Microsoft e phatlalalitse ts'ebetsong ea eBPF subsystem bakeng sa Windows, e u lumellang hore u qale li- handlers tse sebetsang maemong a kernel a sistimi e sebetsang. eBPF e fana ka mofetoleli oa bytecode e hahiloeng ka har'a kernel, e leng se etsang hore ho khonehe ho theha li-workers tsa marang-rang tse laoloang ho tloha sebakeng sa basebelisi, ho laola phihlello le ho shebella ts'ebetso ea litsamaiso. eBPF e kenyelelitsoe ho Linux kernel ho tloha ha e lokolloa 3.18 mme e u lumella ho sebetsana le lipakete tsa marang-rang tse kenang / tse tsoang, ho fetisa liphutheloana, tsamaiso ea li-bandwidth, ho thibela mehala ea tsamaiso, taolo ea phihlello le ho lata. Ka lebaka la ts'ebeliso ea JIT compilation, bytecode e fetoleloa hang-hang ka litaelo tsa mochini mme e etsoa ka ts'ebetso ea khoutu e hlophisitsoeng. eBPF ea Windows ke mohloli o bulehileng tlas'a laesense ea MIT.
eBPF bakeng sa Windows e ka sebelisoa le lisebelisoa tsa eBPF tse seng li ntse li le teng mme e fana ka API e akaretsang e sebelisetsoang lits'ebetso tsa eBPF ho Linux. Har'a lintho tse ling, morero ona o u lumella ho bokella khoutu e ngotsoeng ka C ho eBPF bytecode u sebelisa mochine o tloaelehileng oa Clang-based eBPF le ho tsamaisa li-eBPF handlers tse seng li bōpiloe bakeng sa Linux holim'a Windows kernel, ho fana ka lesela le khethehileng la ho lumellana le ho tšehetsa Libbpf e tloaelehileng. API bakeng sa ho lumellana le lits'ebetso tse sebelisanang le mananeo a eBPF. Sena se kenyelletsa likarolo tse fanang ka li-hook tse kang Linux bakeng sa XDP (eXpress Data Path) le li-socket bind, tse fokotsang phihlello ea marang-rang a marang-rang le bakhanni ba marang-rang a Windows. Merero e kenyelletsa ho fana ka tumellano e felletseng ea khoutu ea mohloli le li-processor tse tloaelehileng tsa Linux eBPF.
Phapang ea bohlokoa lipakeng tsa ts'ebetsong ea eBPF bakeng sa Windows ke ts'ebeliso ea mofuta o mong oa netefatso ea bytecode, eo qalong e neng e khothalelitsoe ke basebetsi ba VMware le bafuputsi ba tsoang liunivesithing tsa Canada le Isiraele. Netefatso e sebetsa ka mokhoa o ikhethileng sebakeng sa basebelisi 'me e sebelisoa pele e etsa mananeo a BPF ho tseba liphoso le ho thibela ts'ebetso e mpe e ka bang teng.
Bakeng sa netefatso, eBPF bakeng sa Windows e sebelisa mokhoa oa tlhahlobo o tsitsitseng o thehiloeng ho Abstract Interpretation, eo, ha e bapisoa le eBPF verifier bakeng sa Linux, e bonts'ang sekhahla se tlase se fosahetseng, se ts'ehetsa tlhahlobo ea loop, mme se fana ka scalability e ntle. Mokhoa ona o nahanela mekhoa e mengata e tloaelehileng ea ts'ebetso e fumanoeng tlhahlobong ea mananeo a teng a eBPF.
Ka mor'a ho netefatsoa, bytecode e fetisetsoa ho mofetoleli ea mathang boemong ba kernel, kapa e fetisetsoa ho JIT compiler, e lateloa ke ho phethahatsa khoutu ea mochine e nang le litokelo tsa kernel. Ho arola batho ba sebetsanang le eBPF boemong ba kernel, ho sebelisoa mochine oa HVCI (HyperVisor-enforced Code Integrity), o sebelisang lisebelisoa tsa virtualization ho sireletsa mekhoa ea kernel le ho fana ka tiiso ea botšepehi ba khoutu ea ts'ebetso ho sebelisa signature ea digital. Meeli ea HVCI ke hore e ka netefatsa mananeo a eBPF a tolokiloeng mme e ke ke ea sebelisoa hammoho le JIT (o na le khetho ea ts'ebetso kapa ts'ireletso e eketsehileng).
Source: opennet.ru