to all was the cramped engine room, Its critical systems of metal and fire. eBPF originates from Linux, an operating system that runs on billions of devices around the world and is divided into user space needed a fast way to replace items, Adapt quickly to meet demand and make business boom. Because Linux is such a large and important project, updates to the kernel can take years to reach end users running they could see through the smog. The Linux kernel expects eBPF programs to be loaded in the form of bytecode. Typically, eBPF developers write programs in C, Rust, or other languages, which are then compiled

? ? In This Talk… • Different “types” of BPF programs • Write BPF programs in Rust • Add new feature in RedBPF • Use BPF maps to make stateful decisions • Load the program and protect the Rabbit(MQ) Rabbit(MQ)! About Me • Software Engineer @ CCP Games • @aquarhead on GitHub, Twitter… • Rust (and Elixir) • Disclaimer: new to BPF & kernel networking, pardon my mistake and welcome corrections • RedBPF uses Rust for both in-kernel and user- space programs - benefits from LLVM integration • Rust: expressive type system, modern toolchain - but most importantly, I love Rust! • For networking

Security Bugs Operations System Requirements Summary Architecture Support Linux Distribution Compatibility & Considerations Linux Kernel Required Kernel Versions for Advanced Features Key-Value store clang+LLVM connectivity between application services deployed using Linux container management platforms like Docker and Kubernetes. At the foundation of Cilium is a new Linux kernel technology called eBPF, which enables the the dynamic insertion of powerful security visibility and control logic within Linux itself. Because eBPF runs inside the Linux kernel, Cilium security policies can be applied and updated without any changes

Enterprise support Security Bugs Operations System Requirements Summary Linux Distribution Compatibility & Considerations Linux Kernel Required Kernel Versions for Advanced Features Key-Value store clang+LLVM connectivity between application services deployed using Linux container management platforms like Docker and Kubernetes. At the foundation of Cilium is a new Linux kernel technology called eBPF, which enables the the dynamic insertion of powerful security visibility and control logic within Linux itself. Because eBPF runs inside the Linux kernel, Cilium security policies can be applied and updated without any changes

Mesos/Marathon Envoy Envoy Go Extensions Administration System Requirements Summary Linux Distribution Compatibility Matrix Linux Kernel Advanced Features and Required Kernel Version Key-Value store clang+LLVM connectivity between application services deployed using Linux container management platforms like Docker and Kubernetes. At the foundation of Cilium is a new Linux kernel technology called BPF, which enables the the dynamic insertion of powerful security visibility and control logic within Linux itself. Because BPF runs inside the Linux kernel, Cilium security policies can be applied and updated without any changes

Mesos/Marathon Envoy Envoy Go Extensions Administra�on System Requirements Summary Linux Distribu�on Compa�bility Matrix Linux Kernel Key-Value store clang+LLVM iproute2 Firewall Rules Privileges Upgrade Guide connec�vity between applica�on services deployed using Linux container management pla�orms like Docker and Kubernetes. At the founda�on of Cilium is a new Linux kernel technology called BPF, which enables the the dynamic inser�on of powerful security visibility and control logic within Linux itself. Because BPF runs inside the Linux kernel, Cilium security policies can be applied and updated without any changes

Training Enterprise support Security Bugs Operations System Requirements Summary Linux Distribution Compatibility Matrix Linux Kernel Required Kernel Versions for Advanced Features Key-Value store clang+LLVM connectivity between application services deployed using Linux container management platforms like Docker and Kubernetes. At the foundation of Cilium is a new Linux kernel technology called eBPF, which enables the the dynamic insertion of powerful security visibility and control logic within Linux itself. Because eBPF runs inside the Linux kernel, Cilium security policies can be applied and updated without any changes

Help FAQ Slack GitHub Security Bugs Operations System Requirements Summary Linux Distribution Compatibility Matrix Linux Kernel Required Kernel Versions for Advanced Features Key-Value store clang+LLVM connectivity between application services deployed using Linux container management platforms like Docker and Kubernetes. At the foundation of Cilium is a new Linux kernel technology called BPF, which enables the the dynamic insertion of powerful security visibility and control logic within Linux itself. Because BPF runs inside the Linux kernel, Cilium security policies can be applied and updated without any changes

Mesos/Marathon Envoy Envoy Go Extensions Administration System Requirements Summary Linux Distribution Compatibility Matrix Linux Kernel Advanced Features and Required Kernel Version Key-Value store clang+LLVM connectivity between application services deployed using Linux container management platforms like Docker and Kubernetes. At the foundation of Cilium is a new Linux kernel technology called BPF, which enables the the dynamic insertion of powerful security visibility and control logic within Linux itself. Because BPF runs inside the Linux kernel, Cilium security policies can be applied and updated without any changes

Who am I? ● Software Engineer at Cloudflare Spectrum TCP/UDP reverse proxy, Linux kernel, ... ● Contributor to Linux kernel networking & BPF subsystems Goal Run a TCP echo service on ports 7, 77 77, and 777 … using one TCP listening socket. Fun? We will need… ❏ VM running Linux kernel 5.9+ ❏ bpftool 5.9+ ❏ libbpf headers ❏ kernel headers vm $ uname -r 5.9.1-36.vanilla.1.fc32.x86_64 vm __u32 remote_port; __u32 local_ip4; __u32 local_port; /* ... */ }; /usr/include/linux/bpf.h 7 77 777 echo_ports BPF HASH map Ncat socket echo_socket BPF SOCKMAP (2) is local port