C

Using eXpress Data Path (XDP) maps in RHEL 8 Beta: Part 2

Using eXpress Data Path (XDP) maps in RHEL 8 Beta: Part 2

Diving into XDP

In the first part of this series on XDP, I introduced XDP and discussed the simplest possible example. Let’s now try to do something less trivial, exploring some more-advanced eBPF features—maps—and some common pitfalls.

XDP is available in Red Hat Enterprise Linux 8 Beta, which you can download and run now.

Continue reading “Using eXpress Data Path (XDP) maps in RHEL 8 Beta: Part 2”

Share
Achieving high-performance, low-latency networking with XDP: Part I

Achieving high-performance, low-latency networking with XDP: Part I

XDP: From zero to 14 Mpps

In past years, the kernel community has been using different approaches in the quest for ever-increasing networking performance. While improvements have been measurable in several areas, a new wave of architecture-related security issues and related counter-measures has undone most of the gains, and purely in-kernel solutions for some packet-processing intensive workloads still lag behind the bypass solution, namely Data Plane Development Kit (DPDK), by almost an order of magnitude.

But the kernel community never sleeps (almost literally) and the holy grail of kernel-based networking performance has been found under the name of XDP: the eXpress Data Path. XDP is available in Red Hat Enterprise Linux 8 Beta, which you can download and run now.

Continue reading “Achieving high-performance, low-latency networking with XDP: Part I”

Share
Network debugging with eBPF (RHEL 8 Beta)

Network debugging with eBPF (RHEL 8 Beta)

Introduction

Networks are fun to work with, but often they are also a source of trouble. Network troubleshooting can be difficult, and reproducing the bad behavior that is happening in the field can be painful as well.

Luckily, there are some tools that come to the aid: network namespaces, virtual machines, tc, and netfilter. Simple network setups can be reproduced with network namespaces and veth devices, while more-complex setups require interconnecting virtual machines with a software bridge and using standard networking tools, like iptables or tc, to simulate the bad behavior. If you have an issue with ICMP replies generated because an SSH server is down, iptables -A INPUT -p tcp --dport 22 -j REJECT --reject-with icmp-host-unreachable in the correct namespace or VM can do the trick.

This article describes using eBPF (extended BPF), an extended version of the Berkeley Packet Filter, to troubleshoot complex network issues. eBPF is a fairly new technology and the project is still in an early stage, with documentation and the SDK not yet ready. But that should improve, especially with XDP (eXpress Data Path) being shipped in Red Hat Enterprise Linux 8 Beta, which you can download and run now.

Continue reading “Network debugging with eBPF (RHEL 8 Beta)”

Share
Support Lifecycle for Clang/LLVM, Go, and Rust

Support Lifecycle for Clang/LLVM, Go, and Rust

On the heels of our recently announcement, General Availability of Clang/LLVM 6.0, Go 1.10, and Rust 1.29, I want to share how we’ll be supporting them going forward. Previously, these packages had been in “Technology Preview” status, which means that they were provided for “you to test functionality and provide feedback during the development process”, and were “not fully supported under Red Hat Subscription Level Agreements, may not be functionally complete, and are not intended for production use”.

So now that we’ve promoted them to fully supported status, what does that mean? In the simplest terms, General Availability (GA) means that these packages have officially entered the “Full Support Phase” of their lifecycle:

Continue reading “Support Lifecycle for Clang/LLVM, Go, and Rust”

Share
GCC 8 and tools now in beta for Red Hat Enterprise Linux 6 and 7

GCC 8 and tools now in beta for Red Hat Enterprise Linux 6 and 7

We are pleased to announce the immediate availability of Red Hat Developer Toolset 8 beta for Red Hat Enterprise Linux 6 and 7.  The key new components for this release are:

  • GCC 8.2.1
  • GDB 8.2
  • Updated components such as SystemTap, Valgrind, OProfile, and many more

Like other tools, these are installable via yum from the Red Hat Enterprise Linux 6 or 7 Devtools or RHSCL channel.  For more details, see the “New Features” section below.

Continue reading “GCC 8 and tools now in beta for Red Hat Enterprise Linux 6 and 7”

Share
How to install Clang/LLVM 5 and GCC 7 on RHEL

How to install Clang/LLVM 5 and GCC 7 on RHEL

If you are developing with C/C++, Clang tools and newer versions of GCC can be quite helpful for checking your code and giving you better warnings and error messages to help avoid bugs. The newer compilers have better optimizations and code generation.

You can easily install the latest-supported Clang and GCC compilers for C, C++, Objective-C, and FORTRAN using yum on Red Hat Enterprise Linux.  These compilers are available as software collections that are typically updated twice a year. The May 2018 update included Clang/LLVM 5 and GCC 7.3, as well as Go and Rust.

If you want your default gcc to always be GCC 7, or you want clang to always be in your path, this article shows how to permanently enable a software collection by adding it to the profile (dot files) for your user account. A number of common questions about software collections are also answered.

Continue reading “How to install Clang/LLVM 5 and GCC 7 on RHEL”

Share
Detecting String Truncation with GCC 8

Detecting String Truncation with GCC 8

Continuing in the effort to detect common programming errors, the just-released GCC 8 contains a number of new warnings as well as enhancements to existing checkers to help find non-obvious bugs in C and C++ code. This article focuses on those that deal with inadvertent string truncation and discusses some of the approaches for avoiding the underlying problems. If you haven’t read it, you might also want to read David Malcolm’s article Usability improvements in GCC 8.

Why Is String Truncation a Problem?

It is well-known why buffer overflow is dangerous: writing past the end of an object can overwrite data in adjacent storage, resulting in data corruption. In the most benign cases, the corruption can simply lead to incorrect behavior of the program. If the adjacent data is an address in the executable text segment, the corruption may be exploitable to gain control of the affected process, which can lead to a security vulnerability. (See CWE-119 for more on buffer overflow.)

Continue reading “Detecting String Truncation with GCC 8”

Share
GNU Toolchain Update – Spring 2018

GNU Toolchain Update – Spring 2018

The GNU Toolchain is a collection of programming tools produced by the GNU Project. The tools are often packaged together due to their common use for developing software applications, operating systems, and low-level software for embedded systems.

This blog is part of a series (see: Fall 2017 Update) covering the latest changes and improvements in the components that make up this Toolchain. Apart from the announcement of new releases, the features described here are at the bleeding edge of software development in the tools. This means that it may be awhile before they make it into production releases, and they might not be fully functional yet. But anyone who is interested in experimenting with them can build their own copy of the Toolchain and then try them out.

Continue reading “GNU Toolchain Update – Spring 2018”

Share
Recommended compiler and linker flags for GCC

Recommended compiler and linker flags for GCC

Did you know that when you compile your C or C++ programs, GCC will not enable all exceptions by default?  Do you know which build flags you need to specify in order to obtain the same level of security hardening that GNU/Linux distributions use (such as Red Hat Enterprise Linux and Fedora)? This article walks through a list of recommended build flags.

The GNU-based toolchain in Red Hat Enterprise Linux and Fedora (consisting of GCC programs such as gcc, g++, and Binutils programs such as as and ld)  are very close to upstream defaults in terms of build flags. For historical reasons, the GCC and Binutils upstream projects do not enable optimization or any security hardening by default. While some aspects of the default settings can be changed when building GCC and Binutils from source, the toolchain we supply in our RPM builds does not do this. We only align the architecture selection to the minimum architecture level required by the distribution.

Consequently, developers need to pay attention to build flags, and manage them according to the needs of their project for optimization, level of warning and error detection, and security hardening.

Continue reading “Recommended compiler and linker flags for GCC”

Share