Upgrade to Pro — share decks privately, control downloads, hide ads and more …

ipftrace: A Linux Function Tracer for Network P...

Yutaro Hayakawa
June 06, 2020
Technology
4
5.8k

ipftrace: A Linux Function Tracer for Network People

Kernel/VM/探検隊online part1での発表資料

Yutaro Hayakawa

June 06, 2020
Tweet

More Decks by Yutaro Hayakawa

See All by Yutaro Hayakawa
How is Cilium Tested?
yutarohayakawa
5
390
eBPFのこれまでとこれから
yutarohayakawa
10
6k
NetKit Device
yutarohayakawa
5
1k
eBPFは何が嬉しいのか?
yutarohayakawa
3
1.9k
BufferbloatとLinux
yutarohayakawa
4
1.3k
Prism: Proxies without the Pain
yutarohayakawa
0
220
きっと明日から役立つeBPFのしくみ
yutarohayakawa
9
4.2k
eBPFをFreeBSDにポーティングしようとしている話
yutarohayakawa
4
3.1k
eBPF Implementation for FreeBSD
yutarohayakawa
0
360

Other Decks in Technology

See All in Technology
データ資産をシームレスに伝達するためのイベント駆動型アーキテクチャ
kakehashi
PRO
2
530
表現を育てる
kiyou77
1
210
モノレポ開発のエラー、誰が見る?Datadog で実現する適切なトリアージとエスカレーション
biwashi
6
800
ハッキングの世界に迫る~攻撃者の思考で考えるセキュリティ~
nomizone
13
5.2k
組織貢献をするフリーランスエンジニアという生き方
n_takehata
1
1.3k
株式会社EventHub・エンジニア採用資料
eventhub
0
4.3k
ホワイトボードチャレンジ 説明&実行資料
ichimichi
0
130
利用終了したドメイン名の最強終活〜観測環境を育てて、分析・供養している件〜 / The Ultimate End-of-Life Preparation for Discontinued Domain Names
nttcom
2
190
オブザーバビリティの観点でみるAWS / AWS from observability perspective
ymotongpoo
8
1.5k
目の前の仕事と向き合うことで成長できる - 仕事とスキルを広げる / Every little bit counts
soudai
24
7.1k
【Developers Summit 2025】プロダクトエンジニアから学ぶ、 ユーザーにより高い価値を届ける技術
niwatakeru
2
1.4k
2024.02.19 W&B AIエージェントLT会 / AIエージェントが業務を代行するための計画と実行 / Algomatic 宮脇
smiyawaki0820
13
3.3k

Featured

See All Featured
[RailsConf 2023] Rails as a piece of cake
palkan
53
5.2k
Git: the NoSQL Database
bkeepers
PRO
427
64k
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
45
9.4k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
280
13k
Save Time (by Creating Custom Rails Generators)
garrettdimon
PRO
29
1k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
133
33k
Automating Front-end Workflow
addyosmani
1368
200k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
100
18k
Designing for Performance
lara
604
68k
Being A Developer After 40
akosma
89
590k
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
193
16k
Java REST API Framework Comparison - PWX 2021
mraible
28
8.4k

Transcript

  1. JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS /FUXPSL1FPQMF 201 / :VUBSP )BZBLBXB ZIBZBLBXB!HNBJMDPN

  2. 8IPBN* • :VUBSP )BZBLBXB 5XJUUFS!:VUBSP)BZBLBXB • 48&!-*/&גࣜձࣾ • ࣗࣾΫϥ΢υͷωοτϫʔΫιϑτ΢ΣΞ։ൃνʔϜ •

    ιϑτ΢ΣΞϩʔυόϥϯαͷ։ൃɾӡ༻ • ͦͷଞ • F#1'Λ'SFF#4%ʹҠ২͢Δ(4P$ϓϩδΣΫτ ݱࡏ΋։ൃத • Χʔωϧ7.͸ճ໨ લճ͖ͬͱ໌೔͔Β໾ཱͭF#1'ͷ࢓૊Έ JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB 

  3. "HFOEB • -JOVYͷωοτϫʔΫػೳͷσόοάπʔϧJQGUSBDFΛ࡞ͬͨ࿩ JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB 

  4. JQGUSBDF • -JOVYͷOFUXPSLػೳʹಛԽͨؔ͠਺ίʔϧτϨʔαʔ • ΧʔωϧͷதͰ͋Δύέοτ͕Ͳͷؔ਺Λ௨͔ͬͨͷτϨʔε͕औΕΔ JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB  // TCP10.0.0.10

       # iptables -t raw -A OUTPUT -p tcp -d 10.0.0.10 -j MARK --set-mark 0xdeadbeef # ipft -m 0xdeadbeef

  5. 0VUQVU JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB  Attaching program (total 1803, succeeded 1052,

    failed 751 filtered: 0) Trace ready! Samples: 246 Lost: 0^C Trace done! === 3347634373462 0000 selinux_ipv4_output (len: 5764 gso_type: tcpv4) 3347634379670 0000 ip_output (len: 5764 gso_type: tcpv4) 3347634382597 0000 nf_hook_slow (len: 5764 gso_type: tcpv4) 3347634385879 0000 selinux_ipv4_postroute (len: 5764 gso_type: tcpv4) 3347634388958 0000 selinux_ip_postroute (len: 5764 gso_type: tcpv4) 3347634391979 0000 ip_finish_output (len: 5764 gso_type: tcpv4) 3347634394932 0000 __cgroup_bpf_run_filter_skb (len: 5764 gso_type: tcpv4) 3347634398196 0000 ip_finish_output2 (len: 5764 gso_type: tcpv4) 3347634401431 0000 neigh_direct_output (len: 5764 gso_type: tcpv4) 3347634404503 0000 dev_queue_xmit (len: 5764 gso_type: tcpv4) 3347634407363 0000 __dev_queue_xmit (len: 5764 gso_type: tcpv4) 3347634410290 0000 netdev_pick_tx (len: 5764 gso_type: tcpv4) 3347634413287 0000 validate_xmit_skb (len: 5764 gso_type: tcpv4) 3347634416425 0000 netif_skb_features (len: 5764 gso_type: tcpv4) 3347634419602 0000 skb_network_protocol (len: 5764 gso_type: tcpv4) 3347634422951 0000 skb_csum_hwoffload_help (len: 5764 gso_type: tcpv4) ύέοτ͕ʮ௨ͬͨʯؔ਺ $16*% 5JNF4UBNQ Ћ Ϣʔβఆٛͷσʔλ

  6. 0VUQVU JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB  3347634425930 0000 validate_xmit_xfrm (len: 5764 gso_type:

    tcpv4) 3347634429001 0000 dev_hard_start_xmit (len: 5764 gso_type: tcpv4) 3347634432145 0000 iptunnel_handle_offloads (len: 5764 gso_type: tcpv4) 3347634435381 0000 ip_rt_update_pmtu (len: 5764 gso_type: tcpv4|ipxip4) 3347634438569 0000 iptunnel_xmit (len: 5764 gso_type: tcpv4|ipxip4) 3347634441580 0000 skb_scrub_packet (len: 5764 gso_type: tcpv4|ipxip4) 3347634444653 0000 skb_push (len: 5764 gso_type: tcpv4|ipxip4) 3347634447795 0000 ip_local_out (len: 5784 gso_type: tcpv4|ipxip4) 3347634450651 0000 __ip_local_out (len: 5784 gso_type: tcpv4|ipxip4) 3347634453520 0000 nf_hook_slow (len: 5784 gso_type: tcpv4|ipxip4) 3347634456546 0000 selinux_ipv4_output (len: 5784 gso_type: tcpv4|ipxip4) 3347634459478 0000 ip_output (len: 5784 gso_type: tcpv4|ipxip4) 3347634462317 0000 nf_hook_slow (len: 5784 gso_type: tcpv4|ipxip4) 3347634465284 0000 selinux_ipv4_postroute (len: 5784 gso_type: tcpv4|ipxip4) 3347634468208 0000 selinux_ip_postroute (len: 5784 gso_type: tcpv4|ipxip4) 3347634471081 0000 ip_finish_output (len: 5784 gso_type: tcpv4|ipxip4) 3347634474005 0000 ip_finish_output2 (len: 5784 gso_type: tcpv4|ipxip4) 3347634477149 0000 neigh_resolve_output (len: 5784 gso_type: tcpv4|ipxip4) 3347634480256 0000 eth_header (len: 5784 gso_type: tcpv4|ipxip4) 3347634483169 0000 skb_push (len: 5784 gso_type: tcpv4|ipxip4) 3347634486125 0000 dev_queue_xmit (len: 5798 gso_type: tcpv4|ipxip4)

  7. 0VUQVU JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB  3347634488963 0000 __dev_queue_xmit (len: 5798 gso_type:

    tcpv4|ipxip4) 3347634491902 0000 netdev_pick_tx (len: 5798 gso_type: tcpv4|ipxip4) 3347634494765 0000 validate_xmit_skb (len: 5798 gso_type: tcpv4|ipxip4) 3347634497750 0000 netif_skb_features (len: 5798 gso_type: tcpv4|ipxip4) 3347634500779 0000 passthru_features_check (len: 5798 gso_type: tcpv4|ipxip4) 3347634503730 0000 skb_network_protocol (len: 5798 gso_type: tcpv4|ipxip4) 3347634506729 0000 skb_csum_hwoffload_help (len: 5798 gso_type: tcpv4|ipxip4) 3347634509655 0000 validate_xmit_xfrm (len: 5798 gso_type: tcpv4|ipxip4) 3347634512554 0000 dev_hard_start_xmit (len: 5798 gso_type: tcpv4|ipxip4) 3347634515513 0000 dev_forward_skb (len: 5798 gso_type: tcpv4|ipxip4) 3347634518497 0000 __dev_forward_skb (len: 5798 gso_type: tcpv4|ipxip4) 3347634521441 0000 skb_scrub_packet (len: 5798 gso_type: tcpv4|ipxip4)

  8. .PUJWBUJPO • ࢓ࣄฑ-JOVYͷωοτϫʔΫػೳΛϔϏʔʹ࢖͏ • ϧʔλʔͱͯ͠ /"5ͱͯ͠ '8ͱͯ͠ -#ͱͯ͠ • ύέοτ͸ԟʑʹͯ͠Ͳ͔͍ͬ͘!

    • ຊ౰ʹͲ͏ͯ͠΋ݪҼ͕Θ͔Βͳ͍ͱ͖ʹ͸ιʔεΛݟΔ͔͠ͳ͍ • ιʔεಡΜ͚ͩͩͰΘ͔Δ͜ͱ͸গͳ͍ • ࣮ߦͯ͠ڍಈΛ֬ೝ͍ͨ͠ JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB 

  9. 4ZTUFN5BQ CQGUSBDF • $ͱBXLΛ߹ΘͤͨΑ͏ͳ%4-Λ࢖ͬͯτϨʔε͕ॻ͚Δ • ؔ਺ͷݺͼग़͠ͳͲΛϑοΫͯ͠Ҿ਺ͷ஋ͳͲΛग़ྗ͢Δ͜ͱ͕Ͱ͖Δ • τϨʔε͢Δର৅͸Ϣʔβ͕બͿඞཁ͕͋ΔͷͰԿ΋ख͕͔Γ͕ͳ͍ঢ়ଶͰ͸গʑ࢖͍ͮΒ͍ JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB

     // bpftrace" // open(2) ! !  tracepoint:syscalls:sys_enter_open { printf("%s %s¥n", comm, str(args->filename)); } //   IO    tracepoint:block:block_rq_issue { @[args->comm] = hist(args->bytes); }

  10. GUSBDF • Χʔωϧશମͷؔ਺ݺͼग़͠ͷτϨʔε͕औΕΔπʔϧ • Կ΋ख͕͔Γ͕ͳ͍ঢ়ଶͰ΋࢖͍΍͍͕͢ εΫϦϓςΟϯάͷػೳ͸ͳ͍ • ग़ྗ͕ϑΝδʔʹͳΓ͕ͪ ωοτϫʔΫͷॲཧҎ֎΋ࠞͬͯ͘͟Δ JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP

    )BZBLBXB  # _-----=> irqs-off # / _----=> need-resched # | / _---=> hardirq/softirq # || / _--=> preempt-depth # ||| / delay # TASK-PID CPU# |||| TIMESTAMP FUNCTION # | | | |||| | | gdbus-8688 [003] .... 105981.564554: vfs_read <-SyS_read bamfdaemon-8170 [002] .... 105981.564584: vfs_writev <-do_writev gdbus-8688 [003] .... 105981.564590: vfs_read <-SyS_read gdbus-8688 [003] .... 105981.564590: __vfs_read <-vfs_read compiz-8331 [007] .... 105981.564706: vfs_writev <-do_writev gdbus-8688 [003] .... 105981.564822: vfs_write <-SyS_write gdbus-8688 [003] .... 105981.564823: __vfs_write <-vfs_write gdbus-8688 [003] .... 105981.983184: vfs_read <-SyS_read gdbus-8688 [003] .... 105981.983187: __vfs_read <-vfs_read

  11. /FUXPSLEPNBJOTQFDJGJDSFRVJSFNFOU • ωοτϫʔΫػೳΛτϨʔε͍ͨ͠ͱ͖ݻ༗ͷ໰୊ • ಛఆͷʮύέοτʯʹؔ܎͢Δॲཧ͚ͩݟΔ͜ͱ͕Ͱ͖ͳ͍ • ྫ͑͹ • 5$1൪Ѽͷύέοτ •

    Ѽઌ͕ͷ*$.1ύέοτ • ؔ਺ݺͼग़͠ͷτϨʔε͚ͩͰ͸ͲͷύέοτΛॲཧ͍ͯ͠Δ͔Θ͔ Βͳ͍ JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB 

  12. 3FRVJSFNFOU • ͜ΜͳτϨʔαʔ͕ཉ͍͠ • Կ΋ख͕͔Γ͕ͳ͍ঢ়ଶͰ࢖͍΍͍͢ ؔ਺ίʔϧτϨʔαʔ • ύέοτΛॲཧ͢Δؔ਺Ҏ֎ʹ͸ͦΜͳʹڵຯ͕ͳ͍ • ύέοτ୯ҐͰτϨʔε͍ͨ͠

    • 4ZTUFN5BQͱ͔CQGUSBDFΈ͍ͨͳTDSJQUJOHͷػೳ΋ཉ͍͠ • ͜ΕΛશ෦ຬͨ͢Α͏ͳτϨʔαʔ͸ͳ͔ͬͨͷͰࣗ෼Ͱ࡞ͬͨ JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB 

  13. )PXJQGUSBDF XPSLT JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB  UDQ@USBOTNJU@TLC JQ@PVUQVU EFW@RVFVF@YNJU • -JOVYͷωοτϫʔΫͷॲཧ͸ύέοτ

    TUSVDUTL@CVGG ΛҾ਺ʹ ͱΔؔ਺ʹύέοτΛ௨͍ͯ͘͠Α͏ͳܗΛ͍ͯ͠Δ int ip_output(struct net *net, struct sock *sk, struct sk_buff *skb) 'SPN TPDLFU UP/*$ TLC

  14. )PXJQGUSBDF XPSLT JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB  • TLCΛҾ਺ʹऔΔؔ਺͚ͩΛશ෦ϑοΫͯ͠TLCͷϙΠϯλ஋͝ͱͰ τϨʔεϩάΛऔΕ͹ύέοτ͕௨ͬͨؔ਺ͷϦετ͕ಘΒΕΔ UDQ@USBOTNJU@TLC JQ@PVUQVU

    EFW@RVFVF@YNJU 'SPN TPDLFU UP/*$ TLC# -PH -PH -PH TLC" BEESFTT<lUDQ@USBOTNJU@TLCz lJQ@PVUQVUz lEFW@RVFVF@YNJUz> TLC# BEESFTT<lUDQ@USBOTNJU@TLCz lJQ@PVUQVUz lEFW@RVFVF@YNJUz> TLC"

  15. )PXJQGUSBDF XPSLT JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB  • TLCʹ lNBSLzΛ͚ͭͯͦΕΛݟΔ͜ͱʹΑͬͯಛఆͷύέοτ͚ͩ ΛτϨʔεͰ͖Δ UDQ@USBOTNJU@TLC

    JQ@PVUQVU EFW@RVFVF@YNJU 'SPN TPDLFU UP/*$ TLC" -PH JGNBSLUBSHFU NBSL TLC" BEESFTT<lUDQ@USBOTNJU@TLCz lJQ@PVUQVUz lEFW@RVFVF@YNJUz> NBSL -PH JGNBSLUBSHFU NBSL -PH JGNBSLUBSHFU NBSL

  16. *NQMFNFOUBUJPO JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB  • TLCΛҾ਺ʹऔΔؔ਺Λશ෦औಘ͢Δ • σόοά৘ใ %8"3'PS#5' Λ࢖͏

    ؔ਺໊ ϙΠϯλܕͷ৘ใ ϙΠϯλ͕ࢦ͍ͯ͠Δ σʔλͷܕ৘ใ

  17. *NQMFNFOUBUJPO JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB  • TLCΛҾ਺ʹऔΔؔ਺Λશ෦ϑοΫͯ͠τϨʔεϩάΛग़͢ • LQSPCF F#1' QFSG@FWFOU

    UDQ@USBOTNJU@TLC F#1' 1SPHSBN JQ@PVUQVU F#1' 1SPHSBN JQGU QSPDFTT 5SBDF -PHT &WFOUEBUB 1FSGSJOHCVGGFS 6TFS ,FSOFM "UUBDI LQSPCF

  18. *NQMFNFOUBUJPO JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB  • TLCʹNBSLΛ͚ͭΔ • TLCNBSLͱ͍͏ࣗ༝ʹ࢖͑ΔCJUͷϑΟʔϧυ͕͋Δ • JQUBCMFT

    OFUGJMUFS ΍UD TFUTPDLPQU 40@."3, ͳͲͰॻ͖ࠐΈ͕Ͱ͖Δ • ͜ΕΒͰهड़Ͱ͖Δ೚ҙͷ৚݅ͰύέοτʹϚʔΫΛ͚ͭΒΕΔ • OFUOTΛ·͙ͨͱফ͑Δ ίϯςφͷτϨʔγϯάʹศར // TCP10.0.0.10     # iptables -t raw -A OUTPUT -p tcp -d 10.0.0.10 -j MARK --set-mark 0xdeadbeef # ipft -m 0xdeadbeef

  19. 4DSJQUJOH JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB  • ؔ਺͕ݺͼग़͞Εͨ࣌ͷTLCʹ͍͍ͭͯΔσʔλ΋ͪΐͬͱݟ͍ͨ • ͪΐͬͱͨ͠ϓϩάϥϚϏϦςΟ͕ཉ͍͠ • -VBͰ֦ுΛॻ͚Δػೳ

    Attaching program (total 1803, succeeded 1052, failed 751 filtered: 0) Trace ready! Samples: 246 Lost: 0^C Trace done! === 3347634373462 0000 selinux_ipv4_output (len: 5764 gso_type: tcpv4) 3347634379670 0000 ip_output (len: 5764 gso_type: tcpv4) 3347634382597 0000 nf_hook_slow (len: 5764 gso_type: tcpv4) 3347634385879 0000 selinux_ipv4_postroute (len: 5764 gso_type: tcpv4) 3347634388958 0000 selinux_ip_postroute (len: 5764 gso_type: tcpv4) 3347634391979 0000 ip_finish_output (len: 5764 gso_type: tcpv4) ͜ͷ෦෼

  20. 4DSJQUJOH JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB  -- void -- custom_function(uint8_t *buf, void

    *ctx, -- struct sk_buff *skb) -- function emit() return BPF.emit({ ... -- Get skb->len BPF.MOV64_REG(BPF.R1, BPF.R6), BPF.MOV64_IMM(BPF.R2, uint_size), BPF.MOV64_REG(BPF.R3, BPF.R8), BPF.ALU64_IMM(BPF.ADD, BPF.R3, len_offset), BPF.CALL_INSN(BPF.FUNC.probe_read), ... }) end function dump(data) len, gso_type = string.unpack(“=I4I4, data) return string.format("(len: %d gso_type: %s)", len, flags2str(gso_type)) end • -VBͰFNJU EVNQͷͭΛॻ͘ͱग़ ྗΛΧελϚΠζͰ͖Δ • FNJU௥ՃͷσʔλΛूΊΔF#1'ͷ όΠτίʔυΛు͘ϚΫϩΞηϯϒ ϥͰॻ͚Δ • EVNQFNJUͰूΊͨσʔλΛ੒ܗ ͨ͠จࣈྻΛు͘

  21. -JOVYWFSTJPOBSDIJUFDUVSFEFQFOEFODZJTTVF • -JOVYͷόʔδϣϯ͕มΘΔͱߏ଄ମͷϑΥʔϚοτ͕มΘΔ • -VBεΫϦϓτͰࢀর͍ͯ͠ΔTLCͷϝϯό౳ • JQGUSBDFຊମͰ࢖͍ͬͯΔTLCNBSL΋ಉ༷ • ͜ΕΒ͸-JOVYͷόʔδϣϯʹΑͬͯΦϑηοτ΍αΠζ͕มΘͬͯ͠·͏ •

    Ͳ͏͢Δ͔ʁ JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB 

  22. -JOVYWFSTJPOBSDIJUFDUVSFEFQFOEFODZJTTVF • σόοά৘ใΛ࢖ͬͯߏ଄ମͷϝϯό ͷΦϑηοτ΍σʔλܕͷαΠζΛ࣮ ߦ࣌ʹղܾ͢Δ • -VB͔Β͸ JQGUPGGTFUPGTJ[FPGUZQFPGΛ࢖ͬͯ σόοά৘ใΛΫΤϦͰ͖ΔΑ͏ʹ͢ Δ

    • ͜ΕͰ-JOVYͷόʔδϣϯʹґଘ͠ͳ͍ Α͏ʹॻ͚Δʂ JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB  function emit() return BPF.emit({ ... -- Get skb->len BPF.MOV64_REG(BPF.R1, BPF.R6), BPF.MOV64_IMM(BPF.R2, ipft.sizeof( ipft.typeof(”sk_buff”, “len”) ) ), BPF.MOV64_REG(BPF.R3, BPF.R8), BPF.ALU64_IMM(BPF.ADD, BPF.R3, ipft.offsetof(”sk_buff”, ”len”) ), BPF.CALL_INSN(BPF.FUNC.probe_read), ... }) end

  23. )PXVTFGVMJUJT • -JOVYͷ43Wͷ540(40ͷॲཧʹόά͕ ͋Γ ಛఆͷઃఆͰੑೳ͕ѱ͘ͳΔ • JQGUSBDFΛ࢖༻ͯ͠ݪҼΛಛఆ • मਖ਼ύονΛVQTUSFBN JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP

    )BZBLBXB  2 : : .2@9 9 6 - 9 1 : 940. 80 /0 : .2 1 9 83 17 36 .97

  24. $PODMVTJPO • -JOVYͷωοτϫʔΫػೳʹಛԽͨ͠σόοάπʔϧJQGUSBDFΛ঺հ • ࢖ָ͍͍ͬͯͯ͠πʔϧͰ͢Χʔωϧ୳ݕ͕௙Γ·͢ • /FUXPSLͳํʑ͸ੋඇ࢖ͬͯΈ͍ͯͩ͘͞ JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB 

    IUUQTHJUIVCDPN:VUBSP)BZBLBXBJQGUSBDF

  25. "QQFOEJY • JQUBCMFTͰύέοτ͕མ͍ͪͯΔ༷ࢠ JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB  548333116979692 0000 iptable_mangle_hook 548333116988109

    0000 tcp_v4_early_demux 548333116992390 0000 ip_route_input_noref 548333117014187 0000 ip_route_input_rcu 548333117020308 0000 __fib_validate_source 548333117025321 0000 ip_local_deliver 548333117028313 0000 iptable_mangle_hook 548333117031775 0000 kfree_skb 548333117035025 0000 skb_release_all 548333117037921 0000 skb_release_head_state 548333117040797 0000 skb_release_data 548333117044159 0000 skb_free_head 548333117069838 0000 kfree_skbmem iptables –A INPUT –t mangle –s 1.1.1.1 –j DROP ͜ͷลΓͰ ϧʔςΟϯά NBOHMFUBCMF ͷೖΓޱ

  26. "QQFOEJY • SQ@GJMUFSʹΑͬͯύέοτ͕མͪΔ༷ࢠ JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB  593441693907269 0000 ip_rcv_finish 593441693921407

    0000 ip_route_input_noref 593441693926953 0000 ip_route_input_rcu 593441693930384 0000 ip_route_input_slow 593441693935998 0000 fib_validate_source 593441693940631 0000 __fib_validate_source 593441693945170 0000 kfree_skb 593441693949104 0000 skb_release_all 593441693953039 0000 skb_release_head_state 593441693956357 0000 skb_release_data 593441693960079 0000 skb_free_head 593441693964360 0000 kfree_skbmem ιʔεΞυϨε ͷݕࠪΛ͢Δ ؔ਺

  27. "QQFOEJY JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB  402343336955099 0000 tcp_v4_fill_cb 402343336958653 0000 tcp_add_backlog

    402343336962128 0000 skb_condense 402343336993878 0000 tcp_v4_do_rcv 402343336998126 0000 tcp_rcv_established 402343337004807 0000 __kfree_skb 402343337008443 0000 skb_release_all 402343337011794 0000 skb_release_head_state 402343337015133 0000 skb_release_data 402343337018458 0000 skb_free_head 402343337021844 0000 kfree_skbmem 402343337527315 0000 iptable_mangle_hook 402343337531219 0000 ip_output 402343337534572 0000 nf_hook_slow 402343337537925 0000 iptable_mangle_hook 402343337541373 0000 ip_finish_output 402343337544750 0000 __cgroup_bpf_run_filter_skb 402343337548311 0000 __ip_finish_output TLCΛղ์͢Δؔ਺

  28. "QQFOEJY JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB  402343336955099 0000 tcp_v4_fill_cb 402343336958653 0000 tcp_add_backlog

    402343336962128 0000 skb_condense 402343336993878 0000 tcp_v4_do_rcv 402343336998126 0000 tcp_rcv_established 402343337004807 0000 __kfree_skb 402343337008443 0000 skb_release_all 402343337011794 0000 skb_release_head_state 402343337015133 0000 skb_release_data 402343337018458 0000 skb_free_head 402343337021844 0000 kfree_skbmem === 402343337527315 0000 iptable_mangle_hook 402343337531219 0000 ip_output 402343337534572 0000 nf_hook_slow 402343337537925 0000 iptable_mangle_hook 402343337541373 0000 ip_finish_output 402343337544750 0000 __cgroup_bpf_run_filter_skb 402343337548311 0000 __ip_finish_output ͜͏ͳͬͯ΄͍͠ ͳ͔ͥͭͷ τϨʔε͕ͬͭ͘͘! ͦΕ΋݁ߏͳස౓Ͱ

  29. "QQFOEJY • -JOVY͸Ωϟογϡͷώοτ཰Λ্͛ΔͨΊʹಉ͡TLCͷϝϞϦΛ࢖ ͍ճ͢ • JQGUSBDF͸TLCͷΞυϨεΛ࢖ͬͯύέοτΛ۠ผ͢Δ • ਓ͕ؒݟΕ͹Θ͔Δ͕ࣗಈͰڥ໨ΛݟΔͷ͸೉͍͠ JQGUSBDF"-JOVY'VODUJPO5SBDFSGPS/FUXPSL1FPQMFc:VUBSP )BZBLBXB

     402343337004807 0000 __kfree_skb 402343337008443 0000 skb_release_all 402343337011794 0000 skb_release_head_state 402343337015133 0000 skb_release_data 402343337018458 0000 skb_free_head 402343337021844 0000 kfree_skbmem 402343337527315 0000 iptable_mangle_hook