Microsoft yakaburitsa kuisirwa kweiyo eBPF subsystem yeWindows, iyo inokutendera kuti utange zvibatiso zvepombi zvinomhanya padanho rekushandisa kernel. eBPF inopa muturikiri webytecode akavakirwa mukernel, izvo zvinoita kuti zvikwanise kugadzira network mashandiro ekubata akaremerwa kubva munzvimbo yemushandisi, kudzora kuwana uye kutarisa mashandiro ehurongwa. eBPF yakaverengerwa muLinux kernel kubva pakuburitswa 3.18 uye inobvumidza iwe kubata anouya/anobuda network mapaketi, kuendesa packet, bandwidth manejimendi, system call interception, yekuwana kutonga uye kutsvaga. Nekuda kwekushandiswa kweJIT kuunganidza, bytecode inoshandurirwa panhunzi kuita mirairo yemuchina uye inoitwa nekuita kwekodhi yakaunganidzwa. eBPF yeWindows yakavhurika sosi pasi peMIT rezinesi.
eBPF yeWindows inogona kushandiswa nematurusi eBPF aripo uye inopa generic API inoshandiswa kuBPF application paLinux. Pakati pezvimwe zvinhu, purojekiti inokubvumira kuunganidza kodhi yakanyorwa muC mu eBPF bytecode uchishandisa yakajairwa Clang-based eBPF compiler uye kumhanya eBPF inobata yakatogadzirwa kuLinux pamusoro peWindows kernel, ichipa yakakosha kuenderana layer uye inotsigira yakajairwa Libbpf. API yekuenderana nemashandisirwo anodyidzana ne eBPF zvirongwa. Izvi zvinosanganisira zvidimbu zvinopa Linux-sezvikorekedzo zveXDP (eXpress Data Path) uye socket bind, abstracting kupinda kune network stack uye Windows network driver. Zvirongwa zvinosanganisira kupa yakazara sosi kodhi nhanho inoenderana neyakajairwa Linux eBPF processors.
Musiyano wakakosha pakati pekuitwa kweEBPF yeWindows kushandiswa kweimwe nzira yebytecode verifier, yakatanga kutaurwa nevashandi veVMware nevatsvagiri vekuCanada neIsrael mayunivhesiti. Iyo verifier inomhanya mune yakaparadzana, yakasarudzika maitiro munzvimbo yemushandisi uye inoshandiswa isati yaita zvirongwa zveBPF kuona zvikanganiso uye kuvharira zvinogona kuita zvakaipa.
Kuti ionekwe, eBPF yeWindows inoshandisa static yekuongorora nzira yakavakirwa paAbstract Interpretation, iyo, ichienzaniswa neBPF verifier yeLinux, inoratidza yakaderera yenhema yakanaka mwero, inotsigira loop kuongororwa, uye inopa yakanaka scalability. Iyo nzira inofunga akawanda akajairwa maitiro ekuuraya anowanikwa kubva mukuongororwa kwezviripo eBPF zvirongwa.
Mushure mekuongororwa, iyo bytecode inoendeswa kune muturikiri ari kumhanya padanho re kernel, kana kupfuura nemu JIT compiler, inoteverwa nekuita kweinoguma kodhi yemuchina ine kodzero dzekernel. Kuparadzanisa eBPF vanobata padanho rekernel, iyo HVCI (HyperVisor-enforced Code Integrity) nzira inoshandiswa, iyo inoshandisa virtualization maturusi kuchengetedza maitiro mukernel uye inopa simbiso yekuvimbika kwekodhi yekuuraya uchishandisa siginecha yedhijitari. Izvo zvinogumira zveHVCI ndezvekuti zvinongogonesa zvakadudzirwa eBPF zvirongwa uye hazvigone kushandiswa pamwe chete neJIT (iwe une sarudzo yekuita kana kumwe kuchengetedzeka).
Source: opennet.ru