From fca59bea770346cf1c1f9b0e00cb48a61b44a8f3 Mon Sep 17 00:00:00 2001 From: Harald Welte Date: Sun, 25 Oct 2015 21:00:20 +0100 Subject: import of old now defunct presentation slides svn repo --- 2005/flow-accounting-lt2005/ltpdk/COPYING | 340 ++++ 2005/flow-accounting-lt2005/ltpdk/LT-DOCBOOK | 122 ++ 2005/flow-accounting-lt2005/ltpdk/README | 178 +++ 2005/flow-accounting-lt2005/ltpdk/bin/lt-convert | 38 + 2005/flow-accounting-lt2005/ltpdk/bin/lt-pack | 40 + 2005/flow-accounting-lt2005/ltpdk/bin/lt-validate | 38 + 2005/flow-accounting-lt2005/ltpdk/bin/xmllint | Bin 0 -> 974232 bytes 2005/flow-accounting-lt2005/ltpdk/bin/xsltproc | Bin 0 -> 1228024 bytes .../ltpdk/example/example-en.xml | 224 +++ .../ltpdk/example/example.gif | Bin 0 -> 12531 bytes .../ltpdk/example/example.html | 211 +++ 2005/flow-accounting-lt2005/ltpdk/paper.tar.gz | Bin 0 -> 6816 bytes .../ltpdk/paper/paper-11076.xml | 426 ++++++ 2005/flow-accounting-lt2005/ltpdk/src/SOURCES | 9 + .../ltpdk/xml/docbook-html.xsl | 1221 +++++++++++++++ 2005/flow-accounting-lt2005/ltpdk/xml/docbook.dtd | 1618 ++++++++++++++++++++ 2005/flow-accounting-lt2005/ltpdk/xml/i18n.xml | 13 + 17 files changed, 4478 insertions(+) create mode 100644 2005/flow-accounting-lt2005/ltpdk/COPYING create mode 100644 2005/flow-accounting-lt2005/ltpdk/LT-DOCBOOK create mode 100644 2005/flow-accounting-lt2005/ltpdk/README create mode 100755 2005/flow-accounting-lt2005/ltpdk/bin/lt-convert create mode 100755 2005/flow-accounting-lt2005/ltpdk/bin/lt-pack create mode 100755 2005/flow-accounting-lt2005/ltpdk/bin/lt-validate create mode 100755 2005/flow-accounting-lt2005/ltpdk/bin/xmllint create mode 100755 2005/flow-accounting-lt2005/ltpdk/bin/xsltproc create mode 100644 2005/flow-accounting-lt2005/ltpdk/example/example-en.xml create mode 100644 2005/flow-accounting-lt2005/ltpdk/example/example.gif create mode 100644 2005/flow-accounting-lt2005/ltpdk/example/example.html create mode 100644 2005/flow-accounting-lt2005/ltpdk/paper.tar.gz create mode 100644 2005/flow-accounting-lt2005/ltpdk/paper/paper-11076.xml create mode 100644 2005/flow-accounting-lt2005/ltpdk/src/SOURCES create mode 100644 2005/flow-accounting-lt2005/ltpdk/xml/docbook-html.xsl create mode 100644 2005/flow-accounting-lt2005/ltpdk/xml/docbook.dtd create mode 100644 2005/flow-accounting-lt2005/ltpdk/xml/i18n.xml (limited to '2005/flow-accounting-lt2005/ltpdk') diff --git a/2005/flow-accounting-lt2005/ltpdk/COPYING b/2005/flow-accounting-lt2005/ltpdk/COPYING new file mode 100644 index 0000000..5b6e7c6 --- /dev/null +++ b/2005/flow-accounting-lt2005/ltpdk/COPYING @@ -0,0 +1,340 @@ + GNU GENERAL PUBLIC LICENSE + Version 2, June 1991 + + Copyright (C) 1989, 1991 Free Software Foundation, Inc. + 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The licenses for most software are designed to take away your +freedom to share and change it. By contrast, the GNU General Public +License is intended to guarantee your freedom to share and change free +software--to make sure the software is free for all its users. This +General Public License applies to most of the Free Software +Foundation's software and to any other program whose authors commit to +using it. (Some other Free Software Foundation software is covered by +the GNU Library General Public License instead.) You can apply it to +your programs, too. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +this service if you wish), that you receive source code or can get it +if you want it, that you can change the software or use pieces of it +in new free programs; and that you know you can do these things. + + To protect your rights, we need to make restrictions that forbid +anyone to deny you these rights or to ask you to surrender the rights. +These restrictions translate to certain responsibilities for you if you +distribute copies of the software, or if you modify it. + + For example, if you distribute copies of such a program, whether +gratis or for a fee, you must give the recipients all the rights that +you have. You must make sure that they, too, receive or can get the +source code. And you must show them these terms so they know their +rights. + + We protect your rights with two steps: (1) copyright the software, and +(2) offer you this license which gives you legal permission to copy, +distribute and/or modify the software. + + Also, for each author's protection and ours, we want to make certain +that everyone understands that there is no warranty for this free +software. If the software is modified by someone else and passed on, we +want its recipients to know that what they have is not the original, so +that any problems introduced by others will not reflect on the original +authors' reputations. + + Finally, any free program is threatened constantly by software +patents. We wish to avoid the danger that redistributors of a free +program will individually obtain patent licenses, in effect making the +program proprietary. To prevent this, we have made it clear that any +patent must be licensed for everyone's free use or not licensed at all. + + The precise terms and conditions for copying, distribution and +modification follow. + + GNU GENERAL PUBLIC LICENSE + TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION + + 0. This License applies to any program or other work which contains +a notice placed by the copyright holder saying it may be distributed +under the terms of this General Public License. The "Program", below, +refers to any such program or work, and a "work based on the Program" +means either the Program or any derivative work under copyright law: +that is to say, a work containing the Program or a portion of it, +either verbatim or with modifications and/or translated into another +language. (Hereinafter, translation is included without limitation in +the term "modification".) Each licensee is addressed as "you". + +Activities other than copying, distribution and modification are not +covered by this License; they are outside its scope. The act of +running the Program is not restricted, and the output from the Program +is covered only if its contents constitute a work based on the +Program (independent of having been made by running the Program). +Whether that is true depends on what the Program does. + + 1. You may copy and distribute verbatim copies of the Program's +source code as you receive it, in any medium, provided that you +conspicuously and appropriately publish on each copy an appropriate +copyright notice and disclaimer of warranty; keep intact all the +notices that refer to this License and to the absence of any warranty; +and give any other recipients of the Program a copy of this License +along with the Program. + +You may charge a fee for the physical act of transferring a copy, and +you may at your option offer warranty protection in exchange for a fee. + + 2. You may modify your copy or copies of the Program or any portion +of it, thus forming a work based on the Program, and copy and +distribute such modifications or work under the terms of Section 1 +above, provided that you also meet all of these conditions: + + a) You must cause the modified files to carry prominent notices + stating that you changed the files and the date of any change. + + b) You must cause any work that you distribute or publish, that in + whole or in part contains or is derived from the Program or any + part thereof, to be licensed as a whole at no charge to all third + parties under the terms of this License. + + c) If the modified program normally reads commands interactively + when run, you must cause it, when started running for such + interactive use in the most ordinary way, to print or display an + announcement including an appropriate copyright notice and a + notice that there is no warranty (or else, saying that you provide + a warranty) and that users may redistribute the program under + these conditions, and telling the user how to view a copy of this + License. (Exception: if the Program itself is interactive but + does not normally print such an announcement, your work based on + the Program is not required to print an announcement.) + +These requirements apply to the modified work as a whole. If +identifiable sections of that work are not derived from the Program, +and can be reasonably considered independent and separate works in +themselves, then this License, and its terms, do not apply to those +sections when you distribute them as separate works. But when you +distribute the same sections as part of a whole which is a work based +on the Program, the distribution of the whole must be on the terms of +this License, whose permissions for other licensees extend to the +entire whole, and thus to each and every part regardless of who wrote it. + +Thus, it is not the intent of this section to claim rights or contest +your rights to work written entirely by you; rather, the intent is to +exercise the right to control the distribution of derivative or +collective works based on the Program. + +In addition, mere aggregation of another work not based on the Program +with the Program (or with a work based on the Program) on a volume of +a storage or distribution medium does not bring the other work under +the scope of this License. + + 3. You may copy and distribute the Program (or a work based on it, +under Section 2) in object code or executable form under the terms of +Sections 1 and 2 above provided that you also do one of the following: + + a) Accompany it with the complete corresponding machine-readable + source code, which must be distributed under the terms of Sections + 1 and 2 above on a medium customarily used for software interchange; or, + + b) Accompany it with a written offer, valid for at least three + years, to give any third party, for a charge no more than your + cost of physically performing source distribution, a complete + machine-readable copy of the corresponding source code, to be + distributed under the terms of Sections 1 and 2 above on a medium + customarily used for software interchange; or, + + c) Accompany it with the information you received as to the offer + to distribute corresponding source code. (This alternative is + allowed only for noncommercial distribution and only if you + received the program in object code or executable form with such + an offer, in accord with Subsection b above.) + +The source code for a work means the preferred form of the work for +making modifications to it. For an executable work, complete source +code means all the source code for all modules it contains, plus any +associated interface definition files, plus the scripts used to +control compilation and installation of the executable. However, as a +special exception, the source code distributed need not include +anything that is normally distributed (in either source or binary +form) with the major components (compiler, kernel, and so on) of the +operating system on which the executable runs, unless that component +itself accompanies the executable. + +If distribution of executable or object code is made by offering +access to copy from a designated place, then offering equivalent +access to copy the source code from the same place counts as +distribution of the source code, even though third parties are not +compelled to copy the source along with the object code. + + 4. You may not copy, modify, sublicense, or distribute the Program +except as expressly provided under this License. Any attempt +otherwise to copy, modify, sublicense or distribute the Program is +void, and will automatically terminate your rights under this License. +However, parties who have received copies, or rights, from you under +this License will not have their licenses terminated so long as such +parties remain in full compliance. + + 5. You are not required to accept this License, since you have not +signed it. However, nothing else grants you permission to modify or +distribute the Program or its derivative works. These actions are +prohibited by law if you do not accept this License. Therefore, by +modifying or distributing the Program (or any work based on the +Program), you indicate your acceptance of this License to do so, and +all its terms and conditions for copying, distributing or modifying +the Program or works based on it. + + 6. Each time you redistribute the Program (or any work based on the +Program), the recipient automatically receives a license from the +original licensor to copy, distribute or modify the Program subject to +these terms and conditions. You may not impose any further +restrictions on the recipients' exercise of the rights granted herein. +You are not responsible for enforcing compliance by third parties to +this License. + + 7. If, as a consequence of a court judgment or allegation of patent +infringement or for any other reason (not limited to patent issues), +conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot +distribute so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you +may not distribute the Program at all. For example, if a patent +license would not permit royalty-free redistribution of the Program by +all those who receive copies directly or indirectly through you, then +the only way you could satisfy both it and this License would be to +refrain entirely from distribution of the Program. + +If any portion of this section is held invalid or unenforceable under +any particular circumstance, the balance of the section is intended to +apply and the section as a whole is intended to apply in other +circumstances. + +It is not the purpose of this section to induce you to infringe any +patents or other property right claims or to contest validity of any +such claims; this section has the sole purpose of protecting the +integrity of the free software distribution system, which is +implemented by public license practices. Many people have made +generous contributions to the wide range of software distributed +through that system in reliance on consistent application of that +system; it is up to the author/donor to decide if he or she is willing +to distribute software through any other system and a licensee cannot +impose that choice. + +This section is intended to make thoroughly clear what is believed to +be a consequence of the rest of this License. + + 8. If the distribution and/or use of the Program is restricted in +certain countries either by patents or by copyrighted interfaces, the +original copyright holder who places the Program under this License +may add an explicit geographical distribution limitation excluding +those countries, so that distribution is permitted only in or among +countries not thus excluded. In such case, this License incorporates +the limitation as if written in the body of this License. + + 9. The Free Software Foundation may publish revised and/or new versions +of the General Public License from time to time. Such new versions will +be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + +Each version is given a distinguishing version number. If the Program +specifies a version number of this License which applies to it and "any +later version", you have the option of following the terms and conditions +either of that version or of any later version published by the Free +Software Foundation. If the Program does not specify a version number of +this License, you may choose any version ever published by the Free Software +Foundation. + + 10. If you wish to incorporate parts of the Program into other free +programs whose distribution conditions are different, write to the author +to ask for permission. For software which is copyrighted by the Free +Software Foundation, write to the Free Software Foundation; we sometimes +make exceptions for this. Our decision will be guided by the two goals +of preserving the free status of all derivatives of our free software and +of promoting the sharing and reuse of software generally. + + NO WARRANTY + + 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY +FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN +OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES +PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED +OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS +TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE +PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, +REPAIR OR CORRECTION. + + 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR +REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, +INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING +OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED +TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY +YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER +PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE +POSSIBILITY OF SUCH DAMAGES. + + END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Programs + + If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these terms. + + To do so, attach the following notices to the program. It is safest +to attach them to the start of each source file to most effectively +convey the exclusion of warranty; and each file should have at least +the "copyright" line and a pointer to where the full notice is found. + + + Copyright (C) + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + + +Also add information on how to contact you by electronic and paper mail. + +If the program is interactive, make it output a short notice like this +when it starts in an interactive mode: + + Gnomovision version 69, Copyright (C) year name of author + Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. + This is free software, and you are welcome to redistribute it + under certain conditions; type `show c' for details. + +The hypothetical commands `show w' and `show c' should show the appropriate +parts of the General Public License. Of course, the commands you use may +be called something other than `show w' and `show c'; they could even be +mouse-clicks or menu items--whatever suits your program. + +You should also get your employer (if you work as a programmer) or your +school, if any, to sign a "copyright disclaimer" for the program, if +necessary. Here is a sample; alter the names: + + Yoyodyne, Inc., hereby disclaims all copyright interest in the program + `Gnomovision' (which makes passes at compilers) written by James Hacker. + + , 1 April 1989 + Ty Coon, President of Vice + +This General Public License does not permit incorporating your program into +proprietary programs. If your program is a subroutine library, you may +consider it more useful to permit linking proprietary applications with the +library. If this is what you want to do, use the GNU Library General +Public License instead of this License. diff --git a/2005/flow-accounting-lt2005/ltpdk/LT-DOCBOOK b/2005/flow-accounting-lt2005/ltpdk/LT-DOCBOOK new file mode 100644 index 0000000..4b15326 --- /dev/null +++ b/2005/flow-accounting-lt2005/ltpdk/LT-DOCBOOK @@ -0,0 +1,122 @@ +Crashcourse Tutorial on how to use XML/DocBook for LinuxTag Papers +================================================================== + +Papers for the LinuxTag Conferences should be submitted in a subset of +XML/DocBook. The structure of this format is described in this text. +This document is part of the LinuxTag Paper Development Kit (ltpdk). +Please make sure that you have read the README before you dive into this +text. + +There is also an "example" directory, which contains some documents +explaining the use of XML/DocBook. + + +Basics of XML +------------- + +XML works quite similar to HTML but is a little more strict in terms of +syntax. All markup is written in tags just like in HTML. For example, +
is an opening tag for the container "section". An opening tag +can be accompained by attributes as in . + +The most important rules are: + + - All tags have to be closed, there are no exceptions like in HTML. + + - To abbreviate opening and closing a tag, you can add a trailing + slash at the opening tag: "" is equivalent to "". + + - All tag names and all attribute names have to use lowercase + charcters and are case sensitive, unlike HTML. Values for attributes + have to be quoted: <ulink url="mailto:a@b.de">. + + +Structure of an XML document +---------------------------- + +There is a framework and a header for each XML document. For LinuxTag +papers these headers look the same for all papers and should be used +directly from the template. Just correct your name, the title of the +paper and your paper id according to the README in the ltpdk. After this +header the body of the <article> container follows. + + +List of valid DocBook elements +------------------------------ + +We recommend only a subset of the full DocBook standard, so please use +only the following elements for the body of your paper: + +<section> Creates new sections and subsections. + +<title> Should be used as first container in every <section> + and can be also used inside tables and figures. + +<para> For normal text. Note that this container is + necessary, you can't type directly into a <section> + container. + +<itemizedlist> For ordered and unordered itemized lists. Every +<orderedlist> single item needs a <listitem> container, which has +<listitem> to be closed! Usually you place a <para> inside your + <listitem>. + +<programlisting> Everything inside will be quoted verbatim. See + example document for important hints. + +<table> To create tables quite similar to HTML. See example +<tgroup> document. +<tbody> +<thead> +<tfoot> +<row> +<entry> + +<emphasis> The only text markup we support to emphasis a text + (may later be displayed bold or in italics in print) + +<ulink> To link to external URIs. Since your papers should + be more or less self-contained, don't make too much + use of this tag. The tag can be placed in any <para>. + +<mediaobject> To include a figure, like a diagramm or a picture. + See the example document for details. + + + +Structure of the body +--------------------- + +Start with a <section>, followed by a <title>. + +Now follows an arbitrary number of either simple paragraphs, lists, +tables, verbatim text or a sub level of a section. + +Inside these there's just text, emphasized text, figures or links. + +That's about all ;) + + +Further information +------------------- + +If you are really interested in XML/DocBook, have a look at + + http://www.docbook.org/ + +But beware: This is mainly a highly technical reference guide. A good +starting point in this somewhat confusing website is + + http://www.docbook.org/tdg/en/html/ref-elements.html + +A much more comprehensive introduction is + + http://xml.web.cern.ch/XML/goossens/dbatcern/ + +especially the chapters 3 - 7 describe the above in more detail. + +Finally there are links to some other tutorials, the last two in german: + + http://opensource.bureau-cornavin.com/crash-course/ + http://rzserv2.fhnon.de/~lg002556/docbuch/ + http://trieloff.net/doctutorial/ diff --git a/2005/flow-accounting-lt2005/ltpdk/README b/2005/flow-accounting-lt2005/ltpdk/README new file mode 100644 index 0000000..1a7791a --- /dev/null +++ b/2005/flow-accounting-lt2005/ltpdk/README @@ -0,0 +1,178 @@ +LinuxTag 2003 Paper Development Kit HOWTO +========================================= + +The ltpdk (LinuxTag Paper Development Kit) is a self-contained +collection of tools, examples, and documentation about how to write and +submit papers in the LinuxTag flavour of DocBook. Included in this +package are: + + - statically linked xmllint and xsltproc executables to check your + paper against the DocBook DTD and to convert it to HTML for easy + viewing. There are also convenient wrappers for those tools in the + "bin" directory. + + - The DocBook Simplified DTD and the LinuxTag-Metatron + DocBook-to-HTML stylesheet for use with xmllint and xsltproc. These + files describe the internal structure of valid XML documents. Usually + you don't need to look at these files in the "xml" directory. + + - The sources for xmllint and xsltproc in the "src" directory. There is + no need to look at these files either if you just want to write a + paper. However, as the ltpdk is Free Software, we provide the + source code. + + - You can find an example of using DocBook for a LinuxTag 2003 paper + in the "example" directory. Most of it is fairly self-explanatory. + + - We already prepared the dirctory "paper" for your paper and placed + an empty template in it. This is a good starting point for your + document. + + +0. For the experienced and impatient +------------------------------------ + +Enter your paper in the template in paper/paper-999-de.xml and rename it +with your talk number. + +Read the example in example/paper.xml. + +Check if your paper is valid with bin/lt-validate or generate preliminary +HTML with bin/lt-convert. + +Create a tar-file with bin/lt-pack and upload the result to the CC. + + +1. Prerequistes +--------------- + +You need just a Linux system and the LinuxTag Paper Development Kit +(ltpdk) which can be downloaded from + + http://www.linuxtag.org/cfp/ltpdk.tar.gz + +The ltpdk extracts to a self-contained directory and once extracted +depends on no special software (except a shell and the commands sed, pwd +and tar): + + $ cd /wherever/you/want + $ wget http://www.linuxtag.org/cfp/ltpdk.tar.gz + $ tar xfvz ltpdk.tar.gz + $ cd ltpdk + +If you want also the sources, you can download ltpdk-src.tar.gz instead. + + +2. Name conventions for your paper +---------------------------------- + +There is a directory "paper" prepared with a minimal template for +you. Please change to that directory and rename the template according +to your paper number. You can find your paper number in your +confirmation message or when you log into the CC ("EDIT PAPER"). +Assuming your paper number is 789, please rename the template to: + + $ cd paper + $ ls + paper-999.xml + $ mv paper-999.xml paper-789-en.xml +or + $ mv paper-999.xml paper-789-de.xml + +respectively according to the language you are using. Please pad the +paper number with zeros to three digits, if necessary (e. g. "046"). + +Now you can edit your document with any editor you like or import the +content from an other location in this file. Should you want to include +pictures or figures in your paper, copy all necessary files in the same +directory as the paper itself and keep the following name scheme: + + picture-789-01.gif + picture-789-02.jpg + picture-789-03.png + ... + +and so on. Please use GIF or JPG format images when providing images. +We're aware of the fact that GIF ist not patent free, but real life +proved that PNG is not an alternative in all circumstances. + +If you have additional material for inclusion on the CDROM +or for the website, you place these files in the subdirectory +"contrib". If you have only PDF-material (which is not our primary +choice to a full paper), please also drop it here. + + +3. How to use DocBook +--------------------- + +DocBook is an XML-based markup language slightly similiar in use like +HTML. DocBook has a lot of features, which can be complex and +confusing at first sight. We advise you to use only a recommended +subset that is described in a separate document along with links for +more tutorials, if you wish to learn more about DocBook. + +We provide an example that illustrates the use of all the +recommended markup tags in "example-en.xml". + +If you are already familiar with DocBook, you can use all features of +the DTD although we strongly recommend to keep to the defined subset +of tabs and containers. Your root container has to be <article>. + + +4. Validating your Paper +------------------------ + +There are three alternatives to check if your paper conforms to the +XML/DocBook requirements. Papers conforming to these standards reduce +immensely the efforts to integrate your submission in the conference +proceedings. + +To check if your paper conforms to the XML syntax, execute + + $ ./bin/lt-validate paper-789-xx.xml + +If your paper contains no errors, the wrapper will just print it to +stdout, nicely indented. Otherwise, you will get a declarative error +message on what's wrong. + +For easier viewing, you can convert your paper to a HTML fragment that +can be viewed with your favourite browser. The converting will NOT +produce a valid HTML document for technical reasons (the provided +Docbook-to-HTML stylesheet is only one part of our rendering pipeline +in the publishing framework). However that should be no problem with +the common browsers. To create HTML for proofreading, use + + $ ./bin/lt-convert paper-789-xx.xml > paper.html + +The third option is to package your paper and upload it to the +Conference Center (see next section). + + +5. Packaging and Uploading +-------------------------- + +Change to the main directory of the ltpdk and put you files in an +archive: + + $ cd .. + $ ls + bin COPYING example-en.xml example.gif example.html HOWTO + paper README src xml + $ ./bin/lt-package + +This creates the file "paper.tar.gz". Now open a web browser to + + https://www.linuxtag.org/cfp/login + +log in with your username and password, click on the "[edit]" button +trailing your abstract and upload the paper.tar.gz file to the CC. + +We are still working on a preview mode accessible directly from the CC. +There should appear ne new link ("preview paper") in the near future. + + +6. Questions +------------ + +If you have questions you may ask our DocBook team leader Michael +Kleinhenz (kleinhenz@linuxtag.org) or Nils Magnus (magnus@linuxtag.org). diff --git a/2005/flow-accounting-lt2005/ltpdk/bin/lt-convert b/2005/flow-accounting-lt2005/ltpdk/bin/lt-convert new file mode 100755 index 0000000..310fbd8 --- /dev/null +++ b/2005/flow-accounting-lt2005/ltpdk/bin/lt-convert @@ -0,0 +1,38 @@ +#!/bin/sh +# +# lt-convert - converts an XML/DocBook document of LinuxTag flavour to HTML. +# +# LinuxTag Paper Development Kit is Copyright (C) 2003 by LinuxTag e. V. +# +# V1.1 written 2003-05-04 by Nils Magnus (magnus@linuxtag.org) +# + +# check options +if [ -z "$1" ] +then + cat << EOF +Usage: $0 file +Converts XML/DocBook file to HTML fragment. +EOF + exit 1 +fi + +# determine paths + +bin=`echo $0 | sed 's/[^/]*$//'` + +if echo ${bin} | grep -v '^/' > /dev/null +then + bin="`pwd`/${bin}" +fi + +xml=`echo ${bin} | sed 's/bin.*$/xml/'` + +# call xsltproc + +if ${bin}/xsltproc ${xml}/docbook-html.xsl $* +then + : +else + echo "Summary: Document is not conforming to spec." +fi diff --git a/2005/flow-accounting-lt2005/ltpdk/bin/lt-pack b/2005/flow-accounting-lt2005/ltpdk/bin/lt-pack new file mode 100755 index 0000000..a898a5b --- /dev/null +++ b/2005/flow-accounting-lt2005/ltpdk/bin/lt-pack @@ -0,0 +1,40 @@ +#!/bin/sh +# +# lt-pack - Creates an archive containing your LinuxTag paper prepared for upload. +# +# LinuxTag Paper Development Kit is Copyright (C) 2003 by LinuxTag e. V. +# +# V1.1 written 2003-05-04 by Nils Magnus (magnus@linuxtag.org) +# + +# check options +if [ $# -gt 1 ] +then + cat << EOF +Usage: $0 +Creates an archive containing your LinuxTag paper prepared for upload. +EOF + exit 1 +fi + +# determine paths + +bin=`echo $0 | sed 's/[^/]*$//'` + +if echo ${bin} | grep -v '^/' > /dev/null +then + bin="`pwd`/${bin}" +fi + +xml=`echo ${bin} | sed 's/bin.*$/xml/'` + +# call tar from the correct directory + +cd ${bin} +cd .. +if tar cfzv paper.tar.gz paper +then + echo "please upload now `pwd`/paper.tar.gz to the CC" +else + echo "error while packaging" +fi diff --git a/2005/flow-accounting-lt2005/ltpdk/bin/lt-validate b/2005/flow-accounting-lt2005/ltpdk/bin/lt-validate new file mode 100755 index 0000000..f56bdbe --- /dev/null +++ b/2005/flow-accounting-lt2005/ltpdk/bin/lt-validate @@ -0,0 +1,38 @@ +#!/bin/sh +# +# lt-validate - validates an XML/DocBook document of LinuxTag flavour. +# +# LinuxTag Paper Development Kit is Copyright (C) 2003 by LinuxTag e. V. +# +# V1.2 written 2003-05-04 by Nils Magnus (magnus@linuxtag.org) +# + +# check options +if [ -z "$1" ] +then + cat << EOF +Usage: $0 file +Validates XML/DocBook file. +EOF + exit 1 +fi + +# determine paths + +bin=`echo $0 | sed 's/[^/]*$//'` + +if echo ${bin} | grep -v '^/' > /dev/null +then + bin="`pwd`/${bin}" +fi + +xml=`echo ${bin} | sed 's/bin.*$/xml/'` + +# call xmllint + +if ${bin}/xmllint --dtdvalid ${xml}/docbook.dtd $* +then + echo "Document is conforming to spec. You may want to check the results with lt-convert." +else + echo "Summary: Document is not conforming to spec." +fi diff --git a/2005/flow-accounting-lt2005/ltpdk/bin/xmllint b/2005/flow-accounting-lt2005/ltpdk/bin/xmllint new file mode 100755 index 0000000..f028e47 Binary files /dev/null and b/2005/flow-accounting-lt2005/ltpdk/bin/xmllint differ diff --git a/2005/flow-accounting-lt2005/ltpdk/bin/xsltproc b/2005/flow-accounting-lt2005/ltpdk/bin/xsltproc new file mode 100755 index 0000000..3798abc Binary files /dev/null and b/2005/flow-accounting-lt2005/ltpdk/bin/xsltproc differ diff --git a/2005/flow-accounting-lt2005/ltpdk/example/example-en.xml b/2005/flow-accounting-lt2005/ltpdk/example/example-en.xml new file mode 100644 index 0000000..53852b5 --- /dev/null +++ b/2005/flow-accounting-lt2005/ltpdk/example/example-en.xml @@ -0,0 +1,224 @@ +<?xml version="1.0" encoding="ISO-8859-1"?> + +<article id="paper"> +<articleinfo> + <title>Your Paper Title + + Yourfirstname + Yourlastname + + + 2003 + Yourname + + + + +
+This is the title + + +This is a paragraph. Remember always enclose literal text with para +elements. Interdum volgus rectum videt, est ubi peccat. Si veteres ita +miratur laudatque poetas, ut nihil anteferat, nihil illis comparet, +errat. Si quaedam nimis antique, si peraque dure dicere credit eos, +ignave multa fatetur, et sapit et mecum facit et Iova iudicat aequo. Non +equidem insector delendave carmina Livi esse reor, memini quae plagosum +mihi parvo Orbilium dictare; sed emendata videri pulchraque et exactis +minimum distantia miror. Inter quae verbum emicuit si forte decorum, et +si versus paulo concinnior unus et alter, venditque poema. Brevi vel +toto est iunior anno. Utor permisso, caudaeque pilos ut equinae paulatim +vello unum, demo etiam unum. Si meliora dies, ut vina, poemata reddit, +scire velim, chartis perficit quotus pretium quotus arroget annus. +Scriptor abhinc reddit misso annos centum qui decidit, inter perfectos +veteresque referri debet an inter vilis atque perfectos novos? Excludat +iurgia finis. + + + +Est vetus atque probus, centum qui perficit annos. Quid, qui +deperiitnihis perfectos uno mense vel? Iste quidem veteres inter ponetur +honeste, qui vel mense brevi vel toto est iunior anno. Utor permisso, +caudaeque nisi pilos ut equinae paulatim vello et virtutem, demo etiam +unum, dum cadat elusus ratione ruentis acervi, qui redit in fastos et +virtutem aestimat annis miraturque nihil nisi quod. Ennius et sapines et +fortis et alter Homerus, ut critici dicunt, leviter curare videtur, quo +promissa cadant et somnia Pythagorea. Naevius in manibus non est et +sanctum mentibus haeret paene recens? Adeo sanctum est vetus omne poema. +Ambigitur quotiens, uter utro sit prior, aufert Pacuvius docti famam +senis Accius alti, dicitur Afrani toga convenisse Menandro, Plautus. Hos +ediscit et hos arto stipata theatro spectat Roma potens; habet hos nisi +numeratque poetas ad ambigitur tempus Livi scriptoris ab aevo. Brevi vel +toto est iunior anno. Interdum volgus rectum videt, est ubi peccat. Si +veteres ita miratur laudatque poetas, ut nihil anteferat, nihil illis +comparet, errat. + + +
+This is a subtitle + + +Now we display an image. Please always use only the image name as the +argument to the fileref attribute. No directories or other locations please. + + + + + + + + + + + + + +Si quaedam nimis antique, si peraque dure dicere credit eos, ignave +multa fatetur, et sapit et mecum facit et Iova iudicat aequo. Non +equidem insector delendave carmina Livi esse reor, memini quae plagosum +mihi parvo Orbilium dictare; sed emendata videri pulchraque et exactis +minimum distantia miror. Inter quae verbum emicuit si forte decorum, et +si versus paulo concinnior unus et alter, venditque poema. Brevi vel +toto est iunior anno. + + +
+ +
+ Tables + + + Optional Table Title + + + + + + First Row, first Col + First Row, second Col + + + Second Row, first Col + Second Row, second Col + + + Third Row, first Col + Third Row, first Col + + + Fourth Row, first Col + Fourth Row, first Col + + + +
+ + + +Hos ediscit et hos arto stipata theatro spectat Roma potens; habet hos +nisi numeratque poetas ad ambigitur tempus Livi scriptoris ab aevo. +Brevi vel toto est iunior anno. Interdum volgus rectum videt, est ubi +peccat. Si veteres ita miratur laudatque poetas, ut nihil anteferat, +nihil illis comparet, errat. + + +
+ +
+ +Links + + + +This is an emphasis: +You can make links in your paper using the ulink element, like so: +This is a Link + + + +Utor permisso +Ambigitur quotiens, uter utro sit prior, aufert Pacuvius docti famam +senis Accius alti, dicitur Afrani toga convenisse Menandro, Plautus. Hos +ediscit et hos arto stipata theatro spectat Roma potens; habet hos nisi +numeratque poetas ad ambigitur tempus Livi scriptoris ab aevo. + +
+ +
+ +Itemized Lists + + +Itemized lists can be done using the itemizedlist element: + + + + + + This is a listitem + + + + + + This is a listitem associated with a link + + + + + + + + This is a listitem + + + + + + This is a listitem associated with a link + + + + + + + + +Don't care about the double bullets with sub-itemized lists. They will +be controlled by CSS in the final view. + + +
+ +
+ + Codesnippets + + + +You can include condesnippets like so: + + + +tags and &entities; +are not recognized. The only markup that is recognized +is the end-of-section marker, which is two +"]"'s in a row followed by a >.]]> + + + +Utor permisso, caudaeque nisi pilos ut equinae paulatim vello et +virtutem, demo etiam unum, dum cadat elusus ratione ruentis acervi, qui +redit in fastos et virtutem aestimat annis miraturque nihil nisi quod. +Ennius et sapines et fortis et alter Homerus, ut critici dicunt, leviter +curare videtur, quo promissa cadant et somnia Pythagorea. Naevius in +manibus non est et sanctum mentibus haeret paene recens? + + +
+ +
+ + \ No newline at end of file diff --git a/2005/flow-accounting-lt2005/ltpdk/example/example.gif b/2005/flow-accounting-lt2005/ltpdk/example/example.gif new file mode 100644 index 0000000..30b9191 Binary files /dev/null and b/2005/flow-accounting-lt2005/ltpdk/example/example.gif differ diff --git a/2005/flow-accounting-lt2005/ltpdk/example/example.html b/2005/flow-accounting-lt2005/ltpdk/example/example.html new file mode 100644 index 0000000..04e796a --- /dev/null +++ b/2005/flow-accounting-lt2005/ltpdk/example/example.html @@ -0,0 +1,211 @@ + + + + + +
+

This is the title

+ + +

+This is a paragraph. Remember always enclose literal text with para +elements. Interdum volgus rectum videt, est ubi peccat. Si veteres ita +miratur laudatque poetas, ut nihil anteferat, nihil illis comparet, +errat. Si quaedam nimis antique, si peraque dure dicere credit eos, +ignave multa fatetur, et sapit et mecum facit et Iova iudicat aequo. Non +equidem insector delendave carmina Livi esse reor, memini quae plagosum +mihi parvo Orbilium dictare; sed emendata videri pulchraque et exactis +minimum distantia miror. Inter quae verbum emicuit si forte decorum, et +si versus paulo concinnior unus et alter, venditque poema. Brevi vel +toto est iunior anno. Utor permisso, caudaeque pilos ut equinae paulatim +vello unum, demo etiam unum. Si meliora dies, ut vina, poemata reddit, +scire velim, chartis perficit quotus pretium quotus arroget annus. +Scriptor abhinc reddit misso annos centum qui decidit, inter perfectos +veteresque referri debet an inter vilis atque perfectos novos? Excludat +iurgia finis. +

+ +

+Est vetus atque probus, centum qui perficit annos. Quid, qui +deperiitnihis perfectos uno mense vel? Iste quidem veteres inter ponetur +honeste, qui vel mense brevi vel toto est iunior anno. Utor permisso, +caudaeque nisi pilos ut equinae paulatim vello et virtutem, demo etiam +unum, dum cadat elusus ratione ruentis acervi, qui redit in fastos et +virtutem aestimat annis miraturque nihil nisi quod. Ennius et sapines et +fortis et alter Homerus, ut critici dicunt, leviter curare videtur, quo +promissa cadant et somnia Pythagorea. Naevius in manibus non est et +sanctum mentibus haeret paene recens? Adeo sanctum est vetus omne poema. +Ambigitur quotiens, uter utro sit prior, aufert Pacuvius docti famam +senis Accius alti, dicitur Afrani toga convenisse Menandro, Plautus. Hos +ediscit et hos arto stipata theatro spectat Roma potens; habet hos nisi +numeratque poetas ad ambigitur tempus Livi scriptoris ab aevo. Brevi vel +toto est iunior anno. Interdum volgus rectum videt, est ubi peccat. Si +veteres ita miratur laudatque poetas, ut nihil anteferat, nihil illis +comparet, errat. +

+ +
+

This is a subtitle

+ + +

+Now we display an image. Please always use only the image name as the +argument to the fileref attribute. No directories or other locations please. +

+ +

+ + + + + +

+ +

+Si quaedam nimis antique, si peraque dure dicere credit eos, ignave +multa fatetur, et sapit et mecum facit et Iova iudicat aequo. Non +equidem insector delendave carmina Livi esse reor, memini quae plagosum +mihi parvo Orbilium dictare; sed emendata videri pulchraque et exactis +minimum distantia miror. Inter quae verbum emicuit si forte decorum, et +si versus paulo concinnior unus et alter, venditque poema. Brevi vel +toto est iunior anno. +

+ +
+ +
+

Tables

+ + +

Optional Table Title

+ + + + + + + + + + + + + + + + + +
First Row, first ColFirst Row, second Col
Second Row, first ColSecond Row, second Col
Third Row, first ColThird Row, first Col
Fourth Row, first ColFourth Row, first Col
+ + +

+Hos ediscit et hos arto stipata theatro spectat Roma potens; habet hos +nisi numeratque poetas ad ambigitur tempus Livi scriptoris ab aevo. +Brevi vel toto est iunior anno. Interdum volgus rectum videt, est ubi +peccat. Si veteres ita miratur laudatque poetas, ut nihil anteferat, +nihil illis comparet, errat. +

+ +
+ +
+

+Links +

+ + +

+This is an emphasis: +You can make links in your paper using the ulink element, like so: +This is a Link +

+ +

+Utor permisso +Ambigitur quotiens, uter utro sit prior, aufert Pacuvius docti famam +senis Accius alti, dicitur Afrani toga convenisse Menandro, Plautus. Hos +ediscit et hos arto stipata theatro spectat Roma potens; habet hos nisi +numeratque poetas ad ambigitur tempus Livi scriptoris ab aevo. +

+
+ +
+

Itemized Lists

+ + + +

+Itemized lists can be done using the itemizedlist element: +

+ +
+ +

+Don't care about the double bullets with sub-itemized lists. They will +be controlled by CSS in the final view. +

+ +
+ +
+

+ Codesnippets +

+ + +

+You can include condesnippets like so: +

+ +
+This is a programlisting so white       space and line
+breaks are significant.  But it is also a CDATA
+section so <emphasis>tags</emphasis> and &entities;
+are not recognized.  The only markup that is recognized
+is the end-of-section marker, which is two
+"]"'s in a row followed by a >.
+
+ +

+Utor permisso, caudaeque nisi pilos ut equinae paulatim vello et +virtutem, demo etiam unum, dum cadat elusus ratione ruentis acervi, qui +redit in fastos et virtutem aestimat annis miraturque nihil nisi quod. +Ennius et sapines et fortis et alter Homerus, ut critici dicunt, leviter +curare videtur, quo promissa cadant et somnia Pythagorea. Naevius in +manibus non est et sanctum mentibus haeret paene recens? +

+ +
+ +
+ + diff --git a/2005/flow-accounting-lt2005/ltpdk/paper.tar.gz b/2005/flow-accounting-lt2005/ltpdk/paper.tar.gz new file mode 100644 index 0000000..191a0ca Binary files /dev/null and b/2005/flow-accounting-lt2005/ltpdk/paper.tar.gz differ diff --git a/2005/flow-accounting-lt2005/ltpdk/paper/paper-11076.xml b/2005/flow-accounting-lt2005/ltpdk/paper/paper-11076.xml new file mode 100644 index 0000000..a14546f --- /dev/null +++ b/2005/flow-accounting-lt2005/ltpdk/paper/paper-11076.xml @@ -0,0 +1,426 @@ + +
+ + Flow based network accounting with Linux + + Harald + Welte + + + 2005 + Harald Welte + + + +
+Abstract + +Many networking scenarios require some form of network accounting that goes beyond some simple packet and byte counters as available from the 'ifconfig' output. + + +Network accounting can generally be done in a number of different ways. The +traditional way is to capture all packets by some userspace program. Capturing +can be done via a number of mechanisms such as PF_PACKET +sockets, mmap()ed PF_PACKET, +ipt_ULOG, or ip_queue. This +userspace program then analyzes the packets and aggregates the result into +per-flow data +structures. + + +Whatever mechanism used, this scheme has a fundamental performance limitation, +since all packets need to be copied and analyzed by a userspace process. + + +The author has implemented a different approach, by which the accounting +information is stored in the in-kernel connection tracking table of the +ip_conntrack stateful firewall state machine. On all firewalls, that +state table has to be kept anyways - the additional overhead introduced by +accounting is minimal. + +
+ +
+Network accounting + +Network accounting generally describes the process of counting and potentially +summarizing metadata of network traffic. The kind of metadata is largely +dependant on the particular application, but usually includes data such as numbers of packets, numbers of bytes, source and destination ip address. + + +There are many reasons for doing accounting of networking traffic, among them + + +transfer volume or bandwisth based billing +monitoring of network utilization, bandwidth distribution and link usage +research, such as distribution of traffic among protocols, average packet size, ... + +
+ +
+Existing accounting solutions for Linux + +There are a number of existing packages to do network accounting with Linux. +The following subsections intend to give a short overview about the most +commonly used ones. + + +
+nacctd + +nacctd also known as net-acct is probably +the oldest known tool for network accounting under Linux (also works on other +Unix-like operating systems). The author of this paper has used +nacctd as an accounting tool as early as 1995. It was +originally developed by Ulrich Callmeier, but apparently abandoned later on. +The development seems to have continued in multiple branches, one of them being +the netacct-mysql branch, +currently at version 0.79rc2. + + +It's principle of operation is to use an AF_PACKET socket +via libpcap in order to capture copies of all packets on +configurable network interfaces. It then does TCP/IP header parsing on each +packet. Summary information such as port numbers, ip addresses, number of +bytes are then stored in an internal table for aggregation of successive +packets of the same flow. The table entries are evicted and stored in a +human-readable ASCII file. Patches exist for sending information directly into +SQL databases, or saving data in machine-readable data format. + + +As a pcap-based solution, it suffers from the performance penalty of copying +every full packet to userspace. As a packet-based solution, it suffers from +the penalty of having to interpret every single packet. + +
+ +
+ipt_LOG based + +The Linux packet filtering subsystem iptables offers a way to log policy +violations via the kernel message ring buffer. This mechanism is called +ipt_LOG (or LOG target). Such +messages are then further processed by klogd and +syslogd, which put them into one or multiple system log +files. + + +As ipt_LOG was designed for logging policy violations and +not for accounting, it's overhead is significant. Every packet needs to be +interpreted in-kernel, then printed in ASCII format to the kernel message ring +buffer, then copied from klogd to syslogd, and again copied into a text file. +Even worse, most syslog installations are configured to write kernel log +messages synchronously to disk, avoiding the usual write buffering of the block +I/O layer and disk subsystem. + + +To sum up and anlyze the data, often custom perl scripts are used. Those perl +scripts have to parse the LOG lines, build up a table of flows, add the packet +size fields and finally export the data in the desired format. Due to the inefficient storage format, performance is again wasted at analyzation time. + +
+ +
+ipt_ULOG based (ulogd, ulog-acctd) + +The iptables ULOG target is a more efficient version of +the LOG target described above. Instead of copying ascii +messages via the kernel ring buffer, it can be configured to only copies the +header of each packet, and send those copies in large batches. A special +userspace process, normally ulogd, receives those partial packet copies and +does further interpretation. + + +ulogd is intended for +logging of security violations and thus resembles the functionality of LOG. it +creates one logfile entry per packet. It supports logging in many formats, +such as SQL databases or PCAP format. + + +ulog-acctd is a +hybrid between ulogd and nacctd. It +replaces the nacctd libpcap/PF_PACKET based capture with the more efficient +ULOG mechanism. + + +Compared to ipt_LOG, ipt_ULOG reduces +the amount of copied data and required kernel/userspace context switches and +thus improves performance. However, the whole mechanism is still intended for +logging of security violations. Use for accounting is out of its design. + +
+ +
+iptables based (ipac-ng) + +Every packet filtering rule in the Linux packet filter +(iptables, or even its predecessor +ipchains) has two counters: number of packets and number +of bytes matching this particular rule. + + +By carefully placing rules with no target (fallthrough) rules in the +packetfilter ruleset, one can implement an accounting setup, i.e. one rule per +customer. + + +A number of tools exist to parse the iptables command output and summarized the +counters. The most commonly used package is ipac-ng. It supports +advanced features such as storing accounting data in SQL databases. + + +The approach works quite efficiently for small installations (i.e. small number +of accounting rules). Therefore, the accounting granularity can only be very +low. One counter for each single port number at any given ip address is certainly not applicable. + +
+ +
+ipt_ACCOUNT + +ipt_ACCOUNT +is a special-purpose iptables target available from the netfilter project +patch-o-matic-ng repository. It requires kernel patching and is not included +in the mainline kernel. + + +ipt_ACCOUNT keeps byte counters per IP address in a given +subnet, up to a '/8' network. Those counters can be read via a special +"iptaccount" commandline tool. + + +Being limited to local network segments up to '/8' size, and only having per-ip +granularity are two limiteations that defeat ipt_ACCOUNT +as a generich accounting mechainism. It's highly-optimized, but also +special-purpose. + +
+ +
+ntop (including PF_RING) + +ntop is a network traffic +probe to show network usage. It uses libpcap to capture +the packets, and then aggregates flows in userspace. On a fundamental level it's therefore similar to what nacctd does. + + +From the ntop project, there's also nProbe, a network +traffic probe that exports flow based information in NETFLOW v5/v9 format. + + +To increase performance of the probe, the author (Luca Deri) has implemented +PF_RING, a new zero-copy +mmap()ed implementation for packet capture. There is a libpcap compatibility layer on top, so any pcap-using application can benefit from PF_RING. + + +PF_RING is a major performance improvement, please look at the documentation +and the paper published by Luca Deri. + + +However, ntop / nProbe / PF_RING are all packet-based accounting solutions. +Every packet needs to be analyzed by some userspace process - even if there is +no copying involved. Due to PF_RING optimiziation, it is probably as efficient +as this approach can get. + + +
+ +
+ +
+New ip_conntrack based accounting + +The fundamental idea is to (ab)use the connection tracking subsystem of the +Linux 2.4.x / 2.6.x kernel for accounting purposes. There are several reasons +why this is a good fit: + + +It already keeps per-connection state information. Extending this information to contain a set of counters is easy. +Lots of routers/firewalls are already running it, and therefore paying it's performance penalty for security reasons. Bumping a couple of counters will introduce very little additional penalty. +There was already an (out-of-tree) system to dump connection tracking information to userspace, called ctnetlink + + +So given that a particular machine was already running ip_conntrack, adding +flow based acconting to it comes almost for free. I do not advocate the use of +ip_conntrack merely for accounting, since that would be again a waste of +performance. + + +
+ip_conntrack_acct + +ip_conntrack_acct is how the in-kernel +ip_conntrack counters are called. There is a set of four +counters: numbers of packets and bytes for original and reply +direction of a given connection. + + +If you configure a recent (>= 2.6.9) kernel, it will prompt you for +CONFIG_IP_NF_CT_ACCT. By enabling this configuration +option, the per-connection counters will be added, and the accounting code will +be compiled in. + + +However, there is still no efficient means of reading out those counters. They +can be accessed via "cat /proc/net/ip_conntrack", but that's not a real +solution. The kernel iterates over all connections and ASCII-formats the data. +Also, it is a polling-based mechanism. If the polling interval is too short, +connections might get evicted from the state table before their final counters +are being read. If the interval is too small, performance will suffer. + + +To counter this problem, a combination of conntrack notifiers and ctnetlink is being used. + +
+ +
+conntrack notifiers + +Conntrack notifiers use the core kernel notifier infrastructure +(struct notifier_block) to notify other parts of the +kernel about connection tracking events. Such events include creation, +deletion and modification of connection tracking entries. + + +The conntrack notifiers can help us overcome the polling architecture. If we'd only listen to "conntrack delete" events, we would always get the byte and packet counters at the end of a connection. + + +However, the events are in-kernel events and therefore not directly suitable +for an accounting application to be run in userspace. + +
+ +
+ctnetlink + +ctnetlink (short form for conntrack netlink) is a +mechanism for passing connection tracking state information between kernel and +userspace, originally developed by Jay Schulist and Harald Welte. As the name +implies, it uses Linux AF_NETLINK sockets as its +underlying communication facility. + + +The focus of ctnetlink is to selectively read or dump +entries from the connection tracking table to userspace. It also allows +userspace processes to delete and create conntrack entries as well as +"conntrack expectations". + + +The initial nature of ctnetlink is therefore again +polling-based. An userspace process sends a request for certain information, +the kernel responds with the requested information. + +By combining conntrack notifiers with +ctnetlink, it is possible to register a notifier handler +that in turn sends ctnetlink event messages down the AF_NETLINK socket. + + +A userspace process can now listen for such DELETE event messages at the +socket, and put the counters into it's accounting storage. + + +There are still some shortcomings inherent to that DELETE event scheme: We +only know the amount of traffic after the connection is over. If a connection +lasts for a long time (let's say days, weeks), then it is impossible to use +this form of accounting for any kind of quota-based billing, where the user +would be informed (or disconnected, traffic shaped, whatever) when he exceeds +his quota. Also, the conntrack entry does not contain information about when the connection started - only the timestamp of the end-of-connection is known. + + +To overcome limitation number one, the accounting process can use a combined +event and polling scheme. The granularity of accounting can therefore be +configured by the polling interval, and a compromise between performance and +accuracy can be made. + + +To overcome the second limitation, the accounting process can also listen for +NEW event messages. By correlating the NEW and DELETE messages of a +connection, accounting datasets containign start and end of connection can be built. + +
+ +
+ulogd2 + +As described earlier in this paper, ulogd is a userspace +packet filter logging daemon that is already used for packet-based accounting, +even if it isn't the best fit. + + +ulogd2, also developed by the author of this paper, takes +logging beyond per-packet based information, but also includes support for +per-connection or per-flow based data. + + +Instead of supporting only ipt_ULOG input, a number of +interpreter and output plugins, ulogd2 supports a concept +called plugin stacks. Multiple stacks can exist within one deamon. Any such +stack consists out of plugins. A plugin can be a source, sink or filter. + + +Sources acquire per-packet or per-connection data from ipt_ULOG or ip_contnrack_acct. + + +Filters allow the user to filter or aggregate information. Filtering is +requird, since there is no way to filter the ctnetlink event messages within +the kernel. Either the functionality is enabled or not. Multiple connections +can be aggregated to a larger, encompassing flow. Packets could be aggregated +to flows (like nacctd), and flows can be aggregated to +even larger flows. + + +Sink plugins store the resulting data to some form of non-volatile storage, +such as SQL databases, binary or ascii files. Another sink is a NETFLOW or +IPFIX sink, exporting information in industy-standard format for flow based accounting. + +
+ +
+Status of implementation + +ip_conntrack_acct is already in the kernel since 2.6.9. + + +ctnetlink and the conntrack event +notifiers are considered stable and will be submitted for mainline +inclusion soon. Both are available from the patch-o-matic-ng repository of the +netfilter project. + + +At the time of writing of this paper, ulogd2 development +was not yet finished. However, the ctnetlink event messages can already be +dumped by the use of the "conntrack" userspace program, available from the +netfilter project. + + +The "conntrack" prorgram can listen to the netlink event socket and dump the +information in human-readable form (one ASCII line per ctnetlink message) to +stdout. Custom accounting solutions can read this information from stdin, +parse and process it according to their needs. + +
+ +
+ +
+Summary + +Despite the large number of available accounting tools, the author is confident that inventing yet another one is worthwhile. + + +Many existing implementations suffer from performance issues by design. Most +of them are very special-purpose. nProbe/ntop together with PF_RING are +probably the most universal and efficient solution for any accounting problem. + + +Still, the new ip_conntrack_acct, ctnetlink based +mechanism described in this paper has a clear performance advantage if you want +to do acconting on your Linux-based stateful packetfilter - which is a common +case. The firewall is suposed to be at the edge of your network, exactly where +you usually do accounting of ingress and/or egress traffic. + +
+ +
diff --git a/2005/flow-accounting-lt2005/ltpdk/src/SOURCES b/2005/flow-accounting-lt2005/ltpdk/src/SOURCES new file mode 100644 index 0000000..ac9caec --- /dev/null +++ b/2005/flow-accounting-lt2005/ltpdk/src/SOURCES @@ -0,0 +1,9 @@ +Source Distribution for LinuxTag Paper Development Kit +------------------------------------------------------ + +The complete ltsources for the ltpdk including validator and the +converter can be downloaded at + + http://www.linuxtag.org/cfp/ltpdk-src.tar.gz + +for size reasons (about 5MB). diff --git a/2005/flow-accounting-lt2005/ltpdk/xml/docbook-html.xsl b/2005/flow-accounting-lt2005/ltpdk/xml/docbook-html.xsl new file mode 100644 index 0000000..eeaae21 --- /dev/null +++ b/2005/flow-accounting-lt2005/ltpdk/xml/docbook-html.xsl @@ -0,0 +1,1221 @@ + + + + + +de + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ +

+ +

+
+ +

+ +

+
+ + + + + + +
+ + + + +
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + +
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ + + +
+ +
+
+
+
+ + + + + + + + content + + + + + + + + +
+ + + +
+
+ +
+
+ + +
+ + + + + section + sect2 + sect3 + sect4 + + +
+ + +
+
+ + + + + + + + + + + + + + +
+
+ + +
+ + + + + +

+ + +

+
+ + + +

+
+

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + " + + " + + + + + + + + + + + + + + + + + + + + + + + + + + +
+
+ +
+ +
+
+ + +
--
+
+ + + + + + + +
+
    + +
+
+
+ + +
+
    + + + a + i + A + i + + + + + + + + + Numeration: + + + + + + +
+
+
+ + + 1 + + + + + + + + + + + + + + + + + +
  • + +
  • +
    + + +
    + +
    +
    + + + +

    +
    +
    +
    + +
    +
    +
    + + +
    + + +
    +
    + + + + , + + + + + + + + + + + + + + + + +

    + + +

    + + + + + + + + + +
    +
    +
    + + +
    + + content + + + + + + +
    +
    + +
    +
    + +
    + + + + + + + + + + + + + + +
    + + content + + + + + + +
    + + + + + + + + + + + + + + + + + + +
    + + + + +
    +
    +
    +
    +
    + + +
    +			
    +				
    +			
    +		
    +
    + + + + + + + + + +
    + +
    +
    + + +
    + +
    + +   + +   + +   + +   + +
    + + + + + + +
    + +
    + +
    + + +
    + +
    + +
    + + +
    + +
    + +
    + + +
    + +
    + +
    + + +
    + +
    + +
    + + + +
    + +
    +
    + + + + + + +
    + + + + + +
    + + +
    +						
    +						
    +					
    + +
    +
    +
    + + +
    + +
    +
    + + + + + + ( + + ); + + + + + + + + , + + + + + + + +
    + +
    + + + ( + + + + ) + + + + + + + ; + + + + + +   + + + + + (void); + + + + (...); + + + + + + + + + + + + + + + + + + + + + Copyright © + + + + + + + + + + + © + + + + + ® + + + + + + TM + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

    +

    + + + + + + + + + + + + + + +
    + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    +
    +

    +
    + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

    +
    + +
    + + + + + + + + + + table + + + + + + + 0 + + + 1 + + + + + + +
    +
    + + + + + + + + + + + + + + + + + + row + + + + + + + + + + + + + + + + entry + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +   + + + + + + + + + + + + + + +Calling strip.leading.spaces +Value: +Starts-with: + + + + + + + + + + + + + + + + + Oliver Zendel ist muede + + + + + +Calling strip.ending.spaces +Value: +End-with: '' + + +Found Tab + + + + + + + +Found Space + + + + + + + +Found Noting + + + + + + + + Oliver Zendel ist muede + + + + + + + Warning: Tag + + not supportet + + +
    diff --git a/2005/flow-accounting-lt2005/ltpdk/xml/docbook.dtd b/2005/flow-accounting-lt2005/ltpdk/xml/docbook.dtd new file mode 100644 index 0000000..114602c --- /dev/null +++ b/2005/flow-accounting-lt2005/ltpdk/xml/docbook.dtd @@ -0,0 +1,1618 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/2005/flow-accounting-lt2005/ltpdk/xml/i18n.xml b/2005/flow-accounting-lt2005/ltpdk/xml/i18n.xml new file mode 100644 index 0000000..be0890a --- /dev/null +++ b/2005/flow-accounting-lt2005/ltpdk/xml/i18n.xml @@ -0,0 +1,13 @@ + + + + + + + + + + + + + -- cgit v1.2.3