听之前在这边实习过的学长说,Arista主要用Python和C。后来面试的时候,面试官轻描淡写的说,我们用C++;不会没关系,过来之后学就好了。才问了两个人,口径就不一致了…

等到入职之后才发现,公司虽说在用,但C++代码只是临时文件一样的地位。程序猿们手写/面对的是更上层的语言(TACC),每次动手也只需要修改Entity之间的逻辑关系。每当编译的时候,TACC代码就会通过编译器生成C++中对应的各种类以及类中的接口函数。这么做一个明显的好处是,搭建系统的时候速度会非常快。举个例子,入职培训中有一个简单的教程,是关于怎么写一个系统插件。按照这个教程写下来,TACC代码大概是50行,但是编译到C++后,代码变到了2000行以上…

关于TACC,有一个介绍文档:

SDEC2011 Going by TACC from Korea Sdec

顺便八一卦,这个TACC是另一个公司(OptumSoft)的产品。这个公司是和Arista一起成长起来的,不仅员工在两个公司创立之初时一起工作,就连OptumSoft的创始人David Cheriton也是Arista的创始人之一。此外,Arista还是TACC唯一的用户。这些看起来都很美好,然后事情就变得狗血起来… Arista的发展非常成功,公司规模逐渐扩大,也搬进了现在所在的大楼,外加准备上市;但是OptumSoft却没那么顺利,被认为会是一个失败的创业项目。不知道David Cheriton是中了什么邪,就在Arista准备上市+自己将会是最大的持股人的时候讲其告上法庭,并且企图获得TACC的改进,乃至通过TACC生成的软件(包括Arista Switch的操作系统)的所有权。业内人士纷纷表示呵呵,很多人都认为这种奇葩的做法只是为了挽救OptumSoft。好在Arista在我入职后的第一个周五成功上市。

贰 – BPF

第一个项目很简单,作为练手+熟悉系统。第二个就复杂些。其中一个环节是加入BPF。没什么好写的,直接上参考链接:

  1. McCanne, Steven; Jacobson, Van (1992-12-19). “The BSD Packet Filter: A New Architecture for User-level Packet Capture
  2. Berkeley Packet Filters – The BasicsJeff Stebelton
  3. [kernel doc]Linux Socket Filtering aka Berkeley Packet Filter (BPF)
  4. [FreeBSD man 4]Berkeley Packet Filter
  5. [FreeBSD man 9]Berkeley Packet Filter
  6. Programming with pcap

ENG:

1

SDEC2011 Going by TACC from Korea Sdec

 

2

As part of project 2 is related to BPF, I am learning BPF and searching for tutorials. The kernel document seems to be good learning material, however the example program is not runnable. So, I wrote a version based on it (using socket filter in linux), and also another version using functions in libpcap to generate rules and filter packets.

Basically, BPF is used on raw sockets to filter out traffic that is not interesting. But it turns out that the filter also works with datagram socket (UDP socket). According to Using BPF with SOCK_DGRAM on Linux machine, as the compiled filter works on bytes that is received from sockets, plus the UDP socket can see from the UDP layer of the packet, the meaning of `ldb 0` is changed from reading the first byte of destination MAC address to reading the first byte of the source port. This change means I’ll have trouble if I am using libpcap generated filter code on a UDP socket. And to solve that, either change the rule in to some meaning less combination (like “udp[8] == 0x00″ -> “ether[8] == 0x00″), or try to adjust generated code to load proper byte of the received packet.

Reference:

  1. McCanne, Steven; Jacobson, Van (1992-12-19). “The BSD Packet Filter: A New Architecture for User-level Packet Capture
  2. Berkeley Packet Filters – The BasicsJeff Stebelton
  3. [kernel doc]Linux Socket Filtering aka Berkeley Packet Filter (BPF)
  4. [FreeBSD man 4]Berkeley Packet Filter
  5. [FreeBSD man 9]Berkeley Packet Filter
  6. Programming with pcap