Skip to content

Instantly share code, notes, and snippets.

Avatar

Lorenzo Fontana fntlnz

493 followers · 24 following · 19
View GitHub Profile
@fntlnz
fntlnz / ebpf_verifier.md
Created Jul 7, 2021
The eBPF verifier - by Github Copilot
View ebpf_verifier.md

The eBPF verifier

Important: This article was written by Github Copilot, while it's not entirely accurate, it's quite good to see what it ended up with.

The bpf verifier is a tool that can be used to check the correctness of eBPF programs. It is implemented in C and is used by the kernel. When the kernel is built with CONFIG_BPF_JIT, it does further optimization on the BPF programs.

To write a valid eBPF program you need to follow a few rules:

@fntlnz
fntlnz / README.md
Last active Jun 1, 2021
InfluxData Flux as a library
View README.md

Flux as a Library Example

Flux is a lightweight scripting language for querying databases (like InfluxDB) and working with data. It's part of InfluxDB 1.7 and 2.0, but can be run independently of those.

This gist contains a main.go file that shows how flux can be used as a library in your programs.

Components

The main components you need are:

@fntlnz
fntlnz / README.md
Last active Jul 10, 2021
Seccomp bpf filter example
View README.md

Seccomp BPF filter example

Use bpf programs as filters for seccomp, the one in the example will block all the write syscalls after it's loaded.

Usage

Compile it with just

gcc main.c
@fntlnz
fntlnz / udp.c
Last active Oct 7, 2018
XDP Drop udp example
View udp.c
#include <linux/bpf.h>
#include <linux/in.h>
#include <linux/if_ether.h>
#include <linux/ip.h>
#define SEC(NAME) __attribute__((section(NAME), used))
SEC("dropper_main")
int dropper(struct xdp_md *ctx) {
int ipsize = 0;
@fntlnz
fntlnz / Gopkg.toml
Last active Oct 14, 2020
Kubernetes controller example - Related post at: https://medium.com/@fntlnz/what-i-learnt-about-kubernetes-controllers-db7591531973
View Gopkg.toml
[[constraint]]
name = "k8s.io/api"
version = "kubernetes-1.11.0"
[[constraint]]
name = "k8s.io/apimachinery"
version = "kubernetes-1.11.0"
[[constraint]]
name = "k8s.io/client-go"
@fntlnz
fntlnz / README.md
Last active Mar 24, 2021
InfluxDB and Chronograf deployed in Kubernetes
View README.md

InfluxDB and Chronograf in Kubernetes

  1. Create the namespace
kubectl create ns monitoring
  1. Deploy influxdb
kubectl apply -f influxdb.yml
@fntlnz
fntlnz / uprobe-influx.txt
Last active Sep 17, 2018
Playing with uprobes and influx
View uprobe-influx.txt
1. Calculate the offset
offset(fn) = virtual_address(fn) - virtual_address(.text) + offset(.text)
2. Virtual address:
readelf -S /home/fntlnz/go/bin/influx | grep -i text
[ 1] .text PROGBITS 0000000000401000 00001000
So, virtual address= 0x0000000000401000
@fntlnz
fntlnz / docker-service-nfs.md
Last active Mar 28, 2020
Docker service nfs mount
View docker-service-nfs.md 
docker service create --mode global --mount type=volume,volume-opt=o=addr=10.3.20.25,volume-opt=device=:/share/poc1/pluto,volume-opt=type=nfs,source=pluto,target=/pluto --name nfstest alpine top
@fntlnz
fntlnz / self-signed-certificate-with-custom-ca.md
Last active Sep 24, 2021
Self Signed Certificate with Custom Root CA
View self-signed-certificate-with-custom-ca.md

Create Root CA (Done once)

Create Root Key

Attention: this is the key used to sign the certificate requests, anyone holding this can sign certificates on your behalf. So keep it in a safe place!

openssl genrsa -des3 -out rootCA.key 4096
@fntlnz
fntlnz / gist:1bc45cb64f5a2a895871
Created Dec 28, 2015
TD-W8968
View gist:1bc45cb64f5a2a895871

~ # cat /proc/cpuinfo

system type             : TrendChip TC3162U SOC
processor               : 0
cpu model               : R3000 V0.1
BogoMIPS                : 330.95
wait instruction        : no
microsecond timers      : no
tlb_entries             : 32
extra interrupt vector  : no