Finished SotA

docs/bibliography/bibliography.bib

@@ -334,6 +334,23 @@
 @online{bcc_github,
 	title={BPF Compiler Collection (BCC)},
 	url={https://github.com/iovisor/bcc}
+},
+
+@online{libbpf_upstream,
+	title={BPF next kernel tree},
+	url={https://kernel.googlesource.com/pub/scm/linux/kernel/git/bpf/bpf-next}
+},
+
+@online{libbpf_github,
+	indextitle={libbpf GitHub},
+	url={https://github.com/libbpf/libbpf}
+},
+
+@online{libbpf_core,
+	title={BPF Portability and CO-RE},
+	url={https://facebookmicrosites.github.io/bpf/blog/2020/02/19/bpf-portability-and-co-re.html},
+	author={Andrii Nakryiko},
+	date={2020-02-19}
 }
 
 
@@ -343,4 +360,3 @@
 
 
 
-

docs/document.aux

@@ -237,18 +237,31 @@
 \@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {section}{\numberline {2.4}Developing eBPF programs}{23}{section.2.4}\protected@file@percent }
 \@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {subsection}{\numberline {2.4.1}BCC}{23}{subsection.2.4.1}\protected@file@percent }
 \@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {subsection}{\numberline {2.4.2}Bpftool}{23}{subsection.2.4.2}\protected@file@percent }
+\abx@aux@cite{libbpf_github}
+\abx@aux@segm{0}{0}{libbpf_github}
+\abx@aux@cite{libbpf_upstream}
+\abx@aux@segm{0}{0}{libbpf_upstream}
+\abx@aux@cite{libbpf_core}
+\abx@aux@segm{0}{0}{libbpf_core}
 \@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {subsection}{\numberline {2.4.3}Libbpf}{24}{subsection.2.4.3}\protected@file@percent }
-\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {chapter}{\numberline {3}Methods??}{25}{chapter.3}\protected@file@percent }
+\@writefile{lof}{\defcounter {refsection}{0}\relax }\@writefile{lof}{\contentsline {figure}{\numberline {2.9}{\ignorespaces Sketch of the compilation and loading process of a program developed with libbpf.\relax }}{25}{figure.caption.28}\protected@file@percent }
+\newlabel{fig:libbpf}{{2.9}{25}{Sketch of the compilation and loading process of a program developed with libbpf.\relax }{figure.caption.28}{}}
+\@writefile{lot}{\defcounter {refsection}{0}\relax }\@writefile{lot}{\contentsline {table}{\numberline {2.14}{\ignorespaces Table showing BPF skeleton functions.\relax }}{25}{table.caption.29}\protected@file@percent }
+\newlabel{table:libbpf_skel}{{2.14}{25}{Table showing BPF skeleton functions.\relax }{table.caption.29}{}}
+\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {chapter}{\numberline {3}Analysis of offensive capabilities}{27}{chapter.3}\protected@file@percent }
 \@writefile{lof}{\defcounter {refsection}{0}\relax }\@writefile{lof}{\addvspace {10\p@ }}
 \@writefile{lot}{\defcounter {refsection}{0}\relax }\@writefile{lot}{\addvspace {10\p@ }}
-\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {chapter}{\numberline {4}Results}{26}{chapter.4}\protected@file@percent }
+\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {chapter}{\numberline {4}Methods??}{28}{chapter.4}\protected@file@percent }
 \@writefile{lof}{\defcounter {refsection}{0}\relax }\@writefile{lof}{\addvspace {10\p@ }}
 \@writefile{lot}{\defcounter {refsection}{0}\relax }\@writefile{lot}{\addvspace {10\p@ }}
-\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {chapter}{\numberline {5}Conclusion and future work}{27}{chapter.5}\protected@file@percent }
+\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {chapter}{\numberline {5}Results}{29}{chapter.5}\protected@file@percent }
 \@writefile{lof}{\defcounter {refsection}{0}\relax }\@writefile{lof}{\addvspace {10\p@ }}
 \@writefile{lot}{\defcounter {refsection}{0}\relax }\@writefile{lot}{\addvspace {10\p@ }}
-\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {chapter}{Bibliography}{28}{chapter.5}\protected@file@percent }
-\abx@aux@read@bbl@mdfivesum{928E85D2BF178C374F78AAE7687D8F1B}
+\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {chapter}{\numberline {6}Conclusion and future work}{30}{chapter.6}\protected@file@percent }
+\@writefile{lof}{\defcounter {refsection}{0}\relax }\@writefile{lof}{\addvspace {10\p@ }}
+\@writefile{lot}{\defcounter {refsection}{0}\relax }\@writefile{lot}{\addvspace {10\p@ }}
+\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {chapter}{Bibliography}{31}{chapter.6}\protected@file@percent }
+\abx@aux@read@bbl@mdfivesum{0AFB9D19373966AF64A6C0FAEBFB8A46}
 \abx@aux@refcontextdefaultsdone
 \abx@aux@defaultrefcontext{0}{ransomware_pwc}{none/global//global/global}
 \abx@aux@defaultrefcontext{0}{rootkit_ptsecurity}{none/global//global/global}
@@ -298,5 +311,8 @@
 \abx@aux@defaultrefcontext{0}{kprobe_manual}{none/global//global/global}
 \abx@aux@defaultrefcontext{0}{kallsyms_kernel}{none/global//global/global}
 \abx@aux@defaultrefcontext{0}{bcc_github}{none/global//global/global}
+\abx@aux@defaultrefcontext{0}{libbpf_github}{none/global//global/global}
+\abx@aux@defaultrefcontext{0}{libbpf_upstream}{none/global//global/global}
+\abx@aux@defaultrefcontext{0}{libbpf_core}{none/global//global/global}
 \ttl@finishall
-\gdef \@abspage@last{48}
+\gdef \@abspage@last{51}

docs/document.bbl

@@ -1096,6 +1096,59 @@
       \verb https://github.com/iovisor/bcc
       \endverb
     \endentry
+    \entry{libbpf_github}{online}{}
+      \field{sortinit}{7}
+      \field{sortinithash}{f615fb9c6fba11c6f962fb3fd599810e}
+      \field{indextitle}{libbpf GitHub}
+      \verb{urlraw}
+      \verb https://github.com/libbpf/libbpf
+      \endverb
+      \verb{url}
+      \verb https://github.com/libbpf/libbpf
+      \endverb
+    \endentry
+    \entry{libbpf_upstream}{online}{}
+      \field{sortinit}{7}
+      \field{sortinithash}{f615fb9c6fba11c6f962fb3fd599810e}
+      \field{labeltitlesource}{title}
+      \field{title}{BPF next kernel tree}
+      \verb{urlraw}
+      \verb https://kernel.googlesource.com/pub/scm/linux/kernel/git/bpf/bpf-next
+      \endverb
+      \verb{url}
+      \verb https://kernel.googlesource.com/pub/scm/linux/kernel/git/bpf/bpf-next
+      \endverb
+    \endentry
+    \entry{libbpf_core}{online}{}
+      \name{author}{1}{}{%
+        {{hash=c1dd9d38edae2e25017305f57983936e}{%
+           family={Nakryiko},
+           familyi={N\bibinitperiod},
+           given={Andrii},
+           giveni={A\bibinitperiod}}}%
+      }
+      \strng{namehash}{c1dd9d38edae2e25017305f57983936e}
+      \strng{fullhash}{c1dd9d38edae2e25017305f57983936e}
+      \strng{bibnamehash}{c1dd9d38edae2e25017305f57983936e}
+      \strng{authorbibnamehash}{c1dd9d38edae2e25017305f57983936e}
+      \strng{authornamehash}{c1dd9d38edae2e25017305f57983936e}
+      \strng{authorfullhash}{c1dd9d38edae2e25017305f57983936e}
+      \field{sortinit}{8}
+      \field{sortinithash}{1b24cab5087933ef0826a7cd3b99e994}
+      \field{labelnamesource}{author}
+      \field{labeltitlesource}{title}
+      \field{day}{19}
+      \field{month}{2}
+      \field{title}{BPF Portability and CO-RE}
+      \field{year}{2020}
+      \field{dateera}{ce}
+      \verb{urlraw}
+      \verb https://facebookmicrosites.github.io/bpf/blog/2020/02/19/bpf-portability-and-co-re.html
+      \endverb
+      \verb{url}
+      \verb https://facebookmicrosites.github.io/bpf/blog/2020/02/19/bpf-portability-and-co-re.html
+      \endverb
+    \endentry
   \enddatalist
 \endrefsection
 \endinput

docs/document.bcf

@@ -2413,6 +2413,9 @@
     <bcf:citekey order="75">kprobe_manual</bcf:citekey>
     <bcf:citekey order="76">kallsyms_kernel</bcf:citekey>
     <bcf:citekey order="77">bcc_github</bcf:citekey>
+    <bcf:citekey order="78">libbpf_github</bcf:citekey>
+    <bcf:citekey order="79">libbpf_upstream</bcf:citekey>
+    <bcf:citekey order="80">libbpf_core</bcf:citekey>
   </bcf:section>
   <!-- SORTING TEMPLATES -->
   <bcf:sortingtemplate name="none">

docs/document.blg

@@ -1,66 +1,69 @@
-[0] Config.pm:311> INFO - This is Biber 2.16
-[0] Config.pm:314> INFO - Logfile is 'document.blg'
-[66] biber:340> INFO - === Fri May 27, 2022, 19:34:53
-[82] Biber.pm:415> INFO - Reading 'document.bcf'
-[155] Biber.pm:952> INFO - Found 48 citekeys in bib section 0
-[169] Biber.pm:4340> INFO - Processing section 0
-[180] Biber.pm:4531> INFO - Looking for bibtex format file 'bibliography/bibliography.bib' for section 0
-[182] bibtex.pm:1689> INFO - LaTeX decoding ...
-[202] bibtex.pm:1494> INFO - Found BibTeX data source 'bibliography/bibliography.bib'
-[307] Utils.pm:384> WARN - Entry 'ebpf_bounded_loops' (bibliography/bibliography.bib): Invalid format '2019-06-31' of date field 'date' - ignoring
-[339] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_pgMm/f4d088b3f9f145b5c3058da33afd57d4_162505.utf8, line 9, warning: 1 characters of junk seen at toplevel
-[339] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_pgMm/f4d088b3f9f145b5c3058da33afd57d4_162505.utf8, line 15, warning: 1 characters of junk seen at toplevel
-[339] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_pgMm/f4d088b3f9f145b5c3058da33afd57d4_162505.utf8, line 22, warning: 1 characters of junk seen at toplevel
-[339] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_pgMm/f4d088b3f9f145b5c3058da33afd57d4_162505.utf8, line 28, warning: 1 characters of junk seen at toplevel
-[339] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_pgMm/f4d088b3f9f145b5c3058da33afd57d4_162505.utf8, line 35, warning: 1 characters of junk seen at toplevel
-[339] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_pgMm/f4d088b3f9f145b5c3058da33afd57d4_162505.utf8, line 42, warning: 1 characters of junk seen at toplevel
-[339] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_pgMm/f4d088b3f9f145b5c3058da33afd57d4_162505.utf8, line 50, warning: 1 characters of junk seen at toplevel
-[339] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_pgMm/f4d088b3f9f145b5c3058da33afd57d4_162505.utf8, line 58, warning: 1 characters of junk seen at toplevel
-[339] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_pgMm/f4d088b3f9f145b5c3058da33afd57d4_162505.utf8, line 65, warning: 1 characters of junk seen at toplevel
-[339] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_pgMm/f4d088b3f9f145b5c3058da33afd57d4_162505.utf8, line 70, warning: 1 characters of junk seen at toplevel
-[339] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_pgMm/f4d088b3f9f145b5c3058da33afd57d4_162505.utf8, line 77, warning: 1 characters of junk seen at toplevel
-[339] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_pgMm/f4d088b3f9f145b5c3058da33afd57d4_162505.utf8, line 85, warning: 1 characters of junk seen at toplevel
-[339] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_pgMm/f4d088b3f9f145b5c3058da33afd57d4_162505.utf8, line 94, warning: 1 characters of junk seen at toplevel
-[339] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_pgMm/f4d088b3f9f145b5c3058da33afd57d4_162505.utf8, line 103, warning: 1 characters of junk seen at toplevel
-[340] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_pgMm/f4d088b3f9f145b5c3058da33afd57d4_162505.utf8, line 112, warning: 1 characters of junk seen at toplevel
-[340] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_pgMm/f4d088b3f9f145b5c3058da33afd57d4_162505.utf8, line 121, warning: 1 characters of junk seen at toplevel
-[340] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_pgMm/f4d088b3f9f145b5c3058da33afd57d4_162505.utf8, line 127, warning: 1 characters of junk seen at toplevel
-[340] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_pgMm/f4d088b3f9f145b5c3058da33afd57d4_162505.utf8, line 132, warning: 1 characters of junk seen at toplevel
-[340] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_pgMm/f4d088b3f9f145b5c3058da33afd57d4_162505.utf8, line 137, warning: 1 characters of junk seen at toplevel
-[340] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_pgMm/f4d088b3f9f145b5c3058da33afd57d4_162505.utf8, line 142, warning: 1 characters of junk seen at toplevel
-[340] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_pgMm/f4d088b3f9f145b5c3058da33afd57d4_162505.utf8, line 153, warning: 1 characters of junk seen at toplevel
-[340] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_pgMm/f4d088b3f9f145b5c3058da33afd57d4_162505.utf8, line 158, warning: 1 characters of junk seen at toplevel
-[340] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_pgMm/f4d088b3f9f145b5c3058da33afd57d4_162505.utf8, line 164, warning: 1 characters of junk seen at toplevel
-[340] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_pgMm/f4d088b3f9f145b5c3058da33afd57d4_162505.utf8, line 170, warning: 1 characters of junk seen at toplevel
-[340] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_pgMm/f4d088b3f9f145b5c3058da33afd57d4_162505.utf8, line 175, warning: 1 characters of junk seen at toplevel
-[340] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_pgMm/f4d088b3f9f145b5c3058da33afd57d4_162505.utf8, line 184, warning: 1 characters of junk seen at toplevel
-[340] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_pgMm/f4d088b3f9f145b5c3058da33afd57d4_162505.utf8, line 191, warning: 1 characters of junk seen at toplevel
-[340] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_pgMm/f4d088b3f9f145b5c3058da33afd57d4_162505.utf8, line 199, warning: 1 characters of junk seen at toplevel
-[340] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_pgMm/f4d088b3f9f145b5c3058da33afd57d4_162505.utf8, line 206, warning: 1 characters of junk seen at toplevel
-[340] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_pgMm/f4d088b3f9f145b5c3058da33afd57d4_162505.utf8, line 215, warning: 1 characters of junk seen at toplevel
-[340] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_pgMm/f4d088b3f9f145b5c3058da33afd57d4_162505.utf8, line 224, warning: 1 characters of junk seen at toplevel
-[340] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_pgMm/f4d088b3f9f145b5c3058da33afd57d4_162505.utf8, line 233, warning: 1 characters of junk seen at toplevel
-[340] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_pgMm/f4d088b3f9f145b5c3058da33afd57d4_162505.utf8, line 239, warning: 1 characters of junk seen at toplevel
-[340] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_pgMm/f4d088b3f9f145b5c3058da33afd57d4_162505.utf8, line 244, warning: 1 characters of junk seen at toplevel
-[340] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_pgMm/f4d088b3f9f145b5c3058da33afd57d4_162505.utf8, line 249, warning: 1 characters of junk seen at toplevel
-[341] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_pgMm/f4d088b3f9f145b5c3058da33afd57d4_162505.utf8, line 256, warning: 1 characters of junk seen at toplevel
-[341] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_pgMm/f4d088b3f9f145b5c3058da33afd57d4_162505.utf8, line 261, warning: 1 characters of junk seen at toplevel
-[341] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_pgMm/f4d088b3f9f145b5c3058da33afd57d4_162505.utf8, line 266, warning: 1 characters of junk seen at toplevel
-[341] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_pgMm/f4d088b3f9f145b5c3058da33afd57d4_162505.utf8, line 271, warning: 1 characters of junk seen at toplevel
-[341] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_pgMm/f4d088b3f9f145b5c3058da33afd57d4_162505.utf8, line 276, warning: 1 characters of junk seen at toplevel
-[341] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_pgMm/f4d088b3f9f145b5c3058da33afd57d4_162505.utf8, line 283, warning: 1 characters of junk seen at toplevel
-[341] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_pgMm/f4d088b3f9f145b5c3058da33afd57d4_162505.utf8, line 288, warning: 1 characters of junk seen at toplevel
-[341] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_pgMm/f4d088b3f9f145b5c3058da33afd57d4_162505.utf8, line 295, warning: 1 characters of junk seen at toplevel
-[341] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_pgMm/f4d088b3f9f145b5c3058da33afd57d4_162505.utf8, line 302, warning: 1 characters of junk seen at toplevel
-[341] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_pgMm/f4d088b3f9f145b5c3058da33afd57d4_162505.utf8, line 309, warning: 1 characters of junk seen at toplevel
-[341] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_pgMm/f4d088b3f9f145b5c3058da33afd57d4_162505.utf8, line 315, warning: 1 characters of junk seen at toplevel
-[341] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_pgMm/f4d088b3f9f145b5c3058da33afd57d4_162505.utf8, line 321, warning: 1 characters of junk seen at toplevel
-[341] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_pgMm/f4d088b3f9f145b5c3058da33afd57d4_162505.utf8, line 327, warning: 1 characters of junk seen at toplevel
-[341] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_pgMm/f4d088b3f9f145b5c3058da33afd57d4_162505.utf8, line 334, warning: 1 characters of junk seen at toplevel
-[375] UCollate.pm:68> INFO - Overriding locale 'en-US' defaults 'variable = shifted' with 'variable = non-ignorable'
-[375] UCollate.pm:68> INFO - Overriding locale 'en-US' defaults 'normalization = NFD' with 'normalization = prenormalized'
-[376] Biber.pm:4168> INFO - Sorting list 'none/global//global/global' of type 'entry' with template 'none' and locale 'en-US'
-[376] Biber.pm:4174> INFO - No sort tailoring available for locale 'en-US'
-[404] bbl.pm:654> INFO - Writing 'document.bbl' with encoding 'UTF-8'
-[416] bbl.pm:757> INFO - Output to document.bbl
-[416] Biber.pm:128> INFO - WARNINGS: 50
+[1] Config.pm:311> INFO - This is Biber 2.16
+[1] Config.pm:314> INFO - Logfile is 'document.blg'
+[148] biber:340> INFO - === Sat May 28, 2022, 08:39:03
+[183] Biber.pm:415> INFO - Reading 'document.bcf'
+[389] Biber.pm:952> INFO - Found 51 citekeys in bib section 0
+[427] Biber.pm:4340> INFO - Processing section 0
+[450] Biber.pm:4531> INFO - Looking for bibtex format file 'bibliography/bibliography.bib' for section 0
+[456] bibtex.pm:1689> INFO - LaTeX decoding ...
+[512] bibtex.pm:1494> INFO - Found BibTeX data source 'bibliography/bibliography.bib'
+[742] Utils.pm:384> WARN - Entry 'ebpf_bounded_loops' (bibliography/bibliography.bib): Invalid format '2019-06-31' of date field 'date' - ignoring
+[820] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_ZQaP/f4d088b3f9f145b5c3058da33afd57d4_168752.utf8, line 9, warning: 1 characters of junk seen at toplevel
+[820] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_ZQaP/f4d088b3f9f145b5c3058da33afd57d4_168752.utf8, line 15, warning: 1 characters of junk seen at toplevel
+[820] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_ZQaP/f4d088b3f9f145b5c3058da33afd57d4_168752.utf8, line 22, warning: 1 characters of junk seen at toplevel
+[821] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_ZQaP/f4d088b3f9f145b5c3058da33afd57d4_168752.utf8, line 28, warning: 1 characters of junk seen at toplevel
+[821] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_ZQaP/f4d088b3f9f145b5c3058da33afd57d4_168752.utf8, line 35, warning: 1 characters of junk seen at toplevel
+[821] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_ZQaP/f4d088b3f9f145b5c3058da33afd57d4_168752.utf8, line 42, warning: 1 characters of junk seen at toplevel
+[822] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_ZQaP/f4d088b3f9f145b5c3058da33afd57d4_168752.utf8, line 50, warning: 1 characters of junk seen at toplevel
+[822] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_ZQaP/f4d088b3f9f145b5c3058da33afd57d4_168752.utf8, line 58, warning: 1 characters of junk seen at toplevel
+[822] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_ZQaP/f4d088b3f9f145b5c3058da33afd57d4_168752.utf8, line 65, warning: 1 characters of junk seen at toplevel
+[822] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_ZQaP/f4d088b3f9f145b5c3058da33afd57d4_168752.utf8, line 70, warning: 1 characters of junk seen at toplevel
+[823] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_ZQaP/f4d088b3f9f145b5c3058da33afd57d4_168752.utf8, line 77, warning: 1 characters of junk seen at toplevel
+[823] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_ZQaP/f4d088b3f9f145b5c3058da33afd57d4_168752.utf8, line 85, warning: 1 characters of junk seen at toplevel
+[823] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_ZQaP/f4d088b3f9f145b5c3058da33afd57d4_168752.utf8, line 94, warning: 1 characters of junk seen at toplevel
+[823] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_ZQaP/f4d088b3f9f145b5c3058da33afd57d4_168752.utf8, line 103, warning: 1 characters of junk seen at toplevel
+[823] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_ZQaP/f4d088b3f9f145b5c3058da33afd57d4_168752.utf8, line 112, warning: 1 characters of junk seen at toplevel
+[823] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_ZQaP/f4d088b3f9f145b5c3058da33afd57d4_168752.utf8, line 121, warning: 1 characters of junk seen at toplevel
+[824] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_ZQaP/f4d088b3f9f145b5c3058da33afd57d4_168752.utf8, line 127, warning: 1 characters of junk seen at toplevel
+[824] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_ZQaP/f4d088b3f9f145b5c3058da33afd57d4_168752.utf8, line 132, warning: 1 characters of junk seen at toplevel
+[824] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_ZQaP/f4d088b3f9f145b5c3058da33afd57d4_168752.utf8, line 137, warning: 1 characters of junk seen at toplevel
+[824] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_ZQaP/f4d088b3f9f145b5c3058da33afd57d4_168752.utf8, line 142, warning: 1 characters of junk seen at toplevel
+[825] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_ZQaP/f4d088b3f9f145b5c3058da33afd57d4_168752.utf8, line 153, warning: 1 characters of junk seen at toplevel
+[825] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_ZQaP/f4d088b3f9f145b5c3058da33afd57d4_168752.utf8, line 158, warning: 1 characters of junk seen at toplevel
+[825] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_ZQaP/f4d088b3f9f145b5c3058da33afd57d4_168752.utf8, line 164, warning: 1 characters of junk seen at toplevel
+[825] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_ZQaP/f4d088b3f9f145b5c3058da33afd57d4_168752.utf8, line 170, warning: 1 characters of junk seen at toplevel
+[825] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_ZQaP/f4d088b3f9f145b5c3058da33afd57d4_168752.utf8, line 175, warning: 1 characters of junk seen at toplevel
+[826] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_ZQaP/f4d088b3f9f145b5c3058da33afd57d4_168752.utf8, line 184, warning: 1 characters of junk seen at toplevel
+[826] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_ZQaP/f4d088b3f9f145b5c3058da33afd57d4_168752.utf8, line 191, warning: 1 characters of junk seen at toplevel
+[826] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_ZQaP/f4d088b3f9f145b5c3058da33afd57d4_168752.utf8, line 199, warning: 1 characters of junk seen at toplevel
+[826] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_ZQaP/f4d088b3f9f145b5c3058da33afd57d4_168752.utf8, line 206, warning: 1 characters of junk seen at toplevel
+[826] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_ZQaP/f4d088b3f9f145b5c3058da33afd57d4_168752.utf8, line 215, warning: 1 characters of junk seen at toplevel
+[827] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_ZQaP/f4d088b3f9f145b5c3058da33afd57d4_168752.utf8, line 224, warning: 1 characters of junk seen at toplevel
+[827] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_ZQaP/f4d088b3f9f145b5c3058da33afd57d4_168752.utf8, line 233, warning: 1 characters of junk seen at toplevel
+[827] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_ZQaP/f4d088b3f9f145b5c3058da33afd57d4_168752.utf8, line 239, warning: 1 characters of junk seen at toplevel
+[827] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_ZQaP/f4d088b3f9f145b5c3058da33afd57d4_168752.utf8, line 244, warning: 1 characters of junk seen at toplevel
+[828] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_ZQaP/f4d088b3f9f145b5c3058da33afd57d4_168752.utf8, line 249, warning: 1 characters of junk seen at toplevel
+[828] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_ZQaP/f4d088b3f9f145b5c3058da33afd57d4_168752.utf8, line 256, warning: 1 characters of junk seen at toplevel
+[828] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_ZQaP/f4d088b3f9f145b5c3058da33afd57d4_168752.utf8, line 261, warning: 1 characters of junk seen at toplevel
+[828] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_ZQaP/f4d088b3f9f145b5c3058da33afd57d4_168752.utf8, line 266, warning: 1 characters of junk seen at toplevel
+[828] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_ZQaP/f4d088b3f9f145b5c3058da33afd57d4_168752.utf8, line 271, warning: 1 characters of junk seen at toplevel
+[828] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_ZQaP/f4d088b3f9f145b5c3058da33afd57d4_168752.utf8, line 276, warning: 1 characters of junk seen at toplevel
+[829] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_ZQaP/f4d088b3f9f145b5c3058da33afd57d4_168752.utf8, line 283, warning: 1 characters of junk seen at toplevel
+[829] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_ZQaP/f4d088b3f9f145b5c3058da33afd57d4_168752.utf8, line 288, warning: 1 characters of junk seen at toplevel
+[829] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_ZQaP/f4d088b3f9f145b5c3058da33afd57d4_168752.utf8, line 295, warning: 1 characters of junk seen at toplevel
+[829] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_ZQaP/f4d088b3f9f145b5c3058da33afd57d4_168752.utf8, line 302, warning: 1 characters of junk seen at toplevel
+[829] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_ZQaP/f4d088b3f9f145b5c3058da33afd57d4_168752.utf8, line 309, warning: 1 characters of junk seen at toplevel
+[830] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_ZQaP/f4d088b3f9f145b5c3058da33afd57d4_168752.utf8, line 315, warning: 1 characters of junk seen at toplevel
+[830] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_ZQaP/f4d088b3f9f145b5c3058da33afd57d4_168752.utf8, line 321, warning: 1 characters of junk seen at toplevel
+[830] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_ZQaP/f4d088b3f9f145b5c3058da33afd57d4_168752.utf8, line 327, warning: 1 characters of junk seen at toplevel
+[830] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_ZQaP/f4d088b3f9f145b5c3058da33afd57d4_168752.utf8, line 334, warning: 1 characters of junk seen at toplevel
+[830] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_ZQaP/f4d088b3f9f145b5c3058da33afd57d4_168752.utf8, line 339, warning: 1 characters of junk seen at toplevel
+[831] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_ZQaP/f4d088b3f9f145b5c3058da33afd57d4_168752.utf8, line 344, warning: 1 characters of junk seen at toplevel
+[831] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_ZQaP/f4d088b3f9f145b5c3058da33afd57d4_168752.utf8, line 349, warning: 1 characters of junk seen at toplevel
+[916] UCollate.pm:68> INFO - Overriding locale 'en-US' defaults 'variable = shifted' with 'variable = non-ignorable'
+[917] UCollate.pm:68> INFO - Overriding locale 'en-US' defaults 'normalization = NFD' with 'normalization = prenormalized'
+[917] Biber.pm:4168> INFO - Sorting list 'none/global//global/global' of type 'entry' with template 'none' and locale 'en-US'
+[917] Biber.pm:4174> INFO - No sort tailoring available for locale 'en-US'
+[991] bbl.pm:654> INFO - Writing 'document.bbl' with encoding 'UTF-8'
+[1026] bbl.pm:757> INFO - Output to document.bbl
+[1026] Biber.pm:128> INFO - WARNINGS: 53

docs/document.lof

@@ -21,6 +21,10 @@
 \defcounter {refsection}{0}\relax 
 \contentsline {figure}{\numberline {2.8}{\ignorespaces Figure showing how the eBPF XDP and TC modules are integrated in the network processing in the Linux kernel.\relax }}{19}{figure.caption.23}%
 \defcounter {refsection}{0}\relax 
+\contentsline {figure}{\numberline {2.9}{\ignorespaces Sketch of the compilation and loading process of a program developed with libbpf.\relax }}{25}{figure.caption.28}%
+\defcounter {refsection}{0}\relax 
+\addvspace {10\p@ }
+\defcounter {refsection}{0}\relax 
 \addvspace {10\p@ }
 \defcounter {refsection}{0}\relax 
 \addvspace {10\p@ }

docs/document.log

@@ -1,4 +1,4 @@
-This is pdfTeX, Version 3.14159265-2.6-1.40.21 (TeX Live 2020/Debian) (preloaded format=pdflatex 2022.4.27)  27 MAY 2022 20:55
+This is pdfTeX, Version 3.14159265-2.6-1.40.21 (TeX Live 2020/Debian) (preloaded format=pdflatex 2022.4.27)  28 MAY 2022 09:22
 entering extended mode
  restricted \write18 enabled.
  %&-line parsing enabled.
@@ -1220,7 +1220,7 @@ Chapter 2.
 LaTeX Warning: Reference `section:analysis_offensive_capabilities' on page 5 un
 defined on input line 412.
 
-<images//classic_bpf.jpg, id=423, 588.1975pt x 432.61626pt>
+<images//classic_bpf.jpg, id=428, 588.1975pt x 432.61626pt>
 File: images//classic_bpf.jpg Graphic file (type jpg)
 <use images//classic_bpf.jpg>
 Package pdftex.def Info: images//classic_bpf.jpg  used on input line 426.
@@ -1228,36 +1228,36 @@ Package pdftex.def Info: images//classic_bpf.jpg  used on input line 426.
 [5
 
 ] [6 <./images//classic_bpf.jpg>]
-<images//cbpf_prog.jpg, id=441, 403.5075pt x 451.6875pt>
+<images//cbpf_prog.jpg, id=446, 403.5075pt x 451.6875pt>
 File: images//cbpf_prog.jpg Graphic file (type jpg)
 <use images//cbpf_prog.jpg>
 Package pdftex.def Info: images//cbpf_prog.jpg  used on input line 453.
 (pdftex.def)             Requested size: 227.62204pt x 254.80415pt.
  [7 <./images/cBPF_prog.jpg>]
-<images//bpf_instructions.png, id=451, 380.92313pt x 475.27562pt>
+<images//bpf_instructions.png, id=456, 380.92313pt x 475.27562pt>
 File: images//bpf_instructions.png Graphic file (type png)
 <use images//bpf_instructions.png>
 Package pdftex.def Info: images//bpf_instructions.png  used on input line 493.
 (pdftex.def)             Requested size: 227.62204pt x 283.99998pt.
  [8 <./images//bpf_instructions.png>]
-<images//bpf_address_mode.png, id=461, 417.05812pt x 313.67188pt>
+<images//bpf_address_mode.png, id=466, 417.05812pt x 313.67188pt>
 File: images//bpf_address_mode.png Graphic file (type png)
 <use images//bpf_address_mode.png>
 Package pdftex.def Info: images//bpf_address_mode.png  used on input line 509.
 (pdftex.def)             Requested size: 227.62204pt x 171.19905pt.
  [9 <./images//bpf_address_mode.png>]
-<images//tcpdump_example.png, id=473, 534.99875pt x 454.69875pt>
+<images//tcpdump_example.png, id=478, 534.99875pt x 454.69875pt>
 File: images//tcpdump_example.png Graphic file (type png)
 <use images//tcpdump_example.png>
 Package pdftex.def Info: images//tcpdump_example.png  used on input line 524.
 (pdftex.def)             Requested size: 284.52756pt x 241.82869pt.
-<images//cBPF_prog_ex_sol.png, id=476, 242.9075pt x 321.2pt>
+<images//cBPF_prog_ex_sol.png, id=481, 242.9075pt x 321.2pt>
 File: images//cBPF_prog_ex_sol.png Graphic file (type png)
 <use images//cBPF_prog_ex_sol.png>
 Package pdftex.def Info: images//cBPF_prog_ex_sol.png  used on input line 535.
 (pdftex.def)             Requested size: 170.71652pt x 225.74026pt.
  [10 <./images//tcpdump_example.png>] [11 <./images//cBPF_prog_ex_sol.png>]
-<images//ebpf_arch.jpg, id=495, 739.76375pt x 472.76625pt>
+<images//ebpf_arch.jpg, id=500, 739.76375pt x 472.76625pt>
 File: images//ebpf_arch.jpg Graphic file (type jpg)
 <use images//ebpf_arch.jpg>
 Package pdftex.def Info: images//ebpf_arch.jpg  used on input line 574.
@@ -1309,7 +1309,7 @@ Overfull \hbox (13.5802pt too wide) in paragraph at lines 756--784
  []
 
 [17]
-<images//xdp_diag.jpg, id=575, 649.42625pt x 472.76625pt>
+<images//xdp_diag.jpg, id=580, 649.42625pt x 472.76625pt>
 File: images//xdp_diag.jpg Graphic file (type jpg)
 <use images//xdp_diag.jpg>
 Package pdftex.def Info: images//xdp_diag.jpg  used on input line 800.
@@ -1319,63 +1319,83 @@ Overfull \hbox (5.80417pt too wide) in paragraph at lines 863--875
  [][] 
  []
 
-[20] [21] [22] [23] [24]
+[20] [21] [22] [23]
+<images//libbpf_prog.jpg, id=639, 543.02875pt x 502.87875pt>
+File: images//libbpf_prog.jpg Graphic file (type jpg)
+<use images//libbpf_prog.jpg>
+Package pdftex.def Info: images//libbpf_prog.jpg  used on input line 966.
+(pdftex.def)             Requested size: 341.43306pt x 316.20142pt.
+ [24]
+
+LaTeX Warning: Reference `TODO' on page 25 undefined on input line 994.
+
+[25 <./images//libbpf_prog.jpg>] [26]
 Chapter 3.
-[25
-
-]
-Chapter 4.
-[26
-
-]
-Chapter 5.
 [27
 
+]
+Chapter 4.
+[28
+
+]
+Chapter 5.
+[29
+
+]
+Chapter 6.
+[30
+
 ]
 LaTeX Font Info:    Trying to load font information for T1+txtt on input line 1
-001.
+031.
  (/usr/share/texlive/texmf-dist/tex/latex/txfonts/t1txtt.fd
 File: t1txtt.fd 2000/12/15 v3.1
 )
-Overfull \hbox (5.34976pt too wide) in paragraph at lines 1002--1002
+Overfull \hbox (5.34976pt too wide) in paragraph at lines 1032--1032
 \T1/txtt/m/n/12 threat -[] intelligence / cyber -[] year -[] in -[] retrospect 
 / yir -[] cyber -[] threats -[]
  []
 
-[28
+[31
 
 
 ]
-Overfull \hbox (6.22696pt too wide) in paragraph at lines 1002--1002
+Overfull \hbox (6.22696pt too wide) in paragraph at lines 1032--1032
 []\T1/txr/m/it/12 Bpf fea-tures by linux ker-nel ver-sion\T1/txr/m/n/12 , io-vi
 -sor. [On-line]. Avail-able: [][]$\T1/txtt/m/n/12 https : / / github .
  []
 
 
-Overfull \hbox (7.34976pt too wide) in paragraph at lines 1002--1002
+Overfull \hbox (7.34976pt too wide) in paragraph at lines 1032--1032
 [][]$\T1/txtt/m/n/12 https : / / ebpf . io / what -[] is -[] ebpf / #loader -[]
 -[] verification -[] architecture$[][]\T1/txr/m/n/12 . 
  []
 
 
-Overfull \hbox (21.24973pt too wide) in paragraph at lines 1002--1002
+Overfull \hbox (21.24973pt too wide) in paragraph at lines 1032--1032
 \T1/txtt/m/n/12 vger . kernel . org / netconf2015Starovoitov -[] bpf _ collabsu
 mmit _ 2015feb20 .
  []
 
-[29]
-Overfull \hbox (9.14975pt too wide) in paragraph at lines 1002--1002
+[32]
+Overfull \hbox (9.14975pt too wide) in paragraph at lines 1032--1032
 \T1/txtt/m/n/12 ch02 . xhtml# :-[]: text = With % 20JIT % 20compiled % 20code %
  2C % 20i ,[] %20other %
  []
 
 
-Overfull \hbox (6.49615pt too wide) in paragraph at lines 1002--1002
+Overfull \hbox (6.49615pt too wide) in paragraph at lines 1032--1032
 []\T1/txr/m/n/12 D. Lavie. ^^P  A gen-tle in-tro-duc-tion to xdp.^^Q (Feb. 3, 2
 022), [On-line]. Avail-able: [][]$\T1/txtt/m/n/12 https :
  []
 
-[30] [31] [1
+[33]
+Overfull \hbox (0.76683pt too wide) in paragraph at lines 1032--1032
+[]\T1/txr/m/n/12 ^^P  Bpf next ker-nel tree.^^Q (), [On-line]. Avail-able: [][]
+$\T1/txtt/m/n/12 https : / / kernel . googlesource .
+ []
+
+[34] [1
 
 ]
 
@@ -1386,7 +1406,7 @@ pdfTeX warning (ext4): destination with the same identifier (name{page.}) has b
 een already used, duplicate ignored
 <to be read again> 
                    \relax 
-l.1018 \end{document}
+l.1048 \end{document}
                       [2
 
 ] (./document.aux)
@@ -1399,17 +1419,17 @@ Package rerunfilecheck Warning: File `document.out' has changed.
 (rerunfilecheck)                or use package `bookmark'.
 
 Package rerunfilecheck Info: Checksums for `document.out':
-(rerunfilecheck)             Before: 76D08850B9857529ABB9875381AE8D26;2555
-(rerunfilecheck)             After:  DDEC2EA0BA9DDEC568FE05D8A7BB7EC7;2555.
+(rerunfilecheck)             Before: DDEC2EA0BA9DDEC568FE05D8A7BB7EC7;2555
+(rerunfilecheck)             After:  82639416354DA222C60093A493D29911;2634.
 Package logreq Info: Writing requests to 'document.run.xml'.
 \openout1 = `document.run.xml'.
 
  ) 
 Here is how much of TeX's memory you used:
- 27485 strings out of 481209
- 439113 string characters out of 5914747
- 1181078 words of memory out of 5000000
- 43842 multiletter control sequences out of 15000+600000
+ 27509 strings out of 481209
+ 439698 string characters out of 5914747
+ 1181434 words of memory out of 5000000
+ 43856 multiletter control sequences out of 15000+600000
  453959 words of font info for 100 fonts, out of 8000000 for 9000
  36 hyphenation exceptions out of 8191
  88i,12n,90p,1029b,3681s stack positions out of 5000i,500n,10000p,200000b,80000s
@@ -1424,9 +1444,9 @@ texmf-dist/fonts/type1/urw/helvetic/uhvr8a.pfb></usr/share/texlive/texmf-dist/f
 onts/type1/urw/helvetic/uhvr8a.pfb></usr/share/texlive/texmf-dist/fonts/type1/u
 rw/times/utmb8a.pfb></usr/share/texlive/texmf-dist/fonts/type1/urw/times/utmr8a
 .pfb></usr/share/texlive/texmf-dist/fonts/type1/urw/times/utmri8a.pfb>
-Output written on document.pdf (48 pages, 676250 bytes).
+Output written on document.pdf (51 pages, 726289 bytes).
 PDF statistics:
- 863 PDF objects out of 1000 (max. 8388607)
- 159 named destinations out of 1000 (max. 500000)
- 351 words of extra memory for PDF output out of 10000 (max. 10000000)
+ 898 PDF objects out of 1000 (max. 8388607)
+ 168 named destinations out of 1000 (max. 500000)
+ 356 words of extra memory for PDF output out of 10000 (max. 10000000)
 

docs/document.lot

@@ -31,6 +31,10 @@
 \defcounter {refsection}{0}\relax 
 \contentsline {table}{\numberline {2.13}{\ignorespaces Table showing relevant TC-exclusive eBPF helpers.\relax }}{21}{table.caption.27}%
 \defcounter {refsection}{0}\relax 
+\contentsline {table}{\numberline {2.14}{\ignorespaces Table showing BPF skeleton functions.\relax }}{25}{table.caption.29}%
+\defcounter {refsection}{0}\relax 
+\addvspace {10\p@ }
+\defcounter {refsection}{0}\relax 
 \addvspace {10\p@ }
 \defcounter {refsection}{0}\relax 
 \addvspace {10\p@ }

docs/document.out

@@ -30,7 +30,8 @@
 \BOOKMARK [2][-]{subsection.2.4.1}{BCC}{section.2.4}% 30
 \BOOKMARK [2][-]{subsection.2.4.2}{Bpftool}{section.2.4}% 31
 \BOOKMARK [2][-]{subsection.2.4.3}{Libbpf}{section.2.4}% 32
-\BOOKMARK [0][-]{chapter.3}{Methods??}{}% 33
-\BOOKMARK [0][-]{chapter.4}{Results}{}% 34
-\BOOKMARK [0][-]{chapter.5}{Conclusion\040and\040future\040work}{}% 35
-\BOOKMARK [0][-]{chapter.5}{Bibliography}{}% 36
+\BOOKMARK [0][-]{chapter.3}{Analysis\040of\040offensive\040capabilities}{}% 33
+\BOOKMARK [0][-]{chapter.4}{Methods??}{}% 34
+\BOOKMARK [0][-]{chapter.5}{Results}{}% 35
+\BOOKMARK [0][-]{chapter.6}{Conclusion\040and\040future\040work}{}% 36
+\BOOKMARK [0][-]{chapter.6}{Bibliography}{}% 37

docs/document.tex

@@ -954,16 +954,44 @@ bpftool is not a development framework like BCC, but one of the most relevant to
 Although we will not be covering bpftool during our overview on the constructed eBPF rootkit, it was used extensively during the development and became a key tool for debugging eBPF programs, particularly to peek data at eBPF maps during runtime.
 
 \subsection{Libbpf}
-libbpf is a library for loading and interacting with eBPF programs. 
-
-%TALK ABOUT LLVM
-
-
-
-
-
-
+libbpf\cite{libbpf_github} is a library for loading and interacting with eBPF programs, which is currently maintained in the Linux kernel source tree\cite{libbpf_upstream}. It is one of the most popular frameworks to develop eBPF applications, both because it makes eBPF programming similar to common kernel development and because it aims at reducing kernel-version dependencies, thus increasing programs portability between systems\cite{libbpf_core}. During our research, however, we will not make use of this functionalities given that a portable program is not in our research goals.
 
+As we discussed in section \ref{section:modern_ebpf}, eBPF programs are composed of both the eBPF code in the kernel and a user space program that can interact with it. With libbpf, the eBPF kernel program is developed in C (a real program, not a string later compiled as with BCC), while user programs are usually developed in C, Rust or GO. For our project, we will use the C version of libbpf, so both the user and kernel side of our rootkit will be developed in this language.
+
+% Cites in the following paragraph?
+When using libbpf with the C language, both the user-side and kernel eBPF program are compiled together using the Clang/LLVM compiler, translating C instructions into eBPF bytecode. As a clarification, Clang is the front-end of the compiler, translating C instructions into an intermediate form understandable by LLVM, whilst LLVM is the back-end compiling the intermediate code into eBPF bytecode. As it can be observed in figure \ref{fig:libbpf}, the result of the compilation is a single program, comprising the user-side which will launch a user process, the eBPF bytecode to be run in the kernel, and other structures libbpf generates about eBPF maps and other meta data. This program is encapsulated as an ELF file (a common executable format).
+
+\begin{figure}[H]
+	\centering
+	\includegraphics[width=12cm, keepaspectratio=true]{libbpf_prog.jpg}
+	\caption{Sketch of the compilation and loading process of a program developed with libbpf.}
+	\label{fig:libbpf}
+\end{figure}
+
+Finally, we will overview one of the main functionalities of libbpf to simplify eBPF programming, namely the BPF skeleton. This is auto-generated code by libbpf whose aim is to simplify working with eBPF from the user-side program. As a summary, it parses the eBPF programs developed (which may be using different technologies such as XDP, kprobes, TC...) and the eBPF maps used, and as a result offers a simple set of functions for dealing with these programs from the user program. In particular, it allows for loading and unloading an specific eBPF program from user space at runtime.
+
+Table \ref{table:libbpf_skel} describes the API offered by the BPF skeleton. Note that <name> is subtituted by the name of the program being compiled.
+
+\begin{table}[H]
+\begin{tabular}{|c|>{\centering\arraybackslash}p{10cm}|}
+\hline
+Function name & Description\\
+\hline
+\hline
+<name>\_\_open() & Parse the eBPF programs and maps.\\
+\hline
+<name>\_\_load() & Load the eBPF map in the kernel after its validation, create the maps. However the programs are not active yet.\\
+\hline
+<name>\_\_attach() & Activate the eBPF programs, attaching them to their corresponding parts in the kernel (e.g. kprobes to kernel functions).\\
+\hline
+<name>\_\_destroy() & Detach and unload the eBPF programs from the kernel.\\
+\hline
+\end{tabular}
+\caption{Table showing BPF skeleton functions.}
+\label{table:libbpf_skel}
+\end{table}
+
+Note that the BPF skeleton also offers further granularity at the time of dealing with programs, so that individual programs can be loaded or attached instead of all simultaneously. This is the approach we will generally use in the development of our rootkit, as it will be explained in section \ref{TODO}.
 
 
 
@@ -971,6 +999,8 @@ libbpf is a library for loading and interacting with eBPF programs.
 
 
 
+\chapter{Analysis of offensive capabilities}
+In the previous chapter, we detailed which functionalities eBPF offers and studied its underlying architecture. 
 
 
 

docs/document.toc

@@ -65,11 +65,13 @@
 \defcounter {refsection}{0}\relax 
 \contentsline {subsection}{\numberline {2.4.3}Libbpf}{24}{subsection.2.4.3}%
 \defcounter {refsection}{0}\relax 
-\contentsline {chapter}{\numberline {3}Methods??}{25}{chapter.3}%
+\contentsline {chapter}{\numberline {3}Analysis of offensive capabilities}{27}{chapter.3}%
 \defcounter {refsection}{0}\relax 
-\contentsline {chapter}{\numberline {4}Results}{26}{chapter.4}%
+\contentsline {chapter}{\numberline {4}Methods??}{28}{chapter.4}%
 \defcounter {refsection}{0}\relax 
-\contentsline {chapter}{\numberline {5}Conclusion and future work}{27}{chapter.5}%
+\contentsline {chapter}{\numberline {5}Results}{29}{chapter.5}%
 \defcounter {refsection}{0}\relax 
-\contentsline {chapter}{Bibliography}{28}{chapter.5}%
+\contentsline {chapter}{\numberline {6}Conclusion and future work}{30}{chapter.6}%
+\defcounter {refsection}{0}\relax 
+\contentsline {chapter}{Bibliography}{31}{chapter.6}%
 \contentsfinish 

docs/pdfa.xmpi

@@ -73,15 +73,15 @@
   </rdf:Description> 
   <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/"> 
    <xmp:CreatorTool>LaTeX with hyperref</xmp:CreatorTool> 
-   <xmp:ModifyDate>2022-05-27T20:55:19-04:00</xmp:ModifyDate> 
-   <xmp:CreateDate>2022-05-27T20:55:19-04:00</xmp:CreateDate> 
-   <xmp:MetadataDate>2022-05-27T20:55:19-04:00</xmp:MetadataDate> 
+   <xmp:ModifyDate>2022-05-28T09:22:42-04:00</xmp:ModifyDate> 
+   <xmp:CreateDate>2022-05-28T09:22:42-04:00</xmp:CreateDate> 
+   <xmp:MetadataDate>2022-05-28T09:22:42-04:00</xmp:MetadataDate> 
   </rdf:Description> 
   <rdf:Description rdf:about="" xmlns:xmpRights = "http://ns.adobe.com/xap/1.0/rights/"> 
   </rdf:Description> 
   <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/"> 
    <xmpMM:DocumentID>uuid:467B87E0-A1EA-A037-7CB7-0477245DEBC3</xmpMM:DocumentID> 
-   <xmpMM:InstanceID>uuid:CC8B3B7C-9432-4546-CAC0-7B6658EFD634</xmpMM:InstanceID> 
+   <xmpMM:InstanceID>uuid:92026A8C-AD85-D789-AE50-AA095A27EE48</xmpMM:InstanceID> 
   </rdf:Description> 
  </rdf:RDF> 
 </x:xmpmeta>