Tweet
Tweet

Slide 1

Slide 1 text

ҪᖒΏ͖Έͭ೥݄೔๺཮ࡾݝSC-JHIUOJOH5BMLTJO,BOB[BXB 3VCZͰ9%1ϓϩάϥϛϯά

Slide 2

Slide 2 text

ࣗݾ঺հ w :PV5VCFS ‣ .Z0VUEPPS-JGF IUUQTLBOB[BXBDBNQ w ത࢜ ৘ใՊֶ ‣ ΠϯλʔωοτΛ࢖ͬͨૄ݁߹෼ࢄγεςϜͷݚڀΛ͍ͯ͠·͢ w גࣜձࣾΫϧ΢Οοτऔక໾$00݉๺཮ࢧࣾ௕ w $PEFGPS,BOB[BXBཧࣄ w ిࢠ޻࡞φΠϑ੍࡞ϨβʔΫϥϑτͳͲɺ΋ͷΛ࡞Δͷ͕झຯͰ͢

Slide 3

Slide 3 text

F#1'ͬͯ஌͍ͬͯ·͔͢ʁ w FYUFOEFE#FSLFMFZ1BDLFU'JMUFSͷུ w LFSOFM಺෦ͰϢʔβۭؒͷϓϩάϥϜΛಈ͔͢࢓૊Έ w ઐ༻ͷ໋ྩηοτͰۦಈ͢Δ7.্Ͱ૸ΒͤΔ

Slide 4

Slide 4 text

No content

Slide 5

Slide 5 text

9%1ͬͯ஌͍ͬͯ·͔͢ʁ w F9QSFTT%BUB1BUIͷུ w F#1'ϕʔεͷߴ଎ύέοτॲཧٕज़ w JOHSFTTύέοτͷॲཧ༻్ w LFSOFMͷSFDPNQJMFແ͠ͰΧʔωϧ಺෦ͷॲཧΛॊೈʹมߋͰ͖Δ w 5$1*1ελοΫΑΓલஈͰ࣮ߦ͞ΕΔ TL@CV ff ΑΓલ ˡϙΠϯτ

Slide 6

Slide 6 text

9%1ͷ࢓૊Έ /*$ 5$1*14UBDL 9%1FOWJSPONFOU 9%1ॲཧ 9%1@%301 9%1@1"44 9%1@59 /*$%SJWFS w /*$ͷυϥΠό಺Ͱ࣮ߦ w ύέοτ౸ணຖʹ)PPL͞ΕΔ w ύέοτͷॲ۰ΛܾΊΔ ‣ 9%1@1"44*14UBDLʹ্͛Δ ‣ 9%1@%301ࣺͯΔ ‣ 9%1@59ड৴ͨ͠/*$͔ΒૹΔ ‣ 9%1@3&%*3&$5ผͷ/*$͔ΒૹΔ

Slide 7

Slide 7 text

։ൃͷखॱ 9%1͕༗ޮͳΧʔωϧͱ։ൃ؀ڥΛ४උ͢Δ $ݴޠͰ9%1ϓϩάϥϜΛهड़͢Δ DMBOHͰ#1'όΠτίʔυʹίϯύΠϧ͢Δ Χʔωϧʹϩʔυ͢Δ

Slide 8

Slide 8 text

9%1͕༗ޮͳΧʔωϧͱ։ൃ؀ڥΛ४උ͢Δ w ৽͍͠LFSOFMͷ-JOVY؀ڥΛ࡞Δͷ͕Ұ൪ૣ͍ w 6CVOUV-544FSWFS͸σϑΥϧτͰF#1'͕FOBCMFʹͳ͍ͬͯΔͷ ͰɺͱΓ͋͑ͣ͜ΕͰ͍͍Μ͡Όͳ͍ʁ w ৄ͘͠͸͓άάΓ͍ͩ͘͞

Slide 9

Slide 9 text

$ݴޠͰ9%1ϓϩάϥϜΛهड़͢Δ w ҎԼͷ੍໿ͷԼͰهड़͢Δඞཁ͕͋Δ ‣ ໋ྩ਺ʹ্ݶ . ‣ ແݶϧʔϓېࢭ ‣ ౸ୡෆՄೳͳهड़ېࢭ ‣ ϝϞϦνΣοΫͨ͠ϝϞϦͷΈΞΫηεՄೳ

Slide 10

Slide 10 text

DMBOHͰ#1'όΠτίʔυʹίϯύΠϧ͢Δ w UBSHFUΛCQGʹͯ͠DMBOHͰίϯύΠϧ DMBOH0UBSHFUCQGDTBNQMFDPTBNQMFP

Slide 11

Slide 11 text

Χʔωϧʹϩʔυ͢Δ w JQSPVUFͰ/*$ͷυϥΠόʹϩʔυ JQMJOLTFUEFWFUIYEQPCKTBNQMFP

Slide 12

Slide 12 text

#$$Λ࢖͏ͱΑΓ؆୯ʹ w #1'$PNQJMFS$PMMFDUJPOͷུ w F#1'ͷϓϩάϥϜΛΑΓ؆қʹهड़͢ΔͨΊͷϑϨʔϜϫʔΫϥΠϒϥϦ w ཪͰDMBOH--7.ΛݺΜͰ͍Δ w 1ZUIPOͱ͔-VBͳͲͷ4DSJQU͔Βར༻Ͱ͖Δ

Slide 13

Slide 13 text

3C#$$ IUUQTHJUIVCDPNVE[VSBSCCDD w 3VCZͰ#$$͢ΔͨΊͷHFN VE[VSBࢯ࡞ w 3VCZΞιγΤʔγϣϯͷ։ൃॿ੒Ͱ࡞ΒΕͨͦ͏

Slide 14

Slide 14 text

൵͍͠ݱ࣮

Slide 15

Slide 15 text

൵͠ΈΛ৐Γӽ͑ͯ w 3C#$$HFNΛ ద౰ʹ 9%1ʹରԠͤͯ͞ΈͨΑ🎊

Slide 16

Slide 16 text

ૣ଎ɺαϯϓϧϓϩάϥϜ w 9%1ʹରԠͤͨ͞3C#$$HFNΛ࢖ͬͯɺ w ʮҎ্Ͱͷഒ਺ͷγʔέϯε൪߸ͷ͍ͭͨQJOHʹͷΈԠ౴͢Δ-JOVY ,FSOFMʯΛ࡞ͬͯΈΑ͏ ‣ JQUBCMFTͰ͸هड़Ͱ͖ͳ͍Α͏ͳෳࡶͳϧʔϧ ‣ ୯७ϚονͰ͸ͳ͘ܭࢉ݁ՌʹΑͬͯڍಈΛม͑Δ

Slide 17

Slide 17 text

1 require 'rbbcc' 2 include RbBCC 3 4 5 print "loading..." 6 STDOUT.flush 7 8 b = BCC.new(text: < 11 #include 12 #include 13 14 15 int xdp_drop_icmp(struct xdp_md *ctx) { 16 void* data_end = (void*)(long)ctx->data_end; 17 void* data = (void*)(long)ctx->data; 18 struct ethhdr *eth = data; 19 u32 protocol; 20 u16 sequence; 21 u64 nh_off = sizeof(*eth); 22 23 // for validator 24 if (data + nh_off > data_end) 25 return XDP_PASS; 26 27 if (eth->h_proto == htons(ETH_P_IP)) { 28 struct iphdr *iph = data + nh_off; 29 29 30 // for validator 31 if ((void*)&iph[1] > data_end) 32 return XDP_PASS; 33 34 protocol = iph->protocol; 35 if (protocol == 1) { /* ICMP */ 36 struct icmphdr *icmph = data + nh_off + iph->ihl * 4; 37 38 // for validator 39 if ((void*)&icmph[1] > data_end) 40 return XDP_PASS; 41 42 if (icmph->type == 8) { /* ECHO REQUEST */ 43 if (icmph->un.echo.sequence > 0 && 44 icmph->un.echo.sequence % 3 == 0) { 45 return XDP_PASS; 46 } 47 else return XDP_DROP; 48 } 49 } 50 } 51 return XDP_PASS; 52 } 53 BPF 54 55 fn = b.load_func("xdp_drop_icmp", BPF::XDP) 56 puts "done." 57 58 b.attach_xdp("eth0", "xdp_drop_icmp") 59 sleep(20) 60 b.remove_xdp("eth0") αϯϓϧϓϩάϥϜYEQ@JDNQSC

Slide 18

Slide 18 text

σϞ

Slide 19

Slide 19 text

·ͱΊ w F#1'#$$9%1Λۦ͚଍Ͱ͝঺հ͠·ͨ͠ w SVCZͰ9%1ϓϩάϥϛϯά͢Δํ๏Λ঺հ͠·ͨ͠ w MJOVYLFSOFMͷجຊతͳωοτϫʔΫػೳΛɺಈతʹ࠶ىಈແ͘มߋͰ͖·͠ ͨ

Slide 20

Slide 20 text

Ҏ্ɺ͋Γ͕ͱ͏͍͟͝·ͨ͠