admin/TripleCross
1
0
Fork 0
mirror of https://github.com/h3xduck/TripleCross.git synced 2025-12-17 15:43:08 +08:00
Code Issues Packages Projects Releases Wiki Activity

Continued with classic bpf explanations

Browse Source
This commit is contained in:
h3xduck
2022-05-22 19:57:47 -04:00
parent cdaed83d1a
commit 23d6bbd3ed
13 changed files with 212 additions and 65 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
docs/bibliography/bibliography.bib
View File

@@ -80,16 +80,37 @@
institution={Lawrence Berkeley Laboratory},
date={1992-12-19},
url={https://www.tcpdump.org/papers/bpf-usenix93.pdf}
}
},
@misc{bpf_bsd_origin_bpf_scheme,
@article{bpf_bsd_origin_bpf_page1,
title={The BSD Packet Filter: A New Architecture for User-level Packet Capture},
author={Steven McCanne, Van Jacobson},
institution={Lawrence Berkeley Laboratory},
date={1992-12-19},
url={https://www.tcpdump.org/papers/bpf-usenix93.pdf},
pages={2}
pages={1}
},
@online{ebpf_history_opensource,
title={An intro to using eBPF to filter packets in the Linux kernel},
date={2017-08-11},
url={https://opensource.com/article/17/9/intro-ebpf}
},
@manual{ebpf_io,
title={eBPF Documentation},
url={https://ebpf.io/what-is-ebpf/}
},
@manual{index_register,
title={Index register},
url={https://gunkies.org/wiki/Index_register}
}

2
docs/bibliography/texput.log
View File

@@ -1,4 +1,4 @@
This is pdfTeX, Version 3.14159265-2.6-1.40.21 (TeX Live 2020/Debian) (preloaded format=pdflatex 2022.4.27) 21 MAY 2022 16:29
This is pdfTeX, Version 3.14159265-2.6-1.40.21 (TeX Live 2020/Debian) (preloaded format=pdflatex 2022.4.27) 22 MAY 2022 17:16
entering extended mode
restricted \write18 enabled.
%&-line parsing enabled.

14
docs/document.aux
View File

@@ -52,6 +52,8 @@
\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {subsection}{\numberline {1.3.1}Social and economic environment}{4}{subsection.1.3.1}\protected@file@percent }
\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {subsection}{\numberline {1.3.2}Budget}{4}{subsection.1.3.2}\protected@file@percent }
\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {section}{\numberline {1.4}Structure of the document}{4}{section.1.4}\protected@file@percent }
\abx@aux@cite{ebpf_io}
\abx@aux@segm{0}{0}{ebpf_io}
\abx@aux@cite{bpf_bsd_origin}
\abx@aux@segm{0}{0}{bpf_bsd_origin}
\abx@aux@cite{ebpf_history_opensource}
@@ -60,9 +62,14 @@
\@writefile{lof}{\defcounter {refsection}{0}\relax }\@writefile{lof}{\addvspace {10\p@ }}
\@writefile{lot}{\defcounter {refsection}{0}\relax }\@writefile{lot}{\addvspace {10\p@ }}
\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {section}{\numberline {2.1}Introduction to eBPF}{5}{section.2.1}\protected@file@percent }
\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {subsection}{\numberline {2.1.1}eBPF history}{5}{subsection.2.1.1}\protected@file@percent }
\@writefile{lof}{\defcounter {refsection}{0}\relax }\@writefile{lof}{\contentsline {figure}{\numberline {2.1}{\ignorespaces Sketch of the functionality of classic BPF\relax }}{5}{figure.caption.7}\protected@file@percent }
\providecommand*\caption@xref[2]{\@setref\relax\@undefined{#1}}
\newlabel{fig:classif_bpf}{{2.1}{5}{Sketch of the functionality of classic BPF\relax }{figure.caption.7}{}}
\abx@aux@cite{bpf_bsd_origin_bpf_page1}
\abx@aux@segm{0}{0}{bpf_bsd_origin_bpf_page1}
\abx@aux@cite{index_register}
\abx@aux@segm{0}{0}{index_register}
\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {chapter}{\numberline {3}Methods??}{7}{chapter.3}\protected@file@percent }
\@writefile{lof}{\defcounter {refsection}{0}\relax }\@writefile{lof}{\addvspace {10\p@ }}
\@writefile{lot}{\defcounter {refsection}{0}\relax }\@writefile{lot}{\addvspace {10\p@ }}
@@ -73,7 +80,7 @@
\@writefile{lof}{\defcounter {refsection}{0}\relax }\@writefile{lof}{\addvspace {10\p@ }}
\@writefile{lot}{\defcounter {refsection}{0}\relax }\@writefile{lot}{\addvspace {10\p@ }}
\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {chapter}{Bibliography}{10}{chapter.5}\protected@file@percent }
\abx@aux@read@bbl@mdfivesum{A3394ACFF19F9604812726160FADD43B}
\abx@aux@read@bbl@mdfivesum{A38CCF92715F96EEC0C0F545CC410B50}
\abx@aux@refcontextdefaultsdone
\abx@aux@defaultrefcontext{0}{ransomware_pwc}{none/global//global/global}
\abx@aux@defaultrefcontext{0}{rootkit_ptsecurity}{none/global//global/global}
@@ -85,7 +92,10 @@
\abx@aux@defaultrefcontext{0}{evil_ebpf}{none/global//global/global}
\abx@aux@defaultrefcontext{0}{bad_ebpf}{none/global//global/global}
\abx@aux@defaultrefcontext{0}{ebpf_friends}{none/global//global/global}
\abx@aux@defaultrefcontext{0}{ebpf_io}{none/global//global/global}
\abx@aux@defaultrefcontext{0}{bpf_bsd_origin}{none/global//global/global}
\abx@aux@defaultrefcontext{0}{ebpf_history_opensource}{none/global//global/global}
\abx@aux@defaultrefcontext{0}{bpf_bsd_origin_bpf_page1}{none/global//global/global}
\abx@aux@defaultrefcontext{0}{index_register}{none/global//global/global}
\ttl@finishall
\gdef \@abspage@last{26}
\gdef \@abspage@last{27}

77
docs/document.bbl
View File

@@ -222,6 +222,18 @@
\verb https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20presentations/Guillaume%20Fournier%20Sylvain%20Afchain%20Sylvain%20Baubeau%20-%20eBPF%2C%20I%20thought%20we%20were%20friends.pdf
\endverb
\endentry
\entry{ebpf_io}{manual}{}
\field{sortinit}{1}
\field{sortinithash}{50c6687d7fc80f50136d75228e3c59ba}
\field{labeltitlesource}{title}
\field{title}{eBPF Documentation}
\verb{urlraw}
\verb https://ebpf.io/what-is-ebpf/
\endverb
\verb{url}
\verb https://ebpf.io/what-is-ebpf/
\endverb
\endentry
\entry{bpf_bsd_origin}{article}{}
\name{author}{1}{}{%
{{hash=b74c2671072cf5a1a1400dc035240dfd}{%
@@ -239,6 +251,7 @@
\strng{authorbibnamehash}{b74c2671072cf5a1a1400dc035240dfd}
\strng{authornamehash}{b74c2671072cf5a1a1400dc035240dfd}
\strng{authorfullhash}{b74c2671072cf5a1a1400dc035240dfd}
\field{extraname}{1}
\field{sortinit}{1}
\field{sortinithash}{50c6687d7fc80f50136d75228e3c59ba}
\field{labelnamesource}{author}
@@ -255,6 +268,70 @@
\verb https://www.tcpdump.org/papers/bpf-usenix93.pdf
\endverb
\endentry
\entry{ebpf_history_opensource}{online}{}
\field{sortinit}{1}
\field{sortinithash}{50c6687d7fc80f50136d75228e3c59ba}
\field{labeltitlesource}{title}
\field{day}{11}
\field{month}{8}
\field{title}{An intro to using eBPF to filter packets in the Linux kernel}
\field{year}{2017}
\field{dateera}{ce}
\verb{urlraw}
\verb https://opensource.com/article/17/9/intro-ebpf
\endverb
\verb{url}
\verb https://opensource.com/article/17/9/intro-ebpf
\endverb
\endentry
\entry{bpf_bsd_origin_bpf_page1}{article}{}
\name{author}{1}{}{%
{{hash=b74c2671072cf5a1a1400dc035240dfd}{%
family={Steven\bibnamedelima McCanne},
familyi={S\bibinitperiod\bibinitdelim M\bibinitperiod},
given={Van\bibnamedelima Jacobson},
giveni={V\bibinitperiod\bibinitdelim J\bibinitperiod}}}%
}
\list{institution}{1}{%
{Lawrence Berkeley Laboratory}%
}
\strng{namehash}{b74c2671072cf5a1a1400dc035240dfd}
\strng{fullhash}{b74c2671072cf5a1a1400dc035240dfd}
\strng{bibnamehash}{b74c2671072cf5a1a1400dc035240dfd}
\strng{authorbibnamehash}{b74c2671072cf5a1a1400dc035240dfd}
\strng{authornamehash}{b74c2671072cf5a1a1400dc035240dfd}
\strng{authorfullhash}{b74c2671072cf5a1a1400dc035240dfd}
\field{extraname}{2}
\field{sortinit}{1}
\field{sortinithash}{50c6687d7fc80f50136d75228e3c59ba}
\field{labelnamesource}{author}
\field{labeltitlesource}{title}
\field{day}{19}
\field{month}{12}
\field{title}{The BSD Packet Filter: A New Architecture for User-level Packet Capture}
\field{year}{1992}
\field{dateera}{ce}
\field{pages}{1}
\range{pages}{1}
\verb{urlraw}
\verb https://www.tcpdump.org/papers/bpf-usenix93.pdf
\endverb
\verb{url}
\verb https://www.tcpdump.org/papers/bpf-usenix93.pdf
\endverb
\endentry
\entry{index_register}{manual}{}
\field{sortinit}{1}
\field{sortinithash}{50c6687d7fc80f50136d75228e3c59ba}
\field{labeltitlesource}{title}
\field{title}{Index register}
\verb{urlraw}
\verb https://gunkies.org/wiki/Index_register
\endverb
\verb{url}
\verb https://gunkies.org/wiki/Index_register
\endverb
\endentry
\enddatalist
\endrefsection
\endinput

6
docs/document.bcf
View File

@@ -2358,7 +2358,11 @@
<bcf:citekey order="8">evil_ebpf</bcf:citekey>
<bcf:citekey order="9">bad_ebpf</bcf:citekey>
<bcf:citekey order="10">ebpf_friends</bcf:citekey>
<bcf:citekey order="11">bpf_bsd_origin</bcf:citekey>
<bcf:citekey order="11">ebpf_io</bcf:citekey>
<bcf:citekey order="12">bpf_bsd_origin</bcf:citekey>
<bcf:citekey order="13">ebpf_history_opensource</bcf:citekey>
<bcf:citekey order="14">bpf_bsd_origin_bpf_page1</bcf:citekey>
<bcf:citekey order="15">index_register</bcf:citekey>
</bcf:section>
<!-- SORTING TEMPLATES -->
<bcf:sortingtemplate name="none">

56
docs/document.blg
View File

@@ -1,27 +1,31 @@
[0] Config.pm:311> INFO - This is Biber 2.16
[0] Config.pm:314> INFO - Logfile is 'document.blg'
[60] biber:340> INFO - === Sun May 22, 2022, 07:41:59
[75] Biber.pm:415> INFO - Reading 'document.bcf'
[143] Biber.pm:952> INFO - Found 11 citekeys in bib section 0
[158] Biber.pm:4340> INFO - Processing section 0
[167] Biber.pm:4531> INFO - Looking for bibtex format file 'bibliography/bibliography.bib' for section 0
[169] bibtex.pm:1689> INFO - LaTeX decoding ...
[175] bibtex.pm:1494> INFO - Found BibTeX data source 'bibliography/bibliography.bib'
[220] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_tTa9/f4d088b3f9f145b5c3058da33afd57d4_103065.utf8, line 9, warning: 1 characters of junk seen at toplevel
[220] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_tTa9/f4d088b3f9f145b5c3058da33afd57d4_103065.utf8, line 15, warning: 1 characters of junk seen at toplevel
[220] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_tTa9/f4d088b3f9f145b5c3058da33afd57d4_103065.utf8, line 22, warning: 1 characters of junk seen at toplevel
[220] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_tTa9/f4d088b3f9f145b5c3058da33afd57d4_103065.utf8, line 28, warning: 1 characters of junk seen at toplevel
[221] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_tTa9/f4d088b3f9f145b5c3058da33afd57d4_103065.utf8, line 35, warning: 1 characters of junk seen at toplevel
[221] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_tTa9/f4d088b3f9f145b5c3058da33afd57d4_103065.utf8, line 42, warning: 1 characters of junk seen at toplevel
[221] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_tTa9/f4d088b3f9f145b5c3058da33afd57d4_103065.utf8, line 50, warning: 1 characters of junk seen at toplevel
[221] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_tTa9/f4d088b3f9f145b5c3058da33afd57d4_103065.utf8, line 58, warning: 1 characters of junk seen at toplevel
[221] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_tTa9/f4d088b3f9f145b5c3058da33afd57d4_103065.utf8, line 65, warning: 1 characters of junk seen at toplevel
[221] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_tTa9/f4d088b3f9f145b5c3058da33afd57d4_103065.utf8, line 70, warning: 1 characters of junk seen at toplevel
[221] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_tTa9/f4d088b3f9f145b5c3058da33afd57d4_103065.utf8, line 77, warning: 1 characters of junk seen at toplevel
[234] UCollate.pm:68> INFO - Overriding locale 'en-US' defaults 'variable = shifted' with 'variable = non-ignorable'
[234] UCollate.pm:68> INFO - Overriding locale 'en-US' defaults 'normalization = NFD' with 'normalization = prenormalized'
[234] Biber.pm:4168> INFO - Sorting list 'none/global//global/global' of type 'entry' with template 'none' and locale 'en-US'
[234] Biber.pm:4174> INFO - No sort tailoring available for locale 'en-US'
[244] bbl.pm:654> INFO - Writing 'document.bbl' with encoding 'UTF-8'
[247] bbl.pm:757> INFO - Output to document.bbl
[247] Biber.pm:128> INFO - WARNINGS: 11
[1] Config.pm:314> INFO - Logfile is 'document.blg'
[161] biber:340> INFO - === Sun May 22, 2022, 19:16:55
[193] Biber.pm:415> INFO - Reading 'document.bcf'
[366] Biber.pm:952> INFO - Found 15 citekeys in bib section 0
[401] Biber.pm:4340> INFO - Processing section 0
[425] Biber.pm:4531> INFO - Looking for bibtex format file 'bibliography/bibliography.bib' for section 0
[428] bibtex.pm:1689> INFO - LaTeX decoding ...
[446] bibtex.pm:1494> INFO - Found BibTeX data source 'bibliography/bibliography.bib'
[567] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_3ewM/f4d088b3f9f145b5c3058da33afd57d4_107890.utf8, line 9, warning: 1 characters of junk seen at toplevel
[567] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_3ewM/f4d088b3f9f145b5c3058da33afd57d4_107890.utf8, line 15, warning: 1 characters of junk seen at toplevel
[567] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_3ewM/f4d088b3f9f145b5c3058da33afd57d4_107890.utf8, line 22, warning: 1 characters of junk seen at toplevel
[568] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_3ewM/f4d088b3f9f145b5c3058da33afd57d4_107890.utf8, line 28, warning: 1 characters of junk seen at toplevel
[568] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_3ewM/f4d088b3f9f145b5c3058da33afd57d4_107890.utf8, line 35, warning: 1 characters of junk seen at toplevel
[568] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_3ewM/f4d088b3f9f145b5c3058da33afd57d4_107890.utf8, line 42, warning: 1 characters of junk seen at toplevel
[568] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_3ewM/f4d088b3f9f145b5c3058da33afd57d4_107890.utf8, line 50, warning: 1 characters of junk seen at toplevel
[568] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_3ewM/f4d088b3f9f145b5c3058da33afd57d4_107890.utf8, line 58, warning: 1 characters of junk seen at toplevel
[568] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_3ewM/f4d088b3f9f145b5c3058da33afd57d4_107890.utf8, line 65, warning: 1 characters of junk seen at toplevel
[568] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_3ewM/f4d088b3f9f145b5c3058da33afd57d4_107890.utf8, line 70, warning: 1 characters of junk seen at toplevel
[568] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_3ewM/f4d088b3f9f145b5c3058da33afd57d4_107890.utf8, line 77, warning: 1 characters of junk seen at toplevel
[568] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_3ewM/f4d088b3f9f145b5c3058da33afd57d4_107890.utf8, line 85, warning: 1 characters of junk seen at toplevel
[569] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_3ewM/f4d088b3f9f145b5c3058da33afd57d4_107890.utf8, line 94, warning: 1 characters of junk seen at toplevel
[569] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_3ewM/f4d088b3f9f145b5c3058da33afd57d4_107890.utf8, line 100, warning: 1 characters of junk seen at toplevel
[569] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_3ewM/f4d088b3f9f145b5c3058da33afd57d4_107890.utf8, line 105, warning: 1 characters of junk seen at toplevel
[603] UCollate.pm:68> INFO - Overriding locale 'en-US' defaults 'normalization = NFD' with 'normalization = prenormalized'
[604] UCollate.pm:68> INFO - Overriding locale 'en-US' defaults 'variable = shifted' with 'variable = non-ignorable'
[604] Biber.pm:4168> INFO - Sorting list 'none/global//global/global' of type 'entry' with template 'none' and locale 'en-US'
[604] Biber.pm:4174> INFO - No sort tailoring available for locale 'en-US'
[629] bbl.pm:654> INFO - Writing 'document.bbl' with encoding 'UTF-8'
[639] bbl.pm:757> INFO - Output to document.bbl
[640] Biber.pm:128> INFO - WARNINGS: 15

43
docs/document.log
View File

@@ -1,4 +1,4 @@
This is pdfTeX, Version 3.14159265-2.6-1.40.21 (TeX Live 2020/Debian) (preloaded format=pdflatex 2022.4.27) 22 MAY 2022 09:54
This is pdfTeX, Version 3.14159265-2.6-1.40.21 (TeX Live 2020/Debian) (preloaded format=pdflatex 2022.4.27) 22 MAY 2022 19:56
entering extended mode
restricted \write18 enabled.
%&-line parsing enabled.
@@ -1089,7 +1089,7 @@ File: t1txss.fd 2000/12/15 v3.1
)
LaTeX Font Info: Font shape `T1/txss/m/n' will be
(Font) scaled to size 11.39996pt on input line 186.
<images//Portada_Logo.png, id=57, 456.2865pt x 45.99pt>
<images//Portada_Logo.png, id=61, 456.2865pt x 45.99pt>
File: images//Portada_Logo.png Graphic file (type png)
<use images//Portada_Logo.png>
Package pdftex.def Info: images//Portada_Logo.png used on input line 190.
@@ -1102,7 +1102,7 @@ LaTeX Font Info: Font shape `T1/txss/m/n' will be
(Font) scaled to size 23.63593pt on input line 201.
LaTeX Font Info: Font shape `T1/txss/m/n' will be
(Font) scaled to size 19.70294pt on input line 205.
<images/creativecommons.png, id=59, 338.76563pt x 118.19156pt>
<images/creativecommons.png, id=63, 338.76563pt x 118.19156pt>
File: images/creativecommons.png Graphic file (type png)
<use images/creativecommons.png>
Package pdftex.def Info: images/creativecommons.png used on input line 215.
@@ -1210,10 +1210,10 @@ Overfull \hbox (0.50073pt too wide) in paragraph at lines 355--356
[3] [4]
Chapter 2.
<images//classic_bpf.jpg, id=196, 588.1975pt x 432.61626pt>
<images//classic_bpf.jpg, id=203, 588.1975pt x 432.61626pt>
File: images//classic_bpf.jpg Graphic file (type jpg)
<use images//classic_bpf.jpg>
Package pdftex.def Info: images//classic_bpf.jpg used on input line 413.
Package pdftex.def Info: images//classic_bpf.jpg used on input line 415.
(pdftex.def) Requested size: 341.43306pt x 251.12224pt.
[5
@@ -1231,11 +1231,11 @@ Chapter 5.
]
LaTeX Font Info: Trying to load font information for T1+txtt on input line 4
48.
75.
(/usr/share/texlive/texmf-dist/tex/latex/txfonts/t1txtt.fd
File: t1txtt.fd 2000/12/15 v3.1
)
Overfull \hbox (5.34976pt too wide) in paragraph at lines 449--449
Overfull \hbox (5.34976pt too wide) in paragraph at lines 476--476
\T1/txtt/m/n/12 threat -[] intelligence / cyber -[] year -[] in -[] retrospect
/ yir -[] cyber -[] threats -[]
[]
@@ -1243,7 +1243,7 @@ Overfull \hbox (5.34976pt too wide) in paragraph at lines 449--449
[10
] [1
] [11] [1
]
@@ -1258,24 +1258,24 @@ pdfTeX warning (ext4): destination with the same identifier (name{page.}) has b
een already used, duplicate ignored
<to be read again>
\relax
l.465 \end{document}
l.492 \end{document}
[2
] (./document.aux)
Package rerunfilecheck Info: File `document.out' has not changed.
(rerunfilecheck) Checksum: AA28FA8D72587FC8F4EDD5E616FC72E7;810.
(rerunfilecheck) Checksum: 71D9F5FA3399DF2DE8ECBC4935021C38;879.
Package logreq Info: Writing requests to 'document.run.xml'.
\openout1 = `document.run.xml'.
)
Here is how much of TeX's memory you used:
27199 strings out of 481209
431366 string characters out of 5914747
1168340 words of memory out of 5000000
43673 multiletter control sequences out of 15000+600000
447071 words of font info for 92 fonts, out of 8000000 for 9000
27216 strings out of 481209
431808 string characters out of 5914747
1168551 words of memory out of 5000000
43682 multiletter control sequences out of 15000+600000
450160 words of font info for 95 fonts, out of 8000000 for 9000
36 hyphenation exceptions out of 8191
88i,11n,90p,1029b,2369s stack positions out of 5000i,500n,10000p,200000b,80000s
88i,11n,90p,1029b,3095s stack positions out of 5000i,500n,10000p,200000b,80000s
{/usr/share/texlive/texmf-dist/fonts/enc/dvips/base/8r.enc}</usr/share/texliv
e/texmf-dist/fonts/type1/public/txfonts/rtcxr.pfb></usr/share/texlive/texmf-dis
t/fonts/type1/public/txfonts/rtxr.pfb></usr/share/texlive/texmf-dist/fonts/type
@@ -1283,10 +1283,11 @@ t/fonts/type1/public/txfonts/rtxr.pfb></usr/share/texlive/texmf-dist/fonts/type
tic/uhvb8a.pfb></usr/share/texlive/texmf-dist/fonts/type1/urw/helvetic/uhvr8a.p
fb></usr/share/texlive/texmf-dist/fonts/type1/urw/helvetic/uhvr8a.pfb></usr/sha
re/texlive/texmf-dist/fonts/type1/urw/times/utmb8a.pfb></usr/share/texlive/texm
f-dist/fonts/type1/urw/times/utmr8a.pfb>
Output written on document.pdf (26 pages, 201266 bytes).
f-dist/fonts/type1/urw/times/utmr8a.pfb></usr/share/texlive/texmf-dist/fonts/ty
pe1/urw/times/utmri8a.pfb>
Output written on document.pdf (27 pages, 217947 bytes).
PDF statistics:
313 PDF objects out of 1000 (max. 8388607)
56 named destinations out of 1000 (max. 500000)
132 words of extra memory for PDF output out of 10000 (max. 10000000)
340 PDF objects out of 1000 (max. 8388607)
61 named destinations out of 1000 (max. 500000)
140 words of extra memory for PDF output out of 10000 (max. 10000000)

9
docs/document.out
View File

@@ -7,7 +7,8 @@
\BOOKMARK [1][-]{section.1.4}{Structure\040of\040the\040document}{chapter.1}% 7
\BOOKMARK [0][-]{chapter.2}{State\040of\040the\040art}{}% 8
\BOOKMARK [1][-]{section.2.1}{Introduction\040to\040eBPF}{chapter.2}% 9
\BOOKMARK [0][-]{chapter.3}{Methods??}{}% 10
\BOOKMARK [0][-]{chapter.4}{Results}{}% 11
\BOOKMARK [0][-]{chapter.5}{Conclusion\040and\040future\040work}{}% 12
\BOOKMARK [0][-]{chapter.5}{Bibliography}{}% 13
\BOOKMARK [2][-]{subsection.2.1.1}{eBPF\040history}{section.2.1}% 10
\BOOKMARK [0][-]{chapter.3}{Methods??}{}% 11
\BOOKMARK [0][-]{chapter.4}{Results}{}% 12
\BOOKMARK [0][-]{chapter.5}{Conclusion\040and\040future\040work}{}% 13
\BOOKMARK [0][-]{chapter.5}{Bibliography}{}% 14

BIN
docs/document.pdf
View File

Binary file not shown.

BIN
docs/document.synctex.gz
View File

Binary file not shown.

33
docs/document.tex
View File

@@ -198,7 +198,7 @@ hmargin=3cm
\bigskip
\end{Large}
{\Huge ``An analysis of offensive capabilities of eBPF''}\\
{\Huge ``An analysis of offensive capabilities of eBPF and implementation of a rootkit''}\\
\vspace*{0.5cm}
\rule{10.5cm}{0.1mm}\\
\vspace*{0.9cm}
@@ -403,7 +403,9 @@ The knowledge gathered by the previous three pillars will be then used as a basi
This chapter is dedicated to an study of the eBPF technology. Firstly, we will analyse its origins, understanding what it is and how it works, and discuss the reasons why it is a necessary component of the Linux kernel today. Afterwards, we will cover the main features of eBPF in detail. Finally, an study of the existing alternatives for developing eBPF applications will be also included.
\section{Introduction to eBPF}
Nowadays eBPF is not officially considered to be an acronym anymore, but it remains largely known as "extended Berkeley Packet Filters", given its roots in the Berkeley Packet Filter (BPF) technology, now known as classic BPF.
% Is it ok to have sections / chapters without individual intros?
\subsection{eBPF history}
Nowadays eBPF is not officially considered to be an acronym anymore\cite{ebpf_io}, but it remains largely known as "extended Berkeley Packet Filters", given its roots in the Berkeley Packet Filter (BPF) technology, now known as classic BPF.
BPF was introduced in 1992 in the paper "The BSD Packet Filter: A New Architecture for User-level Packet Capture"\cite{bpf_bsd_origin}, as a new filtering technology for network packets in the BSD platform. It was first integrated in the Linux kernel on version 2.1.75\cite{ebpf_history_opensource}.
@@ -415,7 +417,32 @@ BPF was introduced in 1992 in the paper "The BSD Packet Filter: A New Architectu
\label{fig:classif_bpf}
\end{figure}
Figure \ref{fig:classif_bpf} shows how BPF was integrated in the existing network packet processing by the kernel. After receiving a packet, it would first be analysed by BPF filters, which are directly programmed by the BPF developer. The filter decides whether the packet is to be accepted by analysing the packet properties, such as its length or the type and values of its headers. If a packet is accepted, the filter proceeds to decide how many bytes of the original buffer are passed to the application. Otherwise, the packet is redirected to the original network stack, where it is managed as usual.
Figure \ref{fig:classif_bpf} shows how BPF was integrated in the existing network packet processing by the kernel. After receiving a packet, it would first be analysed by BPF filters, programs directly developed by the user. The filter decides whether the packet is to be accepted by analysing the packet properties, such as its length or the type and values of its headers. If a packet is accepted, the filter proceeds to decide how many bytes of the original buffer are passed to the application at the user space. Otherwise, the packet is redirected to the original network stack, where it is managed as usual.
In a technical level, BPF comprises both the BPF filter programs developed by the user and the BPF module included in the kernel which allows for loading and running the BPF filters. This BPF module in the kernel works as a virtual machine\cite{bpf_bsd_origin_bpf_page1}. Therefore, it is usually referred as the BPF Virtual Machine (BPF VM). The BPF VM comprises the following components:
\begin{itemize}
\item \textbf{An accumulator register}, used to store intermediate values of operations.
\item \textbf{An index register}, used to modify operand addresses, it is usually incorporated to optimize vector operations\cite{index_register}.
\item \textbf{An scratch memory store}, a temporary storage.
\item \textbf{A program counter}, used to point to the next machine instruction to execute in a filter program.
\end{itemize}
The components of the BPF VM are used to support running BPF filter programs. A BPF filter is implemented as a boolean function:
\begin{itemize}
\item If it returns \textit{true}, the kernel copies the packet to the application.
\item If it returns \textit{false}, the packet is not accepted by the filter (and thus the network stack will be the next to operate it).
\end{itemize}
%How to include a source in the following paragraph? Its from an already cited source
%%%By filtering packets before they are handled by the kernel instead of using an user-level application, BPF offered a performance improvement between 10 and 150 times the used technologies at the time\cite{bpf_bsd_origin_bpf_page1}. Since then, multiple popular tools began to use BPF, such as the network tracing tool tcpdump.

2
docs/document.toc
View File

@@ -19,6 +19,8 @@
\defcounter {refsection}{0}\relax
\contentsline {section}{\numberline {2.1}Introduction to eBPF}{5}{section.2.1}%
\defcounter {refsection}{0}\relax
\contentsline {subsection}{\numberline {2.1.1}eBPF history}{5}{subsection.2.1.1}%
\defcounter {refsection}{0}\relax
\contentsline {chapter}{\numberline {3}Methods??}{7}{chapter.3}%
\defcounter {refsection}{0}\relax
\contentsline {chapter}{\numberline {4}Results}{8}{chapter.4}%

8
docs/pdfa.xmpi
View File

@@ -73,15 +73,15 @@
</rdf:Description>
<rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/">
<xmp:CreatorTool>LaTeX with hyperref</xmp:CreatorTool>
<xmp:ModifyDate>2022-05-22T09:54:23-04:00</xmp:ModifyDate>
<xmp:CreateDate>2022-05-22T09:54:23-04:00</xmp:CreateDate>
<xmp:MetadataDate>2022-05-22T09:54:23-04:00</xmp:MetadataDate>
<xmp:ModifyDate>2022-05-22T19:56:50-04:00</xmp:ModifyDate>
<xmp:CreateDate>2022-05-22T19:56:50-04:00</xmp:CreateDate>
<xmp:MetadataDate>2022-05-22T19:56:50-04:00</xmp:MetadataDate>
</rdf:Description>
<rdf:Description rdf:about="" xmlns:xmpRights = "http://ns.adobe.com/xap/1.0/rights/">
</rdf:Description>
<rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/">
<xmpMM:DocumentID>uuid:467B87E0-A1EA-A037-7CB7-0477245DEBC3</xmpMM:DocumentID>
<xmpMM:InstanceID>uuid:54E6B66D-9219-1781-FDF0-6CBAEB994DB9</xmpMM:InstanceID>
<xmpMM:InstanceID>uuid:C8D2E526-372E-864C-1A84-623F24CF0672</xmpMM:InstanceID>
</rdf:Description>
</rdf:RDF>
</x:xmpmeta>