Linux - The Cloudflare Blog

How to execute an object file: Part 4, AArch64 edition

November 17, 2023 2:00PM

The initial posts are dedicated to the x86 architecture. Since then, the fleet of our working machines has expanded to include a large and growing number of ARM CPUs. This time we’ll repeat this exercise for the aarch64 architecture....

Oxana Kharitonova

The Linux Crypto API for user applications

May 11, 2023 2:00PM

Linux Kernel

If you run your software on Linux, the Linux Kernel itself can satisfy all your cryptographic needs! In this post we will explore Linux Crypto API for user applications and try to understand its pros and cons...

Oxana Kharitonova

The quantum state of a TCP port

March 20, 2023 1:00PM

Kernel Linux Deep Dive

If I navigate to https://blog.cloudflare.com/, my browser will connect to a remote TCP address from the local IP address assigned to my machine, and a randomly chosen local TCP port. What happens if I then decide to head to another site?...

Jakub Sitnicki

CVE-2022-47929: traffic control noqueue no problem?

January 31, 2023 2:00PM

Linux Security Vulnerabilities CVE

In the Linux kernel before 6.1.6, a NULL pointer dereference bug in the traffic control subsystem allows an unprivileged user to trigger a denial of service (system crash) via a crafted traffic control configuration that is set up with "tc qdisc" and "tc class" commands....

Frederick Lawler

A debugging story: corrupt packets in AF_XDP; a kernel bug or user error?

January 16, 2023 1:46PM

Deep Dive Linux

A race condition in the virtual ethernet driver of the Linux kernel led to occasional packet content corruptions, which resulted in unwanted packet drops by one of our DDoS mitigation systems. This blogpost describes the thought process and technique we used to debug this complex issue....

November 28, 2022 2:57PM

The Linux Kernel Key Retention Service and why you should use it in your next application

Many leaks happen because of software bugs and security vulnerabilities. In this post we will learn how the Linux kernel can help protect cryptographic keys from a whole class of potential security vulnerabilities: memory access violations....

By

Oxana Kharitonova
, Ignat Korchagin

Linux , Kernel , Deep Dive

July 26, 2022 2:00PM

When the window is not fully open, your TCP stack is doing more than you think

In this blog post I'll share my journey deep into the Linux networking stack, trying to understand the memory and window management of the receiving side of a TCP connection...

By

Marek Majkowski

Linux , TCP

July 18, 2022 1:56PM

A story about AF_XDP, network namespaces and a cookie

A crash in a development version of flowtrackd (the daemon that powers our Advanced TCP Protection) highlighted the fact that libxdp (and specifically the AF_XDP part) was not Linux network namespace aware. This blogpost describes the debugging journey to find the bug, as well as a fix....

By

Bastien Dhiver

Deep Dive , Linux

July 04, 2022 1:55PM

A July 4 technical reading list

Here’s a short list of recent technical blog posts to give you something to read today...

By

John Graham-Cumming

Reading List , Cloudflare Radar , Linux , TCP , Hertzbleed

June 29, 2022 12:45PM

Live-patching security vulnerabilities inside the Linux kernel with eBPF Linux Security Module

Learn how to patch Linux security vulnerabilities without rebooting the hardware and how to tighten the security of your Linux operating system with eBPF Linux Security Module...

By

Frederick Lawler

Linux , Security , Deep Dive , Programming

February 17, 2022 5:02PM

Production ready eBPF, or how we fixed the BSD socket API

We are open sourcing the production tooling we’ve built for the sk_lookup hook we contributed to the Linux kernel, called tubular...

By

Lorenz Bauer

eBPF , Linux , Go

February 04, 2022 1:58PM

Missing Manuals - io_uring worker pool

Chances are you might have heard of io_uring. It first appeared in Linux 5.1, back in 2019, and was advertised as the new API for asynchronous I/O. Its goal was to be an alternative to the deemed-to-be-broken-beyond-repair AIO, the “old” asynchronous I/O API...

By

Jakub Sitnicki

Kernel , Linux , Deep Dive

February 02, 2022 9:53AM

How to stop running out of ephemeral ports and start to love long-lived connections

Often programmers have assumptions that turn out, to their surprise, to be invalid. From my experience this happens a lot. Every API, technology or system can be abused beyond its limits and break in a miserable way...

By

Marek Majkowski

Deep Dive , UDP , TCP , Linux

September 10, 2021 1:58PM

How to execute an object file: Part 3

Continue learning how to import and execute code from an object file. In this part we will handle external library dependencies....

By

Ignat Korchagin

Linux , Programming , Deep Dive