The Linux Kernel Key Retention Service and why you should use it in your next application
November 28, 2022 2:57PM
Many leaks happen because of software bugs and security vulnerabilities. In this post we will learn how the Linux kernel can help protect cryptographic keys from a whole class of potential security vulnerabilities: memory access violations....
Continue reading »
The Cloudflare API now uses OpenAPI schemas
November 16, 2022 2:00PM
Cloudflare now has OpenAPI Schemas available for the API. Users can use these schemas in any open source OpenAPI Tooling....
Assembly within! BPF tail calls on x86 and ARM
October 10, 2022 2:00PM
We have first adopted the BPF tail calls when building our XDP-based packet processing pipeline. BPF tail calls have served us well since then. But they do have their caveats...
Log analytics using ClickHouse
September 02, 2022 4:33PM
When a request at Cloudflare throws an error, information gets logged in our requests_error pipeline. The error logs are used to help troubleshoot customer-specific or network-wide issues...
Deep dives & how the Internet works
August 25, 2022 7:08PM
We have amazing deep dives in our blog, but also research and how the Internet works kind of stories. Here are some highlights from 2022, and before (with glimpses of our history)....
July 18, 2022 1:56PM
A story about AF_XDP, network namespaces and a cookie
A crash in a development version of flowtrackd (the daemon that powers our Advanced TCP Protection) highlighted the fact that libxdp (and specifically the AF_XDP part) was not Linux network namespace aware. This blogpost describes the debugging journey to find the bug, as well as a fix....