nftables weitgehend fertig
This commit is contained in:
parent
e852a06fbb
commit
1a199b912b
36
bericht/benchmarks/nft-ipt-drop-response.tex
Normal file
36
bericht/benchmarks/nft-ipt-drop-response.tex
Normal file
@ -0,0 +1,36 @@
|
|||||||
|
\documentclass{standalone}
|
||||||
|
|
||||||
|
\usepackage[utf8]{inputenc}
|
||||||
|
|
||||||
|
\usepackage{pgfplots}
|
||||||
|
\pgfplotsset{compat=1.3}
|
||||||
|
\usepgfplotslibrary{units}
|
||||||
|
\usepgfplotslibrary{dateplot}
|
||||||
|
\usepackage{tikz}
|
||||||
|
\usepackage{pgfplotstable}
|
||||||
|
\usepackage{csquotes}
|
||||||
|
\usepackage{float}
|
||||||
|
|
||||||
|
\begin{document}
|
||||||
|
|
||||||
|
\pgfplotstableread{nft/ipt-nft-simple-drop-response.txt}{\nftsimpledropresponse}
|
||||||
|
|
||||||
|
\begin{tikzpicture}
|
||||||
|
\begin{axis}[
|
||||||
|
yshift=-0.5cm,
|
||||||
|
xtick={10000,20000,30000,40000,50000,60000,70000,80000,90000,100000},
|
||||||
|
xmin=200, xmax=100000,
|
||||||
|
ymin=0,
|
||||||
|
xlabel={Anzahl der Firewall-Regeln}, ylabel={Antwortzeit [ms]},
|
||||||
|
tick label style={/pgf/number format/fixed,/pgf/number format/1000 sep = \thinspace},
|
||||||
|
width=15cm, height=10cm,
|
||||||
|
legend entries={iptables,nftables},
|
||||||
|
scaled ticks=false
|
||||||
|
]
|
||||||
|
\addplot[smooth,blue] table [x={rules}, y={ipt}] {\nftsimpledropresponse};
|
||||||
|
\addplot[smooth,red] table [x={rules}, y={nft}] {\nftsimpledropresponse};
|
||||||
|
\end{axis}
|
||||||
|
\end{tikzpicture}
|
||||||
|
|
||||||
|
|
||||||
|
\end{document}
|
36
bericht/benchmarks/nft-ipt-drop.tex
Normal file
36
bericht/benchmarks/nft-ipt-drop.tex
Normal file
@ -0,0 +1,36 @@
|
|||||||
|
\documentclass{standalone}
|
||||||
|
|
||||||
|
\usepackage[utf8]{inputenc}
|
||||||
|
|
||||||
|
\usepackage{pgfplots}
|
||||||
|
\pgfplotsset{compat=1.3}
|
||||||
|
\usepgfplotslibrary{units}
|
||||||
|
\usepgfplotslibrary{dateplot}
|
||||||
|
\usepackage{tikz}
|
||||||
|
\usepackage{pgfplotstable}
|
||||||
|
\usepackage{csquotes}
|
||||||
|
\usepackage{float}
|
||||||
|
|
||||||
|
\begin{document}
|
||||||
|
|
||||||
|
\pgfplotstableread{nft/ipt-nft-simple-drop.txt}{\nftsimpledrop}
|
||||||
|
|
||||||
|
\begin{tikzpicture}
|
||||||
|
\begin{axis}[
|
||||||
|
yshift=-0.5cm,
|
||||||
|
xtick={5000,10000,15000,20000,25000,30000},
|
||||||
|
xmin=200, xmax=30000,
|
||||||
|
ymin=0, ymode=log,
|
||||||
|
xlabel={Anzahl der Firewall-Regeln}, ylabel={PPS},
|
||||||
|
tick label style={/pgf/number format/fixed,/pgf/number format/1000 sep = \thinspace},
|
||||||
|
width=15cm, height=10cm,
|
||||||
|
legend entries={iptables,nftables},
|
||||||
|
scaled ticks=false
|
||||||
|
]
|
||||||
|
\addplot[smooth,blue] table [x={rules}, y={iptpps}] {\nftsimpledrop};
|
||||||
|
\addplot[smooth,red] table [x={rules}, y={nftpps}] {\nftsimpledrop};
|
||||||
|
\end{axis}
|
||||||
|
\end{tikzpicture}
|
||||||
|
|
||||||
|
|
||||||
|
\end{document}
|
106
bericht/benchmarks/nft-size-load-rate-recv.tex
Normal file
106
bericht/benchmarks/nft-size-load-rate-recv.tex
Normal file
@ -0,0 +1,106 @@
|
|||||||
|
\documentclass{standalone}
|
||||||
|
|
||||||
|
\usepackage[utf8]{inputenc}
|
||||||
|
|
||||||
|
\usepackage{pgfplots}
|
||||||
|
\pgfplotsset{compat=1.3}
|
||||||
|
\usepgfplotslibrary{units}
|
||||||
|
\usepgfplotslibrary{dateplot}
|
||||||
|
\usepackage{tikz}
|
||||||
|
\usepackage{pgfplotstable}
|
||||||
|
\usepackage{csquotes}
|
||||||
|
\usepackage{float}
|
||||||
|
|
||||||
|
\begin{document}
|
||||||
|
|
||||||
|
\pgfplotstableread{
|
||||||
|
size rate pps load
|
||||||
|
1500 982.38 81865 0.5
|
||||||
|
1450 981.1512 84582 0.7
|
||||||
|
1400 983.4272 87806 0.6
|
||||||
|
1350 981.936 90920 0.6
|
||||||
|
1300 979.9816 94229 0.8
|
||||||
|
1250 977.44 97744 0.5
|
||||||
|
1200 980.7936 102166 0.8
|
||||||
|
1150 978.5396 106363 0.7
|
||||||
|
1100 975.6472 110869 0.6
|
||||||
|
1050 972.3588 115757 0.9
|
||||||
|
1000 977.192 122149 0.8
|
||||||
|
950 974.0312 128162 0.8
|
||||||
|
900 970.6896 134818 1.0
|
||||||
|
850 965.4368 141976 0.9
|
||||||
|
800 970.8992 151703 1.0
|
||||||
|
750 966.756 161126 0.9
|
||||||
|
700 960.9544 171599 1.2
|
||||||
|
650 956.2592 183896 4.6
|
||||||
|
600 961.4736 200307 15.3
|
||||||
|
550 954.8088 217002 19.6
|
||||||
|
500 946.992 236748 23.7
|
||||||
|
450 928.7784 257994 25.1
|
||||||
|
400 823.2672 257271 25.3
|
||||||
|
350 722.5316 258047 25.4
|
||||||
|
300 615.1632 256318 25.5
|
||||||
|
250 492.206 246103 25.5
|
||||||
|
200 406.3824 253989 25.5
|
||||||
|
150 299.2116 249343 25.3
|
||||||
|
100 205.8888 257361 25.2
|
||||||
|
50 123.79728 257911 25.5
|
||||||
|
|
||||||
|
}\sizerateppsrecv
|
||||||
|
|
||||||
|
\begin{tikzpicture}
|
||||||
|
\pgfplotsset{
|
||||||
|
y axis style/.style={
|
||||||
|
yticklabel style=#1,
|
||||||
|
y axis line style=#1,
|
||||||
|
ylabel style=#1,
|
||||||
|
ytick style=#1
|
||||||
|
}
|
||||||
|
}
|
||||||
|
\begin{axis}[
|
||||||
|
width=15cm, height=10cm,
|
||||||
|
title=Empfänger,
|
||||||
|
xmin=1,
|
||||||
|
xmax=1500,
|
||||||
|
xlabel={Ethernet Frame-Größe},
|
||||||
|
xtick={100,300,500,700,900,1100,1300,1500},
|
||||||
|
ymin=0,ymax=1000,
|
||||||
|
axis y line*=left,
|
||||||
|
ylabel={Datenrate [MBit/s]},
|
||||||
|
y axis style=blue!75!black,
|
||||||
|
tick label style={/pgf/number format/fixed,/pgf/number format/1000 sep = \thinspace},
|
||||||
|
scaled ticks=false
|
||||||
|
]
|
||||||
|
\addplot[smooth,blue] table[x={size}, y={rate}] {\sizerateppsrecv};
|
||||||
|
\end{axis}
|
||||||
|
\begin{axis}[
|
||||||
|
width=15cm, height=10cm,
|
||||||
|
xmin=1,
|
||||||
|
xmax=1500,
|
||||||
|
axis x line=none,
|
||||||
|
ymin=0,ymax=500000,
|
||||||
|
ytick pos=right,
|
||||||
|
axis y line* = right,
|
||||||
|
ylabel={PPS},
|
||||||
|
ylabel near ticks,
|
||||||
|
ytick={100000,200000,300000,400000},
|
||||||
|
y axis style=red!75!black,
|
||||||
|
tick label style={/pgf/number format/fixed,/pgf/number format/1000 sep = \thinspace},
|
||||||
|
scaled ticks=false
|
||||||
|
]
|
||||||
|
\addplot[smooth,red] table[x={size}, y={pps}] {\sizerateppsrecv};
|
||||||
|
\end{axis}
|
||||||
|
\begin{axis}[
|
||||||
|
width=15cm, height=10cm,
|
||||||
|
xmin=1,
|
||||||
|
xmax=1500,
|
||||||
|
axis x line=none,
|
||||||
|
ymin=0,ymax=26,
|
||||||
|
axis y line=none,
|
||||||
|
]
|
||||||
|
\addplot[smooth,green] table[x={size}, y={load}] {\sizerateppsrecv};
|
||||||
|
\end{axis}
|
||||||
|
\end{tikzpicture}
|
||||||
|
|
||||||
|
|
||||||
|
\end{document}
|
95
bericht/benchmarks/nft-size-load-rate-send.tex
Normal file
95
bericht/benchmarks/nft-size-load-rate-send.tex
Normal file
@ -0,0 +1,95 @@
|
|||||||
|
\documentclass{standalone}
|
||||||
|
|
||||||
|
\usepackage[utf8]{inputenc}
|
||||||
|
|
||||||
|
\usepackage{pgfplots}
|
||||||
|
\pgfplotsset{compat=1.3}
|
||||||
|
\usepgfplotslibrary{units}
|
||||||
|
\usepgfplotslibrary{dateplot}
|
||||||
|
\usepackage{tikz}
|
||||||
|
\usepackage{pgfplotstable}
|
||||||
|
\usepackage{csquotes}
|
||||||
|
\usepackage{float}
|
||||||
|
|
||||||
|
\begin{document}
|
||||||
|
|
||||||
|
\pgfplotstableread{
|
||||||
|
size rate pps
|
||||||
|
1500 986.004 82167
|
||||||
|
1450 985.7216 84976
|
||||||
|
1400 984.7376 87923
|
||||||
|
1350 984.2904 91138
|
||||||
|
1300 983.4968 94567
|
||||||
|
1250 982.78 98278
|
||||||
|
1200 982.08 102300
|
||||||
|
1150 981.18 106650
|
||||||
|
1100 980.2496 111392
|
||||||
|
1050 979.2384 116576
|
||||||
|
1000 978.304 122288
|
||||||
|
950 977.36 128600
|
||||||
|
900 975.0024 135417
|
||||||
|
850 974.27 143275
|
||||||
|
800 972.5888 151967
|
||||||
|
750 970.572 161762
|
||||||
|
700 968.3856 172926
|
||||||
|
650 966.2328 185814
|
||||||
|
600 963.1056 200647
|
||||||
|
550 959.7588 218127
|
||||||
|
500 955.604 238901
|
||||||
|
450 951.588 264330
|
||||||
|
400 945.3248 295414
|
||||||
|
350 937.3336 334762
|
||||||
|
300 923.2584 384691
|
||||||
|
250 855.588 427794
|
||||||
|
200 662.5952 433335
|
||||||
|
150 527.3604 439467
|
||||||
|
100 354.96 443700
|
||||||
|
50 207.176 446500
|
||||||
|
}\sizeratepps
|
||||||
|
|
||||||
|
\begin{tikzpicture}
|
||||||
|
\pgfplotsset{
|
||||||
|
y axis style/.style={
|
||||||
|
yticklabel style=#1,
|
||||||
|
y axis line style=#1,
|
||||||
|
ylabel style=#1,
|
||||||
|
ytick style=#1
|
||||||
|
}
|
||||||
|
}
|
||||||
|
\begin{axis}[
|
||||||
|
width=15cm, height=10cm,
|
||||||
|
title=Sender,
|
||||||
|
xmin=1,
|
||||||
|
xmax=1500,
|
||||||
|
xlabel={Ethernet Frame-Größe},
|
||||||
|
xtick={100,300,500,700,900,1100,1300,1500},
|
||||||
|
ymin=0,ymax=1000,
|
||||||
|
axis y line*=left,
|
||||||
|
ylabel={Datenrate [MBit/s]},
|
||||||
|
y axis style=blue!75!black,
|
||||||
|
tick label style={/pgf/number format/fixed,/pgf/number format/1000 sep = \thinspace},
|
||||||
|
scaled ticks=false
|
||||||
|
]
|
||||||
|
\addplot[smooth,blue] table[x={size}, y={rate}] {\sizeratepps};
|
||||||
|
\end{axis}
|
||||||
|
\begin{axis}[
|
||||||
|
width=15cm, height=10cm,
|
||||||
|
xmin=1,
|
||||||
|
xmax=1500,
|
||||||
|
axis x line=none,
|
||||||
|
ymin=0,ymax=500000,
|
||||||
|
ytick pos=right,
|
||||||
|
axis y line* = right,
|
||||||
|
ylabel={PPS},
|
||||||
|
ylabel near ticks,
|
||||||
|
ytick={100000,200000,300000,400000},
|
||||||
|
y axis style=red!75!black,
|
||||||
|
tick label style={/pgf/number format/fixed,/pgf/number format/1000 sep = \thinspace},
|
||||||
|
scaled ticks=false
|
||||||
|
]
|
||||||
|
\addplot[smooth,red] table[x={size}, y={pps}] {\sizeratepps};
|
||||||
|
\end{axis}
|
||||||
|
\end{tikzpicture}
|
||||||
|
|
||||||
|
|
||||||
|
\end{document}
|
102
bericht/benchmarks/nft/ipt-nft-simple-drop-response.txt
Normal file
102
bericht/benchmarks/nft/ipt-nft-simple-drop-response.txt
Normal file
@ -0,0 +1,102 @@
|
|||||||
|
rules ipt nft
|
||||||
|
0 1.1179999999999999 0.93220000000000014
|
||||||
|
1000 0.91959999999999997 1.0016
|
||||||
|
2000 1.0592000000000001 0.88159999999999994
|
||||||
|
3000 1.2508000000000001 1.1870000000000001
|
||||||
|
4000 1.2505999999999999 1.2645999999999999
|
||||||
|
5000 1.1401999999999999 1.0672000000000001
|
||||||
|
6000 1.3677999999999999 1.2315999999999998
|
||||||
|
7000 1.4196000000000002 1.3560000000000001
|
||||||
|
8000 1.4826000000000001 1.1912
|
||||||
|
9000 1.274 1.2216
|
||||||
|
10000 1.4966000000000002 1.4909999999999999
|
||||||
|
11000 1.8840000000000003 1.5668
|
||||||
|
12000 1.4045999999999998 1.7600000000000002
|
||||||
|
13000 1.8855999999999997 1.73
|
||||||
|
14000 1.9919999999999998 1.6111999999999997
|
||||||
|
15000 2.3679999999999999 1.722
|
||||||
|
16000 2.1486000000000001 1.734
|
||||||
|
17000 1.998 1.7899999999999998
|
||||||
|
18000 2.4379999999999997 1.7719999999999998
|
||||||
|
19000 2.1299999999999999 1.7120000000000002
|
||||||
|
20000 1.7900000000000003 1.8879999999999999
|
||||||
|
21000 2.5439999999999996 2.222
|
||||||
|
22000 2.6060000000000003 2.028
|
||||||
|
23000 2.8420000000000001 2.1640000000000001
|
||||||
|
24000 3.2079999999999997 2.1179999999999999
|
||||||
|
25000 3.3480000000000003 1.9599999999999997
|
||||||
|
26000 3.7160000000000002 2.214
|
||||||
|
27000 3.6520000000000001 2.3459999999999996
|
||||||
|
28000 3.3820000000000001 2.6499999999999995
|
||||||
|
29000 3.5720000000000001 2.6759999999999997
|
||||||
|
30000 3.964 2.754
|
||||||
|
31000 3.9900000000000007 2.98
|
||||||
|
32000 3.9839999999999995 2.9319999999999999
|
||||||
|
33000 4.1880000000000006 2.6360000000000001
|
||||||
|
34000 4.3559999999999999 3.0600000000000001
|
||||||
|
35000 4.5819999999999999 2.9020000000000001
|
||||||
|
36000 4.6779999999999999 2.9560000000000004
|
||||||
|
37000 4.5739999999999998 3.2359999999999998
|
||||||
|
38000 4.5699999999999994 3.444
|
||||||
|
39000 5.2820000000000009 3.4400000000000004
|
||||||
|
40000 5.1300000000000008 3.2680000000000007
|
||||||
|
41000 5.2879999999999994 3.2379999999999995
|
||||||
|
42000 5.3339999999999987 3.6700000000000004
|
||||||
|
43000 5.7480000000000002 3.7399999999999998
|
||||||
|
44000 5.6019999999999994 3.8220000000000001
|
||||||
|
45000 5.5099999999999998 3.71
|
||||||
|
46000 5.8879999999999999 3.556
|
||||||
|
47000 5.8799999999999999 4.0839999999999996
|
||||||
|
48000 6.306 3.968
|
||||||
|
49000 6.403999999999999 4.0619999999999994
|
||||||
|
50000 6.3399999999999999 4.3499999999999996
|
||||||
|
51000 6.4219999999999997 4.2999999999999998
|
||||||
|
52000 7.0659999999999998 4.3239999999999998
|
||||||
|
53000 7.589999999999999 4.426
|
||||||
|
54000 7.0080000000000009 4.516
|
||||||
|
55000 6.9059999999999988 4.9399999999999995
|
||||||
|
56000 7.0980000000000008 4.5340000000000007
|
||||||
|
57000 7.1819999999999995 5.0220000000000002
|
||||||
|
58000 7.2739999999999991 4.8239999999999998
|
||||||
|
59000 7.2180000000000009 4.9580000000000002
|
||||||
|
60000 7.5760000000000005 5.1500000000000004
|
||||||
|
61000 7.7780000000000005 4.9560000000000004
|
||||||
|
62000 7.645999999999999 4.9599999999999991
|
||||||
|
63000 7.9139999999999988 5.4740000000000002
|
||||||
|
64000 7.7520000000000007 5.4260000000000002
|
||||||
|
65000 8.2720000000000002 5.4059999999999997
|
||||||
|
66000 8.4920000000000009 5.21
|
||||||
|
67000 8.6600000000000001 5.6319999999999997
|
||||||
|
68000 8.581999999999999 5.6080000000000005
|
||||||
|
69000 8.3739999999999988 5.7279999999999998
|
||||||
|
70000 8.6000000000000014 5.8259999999999996
|
||||||
|
71000 8.7960000000000012 5.6379999999999999
|
||||||
|
72000 8.8840000000000003 5.7739999999999991
|
||||||
|
73000 8.8940000000000001 5.8560000000000008
|
||||||
|
74000 8.7960000000000012 5.9119999999999999
|
||||||
|
75000 9.4499999999999993 5.7419999999999991
|
||||||
|
76000 9.2480000000000011 6.3260000000000005
|
||||||
|
77000 9.5719999999999992 6.3480000000000008
|
||||||
|
78000 9.3640000000000008 6.1659999999999995
|
||||||
|
79000 9.7859999999999978 6.379999999999999
|
||||||
|
80000 9.8760000000000012 6.5060000000000002
|
||||||
|
81000 10.013999999999999 6.3819999999999997
|
||||||
|
82000 9.9960000000000004 6.6119999999999992
|
||||||
|
83000 10.001999999999999 6.5900000000000007
|
||||||
|
84000 10.087999999999999 6.7380000000000013
|
||||||
|
85000 10.298 6.8420000000000005
|
||||||
|
86000 10.559999999999999 6.6540000000000008
|
||||||
|
87000 10.512 6.8639999999999999
|
||||||
|
88000 10.790000000000001 6.8180000000000005
|
||||||
|
89000 10.788 7.4459999999999997
|
||||||
|
90000 11.008000000000001 7.1599999999999993
|
||||||
|
91000 10.988 7.1319999999999997
|
||||||
|
92000 11.134 7.2919999999999998
|
||||||
|
93000 11.130000000000001 7.1659999999999995
|
||||||
|
94000 11.523999999999999 7.1139999999999999
|
||||||
|
95000 11.468 7.2280000000000015
|
||||||
|
96000 11.524000000000001 7.298
|
||||||
|
97000 11.498000000000001 7.7939999999999996
|
||||||
|
98000 11.728 7.596000000000001
|
||||||
|
99000 11.9 7.8160000000000007
|
||||||
|
100000 12.098000000000001 7.6139999999999999
|
@ -16,12 +16,13 @@
|
|||||||
|
|
||||||
\usepgfplotslibrary{units}
|
\usepgfplotslibrary{units}
|
||||||
\usepgfplotslibrary{dateplot}
|
\usepgfplotslibrary{dateplot}
|
||||||
\RequirePackage{mymacros}
|
|
||||||
\usepackage{tikz}
|
\usepackage{tikz}
|
||||||
\usepackage{pgfplotstable}
|
\usepackage{pgfplotstable}
|
||||||
\usepackage{csquotes}
|
\usepackage{csquotes}
|
||||||
\usepackage{float}
|
\usepackage{float}
|
||||||
|
|
||||||
|
\RequirePackage{mymacros}
|
||||||
|
|
||||||
\lstset{basicstyle=\footnotesize\ttfamily,breaklines=true,xleftmargin=1cm}
|
\lstset{basicstyle=\footnotesize\ttfamily,breaklines=true,xleftmargin=1cm}
|
||||||
|
|
||||||
% schönere Hyperlinkfarben
|
% schönere Hyperlinkfarben
|
||||||
|
BIN
bericht/bilder/nft-layout.png
Normal file
BIN
bericht/bilder/nft-layout.png
Normal file
Binary file not shown.
After Width: | Height: | Size: 29 KiB |
@ -19,164 +19,13 @@ Zur Überwachung der Messdaten (Datenrate und PPS) habe ich auf allen vier Netzw
|
|||||||
|
|
||||||
\paragraph{Testeinstellung} Zunächst habe ich die Datenrate und die PPS in Abhängigkeit der Ethernet Frame-Größe gemessen um festzustellen, mit welcher Paketgröße die Messungen am besten durchzuführen sind. \\ \\
|
\paragraph{Testeinstellung} Zunächst habe ich die Datenrate und die PPS in Abhängigkeit der Ethernet Frame-Größe gemessen um festzustellen, mit welcher Paketgröße die Messungen am besten durchzuführen sind. \\ \\
|
||||||
|
|
||||||
\pgfplotstableread{
|
\includegraphics{benchmarks/nft-size-load-rate-send.pdf}
|
||||||
size rate pps
|
|
||||||
1500 986.004 82167
|
|
||||||
1450 985.7216 84976
|
|
||||||
1400 984.7376 87923
|
|
||||||
1350 984.2904 91138
|
|
||||||
1300 983.4968 94567
|
|
||||||
1250 982.78 98278
|
|
||||||
1200 982.08 102300
|
|
||||||
1150 981.18 106650
|
|
||||||
1100 980.2496 111392
|
|
||||||
1050 979.2384 116576
|
|
||||||
1000 978.304 122288
|
|
||||||
950 977.36 128600
|
|
||||||
900 975.0024 135417
|
|
||||||
850 974.27 143275
|
|
||||||
800 972.5888 151967
|
|
||||||
750 970.572 161762
|
|
||||||
700 968.3856 172926
|
|
||||||
650 966.2328 185814
|
|
||||||
600 963.1056 200647
|
|
||||||
550 959.7588 218127
|
|
||||||
500 955.604 238901
|
|
||||||
450 951.588 264330
|
|
||||||
400 945.3248 295414
|
|
||||||
350 937.3336 334762
|
|
||||||
300 923.2584 384691
|
|
||||||
250 855.588 427794
|
|
||||||
200 662.5952 433335
|
|
||||||
150 527.3604 439467
|
|
||||||
100 354.96 443700
|
|
||||||
50 207.176 446500
|
|
||||||
}\sizeratepps
|
|
||||||
|
|
||||||
\begin{tikzpicture}
|
\vspace{0.5cm}
|
||||||
\pgfplotsset{
|
|
||||||
y axis style/.style={
|
|
||||||
yticklabel style=#1,
|
|
||||||
y axis line style=#1,
|
|
||||||
ylabel style=#1,
|
|
||||||
ytick style=#1
|
|
||||||
}
|
|
||||||
}
|
|
||||||
\begin{axis}[
|
|
||||||
width=15cm, height=10cm,
|
|
||||||
title=Sender,
|
|
||||||
xmin=1,
|
|
||||||
xmax=1500,
|
|
||||||
xlabel={Ethernet Frame-Größe},
|
|
||||||
xtick={100,300,500,700,900,1100,1300,1500},
|
|
||||||
ymin=0,
|
|
||||||
axis y line*=left,
|
|
||||||
ylabel={Datenrate [MBit/s]},
|
|
||||||
y axis style=blue!75!black,
|
|
||||||
tick label style={/pgf/number format/fixed,/pgf/number format/1000 sep = \thinspace},
|
|
||||||
scaled ticks=false
|
|
||||||
]
|
|
||||||
\addplot[smooth,blue] table[x={size}, y={rate}] {\sizeratepps};
|
|
||||||
\end{axis}
|
|
||||||
\begin{axis}[
|
|
||||||
width=15cm, height=10cm,
|
|
||||||
xmin=1,
|
|
||||||
xmax=1500,
|
|
||||||
axis x line=none,
|
|
||||||
ymin=0,ymax=500000,
|
|
||||||
ytick pos=right,
|
|
||||||
axis y line* = right,
|
|
||||||
ylabel={PPS},
|
|
||||||
ylabel near ticks,
|
|
||||||
ytick={100000,200000,300000,400000},
|
|
||||||
y axis style=red!75!black,
|
|
||||||
tick label style={/pgf/number format/fixed,/pgf/number format/1000 sep = \thinspace},
|
|
||||||
scaled ticks=false
|
|
||||||
]
|
|
||||||
\addplot[smooth,red] table[x={size}, y={pps}] {\sizeratepps};
|
|
||||||
\end{axis}
|
|
||||||
\end{tikzpicture}
|
|
||||||
|
|
||||||
\vspace{1cm}
|
\includegraphics{benchmarks/nft-size-load-rate-recv.pdf}
|
||||||
|
|
||||||
\pgfplotstableread{
|
Beim Sender betrug die Prozessor-Last dauerhaft 100 \%, für den Empfänger ist die CPU-Last zusätzlich grün eingetragen.
|
||||||
size rate pps
|
|
||||||
1500 982.38 81865
|
|
||||||
1450 981.1512 84582
|
|
||||||
1400 983.4272 87806
|
|
||||||
1350 981.936 90920
|
|
||||||
1300 979.9816 94229
|
|
||||||
1250 977.44 97744
|
|
||||||
1200 980.7936 102166
|
|
||||||
1150 978.5396 106363
|
|
||||||
1100 975.6472 110869
|
|
||||||
1050 972.3588 115757
|
|
||||||
1000 977.192 122149
|
|
||||||
950 974.0312 128162
|
|
||||||
900 970.6896 134818
|
|
||||||
850 965.4368 141976
|
|
||||||
800 970.8992 151703
|
|
||||||
750 966.756 161126
|
|
||||||
700 960.9544 171599
|
|
||||||
650 956.2592 183896
|
|
||||||
600 961.4736 200307
|
|
||||||
550 954.8088 217002
|
|
||||||
500 946.992 236748
|
|
||||||
450 928.7784 257994
|
|
||||||
400 823.2672 257271
|
|
||||||
350 722.5316 258047
|
|
||||||
300 615.1632 256318
|
|
||||||
250 492.206 246103
|
|
||||||
200 406.3824 253989
|
|
||||||
150 299.2116 249343
|
|
||||||
100 205.8888 257361
|
|
||||||
50 123.79728 257911
|
|
||||||
|
|
||||||
}\sizerateppsrecv
|
|
||||||
|
|
||||||
\begin{tikzpicture}
|
|
||||||
\pgfplotsset{
|
|
||||||
y axis style/.style={
|
|
||||||
yticklabel style=#1,
|
|
||||||
y axis line style=#1,
|
|
||||||
ylabel style=#1,
|
|
||||||
ytick style=#1
|
|
||||||
}
|
|
||||||
}
|
|
||||||
\begin{axis}[
|
|
||||||
width=15cm, height=10cm,
|
|
||||||
title=Empfänger,
|
|
||||||
xmin=1,
|
|
||||||
xmax=1500,
|
|
||||||
xlabel={Ethernet Frame-Größe},
|
|
||||||
xtick={100,300,500,700,900,1100,1300,1500},
|
|
||||||
ymin=0,
|
|
||||||
axis y line*=left,
|
|
||||||
ylabel={Datenrate [MBit/s]},
|
|
||||||
y axis style=blue!75!black,
|
|
||||||
tick label style={/pgf/number format/fixed,/pgf/number format/1000 sep = \thinspace},
|
|
||||||
scaled ticks=false
|
|
||||||
]
|
|
||||||
\addplot[smooth,blue] table[x={size}, y={rate}] {\sizerateppsrecv};
|
|
||||||
\end{axis}
|
|
||||||
\begin{axis}[
|
|
||||||
width=15cm, height=10cm,
|
|
||||||
xmin=1,
|
|
||||||
xmax=1500,
|
|
||||||
axis x line=none,
|
|
||||||
ymin=0,ymax=500000,
|
|
||||||
ytick pos=right,
|
|
||||||
axis y line* = right,
|
|
||||||
ylabel={PPS},
|
|
||||||
ylabel near ticks,
|
|
||||||
ytick={100000,200000,300000,400000},
|
|
||||||
y axis style=red!75!black,
|
|
||||||
tick label style={/pgf/number format/fixed,/pgf/number format/1000 sep = \thinspace},
|
|
||||||
scaled ticks=false
|
|
||||||
]
|
|
||||||
\addplot[smooth,red] table[x={size}, y={pps}] {\sizerateppsrecv};
|
|
||||||
\end{axis}
|
|
||||||
\end{tikzpicture}
|
|
||||||
|
|
||||||
\pagebreak
|
\pagebreak
|
||||||
|
|
||||||
@ -196,43 +45,6 @@ Letztendlich habe ich dazu entschieden, auf der Empfängerseite mit \texttt{ipta
|
|||||||
|
|
||||||
\paragraph{Einfache Drop-Regeln} Für den nachfolgenden Benchmark habe ich entsprechend viele Regeln generieren lassen, die besagen, dass von (zufällig gewählten) IP-Adressen alle Pakete gedropt werden sollen. \\
|
\paragraph{Einfache Drop-Regeln} Für den nachfolgenden Benchmark habe ich entsprechend viele Regeln generieren lassen, die besagen, dass von (zufällig gewählten) IP-Adressen alle Pakete gedropt werden sollen. \\
|
||||||
|
|
||||||
\pgfplotstableread{benchmarks/nft/ipt-nft-simple-drop.txt}{\nftsimpledrop}
|
\includegraphics{benchmarks/nft-ipt-drop.pdf}
|
||||||
|
|
||||||
\begin{minipage}{\textwidth}
|
|
||||||
\flushright
|
|
||||||
\begin{tikzpicture}
|
|
||||||
\begin{axis}[
|
|
||||||
name=plot1,
|
|
||||||
xtick={5000,10000,15000,20000,25000,30000},
|
|
||||||
xmin=200, xmax=30000,
|
|
||||||
ymin=0,
|
|
||||||
xlabel={Anzahl der Firewall-Regeln}, ylabel={Datenrate [MBit/s]},
|
|
||||||
tick label style={/pgf/number format/fixed,/pgf/number format/1000 sep = \thinspace},
|
|
||||||
width=15cm, height=10cm,
|
|
||||||
legend entries={iptables,nftables},
|
|
||||||
scaled ticks=false
|
|
||||||
]
|
|
||||||
\addplot[smooth,blue] table [x={rules}, y={iptrate}] {\nftsimpledrop};
|
|
||||||
\addplot[smooth,red] table [x={rules}, y={nftrate}] {\nftsimpledrop};
|
|
||||||
\end{axis}
|
|
||||||
|
|
||||||
\begin{axis}[
|
|
||||||
name=plot2,
|
|
||||||
at=(plot1.below south), anchor=above north,
|
|
||||||
yshift=-0.5cm,
|
|
||||||
xtick={5000,10000,15000,20000,25000,30000},
|
|
||||||
xmin=200, xmax=30000,
|
|
||||||
ymin=0,
|
|
||||||
xlabel={Anzahl der Firewall-Regeln}, ylabel={PPS},
|
|
||||||
tick label style={/pgf/number format/fixed,/pgf/number format/1000 sep = \thinspace},
|
|
||||||
width=15cm, height=10cm,
|
|
||||||
legend entries={iptables,nftables},
|
|
||||||
scaled ticks=false
|
|
||||||
]
|
|
||||||
\addplot[smooth,blue] table [x={rules}, y={iptpps}] {\nftsimpledrop};
|
|
||||||
\addplot[smooth,red] table [x={rules}, y={nftpps}] {\nftsimpledrop};
|
|
||||||
\end{axis}
|
|
||||||
\end{tikzpicture}
|
|
||||||
\end{minipage} \\
|
|
||||||
|
|
||||||
Die Datenrate und die Anzahl an PPS liegen initial bei den bereits zuvor gemessenen ca. 980 MBit/s und 250000 Paketen pro Sekunde. Jedoch bricht die Leistungsfähigkeit bei beiden Firewall-Lösungen schnell erheblich ein. So kann \texttt{iptables} bei 5000 Regeln nur noch ca. 100 MBit/s bei 28000 Paketen verarbeiten, \texttt{nftables} schafft hier nur ca. 50 MBit/s bei 14000 Paketen.
|
Die Datenrate und die Anzahl an PPS liegen initial bei den bereits zuvor gemessenen ca. 980 MBit/s und 250000 Paketen pro Sekunde. Jedoch bricht die Leistungsfähigkeit bei beiden Firewall-Lösungen schnell erheblich ein. So kann \texttt{iptables} bei 5000 Regeln nur noch ca. 100 MBit/s bei 28000 Paketen verarbeiten, \texttt{nftables} schafft hier nur ca. 50 MBit/s bei 14000 Paketen.
|
BIN
nftables/Präsentation/Latex/lctp_prensentation.pdf
Normal file
BIN
nftables/Präsentation/Latex/lctp_prensentation.pdf
Normal file
Binary file not shown.
333
nftables/Präsentation/Latex/lctp_prensentation.tex
Normal file
333
nftables/Präsentation/Latex/lctp_prensentation.tex
Normal file
@ -0,0 +1,333 @@
|
|||||||
|
\documentclass[10pt]{beamer}
|
||||||
|
|
||||||
|
%\usepackage[utf8x]{inputenc}
|
||||||
|
\usepackage{ngerman}
|
||||||
|
\usepackage[ngerman]{babel}
|
||||||
|
\usepackage{amsmath}
|
||||||
|
\usepackage{bbm}
|
||||||
|
|
||||||
|
\usepackage{tabularx}
|
||||||
|
\usepackage{graphicx}
|
||||||
|
\usepackage{subfigure}
|
||||||
|
\usepackage{url}
|
||||||
|
%\usepackage{hyperref}
|
||||||
|
\usepackage{eurosym}
|
||||||
|
\usepackage{listings}
|
||||||
|
|
||||||
|
\usepackage{multirow}
|
||||||
|
\usepackage{colortbl}
|
||||||
|
\usepackage{booktabs}
|
||||||
|
\usepackage{setspace}
|
||||||
|
|
||||||
|
\usepackage[utf8]{inputenc}
|
||||||
|
|
||||||
|
\input{theme/theme}
|
||||||
|
|
||||||
|
\title{Linux Cluster in Theorie und Praxis}
|
||||||
|
\subtitle{\texttt{iptables} und \texttt{nftables}}
|
||||||
|
\author{Alfred Krohmer}
|
||||||
|
\date{4. März 2014}
|
||||||
|
\institute[ZIH TUD]{Zentrum für Informationsdienste und Hochleistungsrechnen -- TU Dresden}
|
||||||
|
%\room{INF 1046}
|
||||||
|
\address{Nöthnitzer Straße 46}
|
||||||
|
\city{01189 Dresden}
|
||||||
|
%\phone{+49 0351 - 463 38783}
|
||||||
|
\email{s4039299@mail.zih.tu-dresden.de}
|
||||||
|
|
||||||
|
\setbeamercovered{transparent}
|
||||||
|
\begin{document}
|
||||||
|
|
||||||
|
\zihmaketitle
|
||||||
|
|
||||||
|
\begin{frame}
|
||||||
|
\frametitle{Inhalt}
|
||||||
|
\tableofcontents
|
||||||
|
\end{frame}
|
||||||
|
|
||||||
|
|
||||||
|
\section{Einführung}
|
||||||
|
|
||||||
|
\begin{frame}
|
||||||
|
\frametitle{Einführung}
|
||||||
|
|
||||||
|
Zielstellungen bei der Entwicklung bei \texttt{nftables}
|
||||||
|
\begin{itemize}
|
||||||
|
\item Vereinfachung der Kernel-ABI
|
||||||
|
\item Vermeidung von Code-Redundanz
|
||||||
|
\item effizientere Abarbeitung der Regeln
|
||||||
|
\item bessere Fehlermeldungen
|
||||||
|
\end{itemize}
|
||||||
|
|
||||||
|
\end{frame}
|
||||||
|
|
||||||
|
|
||||||
|
\section{Rückblick / bisherige Firewall-Lösungen}
|
||||||
|
|
||||||
|
\begin{frame}
|
||||||
|
\frametitle{Rückblick / bisherige Firewall-Lösungen}
|
||||||
|
|
||||||
|
\begin{itemize}
|
||||||
|
\item 1994: ipfw
|
||||||
|
\item 1996: ipfwadm
|
||||||
|
\item 1999: ipchains
|
||||||
|
\item 2000: iptables
|
||||||
|
\item \textbf{2014: nftables}
|
||||||
|
\end{itemize}
|
||||||
|
|
||||||
|
\end{frame}
|
||||||
|
|
||||||
|
|
||||||
|
\section{Funktionsweise iptables vs. nftables}
|
||||||
|
|
||||||
|
\begin{frame}
|
||||||
|
\frametitle{Funktionsweise iptables vs. nftables}
|
||||||
|
|
||||||
|
iptables:
|
||||||
|
\begin{itemize}
|
||||||
|
\item nur für IPv4
|
||||||
|
\item andere Tools für andere Protokolle:
|
||||||
|
\begin{itemize}
|
||||||
|
\item ip6tables
|
||||||
|
\item arptables
|
||||||
|
\item ebtables
|
||||||
|
\end{itemize}
|
||||||
|
\item für jedes Protokoll eine eigenständige Implementierung im Kernel
|
||||||
|
\item Code für jedes Protokoll sehr spezifisch
|
||||||
|
\begin{itemize}
|
||||||
|
\item viel replizierter Code
|
||||||
|
\item hohe Performance
|
||||||
|
\end{itemize}
|
||||||
|
\end{itemize}
|
||||||
|
|
||||||
|
\end{frame}
|
||||||
|
|
||||||
|
\begin{frame}
|
||||||
|
\frametitle{Funktionsweise iptables vs. nftables}
|
||||||
|
\begin{center}
|
||||||
|
\includegraphics[width=10cm]{../iptables.png}
|
||||||
|
\end{center}
|
||||||
|
\end{frame}
|
||||||
|
|
||||||
|
\begin{frame}
|
||||||
|
\frametitle{Funktionsweise iptables vs. nftables}
|
||||||
|
|
||||||
|
nftables:
|
||||||
|
\begin{itemize}
|
||||||
|
\item ein Tool für alle Protokolle \\
|
||||||
|
(IPv4, IPv6, Ethernet-Bridging, ARP)
|
||||||
|
\item inheitliche Schnittstelle zum Kernel
|
||||||
|
\item Implementierung als kleine virtuelle Maschine im Kernel
|
||||||
|
\item Regeln werden im Userspace zu Byte-Code kompiliert
|
||||||
|
\item Byte-Code kann auf Feldern und Bits der Pakete Operationen ausführen:
|
||||||
|
\begin{itemize}
|
||||||
|
\item vergleichen (matching) $\rightarrow$ bedingte Sprünge
|
||||||
|
\item arithmetische und logische Operationen
|
||||||
|
\item beliebige Änderungen am Paketinhalt
|
||||||
|
\end{itemize}
|
||||||
|
\item atomares Ersetzen von Regeln über Netlink-Transaktionen
|
||||||
|
\item funktioniert mit bisher verfügbaren Tools noch nicht effektiv
|
||||||
|
\end{itemize}
|
||||||
|
|
||||||
|
\end{frame}
|
||||||
|
|
||||||
|
\begin{frame}
|
||||||
|
\frametitle{Funktionsweise iptables vs. nftables}
|
||||||
|
\begin{center}
|
||||||
|
\includegraphics[width=8cm]{../nftables.jpg}
|
||||||
|
\end{center}
|
||||||
|
\end{frame}
|
||||||
|
|
||||||
|
\lstset{
|
||||||
|
basicstyle=\ttfamily\small
|
||||||
|
}
|
||||||
|
|
||||||
|
\begin{frame}[fragile]
|
||||||
|
\frametitle{Funktionsweise iptables vs. nftables}
|
||||||
|
\begin{itemize}
|
||||||
|
\item \hspace{0.3cm}
|
||||||
|
\begin{minipage}{.45\linewidth}%
|
||||||
|
\begin{lstlisting}
|
||||||
|
payload load 4 offset network header + 16 => reg 1
|
||||||
|
compare reg 1 192.168.0.1
|
||||||
|
\end{lstlisting}
|
||||||
|
\end{minipage}
|
||||||
|
|
||||||
|
\item \hspace{0.3cm}
|
||||||
|
\begin{minipage}{.45\linewidth}%
|
||||||
|
\begin{lstlisting}
|
||||||
|
payload load 4 offset network header + 16 => reg 1
|
||||||
|
set lookup reg 1 load result in verdict register
|
||||||
|
{ "192.168.0.1" : jump chain1,
|
||||||
|
"192.168.0.2" : drop,
|
||||||
|
"192.168.0.3" : jump chain2 }
|
||||||
|
\end{lstlisting}
|
||||||
|
\end{minipage}
|
||||||
|
\end{itemize}
|
||||||
|
\end{frame}
|
||||||
|
|
||||||
|
|
||||||
|
\section{Syntax und Tools}
|
||||||
|
|
||||||
|
\begin{frame}
|
||||||
|
\frametitle{Funktionsweise iptables vs. nftables}
|
||||||
|
|
||||||
|
iptables:
|
||||||
|
\begin{itemize}
|
||||||
|
\item iptables -A INPUT -p tcp --dport 22 -j LOG
|
||||||
|
\item iptables -A INPUT -p tcp --dport 22 -j DROP
|
||||||
|
\end{itemize}
|
||||||
|
|
||||||
|
\end{frame}
|
||||||
|
|
||||||
|
\begin{frame}[fragile]
|
||||||
|
\frametitle{Funktionsweise iptables vs. nftables}
|
||||||
|
|
||||||
|
nftables: nft
|
||||||
|
\begin{itemize}
|
||||||
|
\item nft add table filter
|
||||||
|
\item nft add chain filter input "\{ type filter hook input priority 0; \}" \\ \vspace{0.3cm}
|
||||||
|
\item nft add rule filter input \
|
||||||
|
tcp dport 22 log drop \\ \vspace{0.3cm}
|
||||||
|
|
||||||
|
\item als Script: \\
|
||||||
|
\begin{minipage}{.45\linewidth}%
|
||||||
|
\begin{lstlisting}
|
||||||
|
#!/usr/bin/nft -f
|
||||||
|
table filter {
|
||||||
|
chain input {
|
||||||
|
type filter hook input priority 0;
|
||||||
|
ip protocol tcp dport 22 drop log
|
||||||
|
}
|
||||||
|
\end{lstlisting}
|
||||||
|
\end{minipage}
|
||||||
|
|
||||||
|
\item nft bisher noch kaum in Linux-Distributionen verfügbar
|
||||||
|
\item in Arch Linux bisher nur im AUR verfügbar
|
||||||
|
|
||||||
|
\end{itemize}
|
||||||
|
|
||||||
|
\end{frame}
|
||||||
|
|
||||||
|
|
||||||
|
\section{Performance-Vergleich}
|
||||||
|
|
||||||
|
\begin{frame}
|
||||||
|
\frametitle{Performance-Vergleich}
|
||||||
|
|
||||||
|
Testaufbau:
|
||||||
|
\begin{center}
|
||||||
|
\includegraphics[width=10cm]{../../../bericht/bilder/nft-layout.pdf}
|
||||||
|
\end{center}
|
||||||
|
|
||||||
|
\end{frame}
|
||||||
|
|
||||||
|
\begin{frame}
|
||||||
|
\frametitle{Performance-Vergleich}
|
||||||
|
|
||||||
|
\begin{itemize}
|
||||||
|
\item Hardware:
|
||||||
|
\begin{itemize}
|
||||||
|
\item Sender / Empfänger:
|
||||||
|
\begin{itemize}
|
||||||
|
\item Intel Atom 330 (1,6 GHz)
|
||||||
|
\item NVIDIA MCP79 Ethernet Controller
|
||||||
|
\item 2 GB RAM
|
||||||
|
\end{itemize}
|
||||||
|
\item Firewall:
|
||||||
|
\begin{itemize}
|
||||||
|
\item Intel Core 2 Duo E6750 (2,6 GHz)
|
||||||
|
\item Intel 82572EI und 82566DM-2 Ethernet Controller
|
||||||
|
\item 2 GB RAM
|
||||||
|
\end{itemize}
|
||||||
|
\end{itemize}
|
||||||
|
|
||||||
|
\item Software:
|
||||||
|
\begin{itemize}
|
||||||
|
\item Paket-Generator: pktgen
|
||||||
|
\item Netzwerk-Monitor: ifpps (aus netsniff-ng)
|
||||||
|
\end{itemize}
|
||||||
|
|
||||||
|
\item Testablauf:
|
||||||
|
\begin{itemize}
|
||||||
|
\item zotac3 sendet Pakete über zotac-firewall an zotac4
|
||||||
|
\item Firewall hat entsprechend viele Regeln
|
||||||
|
\item Empfänger verwirft Pakete noch im iptables-Stack
|
||||||
|
\end{itemize}
|
||||||
|
\end{itemize}
|
||||||
|
|
||||||
|
\end{frame}
|
||||||
|
|
||||||
|
|
||||||
|
\begin{frame}
|
||||||
|
\frametitle{Performance-Vergleich}
|
||||||
|
\begin{center}
|
||||||
|
\includegraphics[width=11cm]{../../../bericht/benchmarks/nft-size-load-rate-send.pdf}
|
||||||
|
\end{center}
|
||||||
|
\end{frame}
|
||||||
|
|
||||||
|
|
||||||
|
\begin{frame}
|
||||||
|
\frametitle{Performance-Vergleich}
|
||||||
|
\begin{center}
|
||||||
|
\includegraphics[width=11cm]{../../../bericht/benchmarks/nft-size-load-rate-recv.pdf}
|
||||||
|
\end{center}
|
||||||
|
\end{frame}
|
||||||
|
|
||||||
|
|
||||||
|
\begin{frame}
|
||||||
|
\frametitle{Performance-Vergleich}
|
||||||
|
\begin{center}
|
||||||
|
\includegraphics[width=11cm]{../../../bericht/benchmarks/nft-ipt-drop.pdf}
|
||||||
|
\end{center}
|
||||||
|
\end{frame}
|
||||||
|
|
||||||
|
|
||||||
|
\begin{frame}
|
||||||
|
\frametitle{Performance-Vergleich}
|
||||||
|
\begin{center}
|
||||||
|
\includegraphics[width=11cm]{../../../bericht/benchmarks/nft-ipt-drop-response.pdf}
|
||||||
|
\end{center}
|
||||||
|
\end{frame}
|
||||||
|
|
||||||
|
\section{Schlussfolgerung}
|
||||||
|
|
||||||
|
\begin{frame}
|
||||||
|
\frametitle{Schlussfolgerung}
|
||||||
|
|
||||||
|
\begin{itemize}
|
||||||
|
\item iptables bezüglich Durchsatz noch überlegen, bei sehr vielen Regeln etwa gleich bzw. etwas schlechter als nftables
|
||||||
|
\item nftables skaliert bezüglich Antwortzeit besser
|
||||||
|
\item Vorteile nftables:
|
||||||
|
\begin{itemize}
|
||||||
|
\item Konzept mit virtueller Maschine mächtig
|
||||||
|
\item leichte Erweiterbarkeit
|
||||||
|
\end{itemize}
|
||||||
|
\item aber:
|
||||||
|
\begin{itemize}
|
||||||
|
\item momentan bei mittlerer Regelanzahl noch wesentlich schlechter performant als iptables
|
||||||
|
\item bisher so gut wie keine Dokumentation verfügbar
|
||||||
|
\end{itemize}
|
||||||
|
\end{itemize}
|
||||||
|
|
||||||
|
\end{frame}
|
||||||
|
|
||||||
|
\section{Quellen}
|
||||||
|
|
||||||
|
\begin{frame}
|
||||||
|
\frametitle{Quellen}
|
||||||
|
|
||||||
|
\begin{itemize}
|
||||||
|
\item Projekt-Website von nftables: \\
|
||||||
|
\url{http://netfilter.org/projects/nftables/}
|
||||||
|
\item Tutorial von Eric Leblond:
|
||||||
|
\url{https://home.regit.org/netfilter-en/nftables-quick-howto/}
|
||||||
|
\item nftables Wiki: \\
|
||||||
|
\url{http://wiki.nftables.org/wiki-nftables/}
|
||||||
|
\item Wikipedia-Artikel: \\
|
||||||
|
\url{http://en.wikipedia.org/wiki/Nftables}
|
||||||
|
\end{itemize}
|
||||||
|
|
||||||
|
\end{frame}
|
||||||
|
|
||||||
|
|
||||||
|
\end{document}
|
74
nftables/Präsentation/Latex/theme/beamerinnerthemezih01.sty
Normal file
74
nftables/Präsentation/Latex/theme/beamerinnerthemezih01.sty
Normal file
@ -0,0 +1,74 @@
|
|||||||
|
\DeclareOptionBeamer{shadow}[true]{\def\beamer@themerounded@shadow{#1}}
|
||||||
|
\ExecuteOptionsBeamer{shadow=false}
|
||||||
|
\ProcessOptionsBeamer
|
||||||
|
|
||||||
|
\mode<presentation>
|
||||||
|
|
||||||
|
\newlength{\dings}\setlength{\dings}{7.2mm}
|
||||||
|
|
||||||
|
%%% set variales for author details
|
||||||
|
\newcommand{\room}[1]{\def\ROOM{#1}}
|
||||||
|
\newcommand{\address}[1]{\def\ADR{#1}}
|
||||||
|
\newcommand{\city}[1]{\def\CITY{#1}}
|
||||||
|
\newcommand{\phone}[1]{\def\PHONE{#1}}
|
||||||
|
\newcommand{\email}[1]{\def\EMAIL{#1}}
|
||||||
|
%%% command to insert author details
|
||||||
|
\newcommand{\insertauthordetails}{\ADR\\\CITY}
|
||||||
|
\newcommand{\insertemail}{\usebeamercolor[fg]{titlepage}E-Mail:
|
||||||
|
\href{mailto:\EMAIL}{\EMAIL}}
|
||||||
|
%\newcommand{\insertphone}{\usebeamercolor[fg]{titlepage}Telefon: \PHONE}
|
||||||
|
|
||||||
|
\setbeamertemplate{blocks}[rounded][shadow=\beamer@themerounded@shadow]
|
||||||
|
\setbeamertemplate{items}[ball]
|
||||||
|
\setbeamertemplate{sections/subsections in toc}[ball]
|
||||||
|
\setbeamertemplate{part page}[default][colsep=-4bp,rounded=true,shadow=\beamer@themerounded@shadow]
|
||||||
|
|
||||||
|
%\definecolor{darkblue}{rgb}{0.04, 0.16, 0.32}
|
||||||
|
|
||||||
|
\defbeamertemplate*{title page}{zih}[1][]
|
||||||
|
{
|
||||||
|
\definecolor{zihorange}{rgb}{0.898, 0.420, 0.125}
|
||||||
|
\setbeamercolor{title}{fg=zihorange}
|
||||||
|
\setbeamercolor{subtitle}{fg=zihorange}
|
||||||
|
\setbeamercolor{titlepage}{fg=white}
|
||||||
|
\vbox{}
|
||||||
|
\vfill
|
||||||
|
\begin{centering}
|
||||||
|
|
||||||
|
\vspace{22mm}%
|
||||||
|
|
||||||
|
\parbox{\textwidth}{%for positioning title,subtitle and date
|
||||||
|
\begin{centering}
|
||||||
|
{\LARGE\usebeamercolor[fg]{title}\inserttitle\par}%
|
||||||
|
\ifx\insertsubtitle\@empty%
|
||||||
|
\else%
|
||||||
|
\vspace{5mm}%
|
||||||
|
{\itshape\usebeamercolor[fg]{subtitle}\insertsubtitle\par}%
|
||||||
|
\fi%
|
||||||
|
\vspace{3mm}%
|
||||||
|
\usebeamercolor[fg]{titlepage}\insertauthor\\
|
||||||
|
\vspace{2mm}%
|
||||||
|
\scriptsize\usebeamercolor[fg]{titlepage}\insertdate\\
|
||||||
|
\end{centering}
|
||||||
|
}%
|
||||||
|
|
||||||
|
\vspace{3mm}
|
||||||
|
\includegraphics[height=0.2\textheight]{theme/logo/LCTP-logo}%
|
||||||
|
|
||||||
|
\end{centering}%
|
||||||
|
|
||||||
|
\vspace{13mm}
|
||||||
|
\parbox{0.7\textwidth}{%positioning author information
|
||||||
|
\footnotesize\usebeamercolor[fg]{titlepage}
|
||||||
|
%\insertauthordetails \\
|
||||||
|
%\vspace{-1mm}\\
|
||||||
|
%\insertphone\\
|
||||||
|
\insertemail
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
\setbeamertemplate{title page}[zih][colsep=-4bp,rounded=true,shadow=\beamer@themerounded@shadow]
|
||||||
|
|
||||||
|
\mode<all>
|
139
nftables/Präsentation/Latex/theme/beamerouterthemezih01.sty
Normal file
139
nftables/Präsentation/Latex/theme/beamerouterthemezih01.sty
Normal file
@ -0,0 +1,139 @@
|
|||||||
|
%
|
||||||
|
% A Beamer Theme Which Looks A Bit Like ZIH Presentation Template
|
||||||
|
%
|
||||||
|
% Matthias.Lieber@tu-dresden.de
|
||||||
|
%
|
||||||
|
|
||||||
|
%
|
||||||
|
% Setup stuff:
|
||||||
|
%
|
||||||
|
|
||||||
|
\definecolor{darkblue}{rgb}{0.04, 0.16, 0.32}
|
||||||
|
|
||||||
|
% color for footer and navigation header (if activated, see below)
|
||||||
|
\setbeamercolor*{palette primary}{fg=black,bg=white}
|
||||||
|
|
||||||
|
% color for subsection navigation (if activated, see below)
|
||||||
|
\setbeamercolor*{palette secondary}{fg=white,bg=darkblue}
|
||||||
|
|
||||||
|
% Add the typical beamer navigation stuff in the head?
|
||||||
|
\newif\ifbeamer@theme@navigation
|
||||||
|
\beamer@theme@navigationfalse
|
||||||
|
%\beamer@theme@navigationtrue
|
||||||
|
|
||||||
|
% Include subsection names in the head navigation?
|
||||||
|
\newif\ifbeamer@theme@subsection
|
||||||
|
\beamer@theme@subsectionfalse
|
||||||
|
%\beamer@theme@subsectiontrue
|
||||||
|
|
||||||
|
% define left and right logo
|
||||||
|
\pgfdeclareimage[width=5.2em,interpolate=true]{logo-l}{theme/logo/tu_logo}
|
||||||
|
\pgfdeclareimage[width=5.2em,interpolate=true]{logo-r}{theme/logo/zih_logo_ml}
|
||||||
|
|
||||||
|
% we use tikz for the color gradient
|
||||||
|
\usepackage{tikz}
|
||||||
|
|
||||||
|
\setbeamercolor{subsection in head/foot}{parent=palette secondary}
|
||||||
|
\setbeamercolor{section in head/foot}{parent=palette primary}
|
||||||
|
\setbeamercolor{author in head/foot}{parent=palette primary}
|
||||||
|
|
||||||
|
|
||||||
|
\definecolor{zihorange}{rgb}{0.898, 0.420, 0.125}
|
||||||
|
|
||||||
|
|
||||||
|
\defbeamertemplate*{footline}{zih01 theme}
|
||||||
|
{%
|
||||||
|
\begin{beamercolorbox}[colsep=1.5pt]{lower separation line head}
|
||||||
|
\hfill\rule{0cm}{0.7cm}
|
||||||
|
\end{beamercolorbox}
|
||||||
|
% fancy color gradient, see
|
||||||
|
% /usr/share/texmf/doc/generic/pgf/version-for-pdftex/en/pgfmanual.pdf
|
||||||
|
\begin{tikzpicture}[x=\paperwidth,y=0.5pt]
|
||||||
|
\shade[left color=white,right color=white] (0.0,0) rectangle (0.2,1);
|
||||||
|
\shade[left color=darkblue,right color=zihorange] (0.2,0) rectangle (0.8,1);
|
||||||
|
% \shade[left color=zihorange,right color=zihorange] (0.819,0) rectangle
|
||||||
|
% (0.978,1);
|
||||||
|
\end{tikzpicture}
|
||||||
|
% logo, page number, yet anoter logo
|
||||||
|
\begin{beamercolorbox}[ht=2.5ex,dp=1.125ex,leftskip=.3cm,rightskip=.3cm plus1fil]{author in head/foot}%
|
||||||
|
\pgfuseimage{logo-l}
|
||||||
|
\hfill%
|
||||||
|
%\leavevmode{\usebeamerfont{author in head/foot}\insertshortauthor}%
|
||||||
|
\leavevmode{\usebeamerfont{author in head/foot}\insertframenumber/\inserttotalframenumber}%
|
||||||
|
\hfill%
|
||||||
|
\pgfuseimage{logo-r}
|
||||||
|
\end{beamercolorbox}%
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
\DeclareOptionBeamer{footline}{\csname beamer@theme@footline@#1\endcsname}
|
||||||
|
\DeclareOptionBeamer{subsection}[true]{\csname beamer@theme@subsection#1\endcsname}
|
||||||
|
\ProcessOptionsBeamer
|
||||||
|
|
||||||
|
|
||||||
|
\mode<presentation>
|
||||||
|
|
||||||
|
% Head
|
||||||
|
\defbeamertemplate*{headline}{zih01 theme}
|
||||||
|
{%
|
||||||
|
\begin{beamercolorbox}[colsep=1.5pt]{upper separation line head}
|
||||||
|
\end{beamercolorbox}
|
||||||
|
% Navigation
|
||||||
|
\ifbeamer@theme@navigation
|
||||||
|
\begin{beamercolorbox}{section in head/foot}
|
||||||
|
\vskip2pt\insertnavigation{\paperwidth}\vskip2pt
|
||||||
|
\end{beamercolorbox}%
|
||||||
|
\fi%
|
||||||
|
% Section > Subsection
|
||||||
|
\ifbeamer@theme@subsection%
|
||||||
|
\begin{beamercolorbox}[colsep=1.5pt]{middle separation line head}
|
||||||
|
\end{beamercolorbox}
|
||||||
|
\begin{beamercolorbox}[ht=2.5ex,dp=1.125ex,leftskip=.3cm,rightskip=.3cm plus1fil]{subsection in head/foot}
|
||||||
|
\usebeamerfont{subsection in head/foot}\insertsectionhead\ \hfill \insertsubsectionhead
|
||||||
|
\end{beamercolorbox}%
|
||||||
|
\else%
|
||||||
|
\begin{beamercolorbox}{subsection in head/foot}
|
||||||
|
\rule{0cm}{0.7pt}
|
||||||
|
\end{beamercolorbox}%
|
||||||
|
\fi%
|
||||||
|
\begin{beamercolorbox}[colsep=1.5pt]{lower separation line head}
|
||||||
|
\end{beamercolorbox}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
% Frametitle
|
||||||
|
|
||||||
|
\defbeamertemplate*{frametitle}{zih01 theme}[1][left]
|
||||||
|
{%
|
||||||
|
\ifbeamercolorempty[bg]{frametitle}{}{\nointerlineskip}%
|
||||||
|
\@tempdima=\textwidth%
|
||||||
|
\advance\@tempdima by\beamer@leftmargin%
|
||||||
|
\advance\@tempdima by\beamer@rightmargin%
|
||||||
|
\begin{beamercolorbox}[sep=0.3cm,#1,wd=\the\@tempdima]{frametitle}
|
||||||
|
\usebeamerfont{frametitle}%
|
||||||
|
\vbox{}\vskip-1ex%
|
||||||
|
\if@tempswa\else\csname beamer@fte#1\endcsname\fi%
|
||||||
|
\strut\hspace{3mm}\insertframetitle\strut\par%
|
||||||
|
\vspace{-3.8mm}%
|
||||||
|
\begin{tikzpicture}[x=\paperwidth,y=0.65pt]
|
||||||
|
\shade[left color=white,right color=white] (0.0,0) rectangle (0.001,1);
|
||||||
|
\shade[left color=zihorange,right color=darkblue] (0.02,0) rectangle (0.938,1);
|
||||||
|
\shade[left color=darkblue,right color=zihorange] (0.01,3) rectangle (0.928,4);
|
||||||
|
\end{tikzpicture}
|
||||||
|
|
||||||
|
{%
|
||||||
|
\ifx\insertframesubtitle\@empty%
|
||||||
|
\else%
|
||||||
|
{\usebeamerfont{framesubtitle}\usebeamercolor[fg]{framesubtitle}\hspace{3mm}\insertframesubtitle\strut\par}%
|
||||||
|
\fi
|
||||||
|
}%
|
||||||
|
\vskip-1ex%
|
||||||
|
\if@tempswa\else\vskip-.3cm\fi% set inside beamercolorbox... evil here...
|
||||||
|
\end{beamercolorbox}%
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
\mode
|
||||||
|
<all>
|
BIN
nftables/Präsentation/Latex/theme/logo/LCTP-logo.pdf
Normal file
BIN
nftables/Präsentation/Latex/theme/logo/LCTP-logo.pdf
Normal file
Binary file not shown.
BIN
nftables/Präsentation/Latex/theme/logo/bg.png
Normal file
BIN
nftables/Präsentation/Latex/theme/logo/bg.png
Normal file
Binary file not shown.
After Width: | Height: | Size: 487 KiB |
BIN
nftables/Präsentation/Latex/theme/logo/tu_logo.pdf
Normal file
BIN
nftables/Präsentation/Latex/theme/logo/tu_logo.pdf
Normal file
Binary file not shown.
BIN
nftables/Präsentation/Latex/theme/logo/tu_logo_black.pdf
Normal file
BIN
nftables/Präsentation/Latex/theme/logo/tu_logo_black.pdf
Normal file
Binary file not shown.
BIN
nftables/Präsentation/Latex/theme/logo/zih_logo_ml.pdf
Normal file
BIN
nftables/Präsentation/Latex/theme/logo/zih_logo_ml.pdf
Normal file
Binary file not shown.
BIN
nftables/Präsentation/Latex/theme/logo/zih_logo_white.pdf
Normal file
BIN
nftables/Präsentation/Latex/theme/logo/zih_logo_white.pdf
Normal file
Binary file not shown.
126
nftables/Präsentation/Latex/theme/theme.tex
Normal file
126
nftables/Präsentation/Latex/theme/theme.tex
Normal file
@ -0,0 +1,126 @@
|
|||||||
|
\newif\ifzihbackground
|
||||||
|
\zihbackgroundtrue
|
||||||
|
%\zihbackgroundfalse
|
||||||
|
|
||||||
|
% Yes, this is dirty
|
||||||
|
\newcommand\zihmaketitle{
|
||||||
|
\definecolor{white}{gray}{1.00}%
|
||||||
|
\setbeamercolor{normaltext}{bg=darkblue}%
|
||||||
|
\setbeamertemplate{headline}{%
|
||||||
|
\vskip6.15mm\color{white}\setlength{\arrayrulewidth}{0.3pt}%
|
||||||
|
\begin{tabular*}{\paperwidth}[b]{l@{\extracolsep\fill}}%
|
||||||
|
\hspace*{3.0mm}\color{white}%
|
||||||
|
\includegraphics[height=7.81mm]{theme/logo/tu_logo_black}\\[1.2mm]%
|
||||||
|
\hline\hspace*{11.76mm}\rule[-0.8mm]{0pt}{2.47mm}%
|
||||||
|
\def\@@dummyComma{}\rule{0pt}{5.8pt}%
|
||||||
|
\insertinstitute \\%
|
||||||
|
\hline%
|
||||||
|
\end{tabular*}%
|
||||||
|
\hspace{-\paperwidth}%
|
||||||
|
}%
|
||||||
|
\ifzihbackground
|
||||||
|
\setbeamertemplate{footline}{}
|
||||||
|
\setbeamertemplate{background}{\includegraphics[height=\paperheight,width=\paperwidth]{theme/logo/bg}}
|
||||||
|
\else
|
||||||
|
\setbeamertemplate{footline}{
|
||||||
|
\parbox[t][22mm]{\paperwidth}{
|
||||||
|
\vspace*{-8.18mm}
|
||||||
|
\rule
|
||||||
|
{98.6mm}{0pt}\includegraphics[height=15mm]{theme/logo/zih_logo_white}
|
||||||
|
|
||||||
|
}
|
||||||
|
}
|
||||||
|
\fi%
|
||||||
|
\frame{\titlepage}
|
||||||
|
% Kopf-/Fusszeilen fuer restliche Folien
|
||||||
|
\setbeamercolor{normal text}{bg=white}
|
||||||
|
\setbeamertemplate{background}{}
|
||||||
|
\setbeamertemplate{headline}[zih01 theme]
|
||||||
|
\setbeamertemplate{footline}[zih01 theme]
|
||||||
|
}
|
||||||
|
|
||||||
|
\usetheme{Dresden}
|
||||||
|
%\useoutertheme{theme/zih01}
|
||||||
|
%\useinnertheme{theme/zih01}
|
||||||
|
\usepackage{theme/beamerouterthemezih01}
|
||||||
|
\usepackage{theme/beamerinnerthemezih01}
|
||||||
|
|
||||||
|
%\useinnertheme{rounded}
|
||||||
|
\definecolor{darkblue}{rgb}{0.04, 0.16, 0.32}
|
||||||
|
% font color for headlines etc.
|
||||||
|
\setbeamercolor*{structure}{fg=darkblue,bg=white}
|
||||||
|
% disable navigation symbols
|
||||||
|
\setbeamertemplate{navigation symbols}{}
|
||||||
|
% can't remember what this is good for
|
||||||
|
\setbeamercovered{transparent}
|
||||||
|
|
||||||
|
% reduce margin size
|
||||||
|
\setbeamersize{text margin left=0.7cm}
|
||||||
|
\setbeamersize{text margin right=0.7cm}
|
||||||
|
%
|
||||||
|
% Outer Color Theme "whale" sorgt f?r strenge farbliche Trennen zwischen Zierrat
|
||||||
|
% und dem eigentlichen Inhalt. Ein dunkler Hintergrund f?r den Folientitel wirkt
|
||||||
|
% aber zu aufdringlich.
|
||||||
|
%
|
||||||
|
\usecolortheme{orchid}
|
||||||
|
%\setbeamercolor{titlelike}{parent=structure}
|
||||||
|
|
||||||
|
%
|
||||||
|
% Inner Color Theme "orchid" sorgt f?r farblich abgesetzt Bl?cke (Definitionen,
|
||||||
|
% S?tze, Beispiele, Beweise, ...).
|
||||||
|
%
|
||||||
|
%\usecolortheme{orchid}
|
||||||
|
|
||||||
|
%zum drucken
|
||||||
|
%\usepackage{pgfpages}
|
||||||
|
%\pgfpagesuselayout{resize to}[a4paper,border shrink=5mm,port]
|
||||||
|
%\pgfpagesuselayout{4 on 1}[a4paper,border shrink=3mm, landscape]
|
||||||
|
|
||||||
|
%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
||||||
|
|
||||||
|
\definecolor{LightGray} {gray}{0.9}
|
||||||
|
\definecolor{Gray} {gray}{0.5}
|
||||||
|
\definecolor{DarkGray} {gray}{0.2}
|
||||||
|
\definecolor{listinggray} {gray}{0.96}
|
||||||
|
\definecolor{DarkGreen} {rgb}{0.0,0.6,0.0}
|
||||||
|
\definecolor{DarkRed} {rgb}{0.6,0.0,0.0}
|
||||||
|
\definecolor{DarkBlue} {rgb}{0.0,0.0,0.6}
|
||||||
|
\definecolor{DarkCyan} {rgb}{0.7,0.7,0.2}
|
||||||
|
\definecolor{DarkDarkGreen} {rgb}{0.0,0.4,0.0}
|
||||||
|
|
||||||
|
\lstset{language=C}
|
||||||
|
\lstset{linewidth=0.99\textwidth}
|
||||||
|
%\lstset{boxpos=c}
|
||||||
|
\lstset{xleftmargin=0.03\textwidth}
|
||||||
|
%\lstset{breaklines=true}
|
||||||
|
\lstset{framexleftmargin=0.03\textwidth}
|
||||||
|
\lstset{abovecaptionskip=\smallskipamount}
|
||||||
|
\lstset{belowcaptionskip=\smallskipamount}
|
||||||
|
\lstset{basicstyle=\ttfamily\tiny}
|
||||||
|
\lstset{backgroundcolor=\color{listinggray}}
|
||||||
|
%\lstset{frameround=ffff}
|
||||||
|
%\lstset{frame=shadowbox}
|
||||||
|
%\lstset{rulesepcolor=\color{Gray}}
|
||||||
|
\lstset{numbers=left}
|
||||||
|
\lstset{numberstyle=\tiny \color{DarkGray}}
|
||||||
|
\lstset{numbersep=0.01\textwidth}
|
||||||
|
\lstset{showstringspaces=false}
|
||||||
|
%\lstset{showspaces=false}
|
||||||
|
\lstset{tabsize=4}
|
||||||
|
|
||||||
|
%% all words in the following list are printed in bold letters in a listing
|
||||||
|
\lstset{emph={__asm__, __volatile__, return, main,},emphstyle={\bfseries\color{DarkGray}}}
|
||||||
|
\lstset{captionpos=b}
|
||||||
|
|
||||||
|
% Style für C Sourcecode
|
||||||
|
\lstdefinestyle{CA}{
|
||||||
|
language=C,
|
||||||
|
basicstyle=\ttfamily\scriptsize,
|
||||||
|
keywordstyle=\ttfamily\bfseries\color{DarkBlue},
|
||||||
|
stringstyle=\ttfamily\color{DarkRed},
|
||||||
|
commentstyle=\ttfamily\color{DarkGreen},
|
||||||
|
identifierstyle=\ttfamily\color{DarkCyan},
|
||||||
|
backgroundcolor=\color{listinggray},
|
||||||
|
}
|
||||||
|
|
||||||
|
%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
BIN
nftables/Präsentation/iptables.gif
Normal file
BIN
nftables/Präsentation/iptables.gif
Normal file
Binary file not shown.
After Width: | Height: | Size: 2.7 KiB |
BIN
nftables/Präsentation/iptables.png
Normal file
BIN
nftables/Präsentation/iptables.png
Normal file
Binary file not shown.
After Width: | Height: | Size: 1.3 KiB |
BIN
nftables/Präsentation/nftables.jpg
Normal file
BIN
nftables/Präsentation/nftables.jpg
Normal file
Binary file not shown.
After Width: | Height: | Size: 85 KiB |
Loading…
Reference in New Issue
Block a user