简体繁体 English

verifier.c

[英]net/core/filter.c and linux/bpf/verifier.c

原文 2019-09-07 14:17:07 8 1 c/ kernel/ bpf/ ebpf

If I understood well initially the cBPF verifier and interpreter were both within net/core/fiter.c for example sk_run_filter here https://elixir.bootlin.com/linux/v3.2/source/net/core/filter.c#L112 just convert the cBPF instructions applying them on the emulated registers and directly on the sk_buff. 如果我最初很了解cBPF验证程序和解释程序都在net/core/fiter.c ，例如sk_run_filter访问https://elixir.bootlin.com/linux/v3.2/source/net/core/filter.c# L112只是转换cBPF指令，将它们应用到仿真寄存器上，然后直接应用到sk_buff上。 While sk_chk_filter check if the instructions are all legal. 在sk_chk_filter检查指令是否全部合法。

Currently I've seen that there is still a bpf_check_classic function in filter.c which substitutes the old sk_chk_filter . 目前，我已经看到filter.c中仍然有一个bpf_check_classic函数来替代旧的sk_chk_filter 。 After the check there is an attempt to JIT the program, if is not possible the next step is to convert the cBPF in eBPF. 检查之后，尝试将程序JIT，如果不可能的话，下一步是在eBPF中转换cBPF。

QUESTIONS: 问题：

1) where is actually the call to run the jitted/converted cbpf filter in the last net/core/filter.c ? 1）在最后一个net/core/filter.c运行jitted / converted cbpf过滤器的调用实际上在哪里？

2) Which is the sequence of function calls which bring a cBPF program to be executed as an eBPF program ? 2）将cBPF程序作为eBPF程序执行的函数调用顺序是什么？

1 个解决方案

As far as I know, cBPF program are only used for seccomp-bpf and as socket filters. 据我所知，cBPF程序仅用于seccomp-bpf和套接字过滤器。

For seccomp-bpf, the actual call is in kernel/seccomp.c , after the program has been converted to eBPF. 对于seccomp-bpf，在程序已转换为eBPF之后，实际调用在kernel/seccomp.c seccomp.c中。
For socket filters, the actual call is in net/core/filter.c , as you guessed. 如您所料，对于套接字过滤器，实际的调用在net/core/filter.c 。 sk_filter_trim_cap() then gets called in a number of places in the kernel, for all types of sockets. 然后，对于所有类型的套接字， sk_filter_trim_cap()都会在内核中的多个位置被调用。