I am going to keep netfilter and wireless lists on for now unless I hear more objections. We will be doing about one a day from now until about the time of the conference.
The tech committee would like to announce a new accepted talk. Huapeng Zhou, Doug Porter, Ryan Tierney and Nikita Shirokov are going to give a talk on Droplet which is used at Facebook to plug in DDoS countermeasures. More details: ---- Droplet is a generic framework to implement bpf policers to drop packets at the earliest stage in the networking stack, preferably at line rate. It's born for anti-DDoS and is the preferred infrastructure at Facebook to plug in DDoS countermeasures. This talk presents the overall architecture of Droplet and discusses a few issues in developing and rolling out the software. At a high level, Droplet takes bpf policer code written in restricted C syntax, compiles it at runtime and hooks it into the kernel. The framework abstracts out interactions between user space and kernel space so the end user only needs to write policer code. It could chain bpf programs together so we get multiple active DDoS countermeasures at the same time. The policer code is shipped as configuration, which enables fast response time when under active attacks. -------- cheers, jamal
