Linux

These set of notes are Linux specific, check out OS page for general OS notes.

Recent / future developments

eBPF

eBPF: a handy way to build firewalls.

Extended Berkeley Packet Filter (eBPF) is an in-kernel virtual machine that runs user-supplied eBPF programs to extend kernel functionality.

A program is loaded into the kernel using the bpf(2) syscall and is provided by the user as a binary blob of eBPF machine instructions. (e.g. can compile C programs to eBPF bytecode, clang -target bpf)

C Library: libbpf

Microsoft chose to port eBPF into Windows rather than try to duplicate its functionality with its own program.

iptables is a firewall that is built into the Linux kernel. It allows you to filter and manipulate network traffic based on a set of rules that you define. eBPF is more flexible than iptables. eBPF is best suited for more complex tasks that require custom programs to filter and manipulate network traffic.

iptables => nftables

nftables is the new packet-filtering portion of Netfilter. nft is the new userspace utility that replaces iptables, ip6tables, arptables and ebtables.

io_uring

io_uring allows Linux to launch an operation asynchronously and wait for its completion. (predecessor: asynchronous I/O (AIO) subsystem)

io_uring uses a memory ring buffer shared between user space and the Linux kernel. This enables it to submit operations and collect the results without needing time-expensive Linux kernel calls. Its API is complex, but if your applications require lots of I/O, you get rewarded with vastly improved increased performance.

cgroup v2

systemd

The init system. Read more: systemd

Wayland

Replacing X11.

Security

The Linux Unified Key Setup (LUKS) is a disk encryption specification.

What is Linux-libre?

A modified version of the Linux kernel that contains no binary blobs, obfuscated code, or code under proprietary licenses.

License: GPL v2.

System files

/usr/src/linux-headers-$VERSION
/lib/modules/$VERSION