Differences
This shows you the differences between two versions of the page.
|
ep:labs:061:contents:tasks:ex4 [2026/04/07 02:09] radu.mantu |
ep:labs:061:contents:tasks:ex4 [2026/04/07 12:47] (current) radu.mantu |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ==== 04. [30p] bpftrace ==== | + | ==== 04. [30p] Impact analysis of iptables rules ==== |
| - | In [[https://ocw.cs.pub.ro/courses/ep/labs/05| Lab 05]] you used bpftrace exclusively via one-liners (''-e'' flag). That works fine for quick investigations, but as your probes get more complex — multiple hooks, conditionals, helper functions — you'll want to write proper **script files** (''.bt'' extension). | + | In [[https://ocw.cs.pub.ro/courses/ep/labs/05| Lab 05]] you used bpftrace exclusively via one-liners (''-e'' flag). That works fine for quick investigations, but as your probes get more complex (multiple hooks, conditionals, helper functions) you'll want to write proper **script files** (''.bt'' extension). |
| The difference is minimal syntactically, but it is quite important in practice: a script file can have comments, be version-controlled, be shared with teammates, and be run with ''sudo bpftrace script.bt'' without the shell escaping headaches that come with one-liners. | The difference is minimal syntactically, but it is quite important in practice: a script file can have comments, be version-controlled, be shared with teammates, and be run with ''sudo bpftrace script.bt'' without the shell escaping headaches that come with one-liners. | ||
| - | In this task you'll write two scripts targeting functions you observed in your ''pwru'' trace from Task 03. | + | In this task you'll write two scripts targeting functions you observed in your **pwru** trace from Exercise 03. |
| <note important> | <note important> | ||
| - | **Before starting:** make sure you have a clean ''iptables'' state. Remove any DROP rules you added in Task 03: | + | **Before starting:** make sure you have a clean ''iptables'' state. Remove any DROP rules you added in the previous exercise: |
| <code bash> | <code bash> | ||
| $ sudo iptables -D OUTPUT -p udp -d 8.8.8.8 --dport 53 -j DROP | $ sudo iptables -D OUTPUT -p udp -d 8.8.8.8 --dport 53 -j DROP | ||
| Line 135: | Line 135: | ||
| </note> | </note> | ||
| - | == Sub-task 03: Acquiring data == | + | == Sub-task 03: Acquiring the data == |
| Run a 5-10s **iperf3** throughput test between your host and the container. Meanwhile, use the script that you've written to measure the latency introduced by the OUTPUT Netfilter chain hook. | Run a 5-10s **iperf3** throughput test between your host and the container. Meanwhile, use the script that you've written to measure the latency introduced by the OUTPUT Netfilter chain hook. | ||
| Line 151: | Line 151: | ||
| - | == Sub-task 04: Plotting data == | + | == Sub-task 04: Plotting the data == |
| Write a Python script that creates two plots in the same figure: | Write a Python script that creates two plots in the same figure: | ||
| Line 157: | Line 157: | ||
| * Average elapsed time in the Netfilter hook as a function of **iptables** rules. | * Average elapsed time in the Netfilter hook as a function of **iptables** rules. | ||
| - | == Sub-task 04: Questions == | + | == Sub-task 05: Interpreting the data == |
| Answer the following: | Answer the following: | ||
