Home / Companies / Cloudflare / Blog / Post Details
Content Deep Dive

A story about AF_XDP, network namespaces and a cookie

Blog post from Cloudflare

Post Details
Company
Date Published
Author
Bastien Dhiver
Word Count
3,319
Company Posts That Month
20
Language
English
Hacker News Points
3
Post removed?
No
Summary

A crash in a development version of flowtrackd highlighted an issue with libxdp, specifically the AF_XDP part not being Linux network namespace aware. The blog post describes the debugging journey to find the bug and fix it. Flowtrackd is a volumetric denial of service defense mechanism that sits in the Magic Transit customer's data path and protects the network from complex randomized TCP floods. It uses the Linux kernel AF_XDP feature to transfer packets from a network device in kernel space to a memory buffer in user space without going through the network stack. The issue was resolved by retrieving the netns_cookie associated with the socket at its creation and adding it in the comparison operation. The fix has been submitted, merged, and backported in libbpf and updated in the Rust crate accordingly.

Trends Found in this Post

No tracked trend matches for this post yet.

Use This Data

Use this post, company, and trend context to find content marketing opportunities, perform competitive analysis, or address product feature gaps via the Plushcap MCP server or the Plushcap API.