Upgrade to Pro — share decks privately, control downloads, hide ads and more …

eBPF入門 /eBPF-getting-started

22522e2bc35255ab75308c399ff782f6?s=47 Takuma Kume
December 16, 2017
Technology
6
5.3k

eBPF入門 /eBPF-getting-started

KIXS vol.006 LT 10 min
https://kixs.connpass.com/event/69643/

ブログ
https://takumakume.tech/blog/2017-12-18-ebpf-getting-started/

22522e2bc35255ab75308c399ff782f6?s=128

Takuma Kume

December 16, 2017
Tweet

More Decks by Takuma Kume

See All by Takuma Kume
22522e2bc35255ab75308c399ff782f6?s=48 takumakume
0
85
22522e2bc35255ab75308c399ff782f6?s=48 takumakume
1
230
22522e2bc35255ab75308c399ff782f6?s=48 takumakume
10
2.1k
22522e2bc35255ab75308c399ff782f6?s=48 takumakume
5
8.2k
22522e2bc35255ab75308c399ff782f6?s=48 takumakume
0
100
22522e2bc35255ab75308c399ff782f6?s=48 takumakume
7
1.5k
22522e2bc35255ab75308c399ff782f6?s=48 takumakume
3
1.6k
22522e2bc35255ab75308c399ff782f6?s=48 takumakume
0
690
22522e2bc35255ab75308c399ff782f6?s=48 takumakume
0
300

Other Decks in Technology

See All in Technology
A64ac825509279a770c13c6fc517f11a?s=48 kawaguti
0
290
8dc3958dc2480bd681e4b5c197817047?s=48 retrage
3
570
252e6c31a6452aa80deb9ad0107975c7?s=48 attakei
0
130
A64ac825509279a770c13c6fc517f11a?s=48 kawaguti
3
600
A07bf430b58349d4c0c88dabcd4c21f3?s=48 iam326
0
220
6f455f3ddfaa8a1c3a8a03ecd5d73d4f?s=48 hirakichi
0
110
Fff70c641a9988db06414c9beb29029f?s=48 acogoluegnes
0
6.9k
Bf7fe621f4fe1615c228ef8a79b87282?s=48 shirayanagiryuji
1
200
E53046bb9794560f541fcf2cf0b9d526?s=48 sayokomiura
0
240
5b47136bedcba2799edf4fcd27ea66d7?s=48 yaegashi
3
840
7e20183342a040a32924a41343603286?s=48 konabuta
1
350
D65bdfdd4762c763f71d08fd4d9fa511?s=48 sky_joker
1
260

Featured

See All Featured
A9179349dd2bdc67f377719f56d85656?s=48 garrettdimon
291
110k
761be20b5ebd271008bcee1244fc5b52?s=48 matthewcrist
73
7.6k
Ecdea9b9714877b86cee08458f085481?s=48 trallard
22
1k
Aebc2d07a50011e2a30d38435fde564a?s=48 jrom
119
7.3k
91cefdf141106fa10674aae74ce05890?s=48 yeseniaperezcruz
304
32k
44b54d2ffcb7857004071cc6795dde11?s=48 cassininazir
349
20k
6804f1775cb4babfcc3851298566fbce?s=48 tanoku
90
8.8k
812e1705ff0f8bc1bcf18587bde687d5?s=48 62gerente
591
210k
465724d73fe3a92c0879fdfb43a3a6f3?s=48 philhawksworth
195
9k
1519587b1a0febb658c36c94f6272b0d?s=48 roundedbygravity
85
8k
8081b26e05bb4354f7d65ffc34cbbd67?s=48 chriscoyier
498
130k
06f8b41980eb4c577fa40c41d5030c19?s=48 keathley
24
870

Transcript

  1. ٱถ୓അ(.01FQBCP *OD  ,JYTWPM-5NJO F#1'ೖ໳

  2. (.0ϖύϘΠϯϑϥΤϯδχΞ ٱถ୓അ!UBLVNBLVNF ϗεςΟϯάࣄۀ෦ IUUQTUBLVNBLVNFUFDI 

  3. None

  4. Έͳ͞Μ͸#1'ͯ͠·͔͢ʁ 

  5. #1'JT #FSLFMFZ1BDLFU'JMUFS -JOVYLFSOFMʹ࣮૷͞Ε͍ͯΔ ύέοτͷΩϟϓνϟ΍ϑΟϧλΛߦ͏ͨΊͷ ΠϯλʔϑΣΠε 

  6. UDQEVNQ  

  7. UDQEVNQ  ~$ sudo tcpdump port 80 tcpdump: verbose output

    suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes 00:27:12.580101 IP 192.168.0.18.61285 > archlinux.vagrant.vm.http: Flags [S], seq 1854919014, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val 844367687 ecr 0,sackOK,eol], length 0 : : ຖ೔ୟ͍͍ͯΔ͍ͭ΋ͷ΍ͭͰ͢Ͷ 

  8. UDQEVNQ #1' 

  9. #1' /*$ 5$14UBDL UDQEVNQ VTFS LFSOFM LFSOFM OFUXPSL 

  10. #1' /*$ 5$14UBDL UDQEVNQ tcpdump port 80 VTFS LFSOFM LFSOFM

    OFUXPSL 

  11. #1' /*$ 5$14UBDL UDQEVNQ tcpdump port 80 VTFS LFSOFM LFSOFM

    OFUXPSL #1' CZUFDPEF UDQEVNQ͸ #1'༻ʹϓϩάϥϜΛ ίϯύΠϧͯ͠LFSOFM Ͱ࣮ߦ͢Δ 

  12. #1' /*$ 5$14UBDL UDQEVNQ tcpdump port 80 OHJOY VTFS LFSOFM

    LFSOFM OFUXPSL #1' 130( UDQEVNQ͸ #1'༻ʹϓϩάϥϜΛ ίϯύΠϧͯ͠LFSOFM Ͱ࣮ߦ͢Δ $ sudo tcpdump -d 'port 80' (000) ldh [12] (001) jeq #0x86dd jt 2 jf 10 (002) ldb [20] (003) jeq #0x84 jt 6 jf 4 (004) jeq #0x6 jt 6 jf 5 (005) jeq #0x11 jt 6 jf 23 (006) ldh [54] : BPF Assembler 

  13. #1' /*$ 5$14UBDL UDQEVNQ tcpdump port 80 OHJOY VTFS LFSOFM

    LFSOFM OFUXPSL #1' 130( UDQEVNQ͸ #1'༻ʹϓϩάϥϜΛ ίϯύΠϧͯ͠LFSOFM Ͱ࣮ߦ͢Δ ~$ sudo tcpdump -dd 'port 80' { 0x28, 0, 0, 0x0000000c }, { 0x15, 0, 8, 0x000086dd }, { 0x30, 0, 0, 0x00000014 }, { 0x15, 2, 0, 0x00000084 }, { 0x15, 1, 0, 0x00000006 }, { 0x15, 0, 17, 0x00000011 }, { 0x28, 0, 0, 0x00000036 }, { 0x15, 14, 0, 0x00000050 }, : BPF Bytecode 

  14. #1' /*$ 5$14UBDL UDQEVNQ tcpdump port 80 VTFS LFSOFM LFSOFM

    OFUXPSL 5$1QPSU #1' CZUFDPEF 

  15. #1' /*$ 5$14UBDL UDQEVNQ tcpdump port 80 VTFS LFSOFM LFSOFM

    OFUXPSL UFSNJOBM දࣔ 5$1QPSU #1' CZUFDPEF 

  16. #1'JT #FSLFMFZ1BDLFU'JMUFS -JOVYLFSOFMʹ࣮૷͞Ε͍ͯΔ ύέοτͷΩϟϓνϟ΍ϑΟϧλΛߦ͏ͨΊͷ ΠϯλʔϑΣΠε 6TFSMBOEͰ࡞੒ͨ͠#1'#ZUFDPEFΛ ,FSOFMMBOEͰ࣮ߦ͢Δ ύέοτΩϟϓνϟҎ֎ͷ༻్ʹ΋࢖ΘΕ͍ͯΔ 

  17. TFDDPNQ  

  18. TFDDPNQ ࢦఆͨ͠TZTUFNDBMMΛ࣮ߦͰ͖ͳ͍Α͏ʹ͢Δ -JOVYLFSOFMͷػೳ ͜͜Ͱ͍͏TFDDPNQ͸-JOVYLFSOFMҎ߱ͷ TFDDPNQNPEFΛࢦ͢ TFDDPNQNPEF͸ɺϑΟϧλϦϯάʹ#1'͕ ࢖ΘΕ͓ͯΒͣɺॊೈੑ͕ͳ͍ػೳͩͬͨ 

  19. #1' ϓϩάϥϜ VTFS LFSOFM LFSOFM 

  20. #1' ϓϩάϥϜ VTFS LFSOFM LFSOFM ࣮ߦ 

  21. #1' ϓϩάϥϜ VTFS LFSOFM TFDDPNQ  ࣮ߦ LFSOFM ࣮ߦ ྫͱͯ͠XSJUF

     Λ੍ݶ͢Δ 

  22. #1' ϓϩάϥϜ VTFS LFSOFM TFDDPNQ  ࣮ߦ LFSOFM ࣮ߦ ͜ͷϓϩηεͰ͸XSJUF

      ͕࣮ߦͰ͖ͳ͘ͳΔ #1'༻ʹϓϩάϥϜΛ ίϯύΠϧͯ͠ LFSOFMͰ࣮ߦ͢Δ #1' CZUFDPEF  ྫͱͯ͠XSJUF  Λ੍ݶ͢Δ

  23. #1' ϓϩάϥϜ VTFS LFSOFM TFDDPNQ  ࣮ߦ LFSOFM ࣮ߦ PQFO

     ࣮ߦ ڐՄ #1' CZUFDPEF  ྫͱͯ͠XSJUF  Λ੍ݶ͢Δ

  24. #1' ϓϩάϥϜ VTFS LFSOFM TFDDPNQ  ࣮ߦ LFSOFM ࣮ߦ PQFO

     ࣮ߦ XSJUF  ࣮ߦ #1' CZUFDPEF ڋ൱ 

  25. Έͳ͞Μ#1'ָ͍͠Ͱ͔͢ʁ 

  26. ָ͍͠Ͱ͢Ͷʁ 

  27. F#1'ೖ໳

  28. F#1' &YUFOEFE#1' 

  29. F#1' -JOVYLFSOFMҎ߱Ͱ࣮૷͞Ε͍ͯΔ #1'ͷ֦ு࣮૷ VQSPCFTVTFSMFWFMEZOBNJDUSBDJOH LQSPCFTLFSOFMEZOBNJDUSBDJOH 9%1F9QSFTT%BUB1BUI ύέοτΛ,FSOFMͷ/FUXPSL4UBDLʹ ౉͞ΕΔલͷυϥΠόϨϕϧͰ੍ޚͰ͖Δ FUD 

  30. IUUQTHJUIVCDPNUPSWBMETMJOVYCMPCWJODMVEFUSBDFFWFOUTCQGI 

  31. IUUQTHJUIVCDPNUPSWBMETMJOVYCMPCWJODMVEFUSBDFFWFOUTCQGI 

  32. F#1'ͷͬ͘͟Γͱͨ͠࢓૊Έ 

  33. LQSPCFT F#1' ,FSOFMEZOBNJDUSBDJOH 

  34. LQSPCFT LFSOFM ໋ྩ ໋ྩ ໋ྩ ໋ྩ ϒϨʔΫϙΠϯτ LQSPCFT NPEVMF ஫ೖ

    TBWFDPOUFYU SFTUPSFDPOUFYU ࣮ߦ͍ͨ͠ॲཧ KNQ LFSOFMʹϒϨʔΫϙΠϯτΛઃఆ͠ϓϩάϥϜΛ࣮ߦͰ͖Δػೳ 

  35. VTFS LFSOFM ϓϩάϥϜ F#1' LQSPCFT LQSPCFT F#1' 

  36. VTFS LFSOFM ϓϩάϥϜ #1'CZUFDPEF F#1' ੜ੒ LQSPCFT LQSPCFT F#1' 

  37. VTFS LFSOFM ϓϩάϥϜ #1'CZUFDPEF F#1' WFSJpFS ੜ੒ MPBE LQSPCFT LQSPCFT

    F#1' 

  38. VTFS LFSOFM ϓϩάϥϜ #1'CZUFDPEF F#1' WFSJpFS ੜ੒ MPBE LQSPCFT ϓϩάϥϜͷ҆શੑ

    ΛνΣοΫ LQSPCFT F#1' 

  39. VTFS LFSOFM ϓϩάϥϜ #1'CZUFDPEF F#1' WFSJpFS ੜ੒ MPBE #1'CZUFDPEF LQSPCFT

    LQSPCFT F#1' 

  40. VTFS LFSOFM ϓϩάϥϜ #1'CZUFDPEF F#1' WFSJpFS ੜ੒ MPBE #1'CZUFDPEF NBQ

    ੜ੒ 6TFS,FSOFMؒͰσʔλͷ΍ΓऔΓΛ͢Δ )BTI "SSBZ FUDʜ LQSPCFT LQSPCFT F#1' 

  41. LQSPCFT F#1' VTFS LFSOFM ϓϩάϥϜ #1'CZUFDPEF F#1' WFSJpFS ੜ੒ MPBE

    #1'CZUFDPEF NBQ USBDJOH ॻ͖ࠐΈ ࢀর LQSPCFT 

  42. LQSPCFT F#1' VTFS LFSOFM ϓϩάϥϜ #1'CZUFDPEF F#1' WFSJpFS ੜ੒ MPBE

    #1'CZUFDPEF NBQ USBDJOH ॻ͖ࠐΈ ࢀর LQSPCFT F#1'WFSJpFSʹΑͬͯ ҆શʹίʔυΛ࣮ߦͰ͖Δʂ 

  43. LQSPCFT F#1' VTFS LFSOFM ϓϩάϥϜ #1'CZUFDPEF F#1' WFSJpFS ੜ੒ MPBE

    #1'CZUFDPEF NBQ USBDJOH ॻ͖ࠐΈ ࢀর LQSPCFT F#1'NBQʹΑͬͯ 6TFSTQBDFͱ,FSOFMͰಈత ʹσʔλΛڞ༗Ͱ͖Δʂ 

  44. LQSPCFT F#1' VTFS LFSOFM ϓϩάϥϜ #1'CZUFDPEF F#1' WFSJpFS ੜ੒ MPBE

    #1'CZUFDPEF NBQ USBDJOH ॻ͖ࠐΈ ࢀর LQSPCFT Կͷ໾ཱͪ·͔͢ʁ 

  45. LQSPCFT F#1' VTFS LFSOFM ϓϩάϥϜ #1'CZUFDPEF F#1' WFSJpFS ੜ੒ MPBE

    #1'CZUFDPEF NBQ USBDJOH ॻ͖ࠐΈ ࢀর LQSPCFT .FNPSZBMMPDBUJPOΛτϨʔε ͯ͠ɺ.FNPSZMFBLΛ୳͢ 

  46. LQSPCFT F#1' VTFS LFSOFM ϓϩάϥϜ #1'CZUFDPEF F#1' WFSJpFS ੜ੒ MPBE

    #1'CZUFDPEF NBQ USBDJOH ॻ͖ࠐΈ ࢀর LQSPCFT 'JMFTZTUFNΛτϨʔεͯ͠ ϑΝΠϧͷPQFO SFBE XSJUF ͳͲʹ͔͔Δ࣌ؒΛܭଌͯ͠ ϘτϧωοΫΛ୳͢ 

  47. LQSPCFT F#1' VTFS LFSOFM ϓϩάϥϜ #1'CZUFDPEF F#1' WFSJpFS ੜ੒ MPBE

    #1'CZUFDPEF NBQ USBDJOH ॻ͖ࠐΈ ࢀর LQSPCFT 00.LJMMFSΛτϨʔε͠ ͦͷॠؒͷͱ͋ΔϓϩάϥϜͷ UBTL@TUSVDUߏ଄ମͷத਎Λ μϯϓͯ͠ݪҼΛ୳͢ 

  48. 9%1 F9QSFTT%BUB1BUI  ύέοτΛ,FSOFMͷ/FUXPSL4UBDL ʹ౉͞ΕΔલͷυϥΠόϨϕϧͰ੍ޚͰ͖Δ

  49. JQUBCMFT /*$ %SJWFS "QQMJDBUJPO OFUpMUFS %301 "$$&15 VTFS LFSOFM 

    JQUBCMFT /FUXPSL4UBDL

  50. JQUBCMFTXJUI#1' /*$ %SJWFS /FUXPSL4UBDL "QQMJDBUJPO "$$&15 VTFS LFSOFM  JQUBCMFT

    D#1' %301 CZUFDPEF

  51. 9%1 /*$ %SJWFS /FUXPSL4UBDL "QQMJDBUJPO "$$&15 VTFS LFSOFM  9%11SPH

    %301 F#1' CZUFDPEF

  52. 9%1 /*$ %SJWFS /FUXPSL4UBDL "QQMJDBUJPO VTFS LFSOFM 9%1 %301 "$$&15

    ωοτϫʔΫυϥΠόϨϕϧͰ ύέοτͷૢ࡞͕Ͱ͖Δʂ ରԠ͍ͯ͠ΔωοτϫʔΫυϥΠό͸ҎԼΛࢀর IUUQTHJUIVCDPNJPWJTPSCDDCMPCNBTUFSEPDTLFSOFMWFSTJPOTNEYEQ 

  53. 9%1 /*$ %SJWFS /FUXPSL4UBDL "QQMJDBUJPO VTFS LFSOFM 9%1 %301 "$$&15

    ଎ 

  54. 9%1 /*$ %SJWFS /FUXPSL4UBDL "QQMJDBUJPO VTFS LFSOFM 9%1 %301 "$$&15

    %%P4ରࡦ ηΩϡϦςΟରࡦ -# ೔ຊͰ΋ࣄྫ͋Γ 

  55. ເ͕޿͕Γ·͢Ͷʁ 

  56. ·ͱΊ #1'͸6TFSTQBDFͰ࡞੒ͨ͠#ZUFDPEFΛ ,FSOFMͰ࣮ߦ͢Δࣄ͕Ͱ͖Δɻ D#1'͸ύέοτ΍γεςϜίʔϧΛϑΟϧλ Ϧϯά͢Δ͜ͱ͕Ͱ͖Δɻ F#1'͸LQSPCF΍VQSPCFΛར༻ͨ͠τϨʔε ΍9%1ͷΑ͏ͳ%SJWFSϨϕϧͷߴ଎ͳύέο τૢ࡞͕Ͱ͖Δɻଞʹ΋ػೳ͕͋Δɻ 7FSJpFSʹΑΓ҆શʹίʔυΛ࣮ߦͰ͖Δɻ .BQʹΑΓಈతʹσʔλͷ΍ΓऔΓ͕Ͱ͖Δɻ

  57. དྷ೥΋΍͍͖ͬͯ·͠ΐ͏ʂ 

  58. ͝ਗ਼ௌ͋Γ͕ͱ͏͍͟͝·ͨ͠ʂ