% $ biblatex auxiliary file $ % $ biblatex bbl format version 3.1 $ % Do not modify the above lines! % % This is an auxiliary file used by the 'biblatex' package. % This file may safely be deleted. It will be recreated by % biber as required. % \begingroup \makeatletter \@ifundefined{ver@biblatex.sty} {\@latex@error {Missing 'biblatex' package} {The bibliography requires the 'biblatex' package.} \aftergroup\endinput} {} \endgroup \refsection{0} \datalist[entry]{none/global//global/global} \entry{ransomware_pwc}{report}{} \list{institution}{1}{% {PricewaterhouseCoopers}% } \field{sortinit}{1} \field{sortinithash}{50c6687d7fc80f50136d75228e3c59ba} \field{labeltitlesource}{title} \field{title}{Cyber Threats 2021: A year in Retrospect} \verb{urlraw} \verb https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/cyber-year-in-retrospect/yir-cyber-threats-report-download.pdf \endverb \verb{url} \verb https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/cyber-year-in-retrospect/yir-cyber-threats-report-download.pdf \endverb \endentry \entry{rootkit_ptsecurity}{report}{} \list{institution}{1}{% {Positive Technologies}% } \field{sortinit}{1} \field{sortinithash}{50c6687d7fc80f50136d75228e3c59ba} \field{labeltitlesource}{title} \field{day}{3} \field{month}{11} \field{title}{Rootkits: evolution and detection methods} \field{year}{2021} \field{dateera}{ce} \verb{urlraw} \verb https://www.ptsecurity.com/ww-en/analytics/rootkits-evolution-and-detection-methods/ \endverb \verb{url} \verb https://www.ptsecurity.com/ww-en/analytics/rootkits-evolution-and-detection-methods/ \endverb \endentry \entry{ebpf_linux318}{online}{} \field{sortinit}{1} \field{sortinithash}{50c6687d7fc80f50136d75228e3c59ba} \field{day}{7} \field{indextitle}{eBPF incorporation in the Linux Kernel 3.18} \field{month}{12} \field{year}{2014} \field{dateera}{ce} \verb{urlraw} \verb https://kernelnewbies.org/Linux_3.18 \endverb \verb{url} \verb https://kernelnewbies.org/Linux_3.18 \endverb \endentry \entry{bvp47_report}{report}{} \list{institution}{1}{% {Pangu Lab}% } \field{sortinit}{1} \field{sortinithash}{50c6687d7fc80f50136d75228e3c59ba} \field{labeltitlesource}{title} \field{day}{23} \field{month}{2} \field{title}{Bvp47 Top-tier Backdoor of US NSA Equation Group} \field{year}{2022} \field{dateera}{ce} \verb{urlraw} \verb https://www.pangulab.cn/files/The_Bvp47_a_top-tier_backdoor_of_us_nsa_equation_group.en.pdf \endverb \verb{url} \verb https://www.pangulab.cn/files/The_Bvp47_a_top-tier_backdoor_of_us_nsa_equation_group.en.pdf \endverb \endentry \entry{bpfdoor_pwc}{report}{} \list{institution}{1}{% {PricewaterhouseCoopers}% } \field{sortinit}{1} \field{sortinithash}{50c6687d7fc80f50136d75228e3c59ba} \field{labeltitlesource}{title} \field{title}{Cyber Threats 2021: A year in Retrospect} \field{pages}{37} \range{pages}{1} \verb{urlraw} \verb https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/cyber-year-in-retrospect/yir-cyber-threats-report-download.pdf \endverb \verb{url} \verb https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/cyber-year-in-retrospect/yir-cyber-threats-report-download.pdf \endverb \endentry \entry{ebpf_windows}{online}{} \field{sortinit}{1} \field{sortinithash}{50c6687d7fc80f50136d75228e3c59ba} \field{labeltitlesource}{title} \field{day}{7} \field{month}{12} \field{title}{eBPF incorporation in the Linux Kernel 3.18} \field{year}{2014} \field{dateera}{ce} \verb{urlraw} \verb https://kernelnewbies.org/Linux_3.18 \endverb \verb{url} \verb https://kernelnewbies.org/Linux_3.18 \endverb \endentry \entry{ebpf_android}{online}{} \field{sortinit}{1} \field{sortinithash}{50c6687d7fc80f50136d75228e3c59ba} \field{labeltitlesource}{title} \field{title}{eBPF for Windows} \verb{urlraw} \verb https://source.android.com/devices/architecture/kernel/bpf \endverb \verb{url} \verb https://source.android.com/devices/architecture/kernel/bpf \endverb \endentry \entry{evil_ebpf}{proceedings}{} \name{author}{1}{}{% {{hash=5142e68c748eb70cb619b21160eb7f72}{% family={Dileo}, familyi={D\bibinitperiod}, given={Jeff}, giveni={J\bibinitperiod}}}% } \list{institution}{1}{% {NCC Group}% } \list{organization}{1}{% {DEFCON 27}% } \strng{namehash}{5142e68c748eb70cb619b21160eb7f72} \strng{fullhash}{5142e68c748eb70cb619b21160eb7f72} \strng{bibnamehash}{5142e68c748eb70cb619b21160eb7f72} \strng{authorbibnamehash}{5142e68c748eb70cb619b21160eb7f72} \strng{authornamehash}{5142e68c748eb70cb619b21160eb7f72} \strng{authorfullhash}{5142e68c748eb70cb619b21160eb7f72} \field{extraname}{1} \field{sortinit}{2} \field{sortinithash}{ed39bb39cf854d5250e95b1c1f94f4ed} \field{labelnamesource}{author} \field{eventtitle}{Evil eBPF Practical Abuses of an In-Kernel Bytecode Runtime} \verb{urlraw} \verb https://raw.githubusercontent.com/nccgroup/ebpf/master/talks/Evil_eBPF-DC27-v2.pdf \endverb \verb{url} \verb https://raw.githubusercontent.com/nccgroup/ebpf/master/talks/Evil_eBPF-DC27-v2.pdf \endverb \endentry \entry{bad_ebpf}{online}{} \name{author}{1}{}{% {{hash=53d4d4da0d1a82f58d57d86ba9635f2c}{% family={Hogan}, familyi={H\bibinitperiod}, given={Pat}, giveni={P\bibinitperiod}}}% } \list{organization}{1}{% {DEFCON 27}% } \strng{namehash}{53d4d4da0d1a82f58d57d86ba9635f2c} \strng{fullhash}{53d4d4da0d1a82f58d57d86ba9635f2c} \strng{bibnamehash}{53d4d4da0d1a82f58d57d86ba9635f2c} \strng{authorbibnamehash}{53d4d4da0d1a82f58d57d86ba9635f2c} \strng{authornamehash}{53d4d4da0d1a82f58d57d86ba9635f2c} \strng{authorfullhash}{53d4d4da0d1a82f58d57d86ba9635f2c} \field{sortinit}{2} \field{sortinithash}{ed39bb39cf854d5250e95b1c1f94f4ed} \field{labelnamesource}{author} \field{eventtitle}{Bad BPF - Warping reality using eBPF} \verb{urlraw} \verb https://www.youtube.com/watch?v=g6SKWT7sROQ \endverb \verb{url} \verb https://www.youtube.com/watch?v=g6SKWT7sROQ \endverb \endentry \entry{ebpf_friends}{proceedings}{} \name{author}{1}{}{% {{hash=2994fc802c0b46f7289cf001e2c26cfe}{% family={Guillaume\bibnamedelima Fournier}, familyi={G\bibinitperiod\bibinitdelim F\bibinitperiod}, given={Sylvain\bibnamedelima Afchainthe}, giveni={S\bibinitperiod\bibinitdelim A\bibinitperiod}}}% } \list{institution}{1}{% {Datadog}% } \list{organization}{1}{% {DEFCON 29}% } \strng{namehash}{2994fc802c0b46f7289cf001e2c26cfe} \strng{fullhash}{2994fc802c0b46f7289cf001e2c26cfe} \strng{bibnamehash}{2994fc802c0b46f7289cf001e2c26cfe} \strng{authorbibnamehash}{2994fc802c0b46f7289cf001e2c26cfe} \strng{authornamehash}{2994fc802c0b46f7289cf001e2c26cfe} \strng{authorfullhash}{2994fc802c0b46f7289cf001e2c26cfe} \field{extraname}{1} \field{sortinit}{2} \field{sortinithash}{ed39bb39cf854d5250e95b1c1f94f4ed} \field{labelnamesource}{author} \field{eventtitle}{Cyber Threats 2021: A year in Retrospect} \verb{urlraw} \verb https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20presentations/Guillaume%20Fournier%20Sylvain%20Afchain%20Sylvain%20Baubeau%20-%20eBPF%2C%20I%20thought%20we%20were%20friends.pdf \endverb \verb{url} \verb https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20presentations/Guillaume%20Fournier%20Sylvain%20Afchain%20Sylvain%20Baubeau%20-%20eBPF%2C%20I%20thought%20we%20were%20friends.pdf \endverb \endentry \entry{ebpf_io}{manual}{} \field{sortinit}{2} \field{sortinithash}{ed39bb39cf854d5250e95b1c1f94f4ed} \field{labeltitlesource}{title} \field{title}{eBPF Documentation} \verb{urlraw} \verb https://ebpf.io/what-is-ebpf/ \endverb \verb{url} \verb https://ebpf.io/what-is-ebpf/ \endverb \endentry \entry{bpf_bsd_origin}{article}{} \name{author}{1}{}{% {{hash=b74c2671072cf5a1a1400dc035240dfd}{% family={Steven\bibnamedelima McCanne}, familyi={S\bibinitperiod\bibinitdelim M\bibinitperiod}, given={Van\bibnamedelima Jacobson}, giveni={V\bibinitperiod\bibinitdelim J\bibinitperiod}}}% } \list{institution}{1}{% {Lawrence Berkeley Laboratory}% } \strng{namehash}{b74c2671072cf5a1a1400dc035240dfd} \strng{fullhash}{b74c2671072cf5a1a1400dc035240dfd} \strng{bibnamehash}{b74c2671072cf5a1a1400dc035240dfd} \strng{authorbibnamehash}{b74c2671072cf5a1a1400dc035240dfd} \strng{authornamehash}{b74c2671072cf5a1a1400dc035240dfd} \strng{authorfullhash}{b74c2671072cf5a1a1400dc035240dfd} \field{extraname}{1} \field{sortinit}{2} \field{sortinithash}{ed39bb39cf854d5250e95b1c1f94f4ed} \field{labelnamesource}{author} \field{labeltitlesource}{title} \field{day}{19} \field{month}{12} \field{title}{The BSD Packet Filter: A New Architecture for User-level Packet Capture} \field{year}{1992} \field{dateera}{ce} \verb{urlraw} \verb https://www.tcpdump.org/papers/bpf-usenix93.pdf \endverb \verb{url} \verb https://www.tcpdump.org/papers/bpf-usenix93.pdf \endverb \endentry \entry{ebpf_history_opensource}{online}{} \field{sortinit}{2} \field{sortinithash}{ed39bb39cf854d5250e95b1c1f94f4ed} \field{labeltitlesource}{title} \field{day}{11} \field{month}{8} \field{title}{An intro to using eBPF to filter packets in the Linux kernel} \field{year}{2017} \field{dateera}{ce} \verb{urlraw} \verb https://opensource.com/article/17/9/intro-ebpf \endverb \verb{url} \verb https://opensource.com/article/17/9/intro-ebpf \endverb \endentry \entry{bpf_bsd_origin_bpf_page1}{article}{} \name{author}{1}{}{% {{hash=b74c2671072cf5a1a1400dc035240dfd}{% family={Steven\bibnamedelima McCanne}, familyi={S\bibinitperiod\bibinitdelim M\bibinitperiod}, given={Van\bibnamedelima Jacobson}, giveni={V\bibinitperiod\bibinitdelim J\bibinitperiod}}}% } \list{institution}{1}{% {Lawrence Berkeley Laboratory}% } \strng{namehash}{b74c2671072cf5a1a1400dc035240dfd} \strng{fullhash}{b74c2671072cf5a1a1400dc035240dfd} \strng{bibnamehash}{b74c2671072cf5a1a1400dc035240dfd} \strng{authorbibnamehash}{b74c2671072cf5a1a1400dc035240dfd} \strng{authornamehash}{b74c2671072cf5a1a1400dc035240dfd} \strng{authorfullhash}{b74c2671072cf5a1a1400dc035240dfd} \field{extraname}{2} \field{sortinit}{2} \field{sortinithash}{ed39bb39cf854d5250e95b1c1f94f4ed} \field{labelnamesource}{author} \field{labeltitlesource}{title} \field{day}{19} \field{month}{12} \field{title}{The BSD Packet Filter: A New Architecture for User-level Packet Capture} \field{year}{1992} \field{dateera}{ce} \field{pages}{1} \range{pages}{1} \verb{urlraw} \verb https://www.tcpdump.org/papers/bpf-usenix93.pdf \endverb \verb{url} \verb https://www.tcpdump.org/papers/bpf-usenix93.pdf \endverb \endentry \entry{index_register}{manual}{} \field{sortinit}{2} \field{sortinithash}{ed39bb39cf854d5250e95b1c1f94f4ed} \field{labeltitlesource}{title} \field{title}{Index register} \verb{urlraw} \verb https://gunkies.org/wiki/Index_register \endverb \verb{url} \verb https://gunkies.org/wiki/Index_register \endverb \endentry \entry{bpf_bsd_origin_bpf_page5}{article}{} \name{author}{1}{}{% {{hash=b74c2671072cf5a1a1400dc035240dfd}{% family={Steven\bibnamedelima McCanne}, familyi={S\bibinitperiod\bibinitdelim M\bibinitperiod}, given={Van\bibnamedelima Jacobson}, giveni={V\bibinitperiod\bibinitdelim J\bibinitperiod}}}% } \list{institution}{1}{% {Lawrence Berkeley Laboratory}% } \strng{namehash}{b74c2671072cf5a1a1400dc035240dfd} \strng{fullhash}{b74c2671072cf5a1a1400dc035240dfd} \strng{bibnamehash}{b74c2671072cf5a1a1400dc035240dfd} \strng{authorbibnamehash}{b74c2671072cf5a1a1400dc035240dfd} \strng{authornamehash}{b74c2671072cf5a1a1400dc035240dfd} \strng{authorfullhash}{b74c2671072cf5a1a1400dc035240dfd} \field{extraname}{3} \field{sortinit}{2} \field{sortinithash}{ed39bb39cf854d5250e95b1c1f94f4ed} \field{labelnamesource}{author} \field{labeltitlesource}{title} \field{day}{19} \field{month}{12} \field{title}{The BSD Packet Filter: A New Architecture for User-level Packet Capture} \field{year}{1992} \field{dateera}{ce} \field{pages}{5} \range{pages}{1} \verb{urlraw} \verb https://www.tcpdump.org/papers/bpf-usenix93.pdf \endverb \verb{url} \verb https://www.tcpdump.org/papers/bpf-usenix93.pdf \endverb \endentry \entry{bpf_organicprogrammer_analysis}{online}{} \field{sortinit}{2} \field{sortinithash}{ed39bb39cf854d5250e95b1c1f94f4ed} \field{labeltitlesource}{title} \field{day}{28} \field{month}{3} \field{title}{Write a Linux packet sniffer from scratch: part two- BPF} \field{year}{2022} \field{dateera}{ce} \verb{urlraw} \verb https://organicprogrammer.com/2022/03/28/how-to-implement-libpcap-on-linux-with-raw-socket-part2/ \endverb \verb{url} \verb https://organicprogrammer.com/2022/03/28/how-to-implement-libpcap-on-linux-with-raw-socket-part2/ \endverb \endentry \entry{bpf_bsd_origin_bpf_page7}{article}{} \name{author}{1}{}{% {{hash=b74c2671072cf5a1a1400dc035240dfd}{% family={Steven\bibnamedelima McCanne}, familyi={S\bibinitperiod\bibinitdelim M\bibinitperiod}, given={Van\bibnamedelima Jacobson}, giveni={V\bibinitperiod\bibinitdelim J\bibinitperiod}}}% } \list{institution}{1}{% {Lawrence Berkeley Laboratory}% } \strng{namehash}{b74c2671072cf5a1a1400dc035240dfd} \strng{fullhash}{b74c2671072cf5a1a1400dc035240dfd} \strng{bibnamehash}{b74c2671072cf5a1a1400dc035240dfd} \strng{authorbibnamehash}{b74c2671072cf5a1a1400dc035240dfd} \strng{authornamehash}{b74c2671072cf5a1a1400dc035240dfd} \strng{authorfullhash}{b74c2671072cf5a1a1400dc035240dfd} \field{extraname}{4} \field{sortinit}{3} \field{sortinithash}{a37a8ef248a93c322189792c34fc68c9} \field{labelnamesource}{author} \field{labeltitlesource}{title} \field{day}{19} \field{month}{12} \field{title}{The BSD Packet Filter: A New Architecture for User-level Packet Capture} \field{year}{1992} \field{dateera}{ce} \field{pages}{7} \range{pages}{1} \verb{urlraw} \verb https://www.tcpdump.org/papers/bpf-usenix93.pdf \endverb \verb{url} \verb https://www.tcpdump.org/papers/bpf-usenix93.pdf \endverb \endentry \entry{bpf_bsd_origin_bpf_page8}{article}{} \name{author}{1}{}{% {{hash=b74c2671072cf5a1a1400dc035240dfd}{% family={Steven\bibnamedelima McCanne}, familyi={S\bibinitperiod\bibinitdelim M\bibinitperiod}, given={Van\bibnamedelima Jacobson}, giveni={V\bibinitperiod\bibinitdelim J\bibinitperiod}}}% } \list{institution}{1}{% {Lawrence Berkeley Laboratory}% } \strng{namehash}{b74c2671072cf5a1a1400dc035240dfd} \strng{fullhash}{b74c2671072cf5a1a1400dc035240dfd} \strng{bibnamehash}{b74c2671072cf5a1a1400dc035240dfd} \strng{authorbibnamehash}{b74c2671072cf5a1a1400dc035240dfd} \strng{authornamehash}{b74c2671072cf5a1a1400dc035240dfd} \strng{authorfullhash}{b74c2671072cf5a1a1400dc035240dfd} \field{extraname}{5} \field{sortinit}{3} \field{sortinithash}{a37a8ef248a93c322189792c34fc68c9} \field{labelnamesource}{author} \field{labeltitlesource}{title} \field{day}{19} \field{month}{12} \field{title}{The BSD Packet Filter: A New Architecture for User-level Packet Capture} \field{year}{1992} \field{dateera}{ce} \field{pages}{8} \range{pages}{1} \verb{urlraw} \verb https://www.tcpdump.org/papers/bpf-usenix93.pdf \endverb \verb{url} \verb https://www.tcpdump.org/papers/bpf-usenix93.pdf \endverb \endentry \entry{tcpdump_page}{manual}{} \field{sortinit}{3} \field{sortinithash}{a37a8ef248a93c322189792c34fc68c9} \field{labeltitlesource}{title} \field{title}{Tcpdump and Libpcap} \verb{urlraw} \verb https://www.tcpdump.org \endverb \verb{url} \verb https://www.tcpdump.org \endverb \endentry \entry{ebpf_funcs_by_ver}{manual}{} \list{organization}{1}{% {iovisor}% } \field{sortinit}{3} \field{sortinithash}{a37a8ef248a93c322189792c34fc68c9} \field{labeltitlesource}{title} \field{title}{BPF features by Linux Kernel Version} \verb{urlraw} \verb https://github.com/iovisor/bcc/blob/master/docs/kernel-versions.md \endverb \verb{url} \verb https://github.com/iovisor/bcc/blob/master/docs/kernel-versions.md \endverb \endentry \entry{brendan_gregg_bpf_book}{book}{} \name{author}{1}{}{% {{hash=b45aef384111d7e9dd71b74ba427b5f1}{% family={Gregg}, familyi={G\bibinitperiod}, given={Brendan}, giveni={B\bibinitperiod}}}% } \strng{namehash}{b45aef384111d7e9dd71b74ba427b5f1} \strng{fullhash}{b45aef384111d7e9dd71b74ba427b5f1} \strng{bibnamehash}{b45aef384111d7e9dd71b74ba427b5f1} \strng{authorbibnamehash}{b45aef384111d7e9dd71b74ba427b5f1} \strng{authornamehash}{b45aef384111d7e9dd71b74ba427b5f1} \strng{authorfullhash}{b45aef384111d7e9dd71b74ba427b5f1} \field{extraname}{1} \field{sortinit}{3} \field{sortinithash}{a37a8ef248a93c322189792c34fc68c9} \field{labelnamesource}{author} \field{labeltitlesource}{title} \field{title}{BPF performance tools} \verb{urlraw} \verb https://www.oreilly.com/library/view/bpf-performance-tools/9780136588870/ \endverb \verb{url} \verb https://www.oreilly.com/library/view/bpf-performance-tools/9780136588870/ \endverb \endentry \entry{ebpf_io_arch}{manual}{} \field{sortinit}{3} \field{sortinithash}{a37a8ef248a93c322189792c34fc68c9} \field{labeltitlesource}{title} \field{title}{eBPF Documentation: Loader and verification architecture} \verb{urlraw} \verb https://ebpf.io/what-is-ebpf/#loader--verification-architecture \endverb \verb{url} \verb https://ebpf.io/what-is-ebpf/#loader--verification-architecture \endverb \endentry \entry{ebpf_inst_set}{manual}{} \field{sortinit}{4} \field{sortinithash}{e071e0bcb44634fab398d68ad04e69f4} \field{labeltitlesource}{title} \field{title}{eBPF instruction set} \verb{urlraw} \verb https://www.kernel.org/doc/html/latest/bpf/instruction-set.html \endverb \verb{url} \verb https://www.kernel.org/doc/html/latest/bpf/instruction-set.html \endverb \endentry \entry{8664_inst_set_specs}{manual}{} \name{author}{1}{}{% {{hash=ff97a9fdede09eaf6e1c8ec9f6a61dd5}{% family={Intel}, familyi={I\bibinitperiod}}}% } \strng{namehash}{ff97a9fdede09eaf6e1c8ec9f6a61dd5} \strng{fullhash}{ff97a9fdede09eaf6e1c8ec9f6a61dd5} \strng{bibnamehash}{ff97a9fdede09eaf6e1c8ec9f6a61dd5} \strng{authorbibnamehash}{ff97a9fdede09eaf6e1c8ec9f6a61dd5} \strng{authornamehash}{ff97a9fdede09eaf6e1c8ec9f6a61dd5} \strng{authorfullhash}{ff97a9fdede09eaf6e1c8ec9f6a61dd5} \field{sortinit}{4} \field{sortinithash}{e071e0bcb44634fab398d68ad04e69f4} \field{labelnamesource}{author} \field{labeltitlesource}{title} \field{title}{Intel® 64 and IA-32 Architectures Software Developer’s Manual Combined Volumes: 1, 2A, 2B, 2C, 2D, 3A, 3B, 3C, 3D, and 4} \field{urlday}{13} \field{urlmonth}{5} \field{urlyear}{2022} \field{volume}{2A} \field{urldateera}{ce} \field{pages}{507} \range{pages}{1} \verb{urlraw} \verb https://www.intel.com/content/www/us/en/developer/articles/technical/intel-sdm.html \endverb \verb{url} \verb https://www.intel.com/content/www/us/en/developer/articles/technical/intel-sdm.html \endverb \endentry \entry{ebpf_starovo_slides}{proceedings}{} \list{institution}{1}{% {PLUMgrid}% } \field{sortinit}{4} \field{sortinithash}{e071e0bcb44634fab398d68ad04e69f4} \field{labeltitlesource}{title} \field{day}{20} \field{month}{2} \field{title}{BPF – in-kernel virtual machine} \field{year}{2015} \field{dateera}{ce} \verb{urlraw} \verb http://vger.kernel.org/netconf2015Starovoitov-bpf_collabsummit_2015feb20.pdf \endverb \verb{url} \verb http://vger.kernel.org/netconf2015Starovoitov-bpf_collabsummit_2015feb20.pdf \endverb \endentry \entry{ebpf_JIT}{manual}{} \name{author}{1}{}{% {{hash=729670cd9d39b9b575390147a29d51d7}{% family={Corbet}, familyi={C\bibinitperiod}, given={Jonathan}, giveni={J\bibinitperiod}}}% } \strng{namehash}{729670cd9d39b9b575390147a29d51d7} \strng{fullhash}{729670cd9d39b9b575390147a29d51d7} \strng{bibnamehash}{729670cd9d39b9b575390147a29d51d7} \strng{authorbibnamehash}{729670cd9d39b9b575390147a29d51d7} \strng{authornamehash}{729670cd9d39b9b575390147a29d51d7} \strng{authorfullhash}{729670cd9d39b9b575390147a29d51d7} \field{sortinit}{4} \field{sortinithash}{e071e0bcb44634fab398d68ad04e69f4} \field{labelnamesource}{author} \field{labeltitlesource}{title} \field{day}{12} \field{month}{4} \field{title}{A JIT for packet filters} \field{year}{2011} \field{dateera}{ce} \verb{urlraw} \verb https://lwn.net/Articles/437981/ \endverb \verb{url} \verb https://lwn.net/Articles/437981/ \endverb \endentry \entry{ebpf_JIT_demystify_page13}{proceedings}{} \name{author}{1}{}{% {{hash=0fcaa32b080db12cbc8b11b27d05ad61}{% family={Wang}, familyi={W\bibinitperiod}, given={Jiong}, giveni={J\bibinitperiod}}}% } \list{institution}{1}{% {Netronome}% } \strng{namehash}{0fcaa32b080db12cbc8b11b27d05ad61} \strng{fullhash}{0fcaa32b080db12cbc8b11b27d05ad61} \strng{bibnamehash}{0fcaa32b080db12cbc8b11b27d05ad61} \strng{authorbibnamehash}{0fcaa32b080db12cbc8b11b27d05ad61} \strng{authornamehash}{0fcaa32b080db12cbc8b11b27d05ad61} \strng{authorfullhash}{0fcaa32b080db12cbc8b11b27d05ad61} \field{extraname}{1} \field{sortinit}{4} \field{sortinithash}{e071e0bcb44634fab398d68ad04e69f4} \field{labelnamesource}{author} \field{labeltitlesource}{title} \field{day}{11} \field{month}{9} \field{title}{Demystify eBPF JIT Compiler} \field{year}{2018} \field{dateera}{ce} \field{pages}{13} \range{pages}{1} \verb{urlraw} \verb https://www.netronome.com/media/documents/demystify-ebpf-jit-compiler.pdf \endverb \verb{url} \verb https://www.netronome.com/media/documents/demystify-ebpf-jit-compiler.pdf \endverb \endentry \entry{ebpf_JIT_demystify_page14}{proceedings}{} \name{author}{1}{}{% {{hash=0fcaa32b080db12cbc8b11b27d05ad61}{% family={Wang}, familyi={W\bibinitperiod}, given={Jiong}, giveni={J\bibinitperiod}}}% } \list{institution}{1}{% {Netronome}% } \strng{namehash}{0fcaa32b080db12cbc8b11b27d05ad61} \strng{fullhash}{0fcaa32b080db12cbc8b11b27d05ad61} \strng{bibnamehash}{0fcaa32b080db12cbc8b11b27d05ad61} \strng{authorbibnamehash}{0fcaa32b080db12cbc8b11b27d05ad61} \strng{authornamehash}{0fcaa32b080db12cbc8b11b27d05ad61} \strng{authorfullhash}{0fcaa32b080db12cbc8b11b27d05ad61} \field{extraname}{2} \field{sortinit}{4} \field{sortinithash}{e071e0bcb44634fab398d68ad04e69f4} \field{labelnamesource}{author} \field{labeltitlesource}{title} \field{day}{11} \field{month}{9} \field{title}{Demystify eBPF JIT Compiler} \field{year}{2018} \field{dateera}{ce} \field{pages}{14} \range{pages}{1} \verb{urlraw} \verb https://www.netronome.com/media/documents/demystify-ebpf-jit-compiler.pdf \endverb \verb{url} \verb https://www.netronome.com/media/documents/demystify-ebpf-jit-compiler.pdf \endverb \endentry \entry{jit_enable_setting}{manual}{} \field{sortinit}{5} \field{sortinithash}{5dd416adbafacc8226114bc0202d5fdd} \field{labeltitlesource}{title} \field{title}{bpf\_jit\_enable} \verb{urlraw} \verb https://sysctl-explorer.net/net/core/bpf_jit_enable/ \endverb \verb{url} \verb https://sysctl-explorer.net/net/core/bpf_jit_enable/ \endverb \endentry \entry{ebpf_starovo_slides_page23}{proceedings}{} \list{institution}{1}{% {PLUMgrid}% } \field{sortinit}{5} \field{sortinithash}{5dd416adbafacc8226114bc0202d5fdd} \field{labeltitlesource}{title} \field{day}{20} \field{month}{2} \field{title}{BPF – in-kernel virtual machine} \field{year}{2015} \field{dateera}{ce} \field{pages}{23} \range{pages}{1} \verb{urlraw} \verb http://vger.kernel.org/netconf2015Starovoitov-bpf_collabsummit_2015feb20.pdf \endverb \verb{url} \verb http://vger.kernel.org/netconf2015Starovoitov-bpf_collabsummit_2015feb20.pdf \endverb \endentry \entry{brendan_gregg_bpf_book_bpf_vm}{book}{} \name{author}{1}{}{% {{hash=b45aef384111d7e9dd71b74ba427b5f1}{% family={Gregg}, familyi={G\bibinitperiod}, given={Brendan}, giveni={B\bibinitperiod}}}% } \strng{namehash}{b45aef384111d7e9dd71b74ba427b5f1} \strng{fullhash}{b45aef384111d7e9dd71b74ba427b5f1} \strng{bibnamehash}{b45aef384111d7e9dd71b74ba427b5f1} \strng{authorbibnamehash}{b45aef384111d7e9dd71b74ba427b5f1} \strng{authornamehash}{b45aef384111d7e9dd71b74ba427b5f1} \strng{authorfullhash}{b45aef384111d7e9dd71b74ba427b5f1} \field{extraname}{2} \field{sortinit}{5} \field{sortinithash}{5dd416adbafacc8226114bc0202d5fdd} \field{labelnamesource}{author} \field{labeltitlesource}{title} \field{title}{BPF performance tools} \verb{urlraw} \verb https://learning.oreilly.com/library/view/bpf-performance-tools/9780136588870/ch02.xhtml#:-:text=With%20JIT%20compiled%20code%2C%20i,%20other%20native%20kernel%20code \endverb \verb{url} \verb https://learning.oreilly.com/library/view/bpf-performance-tools/9780136588870/ch02.xhtml#:-:text=With%20JIT%20compiled%20code%2C%20i,%20other%20native%20kernel%20code \endverb \endentry \entry{ebpf_verifier_kerneldocs}{manual}{} \field{sortinit}{5} \field{sortinithash}{5dd416adbafacc8226114bc0202d5fdd} \field{labeltitlesource}{title} \field{title}{eBPF verifier} \verb{urlraw} \verb https://kernel.org/doc/html/latest/bpf/verifier.html \endverb \verb{url} \verb https://kernel.org/doc/html/latest/bpf/verifier.html \endverb \endentry \entry{ebpf_JIT_demystify_page17-22}{proceedings}{} \name{author}{1}{}{% {{hash=0fcaa32b080db12cbc8b11b27d05ad61}{% family={Wang}, familyi={W\bibinitperiod}, given={Jiong}, giveni={J\bibinitperiod}}}% } \list{institution}{1}{% {Netronome}% } \strng{namehash}{0fcaa32b080db12cbc8b11b27d05ad61} \strng{fullhash}{0fcaa32b080db12cbc8b11b27d05ad61} \strng{bibnamehash}{0fcaa32b080db12cbc8b11b27d05ad61} \strng{authorbibnamehash}{0fcaa32b080db12cbc8b11b27d05ad61} \strng{authornamehash}{0fcaa32b080db12cbc8b11b27d05ad61} \strng{authorfullhash}{0fcaa32b080db12cbc8b11b27d05ad61} \field{extraname}{3} \field{sortinit}{5} \field{sortinithash}{5dd416adbafacc8226114bc0202d5fdd} \field{labelnamesource}{author} \field{labeltitlesource}{title} \field{day}{11} \field{month}{9} \field{title}{Demystify eBPF JIT Compiler} \field{year}{2018} \field{dateera}{ce} \field{pages}{17\bibrangedash 22} \range{pages}{6} \verb{urlraw} \verb https://www.netronome.com/media/documents/demystify-ebpf-jit-compiler.pdf \endverb \verb{url} \verb https://www.netronome.com/media/documents/demystify-ebpf-jit-compiler.pdf \endverb \endentry \entry{ebpf_bounded_loops}{online}{} \name{author}{1}{}{% {{hash=eb58c5db0dc3d52508c642eba949ed28}{% family={Rybczynska}, familyi={R\bibinitperiod}, given={Marta}, giveni={M\bibinitperiod}}}% } \strng{namehash}{eb58c5db0dc3d52508c642eba949ed28} \strng{fullhash}{eb58c5db0dc3d52508c642eba949ed28} \strng{bibnamehash}{eb58c5db0dc3d52508c642eba949ed28} \strng{authorbibnamehash}{eb58c5db0dc3d52508c642eba949ed28} \strng{authornamehash}{eb58c5db0dc3d52508c642eba949ed28} \strng{authorfullhash}{eb58c5db0dc3d52508c642eba949ed28} \field{sortinit}{5} \field{sortinithash}{5dd416adbafacc8226114bc0202d5fdd} \field{labelnamesource}{author} \field{labeltitlesource}{title} \field{day}{30} \field{month}{6} \field{title}{Bounded loops in BPF for the 5.3 kernel} \field{year}{2019} \field{dateera}{ce} \verb{urlraw} \verb https://lwn.net/Articles/794934/ \endverb \verb{url} \verb https://lwn.net/Articles/794934/ \endverb \endentry \entry{ebpf_maps_kernel}{manual}{} \field{sortinit}{5} \field{sortinithash}{5dd416adbafacc8226114bc0202d5fdd} \field{labeltitlesource}{title} \field{title}{eBPF maps} \verb{urlraw} \verb https://www.kernel.org/doc/html/latest/bpf/maps.html \endverb \verb{url} \verb https://www.kernel.org/doc/html/latest/bpf/maps.html \endverb \endentry \entry{bpf_syscall}{manual}{} \field{sortinit}{5} \field{sortinithash}{5dd416adbafacc8226114bc0202d5fdd} \field{labeltitlesource}{title} \field{title}{bpf(2)- Linux manual page} \verb{urlraw} \verb https://man7.org/linux/man-pages/man2/bpf.2.html \endverb \verb{url} \verb https://man7.org/linux/man-pages/man2/bpf.2.html \endverb \endentry \entry{ebpf_helpers}{manual}{} \field{sortinit}{6} \field{sortinithash}{7851c86048328b027313775d8fbd2131} \field{labeltitlesource}{title} \field{title}{bpf-helpers(7)- Linux manual page} \verb{urlraw} \verb https://man7.org/linux/man-pages/man7/bpf-helpers.7.html \endverb \verb{url} \verb https://man7.org/linux/man-pages/man7/bpf-helpers.7.html \endverb \endentry \entry{xdp_gentle_intro}{online}{} \name{author}{1}{}{% {{hash=78dcb92591468323e355b4f87108649d}{% family={Lavie}, familyi={L\bibinitperiod}, given={Daniel}, giveni={D\bibinitperiod}}}% } \strng{namehash}{78dcb92591468323e355b4f87108649d} \strng{fullhash}{78dcb92591468323e355b4f87108649d} \strng{bibnamehash}{78dcb92591468323e355b4f87108649d} \strng{authorbibnamehash}{78dcb92591468323e355b4f87108649d} \strng{authornamehash}{78dcb92591468323e355b4f87108649d} \strng{authorfullhash}{78dcb92591468323e355b4f87108649d} \field{sortinit}{6} \field{sortinithash}{7851c86048328b027313775d8fbd2131} \field{labelnamesource}{author} \field{labeltitlesource}{title} \field{day}{3} \field{month}{2} \field{title}{A Gentle Introduction to XDP} \field{year}{2022} \field{dateera}{ce} \verb{urlraw} \verb https://www.seekret.io/blog/a-gentle-introduction-to-xdp/ \endverb \verb{url} \verb https://www.seekret.io/blog/a-gentle-introduction-to-xdp/ \endverb \endentry \entry{xdp_manual}{manual}{} \field{sortinit}{6} \field{sortinithash}{7851c86048328b027313775d8fbd2131} \field{labeltitlesource}{title} \field{title}{XDP actions} \verb{urlraw} \verb https://prototype-kernel.readthedocs.io/en/latest/networking/XDP/implementation/xdp_actions.html \endverb \verb{url} \verb https://prototype-kernel.readthedocs.io/en/latest/networking/XDP/implementation/xdp_actions.html \endverb \endentry \entry{tc_differences}{online}{} \name{author}{1}{}{% {{hash=5442e761747b6fce78f695385639556e}{% family={Hangbin}, familyi={H\bibinitperiod}}}% } \strng{namehash}{5442e761747b6fce78f695385639556e} \strng{fullhash}{5442e761747b6fce78f695385639556e} \strng{bibnamehash}{5442e761747b6fce78f695385639556e} \strng{authorbibnamehash}{5442e761747b6fce78f695385639556e} \strng{authornamehash}{5442e761747b6fce78f695385639556e} \strng{authorfullhash}{5442e761747b6fce78f695385639556e} \field{sortinit}{6} \field{sortinithash}{7851c86048328b027313775d8fbd2131} \field{labelnamesource}{author} \field{labeltitlesource}{title} \field{day}{13} \field{month}{3} \field{title}{tc/BPF and XDP/BPF} \field{year}{2019} \field{dateera}{ce} \verb{urlraw} \verb https://liuhangbin.netlify.app/post/ebpf-and-xdp/ \endverb \verb{url} \verb https://liuhangbin.netlify.app/post/ebpf-and-xdp/ \endverb \endentry \entry{tc_docs_complete}{online}{} \name{author}{1}{}{% {{hash=6f963077bb5e5f5e471047d2f4a2e4e7}{% family={Brown}, familyi={B\bibinitperiod}, given={Martin\bibnamedelima A.}, giveni={M\bibinitperiod\bibinitdelim A\bibinitperiod}}}% } \strng{namehash}{6f963077bb5e5f5e471047d2f4a2e4e7} \strng{fullhash}{6f963077bb5e5f5e471047d2f4a2e4e7} \strng{bibnamehash}{6f963077bb5e5f5e471047d2f4a2e4e7} \strng{authorbibnamehash}{6f963077bb5e5f5e471047d2f4a2e4e7} \strng{authornamehash}{6f963077bb5e5f5e471047d2f4a2e4e7} \strng{authorfullhash}{6f963077bb5e5f5e471047d2f4a2e4e7} \field{sortinit}{7} \field{sortinithash}{f615fb9c6fba11c6f962fb3fd599810e} \field{labelnamesource}{author} \field{labeltitlesource}{title} \field{day}{1} \field{month}{10} \field{title}{Traffic Control HOWTO} \field{year}{2006} \field{dateera}{ce} \verb{urlraw} \verb http://linux-ip.net/articles/Traffic-Control-HOWTO/ \endverb \verb{url} \verb http://linux-ip.net/articles/Traffic-Control-HOWTO/ \endverb \endentry \entry{tc_direct_action}{online}{} \name{author}{1}{}{% {{hash=d3c24514dc6326a55dee93eaf9976d63}{% family={Monnet}, familyi={M\bibinitperiod}, given={Quentin}, giveni={Q\bibinitperiod}}}% } \strng{namehash}{d3c24514dc6326a55dee93eaf9976d63} \strng{fullhash}{d3c24514dc6326a55dee93eaf9976d63} \strng{bibnamehash}{d3c24514dc6326a55dee93eaf9976d63} \strng{authorbibnamehash}{d3c24514dc6326a55dee93eaf9976d63} \strng{authornamehash}{d3c24514dc6326a55dee93eaf9976d63} \strng{authorfullhash}{d3c24514dc6326a55dee93eaf9976d63} \field{sortinit}{7} \field{sortinithash}{f615fb9c6fba11c6f962fb3fd599810e} \field{labelnamesource}{author} \field{labeltitlesource}{title} \field{day}{11} \field{month}{4} \field{title}{Understanding tc “direct action” mode for BPF} \field{year}{2020} \field{dateera}{ce} \verb{urlraw} \verb https://qmonnet.github.io/whirl-offload/2020/04/11/tc-bpf-direct-action/ \endverb \verb{url} \verb https://qmonnet.github.io/whirl-offload/2020/04/11/tc-bpf-direct-action/ \endverb \endentry \entry{tc_ret_list_complete}{online}{} \field{sortinit}{7} \field{sortinithash}{f615fb9c6fba11c6f962fb3fd599810e} \field{labeltitlesource}{title} \field{indextitle}{index : kernel/git/torvalds/linux.git} \field{title}{Linux kernel source tree} \verb{urlraw} \verb https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/include/uapi/linux/pkt_cls.h \endverb \verb{url} \verb https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/include/uapi/linux/pkt_cls.h \endverb \endentry \entry{tp_kernel}{manual}{} \name{author}{1}{}{% {{hash=5233bec95aa14fa3942f60f8fc369f5a}{% family={Desnoyers}, familyi={D\bibinitperiod}, given={Mathieu}, giveni={M\bibinitperiod}}}% } \strng{namehash}{5233bec95aa14fa3942f60f8fc369f5a} \strng{fullhash}{5233bec95aa14fa3942f60f8fc369f5a} \strng{bibnamehash}{5233bec95aa14fa3942f60f8fc369f5a} \strng{authorbibnamehash}{5233bec95aa14fa3942f60f8fc369f5a} \strng{authornamehash}{5233bec95aa14fa3942f60f8fc369f5a} \strng{authorfullhash}{5233bec95aa14fa3942f60f8fc369f5a} \field{sortinit}{7} \field{sortinithash}{f615fb9c6fba11c6f962fb3fd599810e} \field{labelnamesource}{author} \field{labeltitlesource}{title} \field{title}{Using the Linux Kernel Tracepoints} \verb{urlraw} \verb https://www.kernel.org/doc/html/latest/trace/tracepoints.html \endverb \verb{url} \verb https://www.kernel.org/doc/html/latest/trace/tracepoints.html \endverb \endentry \entry{kprobe_manual}{manual}{} \name{author}{1}{}{% {{hash=2cc2b9c9c507513d2985e72f46781aec}{% family={Jim\bibnamedelima Keniston}, familyi={J\bibinitperiod\bibinitdelim K\bibinitperiod}, given={Masami\bibnamedelima Hiramatsu}, giveni={M\bibinitperiod\bibinitdelim H\bibinitperiod}, suffix={Prasanna\bibnamedelimb S\bibnamedelima Panchamukhi}, suffixi={P\bibinitperiod\bibinitdelim S\bibinitperiod\bibinitdelim P\bibinitperiod}}}% } \strng{namehash}{2cc2b9c9c507513d2985e72f46781aec} \strng{fullhash}{2cc2b9c9c507513d2985e72f46781aec} \strng{bibnamehash}{2cc2b9c9c507513d2985e72f46781aec} \strng{authorbibnamehash}{2cc2b9c9c507513d2985e72f46781aec} \strng{authornamehash}{2cc2b9c9c507513d2985e72f46781aec} \strng{authorfullhash}{2cc2b9c9c507513d2985e72f46781aec} \field{sortinit}{7} \field{sortinithash}{f615fb9c6fba11c6f962fb3fd599810e} \field{labelnamesource}{author} \field{labeltitlesource}{title} \field{title}{Kernel Probes (Kprobes)} \verb{urlraw} \verb https://www.kernel.org/doc/html/latest/trace/kprobes.html \endverb \verb{url} \verb https://www.kernel.org/doc/html/latest/trace/kprobes.html \endverb \endentry \entry{kallsyms_kernel}{online}{} \name{author}{1}{}{% {{hash=d92b805bd53ec71a9ed691daf3c00fcc}{% family={Alcock}, familyi={A\bibinitperiod}, given={Nick}, giveni={N\bibinitperiod}}}% } \strng{namehash}{d92b805bd53ec71a9ed691daf3c00fcc} \strng{fullhash}{d92b805bd53ec71a9ed691daf3c00fcc} \strng{bibnamehash}{d92b805bd53ec71a9ed691daf3c00fcc} \strng{authorbibnamehash}{d92b805bd53ec71a9ed691daf3c00fcc} \strng{authornamehash}{d92b805bd53ec71a9ed691daf3c00fcc} \strng{authorfullhash}{d92b805bd53ec71a9ed691daf3c00fcc} \field{sortinit}{7} \field{sortinithash}{f615fb9c6fba11c6f962fb3fd599810e} \field{labelnamesource}{author} \field{labeltitlesource}{title} \field{day}{6} \field{month}{6} \field{title}{kallsyms: new /proc/kallmodsyms with builtin modules and symbol sizes} \field{year}{2021} \field{dateera}{ce} \verb{urlraw} \verb https://lwn.net/Articles/862021/ \endverb \verb{url} \verb https://lwn.net/Articles/862021/ \endverb \endentry \entry{bcc_github}{online}{} \field{sortinit}{7} \field{sortinithash}{f615fb9c6fba11c6f962fb3fd599810e} \field{labeltitlesource}{title} \field{title}{BPF Compiler Collection (BCC)} \verb{urlraw} \verb https://github.com/iovisor/bcc \endverb \verb{url} \verb https://github.com/iovisor/bcc \endverb \endentry \entry{libbpf_github}{online}{} \field{sortinit}{7} \field{sortinithash}{f615fb9c6fba11c6f962fb3fd599810e} \field{indextitle}{libbpf GitHub} \verb{urlraw} \verb https://github.com/libbpf/libbpf \endverb \verb{url} \verb https://github.com/libbpf/libbpf \endverb \endentry \entry{libbpf_upstream}{online}{} \field{sortinit}{7} \field{sortinithash}{f615fb9c6fba11c6f962fb3fd599810e} \field{labeltitlesource}{title} \field{title}{BPF next kernel tree} \verb{urlraw} \verb https://kernel.googlesource.com/pub/scm/linux/kernel/git/bpf/bpf-next \endverb \verb{url} \verb https://kernel.googlesource.com/pub/scm/linux/kernel/git/bpf/bpf-next \endverb \endentry \entry{libbpf_core}{online}{} \name{author}{1}{}{% {{hash=c1dd9d38edae2e25017305f57983936e}{% family={Nakryiko}, familyi={N\bibinitperiod}, given={Andrii}, giveni={A\bibinitperiod}}}% } \strng{namehash}{c1dd9d38edae2e25017305f57983936e} \strng{fullhash}{c1dd9d38edae2e25017305f57983936e} \strng{bibnamehash}{c1dd9d38edae2e25017305f57983936e} \strng{authorbibnamehash}{c1dd9d38edae2e25017305f57983936e} \strng{authornamehash}{c1dd9d38edae2e25017305f57983936e} \strng{authorfullhash}{c1dd9d38edae2e25017305f57983936e} \field{sortinit}{8} \field{sortinithash}{1b24cab5087933ef0826a7cd3b99e994} \field{labelnamesource}{author} \field{labeltitlesource}{title} \field{day}{19} \field{month}{2} \field{title}{BPF Portability and CO-RE} \field{year}{2020} \field{dateera}{ce} \verb{urlraw} \verb https://facebookmicrosites.github.io/bpf/blog/2020/02/19/bpf-portability-and-co-re.html \endverb \verb{url} \verb https://facebookmicrosites.github.io/bpf/blog/2020/02/19/bpf-portability-and-co-re.html \endverb \endentry \entry{ubuntu_caps}{manual}{} \field{sortinit}{8} \field{sortinithash}{1b24cab5087933ef0826a7cd3b99e994} \field{labeltitlesource}{title} \field{title}{capabilities - overview of Linux capabilities} \verb{urlraw} \verb http://manpages.ubuntu.com/manpages/trusty/man7/capabilities.7.html \endverb \verb{url} \verb http://manpages.ubuntu.com/manpages/trusty/man7/capabilities.7.html \endverb \endentry \entry{evil_ebpf_p9}{proceedings}{} \name{author}{1}{}{% {{hash=5142e68c748eb70cb619b21160eb7f72}{% family={Dileo}, familyi={D\bibinitperiod}, given={Jeff}, giveni={J\bibinitperiod}}}% } \list{institution}{1}{% {NCC Group}% } \list{organization}{1}{% {DEFCON 27}% } \strng{namehash}{5142e68c748eb70cb619b21160eb7f72} \strng{fullhash}{5142e68c748eb70cb619b21160eb7f72} \strng{bibnamehash}{5142e68c748eb70cb619b21160eb7f72} \strng{authorbibnamehash}{5142e68c748eb70cb619b21160eb7f72} \strng{authornamehash}{5142e68c748eb70cb619b21160eb7f72} \strng{authorfullhash}{5142e68c748eb70cb619b21160eb7f72} \field{extraname}{2} \field{sortinit}{8} \field{sortinithash}{1b24cab5087933ef0826a7cd3b99e994} \field{labelnamesource}{author} \field{eventtitle}{Evil eBPF Practical Abuses of an In-Kernel Bytecode Runtime} \field{pages}{9} \range{pages}{1} \verb{urlraw} \verb https://raw.githubusercontent.com/nccgroup/ebpf/master/talks/Evil_eBPF-DC27-v2.pdf \endverb \verb{url} \verb https://raw.githubusercontent.com/nccgroup/ebpf/master/talks/Evil_eBPF-DC27-v2.pdf \endverb \endentry \entry{ebpf_caps_intro}{online}{} \field{sortinit}{8} \field{sortinithash}{1b24cab5087933ef0826a7cd3b99e994} \field{labeltitlesource}{title} \field{title}{[PATCH v7 bpf-next 1/3] bpf, capability: Introduce CAP\_BPF} \verb{urlraw} \verb https://lore.kernel.org/bpf/20200513230355.7858-2-alexei.starovoitov@gmail.com/ \endverb \verb{url} \verb https://lore.kernel.org/bpf/20200513230355.7858-2-alexei.starovoitov@gmail.com/ \endverb \endentry \entry{ebpf_caps_lwn}{online}{} \field{sortinit}{8} \field{sortinithash}{1b24cab5087933ef0826a7cd3b99e994} \field{labeltitlesource}{title} \field{title}{capability: introduce CAP\_BPF and CAP\_TRACING} \verb{urlraw} \verb https://lwn.net/Articles/797807/ \endverb \verb{url} \verb https://lwn.net/Articles/797807/ \endverb \endentry \entry{unprivileged_ebpf}{online}{} \field{sortinit}{8} \field{sortinithash}{1b24cab5087933ef0826a7cd3b99e994} \field{labeltitlesource}{title} \field{title}{Reconsidering unprivileged BPF} \verb{urlraw} \verb https://lwn.net/Articles/796328/ \endverb \verb{url} \verb https://lwn.net/Articles/796328/ \endverb \endentry \entry{cve_unpriv_ebpf}{online}{} \field{sortinit}{8} \field{sortinithash}{1b24cab5087933ef0826a7cd3b99e994} \field{labeltitlesource}{title} \field{title}{CVE-2021-4204: Linux Kernel eBPF Improper Input Validation Vulnerability} \verb{urlraw} \verb https://www.openwall.com/lists/oss-security/2022/01/11/4 \endverb \verb{url} \verb https://www.openwall.com/lists/oss-security/2022/01/11/4 \endverb \endentry \entry{unpriv_ebpf_ubuntu}{online}{} \field{sortinit}{8} \field{sortinithash}{1b24cab5087933ef0826a7cd3b99e994} \field{labeltitlesource}{title} \field{title}{Unprivileged eBPF disabled by default for Ubuntu 20.04 LTS, 18.04 LTS, 16.04 ESM} \verb{urlraw} \verb https://discourse.ubuntu.com/t/unprivileged-ebpf-disabled-by-default-for-ubuntu-20-04-lts-18-04-lts-16-04-esm/27047 \endverb \verb{url} \verb https://discourse.ubuntu.com/t/unprivileged-ebpf-disabled-by-default-for-ubuntu-20-04-lts-18-04-lts-16-04-esm/27047 \endverb \endentry \entry{unpriv_ebpf_suse}{online}{} \field{sortinit}{8} \field{sortinithash}{1b24cab5087933ef0826a7cd3b99e994} \field{labeltitlesource}{title} \field{title}{Security Hardening: Use of eBPF by unprivileged users has been disabled by default} \verb{urlraw} \verb https://www.suse.com/support/kb/doc/?id=000020545 \endverb \verb{url} \verb https://www.suse.com/support/kb/doc/?id=000020545 \endverb \endentry \entry{unpriv_ebpf_redhat}{online}{} \field{sortinit}{8} \field{sortinithash}{1b24cab5087933ef0826a7cd3b99e994} \field{labeltitlesource}{title} \field{title}{CVE-2022-0002} \verb{urlraw} \verb https://access.redhat.com/security/cve/cve-2021-4001 \endverb \verb{url} \verb https://access.redhat.com/security/cve/cve-2021-4001 \endverb \endentry \entry{8664_params_abi}{manual}{} \name{author}{1}{}{% {{hash=871f02558cb7234c22cde24811cf53a7}{% family={al.}, familyi={a\bibinitperiod}, given={H.J.\bibnamedelimi Lu}, giveni={H\bibinitperiod\bibinitdelim L\bibinitperiod}, prefix={et}, prefixi={e\bibinitperiod}}}% } \strng{namehash}{871f02558cb7234c22cde24811cf53a7} \strng{fullhash}{871f02558cb7234c22cde24811cf53a7} \strng{bibnamehash}{871f02558cb7234c22cde24811cf53a7} \strng{authorbibnamehash}{871f02558cb7234c22cde24811cf53a7} \strng{authornamehash}{871f02558cb7234c22cde24811cf53a7} \strng{authorfullhash}{871f02558cb7234c22cde24811cf53a7} \field{sortinit}{9} \field{sortinithash}{54047ffb55bdefa0694bbd554c1b11a0} \field{labelnamesource}{author} \field{labeltitlesource}{title} \field{day}{28} \field{month}{1} \field{title}{System V Application Binary Interface AMD64 Architecture Processor Supplement} \field{year}{2018} \field{dateera}{ce} \field{pages}{148} \range{pages}{1} \verb{urlraw} \verb https://raw.githubusercontent.com/wiki/hjl-tools/x86-psABI/x86-64-psABI-1.0.pdf \endverb \verb{url} \verb https://raw.githubusercontent.com/wiki/hjl-tools/x86-psABI/x86-64-psABI-1.0.pdf \endverb \endentry \entry{ebpf_friends_p15}{proceedings}{} \name{author}{1}{}{% {{hash=2994fc802c0b46f7289cf001e2c26cfe}{% family={Guillaume\bibnamedelima Fournier}, familyi={G\bibinitperiod\bibinitdelim F\bibinitperiod}, given={Sylvain\bibnamedelima Afchainthe}, giveni={S\bibinitperiod\bibinitdelim A\bibinitperiod}}}% } \list{institution}{1}{% {Datadog}% } \list{organization}{1}{% {DEFCON 29}% } \strng{namehash}{2994fc802c0b46f7289cf001e2c26cfe} \strng{fullhash}{2994fc802c0b46f7289cf001e2c26cfe} \strng{bibnamehash}{2994fc802c0b46f7289cf001e2c26cfe} \strng{authorbibnamehash}{2994fc802c0b46f7289cf001e2c26cfe} \strng{authornamehash}{2994fc802c0b46f7289cf001e2c26cfe} \strng{authorfullhash}{2994fc802c0b46f7289cf001e2c26cfe} \field{extraname}{2} \field{sortinit}{9} \field{sortinithash}{54047ffb55bdefa0694bbd554c1b11a0} \field{labelnamesource}{author} \field{eventtitle}{Cyber Threats 2021: A year in Retrospect} \field{pages}{15} \range{pages}{1} \verb{urlraw} \verb https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20presentations/Guillaume%20Fournier%20Sylvain%20Afchain%20Sylvain%20Baubeau%20-%20eBPF%2C%20I%20thought%20we%20were%20friends.pdf \endverb \verb{url} \verb https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20presentations/Guillaume%20Fournier%20Sylvain%20Afchain%20Sylvain%20Baubeau%20-%20eBPF%2C%20I%20thought%20we%20were%20friends.pdf \endverb \endentry \entry{ebpf_override_return}{online}{} \field{sortinit}{9} \field{sortinithash}{54047ffb55bdefa0694bbd554c1b11a0} \field{labeltitlesource}{title} \field{title}{BPF-based error injection for the kernel} \verb{urlraw} \verb https://lwn.net/Articles/740146/ \endverb \verb{url} \verb https://lwn.net/Articles/740146/ \endverb \endentry \entry{code_kernel_open}{online}{} \field{sortinit}{9} \field{sortinithash}{54047ffb55bdefa0694bbd554c1b11a0} \field{indextitle}{Linux kernel source code} \verb{urlraw} \verb https://elixir.bootlin.com/linux/v5.11/source/fs/open.c#L1192 \endverb \verb{url} \verb https://elixir.bootlin.com/linux/v5.11/source/fs/open.c#L1192 \endverb \endentry \entry{fault_injection}{online}{} \field{sortinit}{9} \field{sortinithash}{54047ffb55bdefa0694bbd554c1b11a0} \field{day}{4} \field{month}{11} \field{year}{2006} \field{dateera}{ce} \verb{urlraw} \verb https://lwn.net/Articles/209257/ \endverb \verb{url} \verb https://lwn.net/Articles/209257/ \endverb \endentry \enddatalist \endrefsection \endinput