I believe the best way to learn is by building. This is my running list of project ideas - things that push me to explore general systems, networking and kernel programming. Some of these might never come to reality; I’ve mostly picked them up from reading things on the internet. Feel free to steal any of these, build and learn for yourself. If you do, I’d love to hear about it - tag me on X or GitHub!

๐Ÿšง In Progress

  1. gobpftool โ€” A read-only bpftool alternative written in Go using cilium/ebpf. Focused on prog and map show utilities for monitoring and debugging.
  2. go-bore โ€” TCP tunneling tool in Go, inspired by bore.

โœ… Completed

ProjectLinks
Gvisor Netstack experiments โ€” userspace TCP/IP stack explorationGitHub, Blog Series
CDNS-Proxy โ€” DNS proxy built on CoreDNS using custom plugin named intercepterGitHub
Solana Pool Monitor โ€” AMM pool price monitoring via account subscriptions on SolanaGitHub, Blog
Damn Vulnerable DeFi โ€” solutions to DeFi security challenges (flash loans, oracles, governance, etc.)GitHub, Blog
LedgerEntriesCreator: scripts to transform investment platform data into ledger-cli entriesGitHub, Blog

๐Ÿ“‹ Backlog

eBPF Exploration

Most of these use Rust Aya โ€” eBPF development in Rust.

  1. XDP firewall with web UI โ€” reference
  2. Packet rate calculator - logic for packet rate calculation when ebpf prog is attached to networking hook.
  3. TCP state monitor with filter capabilities (address, state updates)
  4. XDP DNS cache
  5. BPF map stats printer โ€” print stats without iteration (total map size, current size). This could be used as a generic bpf metric emission solution.
  6. UDP and TCP checksum calculation post IP/Port changes - https://github.com/vadorovsky/network-types or create a separate crate for IP/Port modification and checksum calculation.
  7. Build Scheduler with eBPF in Rust aya and sched_ext โ€” reference
  8. Rewrite nat64 in Rust-Aya โ€” reference
  9. Explore Shared socket for TCP/UDP traffic for host local traffic โ€” reference

Gvisor Netstack

  1. Packet modification: Do TCP communication over UDP and use GENEVE header TLV to send TCP connection related information in the header itself. This is something like TCP Over UDP. It would need a custom UDP server to extract inner packet and pass it on to TCP listener.

Cryptography

  1. PKCS#11 server using p11-kit, communicate with crypto11 client. PKCS#11 server could be running inside the EC2 Nitro Enclave.

Simple Casino Games

UI similar to actual casino tables + multi-player support. Building these for research โ€” gotta understand the odds before next Vegas trip.

  1. Black Jack
  2. Craps
  3. Baccarat
  4. Roulette