eBPF入門 /eBPF-getting-started

Transcript

1. ٱถ୓അ
   
   (.0
   1FQBCP
   *OD
   
   ,JYT
   WPM
   -5
   NJO F#1'ೖ໳

2. (.0ϖύϘ
   ΠϯϑϥΤϯδχΞ ٱถ
   ୓അ
   !UBLVNBLVNF ϗεςΟϯάࣄۀ෦ IUUQTUBLVNBLVNFUFDI 

3. None

4. Έͳ͞Μ͸#1'ͯ͠·͔͢ʁ 

5. #1'
   JT
   #FSLFMFZ
   1BDLFU
   'JMUFS -JOVY
   LFSOFM
   ʹ࣮૷͞Ε͍ͯΔ
   ύέοτͷΩϟϓνϟ΍ϑΟϧλΛߦ͏ͨΊͷ ΠϯλʔϑΣΠε 

6. UDQEVNQ  

7. UDQEVNQ
    ~$ sudo tcpdump port 80 tcpdump: verbose output

   suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes 00:27:12.580101 IP 192.168.0.18.61285 > archlinux.vagrant.vm.http: Flags [S], seq 1854919014, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val 844367687 ecr 0,sackOK,eol], length 0 : : ຖ೔ୟ͍͍ͯΔ͍ͭ΋ͷ΍ͭͰ͢Ͷ 

8. UDQEVNQ #1' 

9. #1' /*$ 5$1
   4UBDL UDQEVNQ VTFS LFSOFM LFSOFM OFUXPSL 

10. #1' /*$ 5$1
    4UBDL UDQEVNQ tcpdump port 80 VTFS LFSOFM LFSOFM

    OFUXPSL 

11. #1' /*$ 5$1
    4UBDL UDQEVNQ tcpdump port 80 VTFS LFSOFM LFSOFM

    OFUXPSL #1'
    CZUFDPEF UDQEVNQ͸
    #1'༻ʹϓϩάϥϜΛ ίϯύΠϧͯ͠LFSOFM Ͱ࣮ߦ͢Δ 

12. #1' /*$ 5$1
    4UBDL UDQEVNQ tcpdump port 80 OHJOY VTFS LFSOFM

    LFSOFM OFUXPSL #1'
    130( UDQEVNQ͸
    #1'༻ʹϓϩάϥϜΛ ίϯύΠϧͯ͠LFSOFM Ͱ࣮ߦ͢Δ $ sudo tcpdump -d 'port 80' (000) ldh [12] (001) jeq #0x86dd jt 2 jf 10 (002) ldb [20] (003) jeq #0x84 jt 6 jf 4 (004) jeq #0x6 jt 6 jf 5 (005) jeq #0x11 jt 6 jf 23 (006) ldh [54] : BPF Assembler 

13. #1' /*$ 5$1
    4UBDL UDQEVNQ tcpdump port 80 OHJOY VTFS LFSOFM

    LFSOFM OFUXPSL #1'
    130( UDQEVNQ͸
    #1'༻ʹϓϩάϥϜΛ ίϯύΠϧͯ͠LFSOFM Ͱ࣮ߦ͢Δ ~$ sudo tcpdump -dd 'port 80' { 0x28, 0, 0, 0x0000000c }, { 0x15, 0, 8, 0x000086dd }, { 0x30, 0, 0, 0x00000014 }, { 0x15, 2, 0, 0x00000084 }, { 0x15, 1, 0, 0x00000006 }, { 0x15, 0, 17, 0x00000011 }, { 0x28, 0, 0, 0x00000036 }, { 0x15, 14, 0, 0x00000050 }, : BPF Bytecode 

14. #1' /*$ 5$1
    4UBDL UDQEVNQ tcpdump port 80 VTFS LFSOFM LFSOFM

    OFUXPSL 5$1
    QPSU
     #1'
    CZUFDPEF 

15. #1' /*$ 5$1
    4UBDL UDQEVNQ tcpdump port 80 VTFS LFSOFM LFSOFM

    OFUXPSL UFSNJOBM දࣔ 5$1
    QPSU
     #1'
    CZUFDPEF 

16. #1'
    JT
    #FSLFMFZ
    1BDLFU
    'JMUFS -JOVY
    LFSOFM
    ʹ࣮૷͞Ε͍ͯΔ
    ύέοτͷΩϟϓνϟ΍ϑΟϧλΛߦ͏ͨΊͷ ΠϯλʔϑΣΠε 6TFS
    MBOEͰ࡞੒ͨ͠#1'
    #ZUFDPEFΛ ,FSOFM
    MBOEͰ࣮ߦ͢Δ ύέοτΩϟϓνϟҎ֎ͷ༻్ʹ΋࢖ΘΕ͍ͯΔ 

17. TFDDPNQ  

18. TFDDPNQ
    ࢦఆͨ͠TZTUFNDBMMΛ࣮ߦͰ͖ͳ͍Α͏ʹ͢Δ
    -JOVY
    LFSOFM
    ͷػೳ
    ͜͜Ͱ͍͏
    TFDDPNQ
    ͸
    -JOVY
    LFSOFM
    Ҏ߱ͷ TFDDPNQ
    NPEF
    
    Λࢦ͢
    TFDDPNQ
    NPEF
    
    ͸ɺϑΟϧλϦϯάʹ
    #1'
    ͕ ࢖ΘΕ͓ͯΒͣɺॊೈੑ͕ͳ͍ػೳͩͬͨ 

19. #1' ϓϩάϥϜ VTFS LFSOFM LFSOFM 

20. #1' ϓϩάϥϜ VTFS LFSOFM LFSOFM ࣮ߦ 

21. #1' ϓϩάϥϜ VTFS LFSOFM TFDDPNQ  ࣮ߦ LFSOFM ࣮ߦ ྫͱͯ͠
    XSJUF

    
    Λ੍ݶ͢Δ 

22. #1' ϓϩάϥϜ VTFS LFSOFM TFDDPNQ  ࣮ߦ LFSOFM ࣮ߦ ͜ͷϓϩηεͰ͸
    XSJUF

    
    ͕࣮ߦͰ͖ͳ͘ͳΔ #1'༻ʹϓϩάϥϜΛ
    ίϯύΠϧͯ͠
    LFSOFMͰ࣮ߦ͢Δ #1'
    CZUFDPEF  ྫͱͯ͠
    XSJUF 
    Λ੍ݶ͢Δ

23. #1' ϓϩάϥϜ VTFS LFSOFM TFDDPNQ  ࣮ߦ LFSOFM ࣮ߦ PQFO

     ࣮ߦ ڐՄ #1'
    CZUFDPEF  ྫͱͯ͠
    XSJUF 
    Λ੍ݶ͢Δ

24. #1' ϓϩάϥϜ VTFS LFSOFM TFDDPNQ  ࣮ߦ LFSOFM ࣮ߦ PQFO

     ࣮ߦ XSJUF  ࣮ߦ #1'
    CZUFDPEF ڋ൱ 

25. Έͳ͞Μ#1'ָ͍͠Ͱ͔͢ʁ 

26. ָ͍͠Ͱ͢Ͷʁ 

27. F#1'ೖ໳

28. F#1'
    &YUFOEFE
    #1' 

29. F#1'
    -JOVY
    LFSOFM
    Ҏ߱
    Ͱ࣮૷͞Ε͍ͯΔ
    #1'ͷ֦ு࣮૷
    VQSPCFT
    
    VTFS
    MFWFM
    EZOBNJD
    USBDJOH
    LQSPCFT
    
    LFSOFM
    EZOBNJD
    USBDJOH
    9%1
    
    F9QSFTT
    %BUB
    1BUI
    ύέοτΛ
    ,FSOFM
    ͷ
    /FUXPSL
    4UBDL
    ʹ ౉͞ΕΔલͷυϥΠόϨϕϧͰ੍ޚͰ͖Δ FUD 

30. IUUQTHJUIVCDPNUPSWBMETMJOVYCMPCWJODMVEFUSBDFFWFOUTCQGI 

31. IUUQTHJUIVCDPNUPSWBMETMJOVYCMPCWJODMVEFUSBDFFWFOUTCQGI 

32. F#1'ͷͬ͘͟Γͱͨ͠࢓૊Έ 

33. LQSPCFT
    
    F#1'
    ,FSOFM
    EZOBNJD
    USBDJOH 

34. LQSPCFT LFSOFM ໋ྩ ໋ྩ ໋ྩ ໋ྩ ϒϨʔΫϙΠϯτ LQSPCFT
    NPEVMF ஫ೖ

    TBWF
    DPOUFYU SFTUPSF
    DPOUFYU ࣮ߦ͍ͨ͠ॲཧ KNQ LFSOFMʹϒϨʔΫϙΠϯτΛઃఆ͠ϓϩάϥϜΛ࣮ߦͰ͖Δػೳ 

35. VTFS LFSOFM ϓϩάϥϜ F#1' LQSPCFT LQSPCFT
    
    F#1' 

36. VTFS LFSOFM ϓϩάϥϜ #1'
    CZUFDPEF F#1' ੜ੒ LQSPCFT LQSPCFT
    
    F#1' 

37. VTFS LFSOFM ϓϩάϥϜ #1'
    CZUFDPEF F#1' WFSJpFS ੜ੒ MPBE LQSPCFT LQSPCFT
    

    
    F#1' 

38. VTFS LFSOFM ϓϩάϥϜ #1'
    CZUFDPEF F#1' WFSJpFS ੜ੒ MPBE LQSPCFT ϓϩάϥϜͷ҆શੑ

    ΛνΣοΫ LQSPCFT
    
    F#1' 

39. VTFS LFSOFM ϓϩάϥϜ #1'
    CZUFDPEF F#1' WFSJpFS ੜ੒ MPBE #1'
    CZUFDPEF LQSPCFT

    LQSPCFT
    
    F#1' 

40. VTFS LFSOFM ϓϩάϥϜ #1'
    CZUFDPEF F#1' WFSJpFS ੜ੒ MPBE #1'
    CZUFDPEF NBQ

    ੜ੒ 6TFS
    
    ,FSOFM
    ؒͰσʔλͷ΍ΓऔΓΛ͢Δ )BTI
    "SSBZ
    FUDʜ LQSPCFT LQSPCFT
    
    F#1' 

41. LQSPCFT
    
    F#1' VTFS LFSOFM ϓϩάϥϜ #1'
    CZUFDPEF F#1' WFSJpFS ੜ੒ MPBE

    #1'
    CZUFDPEF NBQ USBDJOH ॻ͖ࠐΈ ࢀর LQSPCFT 

42. LQSPCFT
    
    F#1' VTFS LFSOFM ϓϩάϥϜ #1'
    CZUFDPEF F#1' WFSJpFS ੜ੒ MPBE

    #1'
    CZUFDPEF NBQ USBDJOH ॻ͖ࠐΈ ࢀর LQSPCFT F#1'
    WFSJpFS
    ʹΑͬͯ
    ҆શʹίʔυΛ࣮ߦͰ͖Δʂ 

43. LQSPCFT
    
    F#1' VTFS LFSOFM ϓϩάϥϜ #1'
    CZUFDPEF F#1' WFSJpFS ੜ੒ MPBE

    #1'
    CZUFDPEF NBQ USBDJOH ॻ͖ࠐΈ ࢀর LQSPCFT F#1'
    NBQ
    ʹΑͬͯ
    6TFSTQBDFͱ,FSOFMͰಈత ʹσʔλΛڞ༗Ͱ͖Δʂ 

44. LQSPCFT
    
    F#1' VTFS LFSOFM ϓϩάϥϜ #1'
    CZUFDPEF F#1' WFSJpFS ੜ੒ MPBE

    #1'
    CZUFDPEF NBQ USBDJOH ॻ͖ࠐΈ ࢀর LQSPCFT Կͷ໾ཱͪ·͔͢ʁ 

45. LQSPCFT
    
    F#1' VTFS LFSOFM ϓϩάϥϜ #1'
    CZUFDPEF F#1' WFSJpFS ੜ੒ MPBE

    #1'
    CZUFDPEF NBQ USBDJOH ॻ͖ࠐΈ ࢀর LQSPCFT .FNPSZ
    BMMPDBUJPOΛτϨʔε
    ͯ͠ɺ.FNPSZ
    MFBL
    Λ୳͢ 

46. LQSPCFT
    
    F#1' VTFS LFSOFM ϓϩάϥϜ #1'
    CZUFDPEF F#1' WFSJpFS ੜ੒ MPBE

    #1'
    CZUFDPEF NBQ USBDJOH ॻ͖ࠐΈ ࢀর LQSPCFT 'JMFTZTUFNΛτϨʔεͯ͠
    ϑΝΠϧͷ
    PQFO
    SFBE
    XSJUF
    ͳͲʹ͔͔Δ࣌ؒΛܭଌͯ͠
    ϘτϧωοΫΛ୳͢ 

47. LQSPCFT
    
    F#1' VTFS LFSOFM ϓϩάϥϜ #1'
    CZUFDPEF F#1' WFSJpFS ੜ੒ MPBE

    #1'
    CZUFDPEF NBQ USBDJOH ॻ͖ࠐΈ ࢀর LQSPCFT 00.LJMMFSΛτϨʔε͠
    ͦͷॠؒͷͱ͋ΔϓϩάϥϜͷ
    UBTL@TUSVDUߏ଄ମͷத਎Λ
    μϯϓͯ͠ݪҼΛ୳͢ 

48. 9%1
    F9QSFTT
    %BUB
    1BUI  ύέοτΛ
    ,FSOFM
    ͷ
    /FUXPSL
    4UBDL
    
    ʹ౉͞ΕΔલͷυϥΠόϨϕϧͰ੍ޚͰ͖Δ

49. JQUBCMFT /*$ %SJWFS "QQMJDBUJPO OFUpMUFS %301 "$$&15 VTFS LFSOFM 

    JQUBCMFT /FUXPSL
    4UBDL

50. JQUBCMFT
    XJUI
    #1' /*$ %SJWFS /FUXPSL
    4UBDL "QQMJDBUJPO "$$&15 VTFS LFSOFM  JQUBCMFT

    D#1' %301 CZUFDPEF

51. 9%1 /*$ %SJWFS /FUXPSL
    4UBDL "QQMJDBUJPO "$$&15 VTFS LFSOFM  9%1
    1SPH

    %301 F#1' CZUFDPEF

52. 9%1 /*$ %SJWFS /FUXPSL
    4UBDL "QQMJDBUJPO VTFS LFSOFM 9%1 %301 "$$&15

    ωοτϫʔΫυϥΠόϨϕϧͰ
    ύέοτͷૢ࡞͕Ͱ͖Δʂ ରԠ͍ͯ͠ΔωοτϫʔΫυϥΠό͸ҎԼΛࢀর
    IUUQTHJUIVCDPNJPWJTPSCDDCMPCNBTUFSEPDTLFSOFMWFSTJPOTNEYEQ 

53. 9%1 /*$ %SJWFS /FUXPSL
    4UBDL "QQMJDBUJPO VTFS LFSOFM 9%1 %301 "$$&15

    ଎ 

54. 9%1 /*$ %SJWFS /FUXPSL
    4UBDL "QQMJDBUJPO VTFS LFSOFM 9%1 %301 "$$&15

    %%P4ରࡦ
    ηΩϡϦςΟରࡦ
    -#
    ೔ຊͰ΋ࣄྫ͋Γ 

55. ເ͕޿͕Γ·͢Ͷʁ 

56. ·ͱΊ #1'͸6TFSTQBDFͰ࡞੒ͨ͠#ZUFDPEFΛ ,FSOFMͰ࣮ߦ͢Δࣄ͕Ͱ͖Δɻ D#1'͸ύέοτ΍γεςϜίʔϧΛϑΟϧλ
    Ϧϯά͢Δ͜ͱ͕Ͱ͖Δɻ F#1'͸LQSPCF΍VQSPCFΛར༻ͨ͠τϨʔε ΍9%1ͷΑ͏ͳ%SJWFSϨϕϧͷߴ଎ͳύέο τૢ࡞͕Ͱ͖Δɻଞʹ΋ػೳ͕͋Δɻ 7FSJpFSʹΑΓ҆શʹίʔυΛ࣮ߦͰ͖Δɻ .BQʹΑΓಈతʹσʔλͷ΍ΓऔΓ͕Ͱ͖Δɻ

57. དྷ೥΋΍͍͖ͬͯ·͠ΐ͏ʂ 

58. ͝ਗ਼ௌ͋Γ͕ͱ͏͍͟͝·ͨ͠ʂ