Wpa_supplicant is a widely used implementation of an IEEE 802.11i supplicant for Linux and other platforms. It implements WPA and WPA2 security protocols as well as RSN, PMKSA caching, pre-authentication, 802.11r, 802.11w, and Wi-Fi Protected Setup (WPS). Wpa_supplicant initializes interfaces by reading configuration files, setting up drivers via cfg80211 and libnl, and starting an event loop to monitor network events. It can access layer 2 packets using l2_packet to support functions like TDLS.
Here I am describing general topics about :
1) Brief about 802.11 standard.
2) MAC layer frames
3) MLME
4) SoftMAC and HardMAC
5) Broadcom bcm43xx chipsets
6) Tx path and Rx path of brcmsmac driver
7) Mac80211 debugfs
8) Live demonstration
Tutorial WiFi driver code - Opening Nuts and Bolts of Linux WiFi SubsystemDheryta Jaisinghani
While we understand the complex interplay of OSI layers, in theory, in practice understanding their implementation is a non-trivial task. The implementation details that enables a network interface card to communicate with its peers are oblivious to the end-users. Developers venturing into this domain for the first time often find it hard to find relevant tutorials that enable them to understand these implementation details. The aim of this talk is to provide an overview of WiFi Subsystem implemented in the Linux operating system. Specifically, this talk will explain the sequence of events that occur from application layer till physical layer when a connection is established over WiFi. After this talk, the audience will understand
(1) the bird's eye view of Linux WiFi Subsystem,
(2) what happens in an operating system when a WiFi card is plugged-in,
(3) how is a packet received/transmitted from physical layer to operating system kernel and vice-versa,
(4) brief overview of code structure of open-source drivers, and lastly
(5) important pointers to kick start driver code modifications.
Video Available here: https://www.youtube.com/watch?v=pa1oEyc7Dm0
Building DataCenter networks with VXLAN BGP-EVPNCisco Canada
The session specifically covers the requirements and approaches for deploying the Underlay, Overlay as well as the inter-Fabric connectivity of Data Center Networks or Fabrics. Within the VXLAN BGP-EVPN based Overlay, we focus on the insights like forwarding and control plane functions which are critical to the simplicity operation of the architecture in achieving scale, small failure domains and consistent configuration. To complete the overlay view on VXLAN BGP-EVPN, we are going to the insides of BGP and its EVPN address-familiy and extend to about how multiple DC Fabric can be interconnected within, either as stretched Fabrics or with true DCI. The session concludes with a brief overview of manageability functions, network orchestration capabilities and multi-tenancy details. This Advanced session is intended for network, design and operation engineers from Enterprises to Service Providers.
Open vSwitch Offload: Conntrack and the Upstream KernelNetronome
Offloading all or part of the Open vSwitch datapath to SmartNICs has been shown to not only release CPU resources on the server, but improve traffic processing performance. Recently steps have been made to support such offloading in the upstream Linux kernel. This has focused on creating an OVS datapath using the TC flower filter and utilizing the offload hooks already present here. This presentation focuses on how Connection Tracking (Conntrack) may fit into this model. It describes current work being undertaken with the Netfilter community to allow offloading of Conntrack entries. It continues to link this work with the offloading of Conntrack rules within OVS-TC.
Here I am describing general topics about :
1) Brief about 802.11 standard.
2) MAC layer frames
3) MLME
4) SoftMAC and HardMAC
5) Broadcom bcm43xx chipsets
6) Tx path and Rx path of brcmsmac driver
7) Mac80211 debugfs
8) Live demonstration
Tutorial WiFi driver code - Opening Nuts and Bolts of Linux WiFi SubsystemDheryta Jaisinghani
While we understand the complex interplay of OSI layers, in theory, in practice understanding their implementation is a non-trivial task. The implementation details that enables a network interface card to communicate with its peers are oblivious to the end-users. Developers venturing into this domain for the first time often find it hard to find relevant tutorials that enable them to understand these implementation details. The aim of this talk is to provide an overview of WiFi Subsystem implemented in the Linux operating system. Specifically, this talk will explain the sequence of events that occur from application layer till physical layer when a connection is established over WiFi. After this talk, the audience will understand
(1) the bird's eye view of Linux WiFi Subsystem,
(2) what happens in an operating system when a WiFi card is plugged-in,
(3) how is a packet received/transmitted from physical layer to operating system kernel and vice-versa,
(4) brief overview of code structure of open-source drivers, and lastly
(5) important pointers to kick start driver code modifications.
Video Available here: https://www.youtube.com/watch?v=pa1oEyc7Dm0
Building DataCenter networks with VXLAN BGP-EVPNCisco Canada
The session specifically covers the requirements and approaches for deploying the Underlay, Overlay as well as the inter-Fabric connectivity of Data Center Networks or Fabrics. Within the VXLAN BGP-EVPN based Overlay, we focus on the insights like forwarding and control plane functions which are critical to the simplicity operation of the architecture in achieving scale, small failure domains and consistent configuration. To complete the overlay view on VXLAN BGP-EVPN, we are going to the insides of BGP and its EVPN address-familiy and extend to about how multiple DC Fabric can be interconnected within, either as stretched Fabrics or with true DCI. The session concludes with a brief overview of manageability functions, network orchestration capabilities and multi-tenancy details. This Advanced session is intended for network, design and operation engineers from Enterprises to Service Providers.
Open vSwitch Offload: Conntrack and the Upstream KernelNetronome
Offloading all or part of the Open vSwitch datapath to SmartNICs has been shown to not only release CPU resources on the server, but improve traffic processing performance. Recently steps have been made to support such offloading in the upstream Linux kernel. This has focused on creating an OVS datapath using the TC flower filter and utilizing the offload hooks already present here. This presentation focuses on how Connection Tracking (Conntrack) may fit into this model. It describes current work being undertaken with the Netfilter community to allow offloading of Conntrack entries. It continues to link this work with the offloading of Conntrack rules within OVS-TC.
Cilium - Container Networking with BPF & XDPThomas Graf
This talk demonstrates that programmability and performance does not require user space networking, it can be achieved in the kernel by generating BPF programs and leveraging the existing kernel subsystems. We will demo an early prototype which provides fast IPv6 & IPv4 connectivity to containers, container labels based security policy with avg cost O(1), and debugging and monitoring based on the per-cpu perf ring buffer. We encourage a lively discussion on the approach taken and next steps.
In this talk Jiří Pírko discusses the design and evolution of the VLAN implementation in Linux, the challenges and pitfalls as well as hardware acceleration and alternative implementations.
Jiří Pírko is a major contributor to kernel networking and the creator of libteam for link aggregation.
OpenWrt is a Linux distribution for embedded systems that runs on many routers and networking devices today. In this session we'll talk about OpenWrt's origins, architecture and get down to building apps for the platform.
Along the way we will touch on some basic firmware concepts and at last present the final working OpenWrt router and its capabilities.
Anton Lerner, Architect at Sitaro, computer geek, developer and occasional maker.
Sitaro provides total cyber protection for small business and home networks. Sitaro prevents massive scale IoT cyber attacks.
Find out more information in the meetup event page - https://www.meetup.com/Tel-Aviv-Yafo-Linux-Kernel-Meetup/events/245319189/
Calico provides secure network connectivity for containers and virtual machine workloads.
Calico creates and manages a flat layer 3 network, assigning each workload a fully routable IP address. Workloads can communicate without IP encapsulation or network address translation for bare metal performance, easier troubleshooting, and better interoperability. In environments that require an overlay, Calico uses IP-in-IP tunneling or can work with other overlay networking such as flannel.
Calico also provides dynamic enforcement of network security rules. Using Calico’s simple policy language, you can achieve fine-grained control over communications between containers, virtual machine workloads, and bare metal host endpoints.
Proven in production at scale, Calico features integrations with Kubernetes, OpenShift, Docker, Mesos, DC/OS, and OpenStack.
Integration of OVS in OpenWrt wireless network and investigation of SDWMNNazmul Hossain Rakib
OpenFlow managed Software Defined Network (SDN) and Wireless Mesh Network (WMN) are being an emerging technology for their autonomous functionality and economic feasibility. SDN is somehow defined as next generation technology which let the network configure, optimize and heal centrally using artificial intelligence. WMN has been adopted by several applications because of its promising functionality. In this research, applicability of SDN on WMN has been studied as well as the decentralized controller mechanism over SDWMN (Software Defined Wireless Mesh Network). First of all, two types of Wireless connectivity (AD Hoc and WDS) has been researched using OpenWrt configured SDN. Then probability and availability of WMN using SDN has been investigated. Finally, some solutions has been tried to figure out for the further future implementation of SDWMN.
SOSCON 2019.10.17
What are the methods for packet processing on Linux? And how fast are each packet processing methods? In this presentation, we will learn how to handle packets on Linux (User space, socket filter, netfilter, tc), and compare performance with analysis of where each packet processing is done in the network stack (hook point). Also, we will discuss packet processing using XDP, an in-kernel fast-path recently added to the Linux kernel. eXpress Data Path (XDP) is a high-performance programmable network data-path within the Linux kernel. The XDP is located at the lowest level of access through SW in the network stack, the point at which driver receives the packet. By using the eBPF infrastructure at this hook point, the network stack can be expanded without modifying the kernel.
Daniel T. Lee (Hoyeon Lee)
@danieltimlee
Daniel T. Lee currently works as Software Engineer at Kosslab and contributing to Linux kernel BPF project. He has interest in cloud, Linux networking, and tracing technologies, and likes to analyze the kernel's internal using BPF technology.
Next Generation Nexus 9000 ArchitectureCisco Canada
In the upcoming year, 2016, the industry will see a significant capacity, capability and cost point shift in Data Center switching. The introduction of 25/100G supplementing the previous standard of 10/40G at the same cost points and power efficiency which represents a 250% increase in capacity for roughly the same capital costs is just one example of the scope of the change. These changes are occurring due to the introduction of new generations of ASICs leveraging improvements in semiconductor fabrication combined with innovative developments in network algorithms, SerDes capabilities and ASIC design approaches. This session will take a deep dive look at the technology changes enabling this shift and the architecture of the next generation nexus 9000 Data Center switches enabled due to these changes. Topics will include a discussion of the introduction of 25/50/100G to compliment existing 10/40G, why next generation fabrication techniques enable much larger forwarding scale, more intelligent buffering and queuing algorithms and embedded telemetry enabling big data analytics based on network traffic
Webinar topic: Mikrotik Bridge Deep Dive
Presenter: Achmad Mardiansyah
In this webinar series, we will discuss about Mikrotik Bridge Deep Dive
Please share your feedback or webinar ideas here: http://bit.ly/glcfeedback
Check our schedule for future events: https://www.glcnetworks.com/en/schedule/
Follow our social media for updates: Facebook, Instagram, YouTube Channel, and telegram also discord
Recording available on Youtube
https://youtu.be/AISGc9AGJtE
Accelerating Envoy and Istio with Cilium and the Linux KernelThomas Graf
This talk will provide an introduction to injection options of Envoy and then deep dive into ongoing Linux kernel work that enables injecting Envoy while introducing as little latency as possible.
The servicemesh and the sidecar proxy model are on a steep trajectory to redefine many networking and security use cases. This talk explains and demos a new socket redirect Linux kernel technology that allows running Envoy with similar performance as if the sidecar was linked to the application using a UNIX domain socket. The talk will also give an outlook on how Envoy can use the recently merged kernel TLS functionality to gain access to the clear text payload transparently for end to end encrypted applications without requiring to decrypt and re-encrypt any data to further reduce the overhead and latency.
This presentation features a walk through the Linux kernel networking stack covering the essentials and recent developments a developer needs to know. Our starting point is the network card driver as it feeds a packet into the stack. We will follow the packet as it traverses through various subsystems such as packet filtering, routing, protocol stacks, and the socket layer. We will pause here and there to look into concepts such as segmentation offloading, TCP small queues, and low latency polling. We will cover APIs exposed by the kernel that go beyond use of write()/read() on sockets and will look into how they are implemented on the kernel side.
The purpose of this session is to share leading practices for configuring Aruba OS CX devices in both core and aggregation roles with a focus on collapsed core (two-tier) networks.
The second part of Linux Internals covers system calls, process subsystem and inter process communication mechanisms. Understanding these services provided by Linux are essential for embedded systems engineer.
WPA Too! is a talk presented at Blackhat Arsenal and Defcon 18. This is about a security vulnerability in WPA/WPA2 protocol which allows a malicious user (insider) of a wireless network
Cilium - Container Networking with BPF & XDPThomas Graf
This talk demonstrates that programmability and performance does not require user space networking, it can be achieved in the kernel by generating BPF programs and leveraging the existing kernel subsystems. We will demo an early prototype which provides fast IPv6 & IPv4 connectivity to containers, container labels based security policy with avg cost O(1), and debugging and monitoring based on the per-cpu perf ring buffer. We encourage a lively discussion on the approach taken and next steps.
In this talk Jiří Pírko discusses the design and evolution of the VLAN implementation in Linux, the challenges and pitfalls as well as hardware acceleration and alternative implementations.
Jiří Pírko is a major contributor to kernel networking and the creator of libteam for link aggregation.
OpenWrt is a Linux distribution for embedded systems that runs on many routers and networking devices today. In this session we'll talk about OpenWrt's origins, architecture and get down to building apps for the platform.
Along the way we will touch on some basic firmware concepts and at last present the final working OpenWrt router and its capabilities.
Anton Lerner, Architect at Sitaro, computer geek, developer and occasional maker.
Sitaro provides total cyber protection for small business and home networks. Sitaro prevents massive scale IoT cyber attacks.
Find out more information in the meetup event page - https://www.meetup.com/Tel-Aviv-Yafo-Linux-Kernel-Meetup/events/245319189/
Calico provides secure network connectivity for containers and virtual machine workloads.
Calico creates and manages a flat layer 3 network, assigning each workload a fully routable IP address. Workloads can communicate without IP encapsulation or network address translation for bare metal performance, easier troubleshooting, and better interoperability. In environments that require an overlay, Calico uses IP-in-IP tunneling or can work with other overlay networking such as flannel.
Calico also provides dynamic enforcement of network security rules. Using Calico’s simple policy language, you can achieve fine-grained control over communications between containers, virtual machine workloads, and bare metal host endpoints.
Proven in production at scale, Calico features integrations with Kubernetes, OpenShift, Docker, Mesos, DC/OS, and OpenStack.
Integration of OVS in OpenWrt wireless network and investigation of SDWMNNazmul Hossain Rakib
OpenFlow managed Software Defined Network (SDN) and Wireless Mesh Network (WMN) are being an emerging technology for their autonomous functionality and economic feasibility. SDN is somehow defined as next generation technology which let the network configure, optimize and heal centrally using artificial intelligence. WMN has been adopted by several applications because of its promising functionality. In this research, applicability of SDN on WMN has been studied as well as the decentralized controller mechanism over SDWMN (Software Defined Wireless Mesh Network). First of all, two types of Wireless connectivity (AD Hoc and WDS) has been researched using OpenWrt configured SDN. Then probability and availability of WMN using SDN has been investigated. Finally, some solutions has been tried to figure out for the further future implementation of SDWMN.
SOSCON 2019.10.17
What are the methods for packet processing on Linux? And how fast are each packet processing methods? In this presentation, we will learn how to handle packets on Linux (User space, socket filter, netfilter, tc), and compare performance with analysis of where each packet processing is done in the network stack (hook point). Also, we will discuss packet processing using XDP, an in-kernel fast-path recently added to the Linux kernel. eXpress Data Path (XDP) is a high-performance programmable network data-path within the Linux kernel. The XDP is located at the lowest level of access through SW in the network stack, the point at which driver receives the packet. By using the eBPF infrastructure at this hook point, the network stack can be expanded without modifying the kernel.
Daniel T. Lee (Hoyeon Lee)
@danieltimlee
Daniel T. Lee currently works as Software Engineer at Kosslab and contributing to Linux kernel BPF project. He has interest in cloud, Linux networking, and tracing technologies, and likes to analyze the kernel's internal using BPF technology.
Next Generation Nexus 9000 ArchitectureCisco Canada
In the upcoming year, 2016, the industry will see a significant capacity, capability and cost point shift in Data Center switching. The introduction of 25/100G supplementing the previous standard of 10/40G at the same cost points and power efficiency which represents a 250% increase in capacity for roughly the same capital costs is just one example of the scope of the change. These changes are occurring due to the introduction of new generations of ASICs leveraging improvements in semiconductor fabrication combined with innovative developments in network algorithms, SerDes capabilities and ASIC design approaches. This session will take a deep dive look at the technology changes enabling this shift and the architecture of the next generation nexus 9000 Data Center switches enabled due to these changes. Topics will include a discussion of the introduction of 25/50/100G to compliment existing 10/40G, why next generation fabrication techniques enable much larger forwarding scale, more intelligent buffering and queuing algorithms and embedded telemetry enabling big data analytics based on network traffic
Webinar topic: Mikrotik Bridge Deep Dive
Presenter: Achmad Mardiansyah
In this webinar series, we will discuss about Mikrotik Bridge Deep Dive
Please share your feedback or webinar ideas here: http://bit.ly/glcfeedback
Check our schedule for future events: https://www.glcnetworks.com/en/schedule/
Follow our social media for updates: Facebook, Instagram, YouTube Channel, and telegram also discord
Recording available on Youtube
https://youtu.be/AISGc9AGJtE
Accelerating Envoy and Istio with Cilium and the Linux KernelThomas Graf
This talk will provide an introduction to injection options of Envoy and then deep dive into ongoing Linux kernel work that enables injecting Envoy while introducing as little latency as possible.
The servicemesh and the sidecar proxy model are on a steep trajectory to redefine many networking and security use cases. This talk explains and demos a new socket redirect Linux kernel technology that allows running Envoy with similar performance as if the sidecar was linked to the application using a UNIX domain socket. The talk will also give an outlook on how Envoy can use the recently merged kernel TLS functionality to gain access to the clear text payload transparently for end to end encrypted applications without requiring to decrypt and re-encrypt any data to further reduce the overhead and latency.
This presentation features a walk through the Linux kernel networking stack covering the essentials and recent developments a developer needs to know. Our starting point is the network card driver as it feeds a packet into the stack. We will follow the packet as it traverses through various subsystems such as packet filtering, routing, protocol stacks, and the socket layer. We will pause here and there to look into concepts such as segmentation offloading, TCP small queues, and low latency polling. We will cover APIs exposed by the kernel that go beyond use of write()/read() on sockets and will look into how they are implemented on the kernel side.
The purpose of this session is to share leading practices for configuring Aruba OS CX devices in both core and aggregation roles with a focus on collapsed core (two-tier) networks.
The second part of Linux Internals covers system calls, process subsystem and inter process communication mechanisms. Understanding these services provided by Linux are essential for embedded systems engineer.
WPA Too! is a talk presented at Blackhat Arsenal and Defcon 18. This is about a security vulnerability in WPA/WPA2 protocol which allows a malicious user (insider) of a wireless network
The Internet Revolution has come.The Internet is getting back to its's origin i.e. connecting networks.This Presentation is a small effort to contribute towards the Internet of Things community and hence to the people who are going to make this world a better and a smart planet.In short I'm Enabling Everything to Talk!
How can you configure Wireshark to always recognize port 444 as an S.pdfarkleatheray
How can you configure Wireshark to always recognize port 444 as an SSL/TLS port?
Solution
General configuration :
How to Configure Wireshark
To configure Wireshark, follow these general steps:
Step 1 Define, modify or delete a capture point.
Step 2 Activate or deactivate a capture point.
Default Wireshark Configuration
Table 58-1 shows the default Wireshark configuration.
Table 58-1
Feature
Default Wireshark Configuration
Duration
Packets Packet-length
File size
Ring file storage Buffer storage mode
Default Setting
No limit
No limit
No limit (full packet)
No limit
No
Linear
Software Configuration Guide—Release IOS XE 3.5.0E and IOS 15.2(1)E
OL_28731-01
58-11
How to Configure Wireshark
Chapter 58
Configuring Wireshark
Defining, Modifying, or Deleting a Capture Point
Step 1 Step 2
Step 3 Step 4 Step 5 Step 6
Step 7
Although listed in sequence, the steps to specify values for the options can be executed in any
order. You can also specify them in one, two, or several lines. Except for attachment points,
which can be multiple, you can replace any value with a more recent value by redefining the
same option, in the following order:
Define the name that identifies the capture point.
Specify the attachment point with which the capture point is associated.
Multiple attachment points can be specified. Range support is also available both for adding and
removing attachment points.
Define the core system filter, defined either explicitly, through ACL or through a class map.
Specify the session limit (in seconds or packets captured).
Specify the packet segment length to be retained by Wireshark.
Specify the file association, if the capture point intends to capture packets rather than merely
display them.
Specify the size of the memory buffer used by Wireshark to handle traffic bursts.
To filter the capture point, use the following commands:
Command
Purpose
[no] monitor capture mycap match {any | macmac-match-string | ipv4ipv4-match-string |
ipv6ipv6-match-string}
Defines an explicitly in-line core filter.
To remove the filter, use the no form of this command.
[no] monitor capture mycap matchmac {src-mac-addr src-mac-mask | any | hostsrc-mac-addr} |
{dest-mac-addr dest-mac-mask | any | hostdest-mac-addr}
Specifies use of a filter for MAC.
To remove the filter, use the no form of this command.
[no] monitor capture mycap match {ipv4 | ipv6} [src-prefix/length | any | hostsrc-ip-addr] [dest-
prefix/length | any | hostdest-ip-addr]
[no] monitor capture mycap match {ipv4 | ipv6} proto {tcp | udp} [src-prefix/length | any |
hostsrc-ip-addr] [eq | gt | lt | neq <0-65535>] [dest-prefix/length | any | hostdest-ip-addr] [eq | gt |
lt | neq <0-65535>]
Specifies a filter for IPv4/IPv6, use one of the formats. To remove the filters, use the no form of
this command.
To define a capture point, use the following commands:
Command
Purpose
monitor capturename [{interfacename | vlannum | control-plane} {in | out | both}
Specifies one or more attachment points with direction..
BKK16-312 Integrating and controlling embedded devices in LAVALinaro
Previous introductory tutorials on LAVA have focussed on virtual platforms. This is an end-to-end tutorial as a basis to evaluate LAVA with one or more embedded targets using U-Boot. It integrates both a physical bootloader device with a stand-alone installation of LAVA, along with a simple PDU for target power control which is based on off-the-shelf Arduino components and fully integrated with pdudaemon. It covers device requirements, device configuration for 32- and 64-bit platforms, use of lavatool, tftp, pduclient and logging via the LAVA web interface and /var.
Positive Hack Days. Pavlov. Network Infrastructure Security AssessmentPositive Hack Days
A participant will acquire basic skills of searching for vulnerabilities on switches and routers from various vendors. The masterclass will cover both common network vulnerabilities, and exceptive cases that can be detected in the process of security assessment of real networks.
Providing Globus Services to Users of JASMIN for Environmental Data AnalysisGlobus
JASMIN is the UK’s high-performance data analysis platform for environmental science, operated by STFC on behalf of the UK Natural Environment Research Council (NERC). In addition to its role in hosting the CEDA Archive (NERC’s long-term repository for climate, atmospheric science & Earth observation data in the UK), JASMIN provides a collaborative platform to a community of around 2,000 scientists in the UK and beyond, providing nearly 400 environmental science projects with working space, compute resources and tools to facilitate their work. High-performance data transfer into and out of JASMIN has always been a key feature, with many scientists bringing model outputs from supercomputers elsewhere in the UK, to analyse against observational or other model data in the CEDA Archive. A growing number of JASMIN users are now realising the benefits of using the Globus service to provide reliable and efficient data movement and other tasks in this and other contexts. Further use cases involve long-distance (intercontinental) transfers to and from JASMIN, and collecting results from a mobile atmospheric radar system, pushing data to JASMIN via a lightweight Globus deployment. We provide details of how Globus fits into our current infrastructure, our experience of the recent migration to GCSv5.4, and of our interest in developing use of the wider ecosystem of Globus services for the benefit of our user community.
Developing Distributed High-performance Computing Capabilities of an Open Sci...Globus
COVID-19 had an unprecedented impact on scientific collaboration. The pandemic and its broad response from the scientific community has forged new relationships among public health practitioners, mathematical modelers, and scientific computing specialists, while revealing critical gaps in exploiting advanced computing systems to support urgent decision making. Informed by our team’s work in applying high-performance computing in support of public health decision makers during the COVID-19 pandemic, we present how Globus technologies are enabling the development of an open science platform for robust epidemic analysis, with the goal of collaborative, secure, distributed, on-demand, and fast time-to-solution analyses to support public health.
First Steps with Globus Compute Multi-User EndpointsGlobus
In this presentation we will share our experiences around getting started with the Globus Compute multi-user endpoint. Working with the Pharmacology group at the University of Auckland, we have previously written an application using Globus Compute that can offload computationally expensive steps in the researcher's workflows, which they wish to manage from their familiar Windows environments, onto the NeSI (New Zealand eScience Infrastructure) cluster. Some of the challenges we have encountered were that each researcher had to set up and manage their own single-user globus compute endpoint and that the workloads had varying resource requirements (CPUs, memory and wall time) between different runs. We hope that the multi-user endpoint will help to address these challenges and share an update on our progress here.
Your Digital Assistant.
Making complex approach simple. Straightforward process saves time. No more waiting to connect with people that matter to you. Safety first is not a cliché - Securely protect information in cloud storage to prevent any third party from accessing data.
Would you rather make your visitors feel burdened by making them wait? Or choose VizMan for a stress-free experience? VizMan is an automated visitor management system that works for any industries not limited to factories, societies, government institutes, and warehouses. A new age contactless way of logging information of visitors, employees, packages, and vehicles. VizMan is a digital logbook so it deters unnecessary use of paper or space since there is no requirement of bundles of registers that is left to collect dust in a corner of a room. Visitor’s essential details, helps in scheduling meetings for visitors and employees, and assists in supervising the attendance of the employees. With VizMan, visitors don’t need to wait for hours in long queues. VizMan handles visitors with the value they deserve because we know time is important to you.
Feasible Features
One Subscription, Four Modules – Admin, Employee, Receptionist, and Gatekeeper ensures confidentiality and prevents data from being manipulated
User Friendly – can be easily used on Android, iOS, and Web Interface
Multiple Accessibility – Log in through any device from any place at any time
One app for all industries – a Visitor Management System that works for any organisation.
Stress-free Sign-up
Visitor is registered and checked-in by the Receptionist
Host gets a notification, where they opt to Approve the meeting
Host notifies the Receptionist of the end of the meeting
Visitor is checked-out by the Receptionist
Host enters notes and remarks of the meeting
Customizable Components
Scheduling Meetings – Host can invite visitors for meetings and also approve, reject and reschedule meetings
Single/Bulk invites – Invitations can be sent individually to a visitor or collectively to many visitors
VIP Visitors – Additional security of data for VIP visitors to avoid misuse of information
Courier Management – Keeps a check on deliveries like commodities being delivered in and out of establishments
Alerts & Notifications – Get notified on SMS, email, and application
Parking Management – Manage availability of parking space
Individual log-in – Every user has their own log-in id
Visitor/Meeting Analytics – Evaluate notes and remarks of the meeting stored in the system
Visitor Management System is a secure and user friendly database manager that records, filters, tracks the visitors to your organization.
"Secure Your Premises with VizMan (VMS) – Get It Now"
Quarkus Hidden and Forbidden ExtensionsMax Andersen
Quarkus has a vast extension ecosystem and is known for its subsonic and subatomic feature set. Some of these features are not as well known, and some extensions are less talked about, but that does not make them less interesting - quite the opposite.
Come join this talk to see some tips and tricks for using Quarkus and some of the lesser known features, extensions and development techniques.
Globus Compute wth IRI Workflows - GlobusWorld 2024Globus
As part of the DOE Integrated Research Infrastructure (IRI) program, NERSC at Lawrence Berkeley National Lab and ALCF at Argonne National Lab are working closely with General Atomics on accelerating the computing requirements of the DIII-D experiment. As part of the work the team is investigating ways to speedup the time to solution for many different parts of the DIII-D workflow including how they run jobs on HPC systems. One of these routes is looking at Globus Compute as a way to replace the current method for managing tasks and we describe a brief proof of concept showing how Globus Compute could help to schedule jobs and be a tool to connect compute at different facilities.
How to Position Your Globus Data Portal for Success Ten Good PracticesGlobus
Science gateways allow science and engineering communities to access shared data, software, computing services, and instruments. Science gateways have gained a lot of traction in the last twenty years, as evidenced by projects such as the Science Gateways Community Institute (SGCI) and the Center of Excellence on Science Gateways (SGX3) in the US, The Australian Research Data Commons (ARDC) and its platforms in Australia, and the projects around Virtual Research Environments in Europe. A few mature frameworks have evolved with their different strengths and foci and have been taken up by a larger community such as the Globus Data Portal, Hubzero, Tapis, and Galaxy. However, even when gateways are built on successful frameworks, they continue to face the challenges of ongoing maintenance costs and how to meet the ever-expanding needs of the community they serve with enhanced features. It is not uncommon that gateways with compelling use cases are nonetheless unable to get past the prototype phase and become a full production service, or if they do, they don't survive more than a couple of years. While there is no guaranteed pathway to success, it seems likely that for any gateway there is a need for a strong community and/or solid funding streams to create and sustain its success. With over twenty years of examples to draw from, this presentation goes into detail for ten factors common to successful and enduring gateways that effectively serve as best practices for any new or developing gateway.
Strategies for Successful Data Migration Tools.pptxvarshanayak241
Data migration is a complex but essential task for organizations aiming to modernize their IT infrastructure and leverage new technologies. By understanding common challenges and implementing these strategies, businesses can achieve a successful migration with minimal disruption. Data Migration Tool like Ask On Data play a pivotal role in this journey, offering features that streamline the process, ensure data integrity, and maintain security. With the right approach and tools, organizations can turn the challenge of data migration into an opportunity for growth and innovation.
Software Engineering, Software Consulting, Tech Lead.
Spring Boot, Spring Cloud, Spring Core, Spring JDBC, Spring Security,
Spring Transaction, Spring MVC,
Log4j, REST/SOAP WEB-SERVICES.
Advanced Flow Concepts Every Developer Should KnowPeter Caitens
Tim Combridge from Sensible Giraffe and Salesforce Ben presents some important tips that all developers should know when dealing with Flows in Salesforce.
How Does XfilesPro Ensure Security While Sharing Documents in Salesforce?XfilesPro
Worried about document security while sharing them in Salesforce? Fret no more! Here are the top-notch security standards XfilesPro upholds to ensure strong security for your Salesforce documents while sharing with internal or external people.
To learn more, read the blog: https://www.xfilespro.com/how-does-xfilespro-make-document-sharing-secure-and-seamless-in-salesforce/
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...Globus
Large Language Models (LLMs) are currently the center of attention in the tech world, particularly for their potential to advance research. In this presentation, we'll explore a straightforward and effective method for quickly initiating inference runs on supercomputers using the vLLM tool with Globus Compute, specifically on the Polaris system at ALCF. We'll begin by briefly discussing the popularity and applications of LLMs in various fields. Following this, we will introduce the vLLM tool, and explain how it integrates with Globus Compute to efficiently manage LLM operations on Polaris. Attendees will learn the practical aspects of setting up and remotely triggering LLMs from local machines, focusing on ease of use and efficiency. This talk is ideal for researchers and practitioners looking to leverage the power of LLMs in their work, offering a clear guide to harnessing supercomputing resources for quick and effective LLM inference.
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoamtakuyayamamoto1800
In this slide, we show the simulation example and the way to compile this solver.
In this solver, the Helmholtz equation can be solved by helmholtzFoam. Also, the Helmholtz equation with uniformly dispersed bubbles can be simulated by helmholtzBubbleFoam.
Understanding Globus Data Transfers with NetSageGlobus
NetSage is an open privacy-aware network measurement, analysis, and visualization service designed to help end-users visualize and reason about large data transfers. NetSage traditionally has used a combination of passive measurements, including SNMP and flow data, as well as active measurements, mainly perfSONAR, to provide longitudinal network performance data visualization. It has been deployed by dozens of networks world wide, and is supported domestically by the Engagement and Performance Operations Center (EPOC), NSF #2328479. We have recently expanded the NetSage data sources to include logs for Globus data transfers, following the same privacy-preserving approach as for Flow data. Using the logs for the Texas Advanced Computing Center (TACC) as an example, this talk will walk through several different example use cases that NetSage can answer, including: Who is using Globus to share data with my institution, and what kind of performance are they able to achieve? How many transfers has Globus supported for us? Which sites are we sharing the most data with, and how is that changing over time? How is my site using Globus to move data internally, and what kind of performance do we see for those transfers? What percentage of data transfers at my institution used Globus, and how did the overall data transfer performance compare to the Globus users?
How Recreation Management Software Can Streamline Your Operations.pptxwottaspaceseo
Recreation management software streamlines operations by automating key tasks such as scheduling, registration, and payment processing, reducing manual workload and errors. It provides centralized management of facilities, classes, and events, ensuring efficient resource allocation and facility usage. The software offers user-friendly online portals for easy access to bookings and program information, enhancing customer experience. Real-time reporting and data analytics deliver insights into attendance and preferences, aiding in strategic decision-making. Additionally, effective communication tools keep participants and staff informed with timely updates. Overall, recreation management software enhances efficiency, improves service delivery, and boosts customer satisfaction.
Multiple Your Crypto Portfolio with the Innovative Features of Advanced Crypt...Hivelance Technology
Cryptocurrency trading bots are computer programs designed to automate buying, selling, and managing cryptocurrency transactions. These bots utilize advanced algorithms and machine learning techniques to analyze market data, identify trading opportunities, and execute trades on behalf of their users. By automating the decision-making process, crypto trading bots can react to market changes faster than human traders
Hivelance, a leading provider of cryptocurrency trading bot development services, stands out as the premier choice for crypto traders and developers. Hivelance boasts a team of seasoned cryptocurrency experts and software engineers who deeply understand the crypto market and the latest trends in automated trading, Hivelance leverages the latest technologies and tools in the industry, including advanced AI and machine learning algorithms, to create highly efficient and adaptable crypto trading bots
3. What is Wpa_supplicant
● From Wiki page: wpa_supplicant
● wpa_supplicant is widely used in Linux distributions and Android!
● These slides are based on 2.6-devel
wpa_supplicant is a free software implementation of an IEEE 802.11i supplicant for Linux,
FreeBSD, NetBSD, QNX, AROS, Microsoft Windows, Solaris, OS/2 (including eComStation) and
Haiku. In addition to being a fully featured WPA2 supplicant, it also implements WPA and older
wireless LAN security protocols. Features include:
● WPA and full IEEE 802.11i/RSN/WPA2
● WPA-PSK and WPA2-PSK ("WPA-Personal", pre-shared key)
● WPA with EAP ("WPA-Enterprise", for example with RADIUS authentication server)
● key management for CCMP, TKIP, WEP (both 104/128- and 40/64-bit)
● RSN: PMKSA caching, pre-authentication
● IEEE 802.11r
● IEEE 802.11w
● Wi-Fi Protected Setup (WPS)
4. Usage
● wpa_supplicant
○ -D: driver type, cfg80211 or wext
○ -B: run as a daemon
○ -b: the bridge interface
○ -c: configure file path
○ -C: control interface
○ -d: decrease debug level (show more log)
○ -e: entropy file
○ -f: debug log file
○ -g: global control interface (ctrl_interface)
○ -G: the ctrl_interface will set to be owned by the specified group
○ -h: show usage
○ -i: interface
○ -I: another configuration file
○ -K: show key in debug log
5. Usage
● wpa_supplicant
○ -L: show license
○ -m: p2p device configuration file
○ -o: override driver option
○ -O: override control interface option
○ -p: driver parameter
○ -P: PID file
○ -q: increase debug level (show less log)
○ -s: use syslog
○ -T: use Linux Tracing
○ -t: add timestamp in debug log
○ -u: dbus control interface
○ -v: show wpa_supplicant version
○ -W: defer the main event loop until first external program attaches wpa_supplicant
○ -N: combine multiple interface parameters
8. Init Step 1: wpa_supplicant_init()
1. Init debug log setting
a. If specified to dump log to file via -f parameter, then initialize the output file via
wpa_debug_open_file(). Otherwise, initialize the standard output for debug log via
wpa_debug_setup_stdout()
b. If specified to dump log to syslog via -s parameter, then initialize syslog setting via
wpa_debug_open_syslog()
c. If specified to dump log by Linux Tracing via -T parameter, then initialize the setting via
wpa_debug_open_linux_tracing()
2. Initialize EAP methods via eap_register_methods()
3. Initialize global ctrl_interface via wpa_supplicant_global_ctrl_iface_init()
a. Open socket for the ctrl_interface
b. Set the group permission if the group is specified by -G parameters
c. Register ctrl_interface reader socket via eloop_register_read_sock()
9. Init Step 1: wpa_supplicant_init()
4. Initialize dbus via wpas_notify_supplicant_initialized()
5. Check global driver list wpa_drivers
6. Register a period timeout (10s) function wpas_periodic to:
a. P2P: check whether P2P peers expired via p2p_expire_peers()
b. STA: flush expired bss via wpa_bss_flush_by_age()
c. AP: check whether the acl is expired via ap_periodic()
10. Init Step 2: wpa_supplicant_add_iface()
1. Allocate wpa_supplicant structure fo each interface
2. If the override driver option is set by -o parameter, override the driver
specified by -D parameter
3. If the override ctrl_interface option is set by -O parameter, override the
ctrl_interface specified by -C parameter
4. wpa_supplicant_init_iface()
a. Read configuration file via wpa_config_read if the file is specified by -c parameter; if not
specified, make default configrations
b. Read another configuration file vi wpa_config_read if the file is specified by -I parameter
c. If ctrl_interface and driver_param are specified by configuration file and comman line
parameter, use the one specified by command line
11. Init Step 2: wpa_supplicant_add_iface()
5. wpas_init_driver()
a. Set the driver (e.g. cfg80211 driver)
b. Initialize driver via wpa_drv_init()
c. Setup driver parameter via wpa_drv_set_param() if specified by -p parameter
d. Add the interface into the wpa_s->radio_list via radio_add_interface()
6. Initialize wpa context via wpa_supplicant_init_wpa()
7. Initialize hw feature to wpa_s->hw.modes via
wpa_drv_get_hw_feature_data()
8. Get and setup driver capability via wpa_drv_get_capa()
9. etup bridge or trigger scan via wpa_supplicant_driver_init()
10. If the interface is not P2P device, initialize TDLS via wpa_tdls_init()
11. Set country via wpa_drv_set_country()
12. Init Step 2: wpa_supplicant_add_iface()
12. Initialize WPS via wpas_wps_init()
13. Initialize EAPOL via wpa_supplicant_init_eapol()
14. Initialize the ctrl_iface of the interface via wpa_supplicant_ctrl_iface_init()
15. Initialize GAS query via gas_query_init()
16. Initialize P2P via wpas_p2p_init(), if the interface support P2P devic
operations
17. Set WOW settings via wpas_set_wowlan_triggers()
18. If support P2P device, try to add P2P device interface via
wpas_p2p_add_p2pdev_interface()
13. Init Step 3: wpa_supplicant_run()
1. If -B parameter is assigned, run wpa_supplicant as daemon via
wpa_supplicant_daemon
2. If -W parameter is assigned, start the event loop after external program
starting to attach wpa_supplicant via wpa_supplicant_ctrl_iface_wait()
3. Register terminal signal SIGINT and SIGTERM handler via
eloop_register_signal_terminate
4. Register SIGHUP as reconfig signal via eloop_register_signal_reconfig()
5. Start event loop via eloop_run()
15. What is cfg80211 and libnl
● cfg80211 is a configuration system in Linux kernel for manipulating
802.11 devices
● libnl is the bridge for user space and kernel space to interact with each
other during manipulating 802.11 devices
● nl80211 in kernel registers the generic netlink(nl) family “nl80211”
● wpa_supplicant in userspace calls libnl APIs to communicate with kernel
generic nl family “nl80211”
16. Wpa_supplicant to kernel cf80211 via linbl
1. Initialize netlink connection via netlink_init()
2. Initialize the connection to kernel nl80211 via
wpa_driver_nl80211_init_nl_global()
a. Allocate nl handler via global->nl = nl_create_handle(global->nl_cb, "nl");
b. Resolve nl80211 via global->nl80211_id = genl_ctrl_resolve(global->nl, "nl80211");
c. Allocate event handler via global->nl_event = nl_create_handle(global->nl_cb, "event");
d. Add global->nl_event to “mlme”, “scan”, “regulatory”, “vendor” groups via:
i. ret = nl_get_multicast_id(global, "nl80211", "mlme");
ii. ret = nl_socket_add_membership(global->nl_event, ret);
e. Assign the global event handler via:
i. nl_cb_set(global->nl_cb, NL_CB_VALID, NL_CB_CUSTOM, process_global_event,
global);
f. Assign “mlme”, “scan”, “regulatory”, “vendor” event handler via:
i. nl80211_register_eloop_read(&global->nl_event, wpa_driver_nl80211_event_receive,
18. Why Need to Access Layer 2 Packets
● To maintain the state machine of specified functions (e.g. TDLS),
wpa_supplicant needs to access layer 2(l2) packets
○ e.g. TDLS, many action frames are encapulated in layer 2 packets
19. Take TDLS as Example
1. wpa_supplicant calls l2_packet_init() to initialize the connection to l2 and
monitor the specified l2 packets
a. Assign the rx_callback (wpa_supplicant_rx_tdls())function for specified protocol
b. Assign the rx handle function l2_packet_receive() which will invoke the rx_callback
int wpa_tdls_init(struct wpa_sm *sm)
{
if (sm == NULL)
return -1;
sm->l2_tdls = l2_packet_init(sm->bridge_ifname ? sm->bridge_ifname :
sm->ifname,
sm->own_addr,
ETH_P_80211_ENCAP, wpa_supplicant_rx_tdls,
sm, 0);
if (sm->l2_tdls == NULL) {
wpa_printf(MSG_ERROR, "TDLS: Failed to open l2_packet "
"connection");
return -1;
}
...
22. eloop_run()
● eloop keeps running is eloop.terminate is not set or any count of eloop.
reader, eloop.writer, eloop.exception is not zero
● During the while loop
○ Get first timout event in eloop.timeout list and calculate the remianing time to reach the
timeout
○ Call select() to wait for coming reader, writer, exception events
○ Call eloop_process_pending_signals() to process pending signal by calling their handlers
○ Get first timout event in eloop.timeout list, if the timeout fired, call the handler to process
the timeout event
○ If reader, writer, exception socekts are changed, skip previous select() results
○ Call eloop_sock_table_dispatch() to handle all the set reader, writer, exceptions events
23. Reader, Writer, Exceptions Event Sources
● Reader event source
○ ctrl_iface connection
○ netlink connection between wpa_supplicant and nl80211
○ EAPOL Tx status in wpa_driver_nl80211_drv_init()
○ EAPOL socket in i802_init()
○ Socket for Monitor mode
○ …
● Writer event source
○ Dbus watch
○ http client
● Exception event source
○ Dbus watch
