Extensions Administration System Requirements Summary Linux Distribution Compatibility Matrix Linux Kernel Advanced Features and Required Kernel Version Key-Value store clang+LLVM iproute2 Firewall Rules between application services deployed using Linux container management platforms like Docker and Kubernetes. At the foundation of Cilium is a new Linux kernel technology called BPF, which enables the dynamic dynamic insertion of powerful security visibility and control logic within Linux itself. Because BPF runs inside the Linux kernel, Cilium security policies can be applied and updated without any changes

Mesos/Marathon Envoy Envoy Go Extensions Administra�on System Requirements Summary Linux Distribu�on Compa�bility Matrix Linux Kernel Key-Value store clang+LLVM iproute2 Firewall Rules Privileges Upgrade Guide between applica�on services deployed using Linux container management pla�orms like Docker and Kubernetes. At the founda�on of Cilium is a new Linux kernel technology called BPF, which enables the dynamic dynamic inser�on of powerful security visibility and control logic within Linux itself. Because BPF runs inside the Linux kernel, Cilium security policies can be applied and updated without any changes to

support Security Bugs Operations System Requirements Summary Linux Distribution Compatibility & Considerations Linux Kernel Required Kernel Versions for Advanced Features Key-Value store clang+LLVM iproute2 LLVM iproute2 bpftool BPF sysctls Kernel Testing JIT Debugging Introspection Tracing pipe Miscellaneous Program Types XDP tc (traffic control) Further Reading Kernel Developer FAQ Projects using BPF between application services deployed using Linux container management platforms like Docker and Kubernetes. At the foundation of Cilium is a new Linux kernel technology called eBPF, which enables the dynamic

Extensions Administration System Requirements Summary Linux Distribution Compatibility Matrix Linux Kernel Advanced Features and Required Kernel Version Key-Value store clang+LLVM iproute2 Firewall Rules LLVM iproute2 bpftool BPF sysctls Kernel Testing JIT Debugging Introspection Tracing pipe Miscellaneous Program Types XDP tc (traffic control) Further Reading Kernel Developer FAQ Projects using BPF between application services deployed using Linux container management platforms like Docker and Kubernetes. At the foundation of Cilium is a new Linux kernel technology called BPF, which enables the dynamic

Operations System Requirements Summary Architecture Support Linux Distribution Compatibility & Considerations Linux Kernel Required Kernel Versions for Advanced Features Key-Value store clang+LLVM iproute2 LLVM iproute2 bpftool BPF sysctls Kernel Testing JIT Debugging Introspection Tracing pipe Miscellaneous Program Types XDP tc (traffic control) Further Reading Kernel Developer FAQ Projects using BPF between application services deployed using Linux container management platforms like Docker and Kubernetes. At the foundation of Cilium is a new Linux kernel technology called eBPF, which enables the dynamic

Enterprise support Security Bugs Operations System Requirements Summary Linux Distribution Compatibility Matrix Linux Kernel Required Kernel Versions for Advanced Features Key-Value store clang+LLVM iproute2 LLVM iproute2 bpftool BPF sysctls Kernel Testing JIT Debugging Introspection Tracing pipe Miscellaneous Program Types XDP tc (traffic control) Further Reading Kernel Developer FAQ Projects using BPF between application services deployed using Linux container management platforms like Docker and Kubernetes. At the foundation of Cilium is a new Linux kernel technology called eBPF, which enables the dynamic

Slack GitHub Security Bugs Operations System Requirements Summary Linux Distribution Compatibility Matrix Linux Kernel Required Kernel Versions for Advanced Features Key-Value store clang+LLVM iproute2 LLVM iproute2 bpftool BPF sysctls Kernel Testing JIT Debugging Introspection Tracing pipe Miscellaneous Program Types XDP tc (traffic control) Further Reading Kernel Developer FAQ Projects using BPF between application services deployed using Linux container management platforms like Docker and Kubernetes. At the foundation of Cilium is a new Linux kernel technology called BPF, which enables the dynamic

fire. eBPF originates from Linux, an operating system that runs on billions of devices around the world and is divided into user space (where most applications run) and kernel space (which provides an interface interface for applications to interact with the underlying hardware). The kernel has visibility across the entire system and is highly performant, but needs to provide a stable interface to applications applications, so it lacks the flexibility of user space programming. Applications User space Kernel System calls Files Networking Process Memory Flying for years across the galaxy and back, The crew learned

easy to understand Why ? The BPF subsystem lives in the kernel AND The kernel can be debugged using gdb The approach We need: ● A kernel image ● A root filesystem ● An eBPF program that doesn’t doesn’t work ● gdb First - The environment git clone https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git /source/linux cd linux mkdir build make O=$PWD/build ARCH=x86_64 x86_64_defconfig make O=$PWD/build ARCH=x86_64 menuconfig make O=$PWD/build ARCH=x86_64 -j16 Kernel image Remember to: - Enable debugging symbols under Kernel Hacking -> compile options git clone git://git.buildroot.net/buildroot

Who am I? ● Software Engineer at Cloudflare Spectrum TCP/UDP reverse proxy, Linux kernel, ... ● Contributor to Linux kernel networking & BPF subsystems Goal Run a TCP echo service on ports 7, 77, and … using one TCP listening socket. Fun? We will need… ❏ VM running Linux kernel 5.9+ ❏ bpftool 5.9+ ❏ libbpf headers ❏ kernel headers vm $ uname -r 5.9.1-36.vanilla.1.fc32.x86_64 vm $ bpftool version __u32 remote_port; __u32 local_ip4; __u32 local_port; /* ... */ }; /usr/include/linux/bpf.h 7 77 777 echo_ports BPF HASH map Ncat socket echo_socket BPF SOCKMAP (2) is local port