Berkeley Packet Filters (BPF) ke theknoloji ea kernel ea Linux e 'nileng ea e-ba maqepheng a ka pele a likhatiso tsa theknoloji ea Senyesemane ka lilemo tse ngata joale. Likopano li tletse litlaleho tsa tšebeliso le nts'etsopele ea BPF. David Miller, mohlokomeli oa tsamaiso ea tsamaiso ea Linux, o bitsa puo ea hae ho Linux Plumbers 2018 (XDP ke nyeoe e le 'ngoe ea tšebeliso ea BPF). Brendan Gregg o fana ka lipuo tse nang le sehlooho se reng . Toke Høiland-Jørgensen hore kernel joale ke microkernel. Thomas Graf o khothalletsa khopolo ea hore .
Ho ntse ho se na tlhaloso e hlophisitsoeng ea BPF ho Habré, ka hona letotong la lihlooho ke tla leka ho bua ka histori ea thekenoloji, ho hlalosa lisebelisoa tsa meralo le nts'etsopele, le ho hlalosa libaka tsa kopo le tloaelo ea ho sebelisa BPF. Sengoliloeng sena, zero, letotong, se bua ka nalane le meralo ea BPF ea khale, hape e senola liphiri tsa melao-motheo ea ts'ebetso ea eona. tcpdump, seccomp, strace, le tse ling tse ngata.
Nts'etsopele ea BPF e laoloa ke sechaba sa marang-rang sa Linux, lits'ebetso tse kholo tse teng tsa BPF li amana le marang-rang, ka hona, ka tumello. , Ke bitsitse letoto "BPF bakeng sa bana ba banyenyane", ho hlompha letoto le leholo .
Thupelo e khuts'oane nalaneng ea BPF(c)
Theknoloji ea sejoale-joale ea BPF ke mofuta o ntlafalitsoeng le o atolositsoeng oa theknoloji ea khale e nang le lebitso le ts'oanang, eo hajoale e bitsoang BPF ea khale ho qoba pherekano. Sesebelisoa se tsebahalang se thehiloe ho latela BPF ea khale tcpdump, mochine seccomp, hammoho le li-module tse sa tsejoeng haholo xt_bpf etsoe iptables le classifier cls_bpf. Ho Linux ea morao-rao, mananeo a khale a BPF a fetoleloa ka mokhoa o mocha ka mokhoa o mocha, leha ho le joalo, ho ea ka pono ea mosebedisi, API e ntse e le teng 'me litšebeliso tse ncha tsa BPF ea khale, joalokaha re tla bona sehloohong sena, li ntse li fumanoa. Ka lebaka lena, hape hobane ho latela nalane ea nts'etsopele ea BPF ea khale ho Linux, ho tla hlaka le ho feta hore na e bile joang sebopeho sa eona sa sejoale-joale, ke nkile qeto ea ho qala ka sengoloa se buang ka BPF ea khale.
Qetellong ea lilemo tse mashome a robeli tsa lekholo la ho qetela la lilemo, baenjiniere ba tsoang ho Lawrence Berkeley Laboratory e tummeng ba ile ba thahasella potso ea hore na u ka sefa joang lipakete tsa marang-rang ho hardware e neng e le ea morao-rao ho elella bofelong ba lilemo tse mashome a robeli tsa lekholo le fetileng la lilemo. Mohopolo oa mantlha oa ho sefa, o qalileng ho sebelisoa ho theknoloji ea CSPF (CMU/Stanford Packet Filter), e ne e le ho sefa lipakete tse sa hlokahaleng kapele kamoo ho ka khonehang, ke hore. sebakeng sa kernel, kaha sena se qoba ho kopitsa data e sa hlokahaleng sebakeng sa mosebelisi. Ho fana ka ts'ireletso ea nako ea ho sebetsa bakeng sa ho tsamaisa khoutu ea mosebelisi sebakeng sa kernel, ho ile ha sebelisoa mochini o hlakileng oa sandboxed.
Leha ho le joalo, mechini e fumanehang bakeng sa li-filters tse seng li ntse li le teng e ne e etselitsoe ho sebetsa ka mechini e thehiloeng ho li-stack mme e ne e sa sebetse hantle metjhini e mecha ea RISC. Ka lebaka leo, ka boiteko ba baenjiniere ba Berkeley Labs, theknoloji e ncha ea BPF (Berkeley Packet Filters) e ile ea ntlafatsoa, mohaho oa mochine o hlophisitsoeng o thehiloeng ho processor ea Motorola 6502 - mosebetsi o mongata oa lihlahisoa tse tsebahalang joalo ka. kapa . Mochini o mocha oa sebele o ile oa eketsa ts'ebetso ea filthara makhetlo a mashome ha ho bapisoa le litharollo tse teng.
Mehaho ea mochini oa BPF
Re tla tloaelana le meaho ka mokhoa o sebetsang, ho sekaseka mehlala. Leha ho le joalo, ho qala ka, ha re re mochine o ne o e-na le lirekoto tse peli tsa 32-bit tse fumanehang ho mosebedisi, accumulator. A le rejisetara ea index X, 64 bytes of memory (mantsoe a 16), e fumanehang bakeng sa ho ngola le ho bala ka mor'a moo, le tsamaiso e nyenyane ea litaelo bakeng sa ho sebetsa ka lintho tsena. Litaelo tsa ho qhomela bakeng sa ho kenya ts'ebetsong lipolelo tsa maemo li ne li boetse li fumaneha mananeong, empa ho tiisa ho phethoa ha lenaneo ka nako, ho qhomela ho ka etsoa feela, ke hore, haholo-holo, ho ne ho thibetsoe ho etsa li-loops.
Morero o akaretsang oa ho qala mochini o tjena. Mosebelisi o etsa lenaneo bakeng sa meralo ea BPF le, a sebelisa ba bang kernel mechanism (joalo ka mohala oa sistimi), e jarisa le ho hokela lenaneo ho ho ba bang ho jenereithara ea ketsahalo ka har'a kernel (mohlala, ketsahalo ke ho fihla ha pakete e latelang kareteng ea marang-rang). Ha ketsahalo e etsahala, kernel e tsamaisa lenaneo (mohlala, ho toloko), 'me mohopolo oa mochine o lumellana le ho ba bang sebaka sa memori ea kernel (mohlala, data ea pakete e kenang).
Lintlha tse ka holimo li tla lekana hore re qale ho sheba mehlala: re tla tloaelana le tsamaiso le mokhoa oa taelo ha ho hlokahala. Haeba u batla ho ithuta hang-hang tsamaiso ea taelo ea mochine oa sebele 'me u ithute ka bokhoni bohle ba eona, joale u ka bala sehlooho sa pele. le/kapa halofo ya pele ya faele ho tsoa litokomaneng tsa kernel. Ho phaella moo, u ka ithuta nehelano , moo McCanne, e mong oa bangoli ba BPF, a buang ka histori ea pōpo libpcap.
Re tsoela pele ho nahana ka mehlala eohle ea bohlokoa ea ho sebelisa BPF ea khale ho Linux: tcpdump (libpcap), ho kopa, xt_bpf, cls_bpf.
tcpdump
Nts'etsopele ea BPF e entsoe ka mokhoa o ts'oanang le nts'etsopele ea pele bakeng sa ho sefa lipakete - sesebelisoa se tsebahalang. tcpdump. Mme, kaha ona ke mohlala oa khale le o tsebahalang oa ho sebelisa BPF ea khale, e fumanehang lits'ebetsong tse ngata tsa ts'ebetso, re tla qala thuto ea rona ea theknoloji ka eona.
(Ke tsamaisitse mehlala eohle sengolong sena ho Linux 5.6.0-rc6. Sephetho sa litaelo tse ling se hlophisitsoe hore se baloe hamolemo.)
Mohlala: ho shebella lipakete tsa IPv6
Ha re nahane hore re batla ho sheba lipakete tsohle tsa IPv6 ho sehokelo eth0. Ho etsa sena re ka tsamaisa lenaneo tcpdump ka sefe e bonolo ip6:
$ sudo tcpdump -i eth0 ip6Kahoo tcpdump e bokella sefe ip6 ho ea kaho ea kaho ea BPF 'me u e romelle ho kernel (sheba lintlha tse karolong ). Sefahla se kentsoeng se tla sebetsoa bakeng sa pakete e 'ngoe le e' ngoe e fetang har'a sebopeho eth0. Haeba sefe se khutlisa boleng boo e seng lefela n, ebe ho fihlela n li-byte tsa pakete li tla kopitsoa sebakeng sa mosebelisi 'me re tla e bona tlhahiso tcpdump.
Hoa fumaneha hore re ka fumana habonolo hore na ke bytecode e rometsoeng kernel tcpdump ka thuso ea tcpdump, haeba re e tsamaisa ka khetho -d:
$ sudo tcpdump -i eth0 -d ip6
(000) ldh [12]
(001) jeq #0x86dd jt 2 jf 3
(002) ret #262144
(003) ret #0Moleng oa zero re tsamaisa taelo ldh [12], e bolelang “load into register A halofo ea lentsoe (16 bits) e atereseng ea 12" 'me potso feela ke hore na re bua ka mohopolo oa mofuta ofe? Karabo ke hore ho x e qala (x+1)th byte ea pakete ea marang-rang e hlahlobiloeng. Re bala lipakete ho tsoa ho sebopeho sa Ethernet eth0le sena hore pakete e shebahala tjena (bakeng sa ho nolofatsa, re nahana hore ha ho na li-tag tsa VLAN ka paketeng):
6 6 2
|Destination MAC|Source MAC|Ether Type|...|Kahoo ka mor'a ho phethahatsa taelo ldh [12] bukeng ea ngoliso A ho tla ba le tšimo Ether Type - mofuta oa pakete e fetisoang ka foreimi ena ea Ethernet. Moleng oa 1 re bapisa litaba tsa rejisetara A (mofuta oa sephutheloana) c 0x86ddle sena Mofuta oo re o ratang ke IPv6. Moleng oa 1, ntle le taelo ea papiso, ho na le litšiea tse ling tse peli - jt 2 и jf 3 - matšoao ao u lokelang ho ea ho 'ona haeba papiso e atlehile (A == 0x86dd) mme ha e atlehe. Kahoo, tabeng e atlehileng (IPv6) re ea moleng oa 2, 'me boemong bo sa atleheng - ho ea moleng oa 3. Moleng oa 3 lenaneo le fela ka khoutu 0 (u se ke ua kopitsa pakete), mocheng oa 2 lenaneo le fela ka khoutu. 262144 (kopitsa sephutheloana sa boholo ba 256 kilobytes).
Mohlala o rarahaneng ho feta: re sheba lipakete tsa TCP ka boema-kepe ba ho ea
Ha re boneng hore na filthara e shebahala joang e kopitsang lipakete tsohle tsa TCP tse nang le port ea 666. Re tla nahana ka nyeoe ea IPv4, kaha nyeoe ea IPv6 e bonolo haholoanyane. Kamora ho ithuta ka mohlala ona, o ka itlhahlobela sefa ea IPv6 joalo ka boikoetliso (ip6 and tcp dst port 666) le sefe bakeng sa nyeoe e akaretsang (tcp dst port 666). Kahoo, filthara eo re e ratang e shebahala tjena:
$ sudo tcpdump -i eth0 -d ip and tcp dst port 666
(000) ldh [12]
(001) jeq #0x800 jt 2 jf 10
(002) ldb [23]
(003) jeq #0x6 jt 4 jf 10
(004) ldh [20]
(005) jset #0x1fff jt 10 jf 6
(006) ldxb 4*([14]&0xf)
(007) ldh [x + 16]
(008) jeq #0x29a jt 9 jf 10
(009) ret #262144
(010) ret #0Re se re tseba hore na mela ea 0 le 1 e etsa eng. Moleng oa 2 re se re hlahlobile hore ena ke pakete ea IPv4 (Mofuta oa Ether = 0x800) ebe o e kenya bukeng A 24th byte ea pakete. Sephutheloana sa rona se shebahala joalo
14 8 1 1
|ethernet header|ip fields|ttl|protocol|...|ho bolelang hore re kenya ka har'a rejisetara A tšimo ea Protocol ea sehlooho sa IP, e leng ntho e utloahalang, hobane re batla ho kopitsa lipakete tsa TCP feela. Re bapisa Protocol le 0x6 () moleng oa 3.
Meleng ea 4 le ea 5 re kenya mantsoe a halofo a fumanehang atereseng ea 20 ebe re sebelisa taelo jset hlahloba hore na e 'ngoe ea tse tharo e setiloe - ho roala maske a fanoeng jset lintlha tse tharo tsa bohlokoa li hlakotsoe. Tse peli ho tse tharo li re bolella hore na pakete ke karolo ea pakete ea IP e arohaneng, 'me haeba ho joalo, hore na ke sekhechana sa ho qetela. Karolo ea boraro e bolokiloe 'me e tlameha ho ba zero. Ha re batle ho hlahloba lipakete tse sa fellang kapa tse robehileng, kahoo re hlahloba likotoana tse tharo kaofela.
Mola oa 6 ke oona o khahlang haholo lethathamong lena. Tlhaloso ldxb 4*([14]&0xf) ho bolela hore re kenya ka har'a rejisetara X lintlha tse 'ne tse bohlokoa haholo tsa li-byte tse leshome le metso e mehlano tsa pakete e atisitsoeng ka 4. Li-bits tse 'ne tse bohlokoa haholo tsa bite ea leshome le metso e mehlano ke lebala. Sehlooho sa IPv4, se bolokang bolelele ba hlooho ka mantsoe, kahoo o hloka ho atisa ka 4. Hoa thahasellisa hore polelo 4*([14]&0xf) ke lebitso la sekema se khethehileng sa liaterese se ka sebelisoang feela ka foromo ena le bakeng sa rejisetara feela X, ke. le rona re ka se bue ldb 4*([14]&0xf) le hona ldxb 5*([14]&0xf) (re ka hlalosa feela offset e fapaneng, mohlala, ldxb 4*([16]&0xf)). Ho hlakile hore morero ona oa ho rarolla o ile oa eketsoa ho BPF ka nepo e le hore o ka amohela X (rejisetara ea index) bolelele ba lihlooho tsa IPv4.
Kahoo moleng oa 7 re leka ho kenya halofo ea lentsoe ho (X+16). Ho hopola hore li-byte tse 14 li tšoaretsoe ke hlooho ea Ethernet, le X e na le bolelele ba sehlooho sa IPv4, re utloisisa hore ho A Boema-kepe ba TCP bo kentsoe:
14 X 2 2
|ethernet header|ip header|source port|destination port|Qetellong, moleng oa 8 re bapisa boema-kepe le boleng bo lakatsehang mme meleng ea 9 kapa 10 re khutlisa sephetho - hore na re kopitsa pakete kapa che.
Tcpdump: loading
Mehlaleng e fetileng, ka ho khetheha ha rea ka ra lula ka botlalo mabapi le hore na re kenya BPF bytecode joang ka har'a kernel bakeng sa ho sefa lipakete. Ka kakaretso, tcpdump e fetisetsoa ho litsamaiso tse ngata le ho sebetsa ka li-filters e sebelisa laebrari . Ka bokhuts'oane, ho beha filthara ho sehokelo o sebelisa libpcap, o hloka ho etsa tse latelang:
- theha mofuta o hlalosang
pcap_tho tsoa ho lebitso la sebopeho: , - kenya tšebetsong interface: ,
- bokella filthara: ,
- hokela sefe: .
Ho bona kamoo tshebetso pcap_setfilter e sebelisitsoeng ho Linux, re e sebelisa strace (mehala e meng e tlositsoe):
$ sudo strace -f -e trace=%network tcpdump -p -i eth0 ip
socket(AF_PACKET, SOCK_RAW, 768) = 3
bind(3, {sa_family=AF_PACKET, sll_protocol=htons(ETH_P_ALL), sll_ifindex=if_nametoindex("eth0"), sll_hatype=ARPHRD_NETROM, sll_pkttype=PACKET_HOST, sll_halen=0}, 20) = 0
setsockopt(3, SOL_SOCKET, SO_ATTACH_FILTER, {len=4, filter=0xb00bb00bb00b}, 16) = 0
...Meleng e 'meli ea pele ea tlhahiso eo re e bōpang ho bala liforeimi tsohle tsa Ethernet le ho e tlama sehokelong eth0. Ho tloha rea tseba hore sefe ip e tla ba le litaelo tse 'nè tsa BPF,' me moleng oa boraro re bona mokhoa oa ho sebelisa khetho pitso ea tsamaiso setsockopt re kenya le ho kopanya sefa sa bolelele ba 4. Ena ke sefe ea rona.
Ke habohlokoa ho hlokomela hore ho BPF ea khale, ho kenya le ho hokahanya filthara kamehla ho etsahala e le ts'ebetso ea athomo, 'me phetolelong e ncha ea BPF, ho kenya lenaneo le ho le tlama ho jenereithara ea ketsahalo ho aroloa ka nako.
'Nete e Patiloeng
Phetolelo e felletseng haholoanyane ea tlhahiso e shebahala tjena:
$ sudo strace -f -e trace=%network tcpdump -p -i eth0 ip
socket(AF_PACKET, SOCK_RAW, 768) = 3
bind(3, {sa_family=AF_PACKET, sll_protocol=htons(ETH_P_ALL), sll_ifindex=if_nametoindex("eth0"), sll_hatype=ARPHRD_NETROM, sll_pkttype=PACKET_HOST, sll_halen=0}, 20) = 0
setsockopt(3, SOL_SOCKET, SO_ATTACH_FILTER, {len=1, filter=0xbeefbeefbeef}, 16) = 0
recvfrom(3, 0x7ffcad394257, 1, MSG_TRUNC, NULL, NULL) = -1 EAGAIN (Resource temporarily unavailable)
setsockopt(3, SOL_SOCKET, SO_ATTACH_FILTER, {len=4, filter=0xb00bb00bb00b}, 16) = 0
...Joalokaha ho boletsoe ka holimo, re kenya le ho hokahanya sefe ea rona le soketeng e moleng oa 5, empa ho etsahala'ng meleng ea 3 le ea 4? Hoa etsahala hore sena libpcap ea re hlokomela - e le hore tlhahiso ea filthara ea rona e se ke ea kenyelletsa lipakete tse sa e khotsofatse, laeborari sesefa sa dummy ret #0 (lahla lipakete tsohle), o fetola sokete ho mokhoa o sa thibeleng ebe o leka ho tlosa lipakete tsohle tse ka setseng ho li-filters tse fetileng.
Ka kakaretso, ho sefa liphutheloana ho Linux u sebelisa BPF ea khale, o hloka ho ba le sefahla ka sebopeho sa sebopeho se joalo struct sock_fprog le sokete e bulehileng, ka mor'a moo sefahla se ka kopanngoa le soketeng ho sebelisa mohala oa tsamaiso setsockopt.
Ho khahlisang, filthara e ka hokelloa ho sokete efe kapa efe, eseng feela e tala. Mona lenaneo le khaolang li-byte tsohle ntle le tse peli tsa pele ho li-datagram tsohle tse kenang tsa UDP. (Ke kentse maikutlo ka har'a khoutu hore ke se ke ka kopanya sengoloa.)
Lintlha tse ling mabapi le tšebeliso setsockopt bakeng sa ho hokahanya lihloela, bona , empa ka ho ngola li-filters tsa hau joalo ka struct sock_fprog ntle le thuso tcpdump re tla bua karolong .
BPF ea khale le lekholong la boXNUMX la lilemo
BPF e kenyelelitsoe ho Linux ka 1997 mme e ntse e le papali ka nako e telele libpcap ntle le liphetoho tse khethehileng (liphetoho tse khethehileng tsa Linux, ehlile, , empa ha lia ka tsa fetola setšoantšo sa lefatše). Matšoao a pele a tebileng a hore BPF e tla fetoha a fihlile ka 2011, ha Eric Dumazet a etsa tlhahiso , e eketsang Just In Time Compiler ho kernel - mofetoleli bakeng sa ho fetolela BPF bytecode ho ea tlhaho x86_64 khoutu.
JIT compiler e bile oa pele letotong la liphetoho: ka 2012 bokgoni ba ho ngola disefe bakeng sa , ho sebelisa BPF, ka January 2013 ho ne ho mojule xt_bpf, e lumellang hore u ngole melao bakeng sa iptables ka thuso ea BPF, 'me ka October 2013 e ne e hape le mojule cls_bpf, e u lumellang hore u ngole lihlopha tsa sephethephethe u sebelisa BPF.
Re tla sheba mehlala ena kaofela ka botlalo haufinyane, empa pele ho tla ba molemo ho rona ho ithuta ho ngola le ho bokella mananeo a ikhethileng bakeng sa BPF, kaha bokhoni bo fanoeng ke laeborari. libpcap limited (mohlala o bonolo: sefahla se hlahisoang libpcap e ka khutlisa litekanyetso tse peli feela - 0 kapa 0x40000) kapa ka kakaretso, joalo ka seccomp, ha e sebetse.
Ho etsa BPF ka matsoho a rona
Ha re tloaelane le sebopeho sa binary sa litaelo tsa BPF, se bonolo haholo:
16 8 8 32
| code | jt | jf | k |Taelo e 'ngoe le e' ngoe e na le li-bits tse 64, moo li-bits tse 16 tsa pele e leng khoutu ea litaelo, ebe ho na le li-indent tse peli tse robeli. jt и jf, le likotoana tse 32 bakeng sa khang K, morero oa oona o fapana ho ea ka taelo e ’ngoe ho ea ho e ’ngoe. Ka mohlala, taelo ret, e felisang lenaneo le na le khoutu 6, 'me boleng ba ho khutla bo nkoa ho tloha kamehla K. Ho C, taelo e le 'ngoe ea BPF e emeloa e le sebopeho
struct sock_filter {
__u16 code;
__u8 jt;
__u8 jf;
__u32 k;
}mme lenaneo lohle le ka sebopeho sa sebopeho
struct sock_fprog {
unsigned short len;
struct sock_filter *filter;
}Kahoo, re se re ntse re ka ngola mananeo (mohlala, re tseba melao ea litaelo ho tloha ). Sena ke tsela eo filthara e tla shebahala ka eona ip6 ho tswa :
struct sock_filter code[] = {
{ 0x28, 0, 0, 0x0000000c },
{ 0x15, 0, 1, 0x000086dd },
{ 0x06, 0, 0, 0x00040000 },
{ 0x06, 0, 0, 0x00000000 },
};
struct sock_fprog prog = {
.len = ARRAY_SIZE(code),
.filter = code,
};lenaneo prog re ka sebelisa ka molao pitsong
setsockopt(sk, SOL_SOCKET, SO_ATTACH_FILTER, &prog, sizeof(prog))Ho ngola mananeo ka mokhoa oa likhoutu tsa mochini ha ho bonolo haholo, empa ka linako tse ling hoa hlokahala (mohlala, bakeng sa ho lokisa liphoso, ho etsa liteko tsa yuniti, ho ngola lingoliloeng ho Habré, joalo-joalo). Bakeng sa boiketlo, ho file <linux/filter.h> li-macros tsa thuso li hlalosoa - mohlala o tšoanang le o ka holimo o ka ngoloa hape e le
struct sock_filter code[] = {
BPF_STMT(BPF_LD|BPF_H|BPF_ABS, 12),
BPF_JUMP(BPF_JMP|BPF_JEQ|BPF_K, ETH_P_IPV6, 0, 1),
BPF_STMT(BPF_RET|BPF_K, 0x00040000),
BPF_STMT(BPF_RET|BPF_K, 0),
}Leha ho le joalo, khetho ena ha e bonolo haholo. Sena ke seo baetsi ba li-program tsa Linux kernel ba ileng ba se beha mabaka, ka hona, bukeng lithollo u ka fumana sekopanyi le debugger bakeng sa ho sebetsa le BPF ea khale.
Puo ea kopano e ts'oana haholo le tlhahiso ea debug tcpdump, empa ho phaella moo re ka hlakisa li-labels tsa tšoantšetso. Mohlala, mona ke lenaneo le lahlelang lipakete tsohle ntle le TCP/IPv4:
$ cat /tmp/tcp-over-ipv4.bpf
ldh [12]
jne #0x800, drop
ldb [23]
jneq #6, drop
ret #-1
drop: ret #0Ka kamehla, sephutheli se hlahisa khoutu ka sebopeho <количество инструкций>,<code1> <jt1> <jf1> <k1>,..., mohlala oa rona le TCP e tla ba
$ tools/bpf/bpf_asm /tmp/tcp-over-ipv4.bpf
6,40 0 0 12,21 0 3 2048,48 0 0 23,21 0 1 6,6 0 0 4294967295,6 0 0 0,Bakeng sa boiketlo ba li-program tsa C, ho ka sebelisoa sebopeho se fapaneng sa tlhahiso:
$ tools/bpf/bpf_asm -c /tmp/tcp-over-ipv4.bpf
{ 0x28, 0, 0, 0x0000000c },
{ 0x15, 0, 3, 0x00000800 },
{ 0x30, 0, 0, 0x00000017 },
{ 0x15, 0, 1, 0x00000006 },
{ 0x06, 0, 0, 0xffffffff },
{ 0x06, 0, 0, 0000000000 },Sengolwa sena se ka kopitswa ho tlhaloso ya sebopeho sa mofuta struct sock_filter, joalokaha re entse qalong ea karolo ena.
Linux le netsniff-ng extensions
Ho phaella ho BPF e tloaelehileng, Linux le tools/bpf/bpf_asm tšehetso le . Ha e le hantle, litaelo li sebelisoa ho fihlella masimo a sebopeho struct sk_buff, e hlalosang pakete ea marang-rang ka har'a kernel. Leha ho le joalo, ho boetse ho na le mefuta e meng ea litaelo tsa bathusi, mohlala ldw cpu e tla kenya ka har'a rejisetara A sephetho sa ho tsamaisa mosebetsi wa kernel raw_smp_processor_id(). (Phetolelong e ncha ea BPF, likeketso tsena tse sa tloaelehang li atolositsoe ho fana ka mananeo a nang le sehlopha sa bathusi ba kernel bakeng sa ho fihlella mohopolo, meaho le liketsahalo tse hlahisang.) Mona ke mohlala o khahlisang oa sefa seo ho sona re kopitsang feela pakete lihlooho sebakeng sa mosebelisi o sebelisa katoloso poff, ho fokotsa chelete ea moputso:
ld poff
ret aLi-extensions tsa BPF li ke ke tsa sebelisoa ho tcpdump, empa lena ke lebaka le letle la ho tloaelana le sephutheloana sa lisebelisoa , eo, har'a lintho tse ling, e nang le lenaneo le tsoetseng pele netsniff-ng, eo, ntle le ho sefa ho sebelisa BPF, e boetse e na le jenereithara e sebetsang ea sephethephethe, le e tsoetseng pele ho feta tools/bpf/bpf_asm, sekopanyi sa BPF se ile sa bitsa bpfc. Sephutheloana se na le litokomane tse qaqileng haholo, bona le lihokelo tse qetellong ea sengoloa.
seccomp
Kahoo, re se re ntse re tseba ho ngola mananeo a BPF a ho rarahana ka mokhoa o feteletseng 'me re itokiselitse ho sheba mehlala e mecha, ea pele e leng thekenoloji ea seccomp, e lumellang, ho sebelisa li-filters tsa BPF, ho laola sete le sete ea likhang tsa mohala oa tsamaiso tse fumanehang ho. mokgoa o fanoeng le ditloholo tsa ona.
Mofuta oa pele oa seccomp o ile oa eketsoa kernel ka 2005 mme o ne o sa tuma haholo, kaha o ne o fana ka khetho e le 'ngoe feela - ho fokotsa sete ea mehala ea sistimi e fumanehang ts'ebetsong ho tse latelang: read, write, exit и sigreturn, mme mokhoa o tlotseng melao o bolailoe ho sebelisoa SIGKILL. Leha ho le joalo, ka 2012, seccomp e ekelitse bokhoni ba ho sebelisa li-filters tsa BPF, e leng se u lumellang hore u hlalose sete ea mehala e lumelletsoeng ea tsamaiso esita le ho hlahloba likhang tsa bona. (Hoa thahasellisa hore Chrome e ne e le e mong oa basebelisi ba pele ba ts'ebetso ena, 'me hona joale batho ba Chrome ba ntse ba hlahisa mochine oa KRSI o thehiloeng ho mofuta o mocha oa BPF le ho lumella ho iketsetsa Linux Security Modules.) Lihokelo tsa litokomane tse ling li ka fumanoa qetellong. ea sehlooho.
Hlokomela hore ho se ho ntse ho e-na le lihlooho tse mabapi le ho sebelisa seccomp, mohlomong motho e mong o tla batla ho li bala pele (kapa sebakeng sa) ho bala likaroloana tse latelang. Sehloohong e fana ka mehlala ea ho sebelisa seccomp, mofuta oa 2007 le phetolelo e sebelisang BPF (li-filters li hlahisoa ka libseccomp), e bua ka ho hokahanya ha seccomp le Docker, hape e fana ka lihokelo tse ngata tse molemo. Sehloohong E akaretsa, haholo-holo, mokhoa oa ho kenyelletsa li-blacklists kapa li-whitelist tsa lifono tsa sistimi bakeng sa li-daemone tse tsamaisang systemd.
E latelang re tla bona mokhoa oa ho ngola le ho kenya li-filters bakeng sa seccomp ka bare C le ho sebelisa laebrari libseccomp le melemo le likotsi tsa khetho ka 'ngoe ke life, 'me qetellong, a re boneng hore na seccomp e sebelisoa joang ke lenaneo strace.
Ho ngola le ho kenya li-filters bakeng sa seccomp
Re se re tseba ho ngola mananeo a BPF, ka hona, a re qaleng ka ho sheba sebopeho sa seccomp programming. U ka seta filthara boemong ba ts'ebetso, 'me lits'ebetso tsohle tsa bana li tla rua lithibelo. Sena se etsoa ka ho sebelisa mohala oa sistimi :
seccomp(SECCOMP_SET_MODE_FILTER, flags, &filter)moo &filter - sena ke sesupo sa sebopeho se seng se ntse se tloaeleha ho rona struct sock_fprog, ke. Lenaneo la BPF.
Mananeo a seccomp a fapana joang le mananeo a li-sockets? Boemo bo fetisitsoeng. Tabeng ea li-sockets, re ile ra fuoa sebaka sa mohopolo se nang le pakete, 'me tabeng ea seccomp re ile ra fuoa sebopeho se kang
struct seccomp_data {
int nr;
__u32 arch;
__u64 instruction_pointer;
__u64 args[6];
};ke nr ke nomoro ea mohala oa sistimi e tlang ho qala, arch - meralo ea hajoale (ho feta mona ka tlase), args - ho fihlela ho tse tšeletseng tsamaiso bitsa likhang, le instruction_pointer ke sesupo sa taelo ea sebaka sa mosebelisi e entseng hore sistimi e letse. Ka hona, ho etsa mohlala, ho kenya nomoro ea mohala oa sistimi ho ngodisa A re tlameha ho bua
ldw [0]Ho na le likarolo tse ling bakeng sa mananeo a seccomp, mohlala, moelelo oa taba o ka fihlelleha feela ka tlhophiso ea 32-bit mme o ke ke oa kenya halofo ea lentsoe kapa byte - ha o leka ho kenya sefahla. ldh [0] pitso ea tsamaiso seccomp e tla khutla EINVAL. Mosebetsi o hlahloba li-filters tse kentsoeng lithollo. (Ntho e qabolang ke hore, boitlamo ba mantlha bo kenyellelitseng ts'ebetso ea seccomp, ba lebetse ho eketsa tumello ea ho sebelisa taelo ts'ebetsong ena. mod (karohano e setseng) 'me ha e sa fumaneha bakeng sa mananeo a seccomp BPF, ho tloha ha e eketsoa ABI.)
Ha e le hantle, re se re ntse re tseba tsohle ho ngola le ho bala mananeo a seccomp. Hangata, logic ea lenaneo e hlophisitsoe e le lethathamo le lesoeu kapa le letšo la mehala ea sistimi, mohlala, lenaneo
ld [0]
jeq #304, bad
jeq #176, bad
jeq #239, bad
jeq #279, bad
good: ret #0x7fff0000 /* SECCOMP_RET_ALLOW */
bad: ret #0e hlahloba lethathamo la li-call tse 'nè tsa tsamaiso ea 304, 176, 239, 279. Mehala ee ea tsamaiso ke efe? Re ke ke ra bolela ka tieo, kaha ha re tsebe hore na lenaneo lena le ngotsoe ka tsela efe. Ka hona, bangoli ba seccomp qala mananeo ohle ka tlhahlobo ea meaho (moaho oa hajoale o bonts'itsoe moelelong joalo ka tšimo arch dibopeho struct seccomp_data). Ha moralo o hlahlobiloe, qalo ea mohlala e ne e tla shebahala tjena:
ld [4]
jne #0xc000003e, bad_arch ; SCMP_ARCH_X86_64'me joale linomoro tsa rona tsa mohala li tla fumana boleng bo itseng.
Re ngola le ho kenya li-filters bakeng sa ho sebelisa seccomp libseccomp
Ho ngola li-filters ka khoutu ea matsoalloa kapa kopanong ea BPF ho u lumella ho ba le taolo e felletseng holim'a sephetho, empa ka nako e ts'oanang, ka linako tse ling hoa rateha ho ba le khoutu e nkehang le / kapa e ka baloang. Laeborari e tla re thusa ka sena , e fanang ka sebopeho se tloaelehileng sa ho ngola li-filters tse ntšo kapa tse tšoeu.
Ka mohlala, ha re ngole lenaneo le tsamaisang faele ea binary eo mosebelisi a e khethileng, e kentse pele lethathamo le letšo la mehala ea sistimi e tsoang ho. (lenaneo le nolofalitsoe hore le balehe haholoanyane, phetolelo e felletseng e ka fumanoa ):
#include <seccomp.h>
#include <unistd.h>
#include <err.h>
static int sys_numbers[] = {
__NR_mount,
__NR_umount2,
// ... еще 40 системных вызовов ...
__NR_vmsplice,
__NR_perf_event_open,
};
int main(int argc, char **argv)
{
scmp_filter_ctx ctx = seccomp_init(SCMP_ACT_ALLOW);
for (size_t i = 0; i < sizeof(sys_numbers)/sizeof(sys_numbers[0]); i++)
seccomp_rule_add(ctx, SCMP_ACT_TRAP, sys_numbers[i], 0);
seccomp_load(ctx);
execvp(argv[1], &argv[1]);
err(1, "execlp: %s", argv[1]);
}Pele re hlalosa sehlopha sys_numbers ea 40+ tsamaiso ea linomoro tsa mohala ho thibela. Ebe u qala moelelo oa taba ctx le ho bolella laeborari seo re batlang ho se lumella (SCMP_ACT_ALLOW) mehala eohle ea sistimi ka mokhoa o ikhethileng (ho bonolo ho theha manane a mabe). Ebe, ka bonngoe, re eketsa mehala eohle ea sistimi ho tsoa lenaneng le letšo. Ho arabela mohala oa sistimi ho tsoa lenaneng, rea kopa SCMP_ACT_TRAP, tabeng ena seccomp e tla romela letšoao ts'ebetsong SIGSYS ka tlhaloso ya hore na ke pitso ya tsamaiso efe e tlotseng melao. Qetellong, re kenya lenaneo ka har'a kernel re sebelisa seccomp_load, e tla bokella lenaneo le ho e hokahanya le ts'ebetso ho sebelisa mohala oa tsamaiso seccomp(2).
Bakeng sa ho hlophisoa ka katleho, lenaneo le tlameha ho amahanngoa le laeborari libseccompmohlala:
cc -std=c17 -Wall -Wextra -c -o seccomp_lib.o seccomp_lib.c
cc -o seccomp_lib seccomp_lib.o -lseccompMohlala oa qalo e atlehileng:
$ ./seccomp_lib echo ok
okMohlala oa mohala o thibetsoeng oa sistimi:
$ sudo ./seccomp_lib mount -t bpf bpf /tmp
Bad system callRe sebelisa stracebakeng sa lintlha:
$ sudo strace -e seccomp ./seccomp_lib mount -t bpf bpf /tmp
seccomp(SECCOMP_SET_MODE_FILTER, 0, {len=50, filter=0x55d8e78428e0}) = 0
--- SIGSYS {si_signo=SIGSYS, si_code=SYS_SECCOMP, si_call_addr=0xboobdeadbeef, si_syscall=__NR_mount, si_arch=AUDIT_ARCH_X86_64} ---
+++ killed by SIGSYS (core dumped) +++
Bad system callre ka tseba joang hore lenaneo le felisitsoe ka lebaka la ts'ebeliso ea mohala o seng molaong oa sistimi mount(2).
Kahoo, re ile ra ngola filthara re sebelisa laebrari libseccomp, ho kenya khoutu e sa reng letho ka mela e mene. Mohlala o ka holimo, haeba ho na le palo e kholo ea mehala ea tsamaiso, nako ea ts'ebetso e ka fokotseha ka mokhoa o hlakileng, kaha cheke ke lethathamo la lipapiso. Bakeng sa ntlafatso, libseccomp e sa tsoa etsoa , e eketsang tšehetso bakeng sa tšobotsi ea sefe SCMP_FLTATR_CTL_OPTIMIZE. Ho beha tšobotsi ena ho 2 ho tla fetola sefa hore e be lenaneo la ho batla la binary.
Haeba u batla ho bona hore na li-filters tsa lipatlisiso tsa binary li sebetsa joang, sheba , e hlahisang mananeo a joalo ho BPF assembler ka ho letsetsa linomoro tsa mohala oa tsamaiso, mohlala:
$ echo 1 3 6 8 13 | ./generate_bin_search_bpf.py
ld [0]
jeq #6, bad
jgt #6, check8
jeq #1, bad
jeq #3, bad
ret #0x7fff0000
check8:
jeq #8, bad
jeq #13, bad
ret #0x7fff0000
bad: ret #0Ha ho khonehe ho ngola ntho leha e le efe ka potlako haholo, kaha mananeo a BPF ha a khone ho etsa li-jump indentation (ka mohlala, re ke ke ra etsa joalo. jmp A kapa jmp [label+X]) 'me ka hona liphetoho tsohle li tsitsitse.
seccomp le strace
Motho e mong le e mong o tseba lisebelisoa strace ke sesebelisoa sa bohlokoa bakeng sa ho ithuta boitšoaro ba lits'ebetso ho Linux. Leha ho le joalo, ba bangata le bona ba utloile ka ha o sebelisa sesebelisoa sena. 'Nete ke hore strace kenngwa tshebetsong ka ho sebedisa ptrace(2), 'me ka mochine ona re ke ke ra hlakisa hore na ke sete ea tsamaiso efe eo re e hlokang ho emisa ts'ebetso, ke hore, mohlala, litaelo.
$ time strace du /usr/share/ >/dev/null 2>&1
real 0m3.081s
user 0m0.531s
sys 0m2.073sи
$ time strace -e open du /usr/share/ >/dev/null 2>&1
real 0m2.404s
user 0m0.193s
sys 0m1.800sli sebetsoa hoo e ka bang ka nako e ts'oanang, le hoja tabeng ea bobeli re batla ho latela mohala o le mong feela oa tsamaiso.
Khetho e ncha --seccomp-bpf, e kenyellelitsoe ho strace mofuta oa 5.3, e u lumella ho potlakisa ts'ebetso hangata mme nako ea ho qala tlasa mohala o le mong oa mohala o se o bapisoa le nako ea ho qala kamehla:
$ time strace --seccomp-bpf -e open du /usr/share/ >/dev/null 2>&1
real 0m0.148s
user 0m0.017s
sys 0m0.131s
$ time du /usr/share/ >/dev/null 2>&1
real 0m0.140s
user 0m0.024s
sys 0m0.116s(Mona, ehlile, ho na le thetso e nyane ka hore ha re latele mohala oa mantlha oa taelo ena. Haeba re ne re latela mohlala, mohlala, newfsstat, joale strace e ne e tla robeha ka thata joalo ka ntle --seccomp-bpf.)
Khetho ee e sebetsa joang? Ntle le yena strace e hokahana le ts'ebetso mme e qala ho e sebelisa PTRACE_SYSCALL. Ha ts'ebetso e laoloang e fana ka mohala (eng kapa ofe) oa sistimi, taolo e fetisetsoa ho strace, e shebaneng le likhang tsa mohala oa sistimi mme e e tsamaisa le PTRACE_SYSCALL. Kamora nako e itseng, ts'ebetso e phethela mohala oa sistimi mme ha o e tsoa, taolo e fetisoa hape strace, e shebileng boleng ba ho khutla mme e qala ts'ebetso e sebelisa PTRACE_SYSCALL, joalo joalo.
Leha ho le joalo, ka seccomp, ts'ebetso ena e ka ntlafatsoa hantle kamoo re ka ratang kateng. E leng, haeba re batla ho sheba feela pitso ea tsamaiso X, joale re ka ngola BPF filtara hore bakeng sa X boleng ba ho khutlisa SECCOMP_RET_TRACE, le mehala eo re sa e rateng - SECCOMP_RET_ALLOW:
ld [0]
jneq #X, ignore
trace: ret #0x7ff00000
ignore: ret #0x7fff0000Le ntlheng ena strace qalong qala tshebetso e le PTRACE_CONT, filthara ea rona e sebetsoa bakeng sa mohala o mong le o mong oa sistimi, haeba mohala oa sistimi e se ona X, joale ts'ebetso e ntse e tsoela pele ho sebetsa, empa haeba sena X, ebe seccomp e tla fetisetsa taolo stracee tla sheba likhang le ho qala ts'ebetso joalo ka PTRACE_SYSCALL (kaha seccomp ha e na bokhoni ba ho tsamaisa lenaneo ha o tsoa mohala oa sistimi). Ha mohala oa sistimi o khutla, strace e tla qala ts'ebetso hape e sebelisa PTRACE_CONT 'me e tla emela melaetsa e mecha e tsoang ho seccomp.
Ha u sebelisa khetho --seccomp-bpf ho na le lithibelo tse peli. Taba ea pele, ho ke ke ha khoneha ho kenella ts'ebetsong e seng e ntse e le teng (khetho -p mananeo a strace), kaha sena ha se tšehetsoe ke seccomp. Ea bobeli, ha ho na monyetla ha sheba lits'ebetso tsa bana, kaha li-filters tsa seccomp li futsitsoe ke lits'ebetso tsohle tsa bana ntle le bokhoni ba ho tima sena.
Lintlha tse eketsehileng mabapi le hore na hantle strace e sebetsa le seccomp e ka fumanoa ho . Ho rona, 'nete e khahlisang haholo ke hore BPF ea khale e emeloang ke seccomp e ntse e sebelisoa le kajeno.
xt_bpf
Ha re khutleleng lefats'eng la marang-rang.
Background: Khale khale, ka 2007, mantlha e ne e le mojule xt_u32 bakeng sa netfilter. E ngotsoe ka papiso le setsebi sa sephethephethe sa khale le ho feta cls_u32 'me e u lumelletse ho ngola melao e sa lumellaneng ea binary bakeng sa li-iptables u sebelisa ts'ebetso e bonolo e latelang: laela li-bits tse 32 ho tloha sephutheloana ebe u etsa sete sa ts'ebetso ea lipalo ho tsona. Ka mohlala,
sudo iptables -A INPUT -m u32 --u32 "6&0xFF=1" -j LOG --log-prefix "seen-by-xt_u32"E kenya li-bits tse 32 tsa hlooho ea IP, ho qala ho padding 6, 'me e li sebelisa mask. 0xFF (nka li-byte tse tlase). Sebaka sena protocol Sehlooho sa IP mme re se bapisa le 1 (ICMP). O ka kopanya licheke tse ngata molaong o le mong, hape o ka etsa opareitara @ - tsamaisa X li-byte ka ho le letona. Ka mohlala, molao
iptables -m u32 --u32 "6&0xFF=0x6 && 0>>22&0x3C@4=0x29"e hlahloba hore na TCP Sequence Number ha e lekane 0x29. Nke ke ka kena lintlheng tse eketsehileng, kaha ho se ho hlakile hore ho ngola melao e joalo ka letsoho ha ho bonolo haholo. Sehloohong , ho na le likhokahano tse 'maloa tse nang le mehlala ea ts'ebeliso le tlhahiso ea melao bakeng sa xt_u32. Sheba hape lihokelo qetellong ea sengoloa sena.
Ho tloha ka 2013 ho fapana le mojule xt_u32 o ka sebelisa mojule oa BPF xt_bpf. Mang kapa mang ea balang ho fihlela joale o lokela ho hlaka ka molao-motheo oa ts'ebetso ea oona: tsamaisa BPF bytecode e le melao ea iptables. O ka theha molao o mocha, mohlala, o kang ona:
iptables -A INPUT -m bpf --bytecode <байткод> -j LOGmona <байткод> - ena ke khoutu ka sebopeho sa tlhahiso ea assembler bpf_asm ka ho sa feleng, mohlala,
$ cat /tmp/test.bpf
ldb [9]
jneq #17, ignore
ret #1
ignore: ret #0
$ bpf_asm /tmp/test.bpf
4,48 0 0 9,21 0 1 17,6 0 0 1,6 0 0 0,
# iptables -A INPUT -m bpf --bytecode "$(bpf_asm /tmp/test.bpf)" -j LOGMohlaleng ona re sefa lipakete tsohle tsa UDP. Boemo ba lenaneo la BPF mojuleng xt_bpf, ha e le hantle, e supa data ea pakete, tabeng ea iptables, ho ea qalong ea sehlooho sa IPv4. Khutlisetsa boleng ho tsoa lenaneong la BPF kae false ho bolela hore sephutheloana ha se lumellane.
Ho hlakile hore module xt_bpf e ts'ehetsa lihloela tse rarahaneng ho feta mohlala o ka holimo. Ha re shebeng mehlala ea sebele ho tloha Cloudfare. Ho fihlela morao tjena ba ne ba sebelisa mojule xt_bpf ho sireletsa khahlanong le litlhaselo tsa DDoS. Sehloohong ba hlalosa hore na (le hobaneng) ba hlahisa li-filters tsa BPF le ho phatlalatsa likhokahano ho sehlopha sa lisebelisoa bakeng sa ho theha li-filters tse joalo. Ka mohlala, ho sebelisa lisebelisoa bpfgen o ka etsa lenaneo la BPF le lumellanang le potso ea DNS bakeng sa lebitso habr.com:
$ ./bpfgen --assembly dns -- habr.com
ldx 4*([0]&0xf)
ld #20
add x
tax
lb_0:
ld [x + 0]
jneq #0x04686162, lb_1
ld [x + 4]
jneq #0x7203636f, lb_1
ldh [x + 8]
jneq #0x6d00, lb_1
ret #65535
lb_1:
ret #0Lenaneong re qala ho kenya ka har'a ngoliso X qalo ea aterese ea mohala x04habrx03comx00 ka har'a datagram ea UDP ebe u sheba kopo: 0x04686162 <-> "x04hab" joalo-joalo.
Nakoana hamorao, Cloudfare e phatlalalitse p0f -> BPF compiler code. Sehloohong ba bua ka hore na p0f ke eng le mokhoa oa ho fetolela li-signature tsa p0f ho BPF:
$ ./bpfgen p0f -- 4:64:0:0:*,0::ack+:0
39,0 0 0 0,48 0 0 8,37 35 0 64,37 0 34 29,48 0 0 0,
84 0 0 15,21 0 31 5,48 0 0 9,21 0 29 6,40 0 0 6,
...Hajoale ha e sa sebelisa Cloudfare xt_bpf, kaha ba falletse ho XDP - e 'ngoe ea likhetho tsa ho sebelisa mofuta o mocha oa BPF, bona. .
cls_bpf
Mohlala oa ho qetela oa ho sebelisa BPF ea khale ka har'a kernel ke classifier cls_bpf bakeng sa tsamaiso ea tsamaiso ea sephethephethe Linux, e kenyelelitsoe ho Linux qetellong ea 2013 'me ka maikutlo a nkela sebaka sa khale. cls_u32.
Leha ho le joalo, re ke ke ra hlalosa mosebetsi hona joale cls_bpf, kaha ho latela pono ea tsebo ka BPF ea khale sena se ke ke sa re fa letho - re se re ntse re tloaelane le ts'ebetso eohle. Ntle le moo, lingoloeng tse latelang tse buang ka BPF e Atolositsoeng, re tla kopana le sehlopha sena ho feta hang.
Lebaka le leng la ho se bue ka ho sebelisa BPF ea khale c cls_bpf Bothata ke hore, ha ho bapisoa le BPF e Atolositsoeng, boholo ba ts'ebetso tabeng ena bo fokotsehile haholo: mananeo a khale a ke ke a fetola litaba tsa liphutheloana 'me a ke ke a boloka boemo pakeng tsa mehala.
Kahoo ke nako ea ho lumelisa BPF ea khale le ho sheba bokamoso.
Sala hantle ho BPF ea khale
Re ile ra sheba kamoo theknoloji ea BPF, e ntlafalitsoeng mathoasong a lilemo tse robong, e ileng ea atleha ho phela kotara ea lekholo la lilemo ho fihlela qetellong e fumana mekhoa e mecha. Leha ho le joalo, ho ts'oana le phetoho ho tloha ho mechini ea li-stack ho ea ho RISC, e ileng ea sebetsa e le ts'usumetso ea nts'etsopele ea BPF ea khale, lilemong tsa bo-32 ho bile le phetoho ho tloha ho mechini ea 64-bit ho isa ho XNUMX-bit mme BPF ea khale e ile ea qala ho felloa ke nako. Ntle le moo, bokhoni ba BPF ea khale bo fokotsehile haholo, 'me ntle le meaho ea khale - ha re na bokhoni ba ho boloka mmuso lipakeng tsa mehala ho mananeo a BPF, ha ho na monyetla oa tšebelisano e tobileng ea basebelisi, ha ho na monyetla oa ho sebelisana. ka kernel, ntle le ho bala palo e lekantsoeng ea masimo a sebopeho sk_buff le ho qala lits'ebetso tse bonolo tsa mothusi, o ka se fetole litaba tsa lipakete ebe oa li tsamaisa hape.
Ha e le hantle, hona joale sohle se setseng sa BPF ea khale ho Linux ke sebopeho sa API, 'me ka hare ho kernel mananeo ohle a khale, e ka ba li-filters tsa socket kapa seccomp filters, a fetoleloa ka mokhoa o mocha ka mokhoa o mocha, BPF e Atolositsoeng. (Re tla bua ka hore na sena se etsahala joang sehloohong se latelang.)
Phetoho ea ho ea mohahong o mocha e qalile ka 2013, ha Alexey Starovoitov a etsa tlhahiso ea morero oa ntlafatso ea BPF. Ka 2014 li-patches tse tšoanang bohareng. Ho ea kamoo ke utloisisang, moralo oa mantlha e ne e le feela ho ntlafatsa meralo le motlalehi oa JIT hore o sebetse hantle ho mechini ea 64-bit, empa ho fapana le hoo, lintlafatso tsena li tšoaile qalo ea khaolo e ncha ho nts'etsopele ea Linux.
Lingoliloeng tse ling letotong lena li tla bua ka meralo le ts'ebeliso ea theknoloji e ncha, eo pele e neng e tsejoa e le BPF e ka hare, ebe e atolosoa BPF, 'me joale ke BPF feela.
litšupiso
- Steven McCanne le Van Jacobson, "Setlhopha sa Pakete sa BSD: Moralo o Mocha oa Capture ea boemo ba basebelisi",
https://www.tcpdump.org/papers/bpf-usenix93.pdf - Steven McCanne, "libpcap: Mokhoa oa Meralo le Ntlafatso ea ho Tšoara Pakete",
https://sharkfestus.wireshark.org/sharkfest.11/presentations/McCanne-Sharkfest'11_Keynote_Address.pdf tcpdump,libpcap:- .
- BPF - bytecode e lebetsoeng:
https://blog.cloudflare.com/bpf-the-forgotten-bytecode/ - Ho hlahisa Sesebelisoa sa BPF:
https://blog.cloudflare.com/introducing-the-bpf-tools/ bpf_cls:http://man7.org/linux/man-pages/man8/tc-bpf.8.html- Kakaretso e akaretsang:
https://lwn.net/Articles/656307/ https://github.com/torvalds/linux/blob/master/Documentation/userspace-api/seccomp_filter.rst- Paul Chaignon, "strace --seccomp-bpf: sheba tlas'a hood",
https://fosdem.org/2020/schedule/event/debugging_strace_bpf/ netsniff-ng:http://netsniff-ng.org/
Source: www.habr.com