How to use the new Docker Seccomp profiles

Debugging and creating custom seccomp profiles for Docker containers.

New Linux Patches Allow Manipulating Out-Of-Memory Behavior Using BPF

Google engineer Roman Gushchin has proposed the ability for the Linux kernel to customize the out-of-memory 'OOM' behavior using BPF programs.

New Linux Patches Allow Manipulating Out-Of-Memory Behavior Using BPF

Google engineer Roman Gushchin has proposed the ability for the Linux kernel to customize the out-of-memory 'OOM' behavior using BPF programs.

Introducing TCP-in-UDP solution

The MPTCP protocol is complex, mainly to be able to survive on the Internet where middleboxes such as NATs, firewalls, IDS or proxies can modify parts of the TCP packets. Worst case scenario, an MPTCP connection should fallback to “plain” TCP. Today, such fallbacks are rarer than before – probably because MPTCP has been used since 2013 on millions of Apple smartphones worldwide – but they can still exist, e.g. on some mobile networks using Performance Enhancing Proxies (PEPs) where MPTCP connections are not bypassed. In such cases, a solution to continue benefiting from MPTCP is to tunnel the MPTCP connections. Different solutions exist, but they usually add extra layers, and requires setting a virtual private network (VPN) up with private IP addresses between the client and the server. Here, a simpler solution is presented: TCP-in-UDP. This solution relies on eBPF, doesn’t add extra data per packet, and doesn’t require a virtual private network. Read on to find out more about that!

Breaking Boundaries: Implementing the Enigma Machine in eBPF | Isovalent Blog

Today we are marking the celebration of Alan Turing's 113th birthday by implementing the Enigma machine in eBPF.

dhcpd(8): use UDP sockets instead of BPF

ior

I/O Riot NG is an experiment with BPF.

Filtering fanotify events with BPF

Linux systems can have large filesystems; trying to keep up with the stream of fanotify files [...]