Upgrade to Pro — share decks privately, control downloads, hide ads and more …

ipftrace: A Linux Function Tracer for Network P...

Avatar for Yutaro Hayakawa Yutaro Hayakawa
June 06, 2020
Technology
4
5.9k

ipftrace: A Linux Function Tracer for Network People

Kernel/VM/探検隊online part1での発表資料

Avatar for Yutaro Hayakawa

Yutaro Hayakawa

June 06, 2020
Tweet

More Decks by Yutaro Hayakawa

See All by Yutaro Hayakawa
Ciliumはどうテストされているのか
Avatar for Yutaro Hayakawa yutarohayakawa
1
170
How is Cilium Tested?
Avatar for Yutaro Hayakawa yutarohayakawa
5
520
eBPFのこれまでとこれから
Avatar for Yutaro Hayakawa yutarohayakawa
28
7.1k
NetKit Device
Avatar for Yutaro Hayakawa yutarohayakawa
4
1.2k
eBPFは何が嬉しいのか?
Avatar for Yutaro Hayakawa yutarohayakawa
3
2.1k
BufferbloatとLinux
Avatar for Yutaro Hayakawa yutarohayakawa
5
1.5k
Prism: Proxies without the Pain
Avatar for Yutaro Hayakawa yutarohayakawa
0
260
きっと明日から役立つeBPFのしくみ
Avatar for Yutaro Hayakawa yutarohayakawa
9
4.5k
eBPFをFreeBSDにポーティングしようとしている話
Avatar for Yutaro Hayakawa yutarohayakawa
4
3.2k

Other Decks in Technology

See All in Technology
Function Body Macros で、SwiftUI の View に Accessibility Identifier を自動付与する/Function Body Macros: Autogenerate accessibility identifiers for SwiftUI Views
Avatar for Yuki Miida miichan
2
180
Language Update: Java
Avatar for Yuichi.Sakuraba skrb
2
290
なぜスクラムはこうなったのか?歴史が教えてくれたこと/Shall we explore the roots of Scrum
Avatar for Genki Sano sanogemaru
5
1.6k
5分でカオスエンジニアリングを分かった気になろう
Avatar for Aja9tochin pandayumi
0
240
20250913_JAWS_sysad_kobe
Avatar for Takuya Yonezawa takuyay0ne
2
170
バイブスに「型」を!Kent Beckに学ぶ、AI時代のテスト駆動開発
Avatar for amixedcolor amixedcolor
2
540
Terraformで構築する セルフサービス型データプラットフォーム / terraform-self-service-data-platform
Avatar for pei0804 pei0804
1
170
Obsidian応用活用術
Avatar for 松濤Vimmer onikun94
2
480
Autonomous Database - Dedicated 技術詳細 / adb-d_technical_detail_jp
Avatar for oracle4engineer oracle4engineer
PRO
4
10k
下手な強制、ダメ!絶対! 「ガードレール」を「檻」にさせない"ガバナンス"の取り方とは?
Avatar for Masataka Tsukamoto tsukaman
2
430
現場で効くClaude Code ─ 最新動向と企業導入
Avatar for TakaakiKakei takaakikakei
1
240
これでもう迷わない!Jetpack Composeの書き方実践ガイド
Avatar for ZOZO Developers zozotech
PRO
0
340

Featured

See All Featured
Making Projects Easy
Avatar for Brett Harned brettharned
117
6.4k
jQuery: Nuts, Bolts and Bling
Avatar for Doug Neiner dougneiner
64
7.9k
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
Avatar for Dan Newman danielanewman
229
22k
Building a Scalable Design System with Sketch
Avatar for Laura Van Doore lauravandoore
462
33k
Facilitating Awesome Meetings
Avatar for Lara Hogan lara
55
6.5k
Embracing the Ebb and Flow
Avatar for Simon Collison colly
87
4.8k
The MySQL Ecosystem @ GitHub 2015
Avatar for Sam Lambert samlambert
251
13k
A better future with KSS
Avatar for Kyle Neath kneath
239
17k
Balancing Empowerment & Direction
Avatar for Lara Hogan lara
3
620
Designing for humans not robots
Avatar for Tammie Lister tammielis
253
25k
10 Git Anti Patterns You Should be Aware of
Avatar for Lemi Orhan Ergin lemiorhan
PRO
656
61k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
Avatar for Stéphanie Walter stephaniewalter
285
13k

Transcript

  1. JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS /FUXPSL1FPQMF 201 / :VUBSP )BZBLBXB ZIBZBLBXB!HNBJMDPN

  2. 8IPBN* • :VUBSP )BZBLBXB 5XJUUFS!:VUBSP)BZBLBXB • 48&!-*/&גࣜձࣾ • ࣗࣾΫϥ΢υͷωοτϫʔΫιϑτ΢ΣΞ։ൃνʔϜ •

    ιϑτ΢ΣΞϩʔυόϥϯαͷ։ൃɾӡ༻ • ͦͷଞ • F#1'Λ'SFF#4%ʹҠ২͢Δ(4P$ϓϩδΣΫτ ݱࡏ΋։ൃத • Χʔωϧ7.͸ճ໨ લճ͖ͬͱ໌೔͔Β໾ཱͭF#1'ͷ࢓૊Έ JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB 

  3. "HFOEB • -JOVYͷωοτϫʔΫػೳͷσόοάπʔϧJQGUSBDFΛ࡞ͬͨ࿩ JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB 

  4. JQGUSBDF • -JOVYͷOFUXPSLػೳʹಛԽͨؔ͠਺ίʔϧτϨʔαʔ • ΧʔωϧͷதͰ͋Δύέοτ͕Ͳͷؔ਺Λ௨͔ͬͨͷτϨʔε͕औΕΔ JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB  // TCP10.0.0.10

       # iptables -t raw -A OUTPUT -p tcp -d 10.0.0.10 -j MARK --set-mark 0xdeadbeef # ipft -m 0xdeadbeef

  5. 0VUQVU JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB  Attaching program (total 1803, succeeded 1052,

    failed 751 filtered: 0) Trace ready! Samples: 246 Lost: 0^C Trace done! === 3347634373462 0000 selinux_ipv4_output (len: 5764 gso_type: tcpv4) 3347634379670 0000 ip_output (len: 5764 gso_type: tcpv4) 3347634382597 0000 nf_hook_slow (len: 5764 gso_type: tcpv4) 3347634385879 0000 selinux_ipv4_postroute (len: 5764 gso_type: tcpv4) 3347634388958 0000 selinux_ip_postroute (len: 5764 gso_type: tcpv4) 3347634391979 0000 ip_finish_output (len: 5764 gso_type: tcpv4) 3347634394932 0000 __cgroup_bpf_run_filter_skb (len: 5764 gso_type: tcpv4) 3347634398196 0000 ip_finish_output2 (len: 5764 gso_type: tcpv4) 3347634401431 0000 neigh_direct_output (len: 5764 gso_type: tcpv4) 3347634404503 0000 dev_queue_xmit (len: 5764 gso_type: tcpv4) 3347634407363 0000 __dev_queue_xmit (len: 5764 gso_type: tcpv4) 3347634410290 0000 netdev_pick_tx (len: 5764 gso_type: tcpv4) 3347634413287 0000 validate_xmit_skb (len: 5764 gso_type: tcpv4) 3347634416425 0000 netif_skb_features (len: 5764 gso_type: tcpv4) 3347634419602 0000 skb_network_protocol (len: 5764 gso_type: tcpv4) 3347634422951 0000 skb_csum_hwoffload_help (len: 5764 gso_type: tcpv4) ύέοτ͕ʮ௨ͬͨʯؔ਺ $16*% 5JNF4UBNQ Ћ Ϣʔβఆٛͷσʔλ

  6. 0VUQVU JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB  3347634425930 0000 validate_xmit_xfrm (len: 5764 gso_type:

    tcpv4) 3347634429001 0000 dev_hard_start_xmit (len: 5764 gso_type: tcpv4) 3347634432145 0000 iptunnel_handle_offloads (len: 5764 gso_type: tcpv4) 3347634435381 0000 ip_rt_update_pmtu (len: 5764 gso_type: tcpv4|ipxip4) 3347634438569 0000 iptunnel_xmit (len: 5764 gso_type: tcpv4|ipxip4) 3347634441580 0000 skb_scrub_packet (len: 5764 gso_type: tcpv4|ipxip4) 3347634444653 0000 skb_push (len: 5764 gso_type: tcpv4|ipxip4) 3347634447795 0000 ip_local_out (len: 5784 gso_type: tcpv4|ipxip4) 3347634450651 0000 __ip_local_out (len: 5784 gso_type: tcpv4|ipxip4) 3347634453520 0000 nf_hook_slow (len: 5784 gso_type: tcpv4|ipxip4) 3347634456546 0000 selinux_ipv4_output (len: 5784 gso_type: tcpv4|ipxip4) 3347634459478 0000 ip_output (len: 5784 gso_type: tcpv4|ipxip4) 3347634462317 0000 nf_hook_slow (len: 5784 gso_type: tcpv4|ipxip4) 3347634465284 0000 selinux_ipv4_postroute (len: 5784 gso_type: tcpv4|ipxip4) 3347634468208 0000 selinux_ip_postroute (len: 5784 gso_type: tcpv4|ipxip4) 3347634471081 0000 ip_finish_output (len: 5784 gso_type: tcpv4|ipxip4) 3347634474005 0000 ip_finish_output2 (len: 5784 gso_type: tcpv4|ipxip4) 3347634477149 0000 neigh_resolve_output (len: 5784 gso_type: tcpv4|ipxip4) 3347634480256 0000 eth_header (len: 5784 gso_type: tcpv4|ipxip4) 3347634483169 0000 skb_push (len: 5784 gso_type: tcpv4|ipxip4) 3347634486125 0000 dev_queue_xmit (len: 5798 gso_type: tcpv4|ipxip4)

  7. 0VUQVU JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB  3347634488963 0000 __dev_queue_xmit (len: 5798 gso_type:

    tcpv4|ipxip4) 3347634491902 0000 netdev_pick_tx (len: 5798 gso_type: tcpv4|ipxip4) 3347634494765 0000 validate_xmit_skb (len: 5798 gso_type: tcpv4|ipxip4) 3347634497750 0000 netif_skb_features (len: 5798 gso_type: tcpv4|ipxip4) 3347634500779 0000 passthru_features_check (len: 5798 gso_type: tcpv4|ipxip4) 3347634503730 0000 skb_network_protocol (len: 5798 gso_type: tcpv4|ipxip4) 3347634506729 0000 skb_csum_hwoffload_help (len: 5798 gso_type: tcpv4|ipxip4) 3347634509655 0000 validate_xmit_xfrm (len: 5798 gso_type: tcpv4|ipxip4) 3347634512554 0000 dev_hard_start_xmit (len: 5798 gso_type: tcpv4|ipxip4) 3347634515513 0000 dev_forward_skb (len: 5798 gso_type: tcpv4|ipxip4) 3347634518497 0000 __dev_forward_skb (len: 5798 gso_type: tcpv4|ipxip4) 3347634521441 0000 skb_scrub_packet (len: 5798 gso_type: tcpv4|ipxip4)

  8. .PUJWBUJPO • ࢓ࣄฑ-JOVYͷωοτϫʔΫػೳΛϔϏʔʹ࢖͏ • ϧʔλʔͱͯ͠ /"5ͱͯ͠ '8ͱͯ͠ -#ͱͯ͠ • ύέοτ͸ԟʑʹͯ͠Ͳ͔͍ͬ͘!

    • ຊ౰ʹͲ͏ͯ͠΋ݪҼ͕Θ͔Βͳ͍ͱ͖ʹ͸ιʔεΛݟΔ͔͠ͳ͍ • ιʔεಡΜ͚ͩͩͰΘ͔Δ͜ͱ͸গͳ͍ • ࣮ߦͯ͠ڍಈΛ֬ೝ͍ͨ͠ JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB 

  9. 4ZTUFN5BQ CQGUSBDF • $ͱBXLΛ߹ΘͤͨΑ͏ͳ%4-Λ࢖ͬͯτϨʔε͕ॻ͚Δ • ؔ਺ͷݺͼग़͠ͳͲΛϑοΫͯ͠Ҿ਺ͷ஋ͳͲΛग़ྗ͢Δ͜ͱ͕Ͱ͖Δ • τϨʔε͢Δର৅͸Ϣʔβ͕બͿඞཁ͕͋ΔͷͰԿ΋ख͕͔Γ͕ͳ͍ঢ়ଶͰ͸গʑ࢖͍ͮΒ͍ JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB

     // bpftrace" // open(2) ! !  tracepoint:syscalls:sys_enter_open { printf("%s %s¥n", comm, str(args->filename)); } //   IO    tracepoint:block:block_rq_issue { @[args->comm] = hist(args->bytes); }

  10. GUSBDF • Χʔωϧશମͷؔ਺ݺͼग़͠ͷτϨʔε͕औΕΔπʔϧ • Կ΋ख͕͔Γ͕ͳ͍ঢ়ଶͰ΋࢖͍΍͍͕͢ εΫϦϓςΟϯάͷػೳ͸ͳ͍ • ग़ྗ͕ϑΝδʔʹͳΓ͕ͪ ωοτϫʔΫͷॲཧҎ֎΋ࠞͬͯ͘͟Δ JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP

    )BZBLBXB  # _-----=> irqs-off # / _----=> need-resched # | / _---=> hardirq/softirq # || / _--=> preempt-depth # ||| / delay # TASK-PID CPU# |||| TIMESTAMP FUNCTION # | | | |||| | | gdbus-8688 [003] .... 105981.564554: vfs_read <-SyS_read bamfdaemon-8170 [002] .... 105981.564584: vfs_writev <-do_writev gdbus-8688 [003] .... 105981.564590: vfs_read <-SyS_read gdbus-8688 [003] .... 105981.564590: __vfs_read <-vfs_read compiz-8331 [007] .... 105981.564706: vfs_writev <-do_writev gdbus-8688 [003] .... 105981.564822: vfs_write <-SyS_write gdbus-8688 [003] .... 105981.564823: __vfs_write <-vfs_write gdbus-8688 [003] .... 105981.983184: vfs_read <-SyS_read gdbus-8688 [003] .... 105981.983187: __vfs_read <-vfs_read

  11. /FUXPSLEPNBJOTQFDJGJDSFRVJSFNFOU • ωοτϫʔΫػೳΛτϨʔε͍ͨ͠ͱ͖ݻ༗ͷ໰୊ • ಛఆͷʮύέοτʯʹؔ܎͢Δॲཧ͚ͩݟΔ͜ͱ͕Ͱ͖ͳ͍ • ྫ͑͹ • 5$1൪Ѽͷύέοτ •

    Ѽઌ͕ͷ*$.1ύέοτ • ؔ਺ݺͼग़͠ͷτϨʔε͚ͩͰ͸ͲͷύέοτΛॲཧ͍ͯ͠Δ͔Θ͔ Βͳ͍ JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB 

  12. 3FRVJSFNFOU • ͜ΜͳτϨʔαʔ͕ཉ͍͠ • Կ΋ख͕͔Γ͕ͳ͍ঢ়ଶͰ࢖͍΍͍͢ ؔ਺ίʔϧτϨʔαʔ • ύέοτΛॲཧ͢Δؔ਺Ҏ֎ʹ͸ͦΜͳʹڵຯ͕ͳ͍ • ύέοτ୯ҐͰτϨʔε͍ͨ͠

    • 4ZTUFN5BQͱ͔CQGUSBDFΈ͍ͨͳTDSJQUJOHͷػೳ΋ཉ͍͠ • ͜ΕΛશ෦ຬͨ͢Α͏ͳτϨʔαʔ͸ͳ͔ͬͨͷͰࣗ෼Ͱ࡞ͬͨ JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB 

  13. )PXJQGUSBDF XPSLT JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB  UDQ@USBOTNJU@TLC JQ@PVUQVU EFW@RVFVF@YNJU • -JOVYͷωοτϫʔΫͷॲཧ͸ύέοτ

    TUSVDUTL@CVGG ΛҾ਺ʹ ͱΔؔ਺ʹύέοτΛ௨͍ͯ͘͠Α͏ͳܗΛ͍ͯ͠Δ int ip_output(struct net *net, struct sock *sk, struct sk_buff *skb) 'SPN TPDLFU UP/*$ TLC

  14. )PXJQGUSBDF XPSLT JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB  • TLCΛҾ਺ʹऔΔؔ਺͚ͩΛશ෦ϑοΫͯ͠TLCͷϙΠϯλ஋͝ͱͰ τϨʔεϩάΛऔΕ͹ύέοτ͕௨ͬͨؔ਺ͷϦετ͕ಘΒΕΔ UDQ@USBOTNJU@TLC JQ@PVUQVU

    EFW@RVFVF@YNJU 'SPN TPDLFU UP/*$ TLC# -PH -PH -PH TLC" BEESFTT<lUDQ@USBOTNJU@TLCz lJQ@PVUQVUz lEFW@RVFVF@YNJUz> TLC# BEESFTT<lUDQ@USBOTNJU@TLCz lJQ@PVUQVUz lEFW@RVFVF@YNJUz> TLC"

  15. )PXJQGUSBDF XPSLT JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB  • TLCʹ lNBSLzΛ͚ͭͯͦΕΛݟΔ͜ͱʹΑͬͯಛఆͷύέοτ͚ͩ ΛτϨʔεͰ͖Δ UDQ@USBOTNJU@TLC

    JQ@PVUQVU EFW@RVFVF@YNJU 'SPN TPDLFU UP/*$ TLC" -PH JGNBSLUBSHFU NBSL TLC" BEESFTT<lUDQ@USBOTNJU@TLCz lJQ@PVUQVUz lEFW@RVFVF@YNJUz> NBSL -PH JGNBSLUBSHFU NBSL -PH JGNBSLUBSHFU NBSL

  16. *NQMFNFOUBUJPO JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB  • TLCΛҾ਺ʹऔΔؔ਺Λશ෦औಘ͢Δ • σόοά৘ใ %8"3'PS#5' Λ࢖͏

    ؔ਺໊ ϙΠϯλܕͷ৘ใ ϙΠϯλ͕ࢦ͍ͯ͠Δ σʔλͷܕ৘ใ

  17. *NQMFNFOUBUJPO JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB  • TLCΛҾ਺ʹऔΔؔ਺Λશ෦ϑοΫͯ͠τϨʔεϩάΛग़͢ • LQSPCF F#1' QFSG@FWFOU

    UDQ@USBOTNJU@TLC F#1' 1SPHSBN JQ@PVUQVU F#1' 1SPHSBN JQGU QSPDFTT 5SBDF -PHT &WFOUEBUB 1FSGSJOHCVGGFS 6TFS ,FSOFM "UUBDI LQSPCF

  18. *NQMFNFOUBUJPO JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB  • TLCʹNBSLΛ͚ͭΔ • TLCNBSLͱ͍͏ࣗ༝ʹ࢖͑ΔCJUͷϑΟʔϧυ͕͋Δ • JQUBCMFT

    OFUGJMUFS ΍UD TFUTPDLPQU 40@."3, ͳͲͰॻ͖ࠐΈ͕Ͱ͖Δ • ͜ΕΒͰهड़Ͱ͖Δ೚ҙͷ৚݅ͰύέοτʹϚʔΫΛ͚ͭΒΕΔ • OFUOTΛ·͙ͨͱফ͑Δ ίϯςφͷτϨʔγϯάʹศར // TCP10.0.0.10     # iptables -t raw -A OUTPUT -p tcp -d 10.0.0.10 -j MARK --set-mark 0xdeadbeef # ipft -m 0xdeadbeef

  19. 4DSJQUJOH JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB  • ؔ਺͕ݺͼग़͞Εͨ࣌ͷTLCʹ͍͍ͭͯΔσʔλ΋ͪΐͬͱݟ͍ͨ • ͪΐͬͱͨ͠ϓϩάϥϚϏϦςΟ͕ཉ͍͠ • -VBͰ֦ுΛॻ͚Δػೳ

    Attaching program (total 1803, succeeded 1052, failed 751 filtered: 0) Trace ready! Samples: 246 Lost: 0^C Trace done! === 3347634373462 0000 selinux_ipv4_output (len: 5764 gso_type: tcpv4) 3347634379670 0000 ip_output (len: 5764 gso_type: tcpv4) 3347634382597 0000 nf_hook_slow (len: 5764 gso_type: tcpv4) 3347634385879 0000 selinux_ipv4_postroute (len: 5764 gso_type: tcpv4) 3347634388958 0000 selinux_ip_postroute (len: 5764 gso_type: tcpv4) 3347634391979 0000 ip_finish_output (len: 5764 gso_type: tcpv4) ͜ͷ෦෼

  20. 4DSJQUJOH JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB  -- void -- custom_function(uint8_t *buf, void

    *ctx, -- struct sk_buff *skb) -- function emit() return BPF.emit({ ... -- Get skb->len BPF.MOV64_REG(BPF.R1, BPF.R6), BPF.MOV64_IMM(BPF.R2, uint_size), BPF.MOV64_REG(BPF.R3, BPF.R8), BPF.ALU64_IMM(BPF.ADD, BPF.R3, len_offset), BPF.CALL_INSN(BPF.FUNC.probe_read), ... }) end function dump(data) len, gso_type = string.unpack(“=I4I4, data) return string.format("(len: %d gso_type: %s)", len, flags2str(gso_type)) end • -VBͰFNJU EVNQͷͭΛॻ͘ͱग़ ྗΛΧελϚΠζͰ͖Δ • FNJU௥ՃͷσʔλΛूΊΔF#1'ͷ όΠτίʔυΛు͘ϚΫϩΞηϯϒ ϥͰॻ͚Δ • EVNQFNJUͰूΊͨσʔλΛ੒ܗ ͨ͠จࣈྻΛు͘

  21. -JOVYWFSTJPOBSDIJUFDUVSFEFQFOEFODZJTTVF • -JOVYͷόʔδϣϯ͕มΘΔͱߏ଄ମͷϑΥʔϚοτ͕มΘΔ • -VBεΫϦϓτͰࢀর͍ͯ͠ΔTLCͷϝϯό౳ • JQGUSBDFຊମͰ࢖͍ͬͯΔTLCNBSL΋ಉ༷ • ͜ΕΒ͸-JOVYͷόʔδϣϯʹΑͬͯΦϑηοτ΍αΠζ͕มΘͬͯ͠·͏ •

    Ͳ͏͢Δ͔ʁ JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB 

  22. -JOVYWFSTJPOBSDIJUFDUVSFEFQFOEFODZJTTVF • σόοά৘ใΛ࢖ͬͯߏ଄ମͷϝϯό ͷΦϑηοτ΍σʔλܕͷαΠζΛ࣮ ߦ࣌ʹղܾ͢Δ • -VB͔Β͸ JQGUPGGTFUPGTJ[FPGUZQFPGΛ࢖ͬͯ σόοά৘ใΛΫΤϦͰ͖ΔΑ͏ʹ͢ Δ

    • ͜ΕͰ-JOVYͷόʔδϣϯʹґଘ͠ͳ͍ Α͏ʹॻ͚Δʂ JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB  function emit() return BPF.emit({ ... -- Get skb->len BPF.MOV64_REG(BPF.R1, BPF.R6), BPF.MOV64_IMM(BPF.R2, ipft.sizeof( ipft.typeof(”sk_buff”, “len”) ) ), BPF.MOV64_REG(BPF.R3, BPF.R8), BPF.ALU64_IMM(BPF.ADD, BPF.R3, ipft.offsetof(”sk_buff”, ”len”) ), BPF.CALL_INSN(BPF.FUNC.probe_read), ... }) end

  23. )PXVTFGVMJUJT • -JOVYͷ43Wͷ540(40ͷॲཧʹόά͕ ͋Γ ಛఆͷઃఆͰੑೳ͕ѱ͘ͳΔ • JQGUSBDFΛ࢖༻ͯ͠ݪҼΛಛఆ • मਖ਼ύονΛVQTUSFBN JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP

    )BZBLBXB  2 : : .2@9 9 6 - 9 1 : 940. 80 /0 : .2 1 9 83 17 36 .97

  24. $PODMVTJPO • -JOVYͷωοτϫʔΫػೳʹಛԽͨ͠σόοάπʔϧJQGUSBDFΛ঺հ • ࢖ָ͍͍ͬͯͯ͠πʔϧͰ͢Χʔωϧ୳ݕ͕௙Γ·͢ • /FUXPSLͳํʑ͸ੋඇ࢖ͬͯΈ͍ͯͩ͘͞ JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB 

    IUUQTHJUIVCDPN:VUBSP)BZBLBXBJQGUSBDF

  25. "QQFOEJY • JQUBCMFTͰύέοτ͕མ͍ͪͯΔ༷ࢠ JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB  548333116979692 0000 iptable_mangle_hook 548333116988109

    0000 tcp_v4_early_demux 548333116992390 0000 ip_route_input_noref 548333117014187 0000 ip_route_input_rcu 548333117020308 0000 __fib_validate_source 548333117025321 0000 ip_local_deliver 548333117028313 0000 iptable_mangle_hook 548333117031775 0000 kfree_skb 548333117035025 0000 skb_release_all 548333117037921 0000 skb_release_head_state 548333117040797 0000 skb_release_data 548333117044159 0000 skb_free_head 548333117069838 0000 kfree_skbmem iptables –A INPUT –t mangle –s 1.1.1.1 –j DROP ͜ͷลΓͰ ϧʔςΟϯά NBOHMFUBCMF ͷೖΓޱ

  26. "QQFOEJY • SQ@GJMUFSʹΑͬͯύέοτ͕མͪΔ༷ࢠ JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB  593441693907269 0000 ip_rcv_finish 593441693921407

    0000 ip_route_input_noref 593441693926953 0000 ip_route_input_rcu 593441693930384 0000 ip_route_input_slow 593441693935998 0000 fib_validate_source 593441693940631 0000 __fib_validate_source 593441693945170 0000 kfree_skb 593441693949104 0000 skb_release_all 593441693953039 0000 skb_release_head_state 593441693956357 0000 skb_release_data 593441693960079 0000 skb_free_head 593441693964360 0000 kfree_skbmem ιʔεΞυϨε ͷݕࠪΛ͢Δ ؔ਺

  27. "QQFOEJY JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB  402343336955099 0000 tcp_v4_fill_cb 402343336958653 0000 tcp_add_backlog

    402343336962128 0000 skb_condense 402343336993878 0000 tcp_v4_do_rcv 402343336998126 0000 tcp_rcv_established 402343337004807 0000 __kfree_skb 402343337008443 0000 skb_release_all 402343337011794 0000 skb_release_head_state 402343337015133 0000 skb_release_data 402343337018458 0000 skb_free_head 402343337021844 0000 kfree_skbmem 402343337527315 0000 iptable_mangle_hook 402343337531219 0000 ip_output 402343337534572 0000 nf_hook_slow 402343337537925 0000 iptable_mangle_hook 402343337541373 0000 ip_finish_output 402343337544750 0000 __cgroup_bpf_run_filter_skb 402343337548311 0000 __ip_finish_output TLCΛղ์͢Δؔ਺

  28. "QQFOEJY JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB  402343336955099 0000 tcp_v4_fill_cb 402343336958653 0000 tcp_add_backlog

    402343336962128 0000 skb_condense 402343336993878 0000 tcp_v4_do_rcv 402343336998126 0000 tcp_rcv_established 402343337004807 0000 __kfree_skb 402343337008443 0000 skb_release_all 402343337011794 0000 skb_release_head_state 402343337015133 0000 skb_release_data 402343337018458 0000 skb_free_head 402343337021844 0000 kfree_skbmem === 402343337527315 0000 iptable_mangle_hook 402343337531219 0000 ip_output 402343337534572 0000 nf_hook_slow 402343337537925 0000 iptable_mangle_hook 402343337541373 0000 ip_finish_output 402343337544750 0000 __cgroup_bpf_run_filter_skb 402343337548311 0000 __ip_finish_output ͜͏ͳͬͯ΄͍͠ ͳ͔ͥͭͷ τϨʔε͕ͬͭ͘͘! ͦΕ΋݁ߏͳස౓Ͱ

  29. "QQFOEJY • -JOVY͸Ωϟογϡͷώοτ཰Λ্͛ΔͨΊʹಉ͡TLCͷϝϞϦΛ࢖ ͍ճ͢ • JQGUSBDF͸TLCͷΞυϨεΛ࢖ͬͯύέοτΛ۠ผ͢Δ • ਓ͕ؒݟΕ͹Θ͔Δ͕ࣗಈͰڥ໨ΛݟΔͷ͸೉͍͠ JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB

     402343337004807 0000 __kfree_skb 402343337008443 0000 skb_release_all 402343337011794 0000 skb_release_head_state 402343337015133 0000 skb_release_data 402343337018458 0000 skb_free_head 402343337021844 0000 kfree_skbmem 402343337527315 0000 iptable_mangle_hook