Upgrade to Pro — share decks privately, control downloads, hide ads and more …

ipftrace: A Linux Function Tracer for Network P...

Yutaro Hayakawa
June 06, 2020
Technology
4
5.7k

ipftrace: A Linux Function Tracer for Network People

Kernel/VM/探検隊online part1での発表資料

Yutaro Hayakawa

June 06, 2020
Tweet

More Decks by Yutaro Hayakawa

See All by Yutaro Hayakawa
How is Cilium Tested?
yutarohayakawa
5
340
eBPFのこれまでとこれから
yutarohayakawa
10
5.4k
NetKit Device
yutarohayakawa
5
980
eBPFは何が嬉しいのか?
yutarohayakawa
3
1.9k
BufferbloatとLinux
yutarohayakawa
4
1.2k
Prism: Proxies without the Pain
yutarohayakawa
0
220
きっと明日から役立つeBPFのしくみ
yutarohayakawa
9
3.8k
eBPFをFreeBSDにポーティングしようとしている話
yutarohayakawa
4
3.1k
eBPF Implementation for FreeBSD
yutarohayakawa
0
350

Other Decks in Technology

See All in Technology
コンテナセキュリティのためのLandlock入門
nullpo_head
2
320
10個のフィルタをAXI4-Streamでつなげてみた
marsee101
0
160
Amazon VPC Lattice 最新アップデート紹介 - PrivateLink も似たようなアップデートあったけど違いとは
bigmuramura
0
190
開発生産性向上! 育成を「改善」と捉えるエンジニア育成戦略
shoota
2
310
成果を出しながら成長する、アウトプット駆動のキャッチアップ術 / Output-driven catch-up techniques to grow while producing results
aiandrox
0
260
NW-JAWS #14 re:Invent 2024(予選落ち含)で 発表された推しアップデートについて
nagisa53
0
260
NilAway による静的解析で「10 億ドル」を節約する #kyotogo / Kyoto Go 56th
ytaka23
3
380
TSKaigi 2024 の登壇から広がったコミュニティ活動について
tsukuha
0
160
マイクロサービスにおける容易なトランザクション管理に向けて
scalar
0
110
サイバー攻撃を想定したセキュリティガイドライン 策定とASM及びCNAPPの活用方法
syoshie
3
1.2k
podman_update_2024-12
orimanabu
1
270
ハイテク休憩
sat
PRO
2
140

Featured

See All Featured
Reflections from 52 weeks, 52 projects
jeffersonlam
347
20k
Statistics for Hackers
jakevdp
796
220k
Code Review Best Practice
trishagee
65
17k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
32
2.7k
ReactJS: Keep Simple. Everything can be a component!
pedronauck
665
120k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
26
1.5k
KATA
mclloyd
29
14k
Art, The Web, and Tiny UX
lynnandtonic
298
20k
The Illustrated Children's Guide to Kubernetes
chrisshort
48
48k
Building Adaptive Systems
keathley
38
2.3k
Product Roadmaps are Hard
iamctodd
PRO
49
11k
The Invisible Side of Design
smashingmag
298
50k

Transcript

  1. JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS /FUXPSL1FPQMF 201 / :VUBSP )BZBLBXB ZIBZBLBXB!HNBJMDPN

  2. 8IPBN* • :VUBSP )BZBLBXB 5XJUUFS!:VUBSP)BZBLBXB • 48&!-*/&גࣜձࣾ • ࣗࣾΫϥ΢υͷωοτϫʔΫιϑτ΢ΣΞ։ൃνʔϜ •

    ιϑτ΢ΣΞϩʔυόϥϯαͷ։ൃɾӡ༻ • ͦͷଞ • F#1'Λ'SFF#4%ʹҠ২͢Δ(4P$ϓϩδΣΫτ ݱࡏ΋։ൃத • Χʔωϧ7.͸ճ໨ લճ͖ͬͱ໌೔͔Β໾ཱͭF#1'ͷ࢓૊Έ JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB 

  3. "HFOEB • -JOVYͷωοτϫʔΫػೳͷσόοάπʔϧJQGUSBDFΛ࡞ͬͨ࿩ JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB 

  4. JQGUSBDF • -JOVYͷOFUXPSLػೳʹಛԽͨؔ͠਺ίʔϧτϨʔαʔ • ΧʔωϧͷதͰ͋Δύέοτ͕Ͳͷؔ਺Λ௨͔ͬͨͷτϨʔε͕औΕΔ JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB  // TCP10.0.0.10

       # iptables -t raw -A OUTPUT -p tcp -d 10.0.0.10 -j MARK --set-mark 0xdeadbeef # ipft -m 0xdeadbeef

  5. 0VUQVU JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB  Attaching program (total 1803, succeeded 1052,

    failed 751 filtered: 0) Trace ready! Samples: 246 Lost: 0^C Trace done! === 3347634373462 0000 selinux_ipv4_output (len: 5764 gso_type: tcpv4) 3347634379670 0000 ip_output (len: 5764 gso_type: tcpv4) 3347634382597 0000 nf_hook_slow (len: 5764 gso_type: tcpv4) 3347634385879 0000 selinux_ipv4_postroute (len: 5764 gso_type: tcpv4) 3347634388958 0000 selinux_ip_postroute (len: 5764 gso_type: tcpv4) 3347634391979 0000 ip_finish_output (len: 5764 gso_type: tcpv4) 3347634394932 0000 __cgroup_bpf_run_filter_skb (len: 5764 gso_type: tcpv4) 3347634398196 0000 ip_finish_output2 (len: 5764 gso_type: tcpv4) 3347634401431 0000 neigh_direct_output (len: 5764 gso_type: tcpv4) 3347634404503 0000 dev_queue_xmit (len: 5764 gso_type: tcpv4) 3347634407363 0000 __dev_queue_xmit (len: 5764 gso_type: tcpv4) 3347634410290 0000 netdev_pick_tx (len: 5764 gso_type: tcpv4) 3347634413287 0000 validate_xmit_skb (len: 5764 gso_type: tcpv4) 3347634416425 0000 netif_skb_features (len: 5764 gso_type: tcpv4) 3347634419602 0000 skb_network_protocol (len: 5764 gso_type: tcpv4) 3347634422951 0000 skb_csum_hwoffload_help (len: 5764 gso_type: tcpv4) ύέοτ͕ʮ௨ͬͨʯؔ਺ $16*% 5JNF4UBNQ Ћ Ϣʔβఆٛͷσʔλ

  6. 0VUQVU JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB  3347634425930 0000 validate_xmit_xfrm (len: 5764 gso_type:

    tcpv4) 3347634429001 0000 dev_hard_start_xmit (len: 5764 gso_type: tcpv4) 3347634432145 0000 iptunnel_handle_offloads (len: 5764 gso_type: tcpv4) 3347634435381 0000 ip_rt_update_pmtu (len: 5764 gso_type: tcpv4|ipxip4) 3347634438569 0000 iptunnel_xmit (len: 5764 gso_type: tcpv4|ipxip4) 3347634441580 0000 skb_scrub_packet (len: 5764 gso_type: tcpv4|ipxip4) 3347634444653 0000 skb_push (len: 5764 gso_type: tcpv4|ipxip4) 3347634447795 0000 ip_local_out (len: 5784 gso_type: tcpv4|ipxip4) 3347634450651 0000 __ip_local_out (len: 5784 gso_type: tcpv4|ipxip4) 3347634453520 0000 nf_hook_slow (len: 5784 gso_type: tcpv4|ipxip4) 3347634456546 0000 selinux_ipv4_output (len: 5784 gso_type: tcpv4|ipxip4) 3347634459478 0000 ip_output (len: 5784 gso_type: tcpv4|ipxip4) 3347634462317 0000 nf_hook_slow (len: 5784 gso_type: tcpv4|ipxip4) 3347634465284 0000 selinux_ipv4_postroute (len: 5784 gso_type: tcpv4|ipxip4) 3347634468208 0000 selinux_ip_postroute (len: 5784 gso_type: tcpv4|ipxip4) 3347634471081 0000 ip_finish_output (len: 5784 gso_type: tcpv4|ipxip4) 3347634474005 0000 ip_finish_output2 (len: 5784 gso_type: tcpv4|ipxip4) 3347634477149 0000 neigh_resolve_output (len: 5784 gso_type: tcpv4|ipxip4) 3347634480256 0000 eth_header (len: 5784 gso_type: tcpv4|ipxip4) 3347634483169 0000 skb_push (len: 5784 gso_type: tcpv4|ipxip4) 3347634486125 0000 dev_queue_xmit (len: 5798 gso_type: tcpv4|ipxip4)

  7. 0VUQVU JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB  3347634488963 0000 __dev_queue_xmit (len: 5798 gso_type:

    tcpv4|ipxip4) 3347634491902 0000 netdev_pick_tx (len: 5798 gso_type: tcpv4|ipxip4) 3347634494765 0000 validate_xmit_skb (len: 5798 gso_type: tcpv4|ipxip4) 3347634497750 0000 netif_skb_features (len: 5798 gso_type: tcpv4|ipxip4) 3347634500779 0000 passthru_features_check (len: 5798 gso_type: tcpv4|ipxip4) 3347634503730 0000 skb_network_protocol (len: 5798 gso_type: tcpv4|ipxip4) 3347634506729 0000 skb_csum_hwoffload_help (len: 5798 gso_type: tcpv4|ipxip4) 3347634509655 0000 validate_xmit_xfrm (len: 5798 gso_type: tcpv4|ipxip4) 3347634512554 0000 dev_hard_start_xmit (len: 5798 gso_type: tcpv4|ipxip4) 3347634515513 0000 dev_forward_skb (len: 5798 gso_type: tcpv4|ipxip4) 3347634518497 0000 __dev_forward_skb (len: 5798 gso_type: tcpv4|ipxip4) 3347634521441 0000 skb_scrub_packet (len: 5798 gso_type: tcpv4|ipxip4)

  8. .PUJWBUJPO • ࢓ࣄฑ-JOVYͷωοτϫʔΫػೳΛϔϏʔʹ࢖͏ • ϧʔλʔͱͯ͠ /"5ͱͯ͠ '8ͱͯ͠ -#ͱͯ͠ • ύέοτ͸ԟʑʹͯ͠Ͳ͔͍ͬ͘!

    • ຊ౰ʹͲ͏ͯ͠΋ݪҼ͕Θ͔Βͳ͍ͱ͖ʹ͸ιʔεΛݟΔ͔͠ͳ͍ • ιʔεಡΜ͚ͩͩͰΘ͔Δ͜ͱ͸গͳ͍ • ࣮ߦͯ͠ڍಈΛ֬ೝ͍ͨ͠ JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB 

  9. 4ZTUFN5BQ CQGUSBDF • $ͱBXLΛ߹ΘͤͨΑ͏ͳ%4-Λ࢖ͬͯτϨʔε͕ॻ͚Δ • ؔ਺ͷݺͼग़͠ͳͲΛϑοΫͯ͠Ҿ਺ͷ஋ͳͲΛग़ྗ͢Δ͜ͱ͕Ͱ͖Δ • τϨʔε͢Δର৅͸Ϣʔβ͕બͿඞཁ͕͋ΔͷͰԿ΋ख͕͔Γ͕ͳ͍ঢ়ଶͰ͸গʑ࢖͍ͮΒ͍ JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB

     // bpftrace" // open(2) ! !  tracepoint:syscalls:sys_enter_open { printf("%s %s¥n", comm, str(args->filename)); } //   IO    tracepoint:block:block_rq_issue { @[args->comm] = hist(args->bytes); }

  10. GUSBDF • Χʔωϧશମͷؔ਺ݺͼग़͠ͷτϨʔε͕औΕΔπʔϧ • Կ΋ख͕͔Γ͕ͳ͍ঢ়ଶͰ΋࢖͍΍͍͕͢ εΫϦϓςΟϯάͷػೳ͸ͳ͍ • ग़ྗ͕ϑΝδʔʹͳΓ͕ͪ ωοτϫʔΫͷॲཧҎ֎΋ࠞͬͯ͘͟Δ JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP

    )BZBLBXB  # _-----=> irqs-off # / _----=> need-resched # | / _---=> hardirq/softirq # || / _--=> preempt-depth # ||| / delay # TASK-PID CPU# |||| TIMESTAMP FUNCTION # | | | |||| | | gdbus-8688 [003] .... 105981.564554: vfs_read <-SyS_read bamfdaemon-8170 [002] .... 105981.564584: vfs_writev <-do_writev gdbus-8688 [003] .... 105981.564590: vfs_read <-SyS_read gdbus-8688 [003] .... 105981.564590: __vfs_read <-vfs_read compiz-8331 [007] .... 105981.564706: vfs_writev <-do_writev gdbus-8688 [003] .... 105981.564822: vfs_write <-SyS_write gdbus-8688 [003] .... 105981.564823: __vfs_write <-vfs_write gdbus-8688 [003] .... 105981.983184: vfs_read <-SyS_read gdbus-8688 [003] .... 105981.983187: __vfs_read <-vfs_read

  11. /FUXPSLEPNBJOTQFDJGJDSFRVJSFNFOU • ωοτϫʔΫػೳΛτϨʔε͍ͨ͠ͱ͖ݻ༗ͷ໰୊ • ಛఆͷʮύέοτʯʹؔ܎͢Δॲཧ͚ͩݟΔ͜ͱ͕Ͱ͖ͳ͍ • ྫ͑͹ • 5$1൪Ѽͷύέοτ •

    Ѽઌ͕ͷ*$.1ύέοτ • ؔ਺ݺͼग़͠ͷτϨʔε͚ͩͰ͸ͲͷύέοτΛॲཧ͍ͯ͠Δ͔Θ͔ Βͳ͍ JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB 

  12. 3FRVJSFNFOU • ͜ΜͳτϨʔαʔ͕ཉ͍͠ • Կ΋ख͕͔Γ͕ͳ͍ঢ়ଶͰ࢖͍΍͍͢ ؔ਺ίʔϧτϨʔαʔ • ύέοτΛॲཧ͢Δؔ਺Ҏ֎ʹ͸ͦΜͳʹڵຯ͕ͳ͍ • ύέοτ୯ҐͰτϨʔε͍ͨ͠

    • 4ZTUFN5BQͱ͔CQGUSBDFΈ͍ͨͳTDSJQUJOHͷػೳ΋ཉ͍͠ • ͜ΕΛશ෦ຬͨ͢Α͏ͳτϨʔαʔ͸ͳ͔ͬͨͷͰࣗ෼Ͱ࡞ͬͨ JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB 

  13. )PXJQGUSBDF XPSLT JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB  UDQ@USBOTNJU@TLC JQ@PVUQVU EFW@RVFVF@YNJU • -JOVYͷωοτϫʔΫͷॲཧ͸ύέοτ

    TUSVDUTL@CVGG ΛҾ਺ʹ ͱΔؔ਺ʹύέοτΛ௨͍ͯ͘͠Α͏ͳܗΛ͍ͯ͠Δ int ip_output(struct net *net, struct sock *sk, struct sk_buff *skb) 'SPN TPDLFU UP/*$ TLC

  14. )PXJQGUSBDF XPSLT JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB  • TLCΛҾ਺ʹऔΔؔ਺͚ͩΛશ෦ϑοΫͯ͠TLCͷϙΠϯλ஋͝ͱͰ τϨʔεϩάΛऔΕ͹ύέοτ͕௨ͬͨؔ਺ͷϦετ͕ಘΒΕΔ UDQ@USBOTNJU@TLC JQ@PVUQVU

    EFW@RVFVF@YNJU 'SPN TPDLFU UP/*$ TLC# -PH -PH -PH TLC" BEESFTT<lUDQ@USBOTNJU@TLCz lJQ@PVUQVUz lEFW@RVFVF@YNJUz> TLC# BEESFTT<lUDQ@USBOTNJU@TLCz lJQ@PVUQVUz lEFW@RVFVF@YNJUz> TLC"

  15. )PXJQGUSBDF XPSLT JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB  • TLCʹ lNBSLzΛ͚ͭͯͦΕΛݟΔ͜ͱʹΑͬͯಛఆͷύέοτ͚ͩ ΛτϨʔεͰ͖Δ UDQ@USBOTNJU@TLC

    JQ@PVUQVU EFW@RVFVF@YNJU 'SPN TPDLFU UP/*$ TLC" -PH JGNBSLUBSHFU NBSL TLC" BEESFTT<lUDQ@USBOTNJU@TLCz lJQ@PVUQVUz lEFW@RVFVF@YNJUz> NBSL -PH JGNBSLUBSHFU NBSL -PH JGNBSLUBSHFU NBSL

  16. *NQMFNFOUBUJPO JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB  • TLCΛҾ਺ʹऔΔؔ਺Λશ෦औಘ͢Δ • σόοά৘ใ %8"3'PS#5' Λ࢖͏

    ؔ਺໊ ϙΠϯλܕͷ৘ใ ϙΠϯλ͕ࢦ͍ͯ͠Δ σʔλͷܕ৘ใ

  17. *NQMFNFOUBUJPO JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB  • TLCΛҾ਺ʹऔΔؔ਺Λશ෦ϑοΫͯ͠τϨʔεϩάΛग़͢ • LQSPCF F#1' QFSG@FWFOU

    UDQ@USBOTNJU@TLC F#1' 1SPHSBN JQ@PVUQVU F#1' 1SPHSBN JQGU QSPDFTT 5SBDF -PHT &WFOUEBUB 1FSGSJOHCVGGFS 6TFS ,FSOFM "UUBDI LQSPCF

  18. *NQMFNFOUBUJPO JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB  • TLCʹNBSLΛ͚ͭΔ • TLCNBSLͱ͍͏ࣗ༝ʹ࢖͑ΔCJUͷϑΟʔϧυ͕͋Δ • JQUBCMFT

    OFUGJMUFS ΍UD TFUTPDLPQU 40@."3, ͳͲͰॻ͖ࠐΈ͕Ͱ͖Δ • ͜ΕΒͰهड़Ͱ͖Δ೚ҙͷ৚݅ͰύέοτʹϚʔΫΛ͚ͭΒΕΔ • OFUOTΛ·͙ͨͱফ͑Δ ίϯςφͷτϨʔγϯάʹศར // TCP10.0.0.10     # iptables -t raw -A OUTPUT -p tcp -d 10.0.0.10 -j MARK --set-mark 0xdeadbeef # ipft -m 0xdeadbeef

  19. 4DSJQUJOH JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB  • ؔ਺͕ݺͼग़͞Εͨ࣌ͷTLCʹ͍͍ͭͯΔσʔλ΋ͪΐͬͱݟ͍ͨ • ͪΐͬͱͨ͠ϓϩάϥϚϏϦςΟ͕ཉ͍͠ • -VBͰ֦ுΛॻ͚Δػೳ

    Attaching program (total 1803, succeeded 1052, failed 751 filtered: 0) Trace ready! Samples: 246 Lost: 0^C Trace done! === 3347634373462 0000 selinux_ipv4_output (len: 5764 gso_type: tcpv4) 3347634379670 0000 ip_output (len: 5764 gso_type: tcpv4) 3347634382597 0000 nf_hook_slow (len: 5764 gso_type: tcpv4) 3347634385879 0000 selinux_ipv4_postroute (len: 5764 gso_type: tcpv4) 3347634388958 0000 selinux_ip_postroute (len: 5764 gso_type: tcpv4) 3347634391979 0000 ip_finish_output (len: 5764 gso_type: tcpv4) ͜ͷ෦෼

  20. 4DSJQUJOH JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB  -- void -- custom_function(uint8_t *buf, void

    *ctx, -- struct sk_buff *skb) -- function emit() return BPF.emit({ ... -- Get skb->len BPF.MOV64_REG(BPF.R1, BPF.R6), BPF.MOV64_IMM(BPF.R2, uint_size), BPF.MOV64_REG(BPF.R3, BPF.R8), BPF.ALU64_IMM(BPF.ADD, BPF.R3, len_offset), BPF.CALL_INSN(BPF.FUNC.probe_read), ... }) end function dump(data) len, gso_type = string.unpack(“=I4I4, data) return string.format("(len: %d gso_type: %s)", len, flags2str(gso_type)) end • -VBͰFNJU EVNQͷͭΛॻ͘ͱग़ ྗΛΧελϚΠζͰ͖Δ • FNJU௥ՃͷσʔλΛूΊΔF#1'ͷ όΠτίʔυΛు͘ϚΫϩΞηϯϒ ϥͰॻ͚Δ • EVNQFNJUͰूΊͨσʔλΛ੒ܗ ͨ͠จࣈྻΛు͘

  21. -JOVYWFSTJPOBSDIJUFDUVSFEFQFOEFODZJTTVF • -JOVYͷόʔδϣϯ͕มΘΔͱߏ଄ମͷϑΥʔϚοτ͕มΘΔ • -VBεΫϦϓτͰࢀর͍ͯ͠ΔTLCͷϝϯό౳ • JQGUSBDFຊମͰ࢖͍ͬͯΔTLCNBSL΋ಉ༷ • ͜ΕΒ͸-JOVYͷόʔδϣϯʹΑͬͯΦϑηοτ΍αΠζ͕มΘͬͯ͠·͏ •

    Ͳ͏͢Δ͔ʁ JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB 

  22. -JOVYWFSTJPOBSDIJUFDUVSFEFQFOEFODZJTTVF • σόοά৘ใΛ࢖ͬͯߏ଄ମͷϝϯό ͷΦϑηοτ΍σʔλܕͷαΠζΛ࣮ ߦ࣌ʹղܾ͢Δ • -VB͔Β͸ JQGUPGGTFUPGTJ[FPGUZQFPGΛ࢖ͬͯ σόοά৘ใΛΫΤϦͰ͖ΔΑ͏ʹ͢ Δ

    • ͜ΕͰ-JOVYͷόʔδϣϯʹґଘ͠ͳ͍ Α͏ʹॻ͚Δʂ JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB  function emit() return BPF.emit({ ... -- Get skb->len BPF.MOV64_REG(BPF.R1, BPF.R6), BPF.MOV64_IMM(BPF.R2, ipft.sizeof( ipft.typeof(”sk_buff”, “len”) ) ), BPF.MOV64_REG(BPF.R3, BPF.R8), BPF.ALU64_IMM(BPF.ADD, BPF.R3, ipft.offsetof(”sk_buff”, ”len”) ), BPF.CALL_INSN(BPF.FUNC.probe_read), ... }) end

  23. )PXVTFGVMJUJT • -JOVYͷ43Wͷ540(40ͷॲཧʹόά͕ ͋Γ ಛఆͷઃఆͰੑೳ͕ѱ͘ͳΔ • JQGUSBDFΛ࢖༻ͯ͠ݪҼΛಛఆ • मਖ਼ύονΛVQTUSFBN JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP

    )BZBLBXB  2 : : .2@9 9 6 - 9 1 : 940. 80 /0 : .2 1 9 83 17 36 .97

  24. $PODMVTJPO • -JOVYͷωοτϫʔΫػೳʹಛԽͨ͠σόοάπʔϧJQGUSBDFΛ঺հ • ࢖ָ͍͍ͬͯͯ͠πʔϧͰ͢Χʔωϧ୳ݕ͕௙Γ·͢ • /FUXPSLͳํʑ͸ੋඇ࢖ͬͯΈ͍ͯͩ͘͞ JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB 

    IUUQTHJUIVCDPN:VUBSP)BZBLBXBJQGUSBDF

  25. "QQFOEJY • JQUBCMFTͰύέοτ͕མ͍ͪͯΔ༷ࢠ JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB  548333116979692 0000 iptable_mangle_hook 548333116988109

    0000 tcp_v4_early_demux 548333116992390 0000 ip_route_input_noref 548333117014187 0000 ip_route_input_rcu 548333117020308 0000 __fib_validate_source 548333117025321 0000 ip_local_deliver 548333117028313 0000 iptable_mangle_hook 548333117031775 0000 kfree_skb 548333117035025 0000 skb_release_all 548333117037921 0000 skb_release_head_state 548333117040797 0000 skb_release_data 548333117044159 0000 skb_free_head 548333117069838 0000 kfree_skbmem iptables –A INPUT –t mangle –s 1.1.1.1 –j DROP ͜ͷลΓͰ ϧʔςΟϯά NBOHMFUBCMF ͷೖΓޱ

  26. "QQFOEJY • SQ@GJMUFSʹΑͬͯύέοτ͕མͪΔ༷ࢠ JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB  593441693907269 0000 ip_rcv_finish 593441693921407

    0000 ip_route_input_noref 593441693926953 0000 ip_route_input_rcu 593441693930384 0000 ip_route_input_slow 593441693935998 0000 fib_validate_source 593441693940631 0000 __fib_validate_source 593441693945170 0000 kfree_skb 593441693949104 0000 skb_release_all 593441693953039 0000 skb_release_head_state 593441693956357 0000 skb_release_data 593441693960079 0000 skb_free_head 593441693964360 0000 kfree_skbmem ιʔεΞυϨε ͷݕࠪΛ͢Δ ؔ਺

  27. "QQFOEJY JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB  402343336955099 0000 tcp_v4_fill_cb 402343336958653 0000 tcp_add_backlog

    402343336962128 0000 skb_condense 402343336993878 0000 tcp_v4_do_rcv 402343336998126 0000 tcp_rcv_established 402343337004807 0000 __kfree_skb 402343337008443 0000 skb_release_all 402343337011794 0000 skb_release_head_state 402343337015133 0000 skb_release_data 402343337018458 0000 skb_free_head 402343337021844 0000 kfree_skbmem 402343337527315 0000 iptable_mangle_hook 402343337531219 0000 ip_output 402343337534572 0000 nf_hook_slow 402343337537925 0000 iptable_mangle_hook 402343337541373 0000 ip_finish_output 402343337544750 0000 __cgroup_bpf_run_filter_skb 402343337548311 0000 __ip_finish_output TLCΛղ์͢Δؔ਺

  28. "QQFOEJY JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB  402343336955099 0000 tcp_v4_fill_cb 402343336958653 0000 tcp_add_backlog

    402343336962128 0000 skb_condense 402343336993878 0000 tcp_v4_do_rcv 402343336998126 0000 tcp_rcv_established 402343337004807 0000 __kfree_skb 402343337008443 0000 skb_release_all 402343337011794 0000 skb_release_head_state 402343337015133 0000 skb_release_data 402343337018458 0000 skb_free_head 402343337021844 0000 kfree_skbmem === 402343337527315 0000 iptable_mangle_hook 402343337531219 0000 ip_output 402343337534572 0000 nf_hook_slow 402343337537925 0000 iptable_mangle_hook 402343337541373 0000 ip_finish_output 402343337544750 0000 __cgroup_bpf_run_filter_skb 402343337548311 0000 __ip_finish_output ͜͏ͳͬͯ΄͍͠ ͳ͔ͥͭͷ τϨʔε͕ͬͭ͘͘! ͦΕ΋݁ߏͳස౓Ͱ

  29. "QQFOEJY • -JOVY͸Ωϟογϡͷώοτ཰Λ্͛ΔͨΊʹಉ͡TLCͷϝϞϦΛ࢖ ͍ճ͢ • JQGUSBDF͸TLCͷΞυϨεΛ࢖ͬͯύέοτΛ۠ผ͢Δ • ਓ͕ؒݟΕ͹Θ͔Δ͕ࣗಈͰڥ໨ΛݟΔͷ͸೉͍͠ JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB

     402343337004807 0000 __kfree_skb 402343337008443 0000 skb_release_all 402343337011794 0000 skb_release_head_state 402343337015133 0000 skb_release_data 402343337018458 0000 skb_free_head 402343337021844 0000 kfree_skbmem 402343337527315 0000 iptable_mangle_hook