unit tests on code changes BPF and XDP Reference Guide BPF Architecture Instruction Set Helper Functions Maps Object Pinning Tail Calls BPF to BPF Calls JIT Hardening Offloads Toolchain Development Environment TLS-encrypted connections. This TLS-aware inspection allows Cilium API-aware visibility and policy to function even for connections where client to server communication is protected by TLS, such as when a client Ethernet 2846:00:02.0 Ethernet controller: Mellanox Technologies MT27710 Family [ConnectX-4 Lx Virtual Function] (rev 80) In order to run XDP, large receive offload (LRO) needs to be disabled on the hv_netvsc

unit tests on code changes BPF and XDP Reference Guide BPF Architecture Instruction Set Helper Functions Maps Object Pinning Tail Calls BPF to BPF Calls JIT Hardening Offloads Toolchain Development Environment TLS-encrypted connections. This TLS-aware inspection allows Cilium API-aware visibility and policy to function even for connections where client to server communication is protected by TLS, such as when a client Ethernet 2846:00:02.0 Ethernet controller: Mellanox Technologies MT27710 Family [ConnectX-4 Lx Virtual Function] (rev 80) In order to run XDP, large receive offload (LRO) needs to be disabled on the hv_netvsc

you as the developer to implement three primary functions, shown as blue in the diagram below. We will cover OnData() in this section, and the other functions in section Step 9: Add Policy Loading and Matching Matching. The beating heart of your parsing is implementing the onData function. You can think of any proxy as have two data streams, one in the request direction (i.e., client to server) and one in the OnData is a slice of byte slices (i.e., an array of byte arrays). The return values of the OnData function tell the Go framework tell how data in the stream should be processed, with four primary outcomes:

unit tests on code changes BPF and XDP Reference Guide BPF Architecture Instruction Set Helper Functions Maps Object Pinning Tail Calls BPF to BPF Calls JIT Hardening Offloads Toolchain Development Environment TLS-encrypted connections. This TLS-aware inspection allows Cilium API-aware visibility and policy to function even for connections where client to server communication is protected by TLS, such as when a client you as the developer to implement three primary functions, shown as blue in the diagram below. We will cover OnData() in this section, and the other functions in section Step 9: Add Policy Loading and Matching

unit tests on code changes BPF and XDP Reference Guide BPF Architecture Instruction Set Helper Functions Maps Object Pinning Tail Calls BPF to BPF Calls JIT Hardening Offloads Toolchain Development Environment TLS-encrypted connections. This TLS-aware inspection allows Cilium API-aware visibility and policy to function even for connections where client to server communication is protected by TLS, such as when a client Ethernet 2846:00:02.0 Ethernet controller: Mellanox Technologies MT27710 Family [ConnectX-4 Lx Virtual Function] (rev 80) In order to run XDP, large receive offload (LRO) needs to be disabled on the hv_netvsc

unit tests on code changes BPF and XDP Reference Guide BPF Architecture Instruction Set Helper Functions Maps Object Pinning Tail Calls BPF to BPF Calls JIT Hardening Offloads Toolchain Development Environment TLS-encrypted connections. This TLS-aware inspection allows Cilium API-aware visibility and policy to function even for connections where client to server communication is protected by TLS, such as when a client Ethernet 2846:00:02.0 Ethernet controller: Mellanox Technologies MT27710 Family [ConnectX-4 Lx Virtual Function] (rev 80) In order to run XDP, large receive offload (LRO) needs to be disabled on the hv_netvsc

--set-mark 0xdeadbeef # ipft -m 0xdeadbeef • Network domain specific function call tracer • Trace “which packets have gone through which functions” Output Attaching program (total 1803, succeeded 1001, failed gso_type: tcpv4) 3347634422951 0000 skb_csum_hwoffload_help (len: 5764 gso_type: tcpv4) Functions the packets have gone through CPU ID Time Stamp User defined tracing data (with Lua script) …

programs are also composable with the concept of tail and function calls. eBPF programs can make function calls into a set of dedicated kernel functions (eBPF helpers/kfuncs) to help them accomplish some specific

Policy Language Policy at the Function Call Level ▶ #[func " foo" ] → Apply rules only within a call to foo() ▶ #[kfunc " foo" ] → Same thing, but for kernel functions #! [ profile "/sbin/mylogin"]

make RedBPF support more (all) program types - make it a generic compiler (BCC) • Add utility functions to help dealing with network headers etc… • Improve the compile output - ensure it works with