The Cloudflare API now uses OpenAPI schemas
November 16, 2022 2:00 PM
Cloudflare now has OpenAPI Schemas available for the API. Users can use these schemas in any open source OpenAPI Tooling....
Assembly within! BPF tail calls on x86 and ARM
October 10, 2022 1:00 PM
We have first adopted the BPF tail calls when building our XDP-based packet processing pipeline. BPF tail calls have served us well since then. But they do have their caveats...
Log analytics using ClickHouse
September 02, 2022 3:33 PM
When a request at Cloudflare throws an error, information gets logged in our requests_error pipeline. The error logs are used to help troubleshoot customer-specific or network-wide issues...
Deep dives & how the Internet works
August 25, 2022 6:08 PM
We have amazing deep dives in our blog, but also research and how the Internet works kind of stories. Here are some highlights from 2022, and before (with glimpses of our history)....
A story about AF_XDP, network namespaces and a cookie
July 18, 2022 12:56 PM
A crash in a development version of flowtrackd (the daemon that powers our Advanced TCP Protection) highlighted the fact that libxdp (and specifically the AF_XDP part) was not Linux network namespace aware. This blogpost describes the debugging journey to find the bug, as well as a fix....
MORE POSTS
June 29, 2022 11:45 AM
Live-patching security vulnerabilities inside the Linux kernel with eBPF Linux Security Module
Learn how to patch Linux security vulnerabilities without rebooting the hardware and how to tighten the security of your Linux operating system with eBPF Linux Security Module...
- By
June 28, 2022 12:57 PM
Hertzbleed explained
Hertzbleed is a brand-new family of side-channel attacks that monitors changes on CPU frequency...
- By
June 24, 2022 1:45 PM
Decommissioning your VDI
This blog offers Cloudflare’s perspective on how remote browser isolation can help organizations offload internal web application use cases currently secured by virtual desktop infrastructure (VDI)...
- By
April 27, 2022 2:02 PM
Cloudflare blocks 15M rps HTTPS DDoS attack
Earlier this month, Cloudflare’s systems automatically detected and mitigated a 15.3 million request-per-second (rps) DDoS attack — one of the largest HTTPS DDoS attacks on record...
- By
April 05, 2022 12:57 PM
PIPEFAIL: How a missing shell option slowed Cloudflare down
This post tells the story of how a missing shell option called “pipefail” slowed Cloudflare down....
- By
March 20, 2022 4:58 PM
Unlocking QUIC’s proxying potential with MASQUE
We continue our technical deep dive into traditional TCP proxying over HTTP...
- By
March 19, 2022 5:01 PM
A Primer on Proxies
A technical dive into traditional TCP proxying over HTTP...
- By
February 04, 2022 1:58 PM
Missing Manuals - io_uring worker pool
Chances are you might have heard of io_uring. It first appeared in Linux 5.1, back in 2019, and was advertised as the new API for asynchronous I/O. Its goal was to be an alternative to the deemed-to-be-broken-beyond-repair AIO, the “old” asynchronous I/O API...
- By
February 02, 2022 9:53 AM
How to stop running out of ephemeral ports and start to love long-lived connections
Often programmers have assumptions that turn out, to their surprise, to be invalid. From my experience this happens a lot. Every API, technology or system can be abused beyond its limits and break in a miserable way...
- By
November 03, 2021 2:37 PM
The tale of a single register value
It’s not every day that you get to debug what may well be a packet of death. It was certainly the first time for me. What do I mean by “a packet of death”? A software bug where the network stack crashes in reaction to a single received network packet, taking down the whole operat...
- By
September 14, 2021 12:59 PM
How we built Instant Logs
In this blog post, we’ll show you how we built a new system that can give you access to your Cloudflare logs in real time, with just a single click....
- By
September 10, 2021 12:58 PM
How to execute an object file: Part 3
Continue learning how to import and execute code from an object file. In this part we will handle external library dependencies....
- By
August 26, 2021 3:04 PM
Pin, Unpin, and why Rust needs them
Using async Rust libraries is usually easy. It's just like using normal Rust code, with a little async or .await here and there. But writing your own async libraries can be hard. ...
- By
May 06, 2021 1:00 PM
Branch predictor: How many "if"s are too many? Including x86 and M1 benchmarks!
Is it ok to have if clauses that will basically never be run? Surely, there must be some performance cost to that......
- By