</ul>
</div>
+<div class="slide">
+ <h1>nftables [3.13]</h1>
+ <ul class="incremental">
+ <li>
+ Linux has several firewall APIs - iptables, ip6tables, arptables
+ and ebtables
+ </li>
+ <li>
+ All require a specific kernel module for each type of match
+ and each possible action
+ </li>
+ <li>
+ Userland could only use the four protocol-specific APIs,
+ although the internal netfilter API is more flexible
+ </li>
+ <li>
+ nftables exposes more of this flexibility, allowing userland
+ to provide firewall code for a specialised VM (similar to BPF)
+ </li>
+ <li>
+ nftables userland tool uses this API and is already packaged
+ </li>
+ <li>
+ Eventually, the old APIs will be removed and the old userland
+ tools must be ported to use nftables
+ </li>
+ </ul>
+</div>
+
+<div class="slide">
+ <h1>User-space lockdep [3.14]</h1>
+ <ul>
+ <li>
+ Kernel threads and interrupts all run in same address space,
+ using several different synchronisation mechanisms
+ </li>
+ <li>
+ Easy to introduce bugs that can result in deadlock, but hard to
+ reproduce them
+ </li>
+ <li>
+ Kernel's 'lockdep' system dynamically tracks locking operations
+ and detects <em>potential</em> deadlocks
+ </li>
+ <li>
+ Now available as a userland library! Except we need to package
+ it (build from linux-tools source package)
+ </li>
+ </ul>
+</div>
+
<div class="slide">
<h1>Questions?</h1>
</div>
projects / kernel-news-talk.git / blobdiff