Microsoft ya wallafa aiwatar da tsarin tsarin eBPF don Windows, wanda ke ba ku damar ƙaddamar da masu sarrafa na'urorin da ke gudana a matakin tsarin kernel. eBPF yana ba da fassarar bytecode da aka gina a cikin kernel, wanda ke ba da damar ƙirƙirar masu gudanar da ayyukan cibiyar sadarwa da aka ɗora daga sararin samaniya, sarrafa damar shiga da kuma lura da ayyukan tsarin. An haɗa eBPF a cikin kwaya ta Linux tun lokacin da aka saki 3.18 kuma yana ba ku damar sarrafa fakitin cibiyar sadarwa mai shigowa / mai fita, fakitin turawa, sarrafa bandwidth, tsangwamar kiran tsarin, ikon samun dama da ganowa. Godiya ga amfani da tarin JIT, ana fassara bytecode akan tashi zuwa cikin umarnin injin kuma ana aiwatar da shi tare da aikin harhada lambar. eBPF don Windows buɗaɗɗen tushe ne ƙarƙashin lasisin MIT.
eBPF don Windows ana iya amfani da shi tare da kayan aikin eBPF da ke akwai kuma yana ba da jigon API da aka yi amfani da shi don aikace-aikacen eBPF akan Linux. Daga cikin wasu abubuwa, aikin yana ba ku damar tattara lambar da aka rubuta a cikin C cikin eBPF bytecode ta yin amfani da daidaitaccen mai haɗa eBPF na tushen Clang da gudanar da masu sarrafa eBPF da aka riga aka ƙirƙira don Linux a saman kernel na Windows, suna ba da madaidaicin matakin dacewa na musamman da tallafawa daidaitaccen Libbpf. API don dacewa da aikace-aikacen da ke hulɗa tare da shirye-shiryen eBPF. Wannan ya haɗa da yadudduka waɗanda ke ba da ƙugiya-kamar Linux don XDP (Hanyar Bayanai na eXpress) da ɗaure soket, ɓoye damar shiga tari na cibiyar sadarwa da direbobin cibiyar sadarwar Windows. Tsare-tsare sun haɗa da samar da cikakkiyar daidaituwar matakin lambar tushe tare da daidaitattun na'urori na eBPF na Linux.
Babban bambanci tsakanin aiwatar da eBPF don Windows shine amfani da madadin mai tabbatarwa ta bytecode, asalin ma'aikatan VMware da masu bincike daga jami'o'in Kanada da Isra'ila suka gabatar. Mai tabbatarwa yana gudana a cikin keɓantaccen tsari a cikin sarari mai amfani kuma ana amfani dashi kafin aiwatar da shirye-shiryen BPF don gano kurakurai da toshe yiwuwar ayyukan mugunta.
Don tabbatarwa, eBPF don Windows yana amfani da hanyar bincike a tsaye dangane da Abstract Fassara, wanda, idan aka kwatanta da mai tabbatarwa na eBPF don Linux, yana nuna ƙaramin ƙimar ƙimar ƙarya, tana tallafawa binciken madauki, kuma yana ba da ingantaccen ƙima. Hanyar tana la'akari da yawancin tsarin kisa da aka samu daga nazarin shirye-shiryen eBPF da ke wanzu.
Bayan tabbatarwa, ana canja lambar bytecode zuwa mai fassara da ke aiki a matakin kernel, ko kuma an wuce ta cikin mai tarawa JIT, sannan aiwatar da lambar injin da aka samu tare da haƙƙin kwaya. Don ware masu sarrafa eBPF a matakin kwaya, ana amfani da tsarin HVCI (HyperVisor-enforced Code Integrity), wanda ke amfani da kayan aikin haɓakawa don kare matakai a cikin kwaya kuma yana ba da tabbacin amincin lambar aiwatarwa ta amfani da sa hannu na dijital. Ƙayyadadden HVCI shine kawai zai iya tantance shirye-shiryen eBPF da aka fassara kuma ba za a iya amfani da su tare da JIT ba (kuna da zaɓi na ko dai aikin ko ƙarin tsaro).
source: budenet.ru