Mini Container Series Part 5
Network Isolation
[This is the sixth article in this series. The previous one can be found
here].
[Read More]
Mini Container Series Part 4
IPC Isolation
[This is the fifth article in this series. The previous one is
here].
[Read More]
Mini Container Series Part 3
Hostname and Domain Name Isolation
[This is the forth article in this series. The previous one is
here].
[Read More]
Mini Container Series Part 2
Process isolation
[This is the third article in this series. The previous one is
here].
[Read More]
Mini Container Series Part 1
Filesystem isolation
[This is the second article in this series. The first one is
here].
[Read More]
Mini Container Series Part 0
Not a Real Container
Summary
Recently, I learned some container technologies in Linux such as namespace and
cgroup. However, after reading several articles and man pages, there was still
one question lingering in my head - “How are the technologies put together?” In
other words, how are they used to implement containers?
[Read More]
Checksum or fxxk-up?
tl;dr
If you don’t want to shoot yourself in the foot, then don’t mess up with
checksum in any way. But if you’d like to see a counterexample, keep reading
this note written by lame me.
[Read More]
Why doesn't traceroute work for ILA IP?
Summary Our project uses Identifier-Locator Addressing (ILA) for IPv6. Recently, we noticed that traceroute doesn’t work well for SIR address. The problem is, though traceroute can reach ILA router and eventualy reach the ILA host, all the intermediate nodes between the ILA router and the ILA host are shown as...
[Read More]
Tcpkill for IPv6
Tcpkill
tcpkill is part of dsniff, a
collection of tools for network auditing and penetration testing. It can be
used to kill specified in-progress TCP connections.
[Read More]
Lock Lock. Who's Locked? Kernel Memory
Background
In a BPF program, we use a BPF_MAP_TYPE_PERF_EVENT_ARRAY map to communicate
with userspace. Initially, for our BPF program, we set the locked memory limit
to be infinity:
[Read More]