$30 off During Our Annual Pro Sale. View Details »

eBPF入門 /eBPF-getting-started

Takuma Kume
December 16, 2017
Technology
6
6.3k

eBPF入門 /eBPF-getting-started

KIXS vol.006 LT 10 min
https://kixs.connpass.com/event/69643/

ブログ
https://takumakume.tech/blog/2017-12-18-ebpf-getting-started/

Takuma Kume

December 16, 2017
Tweet

More Decks by Takuma Kume

See All by Takuma Kume
ソフトウェアの継続的アップデートをコンテナ化によって加速させる/Accelerate continuous software updates with containerization
takumakume
0
2.5k
KubernetesにおけるSBOMを利用した脆弱性管理/Vulnerability_Management_with_SBOM_in_Kubernetes
takumakume
0
660
ホスティング事業におけるSREの取り組みとSREの面白さ/SRE Efforts in the Hosting Business and the Interest of SRE
takumakume
1
1.1k
GitOpsで実現するPull Request毎のプレビュー環境/Preview environment for each Pull Request by GitOps
takumakume
0
870
クラウドネイティブな開発環境への移行/Move to the cloud native development environment
takumakume
1
460
200万ドメインを超えるレンタルサーバのコンテンツキャッシュ機能の裏側/2_million_more_than_the_domain_the_back_of_the_rental_server_content_cache
takumakume
10
2.5k
DDoS攻撃との終わりなき戦い/endless_battle_with_ddos_attack
takumakume
5
12k
toward_systematization_of_linux_trace_tool
takumakume
0
130
Webサーバ拡張における排他制御のパフォーマンスチューニング /performance_tuning_of_exclusive_control in_web_server extension
takumakume
7
2.2k

Other Decks in Technology

See All in Technology
ROSCon 2023参加報告:Real-Time Workshop & Zenoh's Current Status and Forecast
takasehideki
1
210
Cloud Security Day 2023パネルディスカッション資料
coconala_engineer
0
160
つくばチャレンジ2023EX with PLATEAU@つくばセンター広場課題コース
tsukubachallenge
0
670
10分でわかる株式会社ログラス − エンジニア向け会社説明資料 / Loglass in 10 min for Engineers
loglass2019
2
800
隙間家具OSS開発で『自分の庭』をつくる / kayac-andpad-event
fujiwara3
0
270
機械学習システム構築実践ガイド
shibuiwilliam
0
290
Japan.R2023_いろんな可視化ツールあるけどggplotて何がいいの?- 複数ツールで比較してみた!-
wakamatsu_takumu
1
500
開発生産性大幅アップ!Postman VS Code拡張機能
nagix
0
140
231116 あつまれ入力デバイスの沼 Ryu.Cyberさん
comucal
PRO
0
220
AI・機械学習ライブラリを使ったWebアプリでワクワク体験! / Qiita Night~AI、機械学習 / 20231201
you
PRO
1
1.2k
コロプラ_SRE_LCE_ゲームバックエンド_性能との戦い
colopl
0
160
お客様、そこは秘孔です!突かないでください! HTTP/2 Rapid reset の概要と対策
murachiakira
0
160

Featured

See All Featured
Producing Creativity
orderedlist
PRO
335
38k
Building Applications with DynamoDB
mza
87
5.3k
Teambox: Starting and Learning
jrom
125
8.2k
Robots, Beer and Maslow
schacon
154
7.7k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
12
1k
Imperfection Machines: The Place of Print at Facebook
scottboms
257
12k
Stop Working from a Prison Cell
hatefulcrawdad
264
18k
Put a Button on it: Removing Barriers to Going Fast.
kastner
56
2.8k
Designing for humans not robots
tammielis
246
24k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
1
290
Art, The Web, and Tiny UX
lynnandtonic
286
19k
Thoughts on Productivity
jonyablonski
55
3.5k

Transcript

  1. ٱถ୓അ(.01FQBCP *OD

    ,JYTWPM-5NJO
    F#1'ೖ໳

    View Slide

  2. (.0ϖύϘΠϯϑϥΤϯδχΞ
    ٱถ୓അ!UBLVNBLVNF
    ϗεςΟϯάࣄۀ෦
    IUUQTUBLVNBLVNFUFDI

    View Slide

  3. View Slide

  4. Έͳ͞Μ͸#1'ͯ͠·͔͢ʁ

    View Slide

  5. #1'JT
    #FSLFMFZ1BDLFU'JMUFS
    -JOVYLFSOFMʹ࣮૷͞Ε͍ͯΔ
    ύέοτͷΩϟϓνϟ΍ϑΟϧλΛߦ͏ͨΊͷ
    ΠϯλʔϑΣΠε

    View Slide

  6. UDQEVNQ


    View Slide

  7. UDQEVNQ

    ~$ sudo tcpdump port 80
    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
    listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
    00:27:12.580101 IP 192.168.0.18.61285 > archlinux.vagrant.vm.http: Flags
    [S], seq 1854919014, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS
    val 844367687 ecr 0,sackOK,eol], length 0
    :
    :
    ຖ೔ୟ͍͍ͯΔ͍ͭ΋ͷ΍ͭͰ͢Ͷ

    View Slide

  8. UDQEVNQ
    #1'

    View Slide

  9. #1'
    /*$
    5$14UBDL
    UDQEVNQ
    VTFS
    LFSOFM
    LFSOFM
    OFUXPSL

    View Slide

  10. #1'
    /*$
    5$14UBDL
    UDQEVNQ
    tcpdump port 80
    VTFS
    LFSOFM
    LFSOFM
    OFUXPSL

    View Slide

  11. #1'
    /*$
    5$14UBDL
    UDQEVNQ
    tcpdump port 80
    VTFS
    LFSOFM
    LFSOFM
    OFUXPSL
    #1'
    CZUFDPEF
    UDQEVNQ͸
    #1'༻ʹϓϩάϥϜΛ
    ίϯύΠϧͯ͠LFSOFM
    Ͱ࣮ߦ͢Δ

    View Slide

  12. #1'
    /*$
    5$14UBDL
    UDQEVNQ
    tcpdump port 80
    OHJOY
    VTFS
    LFSOFM
    LFSOFM
    OFUXPSL
    #1'
    130(
    UDQEVNQ͸
    #1'༻ʹϓϩάϥϜΛ
    ίϯύΠϧͯ͠LFSOFM
    Ͱ࣮ߦ͢Δ
    $ sudo tcpdump -d 'port 80'
    (000) ldh [12]
    (001) jeq #0x86dd jt 2 jf 10
    (002) ldb [20]
    (003) jeq #0x84 jt 6 jf 4
    (004) jeq #0x6 jt 6 jf 5
    (005) jeq #0x11 jt 6 jf 23
    (006) ldh [54]
    :
    BPF Assembler

    View Slide

  13. #1'
    /*$
    5$14UBDL
    UDQEVNQ
    tcpdump port 80
    OHJOY
    VTFS
    LFSOFM
    LFSOFM
    OFUXPSL
    #1'
    130(
    UDQEVNQ͸
    #1'༻ʹϓϩάϥϜΛ
    ίϯύΠϧͯ͠LFSOFM
    Ͱ࣮ߦ͢Δ
    ~$ sudo tcpdump -dd 'port 80'
    { 0x28, 0, 0, 0x0000000c },
    { 0x15, 0, 8, 0x000086dd },
    { 0x30, 0, 0, 0x00000014 },
    { 0x15, 2, 0, 0x00000084 },
    { 0x15, 1, 0, 0x00000006 },
    { 0x15, 0, 17, 0x00000011 },
    { 0x28, 0, 0, 0x00000036 },
    { 0x15, 14, 0, 0x00000050 },
    :
    BPF Bytecode

    View Slide

  14. #1'
    /*$
    5$14UBDL
    UDQEVNQ
    tcpdump port 80
    VTFS
    LFSOFM
    LFSOFM
    OFUXPSL
    5$1QPSU
    #1'
    CZUFDPEF

    View Slide

  15. #1'
    /*$
    5$14UBDL
    UDQEVNQ
    tcpdump port 80
    VTFS
    LFSOFM
    LFSOFM
    OFUXPSL
    UFSNJOBM
    දࣔ
    5$1QPSU
    #1'
    CZUFDPEF

    View Slide

  16. #1'JT
    #FSLFMFZ1BDLFU'JMUFS
    -JOVYLFSOFMʹ࣮૷͞Ε͍ͯΔ
    ύέοτͷΩϟϓνϟ΍ϑΟϧλΛߦ͏ͨΊͷ
    ΠϯλʔϑΣΠε
    6TFSMBOEͰ࡞੒ͨ͠#1'#ZUFDPEFΛ
    ,FSOFMMBOEͰ࣮ߦ͢Δ
    ύέοτΩϟϓνϟҎ֎ͷ༻్ʹ΋࢖ΘΕ͍ͯΔ

    View Slide

  17. TFDDPNQ


    View Slide

  18. TFDDPNQ
    ࢦఆͨ͠TZTUFNDBMMΛ࣮ߦͰ͖ͳ͍Α͏ʹ͢Δ
    -JOVYLFSOFMͷػೳ
    ͜͜Ͱ͍͏TFDDPNQ͸-JOVYLFSOFMҎ߱ͷ
    TFDDPNQNPEFΛࢦ͢
    TFDDPNQNPEF͸ɺϑΟϧλϦϯάʹ#1'͕
    ࢖ΘΕ͓ͯΒͣɺॊೈੑ͕ͳ͍ػೳͩͬͨ

    View Slide

  19. #1'
    ϓϩάϥϜ
    VTFS
    LFSOFM
    LFSOFM

    View Slide

  20. #1'
    ϓϩάϥϜ
    VTFS
    LFSOFM
    LFSOFM
    ࣮ߦ

    View Slide

  21. #1'
    ϓϩάϥϜ
    VTFS
    LFSOFM
    TFDDPNQ
    ࣮ߦ
    LFSOFM
    ࣮ߦ
    ྫͱͯ͠XSJUF
    Λ੍ݶ͢Δ

    View Slide

  22. #1'
    ϓϩάϥϜ
    VTFS
    LFSOFM
    TFDDPNQ
    ࣮ߦ
    LFSOFM
    ࣮ߦ
    ͜ͷϓϩηεͰ͸XSJUF

    ͕࣮ߦͰ͖ͳ͘ͳΔ
    #1'༻ʹϓϩάϥϜΛ
    ίϯύΠϧͯ͠
    LFSOFMͰ࣮ߦ͢Δ
    #1'
    CZUFDPEF

    ྫͱͯ͠XSJUF
    Λ੍ݶ͢Δ

    View Slide

  23. #1'
    ϓϩάϥϜ
    VTFS
    LFSOFM
    TFDDPNQ
    ࣮ߦ
    LFSOFM
    ࣮ߦ
    PQFO
    ࣮ߦ
    ڐՄ
    #1'
    CZUFDPEF

    ྫͱͯ͠XSJUF
    Λ੍ݶ͢Δ

    View Slide

  24. #1'
    ϓϩάϥϜ
    VTFS
    LFSOFM
    TFDDPNQ
    ࣮ߦ
    LFSOFM
    ࣮ߦ
    PQFO
    ࣮ߦ
    XSJUF
    ࣮ߦ
    #1'
    CZUFDPEF
    ڋ൱

    View Slide

  25. Έͳ͞Μ#1'ָ͍͠Ͱ͔͢ʁ

    View Slide

  26. ָ͍͠Ͱ͢Ͷʁ

    View Slide

  27. F#1'ೖ໳

    View Slide

  28. F#1'
    &YUFOEFE#1'


    View Slide

  29. F#1'
    -JOVYLFSOFMҎ߱Ͱ࣮૷͞Ε͍ͯΔ
    #1'ͷ֦ு࣮૷
    VQSPCFTVTFSMFWFMEZOBNJDUSBDJOH
    LQSPCFTLFSOFMEZOBNJDUSBDJOH
    9%1F9QSFTT%BUB1BUI
    ύέοτΛ,FSOFMͷ/FUXPSL4UBDLʹ
    ౉͞ΕΔલͷυϥΠόϨϕϧͰ੍ޚͰ͖Δ
    FUD

    View Slide

  30. IUUQTHJUIVCDPNUPSWBMETMJOVYCMPCWJODMVEFUSBDFFWFOUTCQGI

    View Slide

  31. IUUQTHJUIVCDPNUPSWBMETMJOVYCMPCWJODMVEFUSBDFFWFOUTCQGI

    View Slide

  32. F#1'ͷͬ͘͟Γͱͨ͠࢓૊Έ

    View Slide

  33. LQSPCFTF#1'
    ,FSOFMEZOBNJDUSBDJOH

    View Slide

  34. LQSPCFT
    LFSOFM
    ໋ྩ
    ໋ྩ
    ໋ྩ
    ໋ྩ
    ϒϨʔΫϙΠϯτ
    LQSPCFT
    NPEVMF
    ஫ೖ
    TBWFDPOUFYU
    SFTUPSFDPOUFYU
    ࣮ߦ͍ͨ͠ॲཧ
    KNQ
    LFSOFMʹϒϨʔΫϙΠϯτΛઃఆ͠ϓϩάϥϜΛ࣮ߦͰ͖Δػೳ

    View Slide

  35. VTFS
    LFSOFM
    ϓϩάϥϜ
    F#1'
    LQSPCFT
    LQSPCFTF#1'

    View Slide

  36. VTFS
    LFSOFM
    ϓϩάϥϜ
    #1'CZUFDPEF
    F#1'
    ੜ੒
    LQSPCFT
    LQSPCFTF#1'

    View Slide

  37. VTFS
    LFSOFM
    ϓϩάϥϜ
    #1'CZUFDPEF
    F#1'
    WFSJpFS
    ੜ੒
    MPBE
    LQSPCFT
    LQSPCFTF#1'

    View Slide

  38. VTFS
    LFSOFM
    ϓϩάϥϜ
    #1'CZUFDPEF
    F#1'
    WFSJpFS
    ੜ੒
    MPBE
    LQSPCFT
    ϓϩάϥϜͷ҆શੑ
    ΛνΣοΫ
    LQSPCFTF#1'

    View Slide

  39. VTFS
    LFSOFM
    ϓϩάϥϜ
    #1'CZUFDPEF
    F#1'
    WFSJpFS
    ੜ੒
    MPBE
    #1'CZUFDPEF
    LQSPCFT
    LQSPCFTF#1'

    View Slide

  40. VTFS
    LFSOFM
    ϓϩάϥϜ
    #1'CZUFDPEF
    F#1'
    WFSJpFS
    ੜ੒
    MPBE
    #1'CZUFDPEF NBQ
    ੜ੒
    6TFS,FSOFMؒͰσʔλͷ΍ΓऔΓΛ͢Δ
    )BTI
    "SSBZ
    FUDʜ
    LQSPCFT
    LQSPCFTF#1'

    View Slide

  41. LQSPCFTF#1'
    VTFS
    LFSOFM
    ϓϩάϥϜ
    #1'CZUFDPEF
    F#1'
    WFSJpFS
    ੜ੒
    MPBE
    #1'CZUFDPEF NBQ
    USBDJOH
    ॻ͖ࠐΈ
    ࢀর
    LQSPCFT

    View Slide

  42. LQSPCFTF#1'
    VTFS
    LFSOFM
    ϓϩάϥϜ
    #1'CZUFDPEF
    F#1'
    WFSJpFS
    ੜ੒
    MPBE
    #1'CZUFDPEF NBQ
    USBDJOH
    ॻ͖ࠐΈ
    ࢀর
    LQSPCFT
    F#1'WFSJpFSʹΑͬͯ
    ҆શʹίʔυΛ࣮ߦͰ͖Δʂ

    View Slide

  43. LQSPCFTF#1'
    VTFS
    LFSOFM
    ϓϩάϥϜ
    #1'CZUFDPEF
    F#1'
    WFSJpFS
    ੜ੒
    MPBE
    #1'CZUFDPEF NBQ
    USBDJOH
    ॻ͖ࠐΈ
    ࢀর
    LQSPCFT
    F#1'NBQʹΑͬͯ
    6TFSTQBDFͱ,FSOFMͰಈత
    ʹσʔλΛڞ༗Ͱ͖Δʂ

    View Slide

  44. LQSPCFTF#1'
    VTFS
    LFSOFM
    ϓϩάϥϜ
    #1'CZUFDPEF
    F#1'
    WFSJpFS
    ੜ੒
    MPBE
    #1'CZUFDPEF NBQ
    USBDJOH
    ॻ͖ࠐΈ
    ࢀর
    LQSPCFT
    Կͷ໾ཱͪ·͔͢ʁ

    View Slide

  45. LQSPCFTF#1'
    VTFS
    LFSOFM
    ϓϩάϥϜ
    #1'CZUFDPEF
    F#1'
    WFSJpFS
    ੜ੒
    MPBE
    #1'CZUFDPEF NBQ
    USBDJOH
    ॻ͖ࠐΈ
    ࢀর
    LQSPCFT
    .FNPSZBMMPDBUJPOΛτϨʔε
    ͯ͠ɺ.FNPSZMFBLΛ୳͢

    View Slide

  46. LQSPCFTF#1'
    VTFS
    LFSOFM
    ϓϩάϥϜ
    #1'CZUFDPEF
    F#1'
    WFSJpFS
    ੜ੒
    MPBE
    #1'CZUFDPEF NBQ
    USBDJOH
    ॻ͖ࠐΈ
    ࢀর
    LQSPCFT
    'JMFTZTUFNΛτϨʔεͯ͠
    ϑΝΠϧͷPQFO SFBE XSJUF
    ͳͲʹ͔͔Δ࣌ؒΛܭଌͯ͠
    ϘτϧωοΫΛ୳͢

    View Slide

  47. LQSPCFTF#1'
    VTFS
    LFSOFM
    ϓϩάϥϜ
    #1'CZUFDPEF
    F#1'
    WFSJpFS
    ੜ੒
    MPBE
    #1'CZUFDPEF NBQ
    USBDJOH
    ॻ͖ࠐΈ
    ࢀর
    LQSPCFT
    00.LJMMFSΛτϨʔε͠
    ͦͷॠؒͷͱ͋ΔϓϩάϥϜͷ
    UBTL@TUSVDUߏ଄ମͷத਎Λ
    μϯϓͯ͠ݪҼΛ୳͢

    View Slide

  48. 9%1
    F9QSFTT%BUB1BUI

    ύέοτΛ,FSOFMͷ/FUXPSL4UBDL
    ʹ౉͞ΕΔલͷυϥΠόϨϕϧͰ੍ޚͰ͖Δ

    View Slide

  49. JQUBCMFT
    /*$
    %SJWFS
    "QQMJDBUJPO
    OFUpMUFS
    %301
    "$$&15
    VTFS
    LFSOFM

    JQUBCMFT
    /FUXPSL4UBDL

    View Slide

  50. JQUBCMFTXJUI#1'
    /*$
    %SJWFS
    /FUXPSL4UBDL
    "QQMJDBUJPO
    "$$&15
    VTFS
    LFSOFM

    JQUBCMFT
    D#1'
    %301 CZUFDPEF

    View Slide

  51. 9%1
    /*$
    %SJWFS
    /FUXPSL4UBDL
    "QQMJDBUJPO
    "$$&15
    VTFS
    LFSOFM

    9%11SPH
    %301 F#1' CZUFDPEF

    View Slide

  52. 9%1
    /*$
    %SJWFS
    /FUXPSL4UBDL
    "QQMJDBUJPO
    VTFS
    LFSOFM
    9%1
    %301
    "$$&15
    ωοτϫʔΫυϥΠόϨϕϧͰ
    ύέοτͷૢ࡞͕Ͱ͖Δʂ
    ରԠ͍ͯ͠ΔωοτϫʔΫυϥΠό͸ҎԼΛࢀর
    IUUQTHJUIVCDPNJPWJTPSCDDCMPCNBTUFSEPDTLFSOFMWFSTJPOTNEYEQ

    View Slide

  53. 9%1
    /*$
    %SJWFS
    /FUXPSL4UBDL
    "QQMJDBUJPO
    VTFS
    LFSOFM
    9%1
    %301
    "$$&15


    View Slide

  54. 9%1
    /*$
    %SJWFS
    /FUXPSL4UBDL
    "QQMJDBUJPO
    VTFS
    LFSOFM
    9%1
    %301
    "$$&15
    %%P4ରࡦ
    ηΩϡϦςΟରࡦ
    -# ೔ຊͰ΋ࣄྫ͋Γ


    View Slide

  55. ເ͕޿͕Γ·͢Ͷʁ

    View Slide

  56. ·ͱΊ
    #1'͸6TFSTQBDFͰ࡞੒ͨ͠#ZUFDPEFΛ
    ,FSOFMͰ࣮ߦ͢Δࣄ͕Ͱ͖Δɻ
    D#1'͸ύέοτ΍γεςϜίʔϧΛϑΟϧλ
    Ϧϯά͢Δ͜ͱ͕Ͱ͖Δɻ
    F#1'͸LQSPCF΍VQSPCFΛར༻ͨ͠τϨʔε
    ΍9%1ͷΑ͏ͳ%SJWFSϨϕϧͷߴ଎ͳύέο
    τૢ࡞͕Ͱ͖Δɻଞʹ΋ػೳ͕͋Δɻ
    7FSJpFSʹΑΓ҆શʹίʔυΛ࣮ߦͰ͖Δɻ
    .BQʹΑΓಈతʹσʔλͷ΍ΓऔΓ͕Ͱ͖Δɻ

    View Slide

  57. དྷ೥΋΍͍͖ͬͯ·͠ΐ͏ʂ

    View Slide

  58. ͝ਗ਼ௌ͋Γ͕ͱ͏͍͟͝·ͨ͠ʂ

    View Slide