Upgrade to Pro — share decks privately, control downloads, hide ads and more …

ipftrace: A Linux Function Tracer for Network P...

Avatar for Yutaro Hayakawa Yutaro Hayakawa
June 06, 2020
Technology
4
5.9k

ipftrace: A Linux Function Tracer for Network People

Kernel/VM/探検隊online part1での発表資料
Avatar for Yutaro Hayakawa

Yutaro Hayakawa

June 06, 2020
Tweet

More Decks by Yutaro Hayakawa

See All by Yutaro Hayakawa
How is Cilium Tested?
Avatar for Yutaro Hayakawa yutarohayakawa
5
450
eBPFのこれまでとこれから
Avatar for Yutaro Hayakawa yutarohayakawa
20
6.6k
NetKit Device
Avatar for Yutaro Hayakawa yutarohayakawa
4
1.1k
eBPFは何が嬉しいのか?
Avatar for Yutaro Hayakawa yutarohayakawa
3
2k
BufferbloatとLinux
Avatar for Yutaro Hayakawa yutarohayakawa
4
1.4k
Prism: Proxies without the Pain
Avatar for Yutaro Hayakawa yutarohayakawa
0
240
きっと明日から役立つeBPFのしくみ
Avatar for Yutaro Hayakawa yutarohayakawa
9
4.4k
eBPFをFreeBSDにポーティングしようとしている話
Avatar for Yutaro Hayakawa yutarohayakawa
4
3.2k
eBPF Implementation for FreeBSD
Avatar for Yutaro Hayakawa yutarohayakawa
0
370

Other Decks in Technology

See All in Technology
OTel meets Wasm: プラグイン機構としてのWebAssemblyから見る次世代のObservability
Avatar for LINEヤフーTech (LY Corporation Tech) lycorptech_jp
PRO
0
130
ITベンダーから見る内製化支援の本質/in-house-dev
Avatar for Serverless Operations slsops
1
230
AI駆動時代の新規事業の作り方
Avatar for ryohysk ryohysk
2
140
技術的負債を「戦略的投資」にするためのPdMとエンジニアの連携と実践
Avatar for satomino satomino
4
920
MCP で繋ぐ Figma とデザインシステム〜LLM を使った UI 実装のリアル〜
Avatar for きむそん kimuson
0
240
やめシフ大集合!!~SHIFT卒業生座談会~ / 20250517 Hiroko Tamagawa & Ayako Ueno & Ryo Asou &Kei Ishimaru
Avatar for SHIFT EVOLVE shift_evolve
0
320
Platform Engineering for Private Cloud
Avatar for Coté cote
PRO
1
180
GitHub ActionsをTypeScriptで作ろう!
Avatar for SansanTech sansantech
PRO
2
330
Modular RAG Architectures with Java and Spring AI
Avatar for Thomas Vitale thomasvitale
0
240
Microsoft Fabric のライセンスについて
Avatar for Ryoma Nagata ryomaru0825
2
3.6k
Oracle Cloud Infrastructure:2025年5月度サービス・アップデート
Avatar for oracle4engineer oracle4engineer
PRO
0
170
Cloudflare Use Cases at CADDi
Avatar for minato128 minato128
2
380

Featured

See All Featured
Speed Design
Avatar for Sergey Chernyshev sergeychernyshev
30
960
jQuery: Nuts, Bolts and Bling
Avatar for Doug Neiner dougneiner
63
7.8k
Intergalactic Javascript Robots from Outer Space
Avatar for Vicent Martí tanoku
271
27k
Designing for Performance
Avatar for Lara Hogan lara
608
69k
Git: the NoSQL Database
Avatar for Brandon Keepers bkeepers
PRO
430
65k
ReactJS: Keep Simple. Everything can be a component!
Avatar for Pedro Nauck pedronauck
667
120k
Product Roadmaps are Hard
Avatar for C. Todd Lombardo iamctodd
PRO
53
11k
The Illustrated Children's Guide to Kubernetes
Avatar for Chris Short chrisshort
48
50k
Building Flexible Design Systems
Avatar for Yesenia Perez-Cruz yeseniaperezcruz
329
39k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
Avatar for Joe Casabona jcasabona
32
2.3k
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
Avatar for mongodb mongodb
45
9.5k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
Avatar for panda_program panda_program
105
19k

Transcript

  1. JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS /FUXPSL1FPQMF 201 / :VUBSP )BZBLBXB ZIBZBLBXB!HNBJMDPN

  2. 8IPBN* • :VUBSP )BZBLBXB 5XJUUFS!:VUBSP)BZBLBXB • 48&!-*/&גࣜձࣾ • ࣗࣾΫϥ΢υͷωοτϫʔΫιϑτ΢ΣΞ։ൃνʔϜ •

    ιϑτ΢ΣΞϩʔυόϥϯαͷ։ൃɾӡ༻ • ͦͷଞ • F#1'Λ'SFF#4%ʹҠ২͢Δ(4P$ϓϩδΣΫτ ݱࡏ΋։ൃத • Χʔωϧ7.͸ճ໨ લճ͖ͬͱ໌೔͔Β໾ཱͭF#1'ͷ࢓૊Έ JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB 

  3. "HFOEB • -JOVYͷωοτϫʔΫػೳͷσόοάπʔϧJQGUSBDFΛ࡞ͬͨ࿩ JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB 

  4. JQGUSBDF • -JOVYͷOFUXPSLػೳʹಛԽͨؔ͠਺ίʔϧτϨʔαʔ • ΧʔωϧͷதͰ͋Δύέοτ͕Ͳͷؔ਺Λ௨͔ͬͨͷτϨʔε͕औΕΔ JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB  // TCP10.0.0.10

       # iptables -t raw -A OUTPUT -p tcp -d 10.0.0.10 -j MARK --set-mark 0xdeadbeef # ipft -m 0xdeadbeef

  5. 0VUQVU JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB  Attaching program (total 1803, succeeded 1052,

    failed 751 filtered: 0) Trace ready! Samples: 246 Lost: 0^C Trace done! === 3347634373462 0000 selinux_ipv4_output (len: 5764 gso_type: tcpv4) 3347634379670 0000 ip_output (len: 5764 gso_type: tcpv4) 3347634382597 0000 nf_hook_slow (len: 5764 gso_type: tcpv4) 3347634385879 0000 selinux_ipv4_postroute (len: 5764 gso_type: tcpv4) 3347634388958 0000 selinux_ip_postroute (len: 5764 gso_type: tcpv4) 3347634391979 0000 ip_finish_output (len: 5764 gso_type: tcpv4) 3347634394932 0000 __cgroup_bpf_run_filter_skb (len: 5764 gso_type: tcpv4) 3347634398196 0000 ip_finish_output2 (len: 5764 gso_type: tcpv4) 3347634401431 0000 neigh_direct_output (len: 5764 gso_type: tcpv4) 3347634404503 0000 dev_queue_xmit (len: 5764 gso_type: tcpv4) 3347634407363 0000 __dev_queue_xmit (len: 5764 gso_type: tcpv4) 3347634410290 0000 netdev_pick_tx (len: 5764 gso_type: tcpv4) 3347634413287 0000 validate_xmit_skb (len: 5764 gso_type: tcpv4) 3347634416425 0000 netif_skb_features (len: 5764 gso_type: tcpv4) 3347634419602 0000 skb_network_protocol (len: 5764 gso_type: tcpv4) 3347634422951 0000 skb_csum_hwoffload_help (len: 5764 gso_type: tcpv4) ύέοτ͕ʮ௨ͬͨʯؔ਺ $16*% 5JNF4UBNQ Ћ Ϣʔβఆٛͷσʔλ

  6. 0VUQVU JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB  3347634425930 0000 validate_xmit_xfrm (len: 5764 gso_type:

    tcpv4) 3347634429001 0000 dev_hard_start_xmit (len: 5764 gso_type: tcpv4) 3347634432145 0000 iptunnel_handle_offloads (len: 5764 gso_type: tcpv4) 3347634435381 0000 ip_rt_update_pmtu (len: 5764 gso_type: tcpv4|ipxip4) 3347634438569 0000 iptunnel_xmit (len: 5764 gso_type: tcpv4|ipxip4) 3347634441580 0000 skb_scrub_packet (len: 5764 gso_type: tcpv4|ipxip4) 3347634444653 0000 skb_push (len: 5764 gso_type: tcpv4|ipxip4) 3347634447795 0000 ip_local_out (len: 5784 gso_type: tcpv4|ipxip4) 3347634450651 0000 __ip_local_out (len: 5784 gso_type: tcpv4|ipxip4) 3347634453520 0000 nf_hook_slow (len: 5784 gso_type: tcpv4|ipxip4) 3347634456546 0000 selinux_ipv4_output (len: 5784 gso_type: tcpv4|ipxip4) 3347634459478 0000 ip_output (len: 5784 gso_type: tcpv4|ipxip4) 3347634462317 0000 nf_hook_slow (len: 5784 gso_type: tcpv4|ipxip4) 3347634465284 0000 selinux_ipv4_postroute (len: 5784 gso_type: tcpv4|ipxip4) 3347634468208 0000 selinux_ip_postroute (len: 5784 gso_type: tcpv4|ipxip4) 3347634471081 0000 ip_finish_output (len: 5784 gso_type: tcpv4|ipxip4) 3347634474005 0000 ip_finish_output2 (len: 5784 gso_type: tcpv4|ipxip4) 3347634477149 0000 neigh_resolve_output (len: 5784 gso_type: tcpv4|ipxip4) 3347634480256 0000 eth_header (len: 5784 gso_type: tcpv4|ipxip4) 3347634483169 0000 skb_push (len: 5784 gso_type: tcpv4|ipxip4) 3347634486125 0000 dev_queue_xmit (len: 5798 gso_type: tcpv4|ipxip4)

  7. 0VUQVU JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB  3347634488963 0000 __dev_queue_xmit (len: 5798 gso_type:

    tcpv4|ipxip4) 3347634491902 0000 netdev_pick_tx (len: 5798 gso_type: tcpv4|ipxip4) 3347634494765 0000 validate_xmit_skb (len: 5798 gso_type: tcpv4|ipxip4) 3347634497750 0000 netif_skb_features (len: 5798 gso_type: tcpv4|ipxip4) 3347634500779 0000 passthru_features_check (len: 5798 gso_type: tcpv4|ipxip4) 3347634503730 0000 skb_network_protocol (len: 5798 gso_type: tcpv4|ipxip4) 3347634506729 0000 skb_csum_hwoffload_help (len: 5798 gso_type: tcpv4|ipxip4) 3347634509655 0000 validate_xmit_xfrm (len: 5798 gso_type: tcpv4|ipxip4) 3347634512554 0000 dev_hard_start_xmit (len: 5798 gso_type: tcpv4|ipxip4) 3347634515513 0000 dev_forward_skb (len: 5798 gso_type: tcpv4|ipxip4) 3347634518497 0000 __dev_forward_skb (len: 5798 gso_type: tcpv4|ipxip4) 3347634521441 0000 skb_scrub_packet (len: 5798 gso_type: tcpv4|ipxip4)

  8. .PUJWBUJPO • ࢓ࣄฑ-JOVYͷωοτϫʔΫػೳΛϔϏʔʹ࢖͏ • ϧʔλʔͱͯ͠ /"5ͱͯ͠ '8ͱͯ͠ -#ͱͯ͠ • ύέοτ͸ԟʑʹͯ͠Ͳ͔͍ͬ͘!

    • ຊ౰ʹͲ͏ͯ͠΋ݪҼ͕Θ͔Βͳ͍ͱ͖ʹ͸ιʔεΛݟΔ͔͠ͳ͍ • ιʔεಡΜ͚ͩͩͰΘ͔Δ͜ͱ͸গͳ͍ • ࣮ߦͯ͠ڍಈΛ֬ೝ͍ͨ͠ JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB 

  9. 4ZTUFN5BQ CQGUSBDF • $ͱBXLΛ߹ΘͤͨΑ͏ͳ%4-Λ࢖ͬͯτϨʔε͕ॻ͚Δ • ؔ਺ͷݺͼग़͠ͳͲΛϑοΫͯ͠Ҿ਺ͷ஋ͳͲΛग़ྗ͢Δ͜ͱ͕Ͱ͖Δ • τϨʔε͢Δର৅͸Ϣʔβ͕બͿඞཁ͕͋ΔͷͰԿ΋ख͕͔Γ͕ͳ͍ঢ়ଶͰ͸গʑ࢖͍ͮΒ͍ JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB

     // bpftrace" // open(2) ! !  tracepoint:syscalls:sys_enter_open { printf("%s %s¥n", comm, str(args->filename)); } //   IO    tracepoint:block:block_rq_issue { @[args->comm] = hist(args->bytes); }

  10. GUSBDF • Χʔωϧશମͷؔ਺ݺͼग़͠ͷτϨʔε͕औΕΔπʔϧ • Կ΋ख͕͔Γ͕ͳ͍ঢ়ଶͰ΋࢖͍΍͍͕͢ εΫϦϓςΟϯάͷػೳ͸ͳ͍ • ग़ྗ͕ϑΝδʔʹͳΓ͕ͪ ωοτϫʔΫͷॲཧҎ֎΋ࠞͬͯ͘͟Δ JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP

    )BZBLBXB  # _-----=> irqs-off # / _----=> need-resched # | / _---=> hardirq/softirq # || / _--=> preempt-depth # ||| / delay # TASK-PID CPU# |||| TIMESTAMP FUNCTION # | | | |||| | | gdbus-8688 [003] .... 105981.564554: vfs_read <-SyS_read bamfdaemon-8170 [002] .... 105981.564584: vfs_writev <-do_writev gdbus-8688 [003] .... 105981.564590: vfs_read <-SyS_read gdbus-8688 [003] .... 105981.564590: __vfs_read <-vfs_read compiz-8331 [007] .... 105981.564706: vfs_writev <-do_writev gdbus-8688 [003] .... 105981.564822: vfs_write <-SyS_write gdbus-8688 [003] .... 105981.564823: __vfs_write <-vfs_write gdbus-8688 [003] .... 105981.983184: vfs_read <-SyS_read gdbus-8688 [003] .... 105981.983187: __vfs_read <-vfs_read

  11. /FUXPSLEPNBJOTQFDJGJDSFRVJSFNFOU • ωοτϫʔΫػೳΛτϨʔε͍ͨ͠ͱ͖ݻ༗ͷ໰୊ • ಛఆͷʮύέοτʯʹؔ܎͢Δॲཧ͚ͩݟΔ͜ͱ͕Ͱ͖ͳ͍ • ྫ͑͹ • 5$1൪Ѽͷύέοτ •

    Ѽઌ͕ͷ*$.1ύέοτ • ؔ਺ݺͼग़͠ͷτϨʔε͚ͩͰ͸ͲͷύέοτΛॲཧ͍ͯ͠Δ͔Θ͔ Βͳ͍ JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB 

  12. 3FRVJSFNFOU • ͜ΜͳτϨʔαʔ͕ཉ͍͠ • Կ΋ख͕͔Γ͕ͳ͍ঢ়ଶͰ࢖͍΍͍͢ ؔ਺ίʔϧτϨʔαʔ • ύέοτΛॲཧ͢Δؔ਺Ҏ֎ʹ͸ͦΜͳʹڵຯ͕ͳ͍ • ύέοτ୯ҐͰτϨʔε͍ͨ͠

    • 4ZTUFN5BQͱ͔CQGUSBDFΈ͍ͨͳTDSJQUJOHͷػೳ΋ཉ͍͠ • ͜ΕΛશ෦ຬͨ͢Α͏ͳτϨʔαʔ͸ͳ͔ͬͨͷͰࣗ෼Ͱ࡞ͬͨ JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB 

  13. )PXJQGUSBDF XPSLT JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB  UDQ@USBOTNJU@TLC JQ@PVUQVU EFW@RVFVF@YNJU • -JOVYͷωοτϫʔΫͷॲཧ͸ύέοτ

    TUSVDUTL@CVGG ΛҾ਺ʹ ͱΔؔ਺ʹύέοτΛ௨͍ͯ͘͠Α͏ͳܗΛ͍ͯ͠Δ int ip_output(struct net *net, struct sock *sk, struct sk_buff *skb) 'SPN TPDLFU UP/*$ TLC

  14. )PXJQGUSBDF XPSLT JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB  • TLCΛҾ਺ʹऔΔؔ਺͚ͩΛશ෦ϑοΫͯ͠TLCͷϙΠϯλ஋͝ͱͰ τϨʔεϩάΛऔΕ͹ύέοτ͕௨ͬͨؔ਺ͷϦετ͕ಘΒΕΔ UDQ@USBOTNJU@TLC JQ@PVUQVU

    EFW@RVFVF@YNJU 'SPN TPDLFU UP/*$ TLC# -PH -PH -PH TLC" BEESFTT<lUDQ@USBOTNJU@TLCz lJQ@PVUQVUz lEFW@RVFVF@YNJUz> TLC# BEESFTT<lUDQ@USBOTNJU@TLCz lJQ@PVUQVUz lEFW@RVFVF@YNJUz> TLC"

  15. )PXJQGUSBDF XPSLT JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB  • TLCʹ lNBSLzΛ͚ͭͯͦΕΛݟΔ͜ͱʹΑͬͯಛఆͷύέοτ͚ͩ ΛτϨʔεͰ͖Δ UDQ@USBOTNJU@TLC

    JQ@PVUQVU EFW@RVFVF@YNJU 'SPN TPDLFU UP/*$ TLC" -PH JGNBSLUBSHFU NBSL TLC" BEESFTT<lUDQ@USBOTNJU@TLCz lJQ@PVUQVUz lEFW@RVFVF@YNJUz> NBSL -PH JGNBSLUBSHFU NBSL -PH JGNBSLUBSHFU NBSL

  16. *NQMFNFOUBUJPO JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB  • TLCΛҾ਺ʹऔΔؔ਺Λશ෦औಘ͢Δ • σόοά৘ใ %8"3'PS#5' Λ࢖͏

    ؔ਺໊ ϙΠϯλܕͷ৘ใ ϙΠϯλ͕ࢦ͍ͯ͠Δ σʔλͷܕ৘ใ

  17. *NQMFNFOUBUJPO JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB  • TLCΛҾ਺ʹऔΔؔ਺Λશ෦ϑοΫͯ͠τϨʔεϩάΛग़͢ • LQSPCF F#1' QFSG@FWFOU

    UDQ@USBOTNJU@TLC F#1' 1SPHSBN JQ@PVUQVU F#1' 1SPHSBN JQGU QSPDFTT 5SBDF -PHT &WFOUEBUB 1FSGSJOHCVGGFS 6TFS ,FSOFM "UUBDI LQSPCF

  18. *NQMFNFOUBUJPO JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB  • TLCʹNBSLΛ͚ͭΔ • TLCNBSLͱ͍͏ࣗ༝ʹ࢖͑ΔCJUͷϑΟʔϧυ͕͋Δ • JQUBCMFT

    OFUGJMUFS ΍UD TFUTPDLPQU 40@."3, ͳͲͰॻ͖ࠐΈ͕Ͱ͖Δ • ͜ΕΒͰهड़Ͱ͖Δ೚ҙͷ৚݅ͰύέοτʹϚʔΫΛ͚ͭΒΕΔ • OFUOTΛ·͙ͨͱফ͑Δ ίϯςφͷτϨʔγϯάʹศར // TCP10.0.0.10     # iptables -t raw -A OUTPUT -p tcp -d 10.0.0.10 -j MARK --set-mark 0xdeadbeef # ipft -m 0xdeadbeef

  19. 4DSJQUJOH JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB  • ؔ਺͕ݺͼग़͞Εͨ࣌ͷTLCʹ͍͍ͭͯΔσʔλ΋ͪΐͬͱݟ͍ͨ • ͪΐͬͱͨ͠ϓϩάϥϚϏϦςΟ͕ཉ͍͠ • -VBͰ֦ுΛॻ͚Δػೳ

    Attaching program (total 1803, succeeded 1052, failed 751 filtered: 0) Trace ready! Samples: 246 Lost: 0^C Trace done! === 3347634373462 0000 selinux_ipv4_output (len: 5764 gso_type: tcpv4) 3347634379670 0000 ip_output (len: 5764 gso_type: tcpv4) 3347634382597 0000 nf_hook_slow (len: 5764 gso_type: tcpv4) 3347634385879 0000 selinux_ipv4_postroute (len: 5764 gso_type: tcpv4) 3347634388958 0000 selinux_ip_postroute (len: 5764 gso_type: tcpv4) 3347634391979 0000 ip_finish_output (len: 5764 gso_type: tcpv4) ͜ͷ෦෼

  20. 4DSJQUJOH JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB  -- void -- custom_function(uint8_t *buf, void

    *ctx, -- struct sk_buff *skb) -- function emit() return BPF.emit({ ... -- Get skb->len BPF.MOV64_REG(BPF.R1, BPF.R6), BPF.MOV64_IMM(BPF.R2, uint_size), BPF.MOV64_REG(BPF.R3, BPF.R8), BPF.ALU64_IMM(BPF.ADD, BPF.R3, len_offset), BPF.CALL_INSN(BPF.FUNC.probe_read), ... }) end function dump(data) len, gso_type = string.unpack(“=I4I4, data) return string.format("(len: %d gso_type: %s)", len, flags2str(gso_type)) end • -VBͰFNJU EVNQͷͭΛॻ͘ͱग़ ྗΛΧελϚΠζͰ͖Δ • FNJU௥ՃͷσʔλΛूΊΔF#1'ͷ όΠτίʔυΛు͘ϚΫϩΞηϯϒ ϥͰॻ͚Δ • EVNQFNJUͰूΊͨσʔλΛ੒ܗ ͨ͠จࣈྻΛు͘

  21. -JOVYWFSTJPOBSDIJUFDUVSFEFQFOEFODZJTTVF • -JOVYͷόʔδϣϯ͕มΘΔͱߏ଄ମͷϑΥʔϚοτ͕มΘΔ • -VBεΫϦϓτͰࢀর͍ͯ͠ΔTLCͷϝϯό౳ • JQGUSBDFຊମͰ࢖͍ͬͯΔTLCNBSL΋ಉ༷ • ͜ΕΒ͸-JOVYͷόʔδϣϯʹΑͬͯΦϑηοτ΍αΠζ͕มΘͬͯ͠·͏ •

    Ͳ͏͢Δ͔ʁ JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB 

  22. -JOVYWFSTJPOBSDIJUFDUVSFEFQFOEFODZJTTVF • σόοά৘ใΛ࢖ͬͯߏ଄ମͷϝϯό ͷΦϑηοτ΍σʔλܕͷαΠζΛ࣮ ߦ࣌ʹղܾ͢Δ • -VB͔Β͸ JQGUPGGTFUPGTJ[FPGUZQFPGΛ࢖ͬͯ σόοά৘ใΛΫΤϦͰ͖ΔΑ͏ʹ͢ Δ

    • ͜ΕͰ-JOVYͷόʔδϣϯʹґଘ͠ͳ͍ Α͏ʹॻ͚Δʂ JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB  function emit() return BPF.emit({ ... -- Get skb->len BPF.MOV64_REG(BPF.R1, BPF.R6), BPF.MOV64_IMM(BPF.R2, ipft.sizeof( ipft.typeof(”sk_buff”, “len”) ) ), BPF.MOV64_REG(BPF.R3, BPF.R8), BPF.ALU64_IMM(BPF.ADD, BPF.R3, ipft.offsetof(”sk_buff”, ”len”) ), BPF.CALL_INSN(BPF.FUNC.probe_read), ... }) end

  23. )PXVTFGVMJUJT • -JOVYͷ43Wͷ540(40ͷॲཧʹόά͕ ͋Γ ಛఆͷઃఆͰੑೳ͕ѱ͘ͳΔ • JQGUSBDFΛ࢖༻ͯ͠ݪҼΛಛఆ • मਖ਼ύονΛVQTUSFBN JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP

    )BZBLBXB  2 : : .2@9 9 6 - 9 1 : 940. 80 /0 : .2 1 9 83 17 36 .97

  24. $PODMVTJPO • -JOVYͷωοτϫʔΫػೳʹಛԽͨ͠σόοάπʔϧJQGUSBDFΛ঺հ • ࢖ָ͍͍ͬͯͯ͠πʔϧͰ͢Χʔωϧ୳ݕ͕௙Γ·͢ • /FUXPSLͳํʑ͸ੋඇ࢖ͬͯΈ͍ͯͩ͘͞ JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB 

    IUUQTHJUIVCDPN:VUBSP)BZBLBXBJQGUSBDF

  25. "QQFOEJY • JQUBCMFTͰύέοτ͕མ͍ͪͯΔ༷ࢠ JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB  548333116979692 0000 iptable_mangle_hook 548333116988109

    0000 tcp_v4_early_demux 548333116992390 0000 ip_route_input_noref 548333117014187 0000 ip_route_input_rcu 548333117020308 0000 __fib_validate_source 548333117025321 0000 ip_local_deliver 548333117028313 0000 iptable_mangle_hook 548333117031775 0000 kfree_skb 548333117035025 0000 skb_release_all 548333117037921 0000 skb_release_head_state 548333117040797 0000 skb_release_data 548333117044159 0000 skb_free_head 548333117069838 0000 kfree_skbmem iptables –A INPUT –t mangle –s 1.1.1.1 –j DROP ͜ͷลΓͰ ϧʔςΟϯά NBOHMFUBCMF ͷೖΓޱ

  26. "QQFOEJY • SQ@GJMUFSʹΑͬͯύέοτ͕མͪΔ༷ࢠ JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB  593441693907269 0000 ip_rcv_finish 593441693921407

    0000 ip_route_input_noref 593441693926953 0000 ip_route_input_rcu 593441693930384 0000 ip_route_input_slow 593441693935998 0000 fib_validate_source 593441693940631 0000 __fib_validate_source 593441693945170 0000 kfree_skb 593441693949104 0000 skb_release_all 593441693953039 0000 skb_release_head_state 593441693956357 0000 skb_release_data 593441693960079 0000 skb_free_head 593441693964360 0000 kfree_skbmem ιʔεΞυϨε ͷݕࠪΛ͢Δ ؔ਺

  27. "QQFOEJY JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB  402343336955099 0000 tcp_v4_fill_cb 402343336958653 0000 tcp_add_backlog

    402343336962128 0000 skb_condense 402343336993878 0000 tcp_v4_do_rcv 402343336998126 0000 tcp_rcv_established 402343337004807 0000 __kfree_skb 402343337008443 0000 skb_release_all 402343337011794 0000 skb_release_head_state 402343337015133 0000 skb_release_data 402343337018458 0000 skb_free_head 402343337021844 0000 kfree_skbmem 402343337527315 0000 iptable_mangle_hook 402343337531219 0000 ip_output 402343337534572 0000 nf_hook_slow 402343337537925 0000 iptable_mangle_hook 402343337541373 0000 ip_finish_output 402343337544750 0000 __cgroup_bpf_run_filter_skb 402343337548311 0000 __ip_finish_output TLCΛղ์͢Δؔ਺

  28. "QQFOEJY JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB  402343336955099 0000 tcp_v4_fill_cb 402343336958653 0000 tcp_add_backlog

    402343336962128 0000 skb_condense 402343336993878 0000 tcp_v4_do_rcv 402343336998126 0000 tcp_rcv_established 402343337004807 0000 __kfree_skb 402343337008443 0000 skb_release_all 402343337011794 0000 skb_release_head_state 402343337015133 0000 skb_release_data 402343337018458 0000 skb_free_head 402343337021844 0000 kfree_skbmem === 402343337527315 0000 iptable_mangle_hook 402343337531219 0000 ip_output 402343337534572 0000 nf_hook_slow 402343337537925 0000 iptable_mangle_hook 402343337541373 0000 ip_finish_output 402343337544750 0000 __cgroup_bpf_run_filter_skb 402343337548311 0000 __ip_finish_output ͜͏ͳͬͯ΄͍͠ ͳ͔ͥͭͷ τϨʔε͕ͬͭ͘͘! ͦΕ΋݁ߏͳස౓Ͱ

  29. "QQFOEJY • -JOVY͸Ωϟογϡͷώοτ཰Λ্͛ΔͨΊʹಉ͡TLCͷϝϞϦΛ࢖ ͍ճ͢ • JQGUSBDF͸TLCͷΞυϨεΛ࢖ͬͯύέοτΛ۠ผ͢Δ • ਓ͕ؒݟΕ͹Θ͔Δ͕ࣗಈͰڥ໨ΛݟΔͷ͸೉͍͠ JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB

     402343337004807 0000 __kfree_skb 402343337008443 0000 skb_release_all 402343337011794 0000 skb_release_head_state 402343337015133 0000 skb_release_data 402343337018458 0000 skb_free_head 402343337021844 0000 kfree_skbmem 402343337527315 0000 iptable_mangle_hook