admin/TripleCross
1
0
Fork 0
mirror of https://github.com/h3xduck/TripleCross.git synced 2025-12-25 02:43:07 +08:00
Code Issues Packages Projects Releases Wiki Activity

Elaborated on ebpf architecture. Incoming explanation of JIT compiling

Browse Source
This commit is contained in:
h3xduck
2022-05-24 20:53:00 -04:00
parent 820c9f9401
commit 706198f95b
14 changed files with 423 additions and 150 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
docs/document.aux
View File

@@ -100,19 +100,44 @@
\newlabel{fig:bpf_tcpdump_example}{{2.5}{10}{BPF bytecode tcpdump needs to set a filter to display packets directed to port 80.\relax }{figure.caption.12}{}}
\@writefile{lof}{\defcounter {refsection}{0}\relax }\@writefile{lof}{\contentsline {figure}{\numberline {2.6}{\ignorespaces Shortest path in the CFG described in the example of figure \ref {fig:bpf_tcpdump_example} that a packet needs to follow to be accepted by the BPF filter set with \textit {tcpdump}.\relax }}{10}{figure.caption.13}\protected@file@percent }
\newlabel{fig:tcpdump_ex_sol}{{2.6}{10}{Shortest path in the CFG described in the example of figure \ref {fig:bpf_tcpdump_example} that a packet needs to follow to be accepted by the BPF filter set with \textit {tcpdump}.\relax }{figure.caption.13}{}}
\abx@aux@cite{ebpf_funcs_by_ver}
\abx@aux@segm{0}{0}{ebpf_funcs_by_ver}
\abx@aux@cite{ebpf_funcs_by_ver}
\abx@aux@segm{0}{0}{ebpf_funcs_by_ver}
\abx@aux@cite{brendan_gregg_bpf_book}
\abx@aux@segm{0}{0}{brendan_gregg_bpf_book}
\abx@aux@cite{ebpf_inst_set}
\abx@aux@segm{0}{0}{ebpf_inst_set}
\abx@aux@cite{8664_inst_set_specs}
\abx@aux@segm{0}{0}{8664_inst_set_specs}
\abx@aux@cite{ebpf_inst_set}
\abx@aux@segm{0}{0}{ebpf_inst_set}
\abx@aux@cite{ebpf_starovo_slides}
\abx@aux@segm{0}{0}{ebpf_starovo_slides}
\abx@aux@cite{ebpf_inst_set}
\abx@aux@segm{0}{0}{ebpf_inst_set}
\abx@aux@cite{ebpf_starovo_slides}
\abx@aux@segm{0}{0}{ebpf_starovo_slides}
\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {section}{\numberline {2.2}Analysis of modern eBPF}{11}{section.2.2}\protected@file@percent }
\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {subsection}{\numberline {2.2.1}New eBPF infrastructure}{11}{subsection.2.2.1}\protected@file@percent }
\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {chapter}{\numberline {3}Methods??}{12}{chapter.3}\protected@file@percent }
\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {subsection}{\numberline {2.2.1}Architecture of eBPF}{11}{subsection.2.2.1}\protected@file@percent }
\@writefile{lot}{\defcounter {refsection}{0}\relax }\@writefile{lot}{\contentsline {table}{\numberline {2.2}{\ignorespaces Table showing relevant eBPF updates. Note that only those relevant for our research objectives are shown. This is a selection of the official complete table at \cite {ebpf_funcs_by_ver}.\relax }}{11}{table.caption.14}\protected@file@percent }
\newlabel{table:ebpf_history}{{2.2}{11}{Table showing relevant eBPF updates. Note that only those relevant for our research objectives are shown. This is a selection of the official complete table at \cite {ebpf_funcs_by_ver}.\relax }{table.caption.14}{}}
\@writefile{lot}{\defcounter {refsection}{0}\relax }\@writefile{lot}{\contentsline {table}{\numberline {2.3}{\ignorespaces Table showing eBPF instruction format. It is a fixed-length 64 bit instruction, the number of bits used by each field are indicated.\relax }}{11}{table.caption.15}\protected@file@percent }
\newlabel{table:ebpf_inst_format}{{2.3}{11}{Table showing eBPF instruction format. It is a fixed-length 64 bit instruction, the number of bits used by each field are indicated.\relax }{table.caption.15}{}}
\@writefile{lot}{\defcounter {refsection}{0}\relax }\@writefile{lot}{\contentsline {table}{\numberline {2.4}{\ignorespaces Table showing eBPF registers and their purpose in the BPF VM.\cite {ebpf_inst_set}\cite {ebpf_starovo_slides}.\relax }}{12}{table.caption.16}\protected@file@percent }
\newlabel{table:ebpf_regs}{{2.4}{12}{Table showing eBPF registers and their purpose in the BPF VM.\cite {ebpf_inst_set}\cite {ebpf_starovo_slides}.\relax }{table.caption.16}{}}
\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {subsection}{\numberline {2.2.2}JIT compilation}{12}{subsection.2.2.2}\protected@file@percent }
\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {chapter}{\numberline {3}Methods??}{13}{chapter.3}\protected@file@percent }
\@writefile{lof}{\defcounter {refsection}{0}\relax }\@writefile{lof}{\addvspace {10\p@ }}
\@writefile{lot}{\defcounter {refsection}{0}\relax }\@writefile{lot}{\addvspace {10\p@ }}
\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {chapter}{\numberline {4}Results}{13}{chapter.4}\protected@file@percent }
\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {chapter}{\numberline {4}Results}{14}{chapter.4}\protected@file@percent }
\@writefile{lof}{\defcounter {refsection}{0}\relax }\@writefile{lof}{\addvspace {10\p@ }}
\@writefile{lot}{\defcounter {refsection}{0}\relax }\@writefile{lot}{\addvspace {10\p@ }}
\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {chapter}{\numberline {5}Conclusion and future work}{14}{chapter.5}\protected@file@percent }
\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {chapter}{\numberline {5}Conclusion and future work}{15}{chapter.5}\protected@file@percent }
\@writefile{lof}{\defcounter {refsection}{0}\relax }\@writefile{lof}{\addvspace {10\p@ }}
\@writefile{lot}{\defcounter {refsection}{0}\relax }\@writefile{lot}{\addvspace {10\p@ }}
\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {chapter}{Bibliography}{15}{chapter.5}\protected@file@percent }
\abx@aux@read@bbl@mdfivesum{B18652840B9A2D8E82575EF61C309813}
\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {chapter}{Bibliography}{16}{chapter.5}\protected@file@percent }
\abx@aux@read@bbl@mdfivesum{A0263F600A6B69AA4741D30C7A5AD15D}
\abx@aux@refcontextdefaultsdone
\abx@aux@defaultrefcontext{0}{ransomware_pwc}{none/global//global/global}
\abx@aux@defaultrefcontext{0}{rootkit_ptsecurity}{none/global//global/global}
@@ -134,5 +159,10 @@
\abx@aux@defaultrefcontext{0}{bpf_bsd_origin_bpf_page7}{none/global//global/global}
\abx@aux@defaultrefcontext{0}{bpf_bsd_origin_bpf_page8}{none/global//global/global}
\abx@aux@defaultrefcontext{0}{tcpdump_page}{none/global//global/global}
\abx@aux@defaultrefcontext{0}{ebpf_funcs_by_ver}{none/global//global/global}
\abx@aux@defaultrefcontext{0}{brendan_gregg_bpf_book}{none/global//global/global}
\abx@aux@defaultrefcontext{0}{ebpf_inst_set}{none/global//global/global}
\abx@aux@defaultrefcontext{0}{8664_inst_set_specs}{none/global//global/global}
\abx@aux@defaultrefcontext{0}{ebpf_starovo_slides}{none/global//global/global}
\ttl@finishall
\gdef \@abspage@last{32}
\gdef \@abspage@last{33}