kernel notes
Technical deep-dives into eBPF, XDP, and Linux kernel networking. Notes from hands-on lab work, not tutorials. Written for people who already know what a CNAME is and want to understand what happens between the resolver and the authoritative server.
All notes
Observing container traffic with eBPF: where to attach and what to expect
Container networking is veth pairs and bridges, not magic. Where you attach eBPF determines what you see.
April 26, 2026 · ebpf · containers · networking · observability
What conntrack actually tracks (and what it costs you)
Linux connection tracking from the inside: what it remembers, when it cleans up, and how it surprises you in production.
April 23, 2026 · linux · networking · conntrack · netfilter
cilium/ebpf: writing the Go side of an eBPF program
How the Go library actually works — loading, attaching, map iteration, and the gotchas of bpf2go.
April 19, 2026 · ebpf · go · cilium
tc-bpf vs XDP vs netfilter: choosing your attach point
Three places to filter Linux packets, three different sets of tradeoffs. How to pick the right one.
April 15, 2026 · ebpf · tc · netfilter · linux · networking
BPF maps: how the kernel and userspace actually share data
The map types that matter, what they're for, and the gotchas that bite when you cargo-cult someone else's code.
April 12, 2026 · ebpf · bpf-maps · linux
Writing your first XDP program: from boilerplate to packet drop
What XDP is, what it isn't, and how to write a minimal program that counts and conditionally drops packets at the NIC.
April 8, 2026 · ebpf · xdp · networking