BPF:程序上下文的翻译
[英]BPF: translation of program contexts
问题描述
I was looking at the different types of BPF program, and noticed that for different program types the context is being passed differently.
我正在查看不同类型的BPF程序,并注意到对于不同的程序类型,上下文的传递方式不同。
Example:示例:
For program type
BPF_PROG_TYPE_SOCK_OPS, an object of typestruct bpf_sock_ops_kernis passed.对于程序类型BPF_PROG_TYPE_SOCK_OPS,传递了一个struct bpf_sock_ops_kern类型的对象。 However, the BPF program of this type takes a reference tostruct bpf_sock_ops.但是,这种类型的 BPF 程序引用了struct bpf_sock_ops。 Why is it done this way and where is the "translation" frombpf_sock_ops_kerntobpf_sock_ops?为什么bpf_sock_ops_kern,从bpf_sock_ops_kern到bpf_sock_ops的“翻译”在bpf_sock_ops?For program type
BPF_PROG_TYPE_CGROUP_SKB, an object of typestruct sk_buffis passed (eg, in__cgroup_bpf_run_filter_skb), but the BPF program expects a minimized version,struct __sk_buff.对于程序类型BPF_PROG_TYPE_CGROUP_SKB,传递了一个struct sk_buff类型的对象(例如,在__cgroup_bpf_run_filter_skb),但 BPF 程序需要一个最小化版本,struct __sk_buff。
So I looked at the struct bpf_verifier_ops function callbacks , but they seem to only adjust the offsets in BPF instructions, as they are called by the BPF verifier.所以我查看了struct bpf_verifier_ops函数 callbacks ,但它们似乎只调整 BPF 指令中的偏移量,因为它们被 BPF 验证器调用。
I'd be glad if someone could shed light on how the BPF context is defined.如果有人能阐明 BPF 上下文是如何定义的,我会很高兴。 Thanks.谢谢。
1 个解决方案
解决方案1
3 已采纳 2018-03-06 10:26:00
The mirror objects (eg, struct bpf_sock_ops ) passed as argument expose a subset of the original object(s)'s fields to the BPF program.作为参数传递的镜像对象(例如struct bpf_sock_ops )将原始对象字段的子集暴露给 BPF 程序。 The mirror structure can also have fields from several different original structures;镜像结构也可以有来自几个不同原始结构的字段; in that case, the mirror object serves as aggregate.在这种情况下,镜像对象用作聚合。 Passing the original object(s) to the BPF program would also be misleading as the user could think they have access to all fields.将原始对象传递给 BPF 程序也会产生误导,因为用户可能认为他们可以访问所有字段。 For example, they could think they have access to bpf_sock_ops_kern.sk when that's actually not the case.例如,他们可能认为他们可以访问bpf_sock_ops_kern.sk ,但实际上并非如此。
The verifier then converts accesses to the mirror object into accesses to the original object(s), before the program is executed for the first time.然后,在第一次执行程序之前,验证器将对镜像对象的访问转换为对原始对象的访问。 There's a conversion function for each type of mirror object (eg, sock_ops_convert_ctx_access for the conversion of accesses to struct bpf_sock_ops ).每种类型的镜像对象都有一个转换函数(例如, sock_ops_convert_ctx_access用于将访问转换为struct bpf_sock_ops )。 Then, for each field of the mirror object (ie, for each offset), the conversion function rewrites the load or store instruction with the offset to the original field.然后,对于镜像对象的每个字段(即,对于每个偏移量),转换函数将带有偏移量的加载或存储指令重写为原始字段。
Note that all original fields might not be in the same object.请注意,所有原始字段可能不在同一个对象中。 For example, in the mirror object struct bpf_sock_ops , the fields op and family are retrieved in bpf_sock_ops_kern.op and bpf_sock_ops_kern.sk->skc_family respectively.例如,在镜像对象struct bpf_sock_ops ,字段op和family分别在bpf_sock_ops_kern.op和bpf_sock_ops_kern.sk->skc_family中检索。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.