[英]net/core/filter.c and linux/bpf/verifier.c
If I understood well initially the cBPF verifier and interpreter were both within net/core/fiter.c
for example sk_run_filter
here https://elixir.bootlin.com/linux/v3.2/source/net/core/filter.c#L112 just convert the cBPF instructions applying them on the emulated registers and directly on the sk_buff. 如果我最初很了解cBPF验证程序和解释程序都在
net/core/fiter.c
,例如sk_run_filter
访问https://elixir.bootlin.com/linux/v3.2/source/net/core/filter.c# L112只是转换cBPF指令,将它们应用到仿真寄存器上,然后直接应用到sk_buff上。 While sk_chk_filter
check if the instructions are all legal. 在
sk_chk_filter
检查指令是否全部合法。
Currently I've seen that there is still a bpf_check_classic
function in filter.c which substitutes the old sk_chk_filter
. 目前,我已经看到filter.c中仍然有一个
bpf_check_classic
函数来替代旧的sk_chk_filter
。 After the check there is an attempt to JIT the program, if is not possible the next step is to convert the cBPF in eBPF. 检查之后,尝试将程序JIT,如果不可能的话,下一步是在eBPF中转换cBPF。
QUESTIONS: 问题:
1) where is actually the call to run the jitted/converted cbpf filter in the last net/core/filter.c
? 1)在最后一个
net/core/filter.c
运行jitted / converted cbpf过滤器的调用实际上在哪里?
2) Which is the sequence of function calls which bring a cBPF program to be executed as an eBPF program ? 2)将cBPF程序作为eBPF程序执行的函数调用顺序是什么?
As far as I know, cBPF program are only used for seccomp-bpf and as socket filters. 据我所知,cBPF程序仅用于seccomp-bpf和套接字过滤器。
kernel/seccomp.c
, after the program has been converted to eBPF. kernel/seccomp.c
seccomp.c中。 net/core/filter.c
, as you guessed. net/core/filter.c
。 sk_filter_trim_cap()
then gets called in a number of places in the kernel, for all types of sockets. sk_filter_trim_cap()
都会在内核中的多个位置被调用 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.