Microsoft yatulutsa kukhazikitsidwa kwa eBPF subsystem ya Windows, yomwe imakupatsani mwayi woyambitsa zowongolera mopanda pake zomwe zikuyenda pamlingo wa kernel system. eBPF imapereka womasulira wa bytecode womangidwa mu kernel, zomwe zimapangitsa kuti zitheke kupanga zogwirira ntchito zapaintaneti zodzaza kuchokera kumalo ogwiritsira ntchito, kuwongolera mwayi ndi kuyang'anira kayendetsedwe ka machitidwe. eBPF yaphatikizidwa mu kernel ya Linux kuyambira pomwe idatulutsidwa 3.18 ndipo imakulolani kuti mugwiritse ntchito mapaketi a netiweki omwe akubwera/otuluka, kutumiza mapaketi, kasamalidwe ka bandwidth, kuyimba kuyimba kwadongosolo, kuwongolera ndi kutsata. Chifukwa chogwiritsa ntchito kuphatikiza kwa JIT, bytecode imamasuliridwa powuluka kukhala malangizo pamakina ndikuchitidwa ndi ma code omwe adapangidwa. eBPF ya Windows ndi gwero lotseguka pansi pa layisensi ya MIT.
eBPF ya Windows itha kugwiritsidwa ntchito ndi zida za eBPF zomwe zilipo kale ndipo imapereka API yanthawi zonse yogwiritsidwa ntchito pa eBPF pa Linux. Mwa zina, pulojekitiyi imakupatsani mwayi wopanga ma code olembedwa mu C mu eBPF bytecode pogwiritsa ntchito makina ojambulira a Clang-based eBPF ndikuyendetsa ma eBPF omwe adapangidwa kale ku Linux pamwamba pa kernel ya Windows, ndikupereka gawo lapadera logwirizana ndikuthandizira Libbpf wamba. API yogwirizana ndi mapulogalamu omwe amalumikizana ndi mapulogalamu a eBPF. Izi zikuphatikiza zigawo zomwe zimapereka mbewa zonga Linux za XDP (eXpress Data Path) ndi socket bind, kupeza mwayi wofikira pamanetiweki ndi madalaivala a netiweki a Windows. Mapulani akuphatikiza kupereka ma gwero athunthu amitundu yogwirizana ndi ma processor a Linux eBPF.
Kusiyana kwakukulu pakati pa kukhazikitsidwa kwa eBPF kwa Windows ndikugwiritsa ntchito njira ina yotsimikizira ma bytecode, yomwe idapangidwa ndi antchito a VMware ndi ofufuza ochokera ku mayunivesite aku Canada ndi Israeli. Wotsimikizira amayendera njira yosiyana, yodzipatula pamalo ogwiritsira ntchito ndipo amagwiritsidwa ntchito asanagwiritse ntchito mapulogalamu a BPF kuti azindikire zolakwika ndikuletsa zochitika zoyipa zomwe zingachitike.
Kuti zitsimikizidwe, eBPF ya Windows imagwiritsa ntchito njira yowunikira mosasunthika yozikidwa pa Abstract Interpretation, yomwe, poyerekeza ndi eBPF verifier ya Linux, imawonetsa kutsika kwabodza kwabodza, imathandizira kusanthula kwa loop, ndikupereka scalability yabwino. Njirayi imaganiziranso njira zambiri zogwirira ntchito zomwe zimapezeka pakuwunika kwa mapulogalamu omwe alipo kale a eBPF.
Pambuyo potsimikizira, bytecode imasamutsidwa kwa womasulira yemwe akuthamanga pamlingo wa kernel, kapena kudutsa mu JIT compiler, kutsatiridwa ndi kuchitidwa kwa makina omwe ali ndi ufulu wa kernel. Kupatula osamalira eBPF pamlingo wa kernel, njira ya HVCI (HyperVisor-enforced Code Integrity) imagwiritsidwa ntchito, yomwe imagwiritsa ntchito zida zachitetezo kuti iteteze njira mu kernel ndikupereka chitsimikiziro cha kukhulupirika kwa code yochitira pogwiritsa ntchito siginecha ya digito. Kuchepetsa kwa HVCI ndikuti kumatha kutsimikizira mapulogalamu a eBPF otanthauziridwa ndipo sangathe kugwiritsidwa ntchito limodzi ndi JIT (muli ndi chisankho cha magwiridwe antchito kapena chitetezo chowonjezera).
Source: opennet.ru