Rex is a safe kernel extension framework that allows Rust in the place of eBPF
#HackerNews #Rex #Rust #eBPF #KernelExtension #SafeFramework #Cybersecurity
🐧 Rex: Proposed Safe Rust Kernel Extensions For The Linux Kernel, In Place Of eBPF // Phoronix
「 Rex is a Rust-based kernel extension framework with similar safety guarantees to eBPF. Rex relies on the safety of the Rust programming language paired with lightweight runtime protections. 」
BpfJailer: eBPF Mandatory Access Control [pdf]
https://lpc.events/event/19/contributions/2159/attachments/1833/3929/BpfJailer%20LPC%202025.pdf
#HackerNews #BpfJailer #eBPF #Mandatory #Access #Control #pdf #LinuxSecurity #eBPF #Hacking
Compte-rendu, et mise en œuvre complète, de l'atelier #eBPF au #CapitoleDuLibre, un bloqueur de pub #DNS en eBPF https://www.bortzmeyer.org/ebpf-capitole-libre.html
Trop bien, ça marche :
% sudo bpftool prog tracelog
ping-921179 [000] b..1. 177451.521295: bpf_trace_printk: Hello, world !
ping-921179 [002] b..1. 177452.522205: bpf_trace_printk: Hello, world !
Et le bilan complet, une fois le programme terminé : https://www.bortzmeyer.org/ebpf-capitole-libre.html
Trop bien, ça marche :
% sudo bpftool prog tracelog
ping-921179 [000] b..1. 177451.521295: bpf_trace_printk: Hello, world !
ping-921179 [002] b..1. 177452.522205: bpf_trace_printk: Hello, world !
Pas de wifi #CapitoleDuLibre dans l'atelier. Il se tient au troisième étage et la gravité empêche les zondes de monter.
À propos de #eBPF, le #RFC : https://www.bortzmeyer.org/9669.html
Et un exemple d'utilisation pour le #DNS : https://blog.apnic.net/2025/08/04/experimental-support-for-af_xdp-sockets-in-nsd/
La porte qui donne accès au #CapitoleDuLibre.
Linnix – eBPF observability that predicts failures before they happen
https://github.com/linnix-os/linnix
#HackerNews #Linnix #eBPF #observability #predictive #failure #technology #monitoring
An eBPF Loophole: Using XDP for Egress Traffic
https://loopholelabs.io/blog/xdp-for-egress-traffic
#HackerNews #eBPF #XDP #EgressTraffic #Networking #TechInnovation
Michael Dexter
boosted
NSD 4.13.0 is now available. The most prominent new feature of our authoritative #DNS server is support for AF_XDP sockets.
With zero-copy disabled, we see a 1.7x improvement in handled queries per second compared to UDP through the network stack. We expect the improvement to be higher with a driver that fully supports AF_XDP zero-copy mode.
Release notes:
https://github.com/NLnetLabs/nsd/releases/tag/NSD_4_13_0_REL
Blog post:
https://blog.nlnetlabs.nl/experimental-support-for-af_xdp-sockets-in-nsd/
NSD 4.13.0 is now available. The most prominent new feature of our authoritative #DNS server is support for AF_XDP sockets.
With zero-copy disabled, we see a 1.7x improvement in handled queries per second compared to UDP through the network stack. We expect the improvement to be higher with a driver that fully supports AF_XDP zero-copy mode.
Release notes:
https://github.com/NLnetLabs/nsd/releases/tag/NSD_4_13_0_REL
Blog post:
https://blog.nlnetlabs.nl/experimental-support-for-af_xdp-sockets-in-nsd/