Subscription confirmed. Thank you for subscribing!
July 26, 2022 2:00PM
In this blog post I'll share my journey deep into the Linux networking stack, trying to understand the memory and window management of the receiving side of a TCP connection...
February 02, 2022 9:53AM
Often programmers have assumptions that turn out, to their surprise, to be invalid. From my experience this happens a lot. Every API, technology or system can be abused beyond its limits and break in a miserable way...
November 25, 2021 5:27PM
Historically Cloudflare's core competency was operating an HTTP reverse proxy. We've spent significant effort optimizing traditional HTTP/1.1 and HTTP/2 servers running on top of TCP. Recently though, we started operating big scale stateful UDP services....
May 06, 2021 2:00PM
Is it ok to have if clauses that will basically never be run? Surely, there must be some performance cost to that......
December 18, 2020 12:00PM
Last year we deployed a CSAM image scanning tool. This is so cool! Image processing is always hard, and deploying a real image identification system at a Cloudflare scale is no small achievement! But we hit a problem - the matching algorithm was too slow for our needs....
June 18, 2020 12:56PM
My program received a SIGSEGV signal and crashed with "Segmentation Fault" message. Where does the "V" come from? Did I read it wrong? Was there a "Segmentation *V*ault?"? Or did Linux authors make a mistake? Shouldn't the signal be named SIGSEGF?...
April 06, 2020 12:00PM
We were wondering - can we just enable Linux "conntrack"? How does it actually work? I volunteered to help the team understand the dark corners of the Linux's "conntrack" stateful firewall subsystem....
March 02, 2020 1:00PM
Last month finally I had an opportunity to use Bloom filters. I became fascinated with the promise of this data structure, but I quickly realized it had some drawbacks. This blog post is the tale of my brief love affair with Bloom filters....
September 20, 2019 4:53PM
We noticed something weird - the TCP sockets which we thought should have been closed - were lingering around. We realized we don't really understand when TCP sockets are supposed to time out! We naively thought enabling TCP keepalives would be enough... but it isn't!...
September 20, 2019 4:53PM
在我们的Spectrum服务器上工作时,我们注意到了一些奇怪的现象:我们认为应该关闭了的TCP套接字一直在徘徊。我们意识到我们并不真正了解TCP套接字何时应该超时!...
September 20, 2019 4:53PM
닫혀 있어야 할 TCP 소켓이 계속 남아 있다는 이상한 점을 깨닫게 되었습니다. TCP 소켓이 언제 타임 아웃되는지 제대로 이해하고 있지 않았던 것입니다! TCP 킵얼라이브만 켜 두면 될 거라 생각했습니다만... 그렇지 않았습니다!...
July 10, 2019 2:07PM
For some time I’ve wanted to play with coverage-guided fuzzing. I decided to have a go at the Linux Kernel netlink machinery. It's a good target: it's an obscure part of kernel, and it's relatively easy to automatically craft valid messages....
May 18, 2019 4:00PM
最近,在布拉格Linux网络会议Netdev 0x13上,我做了一个简短的演讲,题目是“Cloudflare上的Linux”。演讲最后主要是关于BPF(柏克莱封包过滤器)的。似乎,不管问题是什么——BPF都是答案。...
May 18, 2019 4:00PM
Récemment à laNetdev 0x13, lors de la conférence sur les réseaux Linux à Prague, je suisbrièvement intervenu sur « Linux chez Cloudflare ». La discussion a surtout porté sur BPF. Il semble, peu importe la question, que la réponse soit BPF....
May 18, 2019 4:00PM
Recientemente, en Netdev 0x13, la conferencia sobre Redes en Linux en Praga, di una breve charla titulada “Linux en Cloudflare”. La charla terminó siendo casi en su totalidad sobre el BPF....
May 18, 2019 4:00PM
Recently at I gave a short talk titled "Linux at Cloudflare". The talk ended up being mostly about BPF. It seems, no matter the question - BPF is the answer. Here is a transcript of a slightly adjusted version of that talk....
May 18, 2019 2:00PM
Vor Kurzem hielt ich bei der Netdev 0x13 , der Konferenz über Linux-Netzwerke in Prag, einen kurzen Vortrag mit dem Titel „Linux bei Cloudflare“....
March 15, 2019 5:01PM
Ladies and gentlemen, I would like you to welcome the new shiny RFC8482, which effectively deprecates DNS ANY query type. DNS ANY was a "meta-query" - think about it as a similar thing to the common A, AAAA, MX or SRV query types, but unlike these it wasn't a real query type - it was special....
February 18, 2019 1:13PM
Proper TCP socket splicing reduces the load on userspace processes and enables more efficient data forwarding. We realized that Linux Kernel's SOCKMAP infrastructure can be reused for this purpose....
January 04, 2019 11:02AM
The Linux AIO is designed for, well, Asynchronous disk IO! Disk files are not the same thing as network sockets! Is it even possible to use the Linux AIO API with network sockets in the first place? The answer turns out to be a strong YES!...
