Upgrade to Pro — share decks privately, control downloads, hide ads and more …

eBPF入門 /eBPF-getting-started

Takuma Kume
December 16, 2017
Technology
6
6.2k

eBPF入門 /eBPF-getting-started

KIXS vol.006 LT 10 min
https://kixs.connpass.com/event/69643/

ブログ
https://takumakume.tech/blog/2017-12-18-ebpf-getting-started/

Takuma Kume

December 16, 2017
Tweet

More Decks by Takuma Kume

See All by Takuma Kume
クラウドネイティブな開発環境への移行/Move to the cloud native development environment
takumakume
1
380
200万ドメインを超えるレンタルサーバのコンテンツキャッシュ機能の裏側/2_million_more_than_the_domain_the_back_of_the_rental_server_content_cache
takumakume
10
2.4k
DDoS攻撃との終わりなき戦い/endless_battle_with_ddos_attack
takumakume
6
11k
toward_systematization_of_linux_trace_tool
takumakume
0
120
Webサーバ拡張における排他制御のパフォーマンスチューニング /performance_tuning_of_exclusive_control in_web_server extension
takumakume
7
2k
ホスティングにおける安定運用のためのアクセスコントロール手法
takumakume
3
2k
MHAでデータベースの運用を楽にしよう!
takumakume
0
830
TakumaKume_kixs_vol002
takumakume
0
380
hoscon2016-shibuya-takumakume
takumakume
1
1.1k

Other Decks in Technology

See All in Technology
量子コンピュータ時代のプログラミングセミナー / 20230316_Amplify_seminar _route_planning_optimization
fixstars
0
170
ChatGPTにR言語を教えてもらう(仮)
doradora09
1
180
自分に合った武器を探す
supino0017
0
100
テスト技法を使ったテストケースの表現方法/How to express test cases using test techniques
shimashima35
0
260
大規模レガシーテストを 倒すための CI基盤の作り方 / #CICD2023
udzura
4
1.4k
Kubernetes + containerd で cgroup v2 に移行したら "failed to create fsnotify watcher" エラーが発生する原因と対策
superbrothers
0
370
エンジニアのためのドキュメントライティング / Docs for Developers
iwashi86
22
7.2k
AstroNvim を使おう!
ybrliiu
0
110
また(CDK界隈の)世界を縮めてしまった
bun913
0
450
可読性を高めるためのコードレビューテクニック
sbtechnight
PRO
0
470
ITエンジニアとして大切にしている3つのこと
korodroid
1
320
Snyk の紹介 〜セキュリティの Shift Left を目指す〜
toshiaizawa
0
110

Featured

See All Featured
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
marktimemedia
15
1.3k
From Idea to $5000 a Month in 5 Months
shpigford
374
44k
Making the Leap to Tech Lead
cromwellryan
117
7.7k
The Pragmatic Product Professional
lauravandoore
21
3.6k
The Invisible Customer
myddelton
113
12k
Unsuck your backbone
ammeep
659
56k
Stop Working from a Prison Cell
hatefulcrawdad
264
18k
Robots, Beer and Maslow
schacon
154
7.4k
Scaling GitHub
holman
453
140k
Support Driven Design
roundedbygravity
88
8.9k
For a Future-Friendly Web
brad_frost
166
7.9k
Mobile First: as difficult as doing things right
swwweet
213
7.9k

Transcript

  1. ٱถ୓അ(.01FQBCP *OD

    ,JYTWPM-5NJO
    F#1'ೖ໳

    View Slide

  2. (.0ϖύϘΠϯϑϥΤϯδχΞ
    ٱถ୓അ!UBLVNBLVNF
    ϗεςΟϯάࣄۀ෦
    IUUQTUBLVNBLVNFUFDI

    View Slide

  3. View Slide

  4. Έͳ͞Μ͸#1'ͯ͠·͔͢ʁ

    View Slide

  5. #1'JT
    #FSLFMFZ1BDLFU'JMUFS
    -JOVYLFSOFMʹ࣮૷͞Ε͍ͯΔ
    ύέοτͷΩϟϓνϟ΍ϑΟϧλΛߦ͏ͨΊͷ
    ΠϯλʔϑΣΠε

    View Slide

  6. UDQEVNQ


    View Slide

  7. UDQEVNQ

    ~$ sudo tcpdump port 80
    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
    listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
    00:27:12.580101 IP 192.168.0.18.61285 > archlinux.vagrant.vm.http: Flags
    [S], seq 1854919014, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS
    val 844367687 ecr 0,sackOK,eol], length 0
    :
    :
    ຖ೔ୟ͍͍ͯΔ͍ͭ΋ͷ΍ͭͰ͢Ͷ

    View Slide

  8. UDQEVNQ
    #1'

    View Slide

  9. #1'
    /*$
    5$14UBDL
    UDQEVNQ
    VTFS
    LFSOFM
    LFSOFM
    OFUXPSL

    View Slide

  10. #1'
    /*$
    5$14UBDL
    UDQEVNQ
    tcpdump port 80
    VTFS
    LFSOFM
    LFSOFM
    OFUXPSL

    View Slide

  11. #1'
    /*$
    5$14UBDL
    UDQEVNQ
    tcpdump port 80
    VTFS
    LFSOFM
    LFSOFM
    OFUXPSL
    #1'
    CZUFDPEF
    UDQEVNQ͸
    #1'༻ʹϓϩάϥϜΛ
    ίϯύΠϧͯ͠LFSOFM
    Ͱ࣮ߦ͢Δ

    View Slide

  12. #1'
    /*$
    5$14UBDL
    UDQEVNQ
    tcpdump port 80
    OHJOY
    VTFS
    LFSOFM
    LFSOFM
    OFUXPSL
    #1'
    130(
    UDQEVNQ͸
    #1'༻ʹϓϩάϥϜΛ
    ίϯύΠϧͯ͠LFSOFM
    Ͱ࣮ߦ͢Δ
    $ sudo tcpdump -d 'port 80'
    (000) ldh [12]
    (001) jeq #0x86dd jt 2 jf 10
    (002) ldb [20]
    (003) jeq #0x84 jt 6 jf 4
    (004) jeq #0x6 jt 6 jf 5
    (005) jeq #0x11 jt 6 jf 23
    (006) ldh [54]
    :
    BPF Assembler

    View Slide

  13. #1'
    /*$
    5$14UBDL
    UDQEVNQ
    tcpdump port 80
    OHJOY
    VTFS
    LFSOFM
    LFSOFM
    OFUXPSL
    #1'
    130(
    UDQEVNQ͸
    #1'༻ʹϓϩάϥϜΛ
    ίϯύΠϧͯ͠LFSOFM
    Ͱ࣮ߦ͢Δ
    ~$ sudo tcpdump -dd 'port 80'
    { 0x28, 0, 0, 0x0000000c },
    { 0x15, 0, 8, 0x000086dd },
    { 0x30, 0, 0, 0x00000014 },
    { 0x15, 2, 0, 0x00000084 },
    { 0x15, 1, 0, 0x00000006 },
    { 0x15, 0, 17, 0x00000011 },
    { 0x28, 0, 0, 0x00000036 },
    { 0x15, 14, 0, 0x00000050 },
    :
    BPF Bytecode

    View Slide

  14. #1'
    /*$
    5$14UBDL
    UDQEVNQ
    tcpdump port 80
    VTFS
    LFSOFM
    LFSOFM
    OFUXPSL
    5$1QPSU
    #1'
    CZUFDPEF

    View Slide

  15. #1'
    /*$
    5$14UBDL
    UDQEVNQ
    tcpdump port 80
    VTFS
    LFSOFM
    LFSOFM
    OFUXPSL
    UFSNJOBM
    දࣔ
    5$1QPSU
    #1'
    CZUFDPEF

    View Slide

  16. #1'JT
    #FSLFMFZ1BDLFU'JMUFS
    -JOVYLFSOFMʹ࣮૷͞Ε͍ͯΔ
    ύέοτͷΩϟϓνϟ΍ϑΟϧλΛߦ͏ͨΊͷ
    ΠϯλʔϑΣΠε
    6TFSMBOEͰ࡞੒ͨ͠#1'#ZUFDPEFΛ
    ,FSOFMMBOEͰ࣮ߦ͢Δ
    ύέοτΩϟϓνϟҎ֎ͷ༻్ʹ΋࢖ΘΕ͍ͯΔ

    View Slide

  17. TFDDPNQ


    View Slide

  18. TFDDPNQ
    ࢦఆͨ͠TZTUFNDBMMΛ࣮ߦͰ͖ͳ͍Α͏ʹ͢Δ
    -JOVYLFSOFMͷػೳ
    ͜͜Ͱ͍͏TFDDPNQ͸-JOVYLFSOFMҎ߱ͷ
    TFDDPNQNPEFΛࢦ͢
    TFDDPNQNPEF͸ɺϑΟϧλϦϯάʹ#1'͕
    ࢖ΘΕ͓ͯΒͣɺॊೈੑ͕ͳ͍ػೳͩͬͨ

    View Slide

  19. #1'
    ϓϩάϥϜ
    VTFS
    LFSOFM
    LFSOFM

    View Slide

  20. #1'
    ϓϩάϥϜ
    VTFS
    LFSOFM
    LFSOFM
    ࣮ߦ

    View Slide

  21. #1'
    ϓϩάϥϜ
    VTFS
    LFSOFM
    TFDDPNQ
    ࣮ߦ
    LFSOFM
    ࣮ߦ
    ྫͱͯ͠XSJUF
    Λ੍ݶ͢Δ

    View Slide

  22. #1'
    ϓϩάϥϜ
    VTFS
    LFSOFM
    TFDDPNQ
    ࣮ߦ
    LFSOFM
    ࣮ߦ
    ͜ͷϓϩηεͰ͸XSJUF

    ͕࣮ߦͰ͖ͳ͘ͳΔ
    #1'༻ʹϓϩάϥϜΛ
    ίϯύΠϧͯ͠
    LFSOFMͰ࣮ߦ͢Δ
    #1'
    CZUFDPEF

    ྫͱͯ͠XSJUF
    Λ੍ݶ͢Δ

    View Slide

  23. #1'
    ϓϩάϥϜ
    VTFS
    LFSOFM
    TFDDPNQ
    ࣮ߦ
    LFSOFM
    ࣮ߦ
    PQFO
    ࣮ߦ
    ڐՄ
    #1'
    CZUFDPEF

    ྫͱͯ͠XSJUF
    Λ੍ݶ͢Δ

    View Slide

  24. #1'
    ϓϩάϥϜ
    VTFS
    LFSOFM
    TFDDPNQ
    ࣮ߦ
    LFSOFM
    ࣮ߦ
    PQFO
    ࣮ߦ
    XSJUF
    ࣮ߦ
    #1'
    CZUFDPEF
    ڋ൱

    View Slide

  25. Έͳ͞Μ#1'ָ͍͠Ͱ͔͢ʁ

    View Slide

  26. ָ͍͠Ͱ͢Ͷʁ

    View Slide

  27. F#1'ೖ໳

    View Slide

  28. F#1'
    &YUFOEFE#1'


    View Slide

  29. F#1'
    -JOVYLFSOFMҎ߱Ͱ࣮૷͞Ε͍ͯΔ
    #1'ͷ֦ு࣮૷
    VQSPCFTVTFSMFWFMEZOBNJDUSBDJOH
    LQSPCFTLFSOFMEZOBNJDUSBDJOH
    9%1F9QSFTT%BUB1BUI
    ύέοτΛ,FSOFMͷ/FUXPSL4UBDLʹ
    ౉͞ΕΔલͷυϥΠόϨϕϧͰ੍ޚͰ͖Δ
    FUD

    View Slide

  30. IUUQTHJUIVCDPNUPSWBMETMJOVYCMPCWJODMVEFUSBDFFWFOUTCQGI

    View Slide

  31. IUUQTHJUIVCDPNUPSWBMETMJOVYCMPCWJODMVEFUSBDFFWFOUTCQGI

    View Slide

  32. F#1'ͷͬ͘͟Γͱͨ͠࢓૊Έ

    View Slide

  33. LQSPCFTF#1'
    ,FSOFMEZOBNJDUSBDJOH

    View Slide

  34. LQSPCFT
    LFSOFM
    ໋ྩ
    ໋ྩ
    ໋ྩ
    ໋ྩ
    ϒϨʔΫϙΠϯτ
    LQSPCFT
    NPEVMF
    ஫ೖ
    TBWFDPOUFYU
    SFTUPSFDPOUFYU
    ࣮ߦ͍ͨ͠ॲཧ
    KNQ
    LFSOFMʹϒϨʔΫϙΠϯτΛઃఆ͠ϓϩάϥϜΛ࣮ߦͰ͖Δػೳ

    View Slide

  35. VTFS
    LFSOFM
    ϓϩάϥϜ
    F#1'
    LQSPCFT
    LQSPCFTF#1'

    View Slide

  36. VTFS
    LFSOFM
    ϓϩάϥϜ
    #1'CZUFDPEF
    F#1'
    ੜ੒
    LQSPCFT
    LQSPCFTF#1'

    View Slide

  37. VTFS
    LFSOFM
    ϓϩάϥϜ
    #1'CZUFDPEF
    F#1'
    WFSJpFS
    ੜ੒
    MPBE
    LQSPCFT
    LQSPCFTF#1'

    View Slide

  38. VTFS
    LFSOFM
    ϓϩάϥϜ
    #1'CZUFDPEF
    F#1'
    WFSJpFS
    ੜ੒
    MPBE
    LQSPCFT
    ϓϩάϥϜͷ҆શੑ
    ΛνΣοΫ
    LQSPCFTF#1'

    View Slide

  39. VTFS
    LFSOFM
    ϓϩάϥϜ
    #1'CZUFDPEF
    F#1'
    WFSJpFS
    ੜ੒
    MPBE
    #1'CZUFDPEF
    LQSPCFT
    LQSPCFTF#1'

    View Slide

  40. VTFS
    LFSOFM
    ϓϩάϥϜ
    #1'CZUFDPEF
    F#1'
    WFSJpFS
    ੜ੒
    MPBE
    #1'CZUFDPEF NBQ
    ੜ੒
    6TFS,FSOFMؒͰσʔλͷ΍ΓऔΓΛ͢Δ
    )BTI
    "SSBZ
    FUDʜ
    LQSPCFT
    LQSPCFTF#1'

    View Slide

  41. LQSPCFTF#1'
    VTFS
    LFSOFM
    ϓϩάϥϜ
    #1'CZUFDPEF
    F#1'
    WFSJpFS
    ੜ੒
    MPBE
    #1'CZUFDPEF NBQ
    USBDJOH
    ॻ͖ࠐΈ
    ࢀর
    LQSPCFT

    View Slide

  42. LQSPCFTF#1'
    VTFS
    LFSOFM
    ϓϩάϥϜ
    #1'CZUFDPEF
    F#1'
    WFSJpFS
    ੜ੒
    MPBE
    #1'CZUFDPEF NBQ
    USBDJOH
    ॻ͖ࠐΈ
    ࢀর
    LQSPCFT
    F#1'WFSJpFSʹΑͬͯ
    ҆શʹίʔυΛ࣮ߦͰ͖Δʂ

    View Slide

  43. LQSPCFTF#1'
    VTFS
    LFSOFM
    ϓϩάϥϜ
    #1'CZUFDPEF
    F#1'
    WFSJpFS
    ੜ੒
    MPBE
    #1'CZUFDPEF NBQ
    USBDJOH
    ॻ͖ࠐΈ
    ࢀর
    LQSPCFT
    F#1'NBQʹΑͬͯ
    6TFSTQBDFͱ,FSOFMͰಈత
    ʹσʔλΛڞ༗Ͱ͖Δʂ

    View Slide

  44. LQSPCFTF#1'
    VTFS
    LFSOFM
    ϓϩάϥϜ
    #1'CZUFDPEF
    F#1'
    WFSJpFS
    ੜ੒
    MPBE
    #1'CZUFDPEF NBQ
    USBDJOH
    ॻ͖ࠐΈ
    ࢀর
    LQSPCFT
    Կͷ໾ཱͪ·͔͢ʁ

    View Slide

  45. LQSPCFTF#1'
    VTFS
    LFSOFM
    ϓϩάϥϜ
    #1'CZUFDPEF
    F#1'
    WFSJpFS
    ੜ੒
    MPBE
    #1'CZUFDPEF NBQ
    USBDJOH
    ॻ͖ࠐΈ
    ࢀর
    LQSPCFT
    .FNPSZBMMPDBUJPOΛτϨʔε
    ͯ͠ɺ.FNPSZMFBLΛ୳͢

    View Slide

  46. LQSPCFTF#1'
    VTFS
    LFSOFM
    ϓϩάϥϜ
    #1'CZUFDPEF
    F#1'
    WFSJpFS
    ੜ੒
    MPBE
    #1'CZUFDPEF NBQ
    USBDJOH
    ॻ͖ࠐΈ
    ࢀর
    LQSPCFT
    'JMFTZTUFNΛτϨʔεͯ͠
    ϑΝΠϧͷPQFO SFBE XSJUF
    ͳͲʹ͔͔Δ࣌ؒΛܭଌͯ͠
    ϘτϧωοΫΛ୳͢

    View Slide

  47. LQSPCFTF#1'
    VTFS
    LFSOFM
    ϓϩάϥϜ
    #1'CZUFDPEF
    F#1'
    WFSJpFS
    ੜ੒
    MPBE
    #1'CZUFDPEF NBQ
    USBDJOH
    ॻ͖ࠐΈ
    ࢀর
    LQSPCFT
    00.LJMMFSΛτϨʔε͠
    ͦͷॠؒͷͱ͋ΔϓϩάϥϜͷ
    [email protected]ߏ଄ମͷத਎Λ
    μϯϓͯ͠ݪҼΛ୳͢

    View Slide

  48. 9%1
    F9QSFTT%BUB1BUI

    ύέοτΛ,FSOFMͷ/FUXPSL4UBDL
    ʹ౉͞ΕΔલͷυϥΠόϨϕϧͰ੍ޚͰ͖Δ

    View Slide

  49. JQUBCMFT
    /*$
    %SJWFS
    "QQMJDBUJPO
    OFUpMUFS
    %301
    "$$&15
    VTFS
    LFSOFM

    JQUBCMFT
    /FUXPSL4UBDL

    View Slide

  50. JQUBCMFTXJUI#1'
    /*$
    %SJWFS
    /FUXPSL4UBDL
    "QQMJDBUJPO
    "$$&15
    VTFS
    LFSOFM

    JQUBCMFT
    D#1'
    %301 CZUFDPEF

    View Slide

  51. 9%1
    /*$
    %SJWFS
    /FUXPSL4UBDL
    "QQMJDBUJPO
    "$$&15
    VTFS
    LFSOFM

    9%11SPH
    %301 F#1' CZUFDPEF

    View Slide

  52. 9%1
    /*$
    %SJWFS
    /FUXPSL4UBDL
    "QQMJDBUJPO
    VTFS
    LFSOFM
    9%1
    %301
    "$$&15
    ωοτϫʔΫυϥΠόϨϕϧͰ
    ύέοτͷૢ࡞͕Ͱ͖Δʂ
    ରԠ͍ͯ͠ΔωοτϫʔΫυϥΠό͸ҎԼΛࢀর
    IUUQTHJUIVCDPNJPWJTPSCDDCMPCNBTUFSEPDTLFSOFMWFSTJPOTNEYEQ

    View Slide

  53. 9%1
    /*$
    %SJWFS
    /FUXPSL4UBDL
    "QQMJDBUJPO
    VTFS
    LFSOFM
    9%1
    %301
    "$$&15


    View Slide

  54. 9%1
    /*$
    %SJWFS
    /FUXPSL4UBDL
    "QQMJDBUJPO
    VTFS
    LFSOFM
    9%1
    %301
    "$$&15
    %%P4ରࡦ
    ηΩϡϦςΟରࡦ
    -# ೔ຊͰ΋ࣄྫ͋Γ


    View Slide

  55. ເ͕޿͕Γ·͢Ͷʁ

    View Slide

  56. ·ͱΊ
    #1'͸6TFSTQBDFͰ࡞੒ͨ͠#ZUFDPEFΛ
    ,FSOFMͰ࣮ߦ͢Δࣄ͕Ͱ͖Δɻ
    D#1'͸ύέοτ΍γεςϜίʔϧΛϑΟϧλ
    Ϧϯά͢Δ͜ͱ͕Ͱ͖Δɻ
    F#1'͸LQSPCF΍VQSPCFΛར༻ͨ͠τϨʔε
    ΍9%1ͷΑ͏ͳ%SJWFSϨϕϧͷߴ଎ͳύέο
    τૢ࡞͕Ͱ͖Δɻଞʹ΋ػೳ͕͋Δɻ
    7FSJpFSʹΑΓ҆શʹίʔυΛ࣮ߦͰ͖Δɻ
    .BQʹΑΓಈతʹσʔλͷ΍ΓऔΓ͕Ͱ͖Δɻ

    View Slide

  57. དྷ೥΋΍͍͖ͬͯ·͠ΐ͏ʂ

    View Slide

  58. ͝ਗ਼ௌ͋Γ͕ͱ͏͍͟͝·ͨ͠ʂ

    View Slide