akostrikov

# Можно без capabilities пинговать
akostrikov@DESKTOP-2F6SIC8:~$ sudo setcap cap_net_raw=-ep /usr/bin/ping
[sudo] password for akostrikov:
akostrikov@DESKTOP-2F6SIC8:~$ getcap /usr/bin/ping
/usr/bin/ping =

# Причем пинг идёт с ICMP
akostrikov@DESKTOP-2F6SIC8:~$ sudo tcpdump -i any host 1.1.1.1 &
[1] 684
akostrikov@DESKTOP-2F6SIC8:~$ tcpdump: data link type LINUX_SLL2

akostrikov

Fast by friday

https://www.youtube.com/watch?v=XudHNF4k_x0 - Kernel Recipes 2023 - Fast by Friday: Why Kernel Superpowers are Essential

Classic BPF vs eBPF

https://andreaskaris.github.io/blog/networking/bpf-and-tcpdump/

https://docs.kernel.org/bpf/classic_vs_extended.html

Верификация

akostrikov

Слайды по работе сети

https://gaia.cs.umass.edu/kurose_ross/ppt.php

Материалы о том как улучшить perfomance сети

https://hpbn.co/

https://arthurchiao.art/blog/monitoring-network-stack/

https://habr.com/ru/companies/otus/articles/550820/

akostrikov

https://elixir.bootlin.com/linux/v5.4.242/source/net/core/dev.c#L4781
https://elixir.bootlin.com/linux/latest/A/ident/kfree_skb
https://elixir.bootlin.com/linux/latest/source/include/linux/skbuff.h#L736
https://elixir.bootlin.com/linux/latest/source/include/net/dropreason.h#L88
https://elixir.bootlin.com/linux/latest/source/net/core/skbuff.c#L1177
https://github.com/xdp-project/xdp-tutorial/tree/master/basic01-xdp-pass
https://github.com/iovisor/bpftrace
https://elixir.bootlin.com/linux/latest/source/include/net/tcp.h#L324
https://habr.com/ru/companies/intel/articles/171079/
https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.resmgmt.doc/GUID-1DAB8F35-BA86-4063-8459-55D2979B593E.html

akostrikov

#!/usr/bin/env bpftrace


//IP_ADDRESS_DST_TO_CONVERT=127.0.0.3
//IP_ADDRESS_SRC_TO_CONVERT=127.0.0.1
//DST_HTON=$(python3 -c "import ipaddress; import socket;print(socket.htonl(int(ipaddress.ip_address('$IP_ADDRESS_DST_TO_CONVERT'))))")
//SRC_HTON=$(python3 -c "import ipaddress; import socket;print(socket.htonl(int(ipaddress.ip_address('$IP_ADDRESS_SRC_TO_CONVERT'))))")
//sudo ./drop.bt $DST_HTON $SRC_HTON
//ping 127.0.0.3
//curl 127.0.0.3

akostrikov

Kernelshark Documentation
http://kernelshark.org/Documentation.html
What is new in KernelShark two - Steven Rostedt, VMware Inc
https://www.youtube.com/watch?v=0uu0ElnjLas
How to use Ftrace by using trace-cmd/KernelShark in Linux (on NVIDIA Jetson Xavier)
https://www.youtube.com/watch?v=VvLTWdBmICY&t=68s
LF Live Mentorship Session: Tracing with Ftrace: Critical Tooling for Linux Development
https://www.youtube.com/watch?v=mlxqpNvfvEQ
Ftrace with trace-cmd and kernelshark
https://www.youtube.com/watch?v=o88shUcYmmw

akostrikov

#include <stdint.h>
#include <arpa/inet.h>
#include <asm/byteorder.h>
#include <linux/bpf.h>
#include <linux/if_ether.h>
#include <linux/ip.h>
#include <linux/tcp.h>
#include <linux/pkt_cls.h>

/*

akostrikov

https://getfedora.org/en/workstation/download/ sudo systemct enable --now sshd

Need kernel to match kernel-devel

sudo dnf update kernel

sudo reboot

https://elixir.bootlin.com/linux/latest/source

https://github.com/torvalds/linux/

https://blog.stgolabs.net/search/label/linux

akostrikov

Требования:

Виртуальная машина со свежим ядром

I: Kernelshark intro

Установка kernelshark, trace простой функции в ядре

1. Рассказ про ptrace, ebpf.
2. Обзор полезных ссылок

http://www.brendangregg.com/bpf-performance-tools-book.html

akostrikov

// Examples for using socat (and filan)


//"$" means normal user, "#" requires privileges, "//" starts a comment

///////////////////////////////////////////////////////////////////////////////
// similar to netcat

// connect to 10.1.1.1 on port 80 and relay to and from stdio