Blog page
Journey to libbpf 1.0
The road to libbpf 1.0 was long, but we've finally arrived! What's new in libbpf 1.0. Main breaking changes. New and exciting features. And great lengths libbpf goes to ensure best user experience when dealing with a complicated world of BPF.
Read moreProcess Behaviour Anomaly Detection Using eBPF and Unsupervised-Learning Autoencoders
In this post I’m going to describe how to use eBPF syscall tracing in a creative way in order to detect process behaviour anomalies at runtime using an unsupervised learning model called autoencoder.
Read moreIntro to eBPF
eBPF is VERY powerful because it's so ingrained where all the magic happens (the Linux kernel). eBPF lets you write custom code in the kernel.
Read more5G Visibility Using eBPF Technology
eBPF is a powerful tool to use in cloud-native environments. This post discusses the basic features of eBPF and how it can be leverage for observability
Read moreeBPF — Divulging The Hidden Super Power
If you are a performance engineer/network engineer or even security engineer, the chance of you encountering eBPF technology in the future is very high. eBPF now has a huge community of users, including big players like Meta, Google, Cloudflare, and Netflix all using this tech in their daily operations.
Read moreDifferentiate three types of eBPF redirections
There are three types of eBPF redirection fashions in Linux kernel that may confuse developers often: bpf_redirect_peer(), bpf_redirect_neighbor(), and bpf_redirect(). This post helps to clarify them by digging into the code in history order, and also discusses usages & related problems in real world.
Read moreA story about AF_XDP, network namespaces and a cookie
A crash in a development version of flowtrackd (the daemon that powers our Advanced TCP Protection) highlighted the fact that libxdp (and specifically the AF_XDP part) was not Linux network namespace aware. This blogpost describes the debugging journey to find the bug, as well as a fix.
Read moreLinux tracing/profiling 基础:符号表、调用栈、perf /bpftrace 示例等
整理一些 tracing/profiling 笔记,目前内容主要来自 Practical Linux tracing 系列几篇文章。
Read moreLive-patching security vulnerabilities inside the Linux kernel with eBPF Linux Security Module
Learn how to patch Linux security vulnerabilities without rebooting the hardware and how to tighten the security of your Linux operating system with eBPF Linux Security Module
Read moreProduction ready eBPF, or how we fixed the BSD socket API
We are open sourcing the production tooling we’ve built for the sk_lookup hook we contributed to the Linux kernel, called tubular.
Read more