1. Kernel Probes: https://www.kernel.org/doc/Documentation/kprobes.txt#:~:text=Kprobes%20enables%20you%20to%20dynamically,when%20the%20breakpoint%20is%20hit.
2. Uprobe: https://www.kernel.org/doc/Documentation/trace/uprobetracer.txt
3. https://kernelnewbies.org/Linux_3.5#Uprobes:_userspace_probes
4. https://lwn.net/Articles/499190/
5. static tracepoint and how it works: https://www.kernel.org/doc/Documentation/trace/tracepoints.txt

总结一些 /dev 目录下的特殊文件或目录

1. /dev/null
   空文件, 可以往里面丢任何不想要的东西, 从里面读只能对到一个空
2. /dev/zero
   空文件, 可以往里面丢任何不想要的东西, 从里面读能返回一个一直有空值的流, 一直返回空值
3. /dev/shm
   shm = shared memory, 是个目录, 在内存里面开辟的tmpfs文件系统, 所以操作极快. 往里面填文件, 很快占满内存.
4. /dev/random /dev/urandom /dev/arandom
   通过搜集系统驱动和其它源的信息, 产生伪随机数. 上述三个有区别, 比如在是不是 block 操作;

之前每次做 heap/thread dump 都要登录到对应的机器上去执行几行命令, 后来有人集成了采集 dump 功能到 slack, 每次复制机器名到 slack 就可以采集 dump 了. 不过还可以通过 slat API 去采集 dump, 只要给 salt API 一个脚本就可以了.

- 阅读剩余部分 -

涉及:
The iptables firewall works by interacting with the packet filtering hooks in the Linux kernel’s networking stack. These kernel hooks are known as the netfilter framework.

Every packet that enters networking system (incoming or outgoing) will trigger these hooks as it progresses through the stack, allowing programs that register with these hooks to interact with the traffic at key points. The kernel modules associated with iptables register at these hooks in order to ensure that the traffic conforms to the conditions laid out by the firewall rules.

Netfilter 的前身(Linux 2.2.x ipchains and Linux 2.0.x ipfwadm),后继 nftables iptables (table, chain, rule, policy)
network offload 到硬件

iptables 防火墙工具 基于 kernel 的netfilter 包过滤框架(package filter framework)
防火墙 policy 对应 iptables rule
iptables 语法:

参考: https://en.wikipedia.org/wiki/Netfilter
https://www.netfilter.org/
https://www.digitalocean.com/community/tutorials/a-deep-dive-into-iptables-and-netfilter-architecture
https://www.linode.com/docs/security/firewalls/control-network-traffic-with-iptables/

- 阅读剩余部分 -