Netfilter Workshop 2018

I attended the Netfilter workshop in Berlin from 14th to 18th June 2018.  It was a small invite only workshop. Overall it was a fun and great learning experience. Through this workshop, I got an opportunity to interact with netfilter community members. It was nice to meet my mentor Pablo Neira Ayuso and past outreachy interns, Laura and Harsha.

On the first day Pablo talked about changes in netfilter since the last workshop. Phil Sutter gave updates on libnftables. I had contributed a few preparatory patches for libnftables. It was good to see the amount of work done on it, jointly by Phil and Eric Leblond. More information about libnftables can be checked from the man page written by Phil. It describes about the functions exported by libnftables. The last talk of the day was by Florian Wesphal on nftables performance issues.

Main discussions on day 2 were about moving from xtables to nftables. Florian Westphal and Arturo Borrero both gave talked about it. Arturo shared his plan in specific to Debian and his slides can be checked here. Jozsef Kadlecsik talked about nftables set and ipset compatibility. Laura Garcia gave an introduction about nftables load balancer and shared some interesting performance figures for both iptables and nftables with reptoline enabled  (slides).

Day 3 and 4: Pablo talked about flowtable offload infrastructure and recent developments on it. Harsha Sharma spoke about ct timeout support on which she is working during her gsoc internship. On the last day, I too gave a talk about my Outreachy contributions and shared my experience about  it.

This blogpost is just an overview of the netfilter workshop. There were other interesting talks too and they can be checked here. Arturo has also written a summary about the netfilter workshop in his blog.

PC: Arturo Borero

