cannot crash your kernel, and still retain the benefits of +e.g. not having to do userspace processing on ftp data (but only control) +packets. +</para> +</section> + +<section> +<title>libnfnetlink_conntrack</title> +<para> +libnfnetlink_conntrack is the userspace counterpart to nfnetlink_conntrack +inside the kernel. It constructs and parses nfnetlink packets and thus +provides a "function and struct" style C API. +</para> +</section> + +<section> +<title>The "conntrack" program</title> +<para> +The <command>conntrack</command> command is a userspace program linked against +libnfnetlink_conntrack. It allows commandline-level acces to the connection +tracking table. +</para> +<para> +<command>conntrack</command> supports listing, deleting, updating, flushing and +even creating connection tracking entries. It also allows listing, deleting +and updating of conntrack expectations. +</para> +</section> + +<section> +<title>nf_queue</title> +<para> +nf_queue is not really something new, but still very little people have known +it until now. The 2.4.x netfilter subsystem first introduced a generic +packet queueing mechanism for asynchronously sending packets to userspace (and +reinjecting them or a verdict. This mechanism is mostly known as ip_queue, or +the QUEUE target. +</para> +<para> +In reality, ip_queue sits in top of a small layer called nf_queue. nf_queue +allows for one netfilter queue handler per network protocol family. All +netfilter hooks within this protocol family that return the NF_QUEUE verdict +will send the packet to this nf_queue handler. +</para> +<para> +In the existing 2.4.x and pre-2.6.14 code, the mainline kernel only had one +queue handler: ip_queue. This basically means that only IP packets could be +queued for an unserspace process. +</para> +<para> +Outside of the official kernel tree, a "copy+paste" port of ip_queue was made +to IPv6. The netfilter/iptables project has had enough copy+paste style +"ports" due to architectural limitations. Therefore the code was not accepted +into the mainline kernel. Rather, work on a generic replacement was continued. +</para> +<para> +Which log handler is to be used for what protocol family can now be configured +via nfnetlink_queue (see below). The current status can also be read from +<filename>/proc/net/netfilter/nf_queue</filename>. +</para> +</section> + +<section> +<title>nfnetlink_queue</title> +<para> +nfnetlink_queue is a nfnetlink-based and layer 3 protocol independent +replacement of ip_queue. +</para> +<para> +It provides all features of ip_queue for packets independent of their protocol. +</para> +<para> +In addition to mere replication of ip_queue functionality, it fixes the most +funamental problem with the old ip_queue code: That there was only one global +queue, and there could only be one userspace process attached to it. +</para> +<para> +nfnetlink_queue supports up to 65535 different dynamically-created queues. +Packets can be put into a specific queue by using the NFQUEUE target. For +backwards compatibility, packets coming from the iptables QUEUE target will be +placed in queue number 0. +</para> +<para> +Userspace processes can now also receive additional packet metadata such as the +PHYSINDEV/PHYSOUTDEV devices in case of bridging. +</para> +</section> + +<section> +<title>libnfnetlink_queue</title> +<para> +The library libnfnetlink_queue is the userspace counterpart to nfnetlink_queue +inside the kernel. It provides an easy-to-use C language interface to packet +usrespace queueing. +</para> +<para> +For legacy applications using <filename>libipq</filename>, an API-compatible +(but not ABI-compatible) libipq replacement is available together with +libnfnetlink_queue. +</para> +</section> + +<section> +<title>nf_log</title> +<para> +Traditionally, netfilter itself doesn't provide any packet logging +infrastructure. Only iptables provides the LOG target (for klogd/syslogd +logging). In 2001, the ULOG target was added to support more efficient logging +via a dedicated netlink socket. +</para> +<para> +When the TCP window tracking code was introduced, the requirement for +logging packets (such as TCP out of window packets) from non-iptables code +became immediate. +</para> +<para> +Instead of a more generic solution, it was decided to have module load time +parameters (nf_log) decide whether ipt_LOG or ipt_ULOG register as "internal +logging backend" that can be used by conntrack. +</para> +<para> +In 2.6.14, nf_log became a first-class citizen. This means that the iptables +LOG target doesn't do any direct logging. Instead it registers as a nf_log +backend with the core, and calls the nf_log frontend when it wishes to log a +packet. +</para> +<para> +The nf_log core can then decide whether to log the packet using the ipt_LOG +provided syslog backend, or via old style ipt_ULOG netlink logging, or the +newly-introduced nfnetlink_log mechanism (see below). +</para> +<para> +Which log handler is to be used for what protocol family can be configured +via nfnetlink (see below). The current status can also be read from +<filename>/proc/net/netfilter/nf_log</filename>. +</para> +</section> + +<section> +<title>nfnetlink_log</title> +<para> +nfnetlink_log is for logging what nfnetlink_queue is for queueing. It takes +the ideas of the ipt_ULOG target and reimplements them in a layer 3 protocol +independent fashion, as well as shifts the transport layer on top of nfnetlink. +</para> +<para> +ipt_ULOG already allowed for up to 32 logging groups, whcih seemed to be enough +in all practical cases. To be more orthogonal to nfnetlink_queue, +nfnetlink_log now also suports 65535 logging groups, each of which can be +terminated by a different logging process. +</para> +</section> + +<section> +<title>libnfnetlink_log</title> +<para> +Orthogonal to libnfnetlink_queue, libnfnetlink_log is the userspace counterpart +to nfnetlink_log in the kernel. +</para> +<para> +libnfnetlink_log also provides a libipulog backwards compatibility API. +</para> +</section> + +<section> +<title>Flow based accounting</title> +<para> +The fundamental idea of flow-based (or more correctly: connection-based) +accounting is to keep per-connection byte an packet counters within the connection tracking table. +</para> +<para> +On firewall systems that already use ip_conntrack, keeping those per-connection +counters only adds very little overhead to the existing connection tracking, +and is thus almost free. +</para> +<para> +Internally, flow-based accounting uses both the conntrack event API and +nfnetlink_conntrack. +</para> +<para> +For a more detailed description of flow based accounting and the motivations +behind it, please refer to my paper on flow based accounting published in the +proceedings of Linuxtag 2005. +</para> +</section> + +<section> +<title>nf_conntrack</title> +<para> +nf_conntrack is a generalized version of ip_conntrack. This generalization is +required to provide connection tracking for non-ipv4 protcols. Currently only +IPv4 and IPv6 are supported in nf_conntrack. +</para> +<para> +The architecture of nf_conntrack is almost exactly the same like ip_conntrack, +only +</para> +<para> +nf_conntrack is not in the 2.6.14 kernel series but will very likely be merged +during the early 2.6.15 development process. The latest nf_conntrack version can be obtained from the netfilter-2.6 git tree. +</para> +</section> + +</article> diff --git a/2005/netfilter_status-netconf2005/netfilter_status-netconf2005.tpp b/2005/netfilter_status-netconf2005/netfilter_status-netconf2005.tpp new file mode 100644 index 0000000..5d4b715 --- /dev/null +++ b/2005/netfilter_status-netconf2005/netfilter_status-netconf2005.tpp @@ -0,0 +1,240 @@ +--author Harald Welte <laforge@netfilter.org> +--title What's been happening in the netfilter world +--date 16 Jul 2005 +This is an overview about what has been going on in the netfilter world recently. The main purpose is to keep the rest of the linux kenrel networking crowd informed. +--footer This presentation is made with tpp http://synflood.at/tpp.html + +--newpage +--footer netconf'05 - netfilter update +--header Overview +rustynat +nfnetlink +ctnetlink +flow-based accounting +conntrack tool +helpers (pptp, h.323, sip) +pkttables +ipset +ct_sync +transparent proxies +misc + +--newpage +--footer netconf'05 - netfilter update +--header rustynat +Three years ago, the "newnat" design was adopted as architecture and API for conntrack/nat helpers. This is what most people are using, and what's in kernel 2.4.x and 2.6.x (for x < 11). + +In 2.6.11, a new scheme (which I call "rustynat") was integrated. + +Fundamental changes: + struct ip_conntrack no longer has sibling_list + struct ip_conntrack_expect is killed when expected conntrack comes in + NAT helpers are now called by callback functions from conntrack helpers + cleanup of NAT manip data structures to reduce size of ip_conntrack + +Problems: + All existing helpers need to be ported (non-trivial port) + Some fallout related to sequence number updates in NAT helper case + +--newpage +--footer netconf'05 - netfilter update +--header nfnetlink +Fundamental idea is to have a generic layer for all netfilter related netlink messages. It basically adds another layer of abstraction/multiplexing on top of netlink. Is it really needed? + +Looking at the real users, they are extremely different: + +ctnetlink + dump/read/flush/update connection tracking table + dump/read/flush/update connection tracking expectation table +ulog-ng + log arbitrary (even non-ip) packets to userspace +nf_queue + queue arbitrary (even non-ip) packets to userspace +pkttnetlink + ruleset management + +--newpage +--footer netconf'05 - netfilter update +--header ctnetlink +Purpose of ctnetlink is to have a userspace interface to the conntrack table + +message types + IPCTNL_MSG_CT_NEW - create a new conntrack + IPCTNL_MSG_CT_DELETE - delete a conntrack, flush table + IPCTNL_MSG_CT_GET - read one or more conntracks + IPCTNL_MSG_CT_GET_CTRZERO - read conntrack and zero counters + + IPCTNL_MSG_EXP_NEW - create a new expect + IPCTNL_MSG_EXP_DELETE - delete an expect + IPCTNL_MSG_EXP_GET - read one or more expects + + IPCTNL_MSG_CONFIG - configuration of masks (see later) + +--newpage +--footer netconf'05 - netfilter update +--header conntrack event cache +ctnetlink also wants to have events, i.e. inform userspace about updates + +ip_conntrack was extended to build an 'event cache', i.e. a list of events that have happened while one specific packet passes throught the stack: + + IPCT_DESTROY + IPCT_NEW + IPCT_RELATED + IPCT_STATUS + IPCT_PROTOINFO + IPCT_HELPER + IPCT_HELPINFO + IPCT_NATINFO + +When packet traversal finishes, a notifier is called with the bitmask of accumulated events for this packet (skb->nfcache) +Event API is used by ct_sync and ctnetlink + +--newpage +--footer netconf'05 - netfilter update +--header ctnetlink +ctnetlink registers with the event API and sends ctnetlink multicast msgs + +ctnetlink event messages are either NEW, NEW with F_UPDATE or DELETE + +Problem: + There can be lots of events. + We can easily see 200,000 NEW conntracks per second + +Interim Solution: + Have userspace app specify the bitmask of interesting events via + IPCTNL_MSG_CONFIG. This defeats use by multiple incooperative apps. + +--newpage +--footer netconf'05 - netfilter update +--header ctnetlink +Proposed Real Solution: + Have generic netlink event message filters. + - Every socket can set it's local bitmask of events using setsockopt() + - netlink core maintains ORed event mask that is used by ctnetlink + - Whenever a socket disappears (or changes its mask), we recalculate + the global mask + +This scheme should really be generic, since other subsystems with potentially many messages can profit from it. + +--newpage +--footer netconf'05 - netfilter update +--header conntrack tool + +To test and use ctnetlink, Pablo Neira wrote the "conntrack" tool +Basically "iproute2" for conntrack: + + -L [table] [-z] List conntrack or expect table + -G [table] params Show conntrac or expect + -D [table] params Delete conntrack or expect + -I [table] params Create conntrack or expect + -E [table] [options] Show events (equals "ip route monitor") + +--newpage +--footer netconf'05 - netfilter update +--header flow-based accounting +Linux misses good accounting solution. +Lots of people use inefficient net-acct/nacctd, ip-acct, ulog-acct, ... +Specialized solutions exist (ipt_ACCOUNT, ...) but are limited in scope +Most people want to have flow-based instead of packet-based logs +NETFLOW (or now IPFIX) format can be used by standard tools for analysis + +Idea: We already have a flow cache in the kernel +Problem: It's read-only per packet +But: ip_conntrack already has per-packet write acccess +So: We can put counters in same already-written-to ip_conntrack cache line + +Userspace interface is ctnetlink (either polling or event-based) +Simplistic implementation can use "conntrack" tool and pipe to perl script +Fully-featured logging daemon (ulogd2) is in the final implementation stage +See my OLS 2005 paper for more details + +--newpage +--footer netconf'05 - netfilter update +--header helpers +PPTP + helper is now finally ported to rustynat + will be merged soon since I'm tired of syncing it with core changes + +H.323 + now has a simplified ASN.1 parser instead of brute-force replace + needs more testing but could probably be merged soon, too + +SIP + first development version showed up + extremely complex protocol, helper can only cover common cases + some features (like host names in SDP) cannot be solved in-kernel + + +--newpage +--footer netconf'05 - netfilter update +--header pkttables + +Sorry, no real progress since last year. Too much other work :( + +We'll have to wait a bit longer until we see the next linux packet filter.. + +--newpage +--footer netconf'05 - netfilter update +--header nf_conntrack + +nf_conntrack is the layer3-independent connection tracking code (ipv4+ipv6) +- Code is still kept in-sync with ip_conntrack changes +- We still don't have IPv4-NAT on top of it +- Should already have been submitted a long time ago +- Problem: you can only have ip_conntrack or nf_conntrack loaded at once +- All the existing users ('state' and 'conntrack' iptables match, ..) + can't deal with it transparently. +- Should get fixed up, but like many ipv6 issues it has low prio :( + +--newpage +--footer netconf'05 - netfilter update +--header ipset +http://ipset.netfilter.org/ +- Supersedes old ippool code +- Idea is to have certain groups of addresses (called "sets") +- Instead of having 100 iptables rules to match on 100 addresses, you have + 1 iptables rule and an ipset with 100 addresses +- It's more optimal since it has efficient data types (such as a 256bit + long bitmask for any N addresses out of a /24) +- Should IMHO get merged soon, too. + +--newpage +--footer netconf'05 - netfilter update +--header ct_sync + +- Development of 2.6.x port seems to have stabilized now +- We're not seeing any oopses for quite some time +- Still doesn't support working failover for 'helped' connections +- 2.6.x branch allows one node to participate in multiple virtual clusters +- Currently working on real active-active failover +- Current code based on 2.6.10, so no "rustynat" port yet + +--newpage +--footer netconf'05 - netfilter update +--header transparent proxying +In 2.2.x we had the kludy bind-to-foreign-address code +In 2.4.x it was removed because netfilter had to clean up core networking code +Now we have huge bloaty TPROXY patches out-of-tree instead: + - they do DNAT of incoming connection + - SNAT on outgoing connection + - use SO_GETORIGDST on incoming connection to retrieve un-nat'ed addr +While the code is working fine, I think it's just not worth the effort: + - NATing _twice_ just to route packets to local sockets, plus + - kludgy socket options and other nasty stuff.... +Al we need is + - route certain packets to local sockets (based on destip/destport) + - bind local processes to foreign addresses (already works) + - send packets from sockets bound to foreign addreses +Transparent proxies with ctnetlink-issued expectations is what you want to enable conntrack helpers in userspace! + +--newpage +--footer netconf'05 - netfilter update +--header misc + +- new sourcecode directory structure: /net/netfilter/* for core stuff +- ipsec interaction -> Patrick +- conntrack reference issue (rmmod ip_conntrack vs. nf_reset() vs. + local nat vs. GETORIGDST) + +not netfilter-related +- would somebody mind 'alias' devices that had their own mac address? diff --git a/2005/netfilter_tutorial-lk2005/iptables-tutorial-lk2005.mgp b/2005/netfilter_tutorial-lk2005/iptables-tutorial-lk2005.mgp new file mode 100644 index 0000000..6c98d5a --- /dev/null +++ b/2005/netfilter_tutorial-lk2005/iptables-tutorial-lk2005.mgp @@ -0,0 +1,820 @@ +%include "default.mgp" +%default 1 bgrad +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +%nodefault +%back "blue" + +%center +%size 7 + + +netfilter/iptables tutorial +October 12, 2005 +Linux Kongress + +%center +%size 4 +by + +Harald Welte <laforge@netfilter.org> + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +Contents + + Day 1 + + Introduction + Highly Scalable Linux Network Stack + Netfilter Hooks + Packet selection based on IP Tables + The Connection Tracking Subsystem + The NAT Subsystem + Packet Mangling + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +The GNU GPL Revisited +Introduction + + +Who is speaking to you? + an independent Free Software developer + who earns his living off Free Software since 1997 + who is one of the authors of the Linux kernel firewall system called netfilter/iptables + [who can claim to be the first to have enforced the GNU GPL in court] + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +Introduction + +Linux and Networking + Linux is a true child of the Internet + Early adopters: ISP's, Universities + Lots of work went into a highly scalable network stack + Not only for client/server, but also for routers + Features unheared of in other OS's + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +Introduction + +Did you know, that a stock 2.6.x linux kernel can provide + + a stateful packet filter ? + fully symmetric NA(P)T ? + policy routing ? + QoS / traffic shaping ? + IPv6 firewalling ? + packet filtering, NA(P)T on a bridge ? + layer 2 (mac) address translation ? + packet forwarding rates of up to 2.1Mpps ? + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +Introduction + +Why did we need netfilter/iptables? +Because ipchains... + + has no infrastructure for passing packets to userspace + makes transparent proxying extremely difficult + has interface address dependent Packet filter rules + has Masquerading implemented as part of packet filtering + code is too complex and intermixed with core ipv4 stack + is neither modular nor extensible + only barely supports one special case of NAT (masquerading) + has only stateless packet filtering + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +Introduction + +Who's behind netfilter/iptables + + The core team + Paul 'Rusty' Russel + co-author of iptables in Linux 2.2 + James Morris + Marc Boucher + Harald Welte + Jozsef Kadlecsik + Martin Josefsson + Patrick McHardy + Hundreds of Non-core team contributors + http://www.netfilter.org/scoreboard/ + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +Netfilter Hooks + + What is netfilter? + + System of callback functions within network stack + Callback function to be called for every packet traversing certain point (hook) within network stack + Protocol independent framework + Hooks in layer 3 stacks (IPv4, IPv6, DECnet, ARP) + Multiple kernel modules can register with each of the hooks + +Traditional packet filtering, NAT, ... is implemented on top of this framework + +Can be used for other stuff interfacing with the core network stack, like DECnet routing daemon. + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +Netfilter Hooks + +Netfilter architecture in IPv4 +%font "typewriter" +%size 4 +in --->[1]--->[ROUTE]--->[3]--->[4]---> out + | ^ + | | + | [ROUTE] + v | + [2] [5] + | ^ + | | + v | +%font "standard" +1=NF_IP_PRE_ROUTING +2=NF_IP_LOCAL_IN +3=NF_IP_FORWARD +4=NF_IP_POST_ROUTING +5=NF_IP_LOCAL_OUT + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +Netfilter Hooks + +Netfilter Hooks + + Any kernel module may register a callback function at any of the hooks + + The module has to return one of the following constants + + NF_ACCEPT continue traversal as normal + NF_DROP drop the packet, do not continue + NF_STOLEN I've taken over the packet do not continue + NF_QUEUE enqueue packet to userspace + NF_REPEAT call this hook again + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +IP tables + + Packet selection using IP tables + + The kernel provides generic IP tables support + + Each kernel module may create it's own IP table + + The four major parts of the firewalling subsystem are implemented using IP tables + Packet filtering table 'filter' + NAT table 'nat' + Packet mangling table 'mangle' + The 'raw' table for conntrack exemptions + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +IP Tables + + Managing chains and tables + + An IP table consists out of multiple chains + A chain consists out of a list of rules + Every single rule in a chain consists out of + match[es] (rule executed if all matches true) + target (what to do if the rule is matched) + implicit packet and byte counter + +%size 4 +matches and targets can either be builtin or implemented as kernel modules + +%size 5 + The userspace tool iptables is used to control IP tables + handles all different kinds of IP tables + supports a plugin/shlib interface for target/match specific options + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +IP Tables + +Basic iptables commands + + To build a complete iptables command, we must specify + which table to work with + which chain in this table to use + an operation (insert, add, delete, modify) + one or more matches (optional) + a target + +The syntax is +%font "typewriter" +%size 3 +iptables -t table -Operation chain -j target match(es) +%font "standard" +%size 5 + +Example: +%font "typewriter" +%size 3 +iptables -t filter -A INPUT -j ACCEPT -p tcp --dport smtp +%font "standard" +%size 5 + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +IP Tables + +Matches + Basic matches + -p protocol (tcp/udp/icmp/...) + -s source address (ip/mask) + -d destination address (ip/mask) + -i incoming interface + -o outgoing interface + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +IP Tables + + addrtype match + matches source/destionation address type + types are UNICAST/LOCAL/BROADCAST/ANYCAST/MULTICAST/... + ah match + matches IPSEC AH SPI (range) + comment match + always matches, allows user to place comment in rule + connmark match + connection marking, see later + conntrack match + more extended version of 'state' + match on timeout, fine-grained state, original tuples + dscp match + matches DSCP codepoint (formerly-known as TOS bits) + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +IP Tables + + ecn match + matches ECN bits of tcp and ip header + esp match + matches IPSEC ESP SPI (range) + hashlimit match + dynamic limiting + helper match + allows matching of conntrack helper name + iprange match + match on arbitrary IP address ranges (not a mask) + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +IP Tables + + length match + match on packet length + limit + static rate limiting + mac + match on source mac address + mark + match on nfmark (fwmark) + multiport + match on multiple ports + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +IP Tables + + owner + match on socket owner (uid, gid, pid, sid, command name) + physdev + match underlying device in case of bridge + pkttype + match link-layer packet type (unicast,broadcast,multicast) + realm + match routing realm + recent + see special section below + tcpmss + match on TCP maximum segment size + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +IP Tables + +Targets + very dependent on the particular table + + Table specific targets will be discussed later + + Generic Targets, always available + ACCEPT accept packet within chain + DROP silently drop packet + QUEUE enqueue packet to userspace + LOG log packet via syslog + ULOG log packet via ulogd + RETURN return to previous (calling) chain + foobar jump to user defined chain + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +Packet Filtering + +Overview + + Implemented as 'filter' table + Registers with three netfilter hooks + + NF_IP_LOCAL_IN (packets destined for the local host) + NF_IP_FORWARD (packets forwarded by local host) + NF_IP_LOCAL_OUT (packets from the local host) + +Each of the three hooks has attached one chain (INPUT, FORWARD, OUTPUT) + +Every packet passes exactly one of the three chains. Note that this is very different compared to the old 2.2.x ipchains behaviour. + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +Packet Filtering + +Targets available within 'filter' table + + Builtin Targets to be used in filter table + ACCEPT accept the packet + DROP silently drop the packet + QUEUE enqueue packet to userspace + RETURN return to previous (calling) chain + foobar user defined chain + + Targets implemented as loadable modules + REJECT drop the packet but inform sender + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +Connection Tracking Subsystem + + Connection tracking... + + implemented seperately from NAT + enables stateful filtering + implementation + hooks into NF_IP_PRE_ROUTING to track packets + hooks into NF_IP_POST_ROUTING and NF_IP_LOCAL_IN to see if packet passed filtering rules + protocol modules (currently TCP/UDP/ICMP/SCTP) + application helpers currently (FTP,IRC,H.323,talk,SNMP) + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +Connection Tracking Subsystem + + Connection tracking... + + divides packets in the following four categories + NEW - would establish new connection + ESTABLISHED - part of already established connection + RELATED - is related to established connection + INVALID - (multicast, errors...) + does _NOT_ filter packets itself + can be utilized by iptables using the 'state' match + is used by NAT Subsystem + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +Connection Tracking Subsystem + + State tracking for TCP is obvious + TCP inherently stateful + Two TCP state machines on each end have well-defined behaviour + Passive tracking of state machines + In more recent 2.6.x kernels, tracking of TCP window (seq/ack) + Max idle timeout of fully-established session: 5 days + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +Connection Tracking Subsystem + + State tracking for UDP: How is this possible? + UDP itself not stateful at all + However, higher-level protocols mostly match request-reply + First packet (request) is assumed to be NEW + First matching reply packet is assumed to confirm connection + Further packets in either direction refresh timeout + Timeouts: 30sec unreplied, 180sec confirmed + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +Connection Tracking Subsystem + + State tracking on ICMP: What's that? + ICMP Errors (e.g. host/net unreachable, ttl exceeded) + They can always be categorized as RELATED to other connections + ICMP request/reply (ECHO REQUEST, INFO REQUEST) + can be treated like UDP request/reply case + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +Connection Tracking Subsystem + + State tracking on SCTP: What's SCTP? + Streaming Control Transfer Protocol + Linux has SCTP in the network stack, so why should the packet filter not support it? + Pretty much like TCP in most cases + Doesn't support more advanced features such as failover of an endpoint + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +Connection Tracking Subsystem + + State tracking on other protocols + 'generic' protocol: no layer-4 tuple information + 'gre' helper in patch-o-matic + + State tracking of higher-layer protocols + implemented as 'connection tracking helpers' + currently in-kernel: amanda, ftp, irc, tftp + currently in patch-o-matic: pptp, h.323, sip, quake, ... + have to be explicitly loaded (ip_conntrack_*.[k]o) + work by issuing so-called "expectations" + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +Connection Tracking Subsystem + + Exemptions to connection tracking + Usually connection tracking is called first in PRE_ROUTING + Sometimes, filtering is preferred before this conntrack lookup + Therefore, the "raw" table was introduced + In some rare cases, one might want to not track certain packets + The NOTRACK can be used in the "raw" table + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +Connection Tracking Subsystem + + Configuration / Tuning + module parameter "hashsize" + number of hash table buckets + /proc/sys/net/ipv4/ip_conntrack_max + maximum number of tracked connections + /proc/sys/net/ipv4/ip_conntrack_buckets (read-only) + number of hash table buckets + /proc/net/ip_conntrack + list of connections + /proc/net/ip_conntrack_expect + list of pending expectations + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +Connection Tracking Subsystem + + Configuration / Tuning + /proc/sys/net/ip_conntrack_log_invalid + log invalid packets? + /proc/sys/net/ip_conntrack_tcp_be_liberal + basically disables window tracking, if "1" + /proc/sys/net/ip_conntrack_tcp_loose + how many packets required until sync in case of pickup + if set to zero, disables pickup + /proc/sys/net/ip_conntrack_tcp_max_retrans + maximum number of retransmitted packets without seeing a n ACK + /proc/sys/net/ip_conntrack_*timeout* + timeout values of respective protocol states + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +Network Address Translation + + Network Address Translation + + Previous Linux Kernels only implemented one special case of NAT: Masquerading + Linux 2.4.x / 2.6.x can do any kind of NAT. + NAT subsystem implemented on top of netfilter, iptables and conntrack + Following targets available within 'nat' Table + SNAT changes the packet's source whille passing NF_IP_POST_ROUTING + DNAT changes the packet's destination while passing NF_IP_PRE_ROUTING + MASQUERADE is a special case of SNAT + REDIRECT is a special case of DNAT + SAME + NETMAP + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +Network Address Translation + + Source NAT + SNAT Example: +%font "typewriter" +%size 3 +iptables -t nat -A POSTROUTING -j SNAT --to-source 1.2.3.4 -s 10.0.0.0/8 +%font "standard" +%size 4 + + MASQUERADE Example: +%font "typewriter" +%size 3 +iptables -t nat -A POSTROUTING -j MASQUERADE -o ppp0 +%font "standard" +%size 5 + + Destination NAT + DNAT example +%font "typewriter" +%size 3 +iptables -t nat -A PREROUTING -j DNAT --to-destination 1.2.3.4:8080 -p tcp --dport 80 -i eth1 +%font "standard" +%size 4 + + REDIRECT example +%font "typewriter" +%size 3 +iptables -t nat -A PREROUTING -j REDIRECT --to-port 3128 -i eth1 -p tcp --dport 80 +%font "standard" +%size 5 + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +Packet Mangling + + Purpose of 'mangle' table + packet manipulation except address manipulation + + Integration with netfilter + 'mangle' table hooks in all five netfilter hooks + priority: after conntrack + +Simple example: +%font "typewriter" +%size 3 +iptables -t mangle -A PREROUTING -j MARK --set-mark 10 -p tcp --dport 80 + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +Packet Mangling + + Targets specific to the 'mangle' table: + DSCP + manipulate DSCP field + ECN + manipulate ECN bits + IPV4OPTSSTRIP + strip IPv4 options + MARK + change the nfmark field of the skb + TCPMSS + set TCP MSS option + TOS + manipulate the TOS bits + TTL + set / increase / decrease TTL field + CLASSIFY + classify packet (for tc/iproute) + CONNMARK + set mark of connection + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +The raw Table + + Purpose of 'raw' table + to allow for filtering rules _before_ conntrack + Targets specific to the 'raw' table: + NOTRACK + don't do connection tracking + + The table can also be useful for flood protection rules that happen before traversing the (computational) expensive connection tracking subsystem. + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +Advanced Netfilter concepts + +%size 4 + Userspace logging + flexible replacement for old syslog-based logging + packets to userspace via multicast netlink sockets + easy-to-use library (libipulog) + plugin-extensible userspace logging daemon (ulogd) + Can even be used to directly log into MySQL + + Queuing + reliable asynchronous packet handling + packets to userspace via unicast netlink socket + easy-to-use library (libipq) + provides Perl bindings + experimental queue multiplex daemon (ipqmpd) + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +Advanced Netfilter concepts + + Firewalling on a Bridge (ebtables + iptables) + totally transparent to layer 2 and above + no attack vector since firewall has no IP address + even possible to do NAT on the bridge + or even NAT of MAC addresses + + ipset - Faster matching + iptables are a linear list of rules + ipset represents a 'group' scheme + Implements different data types for different applications + hash table (for random addresses) + bitmask (for let's say a /24 network) + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +Advanced Netfilter concepts + + ipv6 packet filtering + ip6tables almost identical to iptables + no connection tracking in mainline yet, but patches exist + ip6_tables + initial copy+paste 'port' by USAGI + was not accepted because of code duplication + nf_conntrack + generalized connection tracking, supports ipv4 and ipv6 + mutually exclusive with ip_conntrack + as of now, no ipv4 nat on to of nf_conntrack + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +Logging with ulogd + + + Why? + because LOG is extremely inefficient + because LOG is unreliable, too + LOG on full-speed DoS: 1100 logs/sec + ULOG/LOGEMU on full-speed DoS: 96000 log/sec + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +Logging with ulogd + + + Configuration of ruleset: + -j ULOG + --ulog-nlgroup: which netlink group (up to 32) + --ulog-cprange: how many bytes of each package? + --ulog-qthreshold: how many packets to queue + --ulog-prefix: like "--log-prefix" + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +Logging with ulogd + + Configuration of ulogd: + Please refer to "doc/ulogd.html" documentation + + If logging remotely, make sure you don't ever log log-packets (!) + Debian woody ships with a broken ulogd (and refuses to fix it) + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +Choice of hardware + + Choice of hardware is important for high scalability + Packet forwarding is one of the most demanding tasks + Important issues + Optimization of NIC driver + RAM latency + Cache size + Interrupt Latency + I/O Bandwidth + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +Choice of hardware + + Past benchmarking has shown + AMD Opteron/Athlon64 has way better RAM latency than Intel + PCI-X is the preferred bus technology + Intel e1000 card + driver combo has good performance + Never use four-port cards, sicne they have additional bridges + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +Choice of hardwawre + + SMP or not SMP ? + The improvement of SMP is arguable for packet forwarding + Esp. connection tracking suffers from excessive cache ping-pong + In case of two interfaces, there can be no improvement + all packets will affect DMA with both interfaces + putting one device on each IRQ causes more cache misses than anything else + In case of four, eight interfaces, IRQ affinity can be used to distribute + put a pair of interfaces on each cpu + forwarding between those two interfaces will be fast + forwarding between interfaces on differenc cpu's slower +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +Network Stack tuning + + Tuning areas + IRQ affinity + neighbour cache + kernel compile-time config + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +Optimization of Ruleset + + Optimization of ruleset important + iptables itself does no optimization + all rules are traversed linearily + all matches are processed linearily + therefore, order _does_ matter for performance reasons + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +Optimization of Ruleset + + Good ideas for optimization + build a tree-like structure out of user-defined chains + avoid long lists + keep in mind the average number of traversed rules per packet + don't repeat excessive matching in each rule, use new chains + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%page +netfilter/iptables tutorial +Thanks + + Thanks to + the BBS scene, Z-Netz, FIDO, ... + for heavily increasing my computer usage in 1992 + KNF (http://www.franken.de/) + for bringing me in touch with the internet as early as 1994 + for providing a playground for technical people + for telling me about the existance of Linux! + Alan Cox, Alexey Kuznetsov, David Miller, Andi Kleen + for implementing (one of?) the world's best TCP/IP stacks + Paul 'Rusty' Russell + for starting the netfilter/iptables project + for trusting me to maintain it today + Astaro AG + for sponsoring parts of my netfilter work +%size 3 + The slides and the an according paper of this presentation are available at http://www.gnumonks.org/ +%size 3 diff --git a/2005/rfid-0sec2005/rfid-0sec2005.tpp b/2005/rfid-0sec2005/rfid-0sec2005.tpp new file mode 100644 index 0000000..4e37b51 --- /dev/null +++ b/2005/rfid-0sec2005/rfid-0sec2005.tpp @@ -0,0 +1,404 @@ +--author Harald Welte <laforge@gnumonks.org> +--title RFID / Biometric Passports +--date 15 Oct 2005 +Starting in November, the German federal government will be issuing epectronic passports with RFID interface. All other EU member states will have to issue such passports no later than January 2007. Only Switzerland seems to have a reasonable attitude by giving their citizens a choice. + +This presentation covers technical background about the RFID technology, the ICAO MRTD specification, and the authors' efforts to develop a free software stack to use Linux to communicate with those passports. +--footer This presentation is made with tpp http://synflood.at/tpp.html + +--newpage +--footer RFID and Biomertic Passports +--header Overview +Introduction into RFID + What is RFID + Components of RFID System + Protocols and Standards + Security ISsues +librfid - A free software RFID stack + Data Structures + Protocol Stack + Interaction with OpenCT +ePassports - Electronic Passports + Organization of Data + Security Features + PKI + Crypto Algorithms + Security Threats + +--newpage +--footer RFID and Biomertic Passports +--header Introduction into RFID +Definition of term RFID + Radio Frequency IDentification + +RFID is one of the recent buzzwords in lots of industries, such as + transportation + retail sector + governments + +Like most buzzwords, it's not very clearly defined. There is no such thing as "the RFID System. There are lots of different Systems, some standardized, most proprietary. Each of them uses it's own frequency, modulation, encoding and protocol combination. Often, systems of multiple vendors can not be used interchangibly. + +--newpage +--footer RFID and Biomertic Passports +--header Components of an RFID system +Tag (Transponder) + Serial Number Tags + Replacement for EAN/UPC Barcodes + WORM Tags + Can be written once by Issuer + Read/Write Tags + Can be re-written many times + Read/Write Tags with "passive" security + Have state-machine based crypto for access control + Cryptographic smartcards with RF Interface + Like other crypto smartcards, just with RF interface + +--newpage +--footer RFID and Biomertic Passports +--header Reader +Readers (Coupling Device) + Readers are always called readers, even if they can write ;) + Usually connected to a host computer via RS-323, USB or alike + Unfortunately no standard, for API, Hardware and/or Protocol :( + Most applications are written to vendor-provided device-specific API's + One exception: Readers for Smartcards with RF-Interface (use PC/SC) + +--newpage +--footer RFID and Biomertic Passports +--header RF Interface +The RF interface is the key attribute of any RFID system. +Parameters that determine the RF interface are + frequency + modulation + operational principle + +--newpage +--footer RFID and Biomertic Passports +--header RF Interface +Magnetic Coupling + used by many of todays RFID deployment + rely on the magnetic coupling ("transformer") principle + Tag/Transponder has a coil antenna to pick up RF-Field of Reader + Power for Tag/Transponder is drawn from the magnetic field + Common systems use 125kHz (old) or 13.56MHz (current) + Operational range often small, since high magnetic field strengh needed + +--newpage +--footer RFID and Biomertic Passports +--header RF Interface +Backscatter + Used by many RFID systems under current development + Operate typically in UHF range (868 to 956 MHz) + Use electric field of the reader, employ backscatter modulation + Higher operational range (within tens of metres) + +Surface Accoustic Wave + SAW tags use low-power microwave radio signals + Tag/Transponder converts it to untrasonic signals (piezo crystal) + Variations of the reflected signal used to provide a unique number + +--newpage +--footer RFID and Biomertic Passports +--header Protocols and Standards +Apart from the various vendor proprietary protocols, there are some ISO standards +ISO 11784 / 11785 + Identification of Animals + 134.2kHz, magnetic coupling, load modulation, 4191 bps +ISO 14223 + Extension of 11784/11785 and allows for more data +ISO 10536 + "close coupling" smart cards, range up to 1cm + Inductive or capacitive coupling at 4.9152MHz + Never attained any significant market share +ISO 18000 series + Current development of international "Auto-ID" standard + Includes operation on 13.56MHz, 2.4GHz, 868/956MHz + Not yet deployed + +--newpage +--footer RFID and Biomertic Passports +--header Protocols and Standards +ISO 14443 + "proximity coupling ID cards" + Range of up to 10cm + Two variants: 14443-A and 14443-B + Both use 13.56MHz, but different parameters (see paper for details) + Specifies physical layer, link-layer (anticollision) + Specifies an optional transport level protocol (ISO 14443-4) + Speed up to 848kbits/sec + +ISO 15693 + "vicinity coupling", range up to 1m + Like ISO 14443, operates on 13.56MHz, magnetic coupling + Data rate 1.65kbits/sec or 26.48kbits/sec + Because of long distance, very little power + Therefore only used for passive tags + +--newpage +--footer RFID and Biomertic Passports +--header Protocols and Standards +ISO 14443-A Details + Anti-Collision is based on binary search + Manchester Encoding allows reader to detect bit collisions + Reader can transmit bit-frames of variable length + + 1. Reader sends REQA / WUPA + 2. All transpondesr in range will reply with their address (UID) + 3a. If there is no collision, send SELECT comamand on full UID + 3b. If there is a collision, transmit bit frame which forces bit of collision to 0 or 1 + 4. Loop + +--newpage +--footer RFID and Biomertic Passports +--header Protocols and Standards +ISO 14443-B Details + Anti-Collision is based on "Slotted ALOHA" protocol + Based in probabilistic scheme + Reader sends REQB/WUPB command with number of available slots + Every transponder chooses it's own number (rnd() % slots) + If there is a collision, we simply retry. + +Result: + Both 14443-A and 14443-B anti collision are subject to DoS + "blocker tags" have already been demonstrated. + +--newpage +--footer RFID and Biomertic Passports +--header Closer look on Readers +There's a variety of readers for the 13.56MHz world +Usually they all use one of the (small number of) available ASIC's +Reader ASIC's integrate analog and digital part and have standard bus interface +End-User Reader products contain such an ASIC plus a microcontroller + +Active Readers + e.g. "Philips Pegoda" + Run the RFID protocol stack on the microcontroller + +Passive Readers + e.g. "Omnikey CardMan 5121" + Run the RFID protocol on the host system + +Passive readers obviously provide higher flexibility and are cheaper. + +--newpage +--footer RFID and Biomertic Passports +--header Security Issues +Eavesdropping + Channel from reader to tag can be easily sniffed (even > 10m) + Channel from tag to reader is difficult (Author has managed 3m) + +Denial of Service + Anti-collision mechanism used to distinguish between multiple tags + Using a "fake tag" you can create Denial of Service + Products such as "blocker tags" have already been presented + +Authenticity/Confidentiality + None of the existing standards offers any kind of crypto + Standards-compliant systems like passports use crypto at layer 5 + Lots of proprietary "closed algorithm" vendor products with questionable security + + +--newpage +--footer RFID and Biomertic Passports +--header librfid - A Free Software RFID stack +The librfid project intends to provide a free software reader-side implementation of common RFID protocols such as ISO 14443 and ISO 15693 + +Various abstraction layers and plugin interface allows for later addition of new protocols an readers. + +Optionally integrates with OpenCT. + +--newpage +--footer RFID and Biomertic Passports +--header librfid - A Free Software RFID stack +struct rfid_asic + Contains all routines for a specific reader asic + Currently only Philips CL RC 632 supported +struct rfid_asic_transport + A transport that gives access to the ASIC registers +struct rfid_reader + A container for rfid_asic and rfid_asic_transport +struct rfid_layer2 + An anticollision protocol such as ISO 14443-3A/B +struct rfid_protocol + A transport protocol suhc as ISO 14443-4 + +--newpage +--footer RFID and Biomertic Passports +--header librfid - A Free Software RFID stack + +Typical Protocol Stack + rfid_protocol_stack + CM5121 Reader + CL RC632 ASIC + PC_to_RDR_Escape transport + USB-CCID driver of OpenCT + libusb + +--newpage +--footer RFID and Biomertic Passports +--header librfid - A Free Software RFID stack +Application Interface + +Native API + librfid-specific API + quite low-level + requires application to know a lot about the stack + +OpenCT, PC/SC, CT-API + OpenCT integration provides PC/SC and CT-API for crypto smarcards + Is currently under development + +--newpage +--footer RFID and Biomertic Passports +--header Electronic Passports +Electronic Passports (ePassports) are officially called MRTD +MRTD: Machine Readable Travel Document +Specifications by ICAO (International Civil Aviation Organization) +Basic idea + store passport data and additional biometrics on Transponder + alternate storage methods such as 2D barcodes covered, too + common standard for interoperability + some features required, others optional (up to issuing country) + +--newpage +--footer RFID and Biomertic Passports +--header Electronic Passports +Organization of Data + According to LDS (Logical Data Structure) specification + Data is stored in DG (Data Groups) + DG1: MRZ information (mandatory) + DG2: Portrait Image + Biometric template (mandatory) + DG3-4: fingerprints, iris image (optional) + EF.SOD: Security Object Data (cryptographic signatures) + EF.COM: Lists with Data Groups Exist + All data is stored in BER-encoded ASN.1 + just think of all the ASN.1 parser bugs... + DG2-DG4 are encoded as CBEFF (common biometric file format, ISO 19785) + +--newpage +--footer RFID and Biomertic Passports +--header Electronic Passports +Security Features + Randomization of Serial Number + Usually all ISO 14443 transponders have a unique serial number + This serial number is part of the anticollision procedure + Problem: Pseudonymized Tracking + ICAO MRTD specs don't require unique serial number + Therefore, some countries will generate random serial numbers + +--newpage +--footer RFID and Biomertic Passports +--header Electronic Passports +Security Features + Passive Authentication (mandatory) + Proves that passport data is signed by issuing country + Inspection System verifies signature of DG's + EF.SOD contains individual signature for each DG + EF.SOD itself is signed + Document Signer Public Key from PKD / bilateral channels + Document Signer Public Key also stored on Passport (optional) + Useful only if Country Root CA public key known + +--newpage +--footer RFID and Biomertic Passports +--header Electronic Passports +Security Features + Active Authentication (optional) + Verifies that chip has not been substituted + Uses challenge-response protocol between reader and chip + DG15 contains KPuAA + KPrAA is stored in secure memory of the chip + PPuAA is signed in EF.SOD + +--newpage +--footer RFID and Biomertic Passports +--header Electronic Passports + Basic Access Control (optional, implemented in .de passports) + Denies Access to the chip until inspection system is authorized + Authorization is performed by deriving keys from MRZ + MRZ_info + nine digit document number + in many countries: issuing authority + incrementing number + six digit date of birth + can be guessed or assumed between + six digit expiry date + 16most significant bytes of SHA1-hash over MRZ_info is key + 3des keys used for S/M (ISO7816 secure messaging) + + +--newpage +--footer RFID and Biomertic Passports +--header Electronic Passports + Extended Access Control (optional) + Prevents unauthorized access to additional bimetrics + Similar to Basic Access Control, but different keys + Not internationally standardized + Implemented by individual states + Only shared with those states that are allowed access + + +--newpage +--footer RFID and Biomertic Passports +--header Electronic Passports + Encryption of Additional Biometrics (optional + The actual payload of the CBEFF + +--newpage +--footer RFID and Biomertic Passports +--header Electronic Passports +Public Key Hierarchy + X.509 Certificates + Every country operates it's own CA + Document signer keys derived from CA root + Document signer public keys are distributed publicly via ICAO PKD + Everyone can verify + +--newpage +--footer RFID and Biomertic Passports +--header libmrtd - Free Software library for MRTD's +libmtrd provides functions for + reading out and decoding data on MRTD + verifying data stored on MRTD + cryptograpy compliant with MRTD specs + basic access control + passive authentication + extended access control (planned) + +--newpage +--footer RFID and Biomertic Passports +--header libmrtd - Free Software library for MRTD's +API towards the lower level (transport) + PC/SC (to work with readers/drivers other than librfid) + native librfid API +API towards the application + not really finished yet, lots of flux + +--newpage +--footer RFID and Biomertic Passports +--header libmrtd - Free Software library for MRTD's +libmrtd status + parsing functions for LDS + parsing functions for DG1 + parsing functions for DG2 (CBEFF) + basic access control (untested) + still very early alpha stage + contributors welcome + no frontend application program + +--newpage +--footer RFID and Biomertic Passports +--header Further Reading + +The slides + https://svn.gnumonks.org/trunk/presentation/2005/rfid-0sec2005/ +The paper + https://svn.gnumonks.org/trunk/presentation/2005/rfid-lk2005/ +librfid code + https://svn.gnumonks.org/trunk/librfid/ +libmrtd + https://svn.gnumonks.org/trunk/libmrtd +the mailinglist + librfid-devel@lists.gnumonks.org + https://lists.gnumonks.org/mailman/listinfo/librfid-devel +ICAO MRTD homepage (includes all MRTD specs in PDF format) + http://www.icao.org/ diff --git a/2005/rfid-ccc2005/abstract.txt b/2005/rfid-ccc2005/abstract.txt new file mode 100644 index 0000000..386e8e7 --- /dev/null +++ b/2005/rfid-ccc2005/abstract.txt @@ -0,0 +1,65 @@ +* Title: + RFID - overview of protocols, librfid implementation and passive sniffing + +* Subtitle: + ISO14443, ISO15693, their GPL librfid implementation and passive sniffing hardware + +* Abstract: + The presentation will cover an introduction into the two popular RFID Standards, + ISO14443 and ISO15693, as well as the author's Free Software implementation "librfid" + +* Description: + The number of deployments of RFID based solutions is growing every day. + Still, detailed low-level knowledge of the involved protocols is rare, + even within the hacker community. + + The first part of this presentation describes the two commonly-deployed + ISO standards 14443 and 15693 - from physical layer up to session + layer. It will then continue to look at the typical architecture of + RFID readers. + + The second part will cover "librfid", the GPL licensed Free Software + implemetation of an ISO 14443 and 15693 host-side stack. + + The third part will look at our current progress in developing hardware + and software defined radio (SDR) based passive sniffing of the RFID + radio interface. After all, who wouldn't want to have "tcpdump" like + functionality for RFID? + +* Authors: + Harald Welte <laforge@gnumonks.org> + Milosch Meriac <meriac@bitmanufaktur.de> + +* Please state if you are going to submit a paper to be included in the 22C3 + Proceedings + Yes + +* Please state if you are going to use slides in your talk and in which format + you are going to provide a copy + Magicpoint or tpp + +* Duration of your talk + I would recommend splitting the presentation in two sections, each + 60mins including Q&A. Part 1: theory of the protocols, Pary 2: librfid + and hardware sniffing. + +* Language of your talk + en_US + +* Links to background information on the talk + http://svnweb.gnumonks.org/trunk/librfid + http://svnweb.gnumonks.org/trunk/libmrtd + +* Target Group: + Developers, Hardware/Electronics geeks. + +* Resources you need for your talk + digital projector + +* Related talks at 22C3 you know of + none + +* A lecture logo, square format, min. 128x128 pixels (optional) + none + + diff --git a/2005/rfid-ccc2005/rfid-ccc2005.tpp b/2005/rfid-ccc2005/rfid-ccc2005.tpp new file mode 100644 index 0000000..7d1b022 --- /dev/null +++ b/2005/rfid-ccc2005/rfid-ccc2005.tpp @@ -0,0 +1,417 @@ +--author Harald Welte <laforge@gnumonks.org> +--title RFID Protocols, librfid +--date 27 Dec 2005 +Starting with November 2005, the German federal government has started to issue +epectronic passports with RFID interface. All other EU member states will have +to issue such passports no later than January 2007. Only Switzerland seems to +have a reasonable attitude by giving their citizens a choice. + +This presentation covers technical background about the RFID technology, the ICAO MRTD specification, and the authors' efforts to develop a free software stack to use Linux to communicate with those passports. +--footer This presentation is made with tpp http://synflood.at/tpp.html + +--newpage +--footer RFID Potocols and librfid +--header Overview +Introduction into RFID + What is RFID + Components of RFID System + Protocols and Standards + Security Issues +librfid - A free software RFID stack + Data Structures + Protocol Stack + Interaction with OpenCT + +--newpage +--footer RFID Potocols and librfid +--header Introduction into RFID +Definition of term RFID + Radio Frequency IDentification + +RFID is one of the recent buzzwords in lots of industries, such as + transportation + retail sector + governments + +Like most buzzwords, it's not very clearly defined. There is no such thing as "the RFID System. There are lots of different Systems, some standardized, most proprietary. Each of them uses it's own frequency, modulation, encoding and protocol combination. Often, systems of multiple vendors can not be used interchangibly. + +--newpage +--footer RFID Potocols and librfid +--header Components of an RFID system +Tag (Transponder) + Serial Number Tags + Replacement for EAN/UPC Barcodes + WORM Tags + Can be written once by Issuer + Read/Write Tags + Can be re-written many times + Read/Write Tags with "passive" security + Have state-machine based crypto for access control + Cryptographic smartcards with RF Interface + Like other crypto smartcards, just with RF interface + +--newpage +--footer RFID Potocols and librfid +--header Reader +Readers (Coupling Device) + Readers are always called readers, even if they can write ;) + Usually connected to a host computer via RS-323, USB or alike + Unfortunately no standard, for API, Hardware and/or Protocol :( + Most applications are written to vendor-provided device-specific API's + One exception: Readers for Smartcards with RF-Interface (use PC/SC) + +--newpage +--footer RFID Potocols and librfid +--header RF Interface +The RF interface is the key attribute of any RFID system. +Parameters that determine the RF interface are + frequency + modulation + operational principle + +--newpage +--footer RFID Potocols and librfid +--header RF Interface +Magnetic Coupling + used by many of todays RFID deployment + rely on the magnetic coupling ("transformer") principle + Tag/Transponder has a coil antenna to pick up RF-Field of Reader + Power for Tag/Transponder is drawn from the magnetic field + Common systems use 125kHz (old) or 13.56MHz (current) + Operational range often small, since high magnetic field strengh needed + +--newpage +--footer RFID Potocols and librfid +--header RF Interface +Backscatter + Used by many RFID systems under current development + Operate typically in UHF range (868 to 956 MHz) + Use electric field of the reader, employ backscatter modulation + Higher operational range (within tens of metres) + +Surface Accoustic Wave + SAW tags use low-power microwave radio signals + Tag/Transponder converts it to untrasonic signals (piezo crystal) + Variations of the reflected signal used to provide a unique number + +--newpage +--footer RFID Potocols and librfid +--header Protocols and Standards +Apart from the various vendor proprietary protocols, there are some ISO standards +ISO 11784 / 11785 + Identification of Animals + 134.2kHz, magnetic coupling, load modulation, 4191 bps +ISO 14223 + Extension of 11784/11785 and allows for more data +ISO 10536 + "close coupling" smart cards, range up to 1cm + Inductive or capacitive coupling at 4.9152MHz + Never attained any significant market share +ISO 18000 series + Current development of international "Auto-ID" standard + Includes operation on 13.56MHz, 2.4GHz, 868/956MHz + Not yet deployed + +--newpage +--footer RFID Potocols and librfid +--header Protocols and Standards +ISO 14443 + "proximity coupling ID cards" + Range of up to 10cm + Two variants: 14443-A and 14443-B + Both use 13.56MHz, but different parameters (see paper for details) + Specifies physical layer, link-layer (anticollision) + Specifies an optional transport level protocol (ISO 14443-4) + Speed up to 848kbits/sec + +ISO 15693 + "vicinity coupling", range up to 1m + Like ISO 14443, operates on 13.56MHz, magnetic coupling + Data rate 1.65kbits/sec or 26.48kbits/sec + Because of long distance, very little power + Therefore only used for passive tags + +--newpage +--footer RFID Potocols and librfid +--header Protocols and Standards +ISO 14443-A Details + Anti-Collision is based on binary search + Manchester Encoding allows reader to detect bit collisions + Reader can transmit bit-frames of variable length + + 1. Reader sends REQA / WUPA + 2. All transpondesr in range will reply with their address (UID) + 3a. If there is no collision, send SELECT comamand on full UID + 3b. If there is a collision, transmit bit frame which forces bit of collision to 0 or 1 + 4. Loop + +--newpage +--footer RFID Potocols and librfid +--header Protocols and Standards +ISO 14443-B Details + Anti-Collision is based on "Slotted ALOHA" protocol + Based in probabilistic scheme + Reader sends REQB/WUPB command with number of available slots + Every transponder chooses it's own number (rnd() % slots) + If there is a collision, we simply retry. + +Result: + Both 14443-A and 14443-B anti collision are subject to DoS + "blocker tags" have already been demonstrated. + +--newpage +--footer RFID Potocols and librfid +--header Protocols and (Non-)Standards +Mifare + Mifare is a marketing term by Philips + + Mifare refers to a complete family of RFID systems, comprising + Transponders, Reader ASICs and a set of prorprietary protocols. + Mifare Classic transponders (1k, 4k) + are memory transponders with state machine based crypto + Mifare Classic employs a proprietary stream cipher (CRYPTO 1) that + is implemented in both transponder and reader hardware + Mifare Ultralight has no crypto, plain passive memory transponder + Mifare transponders are segmented in blocks, every block has + it's own pair of CRYPTO1 access keys and permission management + +--newpage +--footer RFID Potocols and librfid +--header Closer look on Readers +There's a variety of readers for the 13.56MHz world +Usually they all use one of the (small number of) available ASIC's +Reader ASIC's integrate analog and digital part and have standard bus interface +End-User Reader products contain such an ASIC plus a microcontroller + +Active Readers + e.g. "Philips Pegoda" + Run the RFID protocol stack on the microcontroller + +Passive Readers + e.g. "Omnikey CardMan 5121" + Run the RFID protocol on the host system + +Passive readers obviously provide higher flexibility and are cheaper. + +--newpage +--footer RFID Potocols and librfid +--header Security Issues +Eavesdropping + Channel from reader to tag can be easily sniffed (even > 10m) + Channel from tag to reader is difficult (Author has managed 3m) + +Denial of Service + Anti-collision mechanism used to distinguish between multiple tags + Using a "fake tag" you can create Denial of Service + Products such as "blocker tags" have already been presented + +Authenticity/Confidentiality + None of the existing standards offers any kind of crypto + Standards-compliant systems like passports use crypto at layer 5 + Lots of proprietary "closed algorithm" vendor products with questionable security + + +--newpage +--footer RFID Potocols and librfid +--header librfid - A Free Software RFID stack +The librfid project intends to provide a free software reader-side implementation of common RFID protocols such as ISO 14443 and ISO 15693 + +Various abstraction layers and plugin interface allows for later addition of new protocols an readers. + +Optionally integrates with OpenCT. + +--newpage +--footer RFID Potocols and librfid +--header librfid - A Free Software RFID stack +struct rfid_asic + Contains all routines for a specific reader asic + Currently only Philips CL RC 632 and Philips Pegoda (partially) supported +struct rfid_asic_transport + A transport that gives access to the ASIC registers +struct rfid_reader + A container for rfid_asic and rfid_asic_transport +struct rfid_layer2 + An anticollision protocol such as ISO 14443-3A/B +struct rfid_protocol + A transport protocol such as ISO 14443-4 + +--newpage +--footer RFID Potocols and librfid +--header librfid - A Free Software RFID stack + +Typical Protocol Stack + rfid_protocol_stack + CM5121 Reader + CL RC632 ASIC + PC_to_RDR_Escape transport + USB-CCID driver of OpenCT + libusb + +--newpage +--footer RFID Potocols and librfid +--header librfid - A Free Software RFID stack +Application Interface + +Native API + librfid-specific API + quite low-level + requires application to know a lot about the stack + +OpenCT, PC/SC, CT-API + OpenCT integration provides PC/SC and CT-API for crypto smarcards + Is currently under development + +--newpage +--footer RFID Potocols and librfid +--header Electronic Passports +Electronic Passports (ePassports) are officially called MRTD +MRTD: Machine Readable Travel Document +Specifications by ICAO (International Civil Aviation Organization) +Basic idea + store passport data and additional biometrics on Transponder + alternate storage methods such as 2D barcodes covered, too + common standard for interoperability + some features required, others optional (up to issuing country) + +--newpage +--footer RFID Potocols and librfid +--header Electronic Passports +Organization of Data + According to LDS (Logical Data Structure) specification + Data is stored in DG (Data Groups) + DG1: MRZ information (mandatory) + DG2: Portrait Image + Biometric template (mandatory) + DG3-4: fingerprints, iris image (optional) + EF.SOD: Security Object Data (cryptographic signatures) + EF.COM: Lists with Data Groups Exist + All data is stored in BER-encoded ASN.1 + just think of all the ASN.1 parser bugs... + DG2-DG4 are encoded as CBEFF (common biometric file format, ISO 19785) + +--newpage +--footer RFID Potocols and librfid +--header Electronic Passports +Security Features + Randomization of Serial Number + Usually all ISO 14443 transponders have a unique serial number + This serial number is part of the anticollision procedure + Problem: Pseudonymized Tracking + ICAO MRTD specs don't require unique serial number + Therefore, some countries will generate random serial numbers + +--newpage +--footer RFID Potocols and librfid +--header Electronic Passports +Security Features + Passive Authentication (mandatory) + Proves that passport data is signed by issuing country + Inspection System verifies signature of DG's + EF.SOD contains individual signature for each DG + EF.SOD itself is signed + Document Signer Public Key from PKD / bilateral channels + Document Signer Public Key also stored on Passport (optional) + Useful only if Country Root CA public key known + +--newpage +--footer RFID Potocols and librfid +--header Electronic Passports +Security Features + Active Authentication (optional) + Verifies that chip has not been substituted + Uses challenge-response protocol between reader and chip + DG15 contains KPuAA + KPrAA is stored in secure memory of the chip + PPuAA is signed in EF.SOD + +--newpage +--footer RFID Potocols and librfid +--header Electronic Passports + Basic Access Control (optional, implemented in .de passports) + Denies Access to the chip until inspection system is authorized + Authorization is performed by deriving keys from MRZ + MRZ_info + nine digit document number + in many countries: issuing authority + incrementing number + six digit date of birth + can be guessed or assumed between + six digit expiry date + 16most significant bytes of SHA1-hash over MRZ_info is key + 3des keys used for S/M (ISO7816 secure messaging) + + +--newpage +--footer RFID Potocols and librfid +--header Electronic Passports + Extended Access Control (optional) + Prevents unauthorized access to additional bimetrics + Similar to Basic Access Control, but different keys + Not internationally standardized + Implemented by individual states + Only shared with those states that are allowed access + + +--newpage +--footer RFID Potocols and librfid +--header Electronic Passports + Encryption of Additional Biometrics (optional + The actual payload of the CBEFF + +--newpage +--footer RFID Potocols and librfid +--header Electronic Passports +Public Key Hierarchy + X.509 Certificates + Every country operates it's own CA + Document signer keys derived from CA root + Document signer public keys are distributed publicly via ICAO PKD + Everyone can verify + +--newpage +--footer RFID Potocols and librfid +--header libmrtd - Free Software library for MRTD's +libmtrd provides functions for + reading out and decoding data on MRTD + verifying data stored on MRTD + cryptograpy compliant with MRTD specs + basic access control + passive authentication + extended access control (planned) + +--newpage +--footer RFID Potocols and librfid +--header libmrtd - Free Software library for MRTD's +API towards the lower level (transport) + PC/SC (to work with readers/drivers other than librfid) + native librfid API +API towards the application + not really finished yet, lots of flux + +--newpage +--footer RFID Potocols and librfid +--header libmrtd - Free Software library for MRTD's +libmrtd status + parsing functions for LDS + parsing functions for DG1 + parsing functions for DG2 (CBEFF) + basic access control + still very much beta stage software + contributors welcome + no frontend application program + +--newpage +--footer RFID Potocols and librfid +--header Further Reading + +The slides + https://svn.gnumonks.org/trunk/presentation/2005/rfid-0sec2005/ +The paper + https://svn.gnumonks.org/trunk/presentation/2005/rfid-lk2005/ +librfid code + https://svn.gnumonks.org/trunk/librfid/ +libmrtd + https://svn.gnumonks.org/trunk/libmrtd +the mailinglist + librfid-devel@lists.gnumonks.org + https://lists.gnumonks.org/mailman/listinfo/librfid-devel +ICAO MRTD homepage (includes all MRTD specs in PDF format) + http://www.icao.org/ diff --git a/2005/rfid-ccc_ds2005/rfid-datenschleuder-gliederung.txt b/2005/rfid-ccc_ds2005/rfid-datenschleuder-gliederung.txt new file mode 100644 index 0000000..05646e2 --- /dev/null +++ b/2005/rfid-ccc_ds2005/rfid-datenschleuder-gliederung.txt @@ -0,0 +1,145 @@ + +- different types of RFID + - serial-number-only + - read/writeable memory + - read/writeable memory with authentication + - processor chip cards (like contact-based) + +- physical/electrical characteristics + - old 125kHz systems + - current 13.56MHz systems + - ISO 14443-A + - ISO 14443-B + - ISO 15693 + - both 125kHz and 13.56MHz are magnetic H-field systems + - reader provides strong magnetic field to provide power to PICC + - data from reader to PICC is modulated onto carrier. + - PICC uses load modulation to send back replies to reader + +- ISO 14443 + - 14443-1 + - defines physical layer (e.g. field strength, ...) + - 14443-2 + - 14443-3 A + - 100% ASK from reader to PICC + - binary search tree anticollision + - 14443-3 B + - 10% ASK from reader to PICC + - slotted aloha anticollision + - 14443-4 + - also called T=CL + - datagram-based transport protocol + - handles retransmission, ack/nack + - optional signal strength signalling + - data rates between 106 and 848 kbps + +- Mifare + - proprietary system by philips + - requires philips circuits in tag and reader + - authentication using two 40bit? keys + - proprietary encryption algoritm + - brute-force of 40bit not possible due to slow devices + +- ISO 15693 + - only used by tags, not by smart cards + +- STm + +- Legic + +- Available readers + - generally based on either Philips or STM reader ASIC + - reader ASIC integrates analogue RF and digital part + - typically offer SPI and/or parallel bus interface + - host interface either serial or USB (planned: ethernet, see also + IETF working group on this subject) + - serial readers speak either proprietary protocol or sometimes + emulate serial contact-based readers for 14443-4 (T=CL) + - stupid readers + - only connect reader ASIC to host pc + - protocol stack implemented on host pc + - intelligent readers + - handle protocol stack in firmware of microcontroller in the + reader + - sometimes even parts of the application are embedded in the + reader firmware + - problem: often only support very specific + protocols/applications + +- librfid + - implements 14443-1234 and 15693 stack + - has hooks for mifare and other proprietary RFID protocols + - implements fairly generic driver for Philips CL RC632 ASIC + - currently only supports Omnikey CardMan 5121 + - currently only offers non-standard API for higher-level apps + - scheduled to provide OpenCT backend (OpenCT supports CT-API and PC/SC) + +- Problems + - T=CL looks almost like a layer 4 network protocol, 14443 supports + operation of multiple PICC's simultaneously (by using CID + addressing). Therefore it looks like a master/slave network + protocol. + - Current API's for contact based cards (like PC/SC) cannot deal well + with multiple PICC's coming and going. + +- Passive Sniffing of 14443 + - dream: ethereal-like program for RFID + - h-field decreases tremendously with distance + - h-field antennas required + - reader -> picc signal strong and easily detected, beyon 10m + - picc -> reader signal very weak (60-70dB below reader->picc). so far + barely recognizable beyond 3m, even with 1m-loop-antenna + - various hardware approaches + - using software defined radio (gnuradio) + - quite expensive, unless you happen to already have one + - flexible, since everything can be done in software + - gnuradio-implementation of 14443 on my TODO list + - using dedicated demodulation hardware + - way cheaper than SDR + - 13.56MHz low enough for DIY-hardware + - under development by Milosch + - using existing reader ASIC, put it in read-only mode + - might be feasible, but operation is unlikely due to + lack of phase and clock synchronization with external + source + +- ICAO compliant MRTDs + - ICAO already regulates MRZ on current travel documents in Doc 9303 + - Working group created standards for new MRTD with biometric data + - Specifications publicly available + - 14443 A or B PICC + - ISO 7816-4 (inter-industry commands) + - LDS (Logical Data Structure) + - DG1 + - data as printed on passport + - DG2 + - facial JPEG, min 80pixels between eyes + - EF.SOD + - signature of DG1, DG2 + - DG_FIXME + - optional fingerprint data + - Security + - passive auth + - basic access control + - prevents unauthorized reading by refusing + access until key derived from MRZ is + presented to PICC + - probably weak, since key is derived only from + DOB, document expiry date and document number + - provides session key generation for SM + encrypted transport layer + - active auth + - TR-PKI + - each country operates its own root CA + - intermediate document signer certificates + - country root certificates available via public LDAP + - certificates of all recognized countries need to be + stored in every inspection system + - certificate chain of EF.SOD signature can be verified + - specifies CRL polling intervals, etc. + +- libicao + - aims to implement all required functions for access to ICAO MRTD + - basic access control present, but no secure messaging yet + - can use OpenCT or PC/SC as underlying API + diff --git a/2005/rfid-ccc_ds2005/rfid-datenschleuder.txt b/2005/rfid-ccc_ds2005/rfid-datenschleuder.txt new file mode 100644 index 0000000..0ef98dc --- /dev/null +++ b/2005/rfid-ccc_ds2005/rfid-datenschleuder.txt @@ -0,0 +1,314 @@ +Introduction into RFID +(C) 2005 by Harald Welte <laforge@gnumonks.org> + +During the last couple of years, various different sectors of industry and +event government organizations started to talk about RFID technology. + +The RFID industry makes huge promises, according to which RFID will penetrate +our everyday life in the very close future. RFID is used in the ICAO-compliant +electronic passports, for electronic ticketing in the public transport sector +and for tickets to events such as the soccer world championships in 2006. +Studies are performed on the feasability of putting RFID circuitry into every +Euro bill. + +Contrary to those industry promises, there is a growing opposition among civil +liberties groups and the data protection community. The fear of abuse of this +technology to invade privacy even further is big. + +The public debate on RFID is mostly on a very high and therefore abstract +level. Even within the technical community, there's a severe lack of knowledge when it comes to really understanding RFID. + +This article tries to give a technical introduction into RFID, +summarizing what the author has learned throughout the last year during his +research and development. + + +A lot of the ambuguity related to RFID comes from the unclear term "RFID" and +it's various abuses. Strictly speaking, "RFID" means "Radio Frequency +IDentification" and therefore refers to any technology facilitating +identification of items using radio frequency. + +However, the term is generally used for meny different technologies and +concepts. + +Another common misconception is that most RFID systems in use today are based +on standards. To the opposite: In fact they're mostly proprietary systems +produced by specific vendors, who obviously all proclaim to have invented an +'industry standard". Even those few RFID protocols that have been standardized +by international standardization bodies such as ISO/IEC reflect the usual +"either it's done way A, if not it's done way B" paradigm that seems to +dominate the whole smart card industry. But that's enough of a rant for now. + + +Overview of an RFID system + +A RFID system is usually composed of a reader device (which is always called +reader, even if it can write) and some (RF)ID tag. + +Tag: + +1) serial number only +The most simplistic RFID systems come with read-only "serial number" tags. +This basically means that the tag has a vendor-defined serial number (much like +a barcode on product packaging), that can only be read. Such systems generally +don't employ any form of authentication. + +2) WORM tags +WORM(write once read many) tags can be written once (usually at the customer +site) and read many times. + +3)read/write tags. +Instead of only being vendor programmable, they are actually (at least +partially) user programmable. Since no authentication is performed, anyone +with the respective equipment can write to such a tag. + +3) read/write with security +This variant of tags employ read/writable memory plus some state machines that +allow for (mutual) authentication of reader and tag. + +4) cryptographic smartcards with RF interface +The lateset generation of "tags" are not really "tags" anymore, but rather +cryptographic smart cards with an RF interface. This means that you have a +whole computer (sometimes called RFIC), including CPU, RAM, ROM, EEPROM, +hardware random number generator, hardware crypto, etc. Since such devices +originate from the smart card world, they sometimes even come as "dual +interface smart cards", i.e. employ both contact based and contactless (RFID) +interface. + + +Reader: + +Readers are usually connected to some computer or network, using standard +interfaces such as RS232 ports, serial interfaces, USB, or Ethernet. +Unfortuantely, there is no standard either on hardware nor on software level. +This means that most RFID applications will be written against specific +vendor-rprovided driver or library API's. There's one notable exception: +Reader systems employing cryptographic smartcards with RF interface often +emulate API's from the contact-based smart card world such as PC/SC or CT-API. + + + +RF Interface: + +Between reader and tag there is some form of an RF interface. The RF interface +differs from system to system in many parameters, such as frequency, +modulation and operational principle. + +magnetic coupling: +Most of todays RFID systems use a magnetic coupling principle. In such a +system, the reader provides a strong magnetic field (H-field). This field is +picked up by the antenna of a tag, and used to power the tag. Common +frequencies for such magnetically coupled RFID systems are 125kHz and 13.56MHz. +Magnetic systems often employ amplitude shift keying for the reader to tag +communications channel, and load modulation from tag to the reader. + +The strong magnetic field only exists in the proximity of the readers' antenna. +Thus, magnetically coupled RFID systems are sometimes referred to as "proximity +RFID", often with operational ranges less than 10cm. + +backscatter: +A lot of RFID systems under current developemnt operate in the UHF frequency +range (868 to 956 MHz, depending on the regulatory domain). They use the +electric field of the reader, and employ backscatter modulation from tag to +reader. The electrical field extends over longer distance than the magnetic +field. Therefore, the operational range of backscatter systems are within tens +of metres. + +SAW: +SWA tags use low-power microwave radio signals. The tag converts them to +ultrasonic accoustic signals using a piezoelectric crystalline material. +Variations of the reflected signal can be used to provide a unique identity +such as a serial number. + +The remaining article will focus on magnetic coupling RFID systems only, since +backscatter systems are not widely deployed yet, and therefore of little +practical relevance. + + +Protocols and standards: + +For the commonly-used 13.56MHz based systems, there are two major protocols in +use, ISO14443 and ISO15693. ISO15693 seems only be used for "dumb" tag +applications, whereas ISO14443 is used frequently with RF interfaced processor +smart cards. + +Besides the "physical layer" issues such as modulation, coding, bit timing, +and frequency, there are some other important tasks of an RFID protocol. + +One of the funamental effects of RFID is the possibility of multiple tags +within the operating range of a reader, just like in any other shared medium +communication channel. + +In order to cope with multiple tags, an anticollision procedure has to be +specifieid. Some sophisticated protocols (as 14443-4 )even allow a reader to +assign logical addresses to individual tags in order to communitace with +multiple tags. + + +ISO11784/11785 + +The ISO11784/11785 series of standards are used for identification of animals. +This family of standards operates at 134,2 kHz and uses the magnetic coupling +operational principle. It uses load modulation with no subcarrier and employs +a bi-phase-code for transmission of 64bit transponder data at 4194 bits/sec. + +ISO14223 + +ISO14223 is an extension of 11784/11785 and allows for more data stored on the +tag/transponder. + +ISO10536 + +ISO10536 describes "close coupling" smart cards, with an operational range of +up to 1cm. It employs inductive or capacitive coupling at 4.9152 MHz. Due to +this low operational range, they never appeared in widespread use on the market. + +ISO14443 + +ISO14443 describes "proximity coupling identification cards". As opposed to +ISO10536, this stanrdard has an operational range of up to 10cm. + +ISO14443 comes in two variants: ISO14443-A and ISO14443-B. They both operate +on the same frequency, but with different parameters. + + 14443A 14443B +mod rdr->tag 100%ASK 10%ASK +mod tag->rdr load modulation at load modulation at 847kHz, BPSK + 847kHz, ASK +code rdr->tag modified miller NRZ +code tag->rdr manchester NRZ +anticol binary search slotted aloha + +ISO14443-4 specifies an (optional) transport level protocol on top of the lower +three layers of the ISO14443 protocol. This transport protocol is sometimes +referred to as "T=CL" (transport=contactless). This designation bears its +origin in the smart card world, where other protocols such as "T=0" and "T=1" +are in widespread use for decades. + + +ISO15693: + +ISO15693 describes "vicinity coupling" RFID, with an operational range of up +to 1m. Like ISO14443, it operates on 13.56 MHz and employs magnetic near-field +inductive coupling. + +This standard again supports various modes, such as 10% or 100% ASK, 1.65kb/s +or 26.48kb/s data rate, ASK or FSK based load modulation. + +ISO18000 series + +This ISO series is under current development. It intends to specify unique +world wide standards for item management. Specifications include operation +on 13.56MHz, 2.45GHz, 5.8GHz and the 868 to 956 MHz UHF band. + +The remaining paper will mostly look at ISO14443, since it is in widespread use +today and also used by the electronic Passport system specified by ICAO. + + +A closer look on Readers: +There's a variety of readers for the 13.56MHz world, ranging from embedded +readr modules to PC-connected readers for USB and serial connections, +Ethernet-connected readers as well as readers for handheld devices with +CompactFlash interface. + +As opposed to the contact-based smartcard world where most readers now support +the USB CCID standard (to my surprise even non-usb devices!), there is no +standardization. Neither does any of the readers - to the best of the authors' +knowledge - have any publicly and/or freely available documentation. A similar +lack is observed for Linux drivers. If they are available, then often for an +extra charge, and in proprietary x86-only format. + +On the electrical level, a lot of readers are surprisingly equal. Almost all +of them seem to use readily available "reader ASICs" of vendors such as TI or +Philips. Those ASIC's usually integrate both the analogue RF part (including +modulation/demodulation) and the digitial part. They are interfaced by serial +(SPI) or parallel address/data bus. As you could have guessed by now, there's +again no publicly/freely available documentation on any of the chipsets. + +After doing some research and re-engineering on commonly-available existing +readers, there seems to be a two different basic architectures: + +1) active +Active readers do all the 14443/15693 processing within a microcontroller of +the reader. Advantages of an active design are low latency, high speed and +applicability in embedded or remotely connected environments where no host +computer could do protocol processing. + +2) passive +Passive readers simply include the most basic logic to interface the reader +ASIC with the external interface. Therefore all protocol processing has to be +done on the host system. + +For obvious reasons, the passive architecture allows for cheaper development +and total product cost. The author anticipates that all PC-based readers will +eventually become passive. A commonly-available passive reader (Omnikey +CardMan 5121) was chosen for the development of librfid. + + +Omnikey CardMan 5121 + +On the first glance, the cm5121 is a USB CCID contact based smartcard reader. +It can be used with vendor-supplied proprietary drievers, or with various +freely available CCID reader drivers, such as the OpenCT project. + +However, the RFID part is simply a Philips CL RC632 reader asic that can be +accessed transparently by issuing read/write_byte and read/write_fifo commands +via CCID PC_to_RDR_Escape usb messages. + +The author further obtained a (publicly available, but encrypted) detailed data +sheet of the Philips CL RC632 reader asic, which magically decrypted itself by +using a couple of days worth of CPU power. + +The CL RC632 is a multi-protocol reader asic, supporting 14443-A, 14443-B, +15693 as well as the proprietary 14443A-based Mifare system. + +Using the data sheet, a free and GPL licensed RFID stack could be implemented +from scratch. + + +Security Issues + +Sniffing +Like any RF interface, the magnetic RFID interface can be passively sniffed. +Due to the use of the H-field in 125kHz and 13.56MHz systems, the possible +surveillance range is very slow. Also, given the enormous power constraints +within the tag, the power put into the tag->reader channel is very low. +Furthermore, the main carrier and the subcarrier are very close in the radio +spectrum - while their signal strength differs some 60 to 80 dB. + +Measurements conducted by the author do not suggest that passive surveilance of +ISO 14443 compliant systems is not possible outside a range of 4-5 metres - at +least not with DIY equipment. + + +DoS +ISO14443-A and -B anticollision systems are subject to denial of service +attacks. + +For 14443-A, such an attack could simply cause one collision for every bit in +the address, thus preventing the reader to complete its binary search algoritm +and fully select one of the available tags. + +Authenticity/Confidentiality +ISO14443-A doesn't provide any form of security. Any kind of authentication +and/or encryption has to be employed at a higher level, such as ISO7816 secure +messaging. Compare the system with a TCP/IP stack (level 1..4) with SSL/TLS on +top. + +Proprietary Security +The security of vendor-speciifc proprietary systems such as Mifare are based on +security by obscurity. The encryption alogorithm is not publicly documented, +and only implemented in vendor-supplied hardware, usually the reader ASIC and +inside the tag itself. Keys are stored on the tag and in the reader ASIC. + +Security by obscurity within the software industry generally doesn't work. +However, in the hardware world vendors still seems to assume it as a valid +paradigm. + +The key lengths used seem extermely small (40bit). Should the algorithm ever +be uncovered, it is expected to compromise the security of the whole system. +The arithmetic complexity of the algorithm can only be low, given it's +implementation in lowest-cost state-machine-only tags. Therefore it is +expected that + + diff --git a/2005/rfid-lk2005/abstract.txt b/2005/rfid-lk2005/abstract.txt new file mode 100644 index 0000000..d1ea304 --- /dev/null +++ b/2005/rfid-lk2005/abstract.txt @@ -0,0 +1,26 @@ +RFID, Biometric Passports and Linux + +Numerous countries around the globe are in the process of introducing passports +with biometric information stored on RFID chips, so-called ICAO MRTD's (Machine +Readable Travel Documents). The German authorities coincidentially plan to +issue the first such passports at the time of LK2005 in October 2005. + +As part of the CCC (Chaos Computer Club) working group on biometric passprots, +the author of this paper has followed the technical development and +standardization process very closely. In order to gather first-hand experience +with this new technology, he has implemented a GPL-licensed, Linux-based RFID +stack. + +The stack includes a device driver for the common Philips CL RC632 reader +chipset, an implementation of the ISO 14443-1, 2, 3 and 4 protocols, as well as +an example "border control application" that is able to read and verify +information stored on an ICAO MRTD compliant passport. + +The paper covers some high-level introduction into the technical standards, as +well as a description of the "libmrtd" and "librfid" projects and a live +demonstration with some passport samples. + +Due to the complexity of the subject matter, it will be hard to fit even a +basic explanation of the standards and protocol _and_ an actual description of +the librfid / libmrtd projects _and_ a technical demonstration into a single +timeslot diff --git a/2005/rfid-lk2005/biography.txt b/2005/rfid-lk2005/biography.txt new file mode 100644 index 0000000..21758e7 --- /dev/null +++ b/2005/rfid-lk2005/biography.txt @@ -0,0 +1,27 @@ + Harald Welte is the chairman of the netfilter/iptables core team. + + His main interest in computing has always been networking. In the few time +left besides netfilter/iptables related work, he's writing obscure documents +like the "UUCP over SSL HOWTO" or "A packet's journey through the Linux network +stack". Other kernel-related projects he has been contributing to are random +netowrking hacks, some device driver work and the neighbour cache. + + He has been working as an independent IT Consultant working on projects for +various companies ranging from banks to manufacturers of networking gear. +During the year 2001 he was living in Curitiba (Brazil), where he got +sponsored for his Linux related work by Conectiva Inc. + + Starting with February 2002, Harald has been contracted part-time by +Astaro AG, who are sponsoring him for his current netfilter/iptables work. +Aside from the Astaro sponsoring, he continues to work as a freelancing kernel +developer and network security consultant. + + He licenses his software under the terms of the GNU GPL. Sometimes users of +his software are not compliant with the license, so he started enforcing the +GPL with his gpl-violations.org project. + + During the last year, Harald has started development of a free, GPL-licensed +Linux RFID and electronic passport software suite. + +Harald is living in Berlin, Germany. + diff --git a/2005/rfid-lk2005/brainstorm.txt b/2005/rfid-lk2005/brainstorm.txt new file mode 100644 index 0000000..07074e3 --- /dev/null +++ b/2005/rfid-lk2005/brainstorm.txt @@ -0,0 +1,33 @@ +- RFID confusion + - passive 1-bit tags + - ro/rw memory + - state machines for permission checking + - contactless smartcards (processor chip cards, ...) + +- processor chip cards + - typically 8bit micrprocessor (e.g. 8051 based) + - MMU (!) + - typical configuration: 1k RAM, 32k Flash, 70k mask ROM + + +- ISO 14443 "proximity cards" + - 14443-1 (physical specification) + - 13.56 MHz + - 14443-2 (radio interface) + - power transmission from reder (PCD) to card (PICC) + - 13.56MHz +- 7kHz + - field strength 1.5A/m to 7.5A/m (rms) + - channel from reader to card + - Type A: carrier modulation with 100% ASK, modified miller code + - Type B: carrier modulation with 10% ASK, NRZ-L code + - channel from card to reader + - Type A: load modulation on subcarrier fc/16, OOK, manchester code + - Type B: load modulation on subcarrier fc/16, BPSK, NRZ-L code + - 14443-3 (anti collision) + - + + +- biometric passport + - technical view + - iso 7816-4 command based processor chip card + - iso 14443-{1,2,3,4} based RFID interface diff --git a/2005/rfid-lk2005/libmrtd.xml b/2005/rfid-lk2005/libmrtd.xml new file mode 100644 index 0000000..4f01956 --- /dev/null +++ b/2005/rfid-lk2005/libmrtd.xml @@ -0,0 +1,15 @@ + +<section> +<title>libmrtd - A free software library for ICAO MRTDs</title> +<para> +The libmrtd project intends to provide a free software +implementation of common operations related to ICAO compliant MRTD's, such as +verification of an ePassport (border control application). +</para> +<para> +Unfortunately, at the time of writing of this paper, progress of libmrtd was +limited. Nevertheless, the author is confident to show a live demonstration of +ePassport verification when this paper is presented at Linux Kongress 2005. +</para> + +</section> diff --git a/2005/rfid-lk2005/librfid.xml b/2005/rfid-lk2005/librfid.xml new file mode 100644 index 0000000..d4788db --- /dev/null +++ b/2005/rfid-lk2005/librfid.xml @@ -0,0 +1,221 @@ + +<section> +<title>librfid - A free software RFID stack</title> +<para> +The librfid project intends to provide a free software reader-side +implementation of common RFID protocols such as ISO 14443, ISO 15693. +</para> +<para> +Careful design and various abstraction layers should enable it to include +support for various readers and protocols, even though as of now only a single +reader and ISO 14443(A+B) is implemented. +</para> + + + +<section> +<title>Data Structures</title> +<para> +The librfid codebase is very modular and therefore data-centric. It is +therefore important to understand the various data structures and how they +interact. +</para> + +<section> +<title>struct rfid_asic</title> +<para> +A struct rfid_asic is the integral part of every supported reader. +</para> +<para>A +separation between ASIC and reader makes sense, since almost all of the +existing readers use one of the few available ASIC solutions from Philips, TI +and the like. +</para> +</section> + +<section> +<title>struct rfid_asic_transport</title> +<para> +A struct <structname>rfid_asic_transport</structname> connects a struct rfid_asic to librfid. +</para> +<para> +This transport is usually limited to very few essential primitives. With the +Philips CL RC632, the asic transport has to provide four primitives: read/write +register, and read/write FIFO. +</para> +</section> + +<section> +<title>struct rfid_reader</title> +<para> +A struct <structname>rfid_reader</structname> contains information about the +specific configuration of the ASIC as well as the transport. +</para> +</section> + +<section> +<title>struct rfid_layer2</title> +<para> +A struct <structname>rfid_layer2</structname> implements the anticollision procedure, such as ISO +14443-3. +</para> +</section> + +<section> +<title>struct rfid_protocol</title> +<para> +A struct <structname>rfid_protocol</structname> implements a transport protocol, such as ISO 14443-4 +</para> +</section> + +<section> +<title>Runtime handles</title> +<para> +Each of the structures described above, have a _handle structure. The _handle +(e.g. rfid_layer2_handle) saves instance-local state and allows the stack to +identify the user. +</para> +</section> + +</section> <!-- data structures --> + +<section> +<title>Protocol Stack</title> +<para> +In the typical current setup (CardMan 5121 reader, ISO14443-123A, ISO14443-4), +those data structures are stacked on top of each other like this: +<screen> +rfid_protocol_tcl +rfid_layer2_iso14443a +CM5121 reader +CL RC632 asic +PC_to_RDR_Escape transport +USB-CCID +libusb +</screen> +</para> +</section> + +<section> +<title>Interaction with OpenCT</title> + +<section> +<title>What is OpenCT</title> +<para> +OpenCT is a free software smart card reader driver package, originally +developed for the OpenSC (http://www.opensc.org) project. As of now, it only +supports contact based smart cards. +</para> +</section> + +<section> +<title>Integration with OpenCT</title> +<para> +First of all, why use OpenCT at all? Because like other "consumer" RFID +readers, the 5121 supports contact based and contactless operation. Its +contact based operation is already supported by the OpenCT ifd-ccid driver. +</para> +<para> +Also, many "legacy" smart card applications expect to talk to a PC/SC or CT-API +interface. OpenCT already provides a "ifdehandler" backend for pcsc-lite, as +well as a CT-API wrapper. In addition, OpenCT suports a client/server +architecture where readers can be shared in a network. If librfid was +integrated with OpenCT, it could directly benefit from those features. +</para> +<para> +On the other hand, there are many usage cases, where neither dual-interface +operation nor a PC/SC API is applicable. This includes usage of passive (state +machine) tags that do not speak sophisticate transport protocols such as +14443-4. Therefore, OpenCT integration on both backend and frontend can only +be provided optionally, ant not made mandatory. +</para> + +<para> +The overall integration with OpenCT is: +</para> +<para> +Export the PC_TO_RDR_ESCAPE based interface to the RFID Reader ASIC (Philips +RC632) as a virtual slot (always the last slot number 2 of the cm5121). This +virtual slot supports only one special protocol: The "ESCAPE" protocol. +</para> +<para> +The RFID software stack opens this virtual slot to talk to the RFID +Reader ASIC using the OpenCT API (CT_Card_Transact). +</para> +<para> +The RFID software stack implements the various protocols and protocol layers +</para> +<para> +The RFID software stack registers a number of slots as ifd-handler with +OpenCT. The slots provide access to protocols like T=CL. </para> +</section> + +</section> + +<section> +<title>Application Interfaces</title> + +<section> +<title>Native API</title> +<para> +The native API is the API that librfid uses internally. It reflects all +features, and by it's very nature not compatible to any standard. +Also, it is the only API that is fully supported at the time this paper was written. +</para> +<para> +The API is not very comfortable, as many calls have to be made, and everything is explicit. There is no support for advanced features such as auto-detecting the standard/protocol a given tag supports. +</para> +<para> +An application will likely start with <function>rfid_init()</function>, +followed by <function>rfid_reader_open()</function>, <function>rfid_layer2_init()</function>, <function>rfid_layer2_open()</function>, +<function>rfid_protocol_init()</function> and <function>rfid_orotocol_open()</function>. +</para> +<para> +Data is transcieved to and from the tag by calling <function>rfid_protocol_transcieve()</function>. +</para> +<para> +For an example on how to use the API, please look at the +<filename>librfid/openct-secape.c</filename> program in the librfid source +tree. +</para> + +<section> +<title>OpenCT, CT-API, PC/SC</title> +<para> +librfid will not by itself provide any of those interfaces, but rather +implement an OpenCT backend driver (ifd-librfid). +</para> +<para> +At the time of writing, such a backend did not yet exist. +</para> +</section> + +</section> <!-- API's --> + +<section> +<title>Future Development</title> +<para> +librfid is currently in an early alpha/beta state. It is not yet ready for +production use. Apart from a hand full of minor fixes from MaskTech GmbH, +it's a one-man project. It's also not a project that I can focus on, because +its main author has many other project and considers librfid more or less a +"pet project". +</para> +<para> +Therefore, skilled developers are needed. If you want to experiment with RFID +technology, and really learn about the protocols instead of just using +something ready-built, librfid should provide you with a good basis. +</para> +<para> +The initial code is there, you can do something useful (namely: Talk to +ISO14443-A and -B cards using T=CL protocol). If you feel like adding support +for some other reader device, or further protocols, any help is appreciated. +</para> +<para> +There's now also a development mailinglist at <email>librfid-devel@lists.gnumonks.org</email>. +</para> +</section> + +</section> + +</section> diff --git a/2005/rfid-lk2005/mrtd.xml b/2005/rfid-lk2005/mrtd.xml new file mode 100644 index 0000000..4db57c3 --- /dev/null +++ b/2005/rfid-lk2005/mrtd.xml @@ -0,0 +1,257 @@ + + +<section> +<title>ePassports - Electronic Passports</title> + +<section> +<title>Introduction</title> +<para> +Electronic passports that are deployed arond the world (including Germany) will +be based on RFID technology. +</para> +<para> +Technically speaking, ePassports are ICAO[1] compliant MRTD[2]'s. ICAO is an +international body that already specifies the current OCR readable lines on +travel documents. The ICAO MRTD specifications are publicly available from the +ICAO homepage. +</para> +<para> +From a technical point of view, ePassports are ISO 14443-1,2,3,4 compliant +contactless smart cards. On top of 14443-4 transport layer protocol, APDU's +according to ISO 7816-4 are exchanged. +</para> +<para> +For those readers who are not familiar with smart card technology: ISO 7816-4 +(tries to) specify interindustry commands for interchange with ID cards. +</para> +<para> +The ISO 7816-4 smartcard provides a filesystem based interface to the +information stored on the ePassport. The Application software issues +high-level commands such as "SELECT FILE", "READ BINARY" to the MRTD. +</para> +<para> +The ICAO recommends a minimum memory size of 32kBytes. However, it recommends +as much memory as possible, and indicates 512kBytes as a target. +</para> +<para> +As of now, the MRTD chip has to operate in a write once, read many fashion. +After the document is issued, it must not be allowed to change any data. +Future standards may include the possibility to store electronic visa data. +</para> +</section> + +<section> +<title>Organization of Data</title> + +<para> +Data on the ePassport is organized according to a specification called LDS +(logical data structure). LDS specifies a number of DG's (Data Groups), as +well as the encoding of the data. +</para> + +<para> +The most important data groups are: +</para> + +<para> +DG1 is mandatory and contains the same data as printed on the cover page like +name, date of birth, expiration date, document number, nationality, etc. +</para> +<para> +DG2 (mandatory) contains the JPEG2000 encoded facial image and corresponding biometric data +</para> +<para> +DG3 (optional) contains biometric fingerprint data - not in German passports +</para> +<para> +DG4 (optional) contains biometric iris data - not in German passports +</para> + +<para> +ICAO requires data in DG1 and DG2 to be stored unencrypted, since it only +resembles the data that is human-readable on the printed pages of the passport. +Additional biometric data such as iris and/or fingerprint information may be +stored in an encrypted format. As of now, this is up to the issuing country. +Any form of encryption is outside the ICAO MRTD specifications and will thus not +work interoperable on an international level. +</para> +<para> +All biometric information stored within LDS is further encoded according to +CBEFF (Common Biometric Exchange File Format, NISTIR 6529-A), a common file +format that facilitates exchange and interoperablity of biometric data. +</para> +<para> +Each data group is cryptographically signed. The signature is stored in EF.SOD +(Security Object Data). +</para> +</section> + +<section> +<title>Security Features</title> + +<section> +<title>Randomization of unique serial number</title> +<para> +All ISO14443 compatible RFID chips disclose a unique serial number during the +anticollision procedure. This poses the potential threat of pseudonymised +tracking. The German BSI therefore requires this randomization of the +serial number. +</para> +</section> + +<section> +<title>Passive Authentication (mandatory)</title> +<para> +Passive authentication performs verification of the EF.SOD signature(s). This +assures that the content of the data groups is signed by the issuing country. +However, passive authentication does not prevent copying of a MRTD. +</para> +</section> + +<section> +<title>Active Authentication (optional)</title> +<para> +Ative authentication can be employed to verify that the chip has not been +substituted. It is based on a challenge response protocol. +The MRTD chip contains an active authentication public key Pair (KPrAA and +KPuAA). A hash representation of KPuAA is stored in EF.SOD and therefore +authenticated by the issuing country certifiate. KPrAA is stored in on-chip +secure memory. +</para> +</section> + +<section> +<title>Basic Access Control (optional, implemented in Geman ePassports)</title> +<para> +Basic access control denies access to the MRTD chip until the inspection system +proves that it is authorized to access the chip. This proof of authorization +is done by deriving a pair of keys (Kmac and Kenc) from the OCR-read machine +readable zone (MRZ). BAC can therfore prevent unauthorized "harvesting" of +passport data without being noticed by the passport holder. BAC also mandates +that any communication following-up to BAC has to be encrypted via ISO 7816-7/8 +secure messaging (SM). This transport level security can be somewhat compared +to running TLS on top of a TCP session. +</para> +</section> + +<section> +<title>Extended Access Control (optional)</title> +<para> +Extended Access Control prevents unauthorized access to additional biometrics. +It is similar to Basic Access Control, but requires separate keys and key +management. There is no ICAO MRTD standard on how it is implemented or used, +and therefore subject to the issuing state. +</para> +</section> + +</section> <!-- security architecture --> + +<section> +<title>The Public Key Hierarchy</title> +<para> +The PKI hierarchy is obviously nothing that directly affects the passport +itself. However, it is integral to the security of the system, so this paper provides a quick overview: +</para> +<para> +All keys are issued in the familiar form of X.509 certificates. +</para> +<para> +Each issuing state operatesits own "Country Singing CA". There is no +supernational Root CA. This is neccessary, since every country decides on its +own if it recognizes a particular other country. This also means that every +reader ("inspection system") has to store the Document Signer Certificate of +every recognized issuing country. +</para> +<para> +The individual ePassports are signed using Document Signer Keys. The Document +Signer Keys are in turn signed by the Country Signing CA. Document Signer keys +have limited lifetime, and it is recommended that issuing countries delete the +private key after the last passport for that key has been issued. +</para> +<para> +Issuing countries have to provide certificate revocation lists (CRLs) at least +every 90 days, but not more often than every 48 hours +</para> +<para> +The ICAO operates a "public key directry" which will be set up as X.500 +directory, updates are performed over LDAP. All communication with the PKD is +SSL authenticated. The PKD stores Document Signer Certificates, but not +Country signing CA certificates. ICAO verifies signatures of all incoming +Certificates and CRL's before making them available. The PKD has public read +access on the internet. +</para> +<para> +Country signing CA certificates will be provided bilaterally between countries. +</para> + +</section> + +<section> +<title>Crypto Algorithms</title> +<para> +The ICAO MRTD specification allows RSA, DSA and Elliptic Curve DSA with various +minimal key lengths: +</para> + +<informaltable border="1" width="90%"> +<tgroup cols="4"> +<thead> +<row><entry>Algorithm</entry><entry>Active Auth</entry><entry>Document Signer</entry><entry>Country Signing CA</entry></row> +</thead> +<tbody> +<row> + <entry>RSA</entry><entry>1024</entry><entry>2048</entry><entry>3072</entry> +</row> +<row> + <entry>DSA</entry><entry>1024/160</entry><entry>2048/224</entry><entry>3072/256</entry> +</row> +<row> + <entry>ECDSA</entry><entry>160</entry><entry>224</entry><entry>256</entry> +</row> +</tbody> +</tgroup> +</informaltable> + +</section> + +<section> +<title>Security threats</title> + +<section> +<title>Small Keyspace of basic access control</title> +<para> +The entropy of the MRZ data used to derive Kenc and Kmac for basic access +control is very limited. The nine digit document number is concatenated with +the date of birth and the expiration date of the document. +</para> +<para> +Since ICAO MRTD specifications recommend ePassports not to be valid for more +than five years, the expiration date can only be one out of (365*5 = 1325) +values. +</para> +<para> +The date of birth can realistically assume only values between 18 and 90 years +old (365*72 = 26280). Also, in case of a specific person, the range of the DOB +can often be estimated to a certain range. +</para> +<para> +Document Numbers are issued sequentially in some countries, and can therefore +be reduced to certain ranges. In Germany, the first four digits specify the +issuing department, and the following five digits increment sequentially. +</para> +</section> + +<section> +<title>Grandmaster Chess Attack</title> +<para> +The Active Authentication mechanism is meant to prevemt chip substitution (e.g. +carbon copying). However, it cannot prevent a "grandmaster chess attack", +where the inspection system talks to a "proxy" chip that would temporarily +communicate with the original MRTD. +</para> +</section> + + +</section> <!-- security --> + +</section> <!-- passports --> diff --git a/2005/rfid-lk2005/rfid-lk2005.tex b/2005/rfid-lk2005/rfid-lk2005.tex new file mode 100644 index 0000000..97939da --- /dev/null +++ b/2005/rfid-lk2005/rfid-lk2005.tex @@ -0,0 +1,307 @@ +\FOT{2}\Seq% +{\def\HeadingLevel% +{0}\def\PageNumberFormat% +{1}\def\PageNumberRestart% +{0}\def\PageNColumns% +{1}\def\PageColumnSep% +{36\p@}\def\PageBalanceColumns% +{0}\def\WritingMode% +{lefttoright}\def\InputWhitespaceTreatment% +{collapse}\def\LeftMargin% +{72\p@}\def\RightMargin% +{72\p@}\def\PageWidth% +{612\p@}\def\PageHeight% +{792\p@}\def\MinLeading% +{2\p@}\def\MinLeadingFactor% +{0}\def\TopMargin% +{72\p@}\def\BottomMargin% +{96\p@}\def\HeaderMargin% +{48\p@}\def\FooterMargin% +{48\p@}}\Node% +{}\Node% +{\def\Label% +{rfid_introduction-ds}}\Seq% +{}\SpS% +{\def\PageNColumns% +{1}\def\PageNumberRestart% +{0}\def\PageNumberFormat% +{1}\def\StartIndent% +{48\p@}\def\StartIndentFactor% +{0}\def\InputWhitespaceTreatment% +{collapse}\def\Quadding% +{start}\def\fSize% +{10\p@}\def\fWeight% +{medium}\def\fPosture% +{upright}\def\fFamName{Times-New-Roman}\def\LineSpacing% +{13\p@}\def\LineSpacingFactor% +{0}} +\SpSOtherBackLeftFooter% +{} +\SpSOtherBackLeftHeader% +{} +\SpSOtherBackCenterFooter% +{} +\SpSOtherBackCenterHeader% +{} +\SpSOtherBackRightFooter% +{\Seq% +{\def\fPosture% +{italic}}\insertPageNumber% +{}\endSeq{}} +\SpSOtherBackRightHeader% +{\Seq% +{\def\fPosture% +{italic}}\Node% +{\def\Element% +{2}\def\ProcessingMode% +{hf-mode}}\Seq% +{}RFID, Biometric Passports and Linux\endSeq{}\endNode{}\endSeq{}} +\SpSFirstBackLeftFooter% +{} +\SpSFirstBackLeftHeader% +{} +\SpSFirstBackCenterFooter% +{} +\SpSFirstBackCenterHeader% +{} +\SpSFirstBackRightFooter% +{\Seq% +{\def\fPosture% +{italic}}\insertPageNumber% +{}\endSeq{}} +\SpSFirstBackRightHeader% +{} +\SpSOtherFrontLeftFooter% +{} +\SpSOtherFrontLeftHeader% +{} +\SpSOtherFrontCenterFooter% +{} +\SpSOtherFrontCenterHeader% +{} +\SpSOtherFrontRightFooter% +{\Seq% +{\def\fPosture% +{italic}}\insertPageNumber% +{}\endSeq{}} +\SpSOtherFrontRightHeader% +{\Seq% +{\def\fPosture% +{italic}}\Node% +{\def\Element% +{2}\def\ProcessingMode% +{hf-mode}}\Seq% +{}RFID, Biometric Passports and Linux\endSeq{}\endNode{}\endSeq{}} +\SpSFirstFrontLeftFooter% +{} +\SpSFirstFrontLeftHeader% +{} +\SpSFirstFrontCenterFooter% +{} +\SpSFirstFrontCenterHeader% +{} +\SpSFirstFrontRightFooter% +{\Seq% +{\def\fPosture% +{italic}}\insertPageNumber% +{}\endSeq{}} +\SpSFirstFrontRightHeader% +{}\Seq% +{}\Seq% +{}\Seq% +{}\Node% +{\def\Element% +{2}\def\ProcessingMode% +{article-titlepage-recto-mode}}\Par% +{\def\fSize% +{24.883\p@}\def\LineSpacing% +{32.348\p@}\def\LineSpacingFactor% +{0}\def\Quadding% +{center}\def\fFamName{Arial}\def\fWeight% +{bold}\def\sbNom% +{18.662\p@}\def\sbMin% +{18.662\p@}\def\sbMax% +{18.662\p@}\def\sbConditional% +{1}\def\KeepWithNext% +{1}}RFID, Biometric Passports and Linux\endPar{}\endNode{}\Seq% +{}\Node% +{\def\Element% +{3}\def\ProcessingMode% +{article-titlepage-recto-mode}}\DisplayGroup% +{}\Node% +{\def\Element% +{4}\def\ProcessingMode% +{article-titlepage-recto-mode}}\Seq% +{}\Par% +{\def\fSize% +{17.28\p@}\def\LineSpacing% +{22.464\p@}\def\LineSpacingFactor% +{0}\def\Quadding% +{center}\def\fFamName{Arial}\def\fWeight% +{bold}\def\sbNom% +{10.8\p@}\def\sbMin% +{10.8\p@}\def\sbMax% +{10.8\p@}\def\sbConditional% +{1}\def\KeepWithNext% +{1}}Harald Welte\endPar{}\endSeq{}\endNode{}\endDisplayGroup{}\endNode{}\Seq% +{}\Node% +{\def\Element% +{14}\def\ProcessingMode% +{article-titlepage-recto-mode}}\Par% +{\def\Quadding% +{center}\def\fFamName{Arial}\def\fWeight% +{bold}\def\fSize% +{12\p@}} + \$Revision: 1.4 \$ + \endPar{}\endNode{}\Seq% +{}\Node% +{\def\Element% +{9}\def\ProcessingMode% +{article-titlepage-recto-mode}}\Par% +{\def\Quadding% +{center}\def\fFamName{Arial}\def\fWeight% +{bold}\def\fSize% +{12\p@}\def\sbNom% +{10.8\p@}\def\sbMin% +{10.8\p@}\def\sbMax% +{10.8\p@}\def\sbConditional% +{1}}Copyright © \Node% +{\def\Element% +{10}\def\ProcessingMode% +{article-titlepage-recto-mode}}\Seq% +{}2005 \endSeq{}\endNode{}\Node% +{\def\Element% +{11}\def\ProcessingMode% +{article-titlepage-recto-mode}}\Seq% +{}Harald Welte <\/laforge@gnumonks.org>\/ \endSeq{}\endNode{}\endPar{}\endNode{}\Seq% +{}\Node% +{\def\Element% +{15}\def\ProcessingMode% +{article-titlepage-recto-mode}}\DisplayGroup% +{\def\Quadding% +{start}\def\StartIndent% +{65.5\p@}\def\StartIndentFactor% +{0}\def\EndIndent% +{17.5\p@}\def\EndIndentFactor% +{0}\def\fFamName{Times-New-Roman}}\DisplayGroup% +{\def\StartIndent% +{65.5\p@}\def\StartIndentFactor% +{0}\def\sbNom% +{10\p@}\def\sbMin% +{10\p@}\def\sbMax% +{10\p@}\def\sbConditional% +{1}\def\saNom% +{10\p@}\def\saMin% +{10\p@}\def\saMax% +{10\p@}\def\saConditional% +{1}}\Node% +{\def\Element% +{16}\def\ProcessingMode% +{article-titlepage-recto-mode}}\Par% +{\def\FirstLineStartIndent% +{0\p@}\def\FirstLineStartIndentFactor% +{0}\def\Quadding% +{start}\def\Hyphenate% +{0}\def\Language% +{EN}\def\sbNom% +{20\p@}\def\sbMin% +{20\p@}\def\sbMax% +{20\p@}\def\sbConditional% +{1}\def\saNom% +{1.25\p@}\def\saMin% +{1.25\p@}\def\saMax% +{1.25\p@}\def\saConditional% +{1}} +Starting with October 2005, the federal goverment of Germany will be issuing +eplectronic passports, containing digitally signed biometric information on the +passport holder. Those passports use RFID technology to communicate with the +inspection system. +\endPar{}\endNode{}\Node% +{\def\Element% +{17}\def\ProcessingMode% +{article-titlepage-recto-mode}}\Par% +{\def\FirstLineStartIndent% +{0\p@}\def\FirstLineStartIndentFactor% +{0}\def\Quadding% +{start}\def\Hyphenate% +{0}\def\Language% +{EN}\def\sbNom% +{20\p@}\def\sbMin% +{20\p@}\def\sbMax% +{20\p@}\def\sbConditional% +{1}\def\saNom% +{1.25\p@}\def\saMin% +{1.25\p@}\def\saMax% +{1.25\p@}\def\saConditional% +{1}} +In order to do security research on ePassports and RFID in general, the author +of this paper has started a free implementation of the required RFID stack +(librfid) and an ICAO MRTD verification application (libmrtd). +\endPar{}\endNode{}\Node% +{\def\Element% +{18}\def\ProcessingMode% +{article-titlepage-recto-mode}}\Par% +{\def\FirstLineStartIndent% +{0\p@}\def\FirstLineStartIndentFactor% +{0}\def\Quadding% +{start}\def\Hyphenate% +{0}\def\Language% +{EN}\def\sbNom% +{20\p@}\def\sbMin% +{20\p@}\def\sbMax% +{20\p@}\def\sbConditional% +{1}\def\saNom% +{1.25\p@}\def\saMin% +{1.25\p@}\def\saMax% +{1.25\p@}\def\saConditional% +{1}} +This task can be compared to the task of developing a network driver, network +stack and ssl-\/enabled ftp client just to be able to capture a ftp data session. +Therefore progress of the librfid and libmrtd projects was quite slow. +\endPar{}\endNode{}\Node% +{\def\Element% +{19}\def\ProcessingMode% +{article-titlepage-recto-mode}}\Par% +{\def\FirstLineStartIndent% +{0\p@}\def\FirstLineStartIndentFactor% +{0}\def\Quadding% +{start}\def\Hyphenate% +{0}\def\Language% +{EN}\def\sbNom% +{20\p@}\def\sbMin% +{20\p@}\def\sbMax% +{20\p@}\def\sbConditional% +{1}\def\saNom% +{1.25\p@}\def\saMin% +{1.25\p@}\def\saMax% +{1.25\p@}\def\saConditional% +{1}} +However, the project has by now reached a stage where it can actually do +something reasonable: Reading and decoding data from an ePassport. +\endPar{}\endNode{}\endDisplayGroup{}\endDisplayGroup{}\endNode{}\endSeq{}\endSeq{}\endSeq{}\endSeq{}\endSeq{}\endSeq{}\endSeq{}\Node% +{\def\Element% +{1}}\endNode{}\Node% +{\def\Element% +{20}}\Seq% +{\def\ColorRed% +{255}\def\ColorGreen% +{0}\def\ColorBlue% +{0}}\endSeq{}\endNode{}\Node% +{\def\Element% +{21}}\Seq% +{\def\ColorRed% +{255}\def\ColorGreen% +{0}\def\ColorBlue% +{0}}\endSeq{}\endNode{}\Node% +{\def\Element% +{22}}\Seq% +{\def\ColorRed% +{255}\def\ColorGreen% +{0}\def\ColorBlue% +{0}}\endSeq{}\endNode{}\Node% +{\def\Element% +{23}}\Seq% +{\def\ColorRed% +{255}\def\ColorGreen% +{0}\def\ColorBlue% +{0}}\endSeq{}\endNode{}\endSpS{}\endSeq{}\endNode{}\endNode{}\endSeq{}\endFOT{}
\ No newline at end of file diff --git a/2005/rfid-lk2005/rfid-lk2005.tpp b/2005/rfid-lk2005/rfid-lk2005.tpp new file mode 100644 index 0000000..a495fac --- /dev/null +++ b/2005/rfid-lk2005/rfid-lk2005.tpp @@ -0,0 +1,303 @@ +--author Harald Welte <laforge@gnumonks.org> +--title RFID, Biometric Passports and Linux +--date 13 Oct 2005 +Starting in November, the German federal government will be issuing epectronic passports with RFID interface. + +This presentation covers technical background about the RFID technology, the ICAO MRTD specification, and the authors' efforts to develop a free software stack to use Linux to communicate with those passports. +--footer This presentation is made with tpp http://synflood.at/tpp.html + +--newpage +--footer RFID, Biometric Passports and Linux +--header Overview +Introduction into RFID + What is RFID + Components of RFID System + Protocols and Standards + Security ISsues +librfid - A free software RFID stack + Data Structures + Protocol Stack + Interaction with OpenCT +ePassports - Electronic Passports + Organization of Data + Security Features + PKI + Crypto Algorithms + Security Threats + +--newpage +--footer RFID, Biometric Passports and Linux +--header Introduction into RFID +Definition of term RFID + Radio Frequency IDentification + +RFID is one of the recent buzzwords in lots of industries, such as + transportation + retail sector + governments + +Like most buzzwords, it's not very clearly defined. There is no such thing as "the RFID System. There are lots of different Systems, some standardized, most proprietary. Each of them uses it's own frequency, modulation, encoding and protocol combination. Often, systems of multiple vendors can not be used interchangibly. + +--newpage +--footer RFID, Biometric Passports and Linux +--header Components of an RFID system +Tag (Transponder) + Serial Number Tags + Replacement for EAN/UPC Barcodes + WORM Tags + Can be written once by Issuer + Read/Write Tags + Can be re-written many times + Read/Write Tags with "passive" security + Have state-machine based crypto for access control + Cryptographic smartcards with RF Interface + Like other crypto smartcards, just with RF interface + +--newpage +--footer RFID, Biometric Passports and Linux +--header Reader +Readers (Coupling Device) + Readers are always called readers, even if they can write ;) + Usually connected to a host computer via RS-323, USB or alike + Unfortunately no standard, for API, Hardware and/or Protocol :( + Most applications are written to vendor-provided device-specific API's + One exception: Readers for Smartcards with RF-Interface (use PC/SC) + +--newpage +--footer RFID, Biometric Passports and Linux +--header RF Interface +The RF interface is the key attribute of any RFID system. +Parameters that determine the RF interface are + frequency + modulation + operational principle + +--newpage +--footer RFID, Biometric Passports and Linux +--header RF Interface +Magnetic Coupling + used by many of todays RFID deployment + rely on the magnetic coupling ("transformer") principle + Tag/Transponder has a coil antenna to pick up RF-Field of Reader + Power for Tag/Transponder is drawn from the magnetic field + Common systems use 125kHz (old) or 13.56MHz (current) + Operational range often small, since high magnetic field strengh needed + +--newpage +--footer RFID, Biometric Passports and Linux +--header RF Interface +Backscatter + Used by many RFID systems under current development + Operate typically in UHF range (868 to 956 MHz) + Use electric field of the reader, employ backscatter modulation + Higher operational range (within tens of metres) + +Surface Accoustic Wave + SAW tags use low-power microwave radio signals + Tag/Transponder converts it to untrasonic signals (piezo crystal) + Variations of the reflected signal used to provide a unique number + +--newpage +--footer RFID, Biometric Passports and Linux +--header Protocols and Standards +Apart from the various vendor proprietary protocols, there are some ISO standards +ISO 11784 / 11785 + Identification of Animals + 134.2kHz, magnetic coupling, load modulation, 4191 bps +ISO 14223 + Extension of 11784/11785 and allows for more data +ISO 10536 + "close coupling" smart cards, range up to 1cm + Inductive or capacitive coupling at 4.9152MHz + Never attained any significant market share +ISO 18000 series + Current development of international "Auto-ID" standard + Includes operation on 13.56MHz, 2.4GHz, 868/956MHz + Not yet deployed + +--newpage +--footer RFID, Biometric Passports and Linux +--header Protocols and Standards +ISO 14443 + "proximity coupling ID cards" + Range of up to 10cm + Two variants: 14443-A and 14443-B + Both use 13.56MHz, but different parameters (see paper for details) + Specifies physical layer, link-layer (anticollision) + Specifies an optional transport level protocol (ISO 14443-4) + Speed up to 848kbits/sec + +ISO 15693 + "vicinity coupling", range up to 1m + Like ISO 14443, operates on 13.56MHz, magnetic coupling + Data rate 1.65kbits/sec or 26.48kbits/sec + Because of long distance, very little power + Therefore only used for passive tags + +--newpage +--footer RFID, Biometric Passports and Linux +--header Closer look on Readers +There's a variety of readers for the 13.56MHz world +Usually they all use one of the (small number of) available ASIC's +Reader ASIC's integrate analog and digital part and have standard bus interface +End-User Reader products contain such an ASIC plus a microcontroller + +Active Readers + e.g. "Philips Pegoda" + Run the RFID protocol stack on the microcontroller + +Passive Readers + e.g. "Omnikey CardMan 5121" + Run the RFID protocol on the host system + +Passive readers obviously provide higher flexibility and are cheaper. + +--newpage +--footer RFID, Biometric Passports and Linux +--header Security Issues +Eavesdropping + Channel from reader to tag can be easily sniffed (even > 10m) + Channel from tag to reader is difficult (Author has managed 3m) + +Denial of Service + Anti-collision mechanism used to distinguish between multiple tags + Using a "fake tag" you can create Denial of Service + Products such as "blocker tags" have already been presented + +Authenticity/Confidentiality + None of the existing standards offers any kind of crypto + Standards-compliant systems like passports use crypto at layer 5 + Lots of proprietary "closed algorithm" vendor products with questionable security + + +--newpage +--footer RFID, Biometric Passports and Linux +--header librfid - A Free Software RFID stack +The librfid project intends to provide a free software reader-side implementation of common RFID protocols such as ISO 14443 and ISO 15693 + +Various abstraction layers and plugin interface allows for later addition of new protocols an readers. + +Optionally integrates with OpenCT. + +--newpage +--footer RFID, Biometric Passports and Linux +--header librfid - A Free Software RFID stack +struct rfid_asic + Contains all routines for a specific reader asic + Currently only Philips CL RC 632 supported +struct rfid_asic_transport + A transport that gives access to the ASIC registers +struct rfid_reader + A container for rfid_asic and rfid_asic_transport +struct rfid_layer2 + An anticollision protocol such as ISO 14443-3A/B +struct rfid_protocol + A transport protocol suhc as ISO 14443-4 + +--newpage +--footer RFID, Biometric Passports and Linux +--header librfid - A Free Software RFID stack + +Typical Protocol Stack + rfid_protocol_stack + CM5121 Reader + CL RC632 ASIC + PC_to_RDR_Escape transport + USB-CCID driver of OpenCT + libusb + +--newpage +--footer RFID, Biometric Passports and Linux +--header librfid - A Free Software RFID stack +Application Interface + +Native API + librfid-specific API + quite low-level + requires application to know a lot about the stack + +OpenCT, PC/SC, CT-API + OpenCT integration provides PC/SC and CT-API for crypto smarcards + Is currently under development + +--newpage +--footer RFID, Biometric Passports and Linux +--header Electronic Passports +Electronic Passports (ePassports) are officially called MRTD +MRTD: Machine Readable Travel Document +Specifications by ICAO (International Civil Aviation Organization) +Basic idea + store passport data and additional biometrics on Transponder + alternate storage methods such as 2D barcodes covered, too + common standard for interoperability + some features required, others optional (up to issuing country) + +--newpage +--footer RFID, Biometric Passports and Linux +--header Electronic Passports +Organization of Data + According to LDS (Logical Data Structure) specification + Data is stored in DG (Data Groups) + DG1: MRZ information (mandatory) + DG2: Portrait Image + Biometric template (mandatory) + DG3-4: fingerprints, iris image (optional) + EF.SOD: Security Object Data (cryptographic signatures) + EF.COM: Lists with Data Groups Exist + +--newpage +--footer RFID, Biometric Passports and Linux +--header Electronic Passports +Security Features + Randomization of Serial Number + Passive Authentication (mandatory) + Inspection System verifies signature of DG's + Active Authentication (optional) + Verifies that chip has not been substituted + Basic Access Control (optional, implemented in .de passports) + Denies Access to the chip until inspection system is authorized + Authorization is performed by deriving keys from MRZ + Extended Access Control (optional) + Prevents unauthorized access to additional bimetrics + Similar to Basic Access Control, but different keys + +--newpage +--footer RFID, Biometric Passports and Linux +--header Electronic Passports +Public Key Hierarchy + X.509 Certificates + Every country operates it's own CA + Document signer keys derived from CA root + Document signer public keys are distributed publicly via ICAO PKD + Everyone can verify + +--newpage +--footer RFID, Biometric Passports and Linux +--header libmrtd - Free Software library for MRTD's +libmtrd provides functions for + reading out and decoding data on MRTD + verifying data stored on MRTD + cryptograpy compliant with MRTD specs + basic access control + passive authentication + extended access control (planned) + +--newpage +--footer RFID, Biometric Passports and Linux +--header libmrtd - Free Software library for MRTD's +API towards the lower level (transport) + PC/SC (to work with readers/drivers other than librfid) + native librfid API +API towards the application + not really finished yet, lots of flux + +--newpage +--footer RFID, Biometric Passports and Linux +--header libmrtd - Free Software library for MRTD's +libmrtd status + parsing functions for LDS + parsing functions for DG1 + parsing functions for DG2 (CBEFF) + basic access control + still very early alpha stage + contributors welcome + no program diff --git a/2005/rfid-lk2005/rfid-lk2005.xml b/2005/rfid-lk2005/rfid-lk2005.xml new file mode 100644 index 0000000..99ed200 --- /dev/null +++ b/2005/rfid-lk2005/rfid-lk2005.xml @@ -0,0 +1,72 @@ +<?xml version='1.0' encoding='ISO-8859-1'?> +<!DOCTYPE article PUBLIC '-//OASIS//DTD DocBook XML V4.3//EN' 'http://www.docbook.org/xml/4.3/docbookx.dtd'> + +<article id="rfid_introduction-ds"> + +<articleinfo> + <title>RFID, Biometric Passports and Linux</title> + <authorgroup> + <author> + <personname> + <firstname>Harald</firstname> + <surname>Welte</surname> + </personname> + <!-- + <personblurb>Harald Welte</personblurb> + <affiliation> + <orgname>netfilter core team</orgname> + <address> + <email>laforge@netfilter.org</email> + </address> + </affiliation> + + --> + <email>laforge@gnumonks.org</email> + </author> + </authorgroup> + <copyright> + <year>2005</year> + <holder>Harald Welte <laforge@gnumonks.org> </holder> + </copyright> + <date>Sep 21, 2005</date> + <edition>1</edition> + <!-- <orgname>netfilter core team</orgname> --> + <releaseinfo> + $Revision: 1.4 $ + </releaseinfo> + + <abstract> + +<para> +Starting with October 2005, the federal goverment of Germany will be issuing +eplectronic passports, containing digitally signed biometric information on the +passport holder. Those passports use RFID technology to communicate with the +inspection system. +</para> +<para> +In order to do security research on ePassports and RFID in general, the author +of this paper has started a free implementation of the required RFID stack +(librfid) and an ICAO MRTD verification application (libmrtd). +</para> +<para> +This task can be compared to the task of developing a network driver, network +stack and ssl-enabled ftp client just to be able to capture a ftp data session. +Therefore progress of the librfid and libmrtd projects was quite slow. +</para> +<para> +However, the project has by now reached a stage where it can actually do +something reasonable: Reading and decoding data from an ePassport. +</para> + </abstract> + +</articleinfo> + +<xi:include href="rfid.xml" parse="xml" xmlns:xi="http://www.w3.org/2003/XInclude"/> + +<xi:include href="librfid.xml" parse="xml" xmlns:xi="http://www.w3.org/2003/XInclude"/> + +<xi:include href="mrtd.xml" parse="xml" xmlns:xi="http://www.w3.org/2003/XInclude"/> + +<xi:include href="libmrtd.xml" parse="xml" xmlns:xi="http://www.w3.org/2003/XInclude"/> + +</article> diff --git a/2005/rfid-lk2005/rfid.xml b/2005/rfid-lk2005/rfid.xml new file mode 100644 index 0000000..84b384d --- /dev/null +++ b/2005/rfid-lk2005/rfid.xml @@ -0,0 +1,504 @@ + + + +<section> +<title>Introduction into RFID</title> +<para> +During the last couple of years, various different sectors of industry and +event government organizations started to advertise and deploy RFID technology. +</para> +<para> +The RFID industry makes huge promises, according to which RFID will penetrate +our everyday life in the very close future. As an example, RFID is used in the +ICAO-compliant electronic passports, for electronic ticketing in the public +transport sector and for tickets to events such as the soccer world +championships in 2006. Studies have been performed on the feasability of putting +RFID circuitry into every Euro bill. +</para> +<para> +Contrary to those industry promises, there is a growing opposition among civil +liberties groups and the data protection community. The fear of abuse of this +technology to invade privacy even further is big. +</para> +<para> +The public debate on RFID is mostly on a very high and therefore abstract +level. Even within the technical community, there's a severe lack of knowledge +when it comes to really understanding RFID. +</para> +<para> +This article tries to give a technical introduction into RFID, +summarizing what the author has learned throughout the last year during his +research and development. +</para> + + +<section> +<title>What is RFID?</title> +<para> +A lot of the ambuguity related to RFID comes from the unclear terminology. +Strictly speaking, "RFID" means "Radio Frequency IDentification" and therefore +refers to any technology facilitating identification of items using radio +frequency. +</para> +<para> +However, in reality the term "RFID" is used for meny different technologies and +concepts. +</para> +<para> +Another frequent misconception is that most RFID systems in use today are based +on standards. To the opposite: In fact they're mostly proprietary systems +produced by specific vendors, who obviously all proclaim to have invented an +'industry standard". Even those few RFID protocols that have been standardized +by international standardization bodies such as ISO/IEC reflect the usual +"either it's done way A, if not it's done way B" paradigm that seems to +dominate the whole smart card industry. But that's enough of a rant for now. +</para> +</section> + +<section> +<title>Components of an RFID system</title> +<para> +A RFID system is usually composed of a reader device (which is always called +reader, even if it can write) and some (RF)ID tag, sometimes referred to as +transponder. +</para> + +<section> +<title>Tag (or Transponder)</title> + +<section> +<title>1-bit Tags</title> +<para> +1-bit tags don't really provide any form of identification. A 1-bit RFID +system can only tell whether (at least) one tag is within reach of the reader. +While this is quite limited, it still has one very popular application: +Preventing theft of items from a store. +</para> +</section> + +<section> +<title>Serial Number Tags</title> +<para> +The most simplistic RFID systems come with read-only "serial number" tags. +This basically means that the tag has a vendor-defined serial number (much like +a barcode on product packaging), that can only be read. Such systems generally +don't employ any form of authentication. +</para> +</section> + +<section> +<title>WORM Tags</title> +<para> +Instead of vendor-programmed serial numbers, WORM(write once read many) tags +can be written once (usually at the customer site) and read many times. +</para> +</section> + +<section> +<title>Read/Write Tags</title> +<para> +Read/Write tags can be read and written a large number of times. r/w tags can be +seen analogous to synchronous memory chip cards in the contact-based world. +</para> +</section> + +<section> +<title>Read/Write with "passive" security</title> +<para> +This variant of tags employ read/writable memory plus some state machines that +allow for (mutual) authentication of reader and tag, and/or encryption of the +transferred data. +</para> +</section> + +<section> +<title>Cryptographic Smartcards with RF Interface</title> +<para> +The lateset generation of "tags" are not really tags anymore, but rather +cryptographic smart cards with an RF interface. This means that you have a +whole computer (sometimes called RFIC), including CPU, RAM, ROM, EEPROM, +hardware random number generator, hardware crypto, etc. inside the "tag". +Since such devices originate from the contact-based smart card world, they +sometimes even are available as "dual interface smart cards", i.e. employ both +contact-based and contactless (RFID) interface. +</para> +</section> + +</section> + + +<section> +<title>Reader</title> +<para> +Readers (sometimes called proximity coupling devices, PCDs) are usually +connected to some computer or network, using standard interfaces such as RS232 +ports, serial interfaces, USB, or Ethernet. Unfortuantely, there is no +standard either on hardware nor on software level. This means that most RFID +applications will be written against specific vendor-rprovided driver or +library API's. +</para> +<para> +There's one notable exception: Reader systems employing cryptographic +smartcards with RF interface often emulate API's from the contact-based smart +card world such as PC/SC or CT-API. +</para> +</section> + + +<section> +<title>RF Interface</title> +<para> +Between reader and tag there is some form of an RF interface. The RF interface +differs from system to system in many parameters, such as frequency, +modulation and operational principle. +</para> + +<section> +<title>Magnetic Coupling</title> +<para> +Most of todays RFID systems use a magnetic coupling principle. In such a +system, the reader provides a strong magnetic field (H-field). This field is +picked up by the antenna of a tag, and used to power the tag. Common +frequencies for such magnetically coupled RFID systems are 125kHz and 13.56MHz. +Magnetic systems often employ amplitude shift keying for the reader to tag +communications channel, and load modulation from tag to the reader. +</para> +<para> +The strong magnetic field only exists in the proximity of the readers' antenna. +Thus, magnetically coupled RFID systems are sometimes referred to as "proximity +or vicinity RFID", often with operational ranges less than 10cm. +</para> +<para> +The remaining article will focus on magnetic coupling RFID systems only, since +backscatter systems are not widely deployed yet, and therefore of little +practical relevance. +</para> +</section> + +<section> +<title>Backscatter</title> +<para> +A lot of RFID systems under current developemnt operate in the UHF frequency +range (868 to 956 MHz, depending on the regulatory domain). They use the +electric field of the reader, and employ backscatter modulation from tag to +reader. The electrical field extends over longer distance than the magnetic +field. Therefore, the operational range of backscatter systems are within tens +of metres. +</para> +</section> + +<section> +<title>Surface Accoustic Wave</title> +<para> +SAW tags use low-power microwave radio signals. The tag converts them to +ultrasonic accoustic signals using a piezoelectric crystalline material. +Variations of the reflected signal can be used to provide a unique identity +such as a serial number. +</para> +</section> + +</section> <!-- rf interface --> + +</section> <!-- overview --> + + +<section> +<title>Protocols and Standards</title> +<para> +For the commonly-used 13.56MHz based systems, there are two major protocols in +use, ISO 14443 and ISO 15693. ISO 15693 seems only be used for "dumb" tag +applications, whereas ISO 14443 is used frequently with RF interfaced processor +smart cards. +</para> + +<para> +Besides the "physical layer" issues such as modulation, coding, bit timing, +and frequency, there are some other important tasks of an RFID protocol. +</para> + +<para> +One of the funamental effects of RFID is the possibility of multiple tags +within the operating range of a reader, just like in any other shared medium +communication channel. +</para> + +<para> +In order to cope with multiple tags, an anticollision procedure has to be +specifieid. Some sophisticated protocols (as 14443-4 )even allow a reader to +assign logical addresses to individual tags in order to communitace with +multiple tags. +</para> + +<section> +<title>ISO 11784 / 11785</title> +<para> +The ISO 11784 / 11785 series of standards are used for identification of animals. +This family of standards operates at 134,2 kHz and uses the magnetic coupling +operational principle. It uses load modulation with no subcarrier and employs +a bi-phase-code for transmission of 64bit transponder data at 4194 bits/sec. +</para> +</section> + +<section> +<title>ISO 14223</title> +<para> +ISO 14223 is an extension of 11784/11785 and allows for more data stored on the +tag/transponder. +</para> +</section> + +<section> +<title>ISO 10536</title> +<para> +ISO 10536 describes "close coupling" smart cards, with an operational range of +up to 1cm. It employs inductive or capacitive coupling at 4.9152 MHz. Due to +this low operational range, they never appeared in widespread use on the market. +</para> +</section> + +<section> +<title>ISO 14443</title> +<para> +ISO 14443 describes "proximity coupling identification cards". As opposed to +ISO 10536, this standard has an operational range of up to 10cm. +</para> + +<para> +ISO 14443 has two variants: ISO 14443-A and ISO 14443-B. They both operate +on the same frequency, but with different parameters. +</para> + + +<informaltable border="1" width="90%"> + <tgroup cols="3"> + <thead> + <row> + <entry>Parameter</entry> + <entry>ISO 14443-A</entry> + <entry>ISO 14443-B</entry> + </row> + </thead> + <tbody> +<row><entry>Modulation Reader->Tag</entry><entry>100% ASK</entry><entry>10% ASK</entry></row> +<row><entry>Modulation Tag->Reader</entry><entry>load modulation at 847kHz subcarrier, ASK</entry><entry>load modulation at 847kHz subcarrier, BPSK</entry></row> +<row><entry>Code Reader->Tag</entry><entry>Modified Miller</entry><entry>NRZ</entry></row> +<row><entry>Code Tag->Reader</entry><entry>Manchester</entry><entry>NRZ</entry></row> +<row><entry>Anticollision</entry><entry>Binary Search</entry><entry>Slotted ALOHA</entry></row> + </tbody> + </tgroup> +</informaltable> + +<para> +ISO 14443-4 specifies an (optional) transport level protocol on top of the lower +three layers of the ISO 14443 protocol. This transport protocol is sometimes +referred to as "T=CL" (transport=contactless). This designation bears its +origin in the smart card world, where other protocols such as "T=0" and "T=1" +are in widespread use for decades. +</para> +<para> +The remaining paper will mostly look at ISO 14443, since it is in widespread use +today and also used by the electronic Passport system specified by ICAO. +</para> +</section> + +<section> +<title>ISO 15693</title> +<para> +ISO 15693 describes "vicinity coupling" RFID, with an operational range of up +to 1m. Like ISO 14443, it operates on 13.56 MHz and employs magnetic near-field +inductive coupling. +</para> +<para> +This standard again supports various modes, such as 10% or 100% ASK, 1.65kb/s +or 26.48kb/s data rate, ASK or FSK based load modulation. +</para> +<para> +Given the big distance between reader and tag, it is very unlikely that high +power consumption processor smart cards will be developed for this standard. +</para> +</section> + +<section> +<title>ISO 18000 series</title> +<para> +This ISO series is under current development. It intends to specify unique +world wide standards for item management. Specifications include operation +on 13.56MHz, 2.45GHz, 5.8GHz and the 868 to 956 MHz UHF band. +</para> +</section> + +</section> + + + + +<section> +<title>A closer look on Readers</title> +<para> +There's a variety of readers for the 13.56MHz world, ranging from embedded +reader modules to PC-connected readers for USB and serial connections, +Ethernet-connected readers as well as readers for handheld devices with +CompactFlash interface. +</para> + +<para> +As opposed to the contact-based smartcard world where most readers now support +the USB CCID standard (to my surprise even non-usb devices!), there is no +standardization. Neither does any of the readers - to the best of the authors' +knowledge - have any publicly and/or freely available documentation. A similar +lack is observed for Linux drivers. If they are available, then often for an +extra charge, and in proprietary x86-only format. +</para> + +<para> +On the electrical level, a lot of readers are surprisingly equal. Almost all +of them seem to use readily available "reader ASICs" of vendors such as TI or +Philips. Those ASIC's usually integrate both the analogue RF part (including +modulation/demodulation) and the digitial part. They are interfaced by serial +(SPI) or parallel address/data bus. As you could have guessed by now, there's +again no publicly/freely available documentation on any of the chipsets. +</para> + +<para> +After doing some research and re-engineering on commonly-available existing +readers, there seems to be a two different basic architectures: +</para> + +<section> +<title>Active Readers</title> +<para> +Active readers do all the 14443/15693 processing within a microcontroller of +the reader. Advantages of an active design are low latency, high speed and +applicability in embedded or remotely connected environments where no host +computer could do protocol processing. +</para> +</section> + +<section> +<title>Passive Readers</title> +<para> +Passive readers simply include the most basic logic to interface the reader +ASIC with the external interface. Therefore all protocol processing has to be +done on the host system. +</para> +<para> +For obvious reasons, the passive architecture allows for cheaper development +and total product cost. The author anticipates that all PC-based readers will +eventually become passive. A commonly-available passive reader (Omnikey +CardMan 5121) was chosen for the development of librfid. +</para> +</section> + + +<section> +<title>Omnikey CardMan 5121</title> + +<para> +On the first glance, the cm5121 is a USB CCID contact based smartcard reader. +It can be used with vendor-supplied proprietary drievers, or with various +freely available CCID reader drivers, such as the OpenCT project. +</para> +<para> +However, the RFID part is simply a Philips CL RC632 reader asic that can be +accessed transparently by issuing read/write_byte and read/write_fifo commands +via CCID PC_to_RDR_Escape usb messages. +</para> +<para> +The author further obtained a (publicly available, but encrypted) detailed data +sheet of the Philips CL RC632 reader asic, which magically decrypted itself by +using a couple of days worth of CPU power. +</para> +<para> +The CL RC632 is a multi-protocol reader asic, supporting 14443-A, 14443-B, +15693 as well as the proprietary 14443A-based Mifare system. +</para> +<para> +Using the data sheet, a free and GPL licensed RFID stack could be implemented +from scratch. +</para> +</section> + +</section> <!-- closer look on readers --> + + +<section> +<title>Security Issues</title> + +<section> +<title>Eavesdropping</title> +<para> +Like any RF interface, the magnetic RFID interface can be passively sniffed. +Due to the use of the H-field in 125kHz and 13.56MHz systems, the possible +surveillance range is very slow. Also, given the enormous power constraints +within the tag, the power put into the tag->reader channel is very low. +Furthermore, the main carrier and the subcarrier are very close in the radio +spectrum - while their signal strength differs some 60 to 80 dB. +</para> + +<para> +Measurements conducted by the author do not suggest that passive surveilance of +ISO 14443 compliant systems is not possible outside a range of 4-5 metres - at +least not with DIY equipment. +</para> +</section> + +<section> +<title>Denial of Service</title> +<para> +ISO 14443-A and -B anticollision systems are subject to denial of service +attacks. +</para> +<para> +For 14443-A, such an attack could simply cause one collision for every bit in +the address, thus preventing the reader to complete its binary search algoritm +and fully select one of the available tags. +</para> +<para> +There have already been public demonstrations of "blocker tags" which employ +such a technique to prevent other tags in the vicinity of the blocker tag from +being read. +</para> +</section> + +<section> +<title>Authenticity/Confidentiality</title> +<para> +ISO 14443-A doesn't provide any form of security. Any kind of authentication +and/or encryption has to be employed at a higher level, such as ISO 7816 secure +messaging. Compare the system with a TCP/IP stack (level 1..4) with SSL/TLS on +top. +</para> +</section> + +<section> +<title>Proprietary Security</title> +<para> +The security of vendor-speciifc proprietary systems such as Mifare are based on +security by obscurity. The encryption alogorithm is not publicly documented, +and only implemented in vendor-supplied hardware, usually the reader ASIC and +inside the tag itself. Keys are stored on the tag and in the reader ASIC. +</para> +<para> +Security by obscurity within the software industry generally doesn't work. +However, in the hardware world vendors still seems to assume it as a valid +paradigm. +</para> +<para> +The key lengths used in many proprietary systems seem extermely small (40bit, +sometimes even only 24 bit). Should the algorithm ever be uncovered, it is +expected to compromise the security of the whole system. The arithmetic +complexity of the algorithm can only be low, given it's implementation in +lowest-cost state-machine-only tags. Therefore it is expected that once +somebody has performed the difficult task of re-engineering a reader ASIC, the +system security will be compromised. +</para> +<para> +Brute-force attacks on tags themselves seem very unlikely, due to the extremely +slow hardware. However, after a successful (legitimate) conversation between +reader and tag has been sniffed, brute forcing can be done on fast computers. +</para> +</section> + +</section> <!-- security --> + +</section> <!-- rfid --> |