How Linux Processes Your Network Packet - Elazar LeibovichDevOpsDays Tel Aviv
With buzz on eBPF, XDP, bpfilter etc,, it's important to get the basics right. We will show the route of a networ packet from kernel driver to TCP/IP stack to userspace socket and explain how and where it's processed en route.
Modern environment uses a lot of the Linux networking stack capability.
Every docker container requires a dedicated bridge, usually a few iptables entries to expose port, and a dnsmasq daemon, and masquarading to allow internet access.
It is hence important to understand Linux network fundumentals. From the driver interrupt/NAPI, to the network stack, the various filters it passes through and the various hooks you have at your disposal to alter and view the network packets flow.
We will first review the theory, and then present useful tools to apply the theory and debug problems in common situations.
We will survey common containers situations and see how packets move from the hardware to the container's veth.
binder-for-linux is an experimental project to evaluate the feasibility of porting Android Binder IPC subsystem to Ubuntu Linux.
GitHub: https://github.com/hungys/binder-for-linux
Embedded Recipes 2018 - swupdate: update your embedded device - Charles-Anto...Anne Nicolas
Nowadays a lot of embedded system are connected to Internet. And every years, more devices are available in the market but without maintenance. Due to this situation, a lot of security issues raised which could compromised the lifetime of the product and the privacy of their users. To fix these bugs, these security issues or to add new features, updating remotely these systems on regular basis is very important. We have to think about update process for each new product, to be easy, reliable, efficient and not too costly for the required bandwidth or hardware performances.
Several update designs are available to fit your requirements. Due to these constraints, you have to make choice and find the right balance.
Hopefully one free software allows us to perform this task in a easy and flexible way: swupdate. This solution is very well integrated with U-boot, buildroot and Yocto. You can describe exactly how the update should be done.
This talk is to explain the main designs to update an embedded system with pro and cons of all of them and then explain how to implement them with swupdate for your embedded system.
Android graphic system (SurfaceFlinger) : Design Pattern's perspectiveBin Chen
SurfaceFlinger is a vital system service in Android system, responsible for the composting all the application and system layer and displaying them. In this slide,we looked in detail how surfaceFlinger was designed from Design Pattern's perspective.
How Linux Processes Your Network Packet - Elazar LeibovichDevOpsDays Tel Aviv
With buzz on eBPF, XDP, bpfilter etc,, it's important to get the basics right. We will show the route of a networ packet from kernel driver to TCP/IP stack to userspace socket and explain how and where it's processed en route.
Modern environment uses a lot of the Linux networking stack capability.
Every docker container requires a dedicated bridge, usually a few iptables entries to expose port, and a dnsmasq daemon, and masquarading to allow internet access.
It is hence important to understand Linux network fundumentals. From the driver interrupt/NAPI, to the network stack, the various filters it passes through and the various hooks you have at your disposal to alter and view the network packets flow.
We will first review the theory, and then present useful tools to apply the theory and debug problems in common situations.
We will survey common containers situations and see how packets move from the hardware to the container's veth.
binder-for-linux is an experimental project to evaluate the feasibility of porting Android Binder IPC subsystem to Ubuntu Linux.
GitHub: https://github.com/hungys/binder-for-linux
Embedded Recipes 2018 - swupdate: update your embedded device - Charles-Anto...Anne Nicolas
Nowadays a lot of embedded system are connected to Internet. And every years, more devices are available in the market but without maintenance. Due to this situation, a lot of security issues raised which could compromised the lifetime of the product and the privacy of their users. To fix these bugs, these security issues or to add new features, updating remotely these systems on regular basis is very important. We have to think about update process for each new product, to be easy, reliable, efficient and not too costly for the required bandwidth or hardware performances.
Several update designs are available to fit your requirements. Due to these constraints, you have to make choice and find the right balance.
Hopefully one free software allows us to perform this task in a easy and flexible way: swupdate. This solution is very well integrated with U-boot, buildroot and Yocto. You can describe exactly how the update should be done.
This talk is to explain the main designs to update an embedded system with pro and cons of all of them and then explain how to implement them with swupdate for your embedded system.
Android graphic system (SurfaceFlinger) : Design Pattern's perspectiveBin Chen
SurfaceFlinger is a vital system service in Android system, responsible for the composting all the application and system layer and displaying them. In this slide,we looked in detail how surfaceFlinger was designed from Design Pattern's perspective.
It is the presentation file used by Jim Huang (jserv) at OSDC.tw 2009. New compiler technologies are invisible but highly integrated around our world, and we can enrich the experience via facilitating LLVM.
[KubeCon NA 2020] containerd: Rootless Containers 2020Akihiro Suda
Rootless Containers means running the container runtimes (e.g. runc, containerd, and kubelet) as well as the containers without the host root privileges. The most significant advantage of Rootless Containers is that it can mitigate potential container-breakout vulnerability of the runtimes, but it is also useful for isolating multi-user environments on HPC hosts. This talk will contain the introduction to rootless containers and deep-dive topics about the recent updates such as Seccomp User Notification. The main focus will be on containerd (CNCF Graduated Project) and its consumer projects including Kubernetes and Docker/Moby, but topics about other runtimes will be discussed as well.
https://sched.co/fGWc
Rootlinux17: Hypervisors on ARM - Overview and Design Choices by Julien Grall...The Linux Foundation
Hypervisors are used in a broad range of domains ranging from Embedded systems, Automotive to big iron servers. The choice of hypervisor has a strong impact on the overall design of your project and its performance. This talk introduces the state of virtualization on ARM, and provides a description of three popular open source hypervisors: KVM, Jailhouse and Xen. Julien Grall explains respective key features, technical differences and suitability of the hypervisor for different application domains.
Julien Grall is a Software Virtualisation Engineer at ARM.
The talk was delivered at Root Linux Conference 2017. Learn more: http://linux.globallogic.com/materials. The video recording is available at https://www.youtube.com/watch?v=jZNXtqFJpuc
This slide introduces about Gnome on Wayland. Wayland is a brand new software accelerated graphic server will replace from X11. a combination of the Gnome and the Wayland is a next generation desktop environment. Created by Seong-ho Cho, Translator of the Gnome Korea.
This presentation is about a methodology which allows patching of a running Linux kernel, its technical details, limitations as well as kpatch tools.
The talk was delivered by Ruslan Bilovol (Associate Manager, Consultant, GlobalLogic) at GlobalLogic Embedded Career Day #2 on February 10, 2018.
More about GlobalLogic Embedded Career Day #2: https://www.globallogic.com/ua/events/globallogic-kyiv-embedded-career-day-2-materials
Introduce F9 microkernel, new open source implementation built from scratch, which deploys modern kernel techniques, derived from L4 microkernel designs, to deep embedded devices.
:: https://github.com/f9micro
Characteristics of F9 microkernel
– Efficiency: performance + power consumption
– Security: memory protection + isolated execution
– Flexible development environment
Adding support for you new shiny board in Xen on ARM is a simple task once you get a kernel running on bare metal.
This session will cover the different steps to port Xen on ARM from the firmware to the shell prompt in DOM0.
We will give you tips on the common pitfalls when you have your hypervisor, or your DOM0 kernel crashing. We will also provide suggestion on how to debug when the console is not working.
As virtualization technology becomes pervasive there is a continuing demand to increase the performance of guest virtual machines. Many hardware virtualization techniques, such as nested paging and IOMMU, have already been developed to accelerate the guest virtual machines frequent operations in different areas. However, one area that has not yet been addressed is the handling of interrupts in a virtual machine environment.
This presentation talks about the design of AMD virtual interrupt controller (AVIC). The AVIC architecture addresses the overhead of interrupt processing in a virtualized environment by applying hardware acceleration to three major components of interrupt processing: 1) Delivery of interrupts directly from I/O devices to a guest operating system; 2) Interprocessor interrupts between the virtual CPUs in a guest; 3) Local APIC accesses by guest operating systems.
(Presentation at COSCUP 2012) Discuss why you should try to develop your own operating system and how you can speed up by taking the microkernel approach.
It is the presentation file used by Jim Huang (jserv) at OSDC.tw 2009. New compiler technologies are invisible but highly integrated around our world, and we can enrich the experience via facilitating LLVM.
[KubeCon NA 2020] containerd: Rootless Containers 2020Akihiro Suda
Rootless Containers means running the container runtimes (e.g. runc, containerd, and kubelet) as well as the containers without the host root privileges. The most significant advantage of Rootless Containers is that it can mitigate potential container-breakout vulnerability of the runtimes, but it is also useful for isolating multi-user environments on HPC hosts. This talk will contain the introduction to rootless containers and deep-dive topics about the recent updates such as Seccomp User Notification. The main focus will be on containerd (CNCF Graduated Project) and its consumer projects including Kubernetes and Docker/Moby, but topics about other runtimes will be discussed as well.
https://sched.co/fGWc
Rootlinux17: Hypervisors on ARM - Overview and Design Choices by Julien Grall...The Linux Foundation
Hypervisors are used in a broad range of domains ranging from Embedded systems, Automotive to big iron servers. The choice of hypervisor has a strong impact on the overall design of your project and its performance. This talk introduces the state of virtualization on ARM, and provides a description of three popular open source hypervisors: KVM, Jailhouse and Xen. Julien Grall explains respective key features, technical differences and suitability of the hypervisor for different application domains.
Julien Grall is a Software Virtualisation Engineer at ARM.
The talk was delivered at Root Linux Conference 2017. Learn more: http://linux.globallogic.com/materials. The video recording is available at https://www.youtube.com/watch?v=jZNXtqFJpuc
This slide introduces about Gnome on Wayland. Wayland is a brand new software accelerated graphic server will replace from X11. a combination of the Gnome and the Wayland is a next generation desktop environment. Created by Seong-ho Cho, Translator of the Gnome Korea.
This presentation is about a methodology which allows patching of a running Linux kernel, its technical details, limitations as well as kpatch tools.
The talk was delivered by Ruslan Bilovol (Associate Manager, Consultant, GlobalLogic) at GlobalLogic Embedded Career Day #2 on February 10, 2018.
More about GlobalLogic Embedded Career Day #2: https://www.globallogic.com/ua/events/globallogic-kyiv-embedded-career-day-2-materials
Introduce F9 microkernel, new open source implementation built from scratch, which deploys modern kernel techniques, derived from L4 microkernel designs, to deep embedded devices.
:: https://github.com/f9micro
Characteristics of F9 microkernel
– Efficiency: performance + power consumption
– Security: memory protection + isolated execution
– Flexible development environment
Adding support for you new shiny board in Xen on ARM is a simple task once you get a kernel running on bare metal.
This session will cover the different steps to port Xen on ARM from the firmware to the shell prompt in DOM0.
We will give you tips on the common pitfalls when you have your hypervisor, or your DOM0 kernel crashing. We will also provide suggestion on how to debug when the console is not working.
As virtualization technology becomes pervasive there is a continuing demand to increase the performance of guest virtual machines. Many hardware virtualization techniques, such as nested paging and IOMMU, have already been developed to accelerate the guest virtual machines frequent operations in different areas. However, one area that has not yet been addressed is the handling of interrupts in a virtual machine environment.
This presentation talks about the design of AMD virtual interrupt controller (AVIC). The AVIC architecture addresses the overhead of interrupt processing in a virtualized environment by applying hardware acceleration to three major components of interrupt processing: 1) Delivery of interrupts directly from I/O devices to a guest operating system; 2) Interprocessor interrupts between the virtual CPUs in a guest; 3) Local APIC accesses by guest operating systems.
(Presentation at COSCUP 2012) Discuss why you should try to develop your own operating system and how you can speed up by taking the microkernel approach.
(1) Analysis of Large-scale system software
(2) Diagnose faults inside system software, especially for
device drivers
(2) Deal with faulty device driver implementation
The promise of the IoT won’t be fulfilled until integrated
software platforms are available that allow software
developers to develop these devices efficiently and in
the most cost-effective manner possible.
This presentation introduces F9 microkernel, new open source
implementation built from scratch, which deploys
modern kernel techniques dedicated to deeply
embedded devices.
* Know the reasons why various operating systems exist and how they are functioned for dedicated purposes
* Understand the basic concepts while building system software from scratch
• How can we benefit from cheap ARM boards and the related open source tools?
- Raspberry Pi & STM32F4-Discovery
GNU Toolchain is the de facto standard of IT industrial and has been improved by comprehensive open source contributions. In this session, it is expected to cover the mechanism of compiler driver, system interaction (take GNU/Linux for example), linker, C runtime library, and the related dynamic linker. Instead of analyzing the system design, the session is use case driven and illustrated progressively.
Introduce Brainf*ck, another Turing complete programming language. Then, try to implement the following from scratch: Interpreter, Compiler [x86_64 and ARM], and JIT Compiler.
Build a full-functioned virtual machine from scratch, when Brainfuck is used. Basic concepts about interpreter, optimizations techniques, language specialization, and platform specific tweaks.
This presentation covers the general concepts about real-time systems, how Linux kernel works for preemption, the latency in Linux, rt-preempt, and Xenomai, the real-time extension as the dual kernel approach.
33. 開發模式與分支
FSF (Free Software Foundation)
以 GPL 發布 GNU Toolchain 及相關的套件,開發者必須將著作權移轉給
FSF ,也就是得先簽署 Copyright Assignment 。 RedHat 是重要盟友
CodeSourcery
GCC 主力的開發廠商,提供主流指令集高度優化的 GNU Toolchain 。分
若干版本,有純粹的 GPL 軟體,也包含特定的封閉軟體。注意:有部份
程式碼從未提交到 FSF
Linaro
ARM 陣營的系統優化 Linux 解決方案,整合 CodeSourcery 的貢獻
Google
有一票 GCC, binutils, LLVM 的開發者,部份未提交給 FSF
34. Linaro 陣營
新聞稿: Linaro: Accelerating Linux on ARM (2010-06-03)
“Linaro is impressively open: www.linaro.org has details of open engineering
summits, an open wiki, mailing lists etc. The teams behind the work are committed to
upstreaming their output so it will appear in all the distributions, sooner or later. The
images produced will all be royalty free. And we’re working closely with the Linaro
team, so the cadence of the releases will be rigorous, with a six month cycle that
enables Linaro to include all work that happens in Ubuntu in each release of Linaro.
There isn’t a “whole new distribution”, because a lot of the work will happen
upstream, and where bits are needed, they will be derived from Ubuntu and Debian,
which is quite familiar to many developers."
Toolchain 參與廠商: ARM, CodeSource, Canonical
Ubuntu maverick (10.10) 的 gcc 已整合 linaro
35. Linaro 陣營
$ gcc -v
Using built-in specs.
Target: i686-linux-gnu
…
gcc version 4.4.5 20100728 (prerelease) (Ubuntu/Linaro 4.4.4-8ubuntu1)
https://wiki.linaro.org/WorkingGroups/ToolChain
https://wiki.linaro.org/WorkingGroups/ToolChain
We're working towards the 2010.09 release that is due on 14/09/2010.
We're working towards the 2010.09 release that is due on 14/09/2010.
Merging the 4.5 CodeSourcery patch set into the Linaro 4.5 branch (ams, jbrown)
Merging the 4.5 CodeSourcery patch set into the Linaro 4.5 branch (ams, jbrown)
Begin into the GDB ARM faults (uweigand, yao)
Begin into the GDB ARM faults (uweigand, yao)
First pass at hard float performance numbers (cltang)
First pass at hard float performance numbers (cltang)
Patch tracking write-up (michaelh)
Patch tracking write-up (michaelh)
Talk about memcpy() and friends with glibc (michaelh)
Talk about memcpy() and friends with glibc (michaelh)
45. Building a toolchain
build host target build host target
Native build Cross build
used to build the normal gcc of a used to build a toolchain that runs on
workstation your workstation but generates binaries
for the target
The most common solution in embedded
build host target build host target
Cross-native build Canadian build
used to build a toolchain that runs on used to build on architecture A a
your target and generates binaries for toolchain that runs on architecture B
the target and generates binaries for architecture
C
54. 參考資訊
GCC Wiki
http://gcc.gnu.org/wiki
Linaro
http://www.linaro.org/
Linaro Toolchain Work Group
https://wiki.linaro.org/WorkingGroups/ToolChain
CodeSourcery
http://www.codesourcery.com/
Android Toolchain maintained by 0xlab
http://gitorious.org/android-toolchain
55. Sponsored
by
http://0xlab.org
15 August 2010
Conference