Differences
This shows you the differences between two versions of the page.
|
ep:labs:061:contents:tasks:ex1 [2025/04/08 13:45] radu.mantu |
ep:labs:061:contents:tasks:ex1 [2026/04/06 01:36] (current) radu.mantu |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ==== 01. [40p] Primer / Reminder ==== | + | ==== 01. [20p] Primer / Reminder ==== |
| <note tip> | <note tip> | ||
| Line 14: | Line 14: | ||
| </note> | </note> | ||
| - | === [20p] Task A - tcpdump === | + | === [10p] Task A - tcpdump === |
| - | + | ||
| - | <spoiler> | + | |
| **tcpdump** is a network traffic monitoring tool. At its core, it uses **libpcap** which in turn uses a technology called **Extended Berkley Packet Filter (eBPF)**. | **tcpdump** is a network traffic monitoring tool. At its core, it uses **libpcap** which in turn uses a technology called **Extended Berkley Packet Filter (eBPF)**. | ||
| Line 25: | Line 23: | ||
| Today, **eBPF** is used heavily for system profiling by companies such as Netflix and Facebook. Linux has had a kernel VM capable of running and statically analyzing **eBPF** code since around 2006. **tcpdump** is one of the few examples that still use it for its original purpose. | Today, **eBPF** is used heavily for system profiling by companies such as Netflix and Facebook. Linux has had a kernel VM capable of running and statically analyzing **eBPF** code since around 2006. **tcpdump** is one of the few examples that still use it for its original purpose. | ||
| - | |||
| - | </spoiler> | ||
| == The Task == | == The Task == | ||
| Line 57: | Line 53: | ||
| </solution> | </solution> | ||
| - | === [20p] Task B - iptables === | + | === [10p] Task B - iptables === |
| - | + | ||
| - | <spoiler> | + | |
| **iptables** is a configuration tool for the kernel packet filter. | **iptables** is a configuration tool for the kernel packet filter. | ||
| Line 83: | Line 77: | ||
| * provide an initialization function for the structure containing the rule parameters; this structure will end up in the kernel's rule chain. | * provide an initialization function for the structure containing the rule parameters; this structure will end up in the kernel's rule chain. | ||
| So when you want to test the efficiency of the **iptables** rule evaluation process, keep in mind that each rule may imply the invocation of multiple callbacks such as [[https://elixir.bootlin.com/linux/latest/source/net/netfilter/xt_tcpudp.c#L66|this]]. | So when you want to test the efficiency of the **iptables** rule evaluation process, keep in mind that each rule may imply the invocation of multiple callbacks such as [[https://elixir.bootlin.com/linux/latest/source/net/netfilter/xt_tcpudp.c#L66|this]]. | ||
| - | |||
| - | </spoiler> | ||
| == The Task (1) == | == The Task (1) == | ||
