About

on 2026-04-27

About Zhenzhong Wu: systems programming, Linux networking, debugging tools, runtime observability, and engineering retrospectives.

About Me

I am Zhenzhong Wu, also known online as swananan. I work on systems programming, and I spend most of my time thinking about QUIC, Rust, Linux networking, eBPF, GDB/DWARF, production incidents, and engineering practice.

Most of my daily work sits around Linux network services, protocol stacks, debugging tools, and observability. I also like writing engineering retrospectives: how a problem surfaced, how the investigation narrowed, what traps appeared along the way, and what I learned from the whole process.

English is not my first language. With help from LLMs for wording and editing, I try to keep the English version clear, plain, and accurate, but some phrasing or tone may still feel less idiomatic than intended. Corrections and suggestions are always welcome.

What I Write About

I mainly write about QUIC, TCP/UDP, Linux network programming, and Rust systems programming. I also record debugging practice around eBPF, GDB, DWARF, and core dumps, plus thoughts on incident response, engineering retrospectives, and AI Coding.

Personal Open-Source Projects

GhostScope

GhostScope is the personal open-source project I am spending the most time on right now. It tries to solve a simple but difficult problem: a production process is still running, GDB is too risky to attach, but during debugging we keep thinking, "if only I could add one more printf here."

GhostScope tries to make that possible with low-intrusion runtime debugging. Without stopping the target process, it can set probes at the function, source-line, or instruction level, then print the variables we care about using source-level names.

The hard part is that GhostScope is not just a wrapper around eBPF and uprobes. It has to read ELF and DWARF, understand source locations, variable visibility, type layout, inline scopes, ASLR/PIE address mapping, and where a variable lives at a given instruction. A variable may be in a register, on the stack, or already optimized away.

It also needs a small trace language. User expressions written with source-level names have to be combined with DWARF's plan for the current PC, then compiled into verifier-friendly eBPF bytecode through LLVM at runtime. In short, it has to solve part of the same DWARF problem debuggers like GDB have solved for years, and then turn the result into eBPF that the verifier will accept.

Next, I want to add eBPF-based DWARF stack unwinding, so trace output is not just an isolated variable snapshot but also carries call-chain context. I also want to gradually support more complex language behavior, such as Rust async, trait objects, and maybe even variables and stack information inside some interpreted language runtimes.

My expectations for GhostScope are high. I do not want it to remain a niche command-line tool or another generic observability dashboard. I want compiled binaries to feel less like black boxes. Users should be able to ask questions using the names they see in source code, write flexible trace scripts in a TUI, and let LLMs generate executable trace scripts from source paths, DWARF, and runtime context. Ideally, some production problems that used to require a new release with extra logs and a lot of guessing can become problems where we ask a precise question, sample the right place, and verify quickly.

feather-quic

feather-quic is an experimental QUIC protocol stack I wrote in Rust. It is not meant to replace production implementations. It is a way for me to take a protocol stack apart and check the details by building them myself. Through it, I walked through QUIC piece by piece: handshake, TLS 1.3, reliability, streams, connection close, MTU discovery, connection migration, and more. For me, the most important output was not the code itself, but the article series built around protocol implementation and my past engineering experience:

This series is currently paused. LLMs are now very good at writing code and doing technical research, so my motivation has changed a bit. Still, I believe this series has its own value, and you are welcome to read it. In the future, feather-quic will probably only get one or two more posts, perhaps about congestion control and real Tokio async support. The style will stay the same: the focus is still on projects I have actually worked on and the engineering experience behind them.

Open-Source Contributions

I try to turn real problems I encounter into upstream PRs or patches. My public contributions mostly come from issues I hit in daily work or personal projects, covering OpenResty / Nginx, Linux networking, and the eBPF / Rust ecosystem.

Linux Kernel

Found and fixed a TCP listener migration issue: tcp: call sk_data_ready() after listener migration.

OpenResty / Nginx Community

I participated in OpenResty HTTP/3 and PCRE2 work. During the PCRE2 work, I found a memory leak in upstream Nginx PCRE support, reported it to the community, and submitted a patch: Memory Leak Issue in Nginx PCRE2.

I also fixed a key issue in lua-nginx-module where Lua coroutine yield APIs were unavailable in HTTP/3 scenarios: PR. I have also reported and discussed defects in Nginx HTTP/3 hot upgrade behavior.

eBPF / Rust Ecosystem

In Aya, most of my contributions are around uprobes and reuseport: adding BPF_PROG_TYPE_SK_REUSEPORT support, pushing multi-uprobe attach / uprobe.multi section support forward, and fixing edge cases around ProcMap path parsing, pid scope semantics, and BPF link type conversion.

Most of this work came from real problems I hit while building GhostScope and debugging Linux networking behavior. I hope to bring features needed by upper-layer tools back into the Rust eBPF ecosystem. More details are in my GitHub PR list.

Contact

GitHub: swananan · X: @jt26wzz · Zhihu · Email · RSS