Linux - The Cloudflare Blog

When the window is not fully open, your TCP stack is doing more than you think

July 26, 2022 2:00PM

In this blog post I'll share my journey deep into the Linux networking stack, trying to understand the memory and window management of the receiving side of a TCP connection...

Marek Majkowski

A story about AF_XDP, network namespaces and a cookie

July 18, 2022 1:56PM

Deep Dive Linux Networking

A crash in a development version of flowtrackd (the daemon that powers our Advanced TCP Protection) highlighted the fact that libxdp (and specifically the AF_XDP part) was not Linux network namespace aware. This blogpost describes the debugging journey to find the bug, as well as a fix....

Bastien Dhiver

A July 4 technical reading list

July 04, 2022 1:55PM

Reading List Cloudflare Radar Linux TCP Hertzbleed

Here’s a short list of recent technical blog posts to give you something to read today...

John Graham-Cumming

Live-patching security vulnerabilities inside the Linux kernel with eBPF Linux Security Module

June 29, 2022 12:45PM

Linux Security Deep Dive Programming

Learn how to patch Linux security vulnerabilities without rebooting the hardware and how to tighten the security of your Linux operating system with eBPF Linux Security Module...

Frederick Lawler

Production ready eBPF, or how we fixed the BSD socket API

February 17, 2022 5:02PM

eBPF Linux sockets Go

We are open sourcing the production tooling we’ve built for the sk_lookup hook we contributed to the Linux kernel, called tubular...

Lorenz Bauer

February 04, 2022 1:58PM

Missing Manuals - io_uring worker pool

Chances are you might have heard of io_uring. It first appeared in Linux 5.1, back in 2019, and was advertised as the new API for asynchronous I/O. Its goal was to be an alternative to the deemed-to-be-broken-beyond-repair AIO, the “old” asynchronous I/O API...

By

Jakub Sitnicki

Kernel , Linux , io_uring , aio , Deep Dive

February 02, 2022 9:53AM

How to stop running out of ephemeral ports and start to love long-lived connections

Often programmers have assumptions that turn out, to their surprise, to be invalid. From my experience this happens a lot. Every API, technology or system can be abused beyond its limits and break in a miserable way...

By

Marek Majkowski

Deep Dive , UDP , TCP , Linux , Networking

September 10, 2021 1:58PM

How to execute an object file: Part 3

Continue learning how to import and execute code from an object file. In this part we will handle external library dependencies....

By

Ignat Korchagin

Linux , Compiler , Programming , Software , Deep Dive

April 02, 2021 12:00PM

How to execute an object file: Part 2

Continue learning how to import and execute code from an object file. This time we will investigate ELF relocations....

By

Ignat Korchagin

Linux , Compiler , Programming , Software , Deep Dive

March 18, 2021 2:18PM

A deep-dive into Cloudflare’s autonomous edge DDoS protection

Introducing our autonomous DDoS (Distributed Denial of Service) protection system, globally deployed to all of Cloudflare’s 200+ data centers, and is actively protecting all our customers against DDoS attacks across layers 3 to 7 (in the OSI model) without requiring any human intervention....

By

Omer Yoachimik

DDoS , Gatebot , dosd , Linux , XDP

March 04, 2021 12:00PM

Conntrack turns a blind eye to dropped SYNs

We have been dealing with conntrack, the connection tracking layer in the Linux kernel, for years. And yet, despite the collected know-how, questions about its inner workings occasionally come up. When they do, it is hard to resist the temptation to go digging for answers....

By

Jakub Sitnicki

Conntrack , Linux , Network , Kernel , Tracing

March 02, 2021 12:00PM

How to execute an object file: Part 1

Ever wondered if it is possible to execute an object file without linking? Or use any object file as a library? Follow along to learn how to decompose an object file and import code from it along the way....

By

Ignat Korchagin

Linux , Compiler , Programming , Software , Deep Dive

October 27, 2020 12:00PM

Diving into /proc/[pid]/mem

A few months ago, after reading about Cloudflare doubling its intern class, I quickly dusted off my CV and applied for an internship. Long story short: now, a couple of months later, I found myself staring at Linux kernel code and adding a pretty cool feature to gVisor....

By

Lennart Espe

Deep Dive , Programming , Linux

September 18, 2020 12:00PM

Raking the floods: my intern project using eBPF

SYN-cookies help mitigating SYN-floods for TCP, but how can we protect services from similar attacks that use UDP? We designed an algorithm and a library to fill this gap, and it’s open source!...

By

Jonas Otten

eBPF , Linux , UDP , Programming