Blog page
Differentiate three types of eBPF redirections
There are three types of eBPF redirection fashions in Linux kernel that may confuse developers often: bpf_redirect_peer(), bpf_redirect_neighbor(), and bpf_redirect(). This post helps to clarify them by digging into the code in history order, and also discusses usages & related problems in real world.
Read moreA story about AF_XDP, network namespaces and a cookie
A crash in a development version of flowtrackd (the daemon that powers our Advanced TCP Protection) highlighted the fact that libxdp (and specifically the AF_XDP part) was not Linux network namespace aware. This blogpost describes the debugging journey to find the bug, as well as a fix.
Read moreLinux tracing/profiling 基础:符号表、调用栈、perf /bpftrace 示例等
整理一些 tracing/profiling 笔记,目前内容主要来自 Practical Linux tracing 系列几篇文章。
Read moreLive-patching security vulnerabilities inside the Linux kernel with eBPF Linux Security Module
Learn how to patch Linux security vulnerabilities without rebooting the hardware and how to tighten the security of your Linux operating system with eBPF Linux Security Module
Read moreProduction ready eBPF, or how we fixed the BSD socket API
We are open sourcing the production tooling we’ve built for the sk_lookup hook we contributed to the Linux kernel, called tubular.
Read moreBPF CO-RE reference guide
A practical reference guide to using the full power of BPF CO-RE (Compile Once – Run Everywhere).
Read moreeBPF Instruction Sets
Not everyone who develops BPF programs knows that several versions of the instruction set exist. This isn’t really surprising given documentation on the subject is scarce. So let’s go through the different eBPF instruction sets, why they exist, and why their choice matters.
Read moreFeatures of bpftool: the thread of tips and examples to work with eBPF objects
Working with eBPF? Discover how bpftool can help you load, inspect, update your eBPF programs, maps, and more.
Read moreHow To Add eBPF Observability To Your Product
There's an arms race to add eBPF to commercial observability products, and in this post I'll describe how to quickly do that. This is also applicable for people adding it to their own in-house monitoring systems.
Read moreBPF tips & tricks: the guide to bpf_trace_printk() and bpf_printk()
Any non-trivial BPF program always needs some amount of debugging to get it working correctly. Unfortunately, there isn't a BPF debugger yet, so the next best thing is to sprinkle printf()-like statements around and see what's going on in the BPF program. BPF equivalent of printf() is the bpf_trace_printk() helper. In this blog post we'll look at how to use it, what are its limitations, and how to work around them.
Read more