RubyでXDPプログラミング

Transcript

1. ҪᖒΏ͖Έͭ
   ೥݄೔
   ๺཮ࡾݝSC
   -JHIUOJOH
   5BMLT
   JO
   ,BOB[BXB 3VCZͰ9%1ϓϩάϥϛϯά

2. ࣗݾ঺հ w :PV5VCFS
   ‣ .Z
   0VUEPPS
   -JGF
   IUUQTLBOB[BXBDBNQ
   w ത࢜ ৘ใՊֶ

   
   ‣ ΠϯλʔωοτΛ࢖ͬͨૄ݁߹෼ࢄγεςϜͷݚڀΛ͍ͯ͠·͢
   w גࣜձࣾΫϧ΢Οοτ
   औక໾$00
   ݉
   ๺཮ࢧࣾ௕
   w $PEF
   GPS
   ,BOB[BXB
   ཧࣄ
   w ిࢠ޻࡞φΠϑ੍࡞ϨβʔΫϥϑτͳͲɺ΋ͷΛ࡞Δͷ͕झຯͰ͢

3. F#1'ͬͯ஌͍ͬͯ·͔͢ʁ w FYUFOEFE
   #FSLFMFZ
   1BDLFU
   'JMUFS
   ͷུ
   w LFSOFM಺෦ͰϢʔβۭؒͷϓϩάϥϜΛಈ͔͢࢓૊Έ
   w ઐ༻ͷ໋ྩηοτͰۦಈ͢Δ7.্Ͱ૸ΒͤΔ

4. None

5. 9%1ͬͯ஌͍ͬͯ·͔͢ʁ w F9QSFTT
   %BUB
   1BUI
   ͷུ
   w F#1'ϕʔεͷߴ଎ύέοτॲཧٕज़
   w JOHSFTTύέοτͷॲཧ༻్
   w LFSOFMͷSFDPNQJMFແ͠ͰΧʔωϧ಺෦ͷॲཧΛॊೈʹมߋͰ͖Δ
   w

   5$1*1
   ελοΫΑΓલஈͰ࣮ߦ͞ΕΔ TL@CV ff ΑΓલ
   ˡϙΠϯτ

6. 9%1ͷ࢓૊Έ /*$ 5$1*1
   4UBDL 9%1
   FOWJSPONFOU
   9%1ॲཧ 9%1@%301 9%1@1"44 9%1@59 /*$
   %SJWFS w

   /*$ͷυϥΠό಺Ͱ࣮ߦ
   w ύέοτ౸ணຖʹ)PPL͞ΕΔ
   w ύέοτͷॲ۰ΛܾΊΔ
   ‣ 9%1@1"44
   *14UBDLʹ্͛Δ
   ‣ 9%1@%301
   ࣺͯΔ
   ‣ 9%1@59
   ड৴ͨ͠/*$͔ΒૹΔ
   ‣ 9%1@3&%*3&$5
   ผͷ/*$͔ΒૹΔ

7. ։ൃͷखॱ  9%1͕༗ޮͳΧʔωϧͱ։ൃ؀ڥΛ४උ͢Δ
    $ݴޠͰ9%1ϓϩάϥϜΛهड़͢Δ
    DMBOHͰ#1'όΠτίʔυʹίϯύΠϧ͢Δ
    Χʔωϧʹϩʔυ͢Δ

8. 9%1͕༗ޮͳΧʔωϧͱ։ൃ؀ڥΛ४උ͢Δ w ৽͍͠LFSOFMͷ-JOVY؀ڥΛ࡞Δͷ͕Ұ൪ૣ͍
   w 6CVOUV
   
   -54
   4FSWFS͸σϑΥϧτͰF#1'͕FOBCMFʹͳ͍ͬͯΔͷ ͰɺͱΓ͋͑ͣ͜ΕͰ͍͍Μ͡Όͳ͍ʁ
   w ৄ͘͠͸͓άάΓ͍ͩ͘͞

9. $ݴޠͰ9%1ϓϩάϥϜΛهड़͢Δ w ҎԼͷ੍໿ͷԼͰهड़͢Δඞཁ͕͋Δ
   ‣ ໋ྩ਺ʹ্ݶ .
   ‣ ແݶϧʔϓېࢭ
   ‣

   ౸ୡෆՄೳͳهड़ېࢭ
   ‣ ϝϞϦνΣοΫͨ͠ϝϞϦͷΈΞΫηεՄೳ

10. DMBOHͰ#1'όΠτίʔυʹίϯύΠϧ͢Δ w UBSHFU
    Λ
    CQG
    ʹͯ͠
    DMBOH
    ͰίϯύΠϧ 
    DMBOH
    0
    UBSHFU
    CQG
    D
    TBNQMFD
    P
    TBNQMFP

11. Χʔωϧʹϩʔυ͢Δ w JQSPVUF
    Ͱ/*$ͷυϥΠόʹϩʔυ 
    JQ
    MJOL
    TFU
    EFW
    FUI
    YEQ
    PCK
    TBNQMFP

12. #$$Λ࢖͏ͱΑΓ؆୯ʹ w #1'
    $PNQJMFS
    $PMMFDUJPO
    ͷུ
    w F#1'ͷϓϩάϥϜΛΑΓ؆қʹهड़͢ΔͨΊͷϑϨʔϜϫʔΫϥΠϒϥϦ
    w ཪͰDMBOH--7.ΛݺΜͰ͍Δ
    w 1ZUIPOͱ͔-VBͳͲͷ4DSJQU͔Βར༻Ͱ͖Δ

13. 3C#$$ IUUQTHJUIVCDPNVE[VSBSCCDD w 3VCZ
    Ͱ
    #$$
    ͢ΔͨΊͷHFN
    VE[VSBࢯ
    ࡞
    w 3VCZΞιγΤʔγϣϯͷ։ൃॿ੒Ͱ࡞ΒΕͨͦ͏

14. ൵͍͠ݱ࣮

15. ൵͠ΈΛ৐Γӽ͑ͯ w 3C#$$
    HFN
    Λ ద౰ʹ
    9%1
    ʹରԠͤͯ͞ΈͨΑ🎊

16. ૣ଎ɺαϯϓϧϓϩάϥϜ w 9%1ʹରԠͤͨ͞
    3C#$$
    HFN
    Λ࢖ͬͯɺ
    w ʮҎ্Ͱͷഒ਺ͷγʔέϯε൪߸ͷ͍ͭͨQJOHʹͷΈԠ౴͢Δ-JOVY
    ,FSOFMʯΛ࡞ͬͯΈΑ͏
    ‣ JQUBCMFT
    Ͱ͸هड़Ͱ͖ͳ͍Α͏ͳෳࡶͳϧʔϧ
    ‣ ୯७ϚονͰ͸ͳ͘ܭࢉ݁ՌʹΑͬͯڍಈΛม͑Δ

17. 1 require 'rbbcc' 2 include RbBCC 3 4 5 print

    "loading..." 6 STDOUT.flush 7 8 b = BCC.new(text: <<BPF) 9 10 #include <uapi/linux/bpf.h> 11 #include <linux/ip.h> 12 #include <linux/icmp.h> 13 14 15 int xdp_drop_icmp(struct xdp_md *ctx) { 16 void* data_end = (void*)(long)ctx->data_end; 17 void* data = (void*)(long)ctx->data; 18 struct ethhdr *eth = data; 19 u32 protocol; 20 u16 sequence; 21 u64 nh_off = sizeof(*eth); 22 23 // for validator 24 if (data + nh_off > data_end) 25 return XDP_PASS; 26 27 if (eth->h_proto == htons(ETH_P_IP)) { 28 struct iphdr *iph = data + nh_off; 29 29 30 // for validator 31 if ((void*)&iph[1] > data_end) 32 return XDP_PASS; 33 34 protocol = iph->protocol; 35 if (protocol == 1) { /* ICMP */ 36 struct icmphdr *icmph = data + nh_off + iph->ihl * 4; 37 38 // for validator 39 if ((void*)&icmph[1] > data_end) 40 return XDP_PASS; 41 42 if (icmph->type == 8) { /* ECHO REQUEST */ 43 if (icmph->un.echo.sequence > 0 && 44 icmph->un.echo.sequence % 3 == 0) { 45 return XDP_PASS; 46 } 47 else return XDP_DROP; 48 } 49 } 50 } 51 return XDP_PASS; 52 } 53 BPF 54 55 fn = b.load_func("xdp_drop_icmp", BPF::XDP) 56 puts "done." 57 58 b.attach_xdp("eth0", "xdp_drop_icmp") 59 sleep(20) 60 b.remove_xdp("eth0") αϯϓϧϓϩάϥϜ
    YEQ@JDNQSC

18. σϞ

19. ·ͱΊ w F#1'#$$9%1Λۦ͚଍Ͱ͝঺հ͠·ͨ͠
    w SVCZͰ9%1ϓϩάϥϛϯά͢Δํ๏Λ঺հ͠·ͨ͠
    w MJOVY
    LFSOFMͷجຊతͳωοτϫʔΫػೳΛɺಈతʹ࠶ىಈແ͘มߋͰ͖·͠ ͨ

20. Ҏ্ɺ͋Γ͕ͱ͏͍͟͝·ͨ͠