Hechao's Blog

tl;dr If you don’t want to shoot yourself in the foot, then don’t mess up with checksum in any way. But if you’d like to see a counterexample, keep reading this note written by lame me. [Read More]

Summary Our project uses Identifier-Locator Addressing (ILA) for IPv6. Recently, we noticed that traceroute doesn’t work well for SIR address. The problem is, though traceroute can reach ILA router and eventualy reach the ILA host, all the intermediate nodes between the ILA router and the ILA host are shown as... [Read More]

Tcpkill tcpkill is part of dsniff, a collection of tools for network auditing and penetration testing. It can be used to kill specified in-progress TCP connections. [Read More]

Background In a BPF program, we use a BPF_MAP_TYPE_PERF_EVENT_ARRAY map to communicate with userspace. Initially, for our BPF program, we set the locked memory limit to be infinity: [Read More]

Introduction bpftrace is a high-level tracing language for Linux enhanced Berkeley Packet Filter (eBPF). I found it very useful for debugging issues as well as understanding kernel code. In this post, I will use one example to demonstrate how I used bpftrace for debugging. [Read More]

I got an interesting issue while debugging a BPF program. The BPF program couldn’t be loaded because of an “invalid memory access” error. Though the access was completely within the valid memory boundary, the verifier was still not happy about it. [Read More]

Summary Recently, I submitted my first kernel patch. I will note down the basic workflow of submitting code to kernel in this post. This folder contains more detailed instructions on how to become a kernel developer. My note will only contain minimal steps for a noob like me. [Read More]

Summary Recently, I submitted my first kernel patch. One of the lessons I learned is that kernel mail server doesn’t accept HTML content in emails. To make sure my email contains absolutely no HTML, I set up a text-based email client (Mutt + OfflineIMAP) on my laptop. This post is... [Read More]

Introduction Among all BPF map types, two special ones, BPF_MAP_TYPE_ARRAY_OF_MAPS and BPF_MAP_TYPE_HASH_OF_MAPS, are more complex than others. As the names imply, they are “map-in-map”, meaning that the value of each entry is also a map. [Read More]

TL;DR Recently, I solved a tricky bug in a BPF program. Because inline instead of always_inline was used to declare a function, when the function body grew big, the compiler decided to not inline it. Then the BPF program was not able to be loaded due to some verification error.... [Read More]