Kernel Proc Connector and Containers
Download as PPTX, PDF7 likes2,661 views
Elad Wexler talks about the Proc Connector with regards to containers, shows it isn't supported inside a docker container and how it can be supported.
1 of 18
Downloaded 61 times
![[PATCH]:
Supporting proc-connector in a container
15 | © 2015, Palo Alto Networks. Confidential and Proprietary.](https://image.slidesharecdn.com/kernelconnector-180304154304/85/Kernel-Proc-Connector-and-Containers-15-320.jpg)
Ad
Recommended
Project calico introduction - OpenStack最新情報セミナー 2017年7月
Project calico introduction - OpenStack最新情報セミナー 2017年7月VirtualTech Japan Inc. タイトル:Project calico introduction
講演者:安座間 勇二
アジェンダ:
- Project Calicoとは?
- Calicoの仕組み
- Calicoデータセンターファブリックをどう組むか
- Calicoコミュニティについて
Ovs dpdk hwoffload way to full offload
Ovs dpdk hwoffload way to full offloadKevin Traynor This document discusses hardware offloading of VXLAN encapsulation and decapsulation in OVS-DPDK. It proposes representing virtual ports (vPorts) as tables to enable hardware offloading of VXLAN processing. Matching and actions on the vPort table would occur in hardware before decapsulation. Fallback processing using software would be used if full hardware offloading is not possible. The goal is to leverage intelligent NIC capabilities to accelerate VXLAN tunnel processing and improve performance for cloud, NFV, and storage workloads.
Fpgaでの非同期信号の扱い方とvivadoによるサポート(公開用)
Fpgaでの非同期信号の扱い方とvivadoによるサポート(公開用)marsee101 FPGAでの非同期信号の扱い方とVivadoによる非同期信号のサポートについてのスライドです。
第19回分子科学研究所技術研究会で発表しました。
BPF - in-kernel virtual machine
BPF - in-kernel virtual machineAlexei Starovoitov BPF of Berkeley Packet Filter mechanism was first introduced in linux in 1997 in version 2.1.75. It has seen a number of extensions of the years. Recently in versions 3.15 - 3.19 it received a major overhaul which drastically expanded it's applicability. This talk will cover how the instruction set looks today and why. It's architecture, capabilities, interface, just-in-time compilers. We will also talk about how it's being used in different areas of the kernel like tracing and networking and future plans.
Replacing iptables with eBPF in Kubernetes with Cilium
Replacing iptables with eBPF in Kubernetes with CiliumMichal Rostecki Cilium is an open source project which provides networking, security and load balancing for application services that are deployed using Linux container technologies by using the native eBPF technology in the Linux kernel. In this presentation we talked about:
- The evolution of the BPF filters and explained the advantages of eBPF Filters and its use cases today in Linux especially on how Cilium networking utilizes the eBPF Filters to secure the Kubernetes workload with increased performance when compared to legacy iptables.
- How Cilium uses SOCKMAP for layer 7 policy enforcement - How Cilium integrates with Istio and handles L7 Network Policies with Envoy Proxies.
- The new features since the last release such as running Kubernetes cluster without kube-proxy, providing clusterwide NetworkPolicies, providing fully distributed networking and security observability platform for cloud native workloads etc.
Design and Implementation of GCC Register Allocation
Design and Implementation of GCC Register AllocationKito Cheng Register Allocation 在編譯器後端是個相當重要的階段,其結果將直接影響最終程式的效能以及大小,而 Register Allocation 在 GCC 中一直是個難以對付的東西,所幸近年來有 Red Hat 的高手將其改善,於 GCC 4.4 時將原本的Local/Global 兩階段 RA,轉換為 IRA,並且在 GCC 4.8 時LRA 正式上路,預計將慢慢取代 GCC 中數一數二複雜的Reload,而本報告中從基礎的 Graph Coloring-based Register Allocation 的理論介紹,並將其對應回目前GCC IRA/LRA 的實作,一探其運作原理。
淺談 Live patching technology
淺談 Live patching technologySZ Lin Live patching technology allows updating the Linux kernel without downtime. Ksplice was an early live patching solution released in 2009 but was limited and had licensing issues. kGraft and Kpatch were later developed by SUSE and Red Hat respectively as open source live patching solutions. Both use object code comparison and replacement at runtime, but kGraft can patch without stopping processes while Kpatch uses stop_machine to ensure safe replacement. Live patching is useful for critical bugs but has limitations around data structure and common function changes.
DevConf 2014 Kernel Networking Walkthrough
DevConf 2014 Kernel Networking WalkthroughThomas Graf This presentation features a walk through the Linux kernel networking stack covering the essentials and recent developments a developer needs to know. Our starting point is the network card driver as it feeds a packet into the stack. We will follow the packet as it traverses through various subsystems such as packet filtering, routing, protocol stacks, and the socket layer. We will pause here and there to look into concepts such as segmentation offloading, TCP small queues, and low latency polling. We will cover APIs exposed by the kernel that go beyond use of write()/read() on sockets and will look into how they are implemented on the kernel side.
LinuxCon 2015 Linux Kernel Networking Walkthrough
LinuxCon 2015 Linux Kernel Networking WalkthroughThomas Graf This presentation features a walk through the Linux kernel networking stack for users and developers. It will cover insights into both, existing essential networking features and recent developments and will show how to use them properly. Our starting point is the network card driver as it feeds a packet into the stack. We will follow the packet as it traverses through various subsystems such as packet filtering, routing, protocol stacks, and the socket layer. We will pause here and there to look into concepts such as networking namespaces, segmentation offloading, TCP small queues, and low latency polling and will discuss how to configure them.
eBPF - Rethinking the Linux Kernel
eBPF - Rethinking the Linux KernelThomas Graf The Linux kernel is undergoing the most fundamental architecture evolution in history and is becoming a microkernel. Why is the Linux kernel evolving into a microkernel? The potentially biggest fundamental change ever happening to the Linux kernel. This talk covers how companies like Facebook and Google use BPF to patch 0-day exploits, how BPF will change the way features are added to the kernel forever, and how BPF is introducing a new type of application deployment method for the Linux kernel.
Berkeley Packet Filters
Berkeley Packet FiltersKernel TLV This talk is all about the Berkeley Packet Filters (BPF) and their uses in Linux.
Agenda:
* What is a BPF and why do we need it?
* Writing custom BPFs
* Notes on BPF implementation in the kernel
* Usage examples: SOCKET_FILTER & seccomp
Speaker:
Kfir Gollan, senior embedded software developer, Linux kernel hacker and software team leader.
Introduction to eBPF and XDP
Introduction to eBPF and XDPlcplcp1 This document provides an introduction to eBPF and XDP. It discusses the history of BPF and how it evolved into eBPF. Key aspects of eBPF covered include the instruction set, JIT compilation, verifier, helper functions, and maps. XDP is introduced as a way to program the data plane using eBPF programs attached early in the receive path. Example use cases and performance benchmarks for XDP are also mentioned.
Dataplane programming with eBPF: architecture and tools
Dataplane programming with eBPF: architecture and toolsStefano Salsano eBPF is definitely a complex technology. Developing complex systems based on eBPF is challenging due to the intrinsic limitations of the model and the known shortcomings of the tool chain.
The learning curve of this technology is very steep and needs continuous coaching from experts. This tutorial will investigate:
What is eBPF and why it has gained a prominent position among the solutions to improve the packet processing performance in Linux/x86 nodes. We will shortly present some important use case scenarios for eBPF, like Kubernetes’ Cilium
The architecture of eBPF and its programming toolchain (e.g. bcc
What are the frameworks for eBPF programming, such as Polycube and InKeV.
How to make eBPF programming easier, more flexible and modular with HIKe/eCLAT
How to implement a custom application logic in eBPF with eCLAT using a python-like script
How to extend the framework and develop new modules
A Kernel of Truth: Intrusion Detection and Attestation with eBPF
A Kernel of Truth: Intrusion Detection and Attestation with eBPFoholiab "Attestation is hard" is something you might hear from security researchers tracking nation states and APTs, but it's actually pretty true for most network-connected systems!
Modern deployment methodologies mean that disparate teams create workloads for shared worker-hosts (ranging from Jenkins to Kubernetes and all the other orchestrators and CI tools in-between), meaning that at any given moment your hosts could be running any one of a number of services, connecting to who-knows-what on the internet.
So when your network-based intrusion detection system (IDS) opaquely declares that one of these machines has made an "anomalous" network connection, how do you even determine if it's business as usual? Sure you can log on to the host to try and figure it out, but (in case you hadn't noticed) computers are pretty fast these days, and once the connection is closed it might as well not have happened... Assuming it wasn't actually a reverse shell...
At Yelp we turned to the Linux kernel to tell us whodunit! Utilizing the Linux kernel's eBPF subsystem - an in-kernel VM with syscall hooking capabilities - we're able to aggregate metadata about the calling process tree for any internet-bound TCP connection by filtering IPs and ports in-kernel and enriching with process tree information in userland. The result is "pidtree-bcc": a supplementary IDS. Now whenever there's an alert for a suspicious connection, we just search for it in our SIEM (spoiler alert: it's nearly always an engineer doing something "innovative")! And the cherry on top? It's stupid fast with negligible overhead, creating a much higher signal-to-noise ratio than the kernels firehose-like audit subsystems.
This talk will look at how you can tune the signal-to-noise ratio of your IDS by making it reflect your business logic and common usage patterns, get more work done by reducing MTTR for false positives, use eBPF and the kernel to do all the hard work for you, accidentally load test your new IDS by not filtering all RFC-1918 addresses, and abuse Docker to get to production ASAP!
As well as looking at some of the technologies that the kernel puts at your disposal, this talk will also tell pidtree-bcc's road from hackathon project to production system and how focus on demonstrating business value early on allowed the organization to give us buy-in to build and deploy a brand new project from scratch.
Userspace networking
Userspace networkingStephen Hemminger Seven years ago at LCA, Van Jacobsen introduced the concept of net channels but since then the concept of user mode networking has not hit the mainstream. There are several different user mode networking environments: Intel DPDK, BSD netmap, and Solarflare OpenOnload. Each of these provides higher performance than standard Linux kernel networking; but also creates new problems. This talk will explore the issues created by user space networking including performance, internal architecture, security and licensing.
클라우드 컴퓨팅 기반 기술과 오픈스택(Kvm) 기반 Provisioning 
클라우드 컴퓨팅 기반 기술과 오픈스택(Kvm) 기반 Provisioning Ji-Woong Choi TTA에 KVM 기반 프로비저닝 기술에 대한 데모 세션을 포함하는 세미나 관련 자료입니다. 클라우드환경으로 가고자 해서 Paas를 어떤 플랫폼위에 올린다면 그리고 가상화 환경이나 클라우드 환경으로 올린다면 어떤 환경으로 올릴것인가를 고민하여야 합니다.
그리고 이 hypervisor중에 cloud 환경에서 가장 주목받는 kvm을 기반으로 하는 두가지 가상화 클라우드 솔루션인 rhev와 openstack을 잠시 살펴볼 것입니다.
그리고 이러한 가상화 클라우드 환경에서 자동화 하는 솔류션을 어떻게 고려해야 하는가를 살펴보고, 그런 솔류션중에 하나인 아테나 피콕에 대해 살펴보겠습니다.
그리고 오픈스택환경하에서 구축해서 사용했던 사용기와 이를 자동화하기위해 개발자들이 사용했던 간단한 ansible provisioning 모습을 시연합니다.
JavaOne 2015 Java Mixed-Mode Flame Graphs
JavaOne 2015 Java Mixed-Mode Flame GraphsBrendan Gregg Slides for JavaOne 2015 talk by Brendan Gregg, Netflix (video/audio, of some sort, hopefully pending: follow @brendangregg on twitter for updates). Description: "At Netflix we dreamed of one visualization to show all CPU consumers: Java methods, GC, JVM internals, system libraries, and the kernel. With the help of Oracle this is now possible on x86 systems using system profilers (eg, Linux perf_events) and the new JDK option -XX:+PreserveFramePointer. This lets us create Java mixed-mode CPU flame graphs, exposing all CPU consumers. We can also use system profilers to analyze memory page faults, TCP events, storage I/O, and scheduler events, also with Java method context. This talk describes the background for this work, instructions generating Java mixed-mode flame graphs, and examples from our use at Netflix where Java on x86 is the primary platform for the Netflix cloud."
I/O仮想化最前線〜ネットワークI/Oを中心に〜
I/O仮想化最前線〜ネットワークI/Oを中心に〜Ryousei Takano This document discusses different methods for virtualizing I/O in virtual machines. It covers virtual I/O approaches like virtio, PCI passthrough, and SR-IOV. It also explains the role of the VMM/hypervisor in managing I/O between VMs and physical devices using techniques like VT-d, Open vSwitch, and single root I/O virtualization. Finally, it discusses emerging standards for virtual switching like virtual Ethernet bridging.
The ideal and reality of NVDIMM RAS
The ideal and reality of NVDIMM RASYasunori Goto In this presentation, Yasunori Goto and Qi fuli will talk about basis of NVDIMM, the issues of RAS of Non Volatile DIMM(NVDIMM), and what feature is made and is developing for it.
NVDIMM is expected as new age device recently. Though a cpu can read/write the NVDIMM directly like RAM, the data of NVDIMM remains after power down or reboot. So, on memory database will be one of the good example of usecase of NVDIMM.
Since many people have made great effort for Linux, NVDIMM drivers, filesystems,management command, and many libraries has been well developed for a few years,
However, Yasunori Goto found some issues about RAS(Reliabivity, Availability, and Serviceability) feature of NVDIMM, because characteristic of the NVDIMM is likely mixture of Storage and RAM. For example, NVDIMM does not have hotplug feature because it is inserted at DIMM slot like RAM, but its data must be back-upped/restored like storage.
RISC-V software state of the union
RISC-V software state of the unionRISC-V International This document summarizes the evolution of the RISC-V software ecosystem from 2015 to 2020. It describes how initial ports of key software in 2015, like GCC and Linux, have expanded to include upstream support in most open source software projects today. It outlines remaining priorities like completing support for specifications and filling gaps in programming language and application software support. The document concludes by encouraging continued collaboration to further mature the RISC-V software ecosystem.
DPDK KNI interface
DPDK KNI interfaceDenys Haryachyy KNI (Kernel Network Interface) is one of the approach, used in DPDK, to connect its user space libs with the Linux kernel network stack.
SoC Hamdi -chap4
SoC Hamdi -chap4mustapha hamdi IMI5-IIA5
Chapitre 4 :
Systèmes sur puces : NoC, NVIC, Timers, ADC, DAC
Understanding eBPF in a Hurry!
Understanding eBPF in a Hurry!Ray Jenkins eBPF is an exciting new technology that is poised to transform Linux performance engineering. eBPF enables users to dynamically and programatically trace any kernel or user space code path, safely and efficiently. However, understanding eBPF is not so simple. The goal of this talk is to give audiences a fundamental understanding of eBPF, how it interconnects existing Linux tracing technologies, and provides a powerful aplatform to solve any Linux performance problem.
Intel open stack-summit-session-nov13-final
Intel open stack-summit-session-nov13-finalDeepak Mane - Intel is a major contributor to OpenStack and open source projects, contributing across every layer of the OpenStack stack. As the #2 Linux kernel contributor, Intel helps improve performance, stability, and efficiency.
- Intel enables OpenStack cloud deployments through contributions to OpenStack projects, open source tools, and optimizations. Intel IT also uses OpenStack in their own private cloud.
- Intel is working on technologies to address challenges in datacenters, including security and compliance, cost reduction, and business uptime. Technologies include trusted compute pools, erasure coding, and enhanced platform awareness.
Exploring the Final Frontier of Data Center Orchestration: Network Elements -...
Exploring the Final Frontier of Data Center Orchestration: Network Elements -...Puppet The document discusses network element automation using Puppet. It provides context on the challenges of manual network configuration including lack of agility, reliability issues from errors, and time spent on basic tasks. Puppet can automate network elements similar to how it automates servers, reducing errors and improving speed/productivity. The Cisco Nexus platform and NXAPI enable programmatic access for automation using Puppet through technologies like onePK and LXC containers running on the switch.
Ad
More Related Content
What's hot (20)
LinuxCon 2015 Linux Kernel Networking Walkthrough
LinuxCon 2015 Linux Kernel Networking WalkthroughThomas Graf This presentation features a walk through the Linux kernel networking stack for users and developers. It will cover insights into both, existing essential networking features and recent developments and will show how to use them properly. Our starting point is the network card driver as it feeds a packet into the stack. We will follow the packet as it traverses through various subsystems such as packet filtering, routing, protocol stacks, and the socket layer. We will pause here and there to look into concepts such as networking namespaces, segmentation offloading, TCP small queues, and low latency polling and will discuss how to configure them.
eBPF - Rethinking the Linux Kernel
eBPF - Rethinking the Linux KernelThomas Graf The Linux kernel is undergoing the most fundamental architecture evolution in history and is becoming a microkernel. Why is the Linux kernel evolving into a microkernel? The potentially biggest fundamental change ever happening to the Linux kernel. This talk covers how companies like Facebook and Google use BPF to patch 0-day exploits, how BPF will change the way features are added to the kernel forever, and how BPF is introducing a new type of application deployment method for the Linux kernel.
Berkeley Packet Filters
Berkeley Packet FiltersKernel TLV This talk is all about the Berkeley Packet Filters (BPF) and their uses in Linux.
Agenda:
* What is a BPF and why do we need it?
* Writing custom BPFs
* Notes on BPF implementation in the kernel
* Usage examples: SOCKET_FILTER & seccomp
Speaker:
Kfir Gollan, senior embedded software developer, Linux kernel hacker and software team leader.
Introduction to eBPF and XDP
Introduction to eBPF and XDPlcplcp1 This document provides an introduction to eBPF and XDP. It discusses the history of BPF and how it evolved into eBPF. Key aspects of eBPF covered include the instruction set, JIT compilation, verifier, helper functions, and maps. XDP is introduced as a way to program the data plane using eBPF programs attached early in the receive path. Example use cases and performance benchmarks for XDP are also mentioned.
Dataplane programming with eBPF: architecture and tools
Dataplane programming with eBPF: architecture and toolsStefano Salsano eBPF is definitely a complex technology. Developing complex systems based on eBPF is challenging due to the intrinsic limitations of the model and the known shortcomings of the tool chain.
The learning curve of this technology is very steep and needs continuous coaching from experts. This tutorial will investigate:
What is eBPF and why it has gained a prominent position among the solutions to improve the packet processing performance in Linux/x86 nodes. We will shortly present some important use case scenarios for eBPF, like Kubernetes’ Cilium
The architecture of eBPF and its programming toolchain (e.g. bcc
What are the frameworks for eBPF programming, such as Polycube and InKeV.
How to make eBPF programming easier, more flexible and modular with HIKe/eCLAT
How to implement a custom application logic in eBPF with eCLAT using a python-like script
How to extend the framework and develop new modules
A Kernel of Truth: Intrusion Detection and Attestation with eBPF
A Kernel of Truth: Intrusion Detection and Attestation with eBPFoholiab "Attestation is hard" is something you might hear from security researchers tracking nation states and APTs, but it's actually pretty true for most network-connected systems!
Modern deployment methodologies mean that disparate teams create workloads for shared worker-hosts (ranging from Jenkins to Kubernetes and all the other orchestrators and CI tools in-between), meaning that at any given moment your hosts could be running any one of a number of services, connecting to who-knows-what on the internet.
So when your network-based intrusion detection system (IDS) opaquely declares that one of these machines has made an "anomalous" network connection, how do you even determine if it's business as usual? Sure you can log on to the host to try and figure it out, but (in case you hadn't noticed) computers are pretty fast these days, and once the connection is closed it might as well not have happened... Assuming it wasn't actually a reverse shell...
At Yelp we turned to the Linux kernel to tell us whodunit! Utilizing the Linux kernel's eBPF subsystem - an in-kernel VM with syscall hooking capabilities - we're able to aggregate metadata about the calling process tree for any internet-bound TCP connection by filtering IPs and ports in-kernel and enriching with process tree information in userland. The result is "pidtree-bcc": a supplementary IDS. Now whenever there's an alert for a suspicious connection, we just search for it in our SIEM (spoiler alert: it's nearly always an engineer doing something "innovative")! And the cherry on top? It's stupid fast with negligible overhead, creating a much higher signal-to-noise ratio than the kernels firehose-like audit subsystems.
This talk will look at how you can tune the signal-to-noise ratio of your IDS by making it reflect your business logic and common usage patterns, get more work done by reducing MTTR for false positives, use eBPF and the kernel to do all the hard work for you, accidentally load test your new IDS by not filtering all RFC-1918 addresses, and abuse Docker to get to production ASAP!
As well as looking at some of the technologies that the kernel puts at your disposal, this talk will also tell pidtree-bcc's road from hackathon project to production system and how focus on demonstrating business value early on allowed the organization to give us buy-in to build and deploy a brand new project from scratch.
Userspace networking
Userspace networkingStephen Hemminger Seven years ago at LCA, Van Jacobsen introduced the concept of net channels but since then the concept of user mode networking has not hit the mainstream. There are several different user mode networking environments: Intel DPDK, BSD netmap, and Solarflare OpenOnload. Each of these provides higher performance than standard Linux kernel networking; but also creates new problems. This talk will explore the issues created by user space networking including performance, internal architecture, security and licensing.
클라우드 컴퓨팅 기반 기술과 오픈스택(Kvm) 기반 Provisioning
클라우드 컴퓨팅 기반 기술과 오픈스택(Kvm) 기반 Provisioning Ji-Woong Choi TTA에 KVM 기반 프로비저닝 기술에 대한 데모 세션을 포함하는 세미나 관련 자료입니다. 클라우드환경으로 가고자 해서 Paas를 어떤 플랫폼위에 올린다면 그리고 가상화 환경이나 클라우드 환경으로 올린다면 어떤 환경으로 올릴것인가를 고민하여야 합니다.
그리고 이 hypervisor중에 cloud 환경에서 가장 주목받는 kvm을 기반으로 하는 두가지 가상화 클라우드 솔루션인 rhev와 openstack을 잠시 살펴볼 것입니다.
그리고 이러한 가상화 클라우드 환경에서 자동화 하는 솔류션을 어떻게 고려해야 하는가를 살펴보고, 그런 솔류션중에 하나인 아테나 피콕에 대해 살펴보겠습니다.
그리고 오픈스택환경하에서 구축해서 사용했던 사용기와 이를 자동화하기위해 개발자들이 사용했던 간단한 ansible provisioning 모습을 시연합니다.
JavaOne 2015 Java Mixed-Mode Flame Graphs
JavaOne 2015 Java Mixed-Mode Flame GraphsBrendan Gregg Slides for JavaOne 2015 talk by Brendan Gregg, Netflix (video/audio, of some sort, hopefully pending: follow @brendangregg on twitter for updates). Description: "At Netflix we dreamed of one visualization to show all CPU consumers: Java methods, GC, JVM internals, system libraries, and the kernel. With the help of Oracle this is now possible on x86 systems using system profilers (eg, Linux perf_events) and the new JDK option -XX:+PreserveFramePointer. This lets us create Java mixed-mode CPU flame graphs, exposing all CPU consumers. We can also use system profilers to analyze memory page faults, TCP events, storage I/O, and scheduler events, also with Java method context. This talk describes the background for this work, instructions generating Java mixed-mode flame graphs, and examples from our use at Netflix where Java on x86 is the primary platform for the Netflix cloud."
I/O仮想化最前線〜ネットワークI/Oを中心に〜
I/O仮想化最前線〜ネットワークI/Oを中心に〜Ryousei Takano This document discusses different methods for virtualizing I/O in virtual machines. It covers virtual I/O approaches like virtio, PCI passthrough, and SR-IOV. It also explains the role of the VMM/hypervisor in managing I/O between VMs and physical devices using techniques like VT-d, Open vSwitch, and single root I/O virtualization. Finally, it discusses emerging standards for virtual switching like virtual Ethernet bridging.
The ideal and reality of NVDIMM RAS
The ideal and reality of NVDIMM RASYasunori Goto In this presentation, Yasunori Goto and Qi fuli will talk about basis of NVDIMM, the issues of RAS of Non Volatile DIMM(NVDIMM), and what feature is made and is developing for it.
NVDIMM is expected as new age device recently. Though a cpu can read/write the NVDIMM directly like RAM, the data of NVDIMM remains after power down or reboot. So, on memory database will be one of the good example of usecase of NVDIMM.
Since many people have made great effort for Linux, NVDIMM drivers, filesystems,management command, and many libraries has been well developed for a few years,
However, Yasunori Goto found some issues about RAS(Reliabivity, Availability, and Serviceability) feature of NVDIMM, because characteristic of the NVDIMM is likely mixture of Storage and RAM. For example, NVDIMM does not have hotplug feature because it is inserted at DIMM slot like RAM, but its data must be back-upped/restored like storage.
RISC-V software state of the union
RISC-V software state of the unionRISC-V International This document summarizes the evolution of the RISC-V software ecosystem from 2015 to 2020. It describes how initial ports of key software in 2015, like GCC and Linux, have expanded to include upstream support in most open source software projects today. It outlines remaining priorities like completing support for specifications and filling gaps in programming language and application software support. The document concludes by encouraging continued collaboration to further mature the RISC-V software ecosystem.
DPDK KNI interface
DPDK KNI interfaceDenys Haryachyy KNI (Kernel Network Interface) is one of the approach, used in DPDK, to connect its user space libs with the Linux kernel network stack.
SoC Hamdi -chap4
SoC Hamdi -chap4mustapha hamdi IMI5-IIA5
Chapitre 4 :
Systèmes sur puces : NoC, NVIC, Timers, ADC, DAC
Understanding eBPF in a Hurry!
Understanding eBPF in a Hurry!Ray Jenkins eBPF is an exciting new technology that is poised to transform Linux performance engineering. eBPF enables users to dynamically and programatically trace any kernel or user space code path, safely and efficiently. However, understanding eBPF is not so simple. The goal of this talk is to give audiences a fundamental understanding of eBPF, how it interconnects existing Linux tracing technologies, and provides a powerful aplatform to solve any Linux performance problem.
Similar to Kernel Proc Connector and Containers (20)
Intel open stack-summit-session-nov13-final
Intel open stack-summit-session-nov13-finalDeepak Mane - Intel is a major contributor to OpenStack and open source projects, contributing across every layer of the OpenStack stack. As the #2 Linux kernel contributor, Intel helps improve performance, stability, and efficiency.
- Intel enables OpenStack cloud deployments through contributions to OpenStack projects, open source tools, and optimizations. Intel IT also uses OpenStack in their own private cloud.
- Intel is working on technologies to address challenges in datacenters, including security and compliance, cost reduction, and business uptime. Technologies include trusted compute pools, erasure coding, and enhanced platform awareness.
Exploring the Final Frontier of Data Center Orchestration: Network Elements -...
Exploring the Final Frontier of Data Center Orchestration: Network Elements -...Puppet The document discusses network element automation using Puppet. It provides context on the challenges of manual network configuration including lack of agility, reliability issues from errors, and time spent on basic tasks. Puppet can automate network elements similar to how it automates servers, reducing errors and improving speed/productivity. The Cisco Nexus platform and NXAPI enable programmatic access for automation using Puppet through technologies like onePK and LXC containers running on the switch.
IBM Bluemix Nice meetup #5 - 20170504 - Orchestrer Docker avec Kubernetes
IBM Bluemix Nice meetup #5 - 20170504 - Orchestrer Docker avec KubernetesIBM France Lab This document provides an overview of Kubernetes (K8s), an open-source platform for automating deployment, scaling, and operations of application containers. It defines key Kubernetes terminology like nodes, master node, worker nodes, pods, replication controllers, services, secrets and proxies. Diagrams show the Kubernetes architecture with the master node controlling and managing the cluster through kubectl and REST APIs, and worker nodes running pods and containers managed by kubelet and kube-proxy.
PLNOG16: Automatyzacja kreaowania usług operatorskich w separacji od rodzaju ...
PLNOG16: Automatyzacja kreaowania usług operatorskich w separacji od rodzaju ...PROIDEA PLNOG16: Automatyzacja kreaowania usług operatorskich w separacji od rodzaju urządzeń - Network Services Orchestration, Krzysztof Konkowski
Provisioning Windows instances at scale on Azure, AWS and OpenStack - Adrian ...
Provisioning Windows instances at scale on Azure, AWS and OpenStack - Adrian ...ITCamp In a cloud based environment, where automation is a primary concern, guest operating systems need to be provisioned at boot time.
There are a lot of actions that need to be performed at this stage, ranging from assigning the admin user’s credentials to creating WinRM listeners, storage configurations, RDP settings, guest agent installation, custom data execution and much more.
The de-facto standard guest provisioning tools are cloud-init on Linux and cloudbase-init on Windows.
I will present how cloudbase-init runs on all the Microsoft supported Windows editions (there are quite a few) and how it supports a plethora of metadata service implementations (EC2, OpenStack, the recently added Azure).
Cloudbase-init is being run thousands of times daily all over the world’s public clouds and data centers and it has reached more than 5 million known runs to date.
We will also take an in-depth look at the Argus integration testing framework, which automates the integration testing of cloudbase-init on real world platforms, to make sure it meets a very strict set of performance, compatibility and security requirements.
At the end I will show you a live demo with a cloudbase-init bootstrapped Windows instance on Azure, and how you can benefit from the provisioning process.
G rpc talk with intel (3)
G rpc talk with intel (3)Intel Google and Intel speak on NFV and SFC service delivery
The slides are as presented at the meet up "Out of Box Network Developers" sponsored by Intel Networking Developer Zone
Here is the Agenda of the slides:
How DPDK, RDT and gRPC fit into SDI/SDN, NFV and OpenStack
Key Platform Requirements for SDI
SDI Platform Ingredients: DPDK, IntelⓇRDT
gRPC Service Framework
IntelⓇ RDT and gRPC service framework
Case Studies A Kubernetes DFIR investigation.pdf
Case Studies A Kubernetes DFIR investigation.pdfChristopher Doman The talk "Case Studies A Kubernetes DFIR investigation" will focus on the Digital Forensics and Incident Response (DFIR) investigation of Kubernetes clusters. Kubernetes is a popular container orchestration platform used by many organizations to manage their containerized applications. However, like any other technology, Kubernetes clusters are also prone to security incidents, and therefore, require proper DFIR procedures to be followed in case of a breach.
In this talk, we will discuss the DFIR investigation of three real-world Kubernetes security incidents that we have encountered. We will walk through the forensic techniques and methodologies that were used to identify the root cause of the incidents, including the use of Kubernetes audit logs, network traffic analysis, and memory forensics.
We will also discuss the challenges that were faced during the investigation and the lessons learned from each incident. The audience will learn about the importance of implementing proper logging and monitoring for Kubernetes clusters, as well as the need for a well-defined incident response plan.
Overall, this talk will provide valuable insights into the DFIR investigation of Kubernetes clusters, and how organizations can better prepare themselves to respond to security incidents in their Kubernetes environments.
MINA2 (Apache Netty)
MINA2 (Apache Netty)ducquoc_vn Apache MINA2 is a Java open-source network application framework that provides an asynchronous, non-blocking infrastructure for developing network applications. It features reusable and extensible components like IoSession for connections, IoService for servers/clients, IoFilters for cross-cutting concerns, and ProtocolCodecFilters for encoding network protocols. MINA supports various network protocols and data types and provides an elegant way to build scalable and manageable network applications.
Améliorer OpenStack avec les technologies Intel
Améliorer OpenStack avec les technologies IntelOdinot Stanislas This document summarizes Intel's contributions and technologies for enhancing OpenStack. It discusses how Intel technologies can enhance OpenStack compute, storage, networking, and data collection. Specific technologies covered include Trusted Compute Pools, key management, erasure coding for Swift storage, and the Intel Open Network Platform for SDN/NFV. The presentation concludes by providing resources for learning more about Intel's OpenStack solutions and contributions.
OSDC 2018 | Highly Available Cloud Foundry on Kubernetes by Cornelius Schumacher
OSDC 2018 | Highly Available Cloud Foundry on Kubernetes by Cornelius SchumacherNETWAYS This document discusses running Cloud Foundry on Kubernetes to provide highly available cloud platforms. It begins with an overview of cloud computing models and introduces Cloud Foundry. It then discusses deploying Cloud Foundry using Kubernetes primitives like pods, services, and stateful sets for high availability. The document demonstrates how to install Cloud Foundry on Kubernetes using Helm charts and configure for high availability. It shows the components have been made highly available to prevent downtime during failures or upgrades. Finally, it provides a demo of deploying a sample application on Cloud Foundry on Kubernetes under chaotic conditions to showcase the high availability.
Leveraging the strength of OSGi to deliver a convergent IoT Ecosystem - O Log...
Leveraging the strength of OSGi to deliver a convergent IoT Ecosystem - O Log...mfrancis The “internet of things” is the next revolutionary wave following profound changes brought to us by Personal Computers (connecting places) and Mobile Phones (connecting people on the go). This third wave heralds the beginning of the new era of pervasive connectivity, embedded intelligence, and application convergence. It will be the world where smart things will communicate among themselves and with us enabling greener, more efficient, and at the same time more comfortable environment.
This talk will present a platform and products designed to serve the new markets enabled by the Internet of Things, with a particular focus on the value of the OSGi framework enabling convergence of Home Automation, Smart Energy, Electric Vehicle Charging, and e-health on a single remotely manageable platform. It will also provide insights on how the platform was developed leveraging the extensibility offered by the OSGi framework and ProSyst’s modular architecture.
The built-in OSGi stack provides Java-level abstraction of the network interfaces and Smart Energy Profile 2.0 stack as well as cloud integration features such as web server, web services and standards-based remote management. The OSGi framework is the key enabler of the product lifecycle and remote application management mandatory for service provider driven deployments. The Smart Energy 2.0 standard is a key element of the future smart grid. And the work presented in this talk describes the first platform integrating the SEP 2.0 protocol stack with an OSGi based middleware. The OSGi based solution also provides higher level of device security through the use of secure element. The UDK-21 is build around a System-on-Chip STreamPlug (ST2100), the solution features a fully integrated HomePlug PHY/MAC and Analog Front End combined with the ARM926EJ-S processor and a rich set of interfaces.
A demo showing Smart Energy Profile 2.0 use cases will outline these features. The demo will show how web based applications can interact with the OSGi stack on the already publicly available UDK-21 based gateway to control remote devices, such as a thermostat or an electric load. The access to SEP 2.0 devices will be done by the means of JSON-RPC based APIs, independent of the underlying device protocol, hence highlighting the benefits of a generic protocol agnostic architecture from the application standpoint. Other examples of the products that can be built around UDK-21 include Electric Vehicle Charger, Smart Meter, and a Basement Sensor Hub.
MicroProfile, Docker, Kubernetes, Istio and Open Shift lab @dev nexus
MicroProfile, Docker, Kubernetes, Istio and Open Shift lab @dev nexusEmily Jiang This document provides an overview of Eclipse MicroProfile, Open Liberty, and hands-on cloud-native Java microservices. It discusses key MicroProfile APIs for REST, configuration, fault tolerance, health checks, metrics, and more. It also covers deploying microservices on Docker, Kubernetes, and using a service mesh like Istio. The document concludes with a link to a GitHub repository containing a tutorial lab for getting started with a MicroProfile application on Open Liberty.
Kubernetes deployment on bare metal with container linux
Kubernetes deployment on bare metal with container linuxmacchiang This document discusses deploying Kubernetes on bare metal servers using Container Linux (CoreOS). It describes why bare metal and Container Linux are used, how to deploy the Kubernetes control plane and worker nodes, and how to configure Kubernetes components. The deployment uses CoreOS, etcd, flannel, and TLS assets to set up a highly available Kubernetes cluster on bare metal servers without virtualization. Matchbox can also be used for provisioning nodes by generating Ignition configs from profiles, groups and templates.
OpenStack with OpenDaylight
OpenStack with OpenDaylightVikram G Hosakote This document outlines an agenda for a DevNet workshop on using OpenStack with OpenDaylight. The agenda includes installing OpenStack, installing OpenDaylight, configuring OpenStack to use OpenDaylight, verifying the system works, troubleshooting, and a Q&A session. OpenDaylight is an open source SDN controller that can provide advanced networking capabilities for OpenStack deployments by managing network endpoints and traffic through plugins like Neutron/ML2. Both projects are complex to install but integrating them can enable significant benefits for advanced networking in OpenStack clouds.
CCNA (R & S) Module 03 - Routing & Switching Essentials - Chapter 10
CCNA (R & S) Module 03 - Routing & Switching Essentials - Chapter 10Waqas Ahmed Nawaz CCNA (R & S) Module 03 - Routing & Switching Essentials - Chapter 10
Device Discovery, CDP, LLD, NTP, Sys Log,
Monitoring federation open stack infrastructure
Monitoring federation open stack infrastructureFernando Lopez Aguilar Monitoring GEi used in the FI-WARE and XiFi project in order to recover information of the servers, hosts and OpenStack instances
Implementing Observability for Kubernetes.pdf
Implementing Observability for Kubernetes.pdfJose Manuel Ortega Candel No production system is complete without a way to monitor it. In software, we define observability as the ability to understand how our system is performing. This talk dives into capabilities and tools that are recommended for implementing observability when running K8s in production as the main platform today for deploying and maintaining containers with cloud-native solutions.
We start by introducing the concept of observability in the context of distributed systems such as K8s and the difference with monitoring. We continue by reviewing the observability stack in K8s and the main functionalities. Finally, we will review the tools K8s provides for monitoring and logging, and get metrics from applications and infrastructure.
Between the points to be discussed we can highlight:
-Introducing the concept of observability
-Observability stack in K8s
-Tools and apps for implementing Kubernetes observability
-Integrating Prometheus with OpenMetrics
Cotopaxi - IoT testing toolkit (Black Hat Asia 2019 Arsenal)
Cotopaxi - IoT testing toolkit (Black Hat Asia 2019 Arsenal)Jakub Botwicz Presentation about Cotopaxi toolkit from Black Hat Asia 2019 Arsenal session. Author: Jakub Botwicz
https://www.blackhat.com/asia-19/arsenal/schedule/index.html#cotopaxi-iot-protocols-security-testing-toolkit-14325
Proto kubernetes onswitc_hengines_tue100418
Proto kubernetes onswitc_hengines_tue100418inside-BigData.com In this deck from the 2018 Swiss HPC Conference, Saverio Proto from SWITCH presents: Kubernetes as a Service Built on OpenStack.
"At SWITCH we are looking to provide a container platform as a Service solution. We are working on Kubernetes leveraging the Openstack cloud provider integration. In this talk we show how to re-use the existing keystone credentials to access the K8s cluster, how to obtain PVCs using the Cinder storage class and many other nice integration details."
Watch the video: https://wp.me/p3RLHQ-isp
Learn more: https://www.switch.com/
and
http://www.hpcadvisorycouncil.com/events/2018/swiss-workshop/agenda.php
Sign up for our insideHPC Newsletter: http://insidehpc.com/newsletter
"Efficient Implementation of Convolutional Neural Networks using OpenCL on FP...
"Efficient Implementation of Convolutional Neural Networks using OpenCL on FP...Edge AI and Vision Alliance For the full video of this presentation, please visit:
http://www.embedded-vision.com/platinum-members/altera/embedded-vision-training/videos/pages/may-2015-embedded-vision-summit
For more information about embedded vision, please visit:
http://www.embedded-vision.com
Deshanand Singh, Director of Software Engineering at Altera, presents the "Efficient Implementation of Convolutional Neural Networks using OpenCL on FPGAs" tutorial at the May 2015 Embedded Vision Summit.
Convolutional neural networks (CNN) are becoming increasingly popular in embedded applications such as vision processing and automotive driver assistance systems. The structure of CNN systems is characterized by cascades of FIR filters and transcendental functions. FPGA technology offers a very efficient way of implementing these structures by allowing designers to build custom hardware datapaths that implement the CNN structure. One challenge of using FPGAs revolves around the design flow that has been traditionally centered around tedious hardware description languages.
In this talk, Deshanand gives a detailed explanation of how CNN algorithms can be expressed in OpenCL and compiled directly to FPGA hardware. He gives detail on code optimizations and provides comparisons with the efficiency of hand-coded implementations.
"Efficient Implementation of Convolutional Neural Networks using OpenCL on FP...
"Efficient Implementation of Convolutional Neural Networks using OpenCL on FP...Edge AI and Vision Alliance
Ad
More from Kernel TLV (20)
DPDK In Depth
DPDK In DepthKernel TLV DPDK in depth
This document provides an overview of DPDK (Data Plane Development Kit):
1. DPDK is an open source project for data plane programming and network acceleration. It started at Intel in 2010 and is now maintained by the Linux Foundation.
2. DPDK provides poll mode drivers (PMDs), libraries, and sample applications for fast packet processing. It uses hugepages and avoids kernel involvement for high performance.
3. The document outlines several DPDK projects, libraries, PMDs, advantages and disadvantages, development process, and demonstrates a simple DPDK application (l2fwd) and the testpmd tool.
Building Network Functions with eBPF & BCC
Building Network Functions with eBPF & BCCKernel TLV eBPF (Extended Berkeley Packet Filter) is an in-kernel virtual machine that allows running user-supplied sandboxed programs inside of the kernel. It is especially well-suited to network programs and it's possible to write programs that filter traffic, classify traffic and perform high-performance custom packet processing.
BCC (BPF Compiler Collection) is a toolkit for creating efficient kernel tracing and manipulation programs. It makes use of eBPF.
BCC provides an end-to-end workflow for developing eBPF programs and supplies Python bindings, making eBPF programs much easier to write.
Together, eBPF and BCC allow you to develop and deploy network functions safely and easily, focusing on your application logic (instead of kernel datapath integration).
In this session, we will introduce eBPF and BCC, explain how to implement a network function using BCC, discuss some real-life use-cases and show a live demonstration of the technology.
About the speaker
Shmulik Ladkani, Chief Technology Officer at Meta Networks,
Long time network veteran and kernel geek.
Shmulik started his career at Jungo (acquired by NDS/Cisco) implementing residential gateway software, focusing on embedded Linux, Linux kernel, networking and hardware/software integration.
Some billions of forwarded packets later, Shmulik left his position as Jungo's lead architect and joined Ravello Systems (acquired by Oracle) as tech lead, developing a virtual data center as a cloud-based service, focusing around virtualization systems, network virtualization and SDN.
Recently he co-founded Meta Networks where he's been busy architecting secure, multi-tenant, large-scale network infrastructure as a cloud-based service.
SGX Trusted Execution Environment
SGX Trusted Execution EnvironmentKernel TLV Intel trusted execution environment, SGX, offers an attractive solution for protecting one's private data in the public cloud environment, even in the presence of a malicious OS or VMM.
In this talk, we will:
* explore how SGX mitigates various attack surfaces and the caveats of naively using the technology to protect applications,
* discuss the performance implications of SGX on common applications and understand the new bottlenecks created by SGX, which may lead to a 5X performance degradation.
* describe an optimized SGX interface, HotCalls, that provides a 13-27x speedup compared to the built-in mechanism supplied by the SGX SDK.
* discuss how it is possible for the OS to manage secure memory without having access to it.
* explore various attack surfaces and published attacks which require collusion with the OS. Specifically, page-fault and page-fault-less “controlled channel attacks”, branch-shadowing attacks and potential mitigations.
Ofir Weisse is a Researcher PhD Student at University of Michigan.
Video available at: https://www.youtube.com/watch?v=I3TCctdnOEc
Fun with FUSE
Fun with FUSEKernel TLV Dima Krasner talks about FUSE, Filesystem in Userspace, its pros and cons, usage, tips and tricks, and more.
Dima is a senior developer at Sam Seamless Network.
Bypassing ASLR Exploiting CVE 2015-7545
Bypassing ASLR Exploiting CVE 2015-7545Kernel TLV Nadav Markus goes over the path from a simple crash POC provided by Google Project Zero (for CVE-2015-7547), to a fully weaponized exploit.
He explores how an attacker can utilize the behavior of the Linux kernel in order to bypass ASLR, allowing an attacker to remotely execute code on vulnerable targets.
Present Absence of Linux Filesystem Security
Present Absence of Linux Filesystem SecurityKernel TLV "Present Absence - A character who does not appear for much of or all of the plot, but whose absence is most significant."
Linux filesystem security had appeared before security was an issue. It stagnated for a long time, while the world changed.
A look from the trenches on what is there, what the problems are and what is missing.
Older than he looks, Philip Derbeko has been programming for over 20 years.
He was using Linux since days of Slackware 3.0 with kernel 2.0
Most of the years worked on storage, security systems and machine learning.
Currently, develops and herds a team of Linux, OS X and Windows kernel developers at enSilo.
YouTube: https://www.youtube.com/watch?v=IC-Uf96aUj4
OpenWrt From Top to Bottom
OpenWrt From Top to BottomKernel TLV OpenWrt is a Linux distribution for embedded systems that runs on many routers and networking devices today. In this session we'll talk about OpenWrt's origins, architecture and get down to building apps for the platform.
Along the way we will touch on some basic firmware concepts and at last present the final working OpenWrt router and its capabilities.
Anton Lerner, Architect at Sitaro, computer geek, developer and occasional maker.
Sitaro provides total cyber protection for small business and home networks. Sitaro prevents massive scale IoT cyber attacks.
Find out more information in the meetup event page - https://www.meetup.com/Tel-Aviv-Yafo-Linux-Kernel-Meetup/events/245319189/
Make Your Containers Faster: Linux Container Performance Tools
Make Your Containers Faster: Linux Container Performance ToolsKernel TLV If you look under the hood, Linux containers are just processes with some isolation features and resource quotas sprinkled on top. In this talk, we will apply modern Linux performance tools to container analysis: get high-level resource utilization on running containers with docker stats, htop, and nsenter; dig into high-CPU issues with perf; detect slow filesystem latency with BPF-based tools; and generate flame graphs of interesting event call stacks.
Sasha Goldshtein is the CTO of Sela Group, a Microsoft MVP and Regional Director, Pluralsight and O'Reilly author, and international consultant and trainer. Sasha is the author of two books and multiple online courses, and a prolific blogger. He is also an active open source contributor to projects focused on system diagnostics, performance monitoring, and tracing -- across multiple operating systems and runtimes. Sasha authored and delivered training courses on Linux performance optimization, event tracing, production debugging, mobile application development, and modern C++. Between his consulting engagements, Sasha speaks at international conferences world-wide.
You can find more details on the meetup page - https://www.meetup.com/Tel-Aviv-Yafo-Linux-Kernel-Meetup/events/245319189/
Emerging Persistent Memory Hardware and ZUFS - PM-based File Systems in User ...
Emerging Persistent Memory Hardware and ZUFS - PM-based File Systems in User ...Kernel TLV In this talk, Dr. Amit Golander looks into emerging PM/NVDIMM devices, the value they bring to applications and most importantly how they revolutionize the storage stack.
In the second part, Boaz Harrosh and Shachar Sharon dive into new opportunities to develop memory-based filesystems in user space, leveraging a new open source project called ZUFS. ZUFS was presented in the last Linux Plumbers conference and unlike FUSE it focuses on delivering low latency and zero copy.
Dr. Amit Golander was the CTO of Plexistor, which developed the first enterprise-grade PM-based file system, and which was acquired earlier this year by NetApp.
Boaz Harrosh and Shachar Sharon are ZUFS maintainers and longtime Storage and Linux veterans.
File Systems: Why, How and Where
File Systems: Why, How and WhereKernel TLV Philip Derbeko presents past design decisions that influenced the design of current filesystems, takes a look at how Linux tackles those problems and compares it with other operating systems, and discusses the upcoming revolution in storage and filesystem design.
Older than he looks, Philip Derbeko has been programming for over 20 years.
He was using Linux since days of Slackware 3.0 with kernel 2.0
Most of the years worked on storage, security systems and machine learning.
Currently, develops and herds a team of Linux, OS X and Windows kernel developers at enSilo.
netfilter and iptables
netfilter and iptablesKernel TLV netfilter is a framework provided by the Linux kernel that allows various networking-related operations to be implemented in the form of customized handlers.
iptables is a user-space application program that allows a system administrator to configure the tables provided by the Linux kernel firewall (implemented as different netfilter modules) and the chains and rules it stores.
Many systems use iptables/netfilter, Linux's native packet filtering/mangling framework since Linux 2.4, be it home routers or sophisticated cloud network stacks.
In this session, we will talk about the netfilter framework and its facilities, explain how basic filtering and mangling use-cases are implemented using iptables, and introduce some less common but powerful extensions of iptables.
Shmulik Ladkani, Chief Architect at Nsof Networks.
Long time network veteran and kernel geek.
Shmulik started his career at Jungo (acquired by NDS/Cisco) implementing residential gateway software, focusing on embedded Linux, Linux kernel, networking and hardware/software integration.
Some billions of forwarded packets later, Shmulik left his position as Jungo's lead architect and joined Ravello Systems (acquired by Oracle) as tech lead, developing a virtual data center as a cloud-based service, focusing around virtualization systems, network virtualization and SDN.
Recently he co-founded Nsof Networks, where he's been busy architecting network infrastructure as a cloud-based service, gazing at internet routes in astonishment, and playing the chkuku.
KernelTLV Speaker Guidelines
KernelTLV Speaker GuidelinesKernel TLV We strive to deliver quality talks in our meetups, so we wrote down some guidelines and tips for speakers.
Userfaultfd: Current Features, Limitations and Future Development
Userfaultfd: Current Features, Limitations and Future DevelopmentKernel TLV userfaultfd is a mechanism that allows user-space paging implementation. Originally designed for post-copy migration of virtual machines, it applies to different use cases, such as implementation of volatile ranges, container migration, improvement of robustness of shared memory, efficient memory snapshotting and more.
This talk covers the current status and supported features of userfaultfd, work currently in progress and future development plans.
Mike Rapoport
Mike has been hacking on the Linux kernel for over a decade. He has added his 2 cents to the mess in arch/arm, contributed to several device drivers and now he is focused on userfaultfd and CRIU.
Mike’s current position is a researcher at IBM.
The Linux Block Layer - Built for Fast Storage
The Linux Block Layer - Built for Fast StorageKernel TLV The arrival of flash storage introduced a radical change in performance profiles of direct attached devices. At the time, it was obvious that Linux I/O stack needed to be redesigned in order to support devices capable of millions of IOPs, and with extremely low latency.
In this talk we revisit the changes the Linux block layer in the
last decade or so, that made it what it is today - a performant, scalable, robust and NUMA-aware subsystem. In addition, we cover the new NVMe over Fabrics support in Linux.
Sagi Grimberg
Sagi is Principal Architect and co-founder at LightBits Labs.
Linux Kernel Cryptographic API and Use Cases
Linux Kernel Cryptographic API and Use CasesKernel TLV The Linux kernel has a rich and modular cryptographic API that is used extensively by familiar user facing software such as Android. It's also cryptic, badly documented, subject to change and can easily bite you in unexpected and painful ways.
This talk will describe the crypto API, provide some usage example and discuss some of the more interesting in-kernel users, such as DM-Crypt, DM-Verity and the new fie system encryption code.
Gilad Ben-Yossef is a principal software engineer at ARM. He works on the kernel security sub-system and the ARM CryptCell engine. Open source work done by Gilad includes an experiment in integration of network processors in the networking stack, a patch set for reducing the interference caused to user space processes in large multi-core systems by Linux kernel “maintenance” work and on SMP support for the Synopsys Arc processor among others.
Gilad has co-authored O’Reilly’s “Building Embedded Linux Systems” 2nd edition and presented at such venues as Embedded Linux Conference Europe and the Ottawa Linux Symposium, as well as co-founded Hamakor, an Israeli NGO for the advancement for Open Source and Free Software in Israel. When not hacking on kernel code you can find Gilad meditating and making dad jokes on Twitter.
DMA Survival Guide
DMA Survival GuideKernel TLV Ramon Fried covers the following topics:
* What DMA is.
* DMA Buffer Allocations and Management.
* Cache Coherency.
* PCI and DMA.
* dmaengine Framework.
Ramon is an Embedded Linux team leader in TandemG, leading various cutting edge projects in the Linux kernel.
He has years of experience in embedded systems, operating systems and Linux kernel.
FD.IO Vector Packet Processing
FD.IO Vector Packet ProcessingKernel TLV Kirill Tsym discusses Vector Packet Processing:
* Linux Kernel data path (in short), initial design, today's situation, optimization initiatives
* Brief overview of DPDK, Netmap, etc.
* Userspace Networking projects comparison: OpenFastPath, OpenSwitch, VPP.
* Introduction to VPP: architecture, capabilities and optimization techniques.
* Basic Data Flow and introduction to vectors.
* VPP Single and Multi-thread modes.
* Router and switch for namespaces example.
* VPP L4 protocol processing - Transport Layer Development Kit.
* VPP Plugins.
Kiril is a software developer at Check Point Software Technologies, part of Next Generation Gateway and Architecture team, developing proof of concept around DPDK and FD.IO VPP. He has years of experience in software, Linux kernel and networking development and has worked for Polycom, Broadcom and Qualcomm before joining Check Point.
WiFi and the Beast
WiFi and the BeastKernel TLV In this talk, Ouri Lipner provides an introduction to the WiFi protocol and its implementations in the Linux kernel.
When not busy writing about himself in 3rd person, Ouri is a full time hacker of both cyber and kernel varieties.
Introduction to DPDK
Introduction to DPDKKernel TLV DPDK is a set of drivers and libraries that allow applications to bypass the Linux kernel and access network interface cards directly for very high performance packet processing. It is commonly used for software routers, switches, and other network applications. DPDK can achieve over 11 times higher packet forwarding rates than applications using the Linux kernel network stack alone. While it provides best-in-class performance, DPDK also has disadvantages like reduced security and isolation from standard Linux services.
FreeBSD and Drivers
FreeBSD and DriversKernel TLV Have you ever heard of FreeBSD? Probably.
Have you ever interacted with its kernel? Probably not.
In this talk, Gili Yankovitch (nyxsecuritysolutions.com) will talk about the FreeBSD operating system, its network stack and how to write network drivers for it.
The talk will cover the following topics:
* Kernel/User interation in FreeBSD
* The FreeBSD Network Stack
* Network Buffers API
* L2 and L3 Hooking
Ad
Recently uploaded (20)
Salesforce Data Cloud- Hyperscale data platform, built for Salesforce.
Salesforce Data Cloud- Hyperscale data platform, built for Salesforce.Dele Amefo Salesforce Data Cloud- Hyperscale data platform, built for Salesforce.
Adobe Illustrator Crack FREE Download 2025 Latest Version
Adobe Illustrator Crack FREE Download 2025 Latest Versionkashifyounis067 🌍📱👉COPY LINK & PASTE ON GOOGLE http://drfiles.net/ 👈🌍
Adobe Illustrator is a powerful, professional-grade vector graphics software used for creating a wide range of designs, including logos, icons, illustrations, and more. Unlike raster graphics (like photos), which are made of pixels, vector graphics in Illustrator are defined by mathematical equations, allowing them to be scaled up or down infinitely without losing quality.
Here's a more detailed explanation:
Key Features and Capabilities:
Vector-Based Design:
Illustrator's foundation is its use of vector graphics, meaning designs are created using paths, lines, shapes, and curves defined mathematically.
Scalability:
This vector-based approach allows for designs to be resized without any loss of resolution or quality, making it suitable for various print and digital applications.
Design Creation:
Illustrator is used for a wide variety of design purposes, including:
Logos and Brand Identity: Creating logos, icons, and other brand assets.
Illustrations: Designing detailed illustrations for books, magazines, web pages, and more.
Marketing Materials: Creating posters, flyers, banners, and other marketing visuals.
Web Design: Designing web graphics, including icons, buttons, and layouts.
Text Handling:
Illustrator offers sophisticated typography tools for manipulating and designing text within your graphics.
Brushes and Effects:
It provides a range of brushes and effects for adding artistic touches and visual styles to your designs.
Integration with Other Adobe Software:
Illustrator integrates seamlessly with other Adobe Creative Cloud apps like Photoshop, InDesign, and Dreamweaver, facilitating a smooth workflow.
Why Use Illustrator?
Professional-Grade Features:
Illustrator offers a comprehensive set of tools and features for professional design work.
Versatility:
It can be used for a wide range of design tasks and applications, making it a versatile tool for designers.
Industry Standard:
Illustrator is a widely used and recognized software in the graphic design industry.
Creative Freedom:
It empowers designers to create detailed, high-quality graphics with a high degree of control and precision.
PDF Reader Pro Crack Latest Version FREE Download 2025
PDF Reader Pro Crack Latest Version FREE Download 2025mu394968 🌍📱👉COPY LINK & PASTE ON GOOGLE https://dr-kain-geera.info/👈🌍
PDF Reader Pro is a software application, often referred to as an AI-powered PDF editor and converter, designed for viewing, editing, annotating, and managing PDF files. It supports various PDF functionalities like merging, splitting, converting, and protecting PDFs. Additionally, it can handle tasks such as creating fillable forms, adding digital signatures, and performing optical character recognition (OCR).
Top 10 Client Portal Software Solutions for 2025.docx
Top 10 Client Portal Software Solutions for 2025.docxPortli Discover the top 10 client portal software solutions for 2025. Streamline communication, ensure security, and enhance client experience.
Expand your AI adoption with AgentExchange
Expand your AI adoption with AgentExchangeFexle Services Pvt. Ltd. AgentExchange is Salesforce’s latest innovation, expanding upon the foundation of AppExchange by offering a centralized marketplace for AI-powered digital labor. Designed for Agentblazers, developers, and Salesforce admins, this platform enables the rapid development and deployment of AI agents across industries.
Email: [email protected]
Phone: +1(630) 349 2411
Website: https://www.fexle.com/blogs/agentexchange-an-ultimate-guide-for-salesforce-consultants-businesses/?utm_source=slideshare&utm_medium=pptNg
FL Studio Producer Edition Crack 2025 Full Version
FL Studio Producer Edition Crack 2025 Full Versiontahirabibi60507 Copy & Past Link 👉👉
http://drfiles.net/
FL Studio is a Digital Audio Workstation (DAW) software used for music production. It's developed by the Belgian company Image-Line. FL Studio allows users to create and edit music using a graphical user interface with a pattern-based music sequencer.
Proactive Vulnerability Detection in Source Code Using Graph Neural Networks:...
Proactive Vulnerability Detection in Source Code Using Graph Neural Networks:...Ranjan Baisak As software complexity grows, traditional static analysis tools struggle to detect vulnerabilities with both precision and context—often triggering high false positive rates and developer fatigue. This article explores how Graph Neural Networks (GNNs), when applied to source code representations like Abstract Syntax Trees (ASTs), Control Flow Graphs (CFGs), and Data Flow Graphs (DFGs), can revolutionize vulnerability detection. We break down how GNNs model code semantics more effectively than flat token sequences, and how techniques like attention mechanisms, hybrid graph construction, and feedback loops significantly reduce false positives. With insights from real-world datasets and recent research, this guide shows how to build more reliable, proactive, and interpretable vulnerability detection systems using GNNs.
Avast Premium Security Crack FREE Latest Version 2025
Avast Premium Security Crack FREE Latest Version 2025mu394968 🌍📱👉COPY LINK & PASTE ON GOOGLE https://dr-kain-geera.info/👈🌍
Avast Premium Security is a paid subscription service that provides comprehensive online security and privacy protection for multiple devices. It includes features like antivirus, firewall, ransomware protection, and website scanning, all designed to safeguard against a wide range of online threats, according to Avast.
Key features of Avast Premium Security:
Antivirus: Protects against viruses, malware, and other malicious software, according to Avast.
Firewall: Controls network traffic and blocks unauthorized access to your devices, as noted by All About Cookies.
Ransomware protection: Helps prevent ransomware attacks, which can encrypt your files and hold them hostage.
Website scanning: Checks websites for malicious content before you visit them, according to Avast.
Email Guardian: Scans your emails for suspicious attachments and phishing attempts.
Multi-device protection: Covers up to 10 devices, including Windows, Mac, Android, and iOS, as stated by 2GO Software.
Privacy features: Helps protect your personal data and online privacy.
In essence, Avast Premium Security provides a robust suite of tools to keep your devices and online activity safe and secure, according to Avast.
Pixologic ZBrush Crack Plus Activation Key [Latest 2025] New Version![Pixologic ZBrush Crack Plus Activation Key [Latest 2025] New Version](https://cdn.slidesharecdn.com/ss_thumbnails/fashionevolution2-250322112409-f76abaa7-250428124909-b51264ff-250504160528-fc2bb1c5-thumbnail.jpg?width=560&fit=bounds)
Pixologic ZBrush Crack Plus Activation Key [Latest 2025] New Versionsaimabibi60507 Copy & Past Link👉👉
https://dr-up-community.info/
Pixologic ZBrush, now developed by Maxon, is a premier digital sculpting and painting software renowned for its ability to create highly detailed 3D models. Utilizing a unique "pixol" technology, ZBrush stores depth, lighting, and material information for each point on the screen, allowing artists to sculpt and paint with remarkable precision .
Automation Techniques in RPA - UiPath Certificate
Automation Techniques in RPA - UiPath CertificateVICTOR MAESTRE RAMIREZ Automation Techniques in RPA - UiPath Certificate
How to Batch Export Lotus Notes NSF Emails to Outlook PST Easily?
How to Batch Export Lotus Notes NSF Emails to Outlook PST Easily?steaveroggers Migrating from Lotus Notes to Outlook can be a complex and time-consuming task, especially when dealing with large volumes of NSF emails. This presentation provides a complete guide on how to batch export Lotus Notes NSF emails to Outlook PST format quickly and securely. It highlights the challenges of manual methods, the benefits of using an automated tool, and introduces eSoftTools NSF to PST Converter Software — a reliable solution designed to handle bulk email migrations efficiently. Learn about the software’s key features, step-by-step export process, system requirements, and how it ensures 100% data accuracy and folder structure preservation during migration. Make your email transition smoother, safer, and faster with the right approach.
Read More:- https://www.esofttools.com/nsf-to-pst-converter.html
F-Secure Freedome VPN 2025 Crack Plus Activation New Version
F-Secure Freedome VPN 2025 Crack Plus Activation New Versionsaimabibi60507 Copy & Past Link 👉👉
https://dr-up-community.info/
F-Secure Freedome VPN is a virtual private network service developed by F-Secure, a Finnish cybersecurity company. It offers features such as Wi-Fi protection, IP address masking, browsing protection, and a kill switch to enhance online privacy and security .
Microsoft AI Nonprofit Use Cases and Live Demo_2025.04.30.pdf
Microsoft AI Nonprofit Use Cases and Live Demo_2025.04.30.pdfTechSoup In this webinar we will dive into the essentials of generative AI, address key AI concerns, and demonstrate how nonprofits can benefit from using Microsoft’s AI assistant, Copilot, to achieve their goals.
This event series to help nonprofits obtain Copilot skills is made possible by generous support from Microsoft.
What You’ll Learn in Part 2:
Explore real-world nonprofit use cases and success stories.
Participate in live demonstrations and a hands-on activity to see how you can use Microsoft 365 Copilot in your own work!
Adobe Lightroom Classic Crack FREE Latest link 2025
Adobe Lightroom Classic Crack FREE Latest link 2025kashifyounis067 🌍📱👉COPY LINK & PASTE ON GOOGLE http://drfiles.net/ 👈🌍
Adobe Lightroom Classic is a desktop-based software application for editing and managing digital photos. It focuses on providing users with a powerful and comprehensive set of tools for organizing, editing, and processing their images on their computer. Unlike the newer Lightroom, which is cloud-based, Lightroom Classic stores photos locally on your computer and offers a more traditional workflow for professional photographers.
Here's a more detailed breakdown:
Key Features and Functions:
Organization:
Lightroom Classic provides robust tools for organizing your photos, including creating collections, using keywords, flags, and color labels.
Editing:
It offers a wide range of editing tools for making adjustments to color, tone, and more.
Processing:
Lightroom Classic can process RAW files, allowing for significant adjustments and fine-tuning of images.
Desktop-Focused:
The application is designed to be used on a computer, with the original photos stored locally on the hard drive.
Non-Destructive Editing:
Edits are applied to the original photos in a non-destructive way, meaning the original files remain untouched.
Key Differences from Lightroom (Cloud-Based):
Storage Location:
Lightroom Classic stores photos locally on your computer, while Lightroom stores them in the cloud.
Workflow:
Lightroom Classic is designed for a desktop workflow, while Lightroom is designed for a cloud-based workflow.
Connectivity:
Lightroom Classic can be used offline, while Lightroom requires an internet connection to sync and access photos.
Organization:
Lightroom Classic offers more advanced organization features like Collections and Keywords.
Who is it for?
Professional Photographers:
PCMag notes that Lightroom Classic is a popular choice among professional photographers who need the flexibility and control of a desktop-based application.
Users with Large Collections:
Those with extensive photo collections may prefer Lightroom Classic's local storage and robust organization features.
Users who prefer a traditional workflow:
Users who prefer a more traditional desktop workflow, with their original photos stored on their computer, will find Lightroom Classic a good fit.
Revolutionizing Residential Wi-Fi PPT.pptx
Revolutionizing Residential Wi-Fi PPT.pptxnidhisingh691197 Discover why Wi-Fi 7 is set to transform wireless networking and how Router Architects is leading the way with next-gen router designs built for speed, reliability, and innovation.
Scaling GraphRAG: Efficient Knowledge Retrieval for Enterprise AI
Scaling GraphRAG: Efficient Knowledge Retrieval for Enterprise AIdanshalev If we were building a GenAI stack today, we'd start with one question: Can your retrieval system handle multi-hop logic?
Trick question, b/c most can’t. They treat retrieval as nearest-neighbor search.
Today, we discussed scaling #GraphRAG at AWS DevOps Day, and the takeaway is clear: VectorRAG is naive, lacks domain awareness, and can’t handle full dataset retrieval.
GraphRAG builds a knowledge graph from source documents, allowing for a deeper understanding of the data + higher accuracy.
Download Wondershare Filmora Crack [2025] With Latest![Download Wondershare Filmora Crack [2025] With Latest](https://cdn.slidesharecdn.com/ss_thumbnails/neo4j-howkgsareshapingthefutureofgenerativeaiatawssummitlondonapril2024-240426125209-2d9db05d-250419-250428115407-a04afffa-thumbnail.jpg?width=560&fit=bounds)
Download Wondershare Filmora Crack [2025] With Latesttahirabibi60507 Copy & Past Link 👉👉
http://drfiles.net/
Wondershare Filmora is a video editing software and app designed for both beginners and experienced users. It's known for its user-friendly interface, drag-and-drop functionality, and a wide range of tools and features for creating and editing videos. Filmora is available on Windows, macOS, iOS (iPhone/iPad), and Android platforms.
Douwan Crack 2025 new verson+ License code
Douwan Crack 2025 new verson+ License codeaneelaramzan63 Copy & Paste On Google >>> https://dr-up-community.info/
Douwan Preactivated Crack Douwan Crack Free Download. Douwan is a comprehensive software solution designed for data management and analysis.
WinRAR Crack for Windows (100% Working 2025)
WinRAR Crack for Windows (100% Working 2025)sh607827 copy and past on google ➤ ➤➤ https://hdlicense.org/ddl/
WinRAR Crack Free Download is a powerful archive manager that provides full support for RAR and ZIP archives and decompresses CAB, ARJ, LZH, TAR, GZ, ACE, UUE, .
TestMigrationsInPy: A Dataset of Test Migrations from Unittest to Pytest (MSR...
TestMigrationsInPy: A Dataset of Test Migrations from Unittest to Pytest (MSR...Andre Hora Unittest and pytest are the most popular testing frameworks in Python. Overall, pytest provides some advantages, including simpler assertion, reuse of fixtures, and interoperability. Due to such benefits, multiple projects in the Python ecosystem have migrated from unittest to pytest. To facilitate the migration, pytest can also run unittest tests, thus, the migration can happen gradually over time. However, the migration can be timeconsuming and take a long time to conclude. In this context, projects would benefit from automated solutions to support the migration process. In this paper, we propose TestMigrationsInPy, a dataset of test migrations from unittest to pytest. TestMigrationsInPy contains 923 real-world migrations performed by developers. Future research proposing novel solutions to migrate frameworks in Python can rely on TestMigrationsInPy as a ground truth. Moreover, as TestMigrationsInPy includes information about the migration type (e.g., changes in assertions or fixtures), our dataset enables novel solutions to be verified effectively, for instance, from simpler assertion migrations to more complex fixture migrations. TestMigrationsInPy is publicly available at: https://github.com/altinoalvesjunior/TestMigrationsInPy.
Kernel Proc Connector and Containers
- 1. 1 Security Technologies Feb 2018 Nadav Markus, Elad Wexler
- 2. Kernel Proc Connector and Containers 2
- 3. Agenda • How to get process events? Such as: fork(), exec(), exit(), setuid(), ptrace()? From user space in nearly real time? seamlessly? • Can we do that inside a docker container? 3 | © 2015, Palo Alto Networks. Confidential and Proprietary.
- 4. Options: • Polling /proc file-system • Not efficient, wasteful CPU cycles • Not deterministic • Inotify? – can’t monitor /proc file-system by design • strace? – possibility - but for each process in the system? • Audit framework – Good possibility, but reserved for auditd 4 | © 2015, Palo Alto Networks. Confidential and Proprietary.
- 5. Another Option: • Use: process-connector kernel primitive • Provides: • Flexible socket based API • Get real, valid kernel data to user-space • Can be used for: • Monitoring system activity • Resource Management • Security 5 | © 2015, Palo Alto Networks. Confidential and Proprietary.
- 6. Kernel Connector 6 | © 2015, Palo Alto Networks. Confidential and Proprietary. netlink Connector Process Connector Dallas 1-wire bus Microsoft Hyper-V Client driver VBE 2.0 Video Cards
- 7. 7 | © 2015, Palo Alto Networks. Confidential and Proprietary. PROCESS CONNECTOR CONNECTOR AF_NETLINK Socket API sys_fork() sys_exec() sys_exit() sys_setuid() sys_ptrace() ….. Socket API User Listener KERNEL USER /drivers/connector/cn_proc.c /drivers/connector/connector.c /net/netlink/af_netlink.c /net/socket.c Process Connector: System Architecture
- 8. Connector • Built on netlink infra, as easy kernel user-space IPC • Added netlink protocol – NETLINK_CONNECTOR • Netlink Connector callback will be called on recv from a netlink socket • Driver API 8 | © 2015, Palo Alto Networks. Confidential and Proprietary.
- 9. Process Connector • Initially added by IBM kernel 2.6.14 (CONFIG_PROC_EVENTS) • Built on the connector driver • Register mcast callback & connector identifiers • Send process events via the netlink connector socket Example 9 | © 2015, Palo Alto Networks. Confidential and Proprietary.
- 10. Netlink • Kernel User space IPC (A flexible ioctl replacement) • Kernel Kernel • (User space User space) • Address Users PIDs • Socket Family AF_NETLINK – Connectionless Service 10 | © 2015, Palo Alto Networks. Confidential and Proprietary.
- 11. Demo – Host namespaces 11 | © 2015, Palo Alto Networks. Confidential and Proprietary.
- 12. Demo – Host namespaces 12 | © 2015, Palo Alto Networks. Confidential and Proprietary. struct nlmsghdr struct cn_msg User Data enum proc_cn_mcst_op Netlink layer Connector User space Send message definition
- 13. Demo – Host namespaces 13 | © 2015, Palo Alto Networks. Confidential and Proprietary. struct proc_event User space Recv message struct nlmsghdr struct cn_msg User DataNetlink layer Connector
- 14. Demo in Container • Flow of ECONNREFUSED 14 | © 2015, Palo Alto Networks. Confidential and Proprietary.
- 15. [PATCH]: Supporting proc-connector in a container 15 | © 2015, Palo Alto Networks. Confidential and Proprietary.
- 16. Demo 16 | © 2015, Palo Alto Networks. Confidential and Proprietary.
- 17. More Issues • Mcast design is broken PROC_CN_MCAST_IGNORE • Host namespace information disclosure 17 | © 2015, Palo Alto Networks. Confidential and Proprietary.
- 18. Questions? 18
Editor's Notes
- #6: As opposed to unix which is based on files,
- #7: Dallas 1-wire bus is useful to connect slow 1-pin devices such as iButtons and thremal sensors The connector allows communication with userspace: such as events that generated upon each new master or slave device discovery Or userspace commands such as read/write through the bus and also replies to userspace commands Hyper-V for example the host can initiate a guest snapshot through the connector, the connector will respond to the daemon on the host Once the operation is complete The VSS daemon (hv_vss_daemon) implements the hypervvssd service, which allows you to create snapshots and backups of volumes from the host without preventing processes that are running in a guest from writing to or reading from those volumes. https://docs.microsoft.com/en-us/virtualization/hyper-v-on-windows/reference/integration-services
- #9: For registration and for sending messages via the netlink socket
- #10: 1534 – copy_process do_fork
- #11: As opposed to unix which is based on files,
- #15: Show a connection refused at netlink_sendmsg netlink_unicast netlink_getsockbyportid netlink_lookup (and there isn’t a net on which this netlink socket has ever created)
- #16: Show a connection refused at netlink_sendmsg netlink_unicast netlink_getsockbyportid netlink_lookup (and there isn’t a net on which this netlink socket has ever created)
- #18: Show that when deriving the host net namespace you see the host pids docker run -tid --cap-add=NET_ADMIN --net=host ubuntu