Skip to content

Instantly share code, notes, and snippets.

Avatar

Lorenzo Fontana fntlnz

View GitHub Profile
@fntlnz
fntlnz / ebpf_verifier.md
Created Jul 7, 2021
The eBPF verifier - by Github Copilot
View ebpf_verifier.md

The eBPF verifier

Important: This article was written by Github Copilot, while it's not entirely accurate, it's quite good to see what it ended up with.

The bpf verifier is a tool that can be used to check the correctness of eBPF programs. It is implemented in C and is used by the kernel. When the kernel is built with CONFIG_BPF_JIT, it does further optimization on the BPF programs.

To write a valid eBPF program you need to follow a few rules:

@fntlnz
fntlnz / README.md
Last active Jun 1, 2021
InfluxData Flux as a library
View README.md

Flux as a Library Example

Flux is a lightweight scripting language for querying databases (like InfluxDB) and working with data. It's part of InfluxDB 1.7 and 2.0, but can be run independently of those.

This gist contains a main.go file that shows how flux can be used as a library in your programs.

Components

The main components you need are:

@fntlnz
fntlnz / README.md
Last active Jul 10, 2021
Seccomp bpf filter example
View README.md

Seccomp BPF filter example

Use bpf programs as filters for seccomp, the one in the example will block all the write syscalls after it's loaded.

Usage

Compile it with just

gcc main.c
@fntlnz
fntlnz / udp.c
Last active Oct 7, 2018
XDP Drop udp example
View udp.c
#include <linux/bpf.h>
#include <linux/in.h>
#include <linux/if_ether.h>
#include <linux/ip.h>
#define SEC(NAME) __attribute__((section(NAME), used))
SEC("dropper_main")
int dropper(struct xdp_md *ctx) {
int ipsize = 0;
View Gopkg.toml
[[constraint]]
name = "k8s.io/api"
version = "kubernetes-1.11.0"
[[constraint]]
name = "k8s.io/apimachinery"
version = "kubernetes-1.11.0"
[[constraint]]
name = "k8s.io/client-go"
@fntlnz
fntlnz / README.md
Last active Mar 24, 2021
InfluxDB and Chronograf deployed in Kubernetes
View README.md

InfluxDB and Chronograf in Kubernetes

  1. Create the namespace
kubectl create ns monitoring
  1. Deploy influxdb
kubectl apply -f influxdb.yml
@fntlnz
fntlnz / uprobe-influx.txt
Last active Sep 17, 2018
Playing with uprobes and influx
View uprobe-influx.txt
1. Calculate the offset
offset(fn) = virtual_address(fn) - virtual_address(.text) + offset(.text)
2. Virtual address:
readelf -S /home/fntlnz/go/bin/influx | grep -i text
[ 1] .text PROGBITS 0000000000401000 00001000
So, virtual address= 0x0000000000401000
@fntlnz
fntlnz / docker-service-nfs.md
Last active Mar 28, 2020
Docker service nfs mount
View docker-service-nfs.md
docker service create --mode global --mount type=volume,volume-opt=o=addr=10.3.20.25,volume-opt=device=:/share/poc1/pluto,volume-opt=type=nfs,source=pluto,target=/pluto --name nfstest alpine top
@fntlnz
fntlnz / self-signed-certificate-with-custom-ca.md
Last active Sep 24, 2021
Self Signed Certificate with Custom Root CA
View self-signed-certificate-with-custom-ca.md

Create Root CA (Done once)

Create Root Key

Attention: this is the key used to sign the certificate requests, anyone holding this can sign certificates on your behalf. So keep it in a safe place!

openssl genrsa -des3 -out rootCA.key 4096
View gist:1bc45cb64f5a2a895871

~ # cat /proc/cpuinfo

system type             : TrendChip TC3162U SOC
processor               : 0
cpu model               : R3000 V0.1
BogoMIPS                : 330.95
wait instruction        : no
microsecond timers      : no
tlb_entries             : 32
extra interrupt vector  : no