PIPEFAIL: How a missing shell option slowed Cloudflare down
April 05, 2022
This post tells the story of how a missing shell option called “pipefail” slowed Cloudflare down....
Unlocking QUIC’s proxying potential with MASQUE
March 20, 2022
We continue our technical deep dive into traditional TCP proxying over HTTP...
Missing Manuals - io_uring worker pool
February 04, 2022
Chances are you might have heard of io_uring. It first appeared in Linux 5.1, back in 2019, and was advertised as the new API for asynchronous I/O. Its goal was to be an alternative to the deemed-to-be-broken-beyond-repair AIO, the “old” asynchronous I/O API...
How to stop running out of ephemeral ports and start to love long-lived connections
February 02, 2022
Often programmers have assumptions that turn out, to their surprise, to be invalid. From my experience this happens a lot. Every API, technology or system can be abused beyond its limits and break in a miserable way...
MORE POSTS
September 14, 2021
How we built Instant Logs
In this blog post, we’ll show you how we built a new system that can give you access to your Cloudflare logs in real time, with just a single click....
- By
September 10, 2021
How to execute an object file: Part 3
Continue learning how to import and execute code from an object file. In this part we will handle external library dependencies....
- By
August 26, 2021
Pin, Unpin, and why Rust needs them
Using async Rust libraries is usually easy. It's just like using normal Rust code, with a little async or .await here and there. But writing your own async libraries can be hard. ...
- By
May 06, 2021
Branch predictor: How many "if"s are too many? Including x86 and M1 benchmarks!
Is it ok to have if clauses that will basically never be run? Surely, there must be some performance cost to that......
- By
April 02, 2021
How to execute an object file: Part 2
Continue learning how to import and execute code from an object file. This time we will investigate ELF relocations....
- By
March 02, 2021
How to execute an object file: Part 1
Ever wondered if it is possible to execute an object file without linking? Or use any object file as a library? Follow along to learn how to decompose an object file and import code from it along the way....
- By
December 18, 2020
A quirk in the SUNBURST DGA algorithm
On Wednesday, December 16, the RedDrip Team from QiAnXin Technology released their discoveries (tweet, github) regarding the random subdomains associated with the SUNBURST malware which was present in the SolarWinds Orion compromise. I...
- By
November 27, 2020
ASICs at the Edge
At Cloudflare, we pride ourselves in our global network that spans more than 200 cities in over 100 countries. To accelerate all that traffic through our network, there are multiple technologies at play. So let’s have a look at one of the cornerstones that makes all of this work....
- By
October 27, 2020
Diving into /proc/[pid]/mem
A few months ago, after reading about Cloudflare doubling its intern class, I quickly dusted off my CV and applied for an internship. Long story short: now, a couple of months later, I found myself staring at Linux kernel code and adding a pretty cool feature to gVisor....
- By
October 12, 2020
What is Cloudflare One?
Today, we’re excited to share Cloudflare One™, our vision to tackle the intractable job of corporate security and networking. Run your network on Cloudflare and keep it secure....
- By
September 15, 2020
Secondary DNS - Deep Dive
The goal of Cloudflare operated Secondary DNS is to allow our customers with custom DNS solutions, be it on-premise or some other DNS provider, to be able to take advantage of Cloudflare's DNS performance and more recently, through Secondary Override, our proxying and security ca...
- By
September 09, 2020
Unimog - Cloudflare’s edge load balancer
Unimog is the Layer 4 Load Balancer for Cloudflare’s edge data centers. This post explains the problems it solves and how it works....
- By
July 08, 2020
Sandboxing in Linux with zero lines of code
In this post we will review Linux seccomp and learn how to sandbox any (even a proprietary) application without writing a single line of code....
- By
June 18, 2020
Why is there a "V" in SIGSEGV Segmentation Fault?
My program received a SIGSEGV signal and crashed with "Segmentation Fault" message. Where does the "V" come from? Did I read it wrong? Was there a "Segmentation *V*ault?"? Or did Linux authors make a mistake? Shouldn't the signal be named SIGSEGF? ...
- By