Upgrade to Pro — share decks privately, control downloads, hide ads and more …

eBPF入門 /eBPF-getting-started

22522e2bc35255ab75308c399ff782f6?s=47 Takuma Kume
December 16, 2017
Technology
6
5.1k

eBPF入門 /eBPF-getting-started

KIXS vol.006 LT 10 min
https://kixs.connpass.com/event/69643/

ブログ
https://takumakume.tech/blog/2017-12-18-ebpf-getting-started/

22522e2bc35255ab75308c399ff782f6?s=128

Takuma Kume

December 16, 2017
Tweet

More Decks by Takuma Kume

See All by Takuma Kume
22522e2bc35255ab75308c399ff782f6?s=48 takumakume
1
210
22522e2bc35255ab75308c399ff782f6?s=48 takumakume
10
2.1k
22522e2bc35255ab75308c399ff782f6?s=48 takumakume
5
7.8k
22522e2bc35255ab75308c399ff782f6?s=48 takumakume
0
100
22522e2bc35255ab75308c399ff782f6?s=48 takumakume
7
1.5k
22522e2bc35255ab75308c399ff782f6?s=48 takumakume
3
1.5k
22522e2bc35255ab75308c399ff782f6?s=48 takumakume
0
670
22522e2bc35255ab75308c399ff782f6?s=48 takumakume
0
290
22522e2bc35255ab75308c399ff782f6?s=48 takumakume
1
910

Other Decks in Technology

See All in Technology
3f0d60d6727ea76dfc9f7863f8e035c4?s=48 aizurage
0
120
19fc8f6113c5c3d86e6176362ff29479?s=48 kanaugust
PRO
0
110
0deae06ab5d86b39feeec2e23a30b88a?s=48 yoku0825
PRO
2
640
272ea9518ccdb2ed71b73ac87b7901f8?s=48 hponka
0
1.2k
C7d05b5f01acd82fd8520c6dd5e1f243?s=48 waka
3
1.4k
872c040ebc1db6c2090d99dde729a8d4?s=48 supership
0
180
7f68f5f85f4a39df7d8d3c81cbbfb788?s=48 p1ass
15
5.6k
B1bddcb899ec3060fe9913f3cb70dbb6?s=48 lmt_swallow
0
200
7a4968fbcd56e81f95a4f3c186141b52?s=48 kateinoigakukun
0
120
69b93af68320a590f607c296e8edff73?s=48 k1low
13
2.5k
50bc42471d197d0dbef7171f2ef85bb6?s=48 comucal
PRO
0
300
Fb025419ed38f98df595eb2eafc859f4?s=48 ihcomega56
2
160

Featured

See All Featured
433acaea1012b25d97ae66da9b998dad?s=48 malarkey
193
8.7k
6bb82b13cda86d3b821fa44100335ddf?s=48 thoeni
3
660
761be20b5ebd271008bcee1244fc5b52?s=48 matthewcrist
73
7.5k
8081b26e05bb4354f7d65ffc34cbbd67?s=48 chriscoyier
779
240k
91cefdf141106fa10674aae74ce05890?s=48 yeseniaperezcruz
302
31k
F716e5f737fcfb03f2cf8d1a184f1dbe?s=48 nonsquared
81
3.4k
9128d500301ae51524e887bb680f471d?s=48 caitiem20
311
17k
2bb923c57a1fdc3a2eb484bb8d565fd2?s=48 ufuk
56
5.5k
E43f8dfd01057f8304f5f8fb9a294d7d?s=48 jeffersonlam
330
15k
A9a491b0fcbe0fbce3d64063a37add99?s=48 rmw
12
870
433acaea1012b25d97ae66da9b998dad?s=48 malarkey
119
16k
027d1ebf66cc039a0bd3b55eeadbe75d?s=48 sachag
445
36k

Transcript

  1. ٱถ୓അ(.01FQBCP *OD  ,JYTWPM-5NJO F#1'ೖ໳

  2. (.0ϖύϘΠϯϑϥΤϯδχΞ ٱถ୓അ!UBLVNBLVNF ϗεςΟϯάࣄۀ෦ IUUQTUBLVNBLVNFUFDI 

  3. None

  4. Έͳ͞Μ͸#1'ͯ͠·͔͢ʁ 

  5. #1'JT #FSLFMFZ1BDLFU'JMUFS -JOVYLFSOFMʹ࣮૷͞Ε͍ͯΔ ύέοτͷΩϟϓνϟ΍ϑΟϧλΛߦ͏ͨΊͷ ΠϯλʔϑΣΠε 

  6. UDQEVNQ  

  7. UDQEVNQ  ~$ sudo tcpdump port 80 tcpdump: verbose output

    suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes 00:27:12.580101 IP 192.168.0.18.61285 > archlinux.vagrant.vm.http: Flags [S], seq 1854919014, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val 844367687 ecr 0,sackOK,eol], length 0 : : ຖ೔ୟ͍͍ͯΔ͍ͭ΋ͷ΍ͭͰ͢Ͷ 

  8. UDQEVNQ #1' 

  9. #1' /*$ 5$14UBDL UDQEVNQ VTFS LFSOFM LFSOFM OFUXPSL 

  10. #1' /*$ 5$14UBDL UDQEVNQ tcpdump port 80 VTFS LFSOFM LFSOFM

    OFUXPSL 

  11. #1' /*$ 5$14UBDL UDQEVNQ tcpdump port 80 VTFS LFSOFM LFSOFM

    OFUXPSL #1' CZUFDPEF UDQEVNQ͸ #1'༻ʹϓϩάϥϜΛ ίϯύΠϧͯ͠LFSOFM Ͱ࣮ߦ͢Δ 

  12. #1' /*$ 5$14UBDL UDQEVNQ tcpdump port 80 OHJOY VTFS LFSOFM

    LFSOFM OFUXPSL #1' 130( UDQEVNQ͸ #1'༻ʹϓϩάϥϜΛ ίϯύΠϧͯ͠LFSOFM Ͱ࣮ߦ͢Δ $ sudo tcpdump -d 'port 80' (000) ldh [12] (001) jeq #0x86dd jt 2 jf 10 (002) ldb [20] (003) jeq #0x84 jt 6 jf 4 (004) jeq #0x6 jt 6 jf 5 (005) jeq #0x11 jt 6 jf 23 (006) ldh [54] : BPF Assembler 

  13. #1' /*$ 5$14UBDL UDQEVNQ tcpdump port 80 OHJOY VTFS LFSOFM

    LFSOFM OFUXPSL #1' 130( UDQEVNQ͸ #1'༻ʹϓϩάϥϜΛ ίϯύΠϧͯ͠LFSOFM Ͱ࣮ߦ͢Δ ~$ sudo tcpdump -dd 'port 80' { 0x28, 0, 0, 0x0000000c }, { 0x15, 0, 8, 0x000086dd }, { 0x30, 0, 0, 0x00000014 }, { 0x15, 2, 0, 0x00000084 }, { 0x15, 1, 0, 0x00000006 }, { 0x15, 0, 17, 0x00000011 }, { 0x28, 0, 0, 0x00000036 }, { 0x15, 14, 0, 0x00000050 }, : BPF Bytecode 

  14. #1' /*$ 5$14UBDL UDQEVNQ tcpdump port 80 VTFS LFSOFM LFSOFM

    OFUXPSL 5$1QPSU #1' CZUFDPEF 

  15. #1' /*$ 5$14UBDL UDQEVNQ tcpdump port 80 VTFS LFSOFM LFSOFM

    OFUXPSL UFSNJOBM දࣔ 5$1QPSU #1' CZUFDPEF 

  16. #1'JT #FSLFMFZ1BDLFU'JMUFS -JOVYLFSOFMʹ࣮૷͞Ε͍ͯΔ ύέοτͷΩϟϓνϟ΍ϑΟϧλΛߦ͏ͨΊͷ ΠϯλʔϑΣΠε 6TFSMBOEͰ࡞੒ͨ͠#1'#ZUFDPEFΛ ,FSOFMMBOEͰ࣮ߦ͢Δ ύέοτΩϟϓνϟҎ֎ͷ༻్ʹ΋࢖ΘΕ͍ͯΔ 

  17. TFDDPNQ  

  18. TFDDPNQ ࢦఆͨ͠TZTUFNDBMMΛ࣮ߦͰ͖ͳ͍Α͏ʹ͢Δ -JOVYLFSOFMͷػೳ ͜͜Ͱ͍͏TFDDPNQ͸-JOVYLFSOFMҎ߱ͷ TFDDPNQNPEFΛࢦ͢ TFDDPNQNPEF͸ɺϑΟϧλϦϯάʹ#1'͕ ࢖ΘΕ͓ͯΒͣɺॊೈੑ͕ͳ͍ػೳͩͬͨ 

  19. #1' ϓϩάϥϜ VTFS LFSOFM LFSOFM 

  20. #1' ϓϩάϥϜ VTFS LFSOFM LFSOFM ࣮ߦ 

  21. #1' ϓϩάϥϜ VTFS LFSOFM TFDDPNQ  ࣮ߦ LFSOFM ࣮ߦ ྫͱͯ͠XSJUF

     Λ੍ݶ͢Δ 

  22. #1' ϓϩάϥϜ VTFS LFSOFM TFDDPNQ  ࣮ߦ LFSOFM ࣮ߦ ͜ͷϓϩηεͰ͸XSJUF

      ͕࣮ߦͰ͖ͳ͘ͳΔ #1'༻ʹϓϩάϥϜΛ ίϯύΠϧͯ͠ LFSOFMͰ࣮ߦ͢Δ #1' CZUFDPEF  ྫͱͯ͠XSJUF  Λ੍ݶ͢Δ

  23. #1' ϓϩάϥϜ VTFS LFSOFM TFDDPNQ  ࣮ߦ LFSOFM ࣮ߦ PQFO

     ࣮ߦ ڐՄ #1' CZUFDPEF  ྫͱͯ͠XSJUF  Λ੍ݶ͢Δ

  24. #1' ϓϩάϥϜ VTFS LFSOFM TFDDPNQ  ࣮ߦ LFSOFM ࣮ߦ PQFO

     ࣮ߦ XSJUF  ࣮ߦ #1' CZUFDPEF ڋ൱ 

  25. Έͳ͞Μ#1'ָ͍͠Ͱ͔͢ʁ 

  26. ָ͍͠Ͱ͢Ͷʁ 

  27. F#1'ೖ໳

  28. F#1' &YUFOEFE#1' 

  29. F#1' -JOVYLFSOFMҎ߱Ͱ࣮૷͞Ε͍ͯΔ #1'ͷ֦ு࣮૷ VQSPCFTVTFSMFWFMEZOBNJDUSBDJOH LQSPCFTLFSOFMEZOBNJDUSBDJOH 9%1F9QSFTT%BUB1BUI ύέοτΛ,FSOFMͷ/FUXPSL4UBDLʹ ౉͞ΕΔલͷυϥΠόϨϕϧͰ੍ޚͰ͖Δ FUD 

  30. IUUQTHJUIVCDPNUPSWBMETMJOVYCMPCWJODMVEFUSBDFFWFOUTCQGI 

  31. IUUQTHJUIVCDPNUPSWBMETMJOVYCMPCWJODMVEFUSBDFFWFOUTCQGI 

  32. F#1'ͷͬ͘͟Γͱͨ͠࢓૊Έ 

  33. LQSPCFT F#1' ,FSOFMEZOBNJDUSBDJOH 

  34. LQSPCFT LFSOFM ໋ྩ ໋ྩ ໋ྩ ໋ྩ ϒϨʔΫϙΠϯτ LQSPCFT NPEVMF ஫ೖ

    TBWFDPOUFYU SFTUPSFDPOUFYU ࣮ߦ͍ͨ͠ॲཧ KNQ LFSOFMʹϒϨʔΫϙΠϯτΛઃఆ͠ϓϩάϥϜΛ࣮ߦͰ͖Δػೳ 

  35. VTFS LFSOFM ϓϩάϥϜ F#1' LQSPCFT LQSPCFT F#1' 

  36. VTFS LFSOFM ϓϩάϥϜ #1'CZUFDPEF F#1' ੜ੒ LQSPCFT LQSPCFT F#1' 

  37. VTFS LFSOFM ϓϩάϥϜ #1'CZUFDPEF F#1' WFSJpFS ੜ੒ MPBE LQSPCFT LQSPCFT

    F#1' 

  38. VTFS LFSOFM ϓϩάϥϜ #1'CZUFDPEF F#1' WFSJpFS ੜ੒ MPBE LQSPCFT ϓϩάϥϜͷ҆શੑ

    ΛνΣοΫ LQSPCFT F#1' 

  39. VTFS LFSOFM ϓϩάϥϜ #1'CZUFDPEF F#1' WFSJpFS ੜ੒ MPBE #1'CZUFDPEF LQSPCFT

    LQSPCFT F#1' 

  40. VTFS LFSOFM ϓϩάϥϜ #1'CZUFDPEF F#1' WFSJpFS ੜ੒ MPBE #1'CZUFDPEF NBQ

    ੜ੒ 6TFS,FSOFMؒͰσʔλͷ΍ΓऔΓΛ͢Δ )BTI "SSBZ FUDʜ LQSPCFT LQSPCFT F#1' 

  41. LQSPCFT F#1' VTFS LFSOFM ϓϩάϥϜ #1'CZUFDPEF F#1' WFSJpFS ੜ੒ MPBE

    #1'CZUFDPEF NBQ USBDJOH ॻ͖ࠐΈ ࢀর LQSPCFT 

  42. LQSPCFT F#1' VTFS LFSOFM ϓϩάϥϜ #1'CZUFDPEF F#1' WFSJpFS ੜ੒ MPBE

    #1'CZUFDPEF NBQ USBDJOH ॻ͖ࠐΈ ࢀর LQSPCFT F#1'WFSJpFSʹΑͬͯ ҆શʹίʔυΛ࣮ߦͰ͖Δʂ 

  43. LQSPCFT F#1' VTFS LFSOFM ϓϩάϥϜ #1'CZUFDPEF F#1' WFSJpFS ੜ੒ MPBE

    #1'CZUFDPEF NBQ USBDJOH ॻ͖ࠐΈ ࢀর LQSPCFT F#1'NBQʹΑͬͯ 6TFSTQBDFͱ,FSOFMͰಈత ʹσʔλΛڞ༗Ͱ͖Δʂ 

  44. LQSPCFT F#1' VTFS LFSOFM ϓϩάϥϜ #1'CZUFDPEF F#1' WFSJpFS ੜ੒ MPBE

    #1'CZUFDPEF NBQ USBDJOH ॻ͖ࠐΈ ࢀর LQSPCFT Կͷ໾ཱͪ·͔͢ʁ 

  45. LQSPCFT F#1' VTFS LFSOFM ϓϩάϥϜ #1'CZUFDPEF F#1' WFSJpFS ੜ੒ MPBE

    #1'CZUFDPEF NBQ USBDJOH ॻ͖ࠐΈ ࢀর LQSPCFT .FNPSZBMMPDBUJPOΛτϨʔε ͯ͠ɺ.FNPSZMFBLΛ୳͢ 

  46. LQSPCFT F#1' VTFS LFSOFM ϓϩάϥϜ #1'CZUFDPEF F#1' WFSJpFS ੜ੒ MPBE

    #1'CZUFDPEF NBQ USBDJOH ॻ͖ࠐΈ ࢀর LQSPCFT 'JMFTZTUFNΛτϨʔεͯ͠ ϑΝΠϧͷPQFO SFBE XSJUF ͳͲʹ͔͔Δ࣌ؒΛܭଌͯ͠ ϘτϧωοΫΛ୳͢ 

  47. LQSPCFT F#1' VTFS LFSOFM ϓϩάϥϜ #1'CZUFDPEF F#1' WFSJpFS ੜ੒ MPBE

    #1'CZUFDPEF NBQ USBDJOH ॻ͖ࠐΈ ࢀর LQSPCFT 00.LJMMFSΛτϨʔε͠ ͦͷॠؒͷͱ͋ΔϓϩάϥϜͷ UBTL@TUSVDUߏ଄ମͷத਎Λ μϯϓͯ͠ݪҼΛ୳͢ 

  48. 9%1 F9QSFTT%BUB1BUI  ύέοτΛ,FSOFMͷ/FUXPSL4UBDL ʹ౉͞ΕΔલͷυϥΠόϨϕϧͰ੍ޚͰ͖Δ

  49. JQUBCMFT /*$ %SJWFS "QQMJDBUJPO OFUpMUFS %301 "$$&15 VTFS LFSOFM 

    JQUBCMFT /FUXPSL4UBDL

  50. JQUBCMFTXJUI#1' /*$ %SJWFS /FUXPSL4UBDL "QQMJDBUJPO "$$&15 VTFS LFSOFM  JQUBCMFT

    D#1' %301 CZUFDPEF

  51. 9%1 /*$ %SJWFS /FUXPSL4UBDL "QQMJDBUJPO "$$&15 VTFS LFSOFM  9%11SPH

    %301 F#1' CZUFDPEF

  52. 9%1 /*$ %SJWFS /FUXPSL4UBDL "QQMJDBUJPO VTFS LFSOFM 9%1 %301 "$$&15

    ωοτϫʔΫυϥΠόϨϕϧͰ ύέοτͷૢ࡞͕Ͱ͖Δʂ ରԠ͍ͯ͠ΔωοτϫʔΫυϥΠό͸ҎԼΛࢀর IUUQTHJUIVCDPNJPWJTPSCDDCMPCNBTUFSEPDTLFSOFMWFSTJPOTNEYEQ 

  53. 9%1 /*$ %SJWFS /FUXPSL4UBDL "QQMJDBUJPO VTFS LFSOFM 9%1 %301 "$$&15

    ଎ 

  54. 9%1 /*$ %SJWFS /FUXPSL4UBDL "QQMJDBUJPO VTFS LFSOFM 9%1 %301 "$$&15

    %%P4ରࡦ ηΩϡϦςΟରࡦ -# ೔ຊͰ΋ࣄྫ͋Γ 

  55. ເ͕޿͕Γ·͢Ͷʁ 

  56. ·ͱΊ #1'͸6TFSTQBDFͰ࡞੒ͨ͠#ZUFDPEFΛ ,FSOFMͰ࣮ߦ͢Δࣄ͕Ͱ͖Δɻ D#1'͸ύέοτ΍γεςϜίʔϧΛϑΟϧλ Ϧϯά͢Δ͜ͱ͕Ͱ͖Δɻ F#1'͸LQSPCF΍VQSPCFΛར༻ͨ͠τϨʔε ΍9%1ͷΑ͏ͳ%SJWFSϨϕϧͷߴ଎ͳύέο τૢ࡞͕Ͱ͖Δɻଞʹ΋ػೳ͕͋Δɻ 7FSJpFSʹΑΓ҆શʹίʔυΛ࣮ߦͰ͖Δɻ .BQʹΑΓಈతʹσʔλͷ΍ΓऔΓ͕Ͱ͖Δɻ

  57. དྷ೥΋΍͍͖ͬͯ·͠ΐ͏ʂ 

  58. ͝ਗ਼ௌ͋Γ͕ͱ͏͍͟͝·ͨ͠ʂ