Deep Packet Inspection: compare the performance between libnetfilterqueue, NFHOOK and eBPF XDP

Port OTPClient to GTK >= 4.18 by pstivanin

Project Description

OTPClient is currently using GTK3 and cannot easily be ported to GTK4. Since GTK4 came out, there have been quite some big changes. Also, there are now some new deprecation that will take effect with GTK5 (and are active starting from 4.10 as warnings), so I need to think ahead and port OTPClient without using any of those deprecated features.

Goal for this Hackweek

• fix the last 3 opened issues (https://github.com/paolostivanin/OTPClient/issues/402, https://github.com/paolostivanin/OTPClient/issues/404, https://github.com/paolostivanin/OTPClient/issues/406) and release a new version
• continue the rewrite from where we left last year
• if possible, finally close this 6 years old issue: https://github.com/paolostivanin/OTPClient/issues/123

Improve the picotm Transaction Manager by tdz

Picotm is a system-level transaction manager. It provides transactional semantics to low-level C operations, such as

• memory access,
• modifying data structures,
• (some) file I/O, and
• common interfaces from the C Standard Library and POSIX.

Picotm also handles error detection and recovery for all it's functionality. It's fully modular, so new functionality can be added.

For the Hackweek, I want to dedicate some time to picotm. I want to finish some of the refactoring work that I have been working on. If there's time left, I'd like to investigate two-phase commits and how to support them in picotm.

Picotm is available at http://picotm.org/.

x64id: An x86/x64 instruction disassembler by m.crivellari

Description

This is an old side project. An x86/x64 machine code decoder. It is useful to get instructions' length and identify each of its fields.

Example:

C7 85 68 FF FF FF 00 00 00 00

This is the instruction:

MOV DWORD PTR SS:[LOCAL.38],0

What follows are some of the information collected by the disassembler, based on the specific instruction:

RAW bytes (hex): C7 85 68 FF FF FF 00 00 00 00
Instr. length: 10
Print instruction fields:
        Located Prefixes 0:

        OP: 0xC7
        mod_reg_rm: 0x85
        disp (4): 0xFFFFFF68
        Iimm: 0x0

Lacks the mnemonic representation: from the previous machine code is not able to produce the "MOV..." instruction, for example.

Goals

The goal is almost easy: partially implement the mnemonic representation. I have already started during the weekend, likely tomorrow I will push the branch!

Resources

• The project: https://github.com/DispatchCode/x64-Instruction-Decoder/
• This is useful to avoid gdb and objdump in local: https://defuse.ca/online-x86-assembler.htm
• Another interesting resource is https://godbolt.org/

Progress

• An initial implementation can be found at: https://github.com/DispatchCode/x64-Instruction-Decoder/tree/mnemonic-support It is described under the "Mnemonic translation" in the README file!

Let's consider this example:

[...other bytes...] 43 89 44 B5 00 01 00 [...other bytes...]

Smart lighting with Pico 2 by jmodak

Description

I am trying to create a smart-lighting project with a Raspberry Pi Pico that reacts to a movie's visuals and audio that involves combining two distinct functions: ambient screen lighting(visual response) and sound-reactive lighting(audio response)

Goals

• Visuals: Capturing the screen's colour requires an external device to analyse screen content and send colour data to the MCU via serial communication.
• Audio: A sound sensor module connected directly to the Pico that can detect sound volume.
• Pico 2W: The MCU receives data fro, both inputs and controls an LED strip.

Resources

• Raspberry Pi Pico 2 W
• RGB LED strip
• Sound detecting sensor
• Power supply
• breadboard and wires

pudc - A PID 1 process that barks to the internet by mssola

Description

As a fun exercise in order to dig deeper into the Linux kernel, its interfaces, the RISC-V architecture, and all the dragons in between; I'm building a blog site cooked like this:

• The backend is written in a mixture of C and RISC-V assembly.
• The backend is actually PID1 (for real, not within a container).
• We poll and parse incoming HTTP requests ourselves.
• The frontend is a mere HTML page with htmx.

The project is meant to be Linux-specific, so I'm going to use io_uring, pidfs, namespaces, and Linux-specific features in order to drive all of this.

I'm open for suggestions and so on, but this is meant to be a solo project, as this is more of a learning exercise for me than anything else.

Goals

• Have a better understanding of different Linux features from user space down to the kernel internals.
• Most importantly: have fun.

Resources

• https://github.com/mssola/pudc

eBPF bytecode emitter in Haskell by kalfalakh

Description

Newbie level knowledge of eBPF and some knowledge of Haskell. The goal for this hackweek is to catch two birds with one stone; get familiar with eBPF and learn more about Haskell, hence implement something related to eBPF in Haskell. Given an input, which is a program, represented as eBPF instructions, prepare a fully built eBPF bytecode ready to be loaded into the Kernel.

Goals

• Recap on ADTs in Haskell, type classes and their instances / deriving, on pattern matching and higher order functions
• Read and understand RFC 9669
• Implement the entire pipeline; parsing the input, verifying the input, building instructions, encoding them and concatenating them
• Deal with all the learning, bugs and difficulties encountered on the way

Progress

Last day of hackweek and this is what I have so far.

• ADTs implemented to correctly type all operations, classes, opcodes, instructions and other instruction specific types
• opcodes and opcode builders based on specification are implemented.
• Encoder is ready for 64-bit instruction format. Extended 128-bit instruction format is not yet supported
• Only ALU and ALU64 instructions API is provided. JMP, LD, ST for base32 and base64 are missing. swap and atomic are missing
• All ALU and ALU64 instructions (except MOV and MOVSX) are tested manually and are correctly encoded

Whats next?

There is still a lot left to do:

• Input parser and formatter + some kind of basic verifier
• API for remaining instruction classes
• Proper testing mechanism
• swap and atomic instructions
• Loader

Resources

• RFC 9669
• https://ebpf.io/
• https://www.haskell.org/documentation/

bpftrace contribution by mkoutny

Description

bpftrace is a great tool, no need to sing odes to it here. It can access any kernel data and process them in real time. It provides helpers for some common Linux kernel structures but not all.

Goals

• set up bpftrace toolchain
• learn about bpftrace implementation and internals
• implement support for percpu_counters
• look into some of the first issues
• send a refined PR (on Thu)

Resources

• https://bpftrace.org/
• https://docs.kernel.org/

HTTP API for nftables by crameleon

Background

The idea originated in https://progress.opensuse.org/issues/164060 and is about building RESTful API which translates authorized HTTP requests to operations in nftables, possibly utilizing libnftables-json(5).

Originally, I started developing such an interface in Go, utilizing https://github.com/google/nftables. The conversion of string networks to nftables set elements was problematic (unfortunately no record of details), and I started a second attempt in Python, which made interaction much simpler thanks to native nftables Python bindings.

Goals

1. Find and track the issue with google/nftables
2. Revisit and polish the Go or Python code (prefer Go, but possibly depends on implementing missing functionality), primarily the server component
3. Finish functionality to interact with nftables sets (retrieving and updating elements), which are of interest for the originating issue
4. Align test suite
5. Packaging

Resources

• https://git.netfilter.org/nftables/tree/py/src/nftables.py
• https://git.com.de/Georg/nftables-http-api (to be moved to GitHub)
• https://build.opensuse.org/package/show/home:crameleon:containers/pytest-nftables-container

Results

• Go nftables issue was related to set elements needing to be added with different start and end addresses - coincidentally, this was recently discovered by someone else, who added a useful helper function for this: https://github.com/google/nftables/pull/342.

Side results

Upon starting to unify the structure and implementing more functionality, missing JSON output support was noticed for some subcommands in libnftables. I am submitting patches as needed:

• https://lore.kernel.org/netfilter-devel/20251203131736.4036382-2-georg@syscid.com/T/#u