MORE POSTS
January 31, 2023 2:00 PM
CVE-2022-47929: traffic control noqueue no problem?
In the Linux kernel before 6.1.6, a NULL pointer dereference bug in the traffic control subsystem allows an unprivileged user to trigger a denial of service (system crash) via a crafted traffic control configuration that is set up with "tc qdisc" and "tc class" commands....
January 16, 2023 1:46 PM
A debugging story: corrupt packets in AF_XDP; a kernel bug or user error?
A race condition in the virtual ethernet driver of the Linux kernel led to occasional packet content corruptions, which resulted in unwanted packet drops by one of our DDoS mitigation systems. This blogpost describes the thought process and technique we used to debug this complex...
November 28, 2022 2:57 PM
The Linux Kernel Key Retention Service and why you should use it in your next application
Many leaks happen because of software bugs and security vulnerabilities. In this post we will learn how the Linux kernel can help protect cryptographic keys from a whole class of potential security vulnerabilities: memory access violations....
July 26, 2022 1:00 PM
When the window is not fully open, your TCP stack is doing more than you think
In this blog post I'll share my journey deep into the Linux networking stack, trying to understand the memory and window management of the receiving side of a TCP connection...
July 18, 2022 12:56 PM
A story about AF_XDP, network namespaces and a cookie
A crash in a development version of flowtrackd (the daemon that powers our Advanced TCP Protection) highlighted the fact that libxdp (and specifically the AF_XDP part) was not Linux network namespace aware. This blogpost describes the debugging journey to find the bug, as well as...
July 04, 2022 12:55 PM
A July 4 technical reading list
Here’s a short list of recent technical blog posts to give you something to read today...
June 29, 2022 11:45 AM
Live-patching security vulnerabilities inside the Linux kernel with eBPF Linux Security Module
Learn how to patch Linux security vulnerabilities without rebooting the hardware and how to tighten the security of your Linux operating system with eBPF Linux Security Module...
February 17, 2022 5:02 PM
Production ready eBPF, or how we fixed the BSD socket API
We are open sourcing the production tooling we’ve built for the sk_lookup hook we contributed to the Linux kernel, called tubular...
February 04, 2022 1:58 PM
Missing Manuals - io_uring worker pool
Chances are you might have heard of io_uring. It first appeared in Linux 5.1, back in 2019, and was advertised as the new API for asynchronous I/O. Its goal was to be an alternative to the deemed-to-be-broken-beyond-repair AIO, the “old” asynchronous I/O API...
February 02, 2022 9:53 AM
How to stop running out of ephemeral ports and start to love long-lived connections
Often programmers have assumptions that turn out, to their surprise, to be invalid. From my experience this happens a lot. Every API, technology or system can be abused beyond its limits and break in a miserable way...
September 10, 2021 12:58 PM
How to execute an object file: Part 3
Continue learning how to import and execute code from an object file. In this part we will handle external library dependencies....
April 02, 2021 11:00 AM
How to execute an object file: Part 2
Continue learning how to import and execute code from an object file. This time we will investigate ELF relocations....
March 18, 2021 2:18 PM
A deep-dive into Cloudflare’s autonomous edge DDoS protection
Introducing our autonomous DDoS (Distributed Denial of Service) protection system, globally deployed to all of Cloudflare’s 200+ data centers, and is actively protecting all our customers against DDoS attacks across layers 3 to 7 (in the OSI model) without requiring any human int...
March 04, 2021 12:00 PM
Conntrack turns a blind eye to dropped SYNs
We have been dealing with conntrack, the connection tracking layer in the Linux kernel, for years. And yet, despite the collected know-how, questions about its inner workings occasionally come up. When they do, it is hard to resist the temptation to go digging for answers....
March 02, 2021 12:00 PM
How to execute an object file: Part 1
Ever wondered if it is possible to execute an object file without linking? Or use any object file as a library? Follow along to learn how to decompose an object file and import code from it along the way....