(upcoming talk) Tricking out your Linux Kernel Networking

teaser (1-2 sentences)

The Linux kernel can be taught to perform amazing tricks. In this talk we’ll show cool stuff to do using nonstandard networking, interprocess communication, and  services like filesystems and network routing.

Tired of normal TCP sockets? Linux can do so much more!

ideas

The kernel provides control and connection with external systems, kernel services, kernel itself, and other processes. Full knowledge allows application magic, like reconnecting streaming sockets to unconnected processes, or getting info from 3rd party systems by watching indirect effects.

outline

In the Wild– Faint of Heart need Not Apply
* Standard packages use tricks to achieve high performance and lots of features
Nginx
Apache
Gunicorn
uwsgi
Socket/File similarities (-> Netlink)
* Sockets and files are similar to the kernel; Netlink sockets give bulk info from kernel services
Socket
TCP
UDP
Unixdom + Pipes
cheat: unixdom as server lock  (“Abstract Socket Namespace”)
* By using Unix domain sockets we can produce reliable “server once once” semantics.  To my knowledge no one has discovered this before.
cheat: rebind socket
* Programmers think of TCP sockets as point-to-point.  That’s true, but you can rebind the endpoints!
cheat: rebind socket inside container?
* Docker and LXC allow higher security by having separate user spaces utilizing the same kernel. It may be possible to rebind a socket from the parent container into another, giving very high security and durability.
Files (kernel service)
inotify
cheat: inotify + MySQL
* By using the inotify kernel service we can transparently add a feature to MySQL — we can detect when a table is modified.
filesystem
cheat: autoconvert videos for smart TV w/ DLNA
* We can write a virtual filesystem which shows video files automatically transcoded into the correct format for a TV or Roku box.
Netlink (kernel service)
Socket/File/Netlink comparison
wifi up/down
* Easy to run scripts when network connects to certain wifi hotspots; no polling needed.

another talk

Strace/Ftrace
very powerful
high overhead
Wizardry, Trickery, Jedi master mind control
http://troydhanson.github.io/misc/Unix_domain_sockets.html
Direct vs Indirect: ask socket for info, vs watch side effects in the system