Security Bugs Operations System Requirements Summary Architecture Support Linux Distribution Compatibility & Considerations Linux Kernel Required Kernel Versions for Advanced Features Key-Value store clang+LLVM connectivity between application services deployed using Linux container management platforms like Docker and Kubernetes. At the foundation of Cilium is a new Linux kernel technology called eBPF, which enables the the dynamic insertion of powerful security visibility and control logic within Linux itself. Because eBPF runs inside the Linux kernel, Cilium security policies can be applied and updated without any changes

Enterprise support Security Bugs Operations System Requirements Summary Linux Distribution Compatibility & Considerations Linux Kernel Required Kernel Versions for Advanced Features Key-Value store clang+LLVM connectivity between application services deployed using Linux container management platforms like Docker and Kubernetes. At the foundation of Cilium is a new Linux kernel technology called eBPF, which enables the the dynamic insertion of powerful security visibility and control logic within Linux itself. Because eBPF runs inside the Linux kernel, Cilium security policies can be applied and updated without any changes

Mesos/Marathon Envoy Envoy Go Extensions Administration System Requirements Summary Linux Distribution Compatibility Matrix Linux Kernel Advanced Features and Required Kernel Version Key-Value store clang+LLVM connectivity between application services deployed using Linux container management platforms like Docker and Kubernetes. At the foundation of Cilium is a new Linux kernel technology called BPF, which enables the the dynamic insertion of powerful security visibility and control logic within Linux itself. Because BPF runs inside the Linux kernel, Cilium security policies can be applied and updated without any changes

Mesos/Marathon Envoy Envoy Go Extensions Administra�on System Requirements Summary Linux Distribu�on Compa�bility Matrix Linux Kernel Key-Value store clang+LLVM iproute2 Firewall Rules Privileges Upgrade Guide connec�vity between applica�on services deployed using Linux container management pla�orms like Docker and Kubernetes. At the founda�on of Cilium is a new Linux kernel technology called BPF, which enables the the dynamic inser�on of powerful security visibility and control logic within Linux itself. Because BPF runs inside the Linux kernel, Cilium security policies can be applied and updated without any changes

Training Enterprise support Security Bugs Operations System Requirements Summary Linux Distribution Compatibility Matrix Linux Kernel Required Kernel Versions for Advanced Features Key-Value store clang+LLVM connectivity between application services deployed using Linux container management platforms like Docker and Kubernetes. At the foundation of Cilium is a new Linux kernel technology called eBPF, which enables the the dynamic insertion of powerful security visibility and control logic within Linux itself. Because eBPF runs inside the Linux kernel, Cilium security policies can be applied and updated without any changes

Help FAQ Slack GitHub Security Bugs Operations System Requirements Summary Linux Distribution Compatibility Matrix Linux Kernel Required Kernel Versions for Advanced Features Key-Value store clang+LLVM connectivity between application services deployed using Linux container management platforms like Docker and Kubernetes. At the foundation of Cilium is a new Linux kernel technology called BPF, which enables the the dynamic insertion of powerful security visibility and control logic within Linux itself. Because BPF runs inside the Linux kernel, Cilium security policies can be applied and updated without any changes

Mesos/Marathon Envoy Envoy Go Extensions Administration System Requirements Summary Linux Distribution Compatibility Matrix Linux Kernel Advanced Features and Required Kernel Version Key-Value store clang+LLVM connectivity between application services deployed using Linux container management platforms like Docker and Kubernetes. At the foundation of Cilium is a new Linux kernel technology called BPF, which enables the the dynamic insertion of powerful security visibility and control logic within Linux itself. Because BPF runs inside the Linux kernel, Cilium security policies can be applied and updated without any changes

Who am I? ● Software Engineer at Cloudflare Spectrum TCP/UDP reverse proxy, Linux kernel, ... ● Contributor to Linux kernel networking & BPF subsystems Goal Run a TCP echo service on ports 7, 77 77, and 777 … using one TCP listening socket. Fun? We will need… ❏ VM running Linux kernel 5.9+ ❏ bpftool 5.9+ ❏ libbpf headers ❏ kernel headers vm $ uname -r 5.9.1-36.vanilla.1.fc32.x86_64 vm __u32 remote_port; __u32 local_ip4; __u32 local_port; /* ... */ }; /usr/include/linux/bpf.h 7 77 777 echo_ports BPF HASH map Ncat socket echo_socket BPF SOCKMAP (2) is local port

to all was the cramped engine room, Its critical systems of metal and fire. eBPF originates from Linux, an operating system that runs on billions of devices around the world and is divided into user space needed a fast way to replace items, Adapt quickly to meet demand and make business boom. Because Linux is such a large and important project, updates to the kernel can take years to reach end users running Tux, “I will come to your aid”: He trained them and made sure they could see through the smog. The Linux kernel expects eBPF programs to be loaded in the form of bytecode. Typically, eBPF developers write

gdb First - The environment git clone https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git /source/linux cd linux mkdir build make O=$PWD/build ARCH=x86_64 x86_64_defconfig make O=$PWD/build Remember to: - Select ext4 as filesystem image - Enable networking - Enable the SSH daemon cd /source/linux qemu-system-x86_64 -kernel build/arch/x86/boot/bzImage \ --enable-kvm \ -nic user,hostfwd=tcp::2222-:22 console=ttyS0,115200 acpi=off nokaslr" \ -serial stdio -display none Start the test VM cd /source/linux gdb build/vmlinux (gdb) target remote localhost:1234 (gdb) bpf/syscall.c:4180 (gdb) bpf/syscall.c:796