Diving into /proc/[pid]/mem
October 27, 2020 12:00PM
A few months ago, after reading about Cloudflare doubling its intern class, I quickly dusted off my CV and applied for an internship. Long story short: now, a couple of months later, I found myself staring at Linux kernel code and adding a pretty cool feature to gVisor....
Continue reading »
Raking the floods: my intern project using eBPF
September 18, 2020 12:00PM
eBPF
Linux
UDP
Programming
SYN-cookies help mitigating SYN-floods for TCP, but how can we protect services from similar attacks that use UDP? We designed an algorithm and a library to fill this gap, and it’s open source!...
Sandboxing in Linux with zero lines of code
July 08, 2020 12:00PM
Linux
Security
In this post we will review Linux seccomp and learn how to sandbox any (even a proprietary) application without writing a single line of code....
Conntrack tales - one thousand and one flows
April 06, 2020 12:00PM
Conntrack
Linux
Network
TCP
We were wondering - can we just enable Linux "conntrack"? How does it actually work? I volunteered to help the team understand the dark corners of the Linux's "conntrack" stateful firewall subsystem....
Speeding up Linux disk encryption
March 25, 2020 12:00PM
Linux
Kernel
Crypto
Performance
Security
Encrypting data at rest is vital for Cloudflare with more than 200 data centres across the world. In this post, we will investigate the performance of disk encryption on Linux and explain how we made it at least two times faster for ourselves and our customers!...