Skip to content

Instantly share code, notes, and snippets.

Avatar

Joe Stringer joestringer

View GitHub Profile
@joestringer
joestringer / fetch_ubuntu_mainline_debs.sh
Created Oct 2, 2020
Fetch Ubuntu mainline debs for a specific kernel version
View fetch_ubuntu_mainline_debs.sh
#!/usr/bin/env bash
set -eu
VERSION="${1:-}"
ERSION="$(echo $VERSION | sed 's/[^0-9]*\([0-9rc.-]\+\)/\1/')"
URL="https://kernel.ubuntu.com/~kernel-ppa/mainline/v$ERSION"
CURL_OPTS=${CURL_OPTS:-""}
if [[ $# -ne 1 ]]; then
@joestringer
joestringer / process-kv-dump.sh
Last active Jul 2, 2020
Process etcd kvstore dumps for relevant keys/values by lease
View process-kv-dump.sh
#!/bin/bash
set -eo pipefail
KV_DUMP="${1:-""}"
LEASES="${1:-""}"
LEASE_MODE=false
DEBUG_MODE=false
LOCK_FILTER=false
@joestringer
joestringer / skb_free.bt
Created Jun 24, 2020
Collect stack traces for dropped packets and print them after ^C
View skb_free.bt
#!/usr/bin/env bpftrace
/*
* skb_free.bt Trace skb drops when the socket is associated with the skb.
* For Linux, uses bpftrace and eBPF.
*
* USAGE: skb_free.bt
*
* Copyright (c) 2019 Joe Stringer.
* Licensed under the Apache License, Version 2.0 (the "License")
*
@joestringer
joestringer / build-deb.sh
Created May 29, 2020
Build linux .deb packages from kernel git tree
View build-deb.sh
#!/bin/bash
version="$(git rev-parse --abbrev-ref HEAD \
| sed 's/^[^/]*\///' \
| sed 's/\//-/' \
| sed 's/_/-/')"
if [ "$version" == "" ] || [ "$version" == HEAD ]; then
version="$(git rev-parse --short HEAD)"
fi
echo $version
@joestringer
joestringer / cilium_base64_decode.sh
Created May 8, 2020
Cilium endpoint structure base64 decode functions
View cilium_base64_decode.sh
#!/bin/bash
base64_decode()
{
echo "$@" | sed -e 's/^.*://' | base64 -di | jq '.'
}
base64_decode_ep()
{
EPID="$1"
@joestringer
joestringer / skb_free.bt
Created Apr 23, 2020
bpftrace script for gathering stack traces for dropped packets
View skb_free.bt
#!/usr/bin/env bpftrace
/*
* skb_free.bt Trace skb drops when the socket is associated with the skb.
* For Linux, uses bpftrace and eBPF.
*
* USAGE: skb_free.bt
*
* Copyright (c) 2020 Joe Stringer.
* Licensed under the Apache License, Version 2.0 (the "License")
*
@joestringer
joestringer / debug_iptables.sh
Last active May 8, 2020
Debug netfilter on a Cilium-managed kubernetes node
View debug_iptables.sh
#!/bin/bash
STANDARD_CHAINS="CILIUM_INPUT CILIUM_FORWARD CILIUM_OUTPUT"
CUSTOM_CHAINS="CILIUM_PRE CILIUM_POST CILIUM_OUTPUT"
TABLES="raw mangle nat"
NAMESPACE="kube-system"
IP=""
NODE=""
ONLY_CLEAR=false
@joestringer
joestringer / cilium-eks-eni.md
Last active Aug 7, 2019
Deploying Cilium v1.6 with integrated ENI in EKS
View cilium-eks-eni.md

Requirements

An EKS cluster is required.

  • helm
  • eksctl
  • kubectl

Initial setup

@joestringer
joestringer / skb-orphan-dmesg.log
Last active Jun 20, 2019
Kernel stack trace issue with skb_orphan() removal
View skb-orphan-dmesg.log
[ 1474.586748] ------------[ cut here ]------------
[ 1474.586773] refcount_t hit zero at sk_stop_timer+0x2c/0x30 in cilium-agent[16359], uid/euid: 0/0
[ 1474.586785] WARNING: CPU: 0 PID: 16359 at kernel/panic.c:686 refcount_error_report+0x9c/0xa1
[ 1474.586787] Modules linked in: xt_TPROXY nf_tproxy_ipv6 nf_tproxy_ipv4 xt_comment xt_CT xt_mark ip6table_raw ip6table_mangle ip6_tables iptable_raw iptable_mangle cls_bpf algif_hash af_alg sch_ingress vxlan ip6_udp_tunnel udp_tunnel nfsv3 nfs_acl nfs lockd grace fscache veth cpuid xt_nat xt_tcpudp xt_MASQUERADE nf_conntrack_netlink nfnetlink xfrm_user xfrm_alg
o iptable_nat xt_addrtype iptable_filter xt_conntrack nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 br_netfilter bridge stp llc overlay intel_rapl_perf input_leds serio_raw mac_hid sch_fq_codel binfmt_misc ib_iser rdma_cm iw_cm ib_cm ib_core iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi sunrpc ip_tables x_tables autofs4 btrfs zstd_compress raid10 raid4
56 async_raid6_recov async_memcpy async_pq a
@joestringer
joestringer / micro-k8s-setup.md
Last active Apr 20, 2021
MicroK8s development environment setup for Cilium
View micro-k8s-setup.md

Set up microk8s with Cilium for development

Microk8s is a Canonical project to provide a kubernetes environment for local development, similar to minikube but without requiring a separate VM to manage. These instructions describe setting it up for common development use cases with Cilium and may be helpful in particular for testing BPF kernel extensions with Cilium.

Microk8s will run its own containerd runtime, which may be initially confusing when building containers locally with docker. This guide assumes that you will use docker locally for building containers, and push these into a microk8s registry for use by containerd in the microk8s environment.

This guide works with MicroK8s 1.14 or above, with containerd. If you are running an earlier version, see the previous instructions.

Requirements