Upgrade to Pro — share decks privately, control downloads, hide ads and more …

eBPF入門 /eBPF-getting-started

Takuma Kume
December 16, 2017
Technology
6
6.5k

eBPF入門 /eBPF-getting-started

KIXS vol.006 LT 10 min
https://kixs.connpass.com/event/69643/

ブログ
https://takumakume.tech/blog/2017-12-18-ebpf-getting-started/

Takuma Kume

December 16, 2017
Tweet

More Decks by Takuma Kume

See All by Takuma Kume
ロリポップ! for Gamersを支えるインフラ/lolipop for gamers infrastructure
takumakume
0
420
ロリポップ! for Gamersの立ち上げ/lolipop for gamers launch
takumakume
0
1.8k
ホモグラフドメインを検出してみた/detect homograph domain
takumakume
0
410
ソフトウェアの継続的アップデートをコンテナ化によって加速させる/Accelerate continuous software updates with containerization
takumakume
0
4.6k
KubernetesにおけるSBOMを利用した脆弱性管理/Vulnerability_Management_with_SBOM_in_Kubernetes
takumakume
1
2k
ホスティング事業におけるSREの取り組みとSREの面白さ/SRE Efforts in the Hosting Business and the Interest of SRE
takumakume
1
2.3k
GitOpsで実現するPull Request毎のプレビュー環境/Preview environment for each Pull Request by GitOps
takumakume
0
1.5k
Goでkubernetes operatorを実装してアプリのプレビュー環境を作る/go-kubernetes-operator
takumakume
0
160
クラウドネイティブな開発環境への移行/Move to the cloud native development environment
takumakume
1
570

Other Decks in Technology

See All in Technology
BLADE: An Attempt to Automate Penetration Testing Using Autonomous AI Agents
bbrbbq
0
290
TypeScript、上達の瞬間
sadnessojisan
46
13k
【若手エンジニア応援LT会】ソフトウェアを学んできた私がインフラエンジニアを目指した理由
kazushi_ohata
0
150
オープンソースAIとは何か? --「オープンソースAIの定義 v1.0」詳細解説
shujisado
5
630
rootlessコンテナのすゝめ - 研究室サーバーでもできる安全なコンテナ管理
kitsuya0828
3
380
SSMRunbook作成の勘所_20241120
koichiotomo
2
130
隣接領域をBeyondするFinatextのエンジニア組織設計 / beyond-engineering-areas
stajima
1
270
Terraform未経験の御様に対してどの ように導⼊を進めていったか
tkikuchi
2
430
CysharpのOSS群から見るModern C#の現在地
neuecc
2
3.1k
OCI 運用監視サービス 概要
oracle4engineer
PRO
0
4.8k
ISUCONに強くなるかもしれない日々の過ごしかた/Findy ISUCON 2024-11-14
fujiwara3
8
870
OCI Network Firewall 概要
oracle4engineer
PRO
0
4.1k

Featured

See All Featured
The Power of CSS Pseudo Elements
geoffreycrofte
73
5.3k
Producing Creativity
orderedlist
PRO
341
39k
A designer walks into a library…
pauljervisheath
203
24k
Put a Button on it: Removing Barriers to Going Fast.
kastner
59
3.5k
Learning to Love Humans: Emotional Interface Design
aarron
273
40k
Practical Orchestrator
shlominoach
186
10k
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
marcduiker
25
1.8k
Documentation Writing (for coders)
carmenintech
65
4.4k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
38
1.8k
Fashionably flexible responsive web design (full day workshop)
malarkey
405
65k
Typedesign – Prime Four
hannesfritz
40
2.4k
The Straight Up "How To Draw Better" Workshop
denniskardys
232
140k

Transcript

  1. ٱถ୓അ(.01FQBCP *OD  ,JYTWPM-5NJO F#1'ೖ໳

  2. (.0ϖύϘΠϯϑϥΤϯδχΞ ٱถ୓അ!UBLVNBLVNF ϗεςΟϯάࣄۀ෦ IUUQTUBLVNBLVNFUFDI 

  3. None

  4. Έͳ͞Μ͸#1'ͯ͠·͔͢ʁ 

  5. #1'JT #FSLFMFZ1BDLFU'JMUFS -JOVYLFSOFMʹ࣮૷͞Ε͍ͯΔ ύέοτͷΩϟϓνϟ΍ϑΟϧλΛߦ͏ͨΊͷ ΠϯλʔϑΣΠε 

  6. UDQEVNQ  

  7. UDQEVNQ  ~$ sudo tcpdump port 80 tcpdump: verbose output

    suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes 00:27:12.580101 IP 192.168.0.18.61285 > archlinux.vagrant.vm.http: Flags [S], seq 1854919014, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val 844367687 ecr 0,sackOK,eol], length 0 : : ຖ೔ୟ͍͍ͯΔ͍ͭ΋ͷ΍ͭͰ͢Ͷ 

  8. UDQEVNQ #1' 

  9. #1' /*$ 5$14UBDL UDQEVNQ VTFS LFSOFM LFSOFM OFUXPSL 

  10. #1' /*$ 5$14UBDL UDQEVNQ tcpdump port 80 VTFS LFSOFM LFSOFM

    OFUXPSL 

  11. #1' /*$ 5$14UBDL UDQEVNQ tcpdump port 80 VTFS LFSOFM LFSOFM

    OFUXPSL #1' CZUFDPEF UDQEVNQ͸ #1'༻ʹϓϩάϥϜΛ ίϯύΠϧͯ͠LFSOFM Ͱ࣮ߦ͢Δ 

  12. #1' /*$ 5$14UBDL UDQEVNQ tcpdump port 80 OHJOY VTFS LFSOFM

    LFSOFM OFUXPSL #1' 130( UDQEVNQ͸ #1'༻ʹϓϩάϥϜΛ ίϯύΠϧͯ͠LFSOFM Ͱ࣮ߦ͢Δ $ sudo tcpdump -d 'port 80' (000) ldh [12] (001) jeq #0x86dd jt 2 jf 10 (002) ldb [20] (003) jeq #0x84 jt 6 jf 4 (004) jeq #0x6 jt 6 jf 5 (005) jeq #0x11 jt 6 jf 23 (006) ldh [54] : BPF Assembler 

  13. #1' /*$ 5$14UBDL UDQEVNQ tcpdump port 80 OHJOY VTFS LFSOFM

    LFSOFM OFUXPSL #1' 130( UDQEVNQ͸ #1'༻ʹϓϩάϥϜΛ ίϯύΠϧͯ͠LFSOFM Ͱ࣮ߦ͢Δ ~$ sudo tcpdump -dd 'port 80' { 0x28, 0, 0, 0x0000000c }, { 0x15, 0, 8, 0x000086dd }, { 0x30, 0, 0, 0x00000014 }, { 0x15, 2, 0, 0x00000084 }, { 0x15, 1, 0, 0x00000006 }, { 0x15, 0, 17, 0x00000011 }, { 0x28, 0, 0, 0x00000036 }, { 0x15, 14, 0, 0x00000050 }, : BPF Bytecode 

  14. #1' /*$ 5$14UBDL UDQEVNQ tcpdump port 80 VTFS LFSOFM LFSOFM

    OFUXPSL 5$1QPSU #1' CZUFDPEF 

  15. #1' /*$ 5$14UBDL UDQEVNQ tcpdump port 80 VTFS LFSOFM LFSOFM

    OFUXPSL UFSNJOBM දࣔ 5$1QPSU #1' CZUFDPEF 

  16. #1'JT #FSLFMFZ1BDLFU'JMUFS -JOVYLFSOFMʹ࣮૷͞Ε͍ͯΔ ύέοτͷΩϟϓνϟ΍ϑΟϧλΛߦ͏ͨΊͷ ΠϯλʔϑΣΠε 6TFSMBOEͰ࡞੒ͨ͠#1'#ZUFDPEFΛ ,FSOFMMBOEͰ࣮ߦ͢Δ ύέοτΩϟϓνϟҎ֎ͷ༻్ʹ΋࢖ΘΕ͍ͯΔ 

  17. TFDDPNQ  

  18. TFDDPNQ ࢦఆͨ͠TZTUFNDBMMΛ࣮ߦͰ͖ͳ͍Α͏ʹ͢Δ -JOVYLFSOFMͷػೳ ͜͜Ͱ͍͏TFDDPNQ͸-JOVYLFSOFMҎ߱ͷ TFDDPNQNPEFΛࢦ͢ TFDDPNQNPEF͸ɺϑΟϧλϦϯάʹ#1'͕ ࢖ΘΕ͓ͯΒͣɺॊೈੑ͕ͳ͍ػೳͩͬͨ 

  19. #1' ϓϩάϥϜ VTFS LFSOFM LFSOFM 

  20. #1' ϓϩάϥϜ VTFS LFSOFM LFSOFM ࣮ߦ 

  21. #1' ϓϩάϥϜ VTFS LFSOFM TFDDPNQ  ࣮ߦ LFSOFM ࣮ߦ ྫͱͯ͠XSJUF

     Λ੍ݶ͢Δ 

  22. #1' ϓϩάϥϜ VTFS LFSOFM TFDDPNQ  ࣮ߦ LFSOFM ࣮ߦ ͜ͷϓϩηεͰ͸XSJUF

      ͕࣮ߦͰ͖ͳ͘ͳΔ #1'༻ʹϓϩάϥϜΛ ίϯύΠϧͯ͠ LFSOFMͰ࣮ߦ͢Δ #1' CZUFDPEF  ྫͱͯ͠XSJUF  Λ੍ݶ͢Δ

  23. #1' ϓϩάϥϜ VTFS LFSOFM TFDDPNQ  ࣮ߦ LFSOFM ࣮ߦ PQFO

     ࣮ߦ ڐՄ #1' CZUFDPEF  ྫͱͯ͠XSJUF  Λ੍ݶ͢Δ

  24. #1' ϓϩάϥϜ VTFS LFSOFM TFDDPNQ  ࣮ߦ LFSOFM ࣮ߦ PQFO

     ࣮ߦ XSJUF  ࣮ߦ #1' CZUFDPEF ڋ൱ 

  25. Έͳ͞Μ#1'ָ͍͠Ͱ͔͢ʁ 

  26. ָ͍͠Ͱ͢Ͷʁ 

  27. F#1'ೖ໳

  28. F#1' &YUFOEFE#1' 

  29. F#1' -JOVYLFSOFMҎ߱Ͱ࣮૷͞Ε͍ͯΔ #1'ͷ֦ு࣮૷ VQSPCFTVTFSMFWFMEZOBNJDUSBDJOH LQSPCFTLFSOFMEZOBNJDUSBDJOH 9%1F9QSFTT%BUB1BUI ύέοτΛ,FSOFMͷ/FUXPSL4UBDLʹ ౉͞ΕΔલͷυϥΠόϨϕϧͰ੍ޚͰ͖Δ FUD 

  30. IUUQTHJUIVCDPNUPSWBMETMJOVYCMPCWJODMVEFUSBDFFWFOUTCQGI 

  31. IUUQTHJUIVCDPNUPSWBMETMJOVYCMPCWJODMVEFUSBDFFWFOUTCQGI 

  32. F#1'ͷͬ͘͟Γͱͨ͠࢓૊Έ 

  33. LQSPCFT F#1' ,FSOFMEZOBNJDUSBDJOH 

  34. LQSPCFT LFSOFM ໋ྩ ໋ྩ ໋ྩ ໋ྩ ϒϨʔΫϙΠϯτ LQSPCFT NPEVMF ஫ೖ

    TBWFDPOUFYU SFTUPSFDPOUFYU ࣮ߦ͍ͨ͠ॲཧ KNQ LFSOFMʹϒϨʔΫϙΠϯτΛઃఆ͠ϓϩάϥϜΛ࣮ߦͰ͖Δػೳ 

  35. VTFS LFSOFM ϓϩάϥϜ F#1' LQSPCFT LQSPCFT F#1' 

  36. VTFS LFSOFM ϓϩάϥϜ #1'CZUFDPEF F#1' ੜ੒ LQSPCFT LQSPCFT F#1' 

  37. VTFS LFSOFM ϓϩάϥϜ #1'CZUFDPEF F#1' WFSJpFS ੜ੒ MPBE LQSPCFT LQSPCFT

    F#1' 

  38. VTFS LFSOFM ϓϩάϥϜ #1'CZUFDPEF F#1' WFSJpFS ੜ੒ MPBE LQSPCFT ϓϩάϥϜͷ҆શੑ

    ΛνΣοΫ LQSPCFT F#1' 

  39. VTFS LFSOFM ϓϩάϥϜ #1'CZUFDPEF F#1' WFSJpFS ੜ੒ MPBE #1'CZUFDPEF LQSPCFT

    LQSPCFT F#1' 

  40. VTFS LFSOFM ϓϩάϥϜ #1'CZUFDPEF F#1' WFSJpFS ੜ੒ MPBE #1'CZUFDPEF NBQ

    ੜ੒ 6TFS,FSOFMؒͰσʔλͷ΍ΓऔΓΛ͢Δ )BTI "SSBZ FUDʜ LQSPCFT LQSPCFT F#1' 

  41. LQSPCFT F#1' VTFS LFSOFM ϓϩάϥϜ #1'CZUFDPEF F#1' WFSJpFS ੜ੒ MPBE

    #1'CZUFDPEF NBQ USBDJOH ॻ͖ࠐΈ ࢀর LQSPCFT 

  42. LQSPCFT F#1' VTFS LFSOFM ϓϩάϥϜ #1'CZUFDPEF F#1' WFSJpFS ੜ੒ MPBE

    #1'CZUFDPEF NBQ USBDJOH ॻ͖ࠐΈ ࢀর LQSPCFT F#1'WFSJpFSʹΑͬͯ ҆શʹίʔυΛ࣮ߦͰ͖Δʂ 

  43. LQSPCFT F#1' VTFS LFSOFM ϓϩάϥϜ #1'CZUFDPEF F#1' WFSJpFS ੜ੒ MPBE

    #1'CZUFDPEF NBQ USBDJOH ॻ͖ࠐΈ ࢀর LQSPCFT F#1'NBQʹΑͬͯ 6TFSTQBDFͱ,FSOFMͰಈత ʹσʔλΛڞ༗Ͱ͖Δʂ 

  44. LQSPCFT F#1' VTFS LFSOFM ϓϩάϥϜ #1'CZUFDPEF F#1' WFSJpFS ੜ੒ MPBE

    #1'CZUFDPEF NBQ USBDJOH ॻ͖ࠐΈ ࢀর LQSPCFT Կͷ໾ཱͪ·͔͢ʁ 

  45. LQSPCFT F#1' VTFS LFSOFM ϓϩάϥϜ #1'CZUFDPEF F#1' WFSJpFS ੜ੒ MPBE

    #1'CZUFDPEF NBQ USBDJOH ॻ͖ࠐΈ ࢀর LQSPCFT .FNPSZBMMPDBUJPOΛτϨʔε ͯ͠ɺ.FNPSZMFBLΛ୳͢ 

  46. LQSPCFT F#1' VTFS LFSOFM ϓϩάϥϜ #1'CZUFDPEF F#1' WFSJpFS ੜ੒ MPBE

    #1'CZUFDPEF NBQ USBDJOH ॻ͖ࠐΈ ࢀর LQSPCFT 'JMFTZTUFNΛτϨʔεͯ͠ ϑΝΠϧͷPQFO SFBE XSJUF ͳͲʹ͔͔Δ࣌ؒΛܭଌͯ͠ ϘτϧωοΫΛ୳͢ 

  47. LQSPCFT F#1' VTFS LFSOFM ϓϩάϥϜ #1'CZUFDPEF F#1' WFSJpFS ੜ੒ MPBE

    #1'CZUFDPEF NBQ USBDJOH ॻ͖ࠐΈ ࢀর LQSPCFT 00.LJMMFSΛτϨʔε͠ ͦͷॠؒͷͱ͋ΔϓϩάϥϜͷ UBTL@TUSVDUߏ଄ମͷத਎Λ μϯϓͯ͠ݪҼΛ୳͢ 

  48. 9%1 F9QSFTT%BUB1BUI  ύέοτΛ,FSOFMͷ/FUXPSL4UBDL ʹ౉͞ΕΔલͷυϥΠόϨϕϧͰ੍ޚͰ͖Δ

  49. JQUBCMFT /*$ %SJWFS "QQMJDBUJPO OFUpMUFS %301 "$$&15 VTFS LFSOFM 

    JQUBCMFT /FUXPSL4UBDL

  50. JQUBCMFTXJUI#1' /*$ %SJWFS /FUXPSL4UBDL "QQMJDBUJPO "$$&15 VTFS LFSOFM  JQUBCMFT

    D#1' %301 CZUFDPEF

  51. 9%1 /*$ %SJWFS /FUXPSL4UBDL "QQMJDBUJPO "$$&15 VTFS LFSOFM  9%11SPH

    %301 F#1' CZUFDPEF

  52. 9%1 /*$ %SJWFS /FUXPSL4UBDL "QQMJDBUJPO VTFS LFSOFM 9%1 %301 "$$&15

    ωοτϫʔΫυϥΠόϨϕϧͰ ύέοτͷૢ࡞͕Ͱ͖Δʂ ରԠ͍ͯ͠ΔωοτϫʔΫυϥΠό͸ҎԼΛࢀর IUUQTHJUIVCDPNJPWJTPSCDDCMPCNBTUFSEPDTLFSOFMWFSTJPOTNEYEQ 

  53. 9%1 /*$ %SJWFS /FUXPSL4UBDL "QQMJDBUJPO VTFS LFSOFM 9%1 %301 "$$&15

    ଎ 

  54. 9%1 /*$ %SJWFS /FUXPSL4UBDL "QQMJDBUJPO VTFS LFSOFM 9%1 %301 "$$&15

    %%P4ରࡦ ηΩϡϦςΟରࡦ -# ೔ຊͰ΋ࣄྫ͋Γ 

  55. ເ͕޿͕Γ·͢Ͷʁ 

  56. ·ͱΊ #1'͸6TFSTQBDFͰ࡞੒ͨ͠#ZUFDPEFΛ ,FSOFMͰ࣮ߦ͢Δࣄ͕Ͱ͖Δɻ D#1'͸ύέοτ΍γεςϜίʔϧΛϑΟϧλ Ϧϯά͢Δ͜ͱ͕Ͱ͖Δɻ F#1'͸LQSPCF΍VQSPCFΛར༻ͨ͠τϨʔε ΍9%1ͷΑ͏ͳ%SJWFSϨϕϧͷߴ଎ͳύέο τૢ࡞͕Ͱ͖Δɻଞʹ΋ػೳ͕͋Δɻ 7FSJpFSʹΑΓ҆શʹίʔυΛ࣮ߦͰ͖Δɻ .BQʹΑΓಈతʹσʔλͷ΍ΓऔΓ͕Ͱ͖Δɻ

  57. དྷ೥΋΍͍͖ͬͯ·͠ΐ͏ʂ 

  58. ͝ਗ਼ௌ͋Γ͕ͱ͏͍͟͝·ͨ͠ʂ