A Primer on Proxies
March 19, 2022 5:01 PM
A technical dive into traditional TCP proxying over HTTP...
Missing Manuals - io_uring worker pool
February 04, 2022 1:58 PM
Chances are you might have heard of io_uring. It first appeared in Linux 5.1, back in 2019, and was advertised as the new API for asynchronous I/O. Its goal was to be an alternative to the deemed-to-be-broken-beyond-repair AIO, the “old” asynchronous I/O API...
How to stop running out of ephemeral ports and start to love long-lived connections
February 02, 2022 9:53 AM
Often programmers have assumptions that turn out, to their surprise, to be invalid. From my experience this happens a lot. Every API, technology or system can be abused beyond its limits and break in a miserable way...
The tale of a single register value
November 03, 2021 2:37 PM
It’s not every day that you get to debug what may well be a packet of death. It was certainly the first time for me. What do I mean by “a packet of death”? A software bug where the network stack crashes in reaction to a single received network packet, taking down the whole operating system with it. ...
How we built Instant Logs
September 14, 2021 12:59 PM
In this blog post, we’ll show you how we built a new system that can give you access to your Cloudflare logs in real time, with just a single click....
MORE POSTS
August 26, 2021 3:04 PM
Pin, Unpin, and why Rust needs them
Using async Rust libraries is usually easy. It's just like using normal Rust code, with a little async or .await here and there. But writing your own async libraries can be hard. ...
- By
May 06, 2021 1:00 PM
Branch predictor: How many "if"s are too many? Including x86 and M1 benchmarks!
Is it ok to have if clauses that will basically never be run? Surely, there must be some performance cost to that......
- By
April 02, 2021 11:00 AM
How to execute an object file: Part 2
Continue learning how to import and execute code from an object file. This time we will investigate ELF relocations....
- By
March 02, 2021 12:00 PM
How to execute an object file: Part 1
Ever wondered if it is possible to execute an object file without linking? Or use any object file as a library? Follow along to learn how to decompose an object file and import code from it along the way....
- By
December 18, 2020 12:30 AM
A quirk in the SUNBURST DGA algorithm
On Wednesday, December 16, the RedDrip Team from QiAnXin Technology released their discoveries (tweet, github) regarding the random subdomains associated with the SUNBURST malware which was present in the SolarWinds Orion compromise. I...
- By
November 27, 2020 1:00 PM
ASICs at the Edge
At Cloudflare, we pride ourselves in our global network that spans more than 200 cities in over 100 countries. To accelerate all that traffic through our network, there are multiple technologies at play. So let’s have a look at one of the cornerstones that makes all of this work....
- By
October 27, 2020 12:00 PM
Diving into /proc/[pid]/mem
A few months ago, after reading about Cloudflare doubling its intern class, I quickly dusted off my CV and applied for an internship. Long story short: now, a couple of months later, I found myself staring at Linux kernel code and adding a pretty cool feature to gVisor....
- By
October 12, 2020 1:00 PM
What is Cloudflare One?
Today, we’re excited to share Cloudflare One™, our vision to tackle the intractable job of corporate security and networking. Run your network on Cloudflare and keep it secure....
- By
September 15, 2020 11:00 AM
Secondary DNS - Deep Dive
The goal of Cloudflare operated Secondary DNS is to allow our customers with custom DNS solutions, be it on-premise or some other DNS provider, to be able to take advantage of Cloudflare's DNS performance and more recently, through Secondary Override, our proxying and security ca...
- By
September 09, 2020 11:00 AM
Unimog - Cloudflare’s edge load balancer
Unimog is the Layer 4 Load Balancer for Cloudflare’s edge data centers. This post explains the problems it solves and how it works....
- By
July 08, 2020 11:00 AM
Sandboxing in Linux with zero lines of code
In this post we will review Linux seccomp and learn how to sandbox any (even a proprietary) application without writing a single line of code....
- By
June 18, 2020 11:56 AM
Why is there a "V" in SIGSEGV Segmentation Fault?
My program received a SIGSEGV signal and crashed with "Segmentation Fault" message. Where does the "V" come from? Did I read it wrong? Was there a "Segmentation *V*ault?"? Or did Linux authors make a mistake? Shouldn't the signal be named SIGSEGF? ...
- By
May 06, 2020 11:00 AM
Cloudflare Bot Management: machine learning and more
This is the ongoing story of Bot Management at Cloudflare and also an introduction to a series of blog posts about the detection mechanisms powering it...
- By
March 05, 2020 1:00 PM
The History of the URL
January 11th, 1982, 22 computer scientists met to discuss an issue with ‘computer mail’ (now known as email). ...
- By