From fca59bea770346cf1c1f9b0e00cb48a61b44a8f3 Mon Sep 17 00:00:00 2001 From: Harald Welte Date: Sun, 25 Oct 2015 21:00:20 +0100 Subject: import of old now defunct presentation slides svn repo --- 2005/netfilter_nextgen-lk2005/abstract.txt | 32 ++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) create mode 100644 2005/netfilter_nextgen-lk2005/abstract.txt (limited to '2005/netfilter_nextgen-lk2005/abstract.txt') diff --git a/2005/netfilter_nextgen-lk2005/abstract.txt b/2005/netfilter_nextgen-lk2005/abstract.txt new file mode 100644 index 0000000..0d3f97c --- /dev/null +++ b/2005/netfilter_nextgen-lk2005/abstract.txt @@ -0,0 +1,32 @@ +First steps towards the next generation netfilter subsystem + +Until 2.6, every new kernel version came with its own incarnation of a packet +filter: ipfw, ipfwadm, ipchains, iptables. 2.6.x still had iptables. What was +wrong? Or was iptables good enough to last even two generations? + +In reality the netfilter project is working on gradually transforming the +existing framework into something new. Some of those changes are transparent +to the user, so they slip into a kernel release almost unnoticed. However, +for expert users and developers those changes are noteworthy anyway. + +Some other changes just extend the existing framework, so most users again +won't even notice them - they just don't take advantage of those new features. + +The 2.6.14 kernel release will mark a milestone, since it is scheduled to +contain nfnetlink, ctnetlink, nfnetlink_queue and nfnetlink_log - basically a +totally new netlink-based kernel/userspace interface for most parts of the +netfilter subsystem. + +nf_conntrack, a generic layer-3 independent connection tracking subsystem, +initially supporting IPv4 and IPv6, is also in the queue of pending patches. +Chances are high that it will be included in the mainline kernel at the time +this paper is presented at Linux Kongress. + +Another new subsystem within the framework is the "ipset" filter, basically an +alternative to using iptables in certain areas. + +The presentation will cover a timeline of recent advances in the netfilter +world, and describe each of the new features in detail. It will also summarize +the results of the annual netfilter development workshop, which is scheduled +just the week before Linux Kongress. + -- cgit v1.2.3