= Netfilter's list of ideas for students participanting in GSoC 2018 = This document provides an introduction to the students that are willing to apply to this round of Netfilter's GSoC 2018. Please, take the time to read before you make questions. == Introduction == In this edition, we propose that the students focus again on the nftables [1] project, the successor of the popular iptables [2] firewalling tool. There is a huge ongoing development effort to get nftables into production state. We believe that GSoC students will help to boost this development, more specifically on tasks that are relatively simple but time consuming and that really need to be done. == Prerequisites == General requirements for students to participate are: * must know C, writing code fluently. * computer networking at a good level, more specifically, layer 2/3/4 of TCP/IP stack. == Proposed tasks == We propose several tasks for GSoC students in the next sections, this year we provide mostly tasks that range from average to hard in terms of difficulty. All these tasks also involve helping in bug hunting and fixing. == Task 1: Implement missing features in nftables == * Description: As of Linux kernel 4.15, nftables provides around 80% of the iptables feature-set [5]. We believe that this is fundamental to help users to migrate to nftables. * Tasks: Help by implementing missing features available in iptables as matches/targets. * Level of difficulty: Average. There is already code that you can use as reference for this task. * Mentors: Pablo Neira Ayuso / Arturo Borrero == Task 2: Library improvements for nftables == * Description: We already have the low level libnftnl, but this library is probably too low level for user applications. Its markup language support is still not in good shape, basically it needs more work. * Tasks: Add support to batch commands and send them to the kernel in one go. * Level of difficulty: Easy. There is code available implementing libnftables but it is not finished. The main problems that may arise are related to the time that the student will need to couple to the existing codebase. * Mentors: Pablo Neira Ayuso / Arturo Borrero == Task 3: Improving automated test infrastructure == * Description: Test infrastructure is fundamental to catch regressions. This project already comes with a nice test infrastructure, but we always consider good to have more coverage. * Tasks: Help by extending the existing infrastructure to support more tests based on recent fixes and new features that got merged upstream. * Level of difficulty: Easy. There is already code in place that can be used as reference. * Mentors: Pablo Neira Ayuso / Arturo Borrero = More information on nftables = The next Netfilter workshop in June-July 2018 [3] will surely focus on nftables ongoing and future development discussions. The kernel components were already merged into mainstream Linux kernel 3.13. Nonetheless, implementation works are still far from complete. All existing code is available under git.netfilter.org. More specifically: * libnftnl: low-level userspace library for nftables (for libmnl) iptables. * which already includes the iptables compatibility layer working over nftables. * nft: the new user-space command line tool, with a new syntax different from iptables. The Linux kernel tree containing the nftables modules is currently available in a different repository [4]. = Contact us / Make us questions = If you are a student willing to participate in GSoC 2018 and you're interested in any of our tasks, please subscribe to this mailing list: https://lists.netfilter.org/mailman/listinfo/gsoc2013 Subscribing to this mailing list requires approval from the administrator, so please be patient, we'll accept it asap. You can use this mailing list to ask your questions regarding Netfilter's task during the GSoC 2018. You can also drop a line to arturo@netfilter.org, please make sure you Cc gsoc2013@lists.netfilter.org in your questions since most likely what you ask and the reply you get will help others in the community too. = Applying to netfilter's GSoC = If you want to be selected, go start getting familiarized with the nftables software asap. Patches for the userspace library libnftnl, the command line utility nft and kernel patches will make you rank higher in the student selection process. No patches at all mean little chances to be selected. = References = [1] http://en.wikipedia.org/wiki/Nftables [2] http://www.netfilter.org/projects/iptables/index.html [3] http://workshop.netfilter.org/ [4] http://git.kernel.org/cgit/linux/kernel/git/pablo/nftables.git [5] http://wiki.nftables.org Author: Pablo Neira Ayuso Last update: 10:22 +01:00 23/Jan/2018 -EOF-