A July 4 technical reading list
2022-07-04
Here’s a short list of recent technical blog posts to give you something to read today...
Continue reading »
Production ready eBPF, or how we fixed the BSD socket API
2022-02-17
We are open sourcing the production tooling we’ve built for the sk_lookup hook we contributed to the Linux kernel, called tubular...
How We Used eBPF to Build Programmable Packet Filtering in Magic Firewall
2021-12-06
By combining the power of eBPF and Nftables, Magic Firewall can mitigate sophisticated attacks on infrastructure by enforcing a positive security model....
Raking the floods: my intern project using eBPF
2020-09-18
SYN-cookies help mitigating SYN-floods for TCP, but how can we protect services from similar attacks that use UDP? We designed an algorithm and a library to fill this gap, and it’s open source!...
It's crowded in here
2019-10-12
We recently gave a presentation on Programming socket lookup with BPF at the Linux Plumbers Conference 2019 in Lisbon, Portugal. This blog post is a recap of the problem statement and proposed solution we presented....
MORE POSTS
May 18, 2019 3:00 PM
Cloudflare architecture and how BPF eats the world
Recently at I gave a short talk titled "Linux at Cloudflare". The talk ended up being mostly about BPF. It seems, no matter the question - BPF is the answer. Here is a transcript of a slightly adjusted version of that talk....
- By
May 03, 2019 1:00 PM
eBPF can't count?!
It is unlikely we can tell you anything new about the extended Berkeley Packet Filter, eBPF for short, if you've read all the great man pages, docs, guides, and some of our blogs out there. But we can tell you a war story, who doesn't like those? ...
- By
August 24, 2018 3:11 PM
Introducing ebpf_exporter
Here at Cloudflare we use Prometheus to collect operational metrics. We run it on hundreds of servers and ingest millions of metrics per second to get insight into our network and provide the best possible service to our customers....
- By
May 13, 2018 4:00 PM
Tracing System CPU on Debian Stretch
How an innocent OS upgrade triggered a cascade of issues and forced us into tracing Linux networking internals....
- By
March 29, 2018 10:43 AM
eBPF, Sockets, Hop Distance and manually writing eBPF assembly
A friend gave me an interesting task: extract IP TTL values from TCP connections established by a userspace program. This seemingly simple task quickly exploded into an epic Linux system programming hack. ...
- By