Skip to content

Instantly share code, notes, and snippets.

View fntlnz's full-sized avatar
🕶️

Lorenzo Fontana fntlnz

🕶️
584 followers · 27 following
View GitHub Profile
@fntlnz
fntlnz / ebpf_verifier.md
Created July 7, 2021 23:47
The eBPF verifier - by Github Copilot

The eBPF verifier

Important: This article was written by Github Copilot, while it's not entirely accurate, it's quite good to see what it ended up with.

The bpf verifier is a tool that can be used to check the correctness of eBPF programs. It is implemented in C and is used by the kernel. When the kernel is built with CONFIG_BPF_JIT, it does further optimization on the BPF programs.

To write a valid eBPF program you need to follow a few rules:

@fntlnz
fntlnz / README.md
Last active June 1, 2021 02:33
InfluxData Flux as a library

Flux as a Library Example

Flux is a lightweight scripting language for querying databases (like InfluxDB) and working with data. It's part of InfluxDB 1.7 and 2.0, but can be run independently of those.

This gist contains a main.go file that shows how flux can be used as a library in your programs.

Components

The main components you need are:

@fntlnz
fntlnz / README.md
Last active January 22, 2024 07:55
Seccomp bpf filter example

Seccomp BPF filter example

Use bpf programs as filters for seccomp, the one in the example will block all the write syscalls after it's loaded.

Usage

Compile it with just

gcc main.c
@fntlnz
fntlnz / udp.c
Last active December 19, 2023 08:48
XDP Drop udp example
#include <linux/bpf.h>
#include <linux/in.h>
#include <linux/if_ether.h>
#include <linux/ip.h>
#define SEC(NAME) __attribute__((section(NAME), used))
SEC("dropper_main")
int dropper(struct xdp_md *ctx) {
int ipsize = 0;
@fntlnz
fntlnz / Gopkg.toml
Last active October 14, 2020 18:32
Kubernetes controller example - Related post at: https://medium.com/@fntlnz/what-i-learnt-about-kubernetes-controllers-db7591531973
[[constraint]]
name = "k8s.io/api"
version = "kubernetes-1.11.0"
[[constraint]]
name = "k8s.io/apimachinery"
version = "kubernetes-1.11.0"
[[constraint]]
name = "k8s.io/client-go"
@fntlnz
fntlnz / README.md
Last active January 22, 2024 07:55
InfluxDB and Chronograf deployed in Kubernetes

InfluxDB and Chronograf in Kubernetes

  1. Create the namespace
kubectl create ns monitoring
  1. Deploy influxdb
kubectl apply -f influxdb.yml
@fntlnz
fntlnz / uprobe-influx.txt
Last active September 17, 2018 18:59
Playing with uprobes and influx
1. Calculate the offset
offset(fn) = virtual_address(fn) - virtual_address(.text) + offset(.text)
2. Virtual address:
readelf -S /home/fntlnz/go/bin/influx | grep -i text
[ 1] .text PROGBITS 0000000000401000 00001000
So, virtual address= 0x0000000000401000
@fntlnz
fntlnz / docker-service-nfs.md
Last active March 28, 2020 19:09
Docker service nfs mount 
docker service create --mode global --mount type=volume,volume-opt=o=addr=10.3.20.25,volume-opt=device=:/share/poc1/pluto,volume-opt=type=nfs,source=pluto,target=/pluto --name nfstest alpine top
@fntlnz
fntlnz / self-signed-certificate-with-custom-ca.md
Last active April 19, 2024 12:30
Self Signed Certificate with Custom Root CA

Create Root CA (Done once)

Create Root Key

Attention: this is the key used to sign the certificate requests, anyone holding this can sign certificates on your behalf. So keep it in a safe place!

openssl genrsa -des3 -out rootCA.key 4096
@fntlnz
fntlnz / gist:1bc45cb64f5a2a895871
Created December 28, 2015 12:20
TD-W8968

~ # cat /proc/cpuinfo

system type             : TrendChip TC3162U SOC
processor               : 0
cpu model               : R3000 V0.1
BogoMIPS                : 330.95
wait instruction        : no
microsecond timers      : no
tlb_entries             : 32
extra interrupt vector : no