Upgrade to Pro — share decks privately, control downloads, hide ads and more …

ipftrace: A Linux Function Tracer for Network P...

Avatar for Yutaro Hayakawa Yutaro Hayakawa
June 06, 2020
Technology
4
5.9k

ipftrace: A Linux Function Tracer for Network People

Kernel/VM/探検隊online part1での発表資料
Avatar for Yutaro Hayakawa

Yutaro Hayakawa

June 06, 2020
Tweet

More Decks by Yutaro Hayakawa

See All by Yutaro Hayakawa
Ciliumはどうテストされているのか
Avatar for Yutaro Hayakawa yutarohayakawa
1
140
How is Cilium Tested?
Avatar for Yutaro Hayakawa yutarohayakawa
5
500
eBPFのこれまでとこれから
Avatar for Yutaro Hayakawa yutarohayakawa
25
6.7k
NetKit Device
Avatar for Yutaro Hayakawa yutarohayakawa
4
1.1k
eBPFは何が嬉しいのか?
Avatar for Yutaro Hayakawa yutarohayakawa
3
2k
BufferbloatとLinux
Avatar for Yutaro Hayakawa yutarohayakawa
5
1.4k
Prism: Proxies without the Pain
Avatar for Yutaro Hayakawa yutarohayakawa
0
250
きっと明日から役立つeBPFのしくみ
Avatar for Yutaro Hayakawa yutarohayakawa
9
4.4k
eBPFをFreeBSDにポーティングしようとしている話
Avatar for Yutaro Hayakawa yutarohayakawa
4
3.2k

Other Decks in Technology

See All in Technology
全部AI、全員Cursor、ドキュメント駆動開発 〜DevinやGeminiも添えて〜
Avatar for Masaya Hayashi rinchsan
2
2.2k
Four Keysから始める信頼性の改善 - SRE NEXT 2025
Avatar for ozaki-kota ozakikota
0
210
CDK Vibe Coding Fes
Avatar for tomoki10 tomoki10
1
530
推し書籍📚 / Books and a QA Engineer
Avatar for akihisa1210 ak1210
0
120
ゼロからはじめる採用広報
Avatar for Yuta Horii yutadayo
4
1k
データ基盤からデータベースまで?広がるユースケースのDatabricksについて教えるよ!
Avatar for Akihiro Kuwano akuwano
3
160
第64回コンピュータビジョン勉強会「The PanAf-FGBG Dataset: Understanding the Impact of Backgrounds in Wildlife Behaviour Recognition」
Avatar for Tatsuya Suzuki x_ttyszk
0
170
Copilot coding agentにベットしたいCTOが開発組織で取り組んだこと / GitHub Copilot coding agent in Team
Avatar for tnir tnir
0
150
AWS CDKの仕組み / how-aws-cdk-works
Avatar for k.goto gotok365
10
890
VGGT: Visual Geometry Grounded Transformer
Avatar for peisuke peisuke
1
620
対話型音声AIアプリケーションの信頼性向上の取り組み
Avatar for 株式会社IVRy(社員登壇資料) ivry_presentationmaterials
2
690
話題の MCP と巡る OCI RAG ソリューションの旅 - Select AI with RAG と Generative AI Agents ディープダイブ
Avatar for oracle4engineer oracle4engineer
PRO
5
110

Featured

See All Featured
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
Avatar for Kevin Liebholz kevinliebholz
34
5.9k
Art, The Web, and Tiny UX
Avatar for Lynn Fisher lynnandtonic
299
21k
No one is an island. Learnings from fostering a developers community.
Avatar for Antonio thoeni
21
3.4k
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
Avatar for Michelle Schulp Hunt marktimemedia
31
2.4k
Intergalactic Javascript Robots from Outer Space
Avatar for Vicent Martí tanoku
271
27k
A Modern Web Designer's Workflow
Avatar for Chris Coyier chriscoyier
695
190k
Automating Front-end Workflow
Avatar for Addy Osmani addyosmani
1370
200k
Site-Speed That Sticks
Avatar for Harry Roberts csswizardry
10
700
Why Our Code Smells
Avatar for Brandon Keepers bkeepers
PRO
336
57k
StorybookのUI Testing Handbookを読んだ
Avatar for Shingo Yamazaki zakiyama
30
5.9k
Designing for humans not robots
Avatar for Tammie Lister tammielis
253
25k
Docker and Python
Avatar for Tania Allard trallard
45
3.5k

Transcript

  1. JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS /FUXPSL1FPQMF 201 / :VUBSP )BZBLBXB ZIBZBLBXB!HNBJMDPN

  2. 8IPBN* • :VUBSP )BZBLBXB 5XJUUFS!:VUBSP)BZBLBXB • 48&!-*/&גࣜձࣾ • ࣗࣾΫϥ΢υͷωοτϫʔΫιϑτ΢ΣΞ։ൃνʔϜ •

    ιϑτ΢ΣΞϩʔυόϥϯαͷ։ൃɾӡ༻ • ͦͷଞ • F#1'Λ'SFF#4%ʹҠ২͢Δ(4P$ϓϩδΣΫτ ݱࡏ΋։ൃத • Χʔωϧ7.͸ճ໨ લճ͖ͬͱ໌೔͔Β໾ཱͭF#1'ͷ࢓૊Έ JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB 

  3. "HFOEB • -JOVYͷωοτϫʔΫػೳͷσόοάπʔϧJQGUSBDFΛ࡞ͬͨ࿩ JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB 

  4. JQGUSBDF • -JOVYͷOFUXPSLػೳʹಛԽͨؔ͠਺ίʔϧτϨʔαʔ • ΧʔωϧͷதͰ͋Δύέοτ͕Ͳͷؔ਺Λ௨͔ͬͨͷτϨʔε͕औΕΔ JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB  // TCP10.0.0.10

       # iptables -t raw -A OUTPUT -p tcp -d 10.0.0.10 -j MARK --set-mark 0xdeadbeef # ipft -m 0xdeadbeef

  5. 0VUQVU JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB  Attaching program (total 1803, succeeded 1052,

    failed 751 filtered: 0) Trace ready! Samples: 246 Lost: 0^C Trace done! === 3347634373462 0000 selinux_ipv4_output (len: 5764 gso_type: tcpv4) 3347634379670 0000 ip_output (len: 5764 gso_type: tcpv4) 3347634382597 0000 nf_hook_slow (len: 5764 gso_type: tcpv4) 3347634385879 0000 selinux_ipv4_postroute (len: 5764 gso_type: tcpv4) 3347634388958 0000 selinux_ip_postroute (len: 5764 gso_type: tcpv4) 3347634391979 0000 ip_finish_output (len: 5764 gso_type: tcpv4) 3347634394932 0000 __cgroup_bpf_run_filter_skb (len: 5764 gso_type: tcpv4) 3347634398196 0000 ip_finish_output2 (len: 5764 gso_type: tcpv4) 3347634401431 0000 neigh_direct_output (len: 5764 gso_type: tcpv4) 3347634404503 0000 dev_queue_xmit (len: 5764 gso_type: tcpv4) 3347634407363 0000 __dev_queue_xmit (len: 5764 gso_type: tcpv4) 3347634410290 0000 netdev_pick_tx (len: 5764 gso_type: tcpv4) 3347634413287 0000 validate_xmit_skb (len: 5764 gso_type: tcpv4) 3347634416425 0000 netif_skb_features (len: 5764 gso_type: tcpv4) 3347634419602 0000 skb_network_protocol (len: 5764 gso_type: tcpv4) 3347634422951 0000 skb_csum_hwoffload_help (len: 5764 gso_type: tcpv4) ύέοτ͕ʮ௨ͬͨʯؔ਺ $16*% 5JNF4UBNQ Ћ Ϣʔβఆٛͷσʔλ

  6. 0VUQVU JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB  3347634425930 0000 validate_xmit_xfrm (len: 5764 gso_type:

    tcpv4) 3347634429001 0000 dev_hard_start_xmit (len: 5764 gso_type: tcpv4) 3347634432145 0000 iptunnel_handle_offloads (len: 5764 gso_type: tcpv4) 3347634435381 0000 ip_rt_update_pmtu (len: 5764 gso_type: tcpv4|ipxip4) 3347634438569 0000 iptunnel_xmit (len: 5764 gso_type: tcpv4|ipxip4) 3347634441580 0000 skb_scrub_packet (len: 5764 gso_type: tcpv4|ipxip4) 3347634444653 0000 skb_push (len: 5764 gso_type: tcpv4|ipxip4) 3347634447795 0000 ip_local_out (len: 5784 gso_type: tcpv4|ipxip4) 3347634450651 0000 __ip_local_out (len: 5784 gso_type: tcpv4|ipxip4) 3347634453520 0000 nf_hook_slow (len: 5784 gso_type: tcpv4|ipxip4) 3347634456546 0000 selinux_ipv4_output (len: 5784 gso_type: tcpv4|ipxip4) 3347634459478 0000 ip_output (len: 5784 gso_type: tcpv4|ipxip4) 3347634462317 0000 nf_hook_slow (len: 5784 gso_type: tcpv4|ipxip4) 3347634465284 0000 selinux_ipv4_postroute (len: 5784 gso_type: tcpv4|ipxip4) 3347634468208 0000 selinux_ip_postroute (len: 5784 gso_type: tcpv4|ipxip4) 3347634471081 0000 ip_finish_output (len: 5784 gso_type: tcpv4|ipxip4) 3347634474005 0000 ip_finish_output2 (len: 5784 gso_type: tcpv4|ipxip4) 3347634477149 0000 neigh_resolve_output (len: 5784 gso_type: tcpv4|ipxip4) 3347634480256 0000 eth_header (len: 5784 gso_type: tcpv4|ipxip4) 3347634483169 0000 skb_push (len: 5784 gso_type: tcpv4|ipxip4) 3347634486125 0000 dev_queue_xmit (len: 5798 gso_type: tcpv4|ipxip4)

  7. 0VUQVU JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB  3347634488963 0000 __dev_queue_xmit (len: 5798 gso_type:

    tcpv4|ipxip4) 3347634491902 0000 netdev_pick_tx (len: 5798 gso_type: tcpv4|ipxip4) 3347634494765 0000 validate_xmit_skb (len: 5798 gso_type: tcpv4|ipxip4) 3347634497750 0000 netif_skb_features (len: 5798 gso_type: tcpv4|ipxip4) 3347634500779 0000 passthru_features_check (len: 5798 gso_type: tcpv4|ipxip4) 3347634503730 0000 skb_network_protocol (len: 5798 gso_type: tcpv4|ipxip4) 3347634506729 0000 skb_csum_hwoffload_help (len: 5798 gso_type: tcpv4|ipxip4) 3347634509655 0000 validate_xmit_xfrm (len: 5798 gso_type: tcpv4|ipxip4) 3347634512554 0000 dev_hard_start_xmit (len: 5798 gso_type: tcpv4|ipxip4) 3347634515513 0000 dev_forward_skb (len: 5798 gso_type: tcpv4|ipxip4) 3347634518497 0000 __dev_forward_skb (len: 5798 gso_type: tcpv4|ipxip4) 3347634521441 0000 skb_scrub_packet (len: 5798 gso_type: tcpv4|ipxip4)

  8. .PUJWBUJPO • ࢓ࣄฑ-JOVYͷωοτϫʔΫػೳΛϔϏʔʹ࢖͏ • ϧʔλʔͱͯ͠ /"5ͱͯ͠ '8ͱͯ͠ -#ͱͯ͠ • ύέοτ͸ԟʑʹͯ͠Ͳ͔͍ͬ͘!

    • ຊ౰ʹͲ͏ͯ͠΋ݪҼ͕Θ͔Βͳ͍ͱ͖ʹ͸ιʔεΛݟΔ͔͠ͳ͍ • ιʔεಡΜ͚ͩͩͰΘ͔Δ͜ͱ͸গͳ͍ • ࣮ߦͯ͠ڍಈΛ֬ೝ͍ͨ͠ JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB 

  9. 4ZTUFN5BQ CQGUSBDF • $ͱBXLΛ߹ΘͤͨΑ͏ͳ%4-Λ࢖ͬͯτϨʔε͕ॻ͚Δ • ؔ਺ͷݺͼग़͠ͳͲΛϑοΫͯ͠Ҿ਺ͷ஋ͳͲΛग़ྗ͢Δ͜ͱ͕Ͱ͖Δ • τϨʔε͢Δର৅͸Ϣʔβ͕બͿඞཁ͕͋ΔͷͰԿ΋ख͕͔Γ͕ͳ͍ঢ়ଶͰ͸গʑ࢖͍ͮΒ͍ JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB

     // bpftrace" // open(2) ! !  tracepoint:syscalls:sys_enter_open { printf("%s %s¥n", comm, str(args->filename)); } //   IO    tracepoint:block:block_rq_issue { @[args->comm] = hist(args->bytes); }

  10. GUSBDF • Χʔωϧશମͷؔ਺ݺͼग़͠ͷτϨʔε͕औΕΔπʔϧ • Կ΋ख͕͔Γ͕ͳ͍ঢ়ଶͰ΋࢖͍΍͍͕͢ εΫϦϓςΟϯάͷػೳ͸ͳ͍ • ग़ྗ͕ϑΝδʔʹͳΓ͕ͪ ωοτϫʔΫͷॲཧҎ֎΋ࠞͬͯ͘͟Δ JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP

    )BZBLBXB  # _-----=> irqs-off # / _----=> need-resched # | / _---=> hardirq/softirq # || / _--=> preempt-depth # ||| / delay # TASK-PID CPU# |||| TIMESTAMP FUNCTION # | | | |||| | | gdbus-8688 [003] .... 105981.564554: vfs_read <-SyS_read bamfdaemon-8170 [002] .... 105981.564584: vfs_writev <-do_writev gdbus-8688 [003] .... 105981.564590: vfs_read <-SyS_read gdbus-8688 [003] .... 105981.564590: __vfs_read <-vfs_read compiz-8331 [007] .... 105981.564706: vfs_writev <-do_writev gdbus-8688 [003] .... 105981.564822: vfs_write <-SyS_write gdbus-8688 [003] .... 105981.564823: __vfs_write <-vfs_write gdbus-8688 [003] .... 105981.983184: vfs_read <-SyS_read gdbus-8688 [003] .... 105981.983187: __vfs_read <-vfs_read

  11. /FUXPSLEPNBJOTQFDJGJDSFRVJSFNFOU • ωοτϫʔΫػೳΛτϨʔε͍ͨ͠ͱ͖ݻ༗ͷ໰୊ • ಛఆͷʮύέοτʯʹؔ܎͢Δॲཧ͚ͩݟΔ͜ͱ͕Ͱ͖ͳ͍ • ྫ͑͹ • 5$1൪Ѽͷύέοτ •

    Ѽઌ͕ͷ*$.1ύέοτ • ؔ਺ݺͼग़͠ͷτϨʔε͚ͩͰ͸ͲͷύέοτΛॲཧ͍ͯ͠Δ͔Θ͔ Βͳ͍ JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB 

  12. 3FRVJSFNFOU • ͜ΜͳτϨʔαʔ͕ཉ͍͠ • Կ΋ख͕͔Γ͕ͳ͍ঢ়ଶͰ࢖͍΍͍͢ ؔ਺ίʔϧτϨʔαʔ • ύέοτΛॲཧ͢Δؔ਺Ҏ֎ʹ͸ͦΜͳʹڵຯ͕ͳ͍ • ύέοτ୯ҐͰτϨʔε͍ͨ͠

    • 4ZTUFN5BQͱ͔CQGUSBDFΈ͍ͨͳTDSJQUJOHͷػೳ΋ཉ͍͠ • ͜ΕΛશ෦ຬͨ͢Α͏ͳτϨʔαʔ͸ͳ͔ͬͨͷͰࣗ෼Ͱ࡞ͬͨ JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB 

  13. )PXJQGUSBDF XPSLT JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB  UDQ@USBOTNJU@TLC JQ@PVUQVU EFW@RVFVF@YNJU • -JOVYͷωοτϫʔΫͷॲཧ͸ύέοτ

    TUSVDUTL@CVGG ΛҾ਺ʹ ͱΔؔ਺ʹύέοτΛ௨͍ͯ͘͠Α͏ͳܗΛ͍ͯ͠Δ int ip_output(struct net *net, struct sock *sk, struct sk_buff *skb) 'SPN TPDLFU UP/*$ TLC

  14. )PXJQGUSBDF XPSLT JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB  • TLCΛҾ਺ʹऔΔؔ਺͚ͩΛશ෦ϑοΫͯ͠TLCͷϙΠϯλ஋͝ͱͰ τϨʔεϩάΛऔΕ͹ύέοτ͕௨ͬͨؔ਺ͷϦετ͕ಘΒΕΔ UDQ@USBOTNJU@TLC JQ@PVUQVU

    EFW@RVFVF@YNJU 'SPN TPDLFU UP/*$ TLC# -PH -PH -PH TLC" BEESFTT<lUDQ@USBOTNJU@TLCz lJQ@PVUQVUz lEFW@RVFVF@YNJUz> TLC# BEESFTT<lUDQ@USBOTNJU@TLCz lJQ@PVUQVUz lEFW@RVFVF@YNJUz> TLC"

  15. )PXJQGUSBDF XPSLT JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB  • TLCʹ lNBSLzΛ͚ͭͯͦΕΛݟΔ͜ͱʹΑͬͯಛఆͷύέοτ͚ͩ ΛτϨʔεͰ͖Δ UDQ@USBOTNJU@TLC

    JQ@PVUQVU EFW@RVFVF@YNJU 'SPN TPDLFU UP/*$ TLC" -PH JGNBSLUBSHFU NBSL TLC" BEESFTT<lUDQ@USBOTNJU@TLCz lJQ@PVUQVUz lEFW@RVFVF@YNJUz> NBSL -PH JGNBSLUBSHFU NBSL -PH JGNBSLUBSHFU NBSL

  16. *NQMFNFOUBUJPO JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB  • TLCΛҾ਺ʹऔΔؔ਺Λશ෦औಘ͢Δ • σόοά৘ใ %8"3'PS#5' Λ࢖͏

    ؔ਺໊ ϙΠϯλܕͷ৘ใ ϙΠϯλ͕ࢦ͍ͯ͠Δ σʔλͷܕ৘ใ

  17. *NQMFNFOUBUJPO JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB  • TLCΛҾ਺ʹऔΔؔ਺Λશ෦ϑοΫͯ͠τϨʔεϩάΛग़͢ • LQSPCF F#1' QFSG@FWFOU

    UDQ@USBOTNJU@TLC F#1' 1SPHSBN JQ@PVUQVU F#1' 1SPHSBN JQGU QSPDFTT 5SBDF -PHT &WFOUEBUB 1FSGSJOHCVGGFS 6TFS ,FSOFM "UUBDI LQSPCF

  18. *NQMFNFOUBUJPO JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB  • TLCʹNBSLΛ͚ͭΔ • TLCNBSLͱ͍͏ࣗ༝ʹ࢖͑ΔCJUͷϑΟʔϧυ͕͋Δ • JQUBCMFT

    OFUGJMUFS ΍UD TFUTPDLPQU 40@."3, ͳͲͰॻ͖ࠐΈ͕Ͱ͖Δ • ͜ΕΒͰهड़Ͱ͖Δ೚ҙͷ৚݅ͰύέοτʹϚʔΫΛ͚ͭΒΕΔ • OFUOTΛ·͙ͨͱফ͑Δ ίϯςφͷτϨʔγϯάʹศར // TCP10.0.0.10     # iptables -t raw -A OUTPUT -p tcp -d 10.0.0.10 -j MARK --set-mark 0xdeadbeef # ipft -m 0xdeadbeef

  19. 4DSJQUJOH JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB  • ؔ਺͕ݺͼग़͞Εͨ࣌ͷTLCʹ͍͍ͭͯΔσʔλ΋ͪΐͬͱݟ͍ͨ • ͪΐͬͱͨ͠ϓϩάϥϚϏϦςΟ͕ཉ͍͠ • -VBͰ֦ுΛॻ͚Δػೳ

    Attaching program (total 1803, succeeded 1052, failed 751 filtered: 0) Trace ready! Samples: 246 Lost: 0^C Trace done! === 3347634373462 0000 selinux_ipv4_output (len: 5764 gso_type: tcpv4) 3347634379670 0000 ip_output (len: 5764 gso_type: tcpv4) 3347634382597 0000 nf_hook_slow (len: 5764 gso_type: tcpv4) 3347634385879 0000 selinux_ipv4_postroute (len: 5764 gso_type: tcpv4) 3347634388958 0000 selinux_ip_postroute (len: 5764 gso_type: tcpv4) 3347634391979 0000 ip_finish_output (len: 5764 gso_type: tcpv4) ͜ͷ෦෼

  20. 4DSJQUJOH JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB  -- void -- custom_function(uint8_t *buf, void

    *ctx, -- struct sk_buff *skb) -- function emit() return BPF.emit({ ... -- Get skb->len BPF.MOV64_REG(BPF.R1, BPF.R6), BPF.MOV64_IMM(BPF.R2, uint_size), BPF.MOV64_REG(BPF.R3, BPF.R8), BPF.ALU64_IMM(BPF.ADD, BPF.R3, len_offset), BPF.CALL_INSN(BPF.FUNC.probe_read), ... }) end function dump(data) len, gso_type = string.unpack(“=I4I4, data) return string.format("(len: %d gso_type: %s)", len, flags2str(gso_type)) end • -VBͰFNJU EVNQͷͭΛॻ͘ͱग़ ྗΛΧελϚΠζͰ͖Δ • FNJU௥ՃͷσʔλΛूΊΔF#1'ͷ όΠτίʔυΛు͘ϚΫϩΞηϯϒ ϥͰॻ͚Δ • EVNQFNJUͰूΊͨσʔλΛ੒ܗ ͨ͠จࣈྻΛు͘

  21. -JOVYWFSTJPOBSDIJUFDUVSFEFQFOEFODZJTTVF • -JOVYͷόʔδϣϯ͕มΘΔͱߏ଄ମͷϑΥʔϚοτ͕มΘΔ • -VBεΫϦϓτͰࢀর͍ͯ͠ΔTLCͷϝϯό౳ • JQGUSBDFຊମͰ࢖͍ͬͯΔTLCNBSL΋ಉ༷ • ͜ΕΒ͸-JOVYͷόʔδϣϯʹΑͬͯΦϑηοτ΍αΠζ͕มΘͬͯ͠·͏ •

    Ͳ͏͢Δ͔ʁ JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB 

  22. -JOVYWFSTJPOBSDIJUFDUVSFEFQFOEFODZJTTVF • σόοά৘ใΛ࢖ͬͯߏ଄ମͷϝϯό ͷΦϑηοτ΍σʔλܕͷαΠζΛ࣮ ߦ࣌ʹղܾ͢Δ • -VB͔Β͸ JQGUPGGTFUPGTJ[FPGUZQFPGΛ࢖ͬͯ σόοά৘ใΛΫΤϦͰ͖ΔΑ͏ʹ͢ Δ

    • ͜ΕͰ-JOVYͷόʔδϣϯʹґଘ͠ͳ͍ Α͏ʹॻ͚Δʂ JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB  function emit() return BPF.emit({ ... -- Get skb->len BPF.MOV64_REG(BPF.R1, BPF.R6), BPF.MOV64_IMM(BPF.R2, ipft.sizeof( ipft.typeof(”sk_buff”, “len”) ) ), BPF.MOV64_REG(BPF.R3, BPF.R8), BPF.ALU64_IMM(BPF.ADD, BPF.R3, ipft.offsetof(”sk_buff”, ”len”) ), BPF.CALL_INSN(BPF.FUNC.probe_read), ... }) end

  23. )PXVTFGVMJUJT • -JOVYͷ43Wͷ540(40ͷॲཧʹόά͕ ͋Γ ಛఆͷઃఆͰੑೳ͕ѱ͘ͳΔ • JQGUSBDFΛ࢖༻ͯ͠ݪҼΛಛఆ • मਖ਼ύονΛVQTUSFBN JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP

    )BZBLBXB  2 : : .2@9 9 6 - 9 1 : 940. 80 /0 : .2 1 9 83 17 36 .97

  24. $PODMVTJPO • -JOVYͷωοτϫʔΫػೳʹಛԽͨ͠σόοάπʔϧJQGUSBDFΛ঺հ • ࢖ָ͍͍ͬͯͯ͠πʔϧͰ͢Χʔωϧ୳ݕ͕௙Γ·͢ • /FUXPSLͳํʑ͸ੋඇ࢖ͬͯΈ͍ͯͩ͘͞ JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB 

    IUUQTHJUIVCDPN:VUBSP)BZBLBXBJQGUSBDF

  25. "QQFOEJY • JQUBCMFTͰύέοτ͕མ͍ͪͯΔ༷ࢠ JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB  548333116979692 0000 iptable_mangle_hook 548333116988109

    0000 tcp_v4_early_demux 548333116992390 0000 ip_route_input_noref 548333117014187 0000 ip_route_input_rcu 548333117020308 0000 __fib_validate_source 548333117025321 0000 ip_local_deliver 548333117028313 0000 iptable_mangle_hook 548333117031775 0000 kfree_skb 548333117035025 0000 skb_release_all 548333117037921 0000 skb_release_head_state 548333117040797 0000 skb_release_data 548333117044159 0000 skb_free_head 548333117069838 0000 kfree_skbmem iptables –A INPUT –t mangle –s 1.1.1.1 –j DROP ͜ͷลΓͰ ϧʔςΟϯά NBOHMFUBCMF ͷೖΓޱ

  26. "QQFOEJY • SQ@GJMUFSʹΑͬͯύέοτ͕མͪΔ༷ࢠ JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB  593441693907269 0000 ip_rcv_finish 593441693921407

    0000 ip_route_input_noref 593441693926953 0000 ip_route_input_rcu 593441693930384 0000 ip_route_input_slow 593441693935998 0000 fib_validate_source 593441693940631 0000 __fib_validate_source 593441693945170 0000 kfree_skb 593441693949104 0000 skb_release_all 593441693953039 0000 skb_release_head_state 593441693956357 0000 skb_release_data 593441693960079 0000 skb_free_head 593441693964360 0000 kfree_skbmem ιʔεΞυϨε ͷݕࠪΛ͢Δ ؔ਺

  27. "QQFOEJY JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB  402343336955099 0000 tcp_v4_fill_cb 402343336958653 0000 tcp_add_backlog

    402343336962128 0000 skb_condense 402343336993878 0000 tcp_v4_do_rcv 402343336998126 0000 tcp_rcv_established 402343337004807 0000 __kfree_skb 402343337008443 0000 skb_release_all 402343337011794 0000 skb_release_head_state 402343337015133 0000 skb_release_data 402343337018458 0000 skb_free_head 402343337021844 0000 kfree_skbmem 402343337527315 0000 iptable_mangle_hook 402343337531219 0000 ip_output 402343337534572 0000 nf_hook_slow 402343337537925 0000 iptable_mangle_hook 402343337541373 0000 ip_finish_output 402343337544750 0000 __cgroup_bpf_run_filter_skb 402343337548311 0000 __ip_finish_output TLCΛղ์͢Δؔ਺

  28. "QQFOEJY JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB  402343336955099 0000 tcp_v4_fill_cb 402343336958653 0000 tcp_add_backlog

    402343336962128 0000 skb_condense 402343336993878 0000 tcp_v4_do_rcv 402343336998126 0000 tcp_rcv_established 402343337004807 0000 __kfree_skb 402343337008443 0000 skb_release_all 402343337011794 0000 skb_release_head_state 402343337015133 0000 skb_release_data 402343337018458 0000 skb_free_head 402343337021844 0000 kfree_skbmem === 402343337527315 0000 iptable_mangle_hook 402343337531219 0000 ip_output 402343337534572 0000 nf_hook_slow 402343337537925 0000 iptable_mangle_hook 402343337541373 0000 ip_finish_output 402343337544750 0000 __cgroup_bpf_run_filter_skb 402343337548311 0000 __ip_finish_output ͜͏ͳͬͯ΄͍͠ ͳ͔ͥͭͷ τϨʔε͕ͬͭ͘͘! ͦΕ΋݁ߏͳස౓Ͱ

  29. "QQFOEJY • -JOVY͸Ωϟογϡͷώοτ཰Λ্͛ΔͨΊʹಉ͡TLCͷϝϞϦΛ࢖ ͍ճ͢ • JQGUSBDF͸TLCͷΞυϨεΛ࢖ͬͯύέοτΛ۠ผ͢Δ • ਓ͕ؒݟΕ͹Θ͔Δ͕ࣗಈͰڥ໨ΛݟΔͷ͸೉͍͠ JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB

     402343337004807 0000 __kfree_skb 402343337008443 0000 skb_release_all 402343337011794 0000 skb_release_head_state 402343337015133 0000 skb_release_data 402343337018458 0000 skb_free_head 402343337021844 0000 kfree_skbmem 402343337527315 0000 iptable_mangle_hook