A story about AF_XDP, network namespaces and a cookie
July 18, 2022 1:56PM
A crash in a development version of flowtrackd (the daemon that powers our Advanced TCP Protection) highlighted the fact that libxdp (and specifically the AF_XDP part) was not Linux network namespace aware. This blogpost describes the debugging journey to find the bug, as well as a fix....
Continue reading »
Optimizing TCP for high WAN throughput while preserving low latency
July 01, 2022 2:00PM
Deep Dive
TCP
Latency
Optimization
In this post, we describe how we modified the Linux kernel to optimize for both low latency and high throughput concurrently...
Live-patching security vulnerabilities inside the Linux kernel with eBPF Linux Security Module
June 29, 2022 12:45PM
Linux
Security
Deep Dive
Programming
Learn how to patch Linux security vulnerabilities without rebooting the hardware and how to tighten the security of your Linux operating system with eBPF Linux Security Module...
Hertzbleed explained
June 28, 2022 1:57PM
Deep Dive
Side Channel
Hertzbleed
SIKE
Research
Hertzbleed is a brand-new family of side-channel attacks that monitors changes on CPU frequency...
Decommissioning your VDI
June 24, 2022 2:45PM
Cloudflare One Week
VDI
Security
Zero Trust
Deep Dive
This blog offers Cloudflare’s perspective on how remote browser isolation can help organizations offload internal web application use cases currently secured by virtual desktop infrastructure (VDI)...
April 27, 2022 3:02PM
Cloudflare blocks 15M rps HTTPS DDoS attack
Earlier this month, Cloudflare’s systems automatically detected and mitigated a 15.3 million request-per-second (rps) DDoS attack — one of the largest HTTPS DDoS attacks on record...